Feed aggregator

Physical RAM attack can root Android and possibly other devices

LXer -

A team of researchers from the VUSec Group at Vrije Universiteit Amsterdam in the Netherlands, the Graz University of Technology in Austria, and the University of California in Santa Barbara has demonstrated not only are Rowhammer attacks possible on ARM, but they're even easier to pull off than on x86.

Largest Auto-Scandal Settlement In US History: Judge Approves $15 Billion Volkswagen Settlement

Slashdot -

A federal just has approved the largest auto-scandal settlement in U.S. history, a $14.7 billion settlement concerning Volkswagen Group's diesel car emissions scandal. USA Today reports: U.S. District Court Judge Charles Breyer in San Francisco approved the sweeping agreement between consumers, the government, California regulators and the German automaker in a written ruling a week after signaling he was likely to sign off. He said the agreement is "fair, reasonable and adequate." The settlement comes about a year after Volkswagen admitted that it rigged 11 million vehicles worldwide with software designed to dodge emissions standards. The company is still facing criminal investigations by the U.S. Justice Department and German prosecutors. The U.S. probe could lead to additional financial penalties and criminal indictments. About 475,000 Volkswagen owners in the U.S. can choose between a buyback or a free fix and compensation, if a repair becomes available. VW will begin administering the settlement immediately, having already devoted several hundred employees to handling the process. Buybacks range in value from $12,475 to $44,176, including restitution payments, and varying based on milage. People who opt for a fix approved by the Environmental Protection Agency will receive payouts ranging from $5,100 to $9,852, depending on the book value of their car. Volkswagen will also pay $2.7 billion for environmental mitigation and another $2 billion for clean-emissions infrastructure.

Read more of this story at Slashdot.

Video: Police Viciously Attacked Peaceful Protesters at the Dakota Access Pipeline

The Intercept -

On October 22, just before dawn, hundreds of people, including many families, gathered and prepared to march toward the Dakota Access pipeline construction site near Standing Rock, North Dakota. Native American organizers lit sage and prayed for protection from police brutality before setting off on the 8-mile trek. Many in the crowd were emotional as they stood over what was once their ancestral burial grounds. Just last month, construction workers and contractors destroyed the site in preparation for installing the pipeline.

Aside from the desecration of sacred sites, critics argue, the environmental hazards caused by the pipelines and the possibility of a spill will be catastrophic. Members of the Standing Rock Sioux tribe and reservation, which is located just a mile from the construction sites, say the pipelines will contaminate their drinking water and pollute the Missouri River.

The march was undertaken in solidarity with several protesters who had chained themselves to bulldozers and pipeline machinery at the construction site. But the marchers never made it to their destination. Instead, they were attacked by police forces who used pepper spray and beat protesters with batons. Dozens of officers, backed by military trucks, police vans, machine guns, and nonlethal weapons, violently approached the group without warning.

“Don’t move, everyone is under arrest,” said a voice from the loudspeaker of the military vehicle.

As the protesters attempted to leave, the police began beating and detaining them. Several Native American women leading the march were targeted, dragged out of the crowd, and arrested. One man was body-slammed to the ground, while another woman broke her ankle running from the police. The military and police trucks followed the protesters as nearly a hundred officers corralled the protesters into a circle. Among the arrested were journalists, a 17-year-old pregnant girl, and a 78-year-old woman.

In total, more than 140 people were detained in half an hour. It was the largest roundup of protesters since the movement against the pipelines intensified two months ago. A majority of those arrested were charged with rioting and criminal trespass. Overall, close to 300 people have been arrested since protests against the pipeline kicked off over the summer.

When we arrived in Mandan, the jail was so overwhelmed with people that we had to sit on the floor in the jail’s common area. Two Native American men were thrown into solitary confinement. A number of women faced humiliating strip searches, which included spreading their body parts and jumping up and down while coughing. We were refused phone calls and received no food or water for eight hours after being arrested. Two women fainted from low blood sugar and another had her medication taken away, causing her to shake and sweat profusely.

When I was released from jail, my camera was missing. When I asked about its whereabouts, a police officer said, “Your camera is being held as evidence in a crime.”

The video footage presented here was shot from the beginning of the march, during the prayer, and ends the moment I was arrested. Many families, nearly all of them Native American, can be seen running for the hills. Many people told me they felt as though they were re-enacting the massacres of the Lakota nation during the westward expansion of the United States, when families were shot in the back as they fled.

