Texto del artículo:
Security experts have discovered a highly threatening vulnerability in software preinstalled on some Windows computers manufactured by Lenovo through January 2015. Extreme negligence on the part of Lenovo and unscrupulous programming by its adware partner Superfish seem to have caused the vulnerability.
The basis of the problem is a program by Superfish that is designed to interject advertisements into users' Web browsing. That's irritating, but it gets worse. Superfish also installs a certificate that intercepts Web traffic and cripples the host computer's ability to use HTTPS to validate the authenticity of Web sites. This leaves an open door for attackers to use fake versions of sites that should be secure -- like bank Web sites -- to steal personal information. You can read more about the vulnerability at Ars Technica.
Whenever you use proprietary software like Windows or Superfish, true, trustable, verifiable security is always out of reach. Because proprietary code can't be publicly inspected, there's no way to validate its security. Users have to trust that the code is safe and works as advertised. Since proprietary code can only be modified by the developers who claim to own it, users are powerless to choose the manner in which security bugs are fixed. With proprietary software, user security is secondary to developer control.
Recent high-profile security vulnerabilities in free software, like Heartbleed and POODLE, were created when well-intentioned developers made mistakes that were difficult to detect. But this is different -- Lenovo and Superfish caused a massive security breach for the sake of expedience in generating ad revenue.
These companies have shown such blatant disregard for the public trust that they will have to work hard to restore it. Lenovo should work with a third party committed to the public interest -- like the Free Software Foundation -- to create and sell laptops that are certified to respect user freedom and come with a preinstalled free operating system. Join us in calling for this change on social media (see our recommendations for social media platforms).
Regardless of what Lenovo does, you can minimize your risk of exposure to Superfish and similar threats by uninstalling proprietary operating systems and using a free GNU/Linux distribution signed by a source you trust. If you are interested in a new computer, the FSF currently certifies two retail laptops that come with no proprietary software through our Respects Your Freedom program, and you can build your own free software-friendly computer with guidance from the community-maintained hardware database h-node.
If you have used a Lenovo computer running Superfish, make sure to reset any passwords you use on the Web, as they may have been intercepted.
Follow us on GNU social | Subscribe to our blogs via RSS | Join us as an associate member
Sent from the Free Software Foundation,
Artículo de www.profesionalespcm.org insertado por: El administrador web - Fecha: 21/02/2015 - ModificarComparte el artículo en las REDES SOCIALES: Delicious | Meneame | Facebook | Twitter | Technorati | Barrapunto
Sitio Web del Núcleo de Profesionales y Técnicos del Partido Comunista de Madrid PCM/PCE- http://www.profesionalespcm.org
Actualizado a 22/01/19
Los comentarios y colaboraciones son bienvenidos (comunistas_ARROBA_profesionalespcm_PUNTO_org):
Envíanos tu colaboración, o comentarios vía formulario.
¡¡AFÍLIATE EL PARTIDO COMUNISTA DE MADRID - PCE!
en este sitio web
Agregador RSS de noticias y contenidos - Aquí OTRA VERSIÓN DEL AGREGADOR RSS XML