PCDVD數位科技討論區
PCDVD數位科技討論區   註冊 常見問題 標記討論區為已讀

回到   PCDVD數位科技討論區 > 其他群組 > 七嘴八舌異言堂
帳戶
密碼
 

  回應
 
主題工具
東東08
*停權中*
 
東東08的大頭照
 

加入日期: Jun 2002
文章: 860
htc仆街再一次:軟體捅漏洞.客戶個資如糞土!

htc仆街再一次:軟體捅漏洞.客戶個資如糞土!
http://www.ecounsel.net/2013/02/24/...9C%9F%EF%BC%81/
     
      
舊 2013-02-24, 11:59 PM #1
回應時引用此文章
東東08離線中  
cesarlin
Advance Member
 
cesarlin的大頭照
 

加入日期: Jan 2003
文章: 329
很討厭這種刻意將原文扭曲,以為所有人都看不懂原文,雖然他講的可能是事實不過這種刻意誤導的背後動機,讓我對他的文章完全沒有任何尊重,也失去任何的信任。
 
舊 2013-02-25, 12:20 AM #2
回應時引用此文章
cesarlin離線中  
不笑的老K
Major Member
 
不笑的老K的大頭照
 

加入日期: Aug 2012
您的住址: 城管局
文章: 273
引用:
作者cesarlin
很討厭這種刻意將原文扭曲,以為所有人都看不懂原文…
 原文的意思是? (啊∼好懶啊∼)
__________________
「好!你們要王,我告訴你,如果你們要王,你們要知道,你要加稅、你要被欺負,因為王要用厚厚重稅來欺壓你們,你們不要我做王,我讓你們。你們選的王,不是合我心意的 ,你們受盡痛苦!」
舊 2013-02-25, 12:23 AM #3
回應時引用此文章
不笑的老K離線中  
黑暗的左手
*停權中*
 

加入日期: Jan 2013
文章: 65
原文在此:
看完之後. 我覺得HTC真的是亂來瞎搞

For Release: 02/22/2013

HTC America Settles FTC Charges It Failed to Secure Millions of Mobile Devices Shipped to Consumers
Company Required to Patch Vulnerabilities on Smartphones and Tablets
Mobile device manufacturer HTC America has agreed to settle Federal Trade Commission charges that the company failed to take reasonable steps to secure the software it developed for its smartphones and tablet computers, introducing security flaws that placed sensitive information about millions of consumers at risk.

The settlement requires HTC America to develop and release software patches to fix vulnerabilities found in millions of HTC devices. In addition, the settlement requires HTC America to establish a comprehensive security program designed to address security risks during the development of HTC devices and to undergo independent security assessments every other year for the next 20 years.

HTC America, Inc., a leading mobile device manufacturer in the United States, develops and manufactures mobile devices based on the Android, Windows Mobile, and Windows Phone operating systems. HTC America has customized the software on these devices in order to differentiate itself from competitors and to comply with the requirements of mobile network operators.

The Commission charged that HTC America failed to employ reasonable and appropriate security practices in the design and customization of the software on its mobile devices. Among other things, the complaint alleged that HTC America failed to provide its engineering staff with adequate security training, failed to review or test the software on its mobile devices for potential security vulnerabilities, failed to follow well-known and commonly accepted secure coding practices, and failed to establish a process for receiving and addressing vulnerability reports from third parties.

To illustrate the consequences of these alleged failures, the FTC’s complaint details several vulnerabilities found on HTC’s devices, including the insecure implementation of two logging applications - Carrier IQ and HTC Loggers - as well as programming flaws that would allow third-party applications to bypass Android’s permission-based security model.

Due to these vulnerabilities, the FTC charged, millions of HTC devices compromised sensitive device functionality, potentially permitting malicious applications to send text messages, record audio, and even install additional malware onto a consumer’s device, all without the user’s knowledge or consent. The FTC alleged that malware placed on consumers’ devices without their permission could be used to record and transmit information entered into or stored on the device, including, for example, financial account numbers and related access codes or medical information such as text messages received from healthcare providers and calendar entries concerning doctor’s appointments. In addition, malicious applications could exploit the vulnerabilities on HTC devices to gain unauthorized access to a variety of other sensitive information, such as the user’s geolocation information and the contents of the user’s text messages.

Moreover, the complaint alleged that the user manuals for HTC Android-based devices contained deceptive representations, and that the user interface for the company’s Tell HTC application was also deceptive. In both cases, the security vulnerabilities in HTC Android-based devices undermined consent mechanisms that would have otherwise prevented unauthorized access or transmission of sensitive information.

The settlement not only requires the establishment of a comprehensive security program, but also prohibits HTC America from making any false or misleading statements about the security and privacy of consumers’ data on HTC devices. HTC America and its network operator partners are also in the process of deploying the security patches required by the settlement to consumers’ devices. Many consumers have already received the required security updates. The FTC encourages consumers to apply the updates as soon as possible.