The post Video: Police Viciously Attacked Peaceful Protesters at the Dakota Access Pipeline appeared first on The Intercept.

Warner Bros Claims Agency Ran Its Own Pirate Movie Site

Slashdot -

Warner Bros Entertainment has sued talent agency Innovative Artists, claiming that the agency ran its own pirate site when it ripped DVD screeners and streamed them to associates via Google servers. TorrentFreak adds: In a lawsuit filed in a California federal court, Warner accuses the agency of effectively setting up its own pirate site, stocked with rips of DVD screeners that should have been kept secure. "Beginning in late 2015, Innovative Artists set up and operated an illegal digital distribution platform that copied movies and then distributed copies and streamed public performances of those movies to numerous people inside and outside of the agency," the complaint reads. "Innovative Artists stocked its platform with copies of Plaintiff's works, including copies that Innovative Artists made by ripping awards consideration 'screener' DVDs that Plaintiff sent to the agency to deliver to one of its clients." Given its position in the industry, Innovative Artists should have known better than to upload content, Warner's lawyers write.

Read more of this story at Slashdot.

Colin Powell endorses Hillary Clinton

Boing Boing -

Republican Secretary of State Colin Powell says he's going to vote for Democrat Hillary Clinton instead of his own party's candidate, millionaire reality TV star Donald Trump.

“I am voting for Hillary Clinton,” he said, according to Matthew Cohen, a spokesman for the association. Mr. Powell went on to praise Mrs. Clinton for her skills as a leader and her experience.

Paule Pachter, a Long Island Association board member, said that Mr. Powell was blunt.

“He said he would support Hillary Clinton and he also elaborated on several reason why he felt that Donald Trump was not the right candidate,” he said. “He spoke about his inexperience, he spoke about the messages that he’s sending out every day to his supporters, which really paints our country in a negative light across the globe with all our allies.”

Powell had recently expressed some annoyance at Mrs. Clinton dragging him into the private email server imbroglio. I wonder if Trump's foolish and clueless remarks about the attack on Mosul was the last straw.

The Phone Hackers At Cellebrite Have Had Their Firmware Leaked Online

Slashdot -

An anonymous reader quotes a report from Motherboard: Cellebrite, an Israeli company that specializes in digital forensics, has dominated the market in helping law enforcement access mobile phones. But one apparent reseller of the company's products is publicly distributing copies of Cellebrite firmware and software for anyone to download. Although Cellebrite keeps it most sensitive capabilities in-house, the leak may still give researchers, or competitors, a chance to figure out how Cellebrite breaks into and analyzes phones by reverse-engineering the files. The apparent reseller distributing the files is McSira Professional Solutions, which, according to its website, "is pleased to serve police, military and security agencies in the E.U. And [sic] in other parts of the world." McSira is hosting software for various versions of Cellebrite's Universal Forensic Extraction Device (UFED), hardware that investigators can use to bypass the security mechanisms of phones, and then extract data from them. McSira allows anyone to download firmware for the UFED Touch, and a PC version called UFED 4PC. It is also hosting pieces of Cellebrite forensic software, such as the UFED Cloud Analyzer. This allows investigators to further scrutinize seized data. McSira is likely offering downloads so customers can update their hardware to the latest version with as little fuss as possible. But it may be possible for researchers to take those files, reverse-engineer them, and gain insight into how Cellebrite's tools work. That may include what sort of exploits Cellebrite uses to bypass the security mechanisms of mobile phones, and weaknesses in the implementation of consumer phones that could be fixed, according to one researcher who has started to examine the files, but was not authorised by his employer to speak to the press about this issue.

Read more of this story at Slashdot.

An introduction to Mozilla's Secure Open Source Fund

LXer -

Chris Riley is Head of Public Policy at Mozilla, where he works on open Internet policy initiatives and developments. I had a chance to catch up with Chris about a new effort launched at Mozilla called the Secure Open Source Fund. The goal of the Fund is to support security audits and remediation for open source software projects.read more

Next-gen MacBook Pro leaked, features OLED toolbar above the keyboard

Liliputing -

Apple’s holding an event later this week, where the company is expected to introduce a new MacBook pro laptop, among other things. And rumors have been making the rounds for months that one new feature for that laptop would be a touchscreen OLED toolbar above the keyboard, allowing you to interact with software-defined “keys” that could change depending on what you’re doing with the laptop.

Now it looks like those rumors were true.

Continue reading Next-gen MacBook Pro leaked, features OLED toolbar above the keyboard at Liliputing.


Subscribe to debianHELP aggregator