[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
all.html malware-cars.html proprietary-drm.html proprietary.html ...
From: |
Diff Report |
Subject: |
all.html malware-cars.html proprietary-drm.html proprietary.html ... |
Date: |
Thu, 04 Jan 2024 00:02:22 -0500 |
Modified:
all.html
malware-cars.html
proprietary-drm.html
proprietary.html
proprietary-insecurity.html
proprietary-sabotage.html
proprietary-surveillance.html
proprietary-tethers.html
diff -rNU2 all.html all.html
--- all.html 2024-01-02 05:02:02.078801136 +0000
+++ all.html 2024-01-04 05:02:21.097243297 +0000
@@ -52,4 +52,69 @@
<ul class="blurbs">
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
+<!--#set var='ADD' value='2024-01-03' -->
+<!--#set var='PUB' value='2023-12-13' -->
+<li><small class='date-tag'>Added: <span class="gnun-split"></span>
+<!--#echo encoding='none' var='ADD' --><span class="gnun-split"></span>
+— Latest reference: <span class="gnun-split"></span><!--#echo
+encoding='none' var='PUB' --></small>
+ <p><a
+
href="https://www.bleepingcomputer.com/news/security/logofail-attack-can-install-uefi-bootkits-through-bootup-logos/">x86
+ and ARM based computers shipped with UEFI are potentially vulnerable
+ to a design omission called LogoFAIL</a>. A cracker can replace the
+ BIOS logo with a fake one that contains malicious code. Users can't
+ fix this omission because it is in the nonfree UEFI firmware that
+ users can't replace.</p>
+ </li>
+
+<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
+<!--#set var='ADD' value='2024-01-03' -->
+<!--#set var='PUB' value='2023-12-13' -->
+<li><small class='date-tag'>Added: <span class="gnun-split"></span>
+<!--#echo encoding='none' var='ADD' --><span class="gnun-split"></span>
+— Latest reference: <span class="gnun-split"></span><!--#echo
+encoding='none' var='PUB' --></small>
+ <p><a
+
href="https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/">Newag,
+ a Polish railway manufacturer, puts DRM inside trains to prevent
+ third-party repairs</a>.</p>
+
+ <ul>
+ <li><p>The train's software contains code to detect if the GPS
+ coordinates are near some third party repairers, or the train has not
+ been running for some time. If yes, the train will be “locked
+ up” (i.e. bricked). It was also possible to unlock it by
+ pressing a secret combination of buttons in the cockpit, but this
+ ability was removed by a manufacturer's software update.</p></li>
+
+ <li><p>The train will also lock up after a certain date, which is
+ hardcoded in the software.</p></li>
+
+ <li><p>The company pushes a software update that detects if the
+ DRM code has been bypassed, i.e. the lock should have been engaged
+ but the train is still operational. If yes, the controller cabin
+ screen will display a scary message warning about “copyright
+ violation”.</p></li>
+ </ul>
+ </li>
+
+<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
+<!--#set var='ADD' value='2024-01-03' -->
+<!--#set var='PUB' value='2023-11-08' -->
+<li><small class='date-tag'>Added: <span class="gnun-split"></span>
+<!--#echo encoding='none' var='ADD' --><span class="gnun-split"></span>
+— Latest reference: <span class="gnun-split"></span><!--#echo
+encoding='none' var='PUB' --></small>
+ <p>Recent autos offer a feature by which the drivers
+ can connect their snoop-phones to the car. That feature <a
+
href="https://therecord.media/class-action-lawsuit-cars-text-messages-privacy">
+ snoops on the calls and texts</a> and gives the data to the car
+ manufacturer, and to the state.</p>
+
+ <p>A good privacy law would prohibit cars recording this data about
+ the users' activities. But not just <em>this</em> data—lots of
+ other data too.</p>
+ </li>
+
+<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-12-30' -->
<!--#set var='PUB' value='2018-09-17' -->
@@ -4942,5 +5007,5 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2024/01/01 05:25:41 $
+$Date: 2024/01/03 11:44:31 $
<!-- timestamp end -->
</p>
diff -rNU2 malware-cars.html malware-cars.html
--- malware-cars.html 2024-01-02 05:02:02.102801161 +0000
+++ malware-cars.html 2024-01-04 05:02:21.113243297 +0000
@@ -61,4 +61,19 @@
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
+ <li id="M202311080">
