Firewalla Gold Intel-based Ubuntu Router Enables Multi-Gigabit Cyber Security (Crowdfunding)

Firewalla Gold vs Blue Red

We covered Firewalla based on NanoPi NEO board in mid-2018. The device is a tiny firewall, parental control, ad-blocker, and VPN appliance for end-users. Since then they’ve launched Firewalla Blue based on NanoPi NEO2 SBC with Gigabit Ethernet and a faster processor, and now the company has just introduced the even more powerful Intel-based Firewalla Gold. Firewalla Gold specifications: Processor – Unnamed intel 64-bit quad-core processor System Memory – 4GB RAM Storage – 32GB flash Connectivity 4x Gigabit Ethernet ports supporting over 3 Gbps in total, and up to 10 VPN connection at up to 120 Mbps aggregated bandwidth. WiFi 6 module (not sure optional or included) Misc – RTC Power Supply – DC barrel jack They may have designed a custom board this time, as I’m not sure which off-the-shelf SBC they may have used in their new product. The device runs Ubuntu Linux so the users will have full access to the operating system with SSH, and will …

Support CNX Software – Donate via PayPal or become a Patron on Patreon

SiFive Shield is an Open Security Platform for RISC-V Processors

SiFive WorldGuard

Most Arm processors and Armv8-M microcontrollers support Arm TrustZone security with hardware-enforced isolation built into the CPU. But so far, I had not read anything about equivalent solutions for RISC-V processors. It turns out Hex-Five’s MultiZone security is one of the RISC-V hardware-security providing an answer to Arm TrustZone, and besides checking out the presentation slides, you can also watch the video filmed at RISC-V Workshop Taiwan last March. But what brought me to write about RISC-V security is SiFive announcement for their Shield open security platform for RISC-V processors SiFive Shield Overview SiFive Shield is an open, scalable security platform designed for RISC-V processors.  It supports root-of-trust, customizations, and offers per-memory protected memory regions and multi-core privilege modes.  Combined with SiFive WorldGuard, SiFive Shield enables greater isolation. SiFive WorldGuard Isolation SiFive WorldGuard is a fine-grain security model for isolated code execution and data protection. It offers core-driven and process-id driven modes to offer data protection for core, cache, interconnect, …

Support CNX Software – Donate via PayPal or become a Patron on Patreon

FOSDEM 2020 IoT Devroom Call for Proposals

FOSDEM 2020 IoT Devroom

FOSDEM (Free & Open-source Software Developers’ European Meeting) takes place every year in Brussels, Belgium on the first weekend of February.  FOSDEM 2020 is scheduled for February 1-2, and now that developer rooms have already been announced, there are calls for proposals for each topic. Benjamin Henrion (aka Zoobab), a frequent reader and commenter of CNX Software, will be in charge of the IoT devroom and has now initiated a call for proposals for Internet of Things talks. The devroom will take place on Saturday or Sunday between around 10.30 and 18:00. Each talk will last 25 minutes with a 5-minute break between talks. The talks must be about fully open source projects that cover one of the topics below: Machine-to-machine (M2M) communication on small embedded devices Distributed applications in any field of interest for autonomous/self-controlled devices, (e.g. domotics, automotive, etc) Networking: TCP/IP, mesh networking, message queuing, cross-layer solutions Real-life problematics such as Out of grid communications Resiliance Security Cost …

Support CNX Software – Donate via PayPal or become a Patron on Patreon

How I Adopted a Ubiquiti Unifi Security Gateway on my Existing Home Network

Ubiquity Security Gateway

Hey Karl here with a quick write up on how I adopted a Ubiquiti Unifi Security Gateway (USG) into my existing home network. I ran into a few issues so I wanted to share and hopefully help someone else. I have had 2 Unifi access points cover my home for several years now and I recently upgraded my internet to 100 Mbps. I was maxing out at about 95 Mbps with downloads on my existing 100 Mbps Linksys router and I knew I was leaving some bandwidth on the table. Spectrum is my internet provider and I have always got more than what I paid for. I placed an order on Amazon and 24 hours later it was delivered. I have a couple of things that made this challenging. First I run my network on a 10.0.0.1/24 subnet with devices that have static IP address and I host my own Unifi controller and don’t use the cloud version. I also …