The settlement with HTC America is part of the FTC’s ongoing effort to ensure that companies secure the software and devices that they ship to consumers. Earlier this month, the FTC introduced Mobile App Developers: Start with Security, a new business guide that encourages app developers to aim for reasonable data security. In addition, on June 4, 2013, the Commission will host a public forum on malware and other mobile security threats in order to examine the security of existing and developing mobile technologies and the roles that various members of the mobile ecosystem can play in protecting consumers.

The Commission vote to accept the consent agreement package containing the proposed consent order for public comment was 3-0-2, with Chairman Jon Leibowitz not participating and Commissioner Maureen Ohlhausen recused. The FTC will publish a description of the consent agreement package in the Federal Register shortly. The agreement will be subject to public comment for 30 days, beginning today and continuing through March 22, after which the Commission will decide whether to make the proposed consent order final. Interested parties can submit comments electronically or in paper form by following the instructions in the “Invitation To Comment” part of the “Supplementary Information” section. Comments in paper form should be mailed or delivered to: Federal Trade Commission, Office of the Secretary, Room H-113 (Annex D), 600 Pennsylvania Avenue, N.W., Washington, DC 20580. The FTC is requesting that any comment filed in paper form near the end of the public comment period be sent by courier or overnight service, if possible, because U.S. postal mail in the Washington area and at the Commission is subject to delay due to heightened security precautions.

Twitter Chat
FTC staff will host a Twitter Chat today from 12-1 p.m. ET to answer questions about the HTC America settlement. Follow @FTC and tweet questions with the hashtag #FTCpriv.

NOTE: The Commission issues an administrative complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. The complaint is not a finding or ruling that the respondent has actually violated the law. A consent order is for settlement purposes only and does not constitute an admission by the respondent that the law has been violated. When the Commission issues a consent order on a final basis, it carries the force of law with respect to future actions. Each violation of such an order may result in a civil penalty of up to $16,000.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC's online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s website provides free information on a variety of consumer topics. Like the FTC on Facebook, follow us on Twitter, and subscribe to press releases for the latest FTC news and resources.
舊 2013-02-25, 12:45 AM #4
回應時引用此文章
黑暗的左手離線中  
無愛無恨
*停權中*
 

加入日期: Mar 2010
文章: 157
看不懂原文沒關係, 看得懂股價就好了
舊 2013-02-25, 12:51 AM #5
回應時引用此文章
無愛無恨離線中  
東東08
*停權中*
 
東東08的大頭照
 

加入日期: Jun 2002
文章: 860
美國 HTC 跟 FTC 就記錄軟體的保安漏洞案件和解

http://chinese.engadget.com/2013/02...ies-in-logging/

HTC 手機上的 Carriers IQ 軟體案件總算來一個終結,日前該公司的美國分部(HTC America)跟 FTC 達成了和解,答應改善手機的保安。FTC 指出他們在 HTC 手機上找出不同的保安漏洞,包括了 Carriers IQ 和 HTC Loggers 兩款軟體,以及容許第三方軟體越過 Android 保安認可的程式碼。現在雖然達了和解,但可是有條件的,美國 HTC 不但需要在他們的手機上運行深入的保安漏洞偵測軟體,而且他們不能作出任何有關(影響到)使用者資訊的虛假或誤導聲明,同時亦需要跟電訊商們一起發放安全修正更新。在此後的 20 年裡 HTC 都需要接受獨立的安全評估。雖然要「守行為」20 年,不過總好過被政府告和罰款啦。
舊 2013-02-25, 01:23 AM #6
回應時引用此文章
東東08離線中  
megag5
*停權中*
 
megag5的大頭照
 

加入日期: Oct 2010
您的住址: 四季如夏的地方
文章: 2,596
講到HTC的軟體問題...我的HTC Titan一直無法在簡訊中傳照片(可是可以收到別人簡訊中帶的圖片)這應該很不正常吧...
舊 2013-02-25, 02:00 AM #8
回應時引用此文章
megag5離線中  
silent
Major Member
 

加入日期: Dec 2012
文章: 182
跟所謂4年工作經驗,從某公司跳出來的senior developer一起做過事,完全不意外...
舊 2013-02-25, 02:04 AM #9
回應時引用此文章
silent離線中  
judoyang
Regular Member
 

加入日期: Sep 2003
您的住址: 台中縣
文章: 63
以前被放生的機種還有機會更新嗎???

如果有更新才代表HTC有在補破洞

我手上被放生很久的Hero

此文章於 2013-02-25 02:32 AM 被 judoyang 編輯.
舊 2013-02-25, 02:30 AM #10
回應時引用此文章
judoyang離線中  


    回應


POPIN
主題工具

發表文章規則
不可以發起新主題
不可以回應主題
不可以上傳附加檔案
不可以編輯您的文章

vB 代碼打開
[IMG]代碼打開
HTML代碼關閉



所有的時間均為GMT +8。 現在的時間是08:16 PM.


vBulletin Version 3.0.1
powered_by_vbulletin 2025。