Sunday, April 22, 2018

Many Lenovo P2 owners are unable to unlock the bootloader, Lenovo is investigating

The Lenovo P2 was launched near the end of 2016. It featured a 5.5″ FHD screen with the power-efficient Qualcomm Snapdragon 625, but what made the phone most appealing was its massive 5,100mAh battery which is somewhat of a rarity these days. It launched with Android 6.0 Marshmallow and was officially updated to Android 7.0 Nougat, but it’s unlikely that the device will receive Android Oreo. For current owners of the device who want to get away from Lenovo’s software, the P2 has an official LineageOS 14.1 ROM that can be flashed. However, there’s just one significant problem that has plagued many Lenovo P2 owners for around a year: an inability to unlock the bootloader.

Unlocking the bootloader is required to flash a custom ROM because you need to disable the bootloader’s boot signature verification if you want to flash a custom boot image, such as the one that comes with any AOSP-based ROM like LineageOS. Typically, the process involves enabling “OEM unlocking” in Developer Options and then running the “fastboot oem unlock” command (with or without an unlock code, depending on the device) in the bootloader.

For the Lenovo P2, when you try to enable OEM unlocking you have to first accept some terms that state you will be voiding the warranty by unlocking the bootloader. If you accept those terms, you can then login with your Lenovo account and then you’re forced to wait for 14 days before Lenovo’s servers register your device so you can unlock the bootloader. However, as many people on the official Lenovo P2 forums have discovered, they are unable to register for the bootloader unlock waiting period because of an error that says their Lenovo ID email address hasn’t been verified (even though it has.)

Lenovo P2 Bootloader Unlock

Lenovo P2 Bootloader Unlock Error. Credits: phanigondi95

After nearly a year of complaints, it seems that the company is finally investigating the problem. Last week, a “Senior MotoAgent” posted a comment on the forums stating that the company is looking into the issue. No updates on the issue have been posted since that comment, so we’ll have to wait and see what’s been going on. We certainly hope that Lenovo isn’t intentionally blocking bootloader unlocking to prevent users from flashing custom ROMs. If it was intentional, perhaps to prevent users from disabling certain pre-installed apps (which can easily be done without root by the way), then that would be a silly move on their part.

Given the error message, it’s likely just a glitch with their system, though I can’t help but say that forcing users to wait for 14 days just for their servers to whitelist a device is really unnecessary. Other companies such as Xiaomi implement mandatory waiting periods, and it does nothing but annoy users. We hope this issue is resolved quickly by Lenovo.

Via /u/98432uhefbdfir

British Schoolboy Who Hacked CIA Director Gets 2-Year Prison Term

The British teenager who managed to hack into the online accounts of several high-profile US government employees sentenced to two years in prison on Friday.

Kane Gamble, now 18, hacked into email accounts of former CIA director John Brennan, former Director of National Intelligence James Clapper, former FBI Deputy Director Mark Giuliano, and other senior FBI officials—all from his parent’s home in Leicestershire.

Gamble, who went by the online alias Cracka, was just 15 at the time of carrying out those attacks and was the alleged founder of a hacking group calling themselves Crackas With Attitude (CWA).

The notorious pro-Palestinian hacking group carried out a series of embarrassing attacks against U.S. intelligence officials and leaked personal details of 20,000 FBI agents, 9,000 officers from Department of Homeland Security, and some number of DoJ staffers in 2015.

The teenager was arrested in February 2016 at his home in Coalville and pleaded guilty to 8 charges last October of “performing a function with intent to secure unauthorised access” and 2 charges of “unauthorised modification of computer material.”

On Friday afternoon in the Old Bailey central criminal court in London, Gamble was finally sentenced after his first sentencing hearing in January was postponed, and the judge ruled that he’ll have to serve 2 years at a youth detention center, BBC reported.

While Gamble’s defence said he was “naive” and never meant to “harm” any individuals during the court hearing, the judge said he carried out “an extremely nasty campaign of politically-motivated cyber terrorism.”

Between June 2015 and February 2016, Gamble posed as Brennan and tricked call center and helpline staff into giving away broadband and cable passwords, using which his team also gained access to extremely sensitive documents for intelligence operations in Afghanistan and Iran.

