close
  • chevron_right

    Gear from Netgear, Linksys, and 200 others has unpatched DNS poisoning flaw

    news.movim.eu / ArsTechnica · Tuesday, 3 May - 21:15

Gear from Netgear, Linksys, and 200 others has unpatched DNS poisoning flaw

Enlarge (credit: Getty Images)

Hardware and software makers are scrambling to determine if their wares suffer from a critical vulnerability recently discovered in third-party code libraries used by hundreds of vendors, including Netgear, Linksys, Axis, and the Gentoo embedded Linux distribution.

The flaw makes it possible for hackers with access to the connection between an affected device and the Internet to poison DNS requests used to translate domains to IP addresses, researchers from security firm Nozomi Networks said Monday . By feeding a vulnerable device fraudulent IP addresses repeatedly, the hackers can force end users to connect to malicious servers that pose as Google or another trusted site.

The vulnerability, which was disclosed to vendors in January and went public on Monday, resides in uClibc and uClibc fork uClibc-ng , both of which provide alternatives to the standard C library for embedded Linux. Nozomi said 200 vendors incorporate at least one of the libraries into wares that, according to the uClibc-ng maintainer , include the following:

Read 10 remaining paragraphs | Comments

  • Ga chevron_right

    Insteon looks dead - just like its users’ smart homes - Always try to use open standards for cloud based IoT, so you're not left stranded

    Danie van der Merwe · news.movim.eu / gadgeteerza-tech-blog · Monday, 18 April - 20:09

The smart home company Insteon has vanished. The entire company seems to have abruptly shut down just before the weekend, breaking users' cloud-dependent smart-home setups without warning. Users say the service has been down for three days now, despite the company status page saying, "All Services Online." The company forums are down, and no one is replying to users on social media.

Insteon is (or, more likely, "was") a smart home company that produced a variety of Internet-connected lights, thermostats, plugs, sensors, and of course, the Insteon Hub. At the core of the company was Insteon's propriety networking protocol, which was a competitor to more popular and licensable alternatives like Z-Wave and Zigbee.

A proprietary protocol can often mean your device is a useless paperweight if the company which owns it goes bust. Open standards like MQTT however mean other support exists to continue using your devices, for example, on Home Assistant and other open smart home services. More and more we are seeing companies close down, leaving consumers stranded, so it is imperative to instead choose to buy products which support open standards.

See https://arstechnica.com/gadgets/2022/04/shameful-insteon-looks-dead-just-like-its-users-smart-homes/

#technology #openstandards #smarthome #MQTT #IoT

  • chevron_right

    How SoftBank’s costly bet on the “Internet of things” backfired at Arm

    news.movim.eu / ArsTechnica · Tuesday, 15 February - 14:37

Components manufactured by ARM Holdings Plc sit inside a demonstration ARMmbed parking meter on display on the second day of Mobile World Congress (MWC) in Barcelona, Spain, on Tuesday, Feb. 28, 2017.

Enlarge / Components manufactured by ARM Holdings Plc sit inside a demonstration ARMmbed parking meter on display on the second day of Mobile World Congress (MWC) in Barcelona, Spain, on Tuesday, Feb. 28, 2017. (credit: Bloomberg | Getty Images)

As Masayoshi Son tried to persuade investors of the wisdom of purchasing one of the most successful chip companies in the world in 2016, the SoftBank chief had one clear message: “For the era of the ‘Internet of things’, I think the champion will be Arm.”

But the concept of connecting billions of everyday and industrial devices to the Internet has been much slower than anticipated to materialize.

Son’s drive to capture the chip design market for the Internet of things (IoT) was the first bet he made on Arm that has not paid off. The second was a $66 billion sale of the company to Nvidia that unraveled last week.

Read 17 remaining paragraphs | Comments

index?i=gaaBDKx_H3U:x8TXC5TOxQc:V_sGLiPBpWUindex?i=gaaBDKx_H3U:x8TXC5TOxQc:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • chevron_right

    Cybersécurité : Le Royaume-Uni interdit les mots de passe universels

    news.movim.eu / JournalDuGeek · Friday, 26 November, 2021 - 13:00

objconn-158x105.jpg

Le Royaume-Uni s'attaque à la sécurité des objets connectés; l'industrie va désormais devoir être plus transparente, mais aussi abandonner les identifiants universels par défaut.

