歐美地區算是人多且高收入.. 基本在那些地區發布.. 是可能比較有賺頭.. HTC 這策略是正面的.. 但相信他們花錢也是會斤斤計較 CP 值.. 我有國外朋友. 專門來台買華碩 NB.. 跑去光華比價.. 結果比較貴.. 當場沒買.. 據說是打算回瑞典再買.. (價差多少不得而知.後來沒繼續追問.) 以下是這兩天新聞.. [url="http://news.rti.org.tw/index_newsContent.aspx?nid=407660"]宏達電與美和解 將補隱私漏洞[/url] （中央社台北23日電） 美國聯邦貿易委員會指出，在雙方達成和解下，宏達電美國子公司HTC America Inc.須開發並釋出軟體更新，以修補數百萬智慧型手機和平板電腦中發現的安全漏洞。 彭博社報導，根據美國聯邦貿易委員會（Federal Trade Commission, FTC）新聞稿內容，這些安全漏洞讓數百萬消費者的敏感資訊面臨風險，恐讓惡意程式在用戶無法得知或不同意情況下傳送文字簡訊、錄音及安裝其他惡意軟體。 FTC指出，置入行動裝置的惡意程式可能被用於記錄並傳輸這些裝置中的資訊，包括金融帳戶資料與行事曆內容，或取得用戶位置等資訊。 宏達電以電郵聲明指出，「我們已處理在美國多數裝置中發現的安全漏洞。」「目前正致力推出剩餘軟體更新，建議客戶一旦可用時即刻下載。」 HTC America是台灣宏達電的美國子公司。宏達電在2011年第3季曾為美國智慧型手機製造業龍頭，之後遭蘋果公司（Apple Inc.）和三星電子公司（Samsung Electronics Co.）蠶食而流失市占率，截至去年12月當季掉出全球前5大智慧型手機供應商之列。 這次和解要求HTC America建立週全的安全專案，且未來20年每兩年接受獨立安全評量。FTC表示，HTC America和其合作夥伴正部署和解協議下的安全更新。 此外，這次和解協議也禁止宏達電在其裝置的消費者資料安全與隱私上作出虛假或誤導陳述。 （譯者：中央社徐睿承）1020223

歐美地區算是人多且高收入.. 基本在那些地區發布.. 是可能比較有賺頭.. HTC 這策略是正面的.. 但相信他們花錢也是會斤斤計較 CP 值.. 我有國外朋友. 專門來台買華碩 NB.. 跑去光華比價.. 結果比較貴.. 當場沒買.. 據說是打算回瑞典再買.. (價差多少不得而知.後來沒繼續追問.) ========================================== 以下是這兩天新聞.. [url="http://news.rti.org.tw/index_newsContent.aspx?nid=407660"]宏達電與美和解 將補隱私漏洞[/url] （中央社台北23日電） 美國聯邦貿易委員會指出，在雙方達成和解下，宏達電美國子公司HTC America Inc.須開發並釋出軟體更新，以修補數百萬智慧型手機和平板電腦中發現的安全漏洞。 彭博社報導，根據美國聯邦貿易委員會（Federal Trade Commission, FTC）新聞稿內容，這些安全漏洞讓數百萬消費者的敏感資訊面臨風險，恐讓惡意程式在用戶無法得知或不同意情況下傳送文字簡訊、錄音及安裝其他惡意軟體。 FTC指出，置入行動裝置的惡意程式可能被用於記錄並傳輸這些裝置中的資訊，包括金融帳戶資料與行事曆內容，或取得用戶位置等資訊。 宏達電以電郵聲明指出，「我們已處理在美國多數裝置中發現的安全漏洞。」「目前正致力推出剩餘軟體更新，建議客戶一旦可用時即刻下載。」 HTC America是台灣宏達電的美國子公司。宏達電在2011年第3季曾為美國智慧型手機製造業龍頭，之後遭蘋果公司（Apple Inc.）和三星電子公司（Samsung Electronics Co.）蠶食而流失市占率，截至去年12月當季掉出全球前5大智慧型手機供應商之列。 這次和解要求HTC America建立週全的安全專案，且未來20年每兩年接受獨立安全評量。FTC表示，HTC America和其合作夥伴正部署和解協議下的安全更新。 此外，這次和解協議也禁止宏達電在其裝置的消費者資料安全與隱私上作出虛假或誤導陳述。 （譯者：中央社徐睿承）1020223

[url="http://www.ecounsel.net/2013/02/24/htc%E4%BB%86%E8%A1%97%E5%86%8D%E4%B8%80%E6%AC%A1%EF%BC%9A%E8%BB%9F%E9%AB%94%E6%8D%85%E6%BC%8F%E6%B4%9E%EF%BC%8E%E5%AE%A2%E6%88%B6%E5%80%8B%E8%B3%87%E5%A6%82%E7%B3%9E%E5%9C%9F%EF%BC%81/"]htc仆街再一次：軟體捅漏洞．客戶個資如糞土！[/url] 最近一份Federal Trade Commission（美國聯邦貿易委員會）的調查結果公布，我們才知道這家公司竟然連客戶的個資保護，都膽敢不當一回事！ 由於htc擅自移除了Android及Windows Mobile裡的個資保護機制，以致於手機使用者的電話號碼、簡訊內容、瀏覽紀錄、所在位置、信用卡及銀行交易等等極度敏感的資料，都處於能輕易被駭客取得的狀態；更不可思議的，是連自己與他人的通話內容，都因為htc故意將安全機制移除之緣故，而可以被竊錄！FTC消費者保護局的資深律師Lesley Fair表示「這家公司在設計產品時，根本不把資安放在眼裡；它不測試自己手機軟體上潛在的安全弱點、不遵循在撰寫程式時為業界通用的安全規範、而當對其漏洞提出警告時還根本不予理會…」(“The company didn’t design its products with security in mind,” Lesley Fair, a senior lawyer in the commission’s Bureau of Consumer Protection, wrote in a blog post. “HTC didn’t test the software on its mobile devices for potential security vulnerabilities, didn’t follow commonly accepted secure coding practices and didn’t even respond when warned about the flaws in its devices.”) htc逼不得已，只好同意FTC的要求，在往後20年間，其手機都必須接受獨立專業機構的資安檢查。 我們不知道嚴凱泰和王雪紅究竟交情深到什麼程度，得公開痛罵Apple的使用者王八蛋。