An anonymous reader writes: By leveraging security flaws in the Tesla Android app, an attacker can steal Tesla cars. The only hard part is tricking Tesla owners into installing an Android app on their phones, which isn’t that difficult according to a demo video from Norwegian firm Promon. This malicious app can use many of the freely available Android rooting exploits to take over the user’s phone, steal the OAuth token from the Tesla app and the user’s login credentials. This is possible because the Tesla Android app stores the OAuth token in cleartext, and contains no reverse-engineering protection, allowing attackers to alter the app’s source code and log user credentials. The OAuth token and Tesla owner’s password allow an attacker to perform a variety of actions, such as opening the car’s doors and starting the motor. Read more of this story at Slashdot.
Read the article:
Android Malware Used To Hack and Steal Tesla Car
After six months of development, Ubuntu 16.10, the latest stable release of the world’s most popular desktop Linux distro, is now available to download. The ISO image file of Ubuntu 16.10 is a little larger (up from 1.4GB to 1.5GB). OMGUbuntu talks about the new features (condensed): Ubuntu 16.10 is not a big update over Ubuntu 16.04 LTS, released back in April. If you were hoping it’d be a compelling or must-have upgrade you’ll be sadly disappointed. There are a number of small improvements to the Unity desktop and the Compiz window manager that powers it. Improvements that help everything work that little bit faster, and that little bit smoother. Ubuntu 16.10 also performs better in virtual machines thanks to the new Unity Low Graphics Mode. An all-new version of the Nautilus file manager also features, and is packed with some significant UI and UX differences. Plus, as always, there’s a newer Linux kernel to enjoy. Read more of this story at Slashdot. 
An anonymous reader quotes a report from Ars Technica: For the better part of a day, KrebsOnSecurity, arguably the world’s most intrepid source of security news, has been silenced, presumably by a handful of individuals who didn’t like a recent series of exposes reporter Brian Krebs wrote. The incident, and the record-breaking data assault that brought it on, open a troubling new chapter in the short history of the Internet. The crippling distributed denial-of-service attacks started shortly after Krebs published stories stemming from the hack of a DDoS-for-hire service known as vDOS. The first article analyzed leaked data that identified some of the previously anonymous people closely tied to vDOS. It documented how they took in more than $600, 000 in two years by knocking other sites offline. A few days later, Krebs ran a follow-up piece detailing the arrests of two men who allegedly ran the service. A third post in the series is here. On Thursday morning, exactly two weeks after Krebs published his first post, he reported that a sustained attack was bombarding his site with as much as 620 gigabits per second of junk data. That staggering amount of data is among the biggest ever recorded. Krebs was able to stay online thanks to the generosity of Akamai, a network provider that supplied DDoS mitigation services to him for free. The attack showed no signs of waning as the day wore on. Some indications suggest it may have grown stronger. At 4 pm, Akamai gave Krebs two hours’ notice that it would no longer assume the considerable cost of defending KrebsOnSecurity. Krebs opted to shut down the site to prevent collateral damage hitting his service provider and its customers. The assault against KrebsOnSecurity represents a much greater threat for at least two reasons. First, it’s twice the size. Second and more significant, unlike the Spamhaus attacks, the staggering volume of bandwidth doesn’t rely on misconfigured domain name system servers which, in the big picture, can be remedied with relative ease. The attackers used Internet-of-things devices since they’re always-connected and easy to “remotely commandeer by people who turn them into digital cannons that spray the internet with shrapnel.” “The biggest threats as far as I’m concerned in terms of censorship come from these ginormous weapons these guys are building, ” Krebs said. “The idea that tools that used to be exclusively in the hands of nation states are now in the hands of individual actors, it’s kind of like the specter of a James Bond movie.” While Krebs could retain a DDoS mitigation service, it would cost him between $100, 000 and $200, 000 per year for the type of protection he needs, which is more than he can afford. What’s especially troubling is that this attack can happen to many other websites, not just KrebsOnSecurity. Read more of this story at Slashdot. 
An anonymous reader quotes a report from Digital Trends: Among the 100 new products the company founder James Dyson wants to invent by 2020, the greatest investment in people and money is to improve rechargeable lithium-ion batteries, as reported by Forbes (Warning: paywalled). And Dyson is not planning incremental improvements. His opinion is that current Li-ion batteries don’t last long enough and aren’t safe enough — the latter as evidenced by their propensity to spontaneously catch on fire, which is rare but does happen. Dyson believes the answer lies in using ceramics to create solid-state lithium-ion batteries. Dyson says he intended to spend $1.4 billion in research and development and in building a battery factory over the next five years. Last year Dyson bought Ann Arbor, Michigan-based Sakti3, which focuses on creating advanced solid-state batteries, for $90 million. The global lithium-ion battery market accounts for $40 billion in annual sales, according to research firm Lux as cited by Forbes. Dyson’s company (which is an accurate description since he has 100-percent ownership) currently employs 3, 000 engineers worldwide. He intends to hire another 3, 000 by 2020. Their average age is 26. Dyson values young engineers, saying, “The enthusiasm and lack of fear is important. Not taking notice of experts and plowing on because you believe in something is important. It’s much easier to do when you’re young.” Read more of this story at Slashdot.