security

Posted on by Jean-Luc Aufranc (CNXSoft) - 7 Comments on More Intel Processor HW Security Flaws. Meet Microarchitectural Data Sampling (MDS)

More Intel Processor HW Security Flaws. Meet Microarchitectural Data Sampling (MDS)

Intel MDS Zombieload, RIDL, Fallout

2018 did not start so well for processor vendors, especially Intel, but also AMD, Arm and others as some of their processors leveraging speculative execution were impacted by Spectre and/or Meltdown hardware security bugs. The workarounds to improve security had a downside as they affected performance in some specific use case. Panic ensued as the bug was revealed to the public a bit too early, so companies were not fully ready with their mitigations / workarounds. Then in summer of 2018, another hardware security flaw known as Foreshadow or L1 Terminal Fault came to light. The new flaw potentially enabled the attacker to access data stored in L1 cache.  Provided you have updated your operating systems to the latest version, your computers and devices should be protected against those vulnerabilities, and you can even check with a script working in Linux or FreeBSD. But this now looks like a never […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 8 Comments on MORPHEUS Claims to be an Unhackable RISC-V Processor Architecture

MORPHEUS Claims to be an Unhackable RISC-V Processor Architecture

MORPHEUS Unhackable RISC-V Processor

Code gets continuously written and updated for new features, optimizations and so on. Those extra lines of code sometimes come at a cost: a security bug gets inadvertently introduced into the code base. The bug eventually gets discovered, a report is filled, and a software fix is committed to solve the issue, before the new software or firmware to push to the end user. This cycle repeats ever and ever, and this means virtually no software or device can be considered totally secure. The University of Michigan has developed a new processor architecture called MORPHEUS, and that blocks potential attacks by encrypting and randomly reshuffling key bits of its own code and data several times per second through a “Churn Unit”. The new RISC-V based processor architecture does not aim to solve all security issues, but focuses specifically on control-flow attacks made possible for example by buffer overflows: Attacks often […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 32 Comments on Enabling Two-Factor Authentication for SSH Access in Armbian

Enabling Two-Factor Authentication for SSH Access in Armbian

Armbian Two Factor Authentication SSH

Until today, I only knew of two authentication methods for SSH: the traditional username/password and key-based login with private/public keys with the latter being more secure and not requiring any password. But I’ve just found out it’s also possible to login to SSH using two-factor authentication relying on your smartphone to get an OTP code like you would to access some banking services as it can easily be enabled in Armbian. First you’ll want to enable key-based login with private/public keys, or you won’t be able to access your board anymore after enabling 2FA except via the serial console. Now simply start armbian-config, and go to System Settings->Reconfigure SSH daemon to enable PhoneAuthentication “mobile phone one-time passcode”. We’re not done yet, so don’t close Armbian-config You’d then need an Android or iOS phone running Google Authenticator app to receive the OTP (one-time password). After enabling PhoneAuthenticator in armbian-config, you’ll see […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 5 Comments on Pioneer Edition FreedomBox Home Server Launched with Olimex A20-OLinuXino-LIME2 Board

Pioneer Edition FreedomBox Home Server Launched with Olimex A20-OLinuXino-LIME2 Board

Pioneer Edition FreedomBox Home Server

Olimex works on open source hardware boards, while the FreedomBox Foundation has been developing FreedomBox, a free and open source private server system, since 2010 with the goal of empowering regular people to host their own internet services, like a VPN, a personal website, file sharing, encrypted messengers, a VoIP server, a metasearch engine, and more. When you mix open source hardware, open source software, and a bit of Internet freedom it gives birth to a product called “Pioneer Edition FreedomBox Home Server” based on Olimex A20-OLinuXino-LIME2 board and running FreedomBox software. Pioneer Edition FreedomBox Home Server specifications: SoC – Allwinner A20 dual-core ARM Cortex-A7 CPU @ 1.0 GHz  with dual-core Mali 400 GPU System Memory – 1GB DDR3 Storage – microSD slot fitted with 32GB class 10 card loaded with FreedomBox, SATA data and power connectors, 2KB EEPROM for MAC address and custom data Connectivity – Gigabit Ethernet Video […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 6 Comments on Eclipse IoT Survey Report Reveals Arm & Linux Dominate, Security Concerns