現在htc蔑視手機個資保護的醜聞曝了光，恐怕用宏達電的人，才會赫然發現自己在莫名其妙之下所有敏感個資都被惡意軟體公開，而變成了王八蛋。 [color="#7F0000"]個人資料保護法第22條第1-4項規定「中央目的事業主管機關或直轄市、縣（市）政府為執行資料檔案安全維護、業務終止資料處理方法、國際傳輸限制或其他例行性業務檢查而認有必要或有違反本法規定之虞時，得派員攜帶執行職務證明文件，進入檢查，並得命相關人員為必要之說明、配合措施或提供相關證明資料」、「中央目的事業主管機關或直轄市、縣（市）政府為前項檢查時，對於得沒入或可為證據之個人資料或其檔案，得扣留或複製之。對於應扣留或複製之物，得要求其所有人、持有人或保管人提出或交付；無正當理由拒絕提出、交付或抗拒扣留或複製者，得採取對該非公務機關權益損害最少之方法強制為之」、「中央目的事業主管機關或直轄市、縣（市）政府為第一項檢查時，得率同資訊、電信或法律等專業人員共同為之」、及「對於第一項及第二項之進入、檢查或處分，非公務機關及其相關人員不得規避、妨礙或拒絕」。 [/color] htc從台灣之光，變成台灣之恥。政府倘若再不對宏達電依法進行上述檢查，確認其已經為所有賣出的手機填補軟體漏洞、而杜絕個資被盜的風險的話，我們非但不建議買htc的手機，恐怕還應該暫時別打電話給htc的手機使用者。您總不希望原本以為只有天知地知你知我知的商業會談或私密傳情，都變成了茶餘飯後的談話頭吧？ [url="http://www.nytimes.com/2013/02/23/business/htc-settles-ftc-charges-over-security-flaws-in-devices.html?_r=1&"]HTC Settles Privacy Case Over Flaws in Phones[/url] [New York Times, By EDWARD WYATT, February 22, 2013] 【另可參考 [url="http://www.ftc.gov/opa/2013/02/htc.shtm"]FTC官方文件[/url] ／ [url="http://www.pcmag.com/article2/0,2817,2415774,00.asp"]PCMagazine[/url] 之報導】 WASHINGTON — More than 18 million smartphones and other mobile devices made by HTC, a Taiwanese company that is one of the largest sellers of smartphones in the United States, had security flaws that could allow location tracking of users against their will and the theft of personal information stored on their phones, federal officials said Friday. The flaws affected HTC’s Windows-based phones. The Federal Trade Commission charged HTC with customizing the software on its Android- and Windows-based phones in ways that let third-party applications install software that could steal personal information, surreptitiously send text messages or enable the device’s microphone to record the user’s phone calls. The action is the first attempt by the commission to police a manufacturer of mobile devices. As smartphones and tablets become a common way for consumers to shop, bank and chat online, personal information and privacy will need to be guarded. HTC America, based in Bellevue, Wash., agreed to settle the civil suit with the commission by issuing software patches that close the security holes, and by creating a security program that will be monitored by an independent party for the next 20 years. The F.T.C. does not have the authority to assess fines in consumer protection cases. “The company didn’t design its products with security in mind,” Lesley Fair, a senior lawyer in the commission’s Bureau of Consumer Protection, wrote in a blog post. “HTC didn’t test the software on its mobile devices for potential security vulnerabilities, didn’t follow commonly accepted secure coding practices and didn’t even respond when warned about the flaws in its devices.” An HTC official said Friday that the company had already started to update its software and distribute it to users of some, but not all, of the affected phones. “Working with our carrier partners, we have addressed the identified security