Besides hacking into their networks, Gamble also taunted his victims and their families, bombarded them with calls and messages, released their personal details, downloaded and installed porn onto their computers and took control of their iPads and TV screens.

Gamble even made hoax calls to Brennan’s home and took control of his wife’s iPad. At one point, he also sent DHS secretary Johnson a photograph of his daughter and said he would f*** her.

Gamble also phoned Mr. Johnson’s wife, leaving a disturbing voicemail message which said: “Hi Spooky, am I scaring you?,” and even managed to display the message “I own you” on the couple’s home television.

Gamble said he targeted the US government because he was “getting more and more annoyed about how corrupt and cold-blooded the US Government” was and “decided to do something about it.”

According to previous reports, Gamble is suffering from an autistic spectrum disorder, and at the time of his offending, he had the mental development of a 12 or 13-year-old.

Gamble’s defence had argued court on Friday for a suspended sentence, so he can sit his GCSEs in June and read computer science studies at university to pursue a “useful” career.

Two other members of Crackas With Attitude—Andrew Otto Boggs and Justin Gray Liverman—were arrested by FBI in September 2016 and had already been sentenced to two and five years in federal prison respectively.

Source link

Development of eSIM standard halted after allegations arise that AT&T and Verizon colluded to sabotage it

In yet another example of why American consumers have such little faith in AT&T and Verizon Wireless, the two companies are being investigated by the U.S. Department of Justice over whether they colluded to sabotage the eSIM standard. An embedded SIM, or eSIM, is a standardized SIM chip that allows users to switch between carriers without changing a SIM card. eSIMs are commonly found in smartwatches but have recently been added to a few smartphones such as the Google Pixel 2. The main benefit of eSIM technology is consumer freedom, which is exactly why certain telecommunication carriers have allegedly sought to block its adoption.

According to the NYTimes, AT&T and Verizon have been accused of working with the GSM Association (GSMA), the organization that is responsible for standardizing the technology used in the mobile telecommunications industry, to “establish standards that would allow them to lock a device to their network even if it had eSIM technology.” The development of such a standard would be antithetical to the benefits of an embedded SIM, and if passed, would effectively sabotage the technology which is poised to be the successor to the SIM card. The NYTimes report claims that the Department of Justice opened an investigation into the alleged collusion after an unnamed carrier and Apple filed a formal complaint.

Representatives from Verizon Wireless and AT&T acknowledged the inquiry by the Justice Department, with a Verizon spokesman telling the NYTimes that the issue was “much ado about nothing.” When reached for comment, the GSMA confirmed the development of the new eSIM standard that would allow for locking a device to a network. The GSMA has issued a statement in response to the story which announced that the organization has halted development of the eSIM standard until the ongoing investigation is completed.

The GSMA is a powerful standard-setting organization. The organization is responsible for creating the Universal Profile for Rich Communication Services (RCS), which is the underlying technology for the new ‘Chat‘ standard by Google. If the allegations against the two largest mobile carriers in the U.S. are true, then the future of eSIM technology may be in jeopardy. In a private meeting, Verizon is said to have called for the changes to the eSIM standard to “prevent theft and fraud.” In my view, if that truly was their reasoning, then there wouldn’t be a need to develop these changes to the eSIM standard in secret. Given the optics of such a change, however, it’s possible that the companies didn’t want to seem to be behind such changes even if it was for consumer protection. We’ll have to wait for the conclusion of the investigation by the U.S. Department of Justice before we pass judgment, though.

Feature image: Embedded SIM in the Google Pixel 2 XL from iFixit’s teardown.

Saturday, April 21, 2018

Xiaomi Mi Mix 2, Motorola Moto E4 Plus, and Telekom Puls now support official TWRP

Team Win Recovery Project (TWRP) is the most popular custom recovery for Android devices. Having TWRP support (or another comparable custom recovery) is a necessity for the health of a custom ROM scene. Without a custom recovery, it would be risky for users to flash any custom ROMs, acquire root access by modifying the boot image, and difficult to install modifications because of the ease of custom scripts. Many devices receive an unofficial build of TWRP shortly after a device is released and kernel source code is made available. Having an unofficial build become official signals that the maintainer is committed to keeping the recovery up to date with the latest changes in TWRP and that the build will be made available on the official website. The latest devices added to the official roster include the Xiaomi Mi Mix 2, the MediaTek variant of the Motorola Moto E4 Plus, and the Alcatel Telekom Puls.

