Monday, April 27, 2015

Imagination releases academic version of MIPSfpga design

As described by AnandTech in this article, Imagination has announced a university license for its MIPSfpga design.

Wednesday, March 25, 2015

SSL certificate security flaws found

Extremetech reported on some newly found security holes in SSL.  It turns out that another entity issued unauthorized certificates for Google domains.  Beyond the specific implications for SSL security, this in my view is another blow to the reputation of open systems and standards.

Sunday, February 22, 2015

More Stuipid Ideas in Consumer Electronics

Tom's Hardware reports that a new Barbie records your child's conversations with the doll and saves them in the cloud---here is the article.  Doesn't anyone in the consumer electronics industry know how to spell privacy?

Friday, February 20, 2015

Stupid Ideas in Consumer Electronics

Samsung's Smart TV seems to have been not so smart after all.  A variety of press reports indicate that Samsung's user agreement allows them to share voice input with third parties.  Reports also indicate that voice data is being transferred to the cloud in an insecure manner.  One of the several good reports on this topic comes from Tom's Hardware.

Sunday, September 28, 2014

Embedded Zombies

I have decided to coin a new term: embedded zombies. The security field has largely concentrated on IT devices: laptops, servers, phones.  But we have recently seen several examples of ways to hijack devices with embedded processors. These embedded zombies can then be used to attack IT systems, cyber-physical systems, IoT systems, you name it.

The shellshock bug is the latest example---see Bruce Schneier's blog post. Shellshock is a bug in the bash *nix shell.  It endangers *nix-based IT systems, such as Apple machines.  But since many embedded devices, ranging from the networking equipment that runs the Web to consumer devices, also run *nix and bash, those systems are in danger as well. A few months ago, researchers Karsten Noll and Jacob Lehl showed how to hijack the processors on USB devices. Once again, the zombie USB device can be used to attach IT, cyber-physical, or embedded systems.

A system is only as secure, private, and trustworthy as the lest secure/private/trustworthy component. Given the complexity of even simple, cheap systems, we have to limit our trust in  just about every system.

Saturday, August 16, 2014

RPiSoC Webinar

element14.com has announced a webinar on the RPiSoC platform. RPiSoC is a board with a PSoC system-on-chip that connects to the Raspberry Pi and allows it to make use of the PSoC I/O analog and digital configurable I/O. You can find more information on the webinar here.