vulnerabilities on the majority of devices in the U.S. released after December 2010,” Sally Julien, an HTC spokeswoman, said in a statement. “We’re working to roll out the remaining software updates now and recommend customers download them once available.” “Privacy and security are important,” the statement added, “and we are committed to improving practices that help safeguard our customers’ devices and data.” The trade commission charged that the security flaws resulted from HTC’s modifying the operating system software used on most of the affected phones. In the case of Android, created by Google, the system is designed to protect sensitive information and phone functions through what is known as a permission-based security model. That requires a user, when installing an application that is not a standard part of the operating system, to be notified and to agree that the application could gain access to certain information or functions. HTC, however, preinstalled certain apps on its phones in a way that, in addition to preventing consumers from removing them, disabled the permission-based model and allowed newly installed apps to have immediate access to personal data. “The analogy isn’t exact,” wrote Ms. Fair of the F.T.C., “but it’s like giving a friend the combination to a safe only to find out he’s handing it over to anyone who asks.” That security hole could, for example, let the rogue software secretly record users’ phone conversations or track their location. Flaws in the security system could also give third-party apps access to phone numbers, contents of text messages, browsing history and information like credit card numbers and banking transactions. Those flaws also affected HTC phones that used Windows-based operating systems. While HTC’s actions introduced numerous security vulnerabilities to its phones, a commission official said it was not clear how many users experienced illegal incursions into their phones and personal information. The flaw in the company’s phones has been known since at least 2011. HTC acknowledged the problems at that time and developed software patches for at least some of the deficiencies that year. But the problems were far from minor. The F.T.C. said that text-message toll fraud, in which a hacker causes a phone to send text messages to a number that charges the user for delivery of the message, “is one of the most common types of Android malware,” or malicious software. HTC’s user manuals either said or implied that a user was protected against malware because of the permission-based security, the commission said. The commission will collect public comments on the proposed remedies for 30 days, after which it will decide whether to formally carry out the order. If HTC subsequently violates the order’s restrictions and requirements, it faces civil penalties of up to $16,000 a violation.

