OpenSSL 3.0 has just been released after three years of development, and over 7,500 commits and contributions from over 350 different authors with a new FIPS module that awaits FIPS 140-2 validation by the end of the year, improved documentation, and a change to an Apache License 2.0. OpenSSL’s reputation took a serious hit in 2014 with the Hearbleed bug that allowed attackers to steal the information protected by the SSL/TLS encryption used for most secure Internet communication. The bug was introduced in 2012, and it took almost two years to be fixed. Yet, despite the fix, many projects switched to other SSL libraries like LibreSSL, WolfSSL, or mbedTLS. But it’s good the project is still very much active, and OpenSSL 3.0 succeeds OpenSSL 1.1.1 released in September 2018. Who knows what OpenSSL 2.0… One of the main changes is support for the Provider concept, and OpenSSL 3.0 comes with […]
OpenWrt 21.02 released with WPA3, HTTPS, TLS enabled by default
OpenWrt 21.02 has just been released with higher security with WPA3, HTTPS & TLS enabled by default, as well as initial support for the Distributed Switch Architecture (DSA), the Linux standard for configurable Ethernet switches. OpenWrt is the most popular open-source Linux distribution for routers and entry-level Linux-capable embedded systems, and the latest release includes over 5800 commits since the release of OpenWrt 19.07 in January 2020. WPA3 was already supported in OpenWrt 19.07, but not enabled by default, OpenWrt 20.02 changes that, together with TLS thanks to trusted CA certificates from Mozilla. That means LuCi interface, wget, opkg package manager can all support HTTPS out-of-the-box. Note that HTTPS redirection can be disabled for LuCI in the configuration files. Another security change is that SELinux is now supported by OpenWrt, but not enabled by default. OpenWrt 21.02’s DSA implementation replaces the current swconfig system, but not all targets have been […]
Realtek AP-Router SDK vulnerabilities could impact millions of routers and IoT devices
The IoT Inspector Research Lab has discovered four high and critical vulnerabilities in the Realtek AP-Router “Jungle” SDK used for RTL819x SoCs that could impact millions of WiFi routers and dongles. An attacker can use a network attack, e.g. without physical access to the device, to generate a buffer or stack overflow helping him access the system and execute his own code. Realtek has released an advisory (PDF) with patchsets for all four vulnerabilities so you should upgrade the firmware if you can. Summary of the four vulnerabilities: CVE-2021-35392 – Realtek Jungle SDK version v2.x up to v3.4.14B provides a ‘WiFi Simple Config’ server called wscd or mini_upnpd that implements both UPnP and SSDP protocols. The server is vulnerable to a heap buffer overflow that is present due to unsafe crafting of SSDP NOTIFY messages from received M-SEARCH messages ST header. CVE-2021-35393 – Also impacts ‘WiFi Simple Config’ server (wscd […]
$23 N6110E NVR supports AI features, 10TB SATA drive, up to 10 video channels
Network video recorders (NRV) typically cost a couple of hundred dollars, but in the past, we noted a low-cost, entry-level NVR with a single Ethernet port may sell for under $50. But now, I’ve been made aware that $20 Linux-based NVR’s had shown up on Aliexpress either based on XM8536D processor, or SigmaStar SSR621Q dual-core Cortex-A7 processor. I’ll look at the N6110E model with the latter that sells for $22.99 plus shipping as it includes an enclosure and is said to support up to 10 channels, as well as AI features such as face & human body detection, “auto tracking” (vehicle tracking?), and mixed-traffic detection. N6110E NVR specifications: SoC – SigmaStar SSR621Q processor/DSP with two Cortex-A7 cores, 256MB DDR3 RAM according to linux-chenxing Video decoding – H.265 , H.264 up to 1x 8MP @ 30 fps, 1x 5MP @ 30 fps, 2x 4MP @ 30fps, 4x 3MP @ 20 fps, […]
Foscam SPC WiFi Spotlight Camera Review – Part1: Unboxing and Teardown
I’ve been reviewing a few IP cameras with built-in AI features with Vacom Cam, Reolink RLC-810A, and Annke CZ400 AI security camera which had by far the most advanced features going beyond human detection with luggage monitoring, line crossing-detection, and many more. Today, I’ve received another model with basic human detection. But Foscam SPC security camera also happens to come with a motion-activated spotlight, and it is the first camera I’ve ever received with support for dual-band WiFi meaning 2.4GHz or 5 GHz WiFi can be used as needed. In the first part of the review, I’ll go through the specs, do an unboxing, and go through teardown photos to check the internals. Foscam SPC key features and specifications Some of the highlights listed in the user manual and package: Camera 4MP camera up to 2560×1440 resolution @ 25 fps, 156° view of view (diagonal) HDR support 2x white LED […]
TPM 2.0 modules quadruple in price, run out of stock following Windows 11 announcement
Microsoft announced Windows 11 with new system requirements that include having hardware with a TPM 2.0 chip. Yesterday, we noted that could be an issue, as not all computers, laptops, and tablets may come with a Trusted Platform Module (TPM), especially if version 2.0 is required. Microsoft explains it’s for a good reason, name improved security, but the requirement has already had an impact on the market, even though Windows 11 is not officially available just yet, as TPM 2.0 modules have quadrupled in price according to a Tweet from Shen Ye, senior director, global head of hardware products for HTC. Note that while the bottom scale shows dates, it only shows dates when the price changes and the price was indeed $24.90 before Microsoft’s announcement, and gradually went up to $99.90 within 12 hours. At the time of writing, that module is out of stock on Amazon. Shen further […]
Software bills of materials (SBOM) could help improve cybersecurity
There have been some widely publicized hacks in recent months including the SolarWinds hack and the Colonial pipeline cyber attack. Those two were particularly costly and disruptive, and the US government issued an executive order that lists some of the requirements to stretch cybersecurity. Since there are many attach vectors, the list of requirements is fairly long, but one that caught my eyes in the “Enhancing Software Supply Chain Security” section reads as follows: (vii) providing a purchaser a Software Bill of Materials (SBOM) for each product directly or by publishing it on a public website; Bills of materials (BoM) are commonly used for hardware design, but the idea behind a software bill of materials is to make sure outdated software libraries with known vulnerabilities are not included in a specific program. The 2021 Open Source Security and Risk Analysis (OSSRA) report exposes vulnerabilities and license conflicts found in more […]
Edge AI system combines Foxconn FXN3102 Arm SoC with Hailo-8 or Lightspeeur 2801S AI accelerator
Did you know Foxconn makes processors now? Well, they do, or at least can pretend they do to as we’ll see below. Foxconn FXN3102 24-core Arm Cortex-A53 processor is found in Vecow VAC-1000, a compact Edge AI computing system, that also features either an Hailo-8 AI accelerator or Gyrfalcon Lightspeeur 2801S NPU. The Ubuntu 18.04 server system also comes with up to 16GB DDR4-2133 memory, optional NX Witness VMS (Video Management System) supported, and targets intelligent surveillance applications such as public surveillance or traffic monitoring, as well as smart retail, factory automation, and any other AIoT/Industry 4.0 applications. Vecow VAC-1000 specifications: SoC – Foxconn FXN3102 24-core Arm Cortex-A53 processor @ up to 1.0 GHz System Memory – 8GB or 16GB DDR4 2133MHz ECC SO-DIMM Storage 64GB eMMC flash, 512MB SPI Flash, up to 512KB EEPROM 1x SATA III port up to 6 Gbps 1x M.2 2280 Key M socket for […]