You can visit the official XDA forums for some of the mentioned devices below.

Xiaomi Mi Mix 2 Forum

Motorola Moto E4 Plus Forum

If you are interested in downloading and installing the builds, check out the official webpages with the download links down below or download the official app via the Play Store to download and flash the build if you already have root access.

Download TWRP for the Xiaomi Mi Mix 2

Download TWRP for the MediaTek Motorola Moto E4 Plus

Download TWRP for the Telekom Puls

Official TWRP App (Free+, Google Play) →

The custom recovery will also soon officially support the Planet Computers Gemini PDA according to the latest commits to the website which have yet to be merged. If we spot more devices added to the TWRP roster, we will let you know about them here on XDA.

Samsung Galaxy S9/S9+ (Exynos), Nvidia Shield Android TV, and Xiaomi Mi Note 2 now support LineageOS 15.1

Custom ROMs may not be as popular as they used to be, but that doesn’t mean there isn’t still a huge audience for them. ROMs such as the popular LineageOS are available for a range of devices such as years-old budget devices and even more recent flagship devices. We’ve been tracking any new devices that are added to the official LineageOS roster, and now feel it’s time to update our readers on the latest additions. The Nvidia Shield Android TV was upgraded from official LineageOS 14.1 to LineageOS 15.1 whereas the Xiaomi Mi Note 2 and the Exynos Samsung Galaxy S9 and Galaxy S9+ are new additions to LineageOS.

The highly anticipated custom ROM was only recently released for a few devices, but its roster has been steadily growing over time. The strict requirements under the Device Support Requirements Charter has resulted in maintainers working hard to make sure their builds are up to the team’s standards before they release official Android 8.1 Oreo-based builds. Thus, the addition of these builds to the official roster means you can expect pretty decent compatibility with all basic hardware unless otherwise noted. Check out the official wiki pages for each device below to learn more.

Samsung Galaxy S9 (Exynos) Wiki Page
Samsung Galaxy S9+ (Exynos) Wiki Page
Nvidia Shield Android TV Wiki Page
Xiaomi Mi Note 2 Wiki Page

We’ve linked the download pages for each device below. Keep in mind that since the Galaxy S9/S9+ and Mi Note 2 were only recently added to the build roster, the download pages aren’t live yet. The builds for these devices will be made available starting Monday, so keep an eye out on the pages for when it goes live.

Samsung Galaxy S9 (Exynos) Download Page
Samsung Galaxy S9+ (Exynos) Download Page
Nvidia Shield Android TV Download Page
Xiaomi Mi Note 2 Download Page

Lastly, we highly recommend that you join the official XDA forums for each of these devices. It’s one of the best ways to stay up to date with all the latest news about your device. Official LineageOS threads are often created by the device maintainer, too, providing you with a way to leave feedback and converse with other users about your experiences with the ROM.

Samsung Galaxy S9 (Exynos) Forum
Samsung Galaxy S9+ (Exynos) Forum
Nvidia Shield Android TV Forum
Xiaomi Mi Note 2 Forum

Flaw in LinkedIn AutoFill Plugin Lets Third-Party Sites Steal Your Data

Not just Facebook, a new vulnerability discovered in Linkedin’s popular AutoFill functionality found leaking its users’ sensitive information to third party websites without the user even knowing about it.

LinkedIn provides an AutoFill plugin for a long time that other websites can use to let LinkedIn users quickly fill in profile data, including their full name, phone number, email address, ZIP code, company and job title, with a single click.

In general, the AutoFill button only works on specifically “whitelisted websites,” but 18-year-old security researcher Jack Cable of Lightning Security said it is not just the case.

Cable discovered that the feature was plagued with a simple yet important security vulnerability that potentially enabled any website (scrapers) secretly harvest user profile data and the user would not even realize of the event.

