P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 14-10-20, 08:34 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - October 17th, ’20

Since 2002































Early Edition



October 17th, 2020
















Google Drops Curated News Plans in Australia Over 'Unworkable' Policy

It argues that it would be forced to pay.
Jon Fingas

Google’s dispute with Australia over online news is about to claim a major feature as a casualty. The internet giant has decided to freeze plans to launch its curated News Showcase in Australia over claims the draft News Media Bargaining Code is “unworkable.” It still objected to what it called a “must include, must pay” approach in the code where it not only has to pay news outlets it links to, but is obligated to carry those outlets for free.

The company argued it would deal with payment demands that would “not [be] financially sustainable” for any firm. It also argued that the code was too broad and could prove costly if there’s a claimed violation, with Google potentially paying up to 10 percent of its Australian revenue for a single infraction.

Australia’s Competition and Consumer Commission (ACCC) previously said that a Google open letter decrying the code “contains misinformation,” and that the company wouldn’t be required to charge for free services or share data with news organizations like the letter suggested.

This isn’t Google’s only fight over news. However, it could serve as a bellwether for rollouts elsewhere. If Google is willing to put an entire feature on hold for a country over what it sees as unfavorable terms, you could see a similar response elsewhere.
https://www.engadget.com/google-drop...181545424.html





There's Another Huge Right to Repair Fight Brewing in Massachusetts

As cars grow more complex, Massachusetts will vote on a big expansion of its landmark right to repair law.
Rob Stumpf October

Whether or not you live in Massachusetts, you should be paying attention to a very important vote coming up in November's election. Not for president, or senator, or even city council—no, Question 1 is a proposition that could dramatically strengthen or weaken the state's landmark right-to-repair law that previously forced automakers to make it easier for you to get your car fixed.

Essentially, Massachusetts voters are deciding on whether or not to add "mechanical" vehicle telematics data—realtime updates from a car's sundry sensors transmitted to an automaker's private servers—to the list of things OEMs have to share with independent mechanics. Telematics data was purposefully excluded from the original 2013 law, but as cars have gotten more computerized over the last decade, that gap in coverage has grown more pronounced.

The full information about what is appearing on the ballot can be found here. Voting "Yes" to Question 1 would expand access to wirelessly transmitted mechanical data regarding vehicle maintenance and repair. But what makes this a big deal for those outside Massachusetts is that the amendment will require automakers who want to do business in the state to make that data accessible through a smartphone app for owners starting in 2022.

Remember, it was the 2013 law's passage that forced automakers to adopt a nationwide right-to-repair standard. Could the same happen with open-access telematics data, which will only grow in importance as more cars add on driver-assist features? Pro-Question 1 organization Massachusetts Right to Repair argues the amendment would futureproof the law for consumers and independent repair shops beyond the state's borders.

Voting "No" would make no change to governing access over wirelessly transmitted vehicle data, meaning automakers would be under no obligation to provide a standard that consumers could use to analyze diagnostic information other than what is currently provided through the vehicle's OBDII port. Anti-Question 1 organization Coalition for Safe and Secure Data claims the proposition is nothing more than a data grab for third parties who want to access vehicle information remotely and in real-time. The group further argues that forcing automakers to open up their lines could potentially expose call data, GPS coordinates and other personal information to hackers.

Because everything in politics has to be awful, the Coalition for Safe and Secure Data even funded a commercial to push the extremely wrong and off-putting idea that Question 1 would allow sexual predators to track or remotely control the vehicles of their intended victims.

And there are some weighty forces at war here. According to Ballotpedia, more than $47 million has been spent by supporters and opponents to sway public opinion so far. The Right to Repair Coalition contributed $21.4 million, reportedly receiving large seven-figure donations from organizations like the Coalition of Automotive Repair Equality, Auto Care Association, Auto Zone, O'Reilly Auto Parts and Advance Auto Parts.

Meanwhile, the Coalition for Safe and Secure Data has shelled out at least $25.8 million to oppose Question 1, reportedly receiving large seven-figure donations from General Motors, Toyota, Ford, Honda and Nissan. Go figure.

Lobbying aside, the fact that groups are spending millions of dollars to oppose one another on a pro-consumer change boils down to two very important questions. First, should a consumer have a legal right to self-diagnose and self-repair a product that they purchased or otherwise own? We can all generally agree that yes, they should. We've highlighted what's on the other side of that before: the modern tractor industry, which lacks such a standard, is a maze of data gatekeepers and propriety repairs that actually drives farmers to seek out old, computer-free models instead.