Eclipse IoT Survey Report Reveals Arm & Linux Dominate, Security Concerns

Constrained devices Arm IoT

The Eclipse IoT Working Group has just released a report asking the global IoT developer community to share their perceptions, requirements, and priorities. And with over 1,700 individuals taking the survey between February and March 2019, the key findings are interesting: IoT drives real-world, commercial outcomes today. 65% of respondents are currently working on IoT projects professionally or will be in the next 18 months. IoT developers mostly use C, C++, Java, JavaScript, and Python AWS, Azure, and GCP are the leading IoT cloud platforms Top three industry focus areas remain the same as last year: IoT Platforms, Home Automation, and Industrial Automation / IIoT. MQTT remains the dominant IoT communication protocol leveraged by developers The Eclipse Desktop IDE is the leading IDE for building IoT applications The last point may be slightly biased because the survey was done by the Eclipse IoT Working Group, so most respondents were already […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 4 Comments on Avnet Azure Sphere MT3620 Starter Kit Features Two mikroBUS Sockets

Avnet Azure Sphere MT3620 Starter Kit Features Two mikroBUS Sockets

Avnet Azure Sphere MT3620 Starter Kit

Microsoft and MediaTek worked together to design MediaTek MT3620 Arm Cortex-A7 processor with Microsoft Pluton security sub-system required for Microsoft Azure Sphere IoT ecosystem. We’ve already covered boards from Seeed Studio including the just announced low cost MT3620 mini dev board. But Microsoft also cooperated with Avnet which has recently introduced Azure Sphere MT3620 Starter Kit equipped with two mikroBUS sockets enabling the platform to leverage one of the 633 “click boards” available from MikroElektronika. Just like the latest Seeed Studio board, Avnet Azure Sphere MT3620 Starter Kit is comprised as a baseboard with a soldered-on CPU module that can later be used for mass-production is a custom designed board. Specifications: Azure Sphere MT3620 CPU Module Mediatek MT3620AN single core Arm Cortex-A7 processor @ 500 MHz with 4MB SRAM, dual core Arm Cortex-M4F real-time core @ 200 MHz with 64KB RAM, Microsoft Pluton security sub-system, and WiFi. Storage – TBD […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 8 Comments on MT3620 Mini Dev Board is a Cheaper Microsoft Azure Sphere Board

MT3620 Mini Dev Board is a Cheaper Microsoft Azure Sphere Board

MT3620 Mini Dev Board

Announced nearly one year ago, Microsoft Azure Sphere is an ecosystem comprised of Azure MCUs with Microsoft Pluton Security System, Linux based Azure Sphere OS, and a secure cloud service called Azure Sphere Security Service. The first official Azure development board – MT3620 Development Board for Azure Sphere – was launched last year for $84.95. The kit may not have attracted a large number of developers, so there’s now a cheaper version – MT3620 Mini Dev board – going for $34.90 on Seeed Studio. Note that’s a pre-order and shipping is scheduled for May 13, 2019. MT3620 Mini dev board specifications: CPU Module – AI-Link WF-M620-RSA1 module with Mediatek MT3620AN single core Arm Cortex-A7 processor @ 500 MHz with 4MB SRAM, dual core Arm Cortex-M4F real-time core @ 200 MHz with 64KB RAM, Pluton security sub-system, and WiFi. Storage – 2x 8MB dual channel quad SPI (TBC) Connectivity –  Dual band […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 5 Comments on GearBest Database Was Left Unsecured For 2 Weeks

GearBest Database Was Left Unsecured For 2 Weeks

gearbest unsecured database

GearBest is one of the most popular Chinese online stores, and we often feature products sold by the company on the website. However, VPNMentor research team headed by Noam Rotem, a  hat hacker and activist, discovered a serious security breach in Gearbest, where their database was completely unsecured for a period of time. Specifically the research team was able to access the following databases in March 2019: Orders database with products purchased, shipping address and postcode, customer name, email address, phone number Payments and invoices database with order number, payment type, payment information, email address, name, IP address Members database with name, address, date of birth, phone number, (unencrypted) email address, IP address, national ID and passport information, (unencrypted) account password They discovered 1.5+ million records in total. They managed to login successfully to two accounts from the database breach for testing. Payment information included data related Boleta (used in […]

Exit mobile version