[url="http://www.ecounsel.net/2013/02/24/htc%E4%BB%86%E8%A1%97%E5%86%8D%E4%B8%80%E6%AC%A1%EF%BC%9A%E8%BB%9F%E9%AB%94%E6%8D%85%E6%BC%8F%E6%B4%9E%EF%BC%8E%E5%AE%A2%E6%88%B6%E5%80%8B%E8%B3%87%E5%A6%82%E7%B3%9E%E5%9C%9F%EF%BC%81/"]htc仆街再一次：軟體捅漏洞．客戶個資如糞土！[/url] [color="#7F0000"]最近一份 Federal Trade Commission（美國聯邦貿易委員會）的調查結果公布，我們才知道這家公司竟然連客戶的個資保護，都膽敢不當一回事！[/color] 由於 [color="#FF0000"]htc 擅自移除了 Android 及 Windows Mobile 裡的個資保護機制[/color]，以致於手機使用者的電話號碼、簡訊內容、瀏覽紀錄、所在位置、信用卡及銀行交易等等極度敏感的資料，都處於能輕易被駭客取得的狀態；更不可思議的，是連自己與他人的通話內容，都因為htc故意將安全機制移除之緣故，而可以被竊錄！FTC消費者保護局的資深律師Lesley Fair表示「這家公司在設計產品時，根本不把資安放在眼裡；它不測試自己手機軟體上潛在的安全弱點、不遵循在撰寫程式時為業界通用的安全規範、而當對其漏洞提出警告時還根本不予理會…」(“The company didn’t design its products with security in mind,” Lesley Fair, a senior lawyer in the commission’s Bureau of Consumer Protection, wrote in a blog post. “HTC didn’t test the software on its mobile devices for potential security vulnerabilities, didn’t follow commonly accepted secure coding practices and didn’t even respond when warned about the flaws in its devices.”) htc逼不得已，只好同意FTC的要求，在往後20年間，其手機都必須接受獨立專業機構的資安檢查。 我們不知道嚴凱泰和王雪紅究竟交情深到什麼程度，得公開痛罵Apple的使用者王八蛋。現在htc蔑視手機個資保護的醜聞曝了光，恐怕用宏達電的人，才會赫然發現自己在莫名其妙之下所有敏感個資都被惡意軟體公開，而變成了王八蛋。 [color="#7F0000"]個人資料保護法第22條第1-4項規定「中央目的事業主管機關或直轄市、縣（市）政府為執行資料檔案安全維護、業務終止資料處理方法、國際傳輸限制或其他例行性業務檢查而認有必要或有違反本法規定之虞時，得派員攜帶執行職務證明文件，進入檢查，並得命相關人員為必要之說明、配合措施或提供相關證明資料」、「中央目的事業主管機關或直轄市、縣（市）政府為前項檢查時，對於得沒入或可為證據之個人資料或其檔案，得扣留或複製之。對於應扣留或複製之物，得要求其所有人、持有人或保管人提出或交付；無正當理由拒絕提出、交付或抗拒扣留或複製者，得採取對該非公務機關權益損害最少之方法強制為之」、「中央目的事業主管機關或直轄市、縣（市）政府為第一項檢查時，得率同資訊、電信或法律等專業人員共同為之」、及「對於第一項及第二項之進入、檢查或處分，非公務機關及其相關人員不得規避、妨礙或拒絕」。 [/color] htc從台灣之光，變成台灣之恥。政府倘若再不對宏達電依法進行上述檢查，確認其已經為所有賣出的手機填補軟體漏洞、而杜絕個資被盜的風險的話，我們非但不建議買htc的手機，恐怕還應該暫時別打電話給htc的手機使用者。您總不希望原本以為只有天知地知你知我知的商業會談或私密傳情，都變成了茶餘飯後的談話頭吧？ [url="http://www.nytimes.com/2013/02/23/business/htc-settles-ftc-charges-over-security-flaws-in-devices.html?_r=1&"]HTC Settles Privacy Case Over Flaws in Phones[/url] [New York Times, By EDWARD WYATT, February 22, 2013] 【另可參考 [url="http://www.ftc.gov/opa/2013/02/htc.shtm"]FTC官方文件[/url] ／ [url="http://www.pcmag.com/article2/0,2817,2415774,00.asp"]PCMagazine[/url] 之報導】 WASHINGTON — More than 18 million smartphones and other mobile devices made by HTC, a Taiwanese company that is one of the largest sellers of smartphones in the United States, had security flaws that could allow location tracking of users against their will and the theft of personal information stored on their phones, federal officials said Friday. The flaws affected HTC’s Windows-based phones. The Federal Trade Commission charged HTC with customizing the software on its Android- and Windows-based phones in ways that let third-party applications install software that could steal personal information, surreptitiously send text messages or enable the device’s microphone to record the user’s phone calls. The action is the first attempt by the commission to police a manufacturer of mobile devices. As smartphones and tablets become a common way for consumers to shop, bank and chat online, personal information and privacy will need to be guarded. HTC America, based in Bellevue, Wash., agreed to settle the civil suit with the commission by issuing software patches that close the security holes, and by creating a security program that will be monitored by an independent party for the next 20 years. The F.T.C. does not have the authority to assess fines in consumer protection cases. “The company didn’t design its products with