+ <!--#set var="DATE" value='<small class="date-tag">2023-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Recent autos offer a feature by which the drivers
+ can connect their snoop-phones to the car. That feature <a
+
href="https://therecord.media/class-action-lawsuit-cars-text-messages-privacy">
+ snoops on the calls and texts</a> and gives the data to the car
+ manufacturer, and to the state.</p>
+
+ <p>A good privacy law would prohibit cars recording this data about
+ the users' activities. But not just <em>this</em> data—lots of
+ other data too.</p>
+ </li>
+
+<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
<li id="M202310260">
<!--#set var="DATE" value='<small class="date-tag">2023-10</small>'
@@ -623,5 +638,5 @@
Information document, www.gnu.org/prep/maintain. -->
-<p>Copyright © 2017-2023 Free Software Foundation, Inc.</p>
+<p>Copyright © 2017-2024 Free Software Foundation, Inc.</p>
<p>This page is licensed under a <a rel="license"
@@ -633,5 +648,5 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2023/12/02 13:43:28 $
+$Date: 2024/01/03 10:25:16 $
<!-- timestamp end -->
</p>
diff -rNU2 proprietary-drm.html proprietary-drm.html
--- proprietary-drm.html 2024-01-02 05:02:02.138801198 +0000
+++ proprietary-drm.html 2024-01-04 05:02:21.153243298 +0000
@@ -74,4 +74,32 @@
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-drm.html. -->
+ <li id="M202312130">
+ <!--#set var="DATE" value='<small class="date-tag">2023-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/">Newag,
+ a Polish railway manufacturer, puts DRM inside trains to prevent
+ third-party repairs</a>.</p>
+
+ <ul>
+ <li><p>The train's software contains code to detect if the GPS
+ coordinates are near some third party repairers, or the train has not
+ been running for some time. If yes, the train will be “locked
+ up” (i.e. bricked). It was also possible to unlock it by
+ pressing a secret combination of buttons in the cockpit, but this
+ ability was removed by a manufacturer's software update.</p></li>
+
+ <li><p>The train will also lock up after a certain date, which is
+ hardcoded in the software.</p></li>
+
+ <li><p>The company pushes a software update that detects if the
+ DRM code has been bypassed, i.e. the lock should have been engaged
+ but the train is still operational. If yes, the controller cabin
+ screen will display a scary message warning about “copyright
+ violation”.</p></li>
+ </ul>
+ </li>
+
+<!-- Copied from workshop/mal.rec. Do not edit in proprietary-drm.html. -->
<li id="M202311301">
<!--#set var="DATE" value='<small class="date-tag">2023-11</small>'
@@ -705,5 +733,5 @@
Information document, www.gnu.org/prep/maintain. -->
-<p>Copyright © 2014-2023 Free Software Foundation, Inc.</p>
+<p>Copyright © 2014-2024 Free Software Foundation, Inc.</p>
<p>This page is licensed under a <a rel="license"
@@ -715,5 +743,5 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2023/12/20 11:59:28 $
+$Date: 2024/01/03 11:55:26 $
<!-- timestamp end -->
</p>
diff -rNU2 proprietary.html proprietary.html
--- proprietary.html 2024-01-02 05:02:02.142801203 +0000
+++ proprietary.html 2024-01-04 05:02:21.157243298 +0000
@@ -227,4 +227,60 @@
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary.html. -->
+ <li id="M202312131">
+ <!--#set var="DATE" value='<small class="date-tag">2023-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="https://www.bleepingcomputer.com/news/security/logofail-attack-can-install-uefi-bootkits-through-bootup-logos/">x86
+ and ARM based computers shipped with UEFI are potentially vulnerable
+ to a design omission called LogoFAIL</a>. A cracker can replace the
+ BIOS logo with a fake one that contains malicious code. Users can't
+ fix this omission because it is in the nonfree UEFI firmware that
+ users can't replace.</p>
+ </li>
+
+<!-- Copied from workshop/mal.rec. Do not edit in proprietary.html. -->
+ <li id="M202312130">
+ <!--#set var="DATE" value='<small class="date-tag">2023-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/">Newag,
+ a Polish railway manufacturer, puts DRM inside trains to prevent
+ third-party repairs</a>.</p>
+
+ <ul>
+ <li><p>The train's software contains code to detect if the GPS
+ coordinates are near some third party repairers, or the train has not
+ been running for some time. If yes, the train will be “locked