But second, it's fair to ask why Massachusetts—a state which houses two percent of the U.S. population and where no major automaker has built vehicles since GM shut down its Framingham Assembly Plant in 1989—should dictate legislation with potentially far-reaching ramifications. Beyond the fact that a failure here could make it harder for future, larger-scale efforts to get off the ground, it's not clear that automakers will actually be able to get a secure, open-access portal off the ground in the next year and a half should the amendment pass. What happens then?

Vehicles are getting more complex as time goes on—there's no question about it. Many mechanical operations of vehicle controls have been computerized, and in order for consumers to properly troubleshoot problems, complex technical tools and in-depth understanding is often required. And as vehicles move away from internal combustion engines as a whole, it will become more important than ever for consumers to have access to important data about their vehicle, especially as the cost for repairs is driven up as reliability improves.

I know there will be other distractions, but keep your eyes on Massachusetts on November 3rd. The future of your next repair bill could depend on it.
https://www.thedrive.com/news/36980/...-massachusetts





Apple's T2 Security Chip Has an Unfixable Flaw

The Checkm8 vulnerability that exposed years of iPhones to jailbreaking has finally been exploited in Macs as well.
Lilly Hay Newman

A recently released tool is letting anyone exploit an unusual Mac vulnerability to bypass Apple's trusted T2 security chip and gain deep system access. The flaw is one researchers have also been using for more than a year to jailbreak older models of iPhones. But the fact that the T2 chip is vulnerable in the same way creates a new host of potential threats. Worst of all, while Apple may be able to slow down potential hackers, the flaw is ultimately unfixable in every Mac that has a T2 inside.

In general, the jailbreak community haven't paid as much attention to macOS and OS X as it has iOS, because they don't have the same restrictions and walled gardens that are built into Apple's mobile ecosystem. But the T2 chip, launched in 2017, created some limitations and mysteries. Apple added the chip as a trusted mechanism for securing high-value features like encrypted data storage, Touch ID, and Activation Lock, which works with Apple's "Find My" services. But the T2 also contains a vulnerability, known as Checkm8, that jailbreakers have already been exploiting in Apple's A5 through A11 (2011 to 2017) mobile chipsets. Now Checkra1n, the same group that developed the tool for iOS, has released support for T2 bypass.

On Macs, the jailbreak allows researchers to probe the T2 chip and explore its security features. It can even be used to run Linux on the T2 or play Doom on a MacBook Pro's Touch Bar. The jailbreak could also be weaponized by malicious hackers, though, to disable macOS security features like System Integrity Protection and Secure Boot and install malware. Combined with another T2 vulnerability that was publicly disclosed in July by the Chinese security research and jailbreaking group Pangu Team, the jailbreak could also potentially be used to obtain FileVault encryption keys and to decrypt user data. The vulnerability is unpatchable, because the flaw is in low-level, unchangeable code for hardware.

"The T2 is meant to be this little secure black box in Macs—a computer inside your computer, handling things like Lost Mode enforcement, integrity checking, and other privileged duties," says Will Strafach, a longtime iOS researcher and creator of the Guardian Firewall app for iOS. "So the significance is that this chip was supposed to be harder to compromise—but now it's been done."

Apple did not respond to WIRED's requests for comment.

There are a few important limitations of the jailbreak, though, that keep this from being a full-blown security crisis. The first is that an attacker would need physical access to target devices in order to exploit them. The tool can only run off of another device over USB. This means hackers can't remotely mass-infect every Mac that has a T2 chip. An attacker could jailbreak a target device and then disappear, but the compromise isn't "persistent"; it ends when the T2 chip is rebooted. The Checkra1n researchers do caution, though, that the T2 chip itself doesn't reboot every time the device does. To be certain that a Mac hasn't been compromised by the jailbreak, the T2 chip must be fully restored to Apple's defaults. Finally, the jailbreak doesn't give an attacker instant access to a target's encrypted data. It could allow hackers to install keyloggers or other malware that could later grab the decryption keys, or it could make it easier to brute-force them, but Checkra1n isn't a silver bullet.

"There are plenty of other vulnerabilities, including remote ones that undoubtedly have more impact on security," a Checkra1n team member tweeted on Tuesday.

In a discussion with WIRED, the Checkra1n researchers added that they see the jailbreak as a necessary tool for transparency about T2. "It’s a unique chip, and it has differences from iPhones, so having open access is useful to understand it at a deeper level," a group member said. "It was a complete black box before, and we are now able to look into it and figure out how it works for security research."

The exploit also comes as little surprise; it's been apparent since the original Checkm8 discovery last year that the T2 chip was also vulnerable in the same way. And researchers point out that while the T2 chip debuted in 2017 in top-tier iMacs, it only recently rolled out across the entire Mac line. Older Macs with a T1 chip are unaffected. Still, the finding is significant because it undermines a crucial security feature of newer Macs.

