• Jo chevron_right

    Cybersécurité : Le Royaume-Uni interdit les mots de passe universels / JournalDuGeek · Friday, 26 November - 13:00


Le Royaume-Uni s'attaque à la sécurité des objets connectés; l'industrie va désormais devoir être plus transparente, mais aussi abandonner les identifiants universels par défaut.

Cybersécurité : Le Royaume-Uni interdit les mots de passe universels

  • Sp chevron_right

    Spamhaus: When doorbells go rogue! / spam_resource · Thursday, 21 October - 12:00

From Spamhaus: Here's a bonkers tale about a spamming doorbell . Oof, crappy "internet of things" devices are a scourge unto the internet. Alex Grosjean shares this very interesting story of tracking down where the spam was coming from on a home broadband subscriber's network. And why ISPs ought to be blocking port 25. And why IOT devices need to be more secure.

[ H/T: Kiersti Esparza and Atro Tossavainen ]

Značky: #spamhaus, #iot, #news, #scary, #botnet, #Network

  • Ga chevron_right

    A new open source operating system for embedded systems: RT-Thread Smart is working to open source the world of IoT and edge computing

    Danie van der Merwe · / gadgeteerza-tech-blog · Saturday, 10 July, 2021 - 11:12

There's a growing demand for embedded operating systems, and it's best when the one you build upon is open source. The RT-Thread project's R&D team has spent three years of research and intensive development to arrive at the project's latest offering: RT-Thread Smart. It is a microkernel operating system aimed primarily at midrange to high-end processors such as RISC-V with a memory management unit (MMU) and provides a competitive software platform for all industries in the embedded space.

RT-Thread Smart is a professional, high-performance, microkernel operating system for real-time applications. It offers an open source foundation for embedded devices in any market, including security (e.g., internet protocol cameras), industrial control, onboard devices, consumer electronics, and anything else using embedded technology (which is increasingly coming to mean "everything"). It's significant because, unlike traditional IoT operating systems, a microkernel operating system can fill the gap between a traditional real-time operating system (RTOS) and a comparatively large operating system like Linux to achieve the best balance between real-time performance, cost, security, startup speed, and more.


#technology #opensource #IoT #embeddedsystems

  • Ar chevron_right

    Samsung will shut down the v1 SmartThings hub this month / ArsTechnica · Thursday, 3 June, 2021 - 18:29 · 1 minute

A featureless, white electronic device.

Enlarge / The v1 SmartThings Hub from 2013. It's dying at the end of the month. (credit: Samsung )

Samsung has spent the last year or so upending its SmartThings ecosystem . SmartThings was born as an independent company in 2012 when it launched one of the largest Kickstarter campaigns ever: a $1.2 million funding program for the company's first smart home hub. Samsung bought SmartThings in 2014, and in June 2020, the Korean giant announced a plan that would basically shut down all of that acquired stuff, forcing everyone over to in-house Samsung infrastructure. A big part of that plan is happening at the end of the month, when Samsung will kill the first-generation SmartThings Hub.

The SmartThings Hub is basically a Wi-Fi access point—but for your smart home stuff instead of your phones and laptops. Instead of Wi-Fi, SmartThings is the access point for a Zigbee and Z-Wave network, two ultra low-power mesh networks used by smart home devices. Wi-Fi is great for loading webpages and videos, but it's extreme overkill for something like a light switch or door sensor, which just needs to send a few bits for "on or off" or "open or closed." Zigbee and Z-Wave are so low-power that you can run these devices on AA or coin cell batteries for months. The Hub connected your smart home network to the Internet, giving you access to a control app and connecting to other services like your favorite voice assistant.

You might imagine that killing the old hub could be seen as a ploy to sell more hardware, but Samsung—a hardware company—is actually no longer interested in making SmartThings hardware. The company passed off hub manufacturing for the latest "SmartThings Hub (v3)" to German Internet-of-things company Aeotec. The new hub is normally $125, but Samsung has been generous enough to offer existing users a dirt-cheat $35 upgrade price.

Read 3 remaining paragraphs | Comments

  • Be chevron_right

    XMPP for IoT: Visualisation of Meteorological Live Data for Renewable Energy

    debacle · / berlin-xmpp-meetup · Tuesday, 11 May, 2021 - 15:29 edit

Dan and Tim will present a beautiful web application based on Strophe.js and Flot.js to visualise live measuremen data transmitted via XMPP PubSub/PEP. This is not about instant messaging at all, this is IoT, but security included.

When? Wednesday, 2021-05-12 18:00 CEST (always 2ⁿᵈ Wednesday of every month)

Where? Online, via our MUC ( A Jitsi video conference will be announced there.

See you then!

#jabber #berlin #meetup #community #xmpp #iot #webapplication #javascript #strophejs #flotjs #pubsub #pep #security #renewableenergy

  • Ar chevron_right

    They hacked McDonald’s ice cream machines—and started a cold war / ArsTechnica · Wednesday, 21 April, 2021 - 17:45

The lure of frozen deliciousness that led to uncovering insane techno craziness.

Enlarge / The lure of frozen deliciousness that led to uncovering insane techno craziness. (credit: NurPhoto | Getty Images)

Of all the mysteries and injustices of the McDonald’s ice cream machine, the one that Jeremy O’Sullivan insists you understand first is its secret passcode.

Press the cone icon on the screen of the Taylor C602 digital ice cream machine, he explains, then tap the buttons that show a snowflake and a milkshake to set the digits on the screen to 5, then 2, then 3, then 1. After that precise series of no fewer than 16 button presses, a menu magically unlocks. Only with this cheat code can you access the machine’s vital signs: everything from the viscosity setting for its milk and sugar ingredients to the temperature of the glycol flowing through its heating element to the meanings of its many sphinxlike error messages.

“No one at McDonald’s or Taylor will explain why there’s a secret, undisclosed menu," O’Sullivan wrote in one of the first, cryptic text messages I received from him earlier this year.

Read 81 remaining paragraphs | Comments

  • Ar chevron_right

    100 million more IoT devices are exposed—and they won’t be the last / ArsTechnica · Wednesday, 14 April, 2021 - 14:04 · 1 minute

100 million more IoT devices are exposed—and they won’t be the last

Enlarge (credit: Elena Lacey)

Over the last few years, researchers have found a shocking number of vulnerabilities in seemingly basic code that underpins how devices communicate with the Internet. Now a new set of nine such vulnerabilities are exposing an estimated 100 million devices worldwide, including an array of Internet-of-things products and IT management servers. The larger question researchers are scrambling to answer, though, is how to spur substantive changes—and implement effective defenses—as more and more of these types of vulnerabilities pile up.

Dubbed Name:Wreck , the newly disclosed flaws are in four ubiquitous TCP/IP stacks, code that integrates network communication protocols to establish connections between devices and the Internet. The vulnerabilities, present in operating systems like the open source project FreeBSD, as well as Nucleus NET from the industrial control firm Siemens, all relate to how these stacks implement the “Domain Name System” Internet phone book. They all would allow an attacker to either crash a device and take it offline or gain control of it remotely. Both of these attacks could potentially wreak havoc in a network, especially in critical infrastructure, health care, or manufacturing settings where infiltrating a connected device or IT server can disrupt a whole system or serve as a valuable jumping-off point for burrowing deeper into a victim's network.

Read 12 remaining paragraphs | Comments