Cybersécurité : Le Royaume-Uni interdit les mots de passe universels

  • Sp chevron_right

    Spamhaus: When doorbells go rogue!

    pubsub.slavino.sk / spam_resource · Thursday, 21 October, 2021 - 12:00

From Spamhaus: Here's a bonkers tale about a spamming doorbell . Oof, crappy "internet of things" devices are a scourge unto the internet. Alex Grosjean shares this very interesting story of tracking down where the spam was coming from on a home broadband subscriber's network. And why ISPs ought to be blocking port 25. And why IOT devices need to be more secure.

[ H/T: Kiersti Esparza and Atro Tossavainen ]


Značky: #spamhaus, #iot, #news, #scary, #botnet, #Network

  • Ga chevron_right

    A new open source operating system for embedded systems: RT-Thread Smart is working to open source the world of IoT and edge computing

    Danie van der Merwe · news.movim.eu / gadgeteerza-tech-blog · Saturday, 10 July, 2021 - 11:12

There's a growing demand for embedded operating systems, and it's best when the one you build upon is open source. The RT-Thread project's R&D team has spent three years of research and intensive development to arrive at the project's latest offering: RT-Thread Smart. It is a microkernel operating system aimed primarily at midrange to high-end processors such as RISC-V with a memory management unit (MMU) and provides a competitive software platform for all industries in the embedded space.

RT-Thread Smart is a professional, high-performance, microkernel operating system for real-time applications. It offers an open source foundation for embedded devices in any market, including security (e.g., internet protocol cameras), industrial control, onboard devices, consumer electronics, and anything else using embedded technology (which is increasingly coming to mean "everything"). It's significant because, unlike traditional IoT operating systems, a microkernel operating system can fill the gap between a traditional real-time operating system (RTOS) and a comparatively large operating system like Linux to achieve the best balance between real-time performance, cost, security, startup speed, and more.

See https://opensource.com/article/21/7/rt-thread-smart

#technology #opensource #IoT #embeddedsystems

  • chevron_right

    Samsung will shut down the v1 SmartThings hub this month

    news.movim.eu / ArsTechnica · Thursday, 3 June, 2021 - 18:29 · 1 minute

A featureless, white electronic device.

Enlarge / The v1 SmartThings Hub from 2013. It's dying at the end of the month. (credit: Samsung )

Samsung has spent the last year or so upending its SmartThings ecosystem . SmartThings was born as an independent company in 2012 when it launched one of the largest Kickstarter campaigns ever: a $1.2 million funding program for the company's first smart home hub. Samsung bought SmartThings in 2014, and in June 2020, the Korean giant announced a plan that would basically shut down all of that acquired stuff, forcing everyone over to in-house Samsung infrastructure. A big part of that plan is happening at the end of the month, when Samsung will kill the first-generation SmartThings Hub.

The SmartThings Hub is basically a Wi-Fi access point—but for your smart home stuff instead of your phones and laptops. Instead of Wi-Fi, SmartThings is the access point for a Zigbee and Z-Wave network, two ultra low-power mesh networks used by smart home devices. Wi-Fi is great for loading webpages and videos, but it's extreme overkill for something like a light switch or door sensor, which just needs to send a few bits for "on or off" or "open or closed." Zigbee and Z-Wave are so low-power that you can run these devices on AA or coin cell batteries for months. The Hub connected your smart home network to the Internet, giving you access to a control app and connecting to other services like your favorite voice assistant.

You might imagine that killing the old hub could be seen as a ploy to sell more hardware, but Samsung—a hardware company—is actually no longer interested in making SmartThings hardware. The company passed off hub manufacturing for the latest "SmartThings Hub (v3)" to German Internet-of-things company Aeotec. The new hub is normally $125, but Samsung has been generous enough to offer existing users a dirt-cheat $35 upgrade price.

Read 3 remaining paragraphs | Comments

index?i=tv4MRmatDDY:uwh8YTtULcs:V_sGLiPBpWUindex?i=tv4MRmatDDY:uwh8YTtULcs:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • Be chevron_right

    XMPP for IoT: Visualisation of Meteorological Live Data for Renewable Energy

    debacle · pubsub.movim.eu / berlin-xmpp-meetup · Tuesday, 11 May, 2021 - 15:29 edit

Dan and Tim will present a beautiful web application based on Strophe.js and Flot.js to visualise live measuremen data transmitted via XMPP PubSub/PEP. This is not about instant messaging at all, this is IoT, but security included.

When? Wednesday, 2021-05-12 18:00 CEST (always 2ⁿᵈ Wednesday of every month)

Where? Online, via our MUC (xmpp:berlin-meetup@conference.conversations.im?join). A Jitsi video conference will be announced there.

See you then!

#jabber #berlin #meetup #community #xmpp #iot #webapplication #javascript #strophejs #flotjs #pubsub #pep #security #renewableenergy