+ up” (i.e. bricked). It was also possible to unlock it by
+ pressing a secret combination of buttons in the cockpit, but this
+ ability was removed by a manufacturer's software update.</p></li>
+
+ <li><p>The train will also lock up after a certain date, which is
+ hardcoded in the software.</p></li>
+
+ <li><p>The company pushes a software update that detects if the
+ DRM code has been bypassed, i.e. the lock should have been engaged
+ but the train is still operational. If yes, the controller cabin
+ screen will display a scary message warning about “copyright
+ violation”.</p></li>
+ </ul>
+ </li>
+
+<!-- Copied from workshop/mal.rec. Do not edit in proprietary.html. -->
+ <li id="M202311080">
+ <!--#set var="DATE" value='<small class="date-tag">2023-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Recent autos offer a feature by which the drivers
+ can connect their snoop-phones to the car. That feature <a
+
href="https://therecord.media/class-action-lawsuit-cars-text-messages-privacy">
+ snoops on the calls and texts</a> and gives the data to the car
+ manufacturer, and to the state.</p>
+
+ <p>A good privacy law would prohibit cars recording this data about
+ the users' activities. But not just <em>this</em> data—lots of
+ other data too.</p>
+ </li>
+
+<!-- Copied from workshop/mal.rec. Do not edit in proprietary.html. -->
<li id="M201809170">
<!--#set var="DATE" value='<small class="date-tag">2018-09</small>'
@@ -251,47 +307,4 @@
else's computer.</p>
</li>
-
-<!-- Copied from workshop/mal.rec. Do not edit in proprietary.html. -->
- <li id="M202311301">
- <!--#set var="DATE" value='<small class="date-tag">2023-11</small>'
- --><!--#echo encoding="none" var="DATE" -->
- <p><a
-
href="https://web.archive.org/web/20231213150111/https://www.nytimes.com/2023/11/12/technology/iphone-repair-apple-control.html">To
- block non-Apple repairs, Apple encodes the iMonster serial
- number in the original parts</a>. This is called “parts
- pairing”. Swapping parts between working iMonsters of the same
- model causes malfunction or disabling of some functionalities. Part
- replacement may also trigger persistent alerts, unless it is done by
- an Apple store.</p>
- </li>
-
-<!-- Copied from workshop/mal.rec. Do not edit in proprietary.html. -->
- <li id="M202311300">
- <!--#set var="DATE" value='<small class="date-tag">2023-11</small>'
- --><!--#echo encoding="none" var="DATE" -->
- <p><a
-
href="https://web.archive.org/web/20231011121908/https://www.makeuseof.com/how-to-remove-ads-on-samsung/">Samsung's
- Push Service proprietary app</a> sends notifications to the user's
- phone about “updates” in Samsung apps, including the
- Gaming Hub, but these updates only sometimes have to do with
- a new version of the apps. Many times, the notifications from
- Gaming Hub are simply ads for games that they think the user should
- install based on the data collected from the user. Most importantly, <a
-
href="https://getfastanswer.com/3486/how-to-remove-samsung-push-service-on-a-smartphone">it
- cannot be permanently disabled.</a></p>
- </li>
-
-<!-- Copied from workshop/mal.rec. Do not edit in proprietary.html. -->
- <li id="M202311210">
- <!--#set var="DATE" value='<small class="date-tag">2023-11</small>'
- --><!--#echo encoding="none" var="DATE" -->
- <p>Chamberlain Group <a
-
href="https://arstechnica.com/gadgets/2023/11/chamberlain-blocks-smart-garage-door-opener-from-working-with-smart-homes/">blocks
- users from using third-party software</a> with its garage
- openers. This is an intentional attack on using free software. The
- official garage opener proprietary mobile app is now also <a
-
href="https://pluralistic.net/2023/11/09/lead-me-not-into-temptation/#chamberlain">infested
- with ads, including up-selling its other services and devices.</a></p>
- </li>
</ul>
<p class="button right-align">
@@ -356,5 +369,5 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2024/01/01 05:25:41 $
+$Date: 2024/01/03 11:44:31 $
<!-- timestamp end -->
</p>
diff -rNU2 proprietary-insecurity.html proprietary-insecurity.html
--- proprietary-insecurity.html 2024-01-02 05:02:02.150801211 +0000
+++ proprietary-insecurity.html 2024-01-04 05:02:21.165243298 +0000
@@ -115,4 +115,17 @@
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-insecurity.html.