Support CNX Software – Donate via PayPal or become a Patron on Patreon

Tiny USB WiFi Camera Supports Motion and AI Human Detection

USB WiFi Camera

When I first saw U21 HD camera it reminded me of SOOCOO G1 is action camera with a flexible stick, since the camera also comes with a flexible hose which allows you to orient it as you please. But it’s a different bear, as U21 is a surveillance camera powered over USB and featuring WiFi connectivity. I can’t see any motion detection, so it may have some dose of “AI” since it claims to support motion and human detection so you only get relevant alerts. It is currently sold (pre-orders) on Banggood for $33.65 including shipping with order starting to be processed on October 30th. U21 USB WIFI camera key features and specifications: MCU / WiSoC – No information (yet) Storage – MicroSD card slot up to 128GB for up to one month of recording (8GB = 2 days); Cloud storage via third party (paid) Camera – 14mm lens, HD resolution Alerts – Motion detection, AI human detection (provided and …

Support CNX Software – Donate via PayPal or become a Patron on Patreon

ISPs and Governments Don’t Seem to Like Security and Privacy-enhancing DNS over HTTPS (DoH)

DNS-over-HTTPS DoH

Now a lot of the traffic on the Internet is secure, and for example, if you visit this blog your traffic will be encrypted, so your ISP, government or hackers will not know which exact page you visit on the website. But unless you use a VPN or the Tor Network, they’ll still know/or find out you visited CNX Software as most DNS requests are now unencrypted. Hackers may also use a spoofed DNS to steal your credit card info while you think you input your details into a trusted website. Beside using a VPN service, one solution is to use DNS over HTTPS (DoH) which encrypts the DNS request so that even your ISP or the government (unless there’s a backdoor) may not know which websites you visit. On top of improving privacy, DoH also improves security, as it’s harder to spoof DNS servers and by extension internet websites. I tried it with Cloudflare 1.1.1.1 DNS service last year, …

Support CNX Software – Donate via PayPal or become a Patron on Patreon

USB Armory Mk II USB Linux Computer Targets Security Applications (Crowdfunding)

USB Armory Mk II

Back in 2014, Inverse Path launched USB Armory computer dongle running headless Linux from a MicroSD card and designed for security applications. The company got bought by  F-Secure Foundry in 2017, and the latter has now launched another crowdfunding campaign for an upgraded version USB Armory Mk II keeps a similar USB dongle form factor but replaces the NXP i.MX53 Cortex-A8 processor with a more efficiency NXP i.MX 6ULZ Arm Cortex-A7 processor, the USB type-A port with a modern USB-C port, adds 16GB eMMC flash, Bluetooth 5 LE connectivity, and new security features. USB Armory Mk II specifications: SoC – NXP i.MX6ULZ Arm Cortex-A7 @ 900 MHz System Memory – 512 MB DDR3 RAM Storage – 16 GB eMMC flash + external microSD Connectivity – Bluetooth 5 LE + mesh module (U-blox ANNA-B112) with Arm Cortex-M4 MCU (nRF52832) USB – 2x USB type-C ports: 1x DRP (Dual Role Power) receptacle + 1x UFP (Upstream Facing Port) plug HW Security Chip …

Support CNX Software – Donate via PayPal or become a Patron on Patreon

Signet High-Capacity Thumbdrive Supports 2FA, Password & Secure Data Storage (Crowdfunding)

Signet HC Crowdfunding Started The latest version of the Signet thumbdrive is the Signet HC. The HC has a number of enhanced features and a lower price point, making it an attractive alternative to other high-security flash drives.  The drive is high capacity storage, with secure storage technology, 2 Factor Authentication (2FA) token and encryption.  It also has a password manager and enhanced database features.  The company has started its crowdfunding campaign and there are several device quantity options and peripherals.  Features of the Signet HC The Nth Dimension has announced the Signet HC recently, bringing to the forefront of its latest device, the all-in-one aspects of the drive’s capabilities. The  Signet HC is certainly positioned to be one of the top featured, encrypted password protected, and 2FA storage devices of its size. The data on the drive is encrypted, and password protected and can be accessed through cross-platform client application available on Windows, macOS, GNU/Linux, and Android.  There …

Support CNX Software – Donate via PayPal or become a Patron on Patreon