security in mind,” Lesley Fair, a senior lawyer in the commission’s Bureau of Consumer Protection, wrote in a blog post. “HTC didn’t test the software on its mobile devices for potential security vulnerabilities, didn’t follow commonly accepted secure coding practices and didn’t even respond when warned about the flaws in its devices.” An HTC official said Friday that the company had already started to update its software and distribute it to users of some, but not all, of the affected phones. “Working with our carrier partners, we have addressed the identified security vulnerabilities on the majority of devices in the U.S. released after December 2010,” Sally Julien, an HTC spokeswoman, said in a statement. “We’re working to roll out the remaining software updates now and recommend customers download them once available.” “Privacy and security are important,” the statement added, “and we are committed to improving practices that help safeguard our customers’ devices and data.” The trade commission charged that the security flaws resulted from HTC’s modifying the operating system software used on most of the affected phones. In the case of Android, created by Google, the system is designed to protect sensitive information and phone functions through what is known as a permission-based security model. That requires a user, when installing an application that is not a standard part of the operating system, to be notified and to agree that the application could gain access to certain information or functions. HTC, however, preinstalled certain apps on its phones in a way that, in addition to preventing consumers from removing them, disabled the permission-based model and allowed newly installed apps to have immediate access to personal data. “The analogy isn’t exact,” wrote Ms. Fair of the F.T.C., “but it’s like giving a friend the combination to a safe only to find out he’s handing it over to anyone who asks.” That security hole could, for example, let the rogue software secretly record users’ phone conversations or track their location. Flaws in the security system could also give third-party apps access to phone numbers, contents of text messages, browsing history and information like credit card numbers and banking transactions. Those flaws also affected HTC phones that used Windows-based operating systems. While HTC’s actions introduced numerous security vulnerabilities to its phones, a commission official said it was not clear how many users experienced illegal incursions into their phones and personal information. The flaw in the company’s phones has been known since at least 2011. HTC acknowledged the problems at that time and developed software patches for at least some of the deficiencies that year. But the problems were far from minor. The F.T.C. said that text-message toll fraud, in which a hacker causes a phone to send text messages to a number that charges the user for delivery of the message, “is one of the most common types of Android malware,” or malicious software. HTC’s user manuals either said or implied that a user was protected against malware because of the permission-based security, the commission said. The commission will collect public comments on the proposed remedies for 30 days, after which it will decide whether to formally carry out the order. If HTC subsequently violates the order’s restrictions and requirements, it faces civil penalties of up to $16,000 a violation.