-->
+ <li id="M202312131">
+ <!--#set var="DATE" value='<small class="date-tag">2023-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="https://www.bleepingcomputer.com/news/security/logofail-attack-can-install-uefi-bootkits-through-bootup-logos/">x86
+ and ARM based computers shipped with UEFI are potentially vulnerable
+ to a design omission called LogoFAIL</a>. A cracker can replace the
+ BIOS logo with a fake one that contains malicious code. Users can't
+ fix this omission because it is in the nonfree UEFI firmware that
+ users can't replace.</p>
+ </li>
+
+<!-- Copied from workshop/mal.rec. Do not edit in proprietary-insecurity.html.
-->
<li id="M202211301">
<!--#set var="DATE" value='<small class="date-tag">2022-11</small>'
@@ -1508,5 +1521,5 @@
Information document, www.gnu.org/prep/maintain. -->
-<p>Copyright © 2013, 2015-2023 Free Software Foundation, Inc.</p>
+<p>Copyright © 2013, 2015-2024 Free Software Foundation, Inc.</p>
<p>This page is licensed under a <a rel="license"
@@ -1518,5 +1531,5 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2023/08/19 09:22:26 $
+$Date: 2024/01/03 11:55:26 $
<!-- timestamp end -->
</p>
diff -rNU2 proprietary-sabotage.html proprietary-sabotage.html
--- proprietary-sabotage.html 2024-01-02 05:02:02.162801223 +0000
+++ proprietary-sabotage.html 2024-01-04 05:02:21.181243299 +0000
@@ -64,4 +64,32 @@
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-sabotage.html.
-->
+ <li id="M202312130">
+ <!--#set var="DATE" value='<small class="date-tag">2023-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/">Newag,
+ a Polish railway manufacturer, puts DRM inside trains to prevent
+ third-party repairs</a>.</p>
+
+ <ul>
+ <li><p>The train's software contains code to detect if the GPS
+ coordinates are near some third party repairers, or the train has not
+ been running for some time. If yes, the train will be “locked
+ up” (i.e. bricked). It was also possible to unlock it by
+ pressing a secret combination of buttons in the cockpit, but this
+ ability was removed by a manufacturer's software update.</p></li>
+
+ <li><p>The train will also lock up after a certain date, which is
+ hardcoded in the software.</p></li>
+
+ <li><p>The company pushes a software update that detects if the
+ DRM code has been bypassed, i.e. the lock should have been engaged
+ but the train is still operational. If yes, the controller cabin
+ screen will display a scary message warning about “copyright
+ violation”.</p></li>
+ </ul>
+ </li>
+
+<!-- Copied from workshop/mal.rec. Do not edit in proprietary-sabotage.html.