Jailbreaking has long been a gray area because of this tension. It gives users freedom to install and modify whatever they want on their devices, but it is achieved by exploiting vulnerabilities in Apple's code. Hobbyists and researchers use jailbreaks in constructive ways, including to conduct more security testing and potentially help Apple fix more bugs, but there's always the chance that attackers could weaponize jailbreaks for harm.

"I had already assumed that since T2 was vulnerable to Checkm8, it was toast," says Patrick Wardle, an Apple security researcher at the enterprise management firm Jamf and a former NSA researcher. "There really isn't much that Apple can do to fix it. It's not the end of the world, but this chip, which was supposed to provide all this extra security, is now pretty much moot."

Wardle points out that for companies that manage their devices using Apple's Activation Lock and Find My features, the jailbreak could be particularly problematic both in terms of possible device theft and other insider threats. And he notes that the jailbreak tool could be a valuable jumping off point for attackers looking to take a shortcut to developing potentially powerful attacks. "You likely could weaponize this and create a lovely in-memory implant that, by design, disappears on reboot," he says. This means that the malware would run without leaving a trace on the hard drive and would be difficult for victims to track down.

The situation raises much deeper issues, though, with the basic approach of using a special, trusted chip to secure other processes. Beyond Apple's T2, numerous other tech vendors have tried this approach and had their secure enclaves defeated, including Intel, Cisco, and Samsung.

"Building in hardware 'security' mechanisms is just always a double-edged sword," says Ang Cui, founder of the embedded device security firm Red Balloon. "If an attacker is able to own the secure hardware mechanism, the defender usually loses more than they would have if they had built no hardware. It's a smart design in theory, but in the real world it usually backfires."

In this case, you'd likely have to be a very high-value target to register any real alarm. But hardware-based security measures do create a single point of failure that the most important data and systems rely on. Even if the Checkra1n jailbreak doesn't provide unlimited access for attackers, it gives them more than anyone would want.
https://www.wired.com/story/apple-t2...jailbreak-mac/





Five Eyes Governments, India, and Japan Make New Call for Encryption Backdoors

Another Five Eyes meeting, another call for encryption backdoors in modern tech.
Catalin Cimpanu

Members of the intelligence-sharing alliance Five Eyes, along with government representatives for Japan and India, have published a statement over the weekend calling on tech companies to come up with a solution for law enforcement to access end-to-end encrypted communications.

The statement is the alliance's latest effort to get tech companies to agree to encryption backdoors.

The Five Eyes alliance, comprised of the US, the UK, Canada, Australia, and New Zealand, have made similar calls to tech giants in 2018 and 2019, respectively.

Just like before, government officials claim tech companies have put themselves in a corner by incorporating end-to-end encryption (E2EE) into their products.

If properly implemented, E2EE lets users have secure conversations — may them be chat, audio, or video — without sharing the encryption key with the tech companies.

Representatives from the seven governments argue that the way E2EE encryption is currently supported on today's major tech platforms prohibits law enforcement from investigating crime rings, but also the tech platforms themselves from enforcing their own terms of service.

Signatories argue that "particular implementations of encryption technology" are currently posing challenges to law enforcement investigations, as the tech platforms themselves can't access some communications and provide needed data to investigators.

This, in turn, allows a safe haven for criminal activity and puts the safety of "highly vulnerable members of our societies like sexually exploited children" in danger, officials argued.

"We call on technology companies to work with governments to take the following steps, focused on reasonable, technically feasible solutions," the seven governments said in a press release.

• "Embed the safety of the public in system designs, thereby enabling companies to act against illegal content and activity effectively with no reduction to safety, and facilitating the investigation and prosecution of offences and safeguarding the vulnerable;
• "Enable law enforcement access to content in a readable and usable format where an authorisation is lawfully issued, is necessary and proportionate, and is subject to strong safeguards and oversight; and
• "Engage in consultation with governments and other stakeholders to facilitate legal access in a way that is substantive and genuinely influences design decisions."

Officials said they are committed to working with tech companies on developing a solution that allows users to continue using secure, encrypted communications, but also allows law enforcement and tech companies to crack down on criminal activity.

The seven governments called for encryption backdoors not only in encrypted instant messaging applications, but also for "device encryption, custom encrypted applications, and encryption across integrated platforms."

In December 2018, Australia was the first major democratic country to introduce an encryption-busting law.

Similar efforts have also taken place in the US and Europe, but were less successful, primarily due to opposition from either tech companies, non-profits, or the general public.

However, pressure has been mounting in recent years as western governments seek to reach intelligence-gathering parity with China.
https://www.zdnet.com/article/five-e...ion-backdoors/

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

October 10th, October 3rd, September 26th, September 19th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
__________________
Thanks For Sharing
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 05:47 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)