A legitimate website would likely place a AutoFill button near the fields the button can fill, but according to Cable, an attacker could secretly use the AutoFill feature on his website by changing its properties to spread the button across the entire web page and then make it invisible.

Since the AutoFill button is invisible, users clicking anywhere on the website would trigger AutoFill, eventually sending all of their public as well as private data requested to the malicious website, Cable explains.

Here’s How attackers can exploit the LinkedIn Flaw:

  • User visits the malicious website, which loads the LinkedIn AutoFill button iframe.
  • The iframe is styled in a way that it takes up the entire page and is invisible to the user.
  • The user then clicks anywhere on that page, and LinkedIn interprets this as the AutoFill button being pressed and sends the users’ data via postMessage to the malicious site.

Cable discovered the vulnerability on April 9th and immediately disclosed it to LinkedIn. The company issued a temporary fix the next day without informing the public of the issue.

The fix only restricted the use of LinkedIn’s AutoFill feature to whitelisted websites only who pay LinkedIn to host their advertisements, but Cable argued that the patch was incomplete and still left the feature open to abuse as whitelisted sites still could have collected user data.

Besides this, if any of the sites whitelisted by LinkedIn gets compromised, the AutoFill feature could be abused to send the collected data to malicious third-parties.

To demonstrate the issue, Cable also built a proof-of-concept test page, which shows how a website can grab your first and last name, email address, employer, and location.

Since a complete fix for the vulnerability was rolled out by LinkedIn on April 19, the above demo page might not work for you now.

“We immediately prevented unauthorized use of this feature, once we were made aware of the issue. We are now pushing another fix that will address potential additional abuse cases, and it will be in place shortly,” the company said in a statement. 

“While we’ve seen no signs of abuse, we’re constantly working to ensure our members’ data stays protected. We appreciate the researcher responsible reporting this, and our security team will continue to stay in touch with them.”

Although the vulnerability is not at all a sophisticated or critical one, given the recent Cambridge Analytica scandal wherein data of over 87 million Facebook users was exposed, such security loopholes can pose a serious threat not only to the customers but also the company itself.

Source link

Mother's early menopause can affect daughter's fertility

Representational picture

Mother's premature menopause can affect her daughter's fertility and is known as hereditary infertility.

Menopause is the time that marks the end of the menstrual cycle due to the natural depletion of ovarian oocytes from ageing.

The transition to menopause usually starts in 40's. But if it happens early, medically stated as premature menopause, it can lead to mood swings and irritability.

Most women have to also cope up with the additional physical and emotional concerns.

Dr. Anubha Singh, Gynecologist and IVF Expert explained this and said ¿A mother¿s menopausal age holds vital clues to the daughter¿s fertility. Mothers who experience early menopause have daughters with compromised levels of the hormones needed for ovulation and egg reserve indication.¿

"Menopause seems accelerated in women whose mothers experienced early menopause or premature ovarian failure" added Dr. Anubha Singh.

Symptoms of premature menopause are often the same as those experienced by women undergoing natural menopause and may include, vaginal dryness, irregular periods, sleeplessness and crying spells.

"Women who delay motherhood till the late 30s often face infertility. Diminished or rapidly depleting egg reserve is one of the causes of infertility among young females. Young women are increasingly experiencing premature ovarian failure (POF), with the incidence of POF among women below 40 years of age at 1 percent," said another IVF Expert, Dr. Shobha Gupta.

Majorly, two tests are recommended to diagnose infertility, Anti-Mullerian Hormone (AMH) test and Antral Follicle count (AFC).

A woman's natural reproductive journey progresses through puberty, fertility, reduced fertility or sub-fertility, the transition towards menopause and, finally, menopause.

Catch up on all the latest Mumbai news, crime news, current affairs, and also a complete guide on Mumbai from food to things to do and events across the city here. Also download the new mid-day Android and iOS apps to get latest updates

This story has been sourced from a third party syndicated feed, agencies. Mid-day accepts no responsibility or liability for its dependability, trustworthiness, reliability and data of the text. Mid-day management/ reserves the sole right to alter, delete or remove (without notice) the content in its absolute discretion for any reason whatsoever


Popular Posts