-->
<li id="M202311301">
<!--#set var="DATE" value='<small class="date-tag">2023-11</small>'
@@ -1080,5 +1108,5 @@
Information document, www.gnu.org/prep/maintain. -->
-<p>Copyright © 2013, 2015-2023 Free Software Foundation, Inc.</p>
+<p>Copyright © 2013, 2015-2024 Free Software Foundation, Inc.</p>
<p>This page is licensed under a <a rel="license"
@@ -1090,5 +1118,5 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2023/12/30 09:40:39 $
+$Date: 2024/01/03 11:55:26 $
<!-- timestamp end -->
</p>
diff -rNU2 proprietary-surveillance.html proprietary-surveillance.html
--- proprietary-surveillance.html 2024-01-02 05:02:02.170801231 +0000
+++ proprietary-surveillance.html 2024-01-04 05:02:21.185243299 +0000
@@ -3456,4 +3456,19 @@
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in
proprietary-surveillance.html. -->
+ <li id="M202311080">
+ <!--#set var="DATE" value='<small class="date-tag">2023-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Recent autos offer a feature by which the drivers
+ can connect their snoop-phones to the car. That feature <a
+
href="https://therecord.media/class-action-lawsuit-cars-text-messages-privacy">
+ snoops on the calls and texts</a> and gives the data to the car
+ manufacturer, and to the state.</p>
+
+ <p>A good privacy law would prohibit cars recording this data about
+ the users' activities. But not just <em>this</em> data—lots of
+ other data too.</p>
+ </li>
+
+<!-- Copied from workshop/mal.rec. Do not edit in
proprietary-surveillance.html. -->
<li id="M202310040">
<!--#set var="DATE" value='<small class="date-tag">2023-10</small>'
@@ -4262,5 +4277,5 @@
Information document, www.gnu.org/prep/maintain. -->
-<p>Copyright © 2015-2023 Free Software Foundation, Inc.</p>
+<p>Copyright © 2015-2024 Free Software Foundation, Inc.</p>
<p>This page is licensed under a <a rel="license"
@@ -4272,5 +4287,5 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2023/12/26 16:50:59 $
+$Date: 2024/01/03 10:25:16 $
<!-- timestamp end -->
</p>
diff -rNU2 proprietary-tethers.html proprietary-tethers.html
--- proprietary-tethers.html 2024-01-02 05:02:02.174801236 +0000
+++ proprietary-tethers.html 2024-01-04 05:02:21.189243299 +0000
@@ -71,4 +71,32 @@
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-tethers.html. -->
+ <li id="M202312130">
+ <!--#set var="DATE" value='<small class="date-tag">2023-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/">Newag,
+ a Polish railway manufacturer, puts DRM inside trains to prevent
+ third-party repairs</a>.</p>
+
+ <ul>
+ <li><p>The train's software contains code to detect if the GPS
+ coordinates are near some third party repairers, or the train has not
+ been running for some time. If yes, the train will be “locked
+ up” (i.e. bricked). It was also possible to unlock it by
+ pressing a secret combination of buttons in the cockpit, but this
+ ability was removed by a manufacturer's software update.</p></li>
+
+ <li><p>The train will also lock up after a certain date, which is
+ hardcoded in the software.</p></li>
+
+ <li><p>The company pushes a software update that detects if the
+ DRM code has been bypassed, i.e. the lock should have been engaged
+ but the train is still operational. If yes, the controller cabin
+ screen will display a scary message warning about “copyright
+ violation”.</p></li>
+ </ul>
+ </li>
+
+<!-- Copied from workshop/mal.rec. Do not edit in proprietary-tethers.html. -->
<li id="M202311100">
<!--#set var="DATE" value='<small class="date-tag">2023-11</small>'
@@ -517,5 +545,5 @@
Information document, www.gnu.org/prep/maintain. -->
-<p>Copyright © 2016-2023 Free Software Foundation, Inc.</p>
+<p>Copyright © 2016-2024 Free Software Foundation, Inc.</p>
<p>This page is licensed under a <a rel="license"
@@ -527,5 +555,5 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2023/12/26 16:11:01 $
+$Date: 2024/01/03 11:55:26 $
<!-- timestamp end -->
</p>
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- all.html malware-cars.html proprietary-drm.html proprietary.html ...,
Diff Report <=