Open post
NosillaCast Logo

NC #664 Nite Ize Taglit, Mira Ovulation, Spartan Boxers, D-Link and KRACK, Lynky Smart Home Hub, WyzeCam, TRAE Lamps

Nite Ize Taglit might save my life, CES interviews with Mira ovulation monitoring system, Spartan radiation-blocking boxer shorts, Lynky Smart Home Hub and TRAE lamps made by geeks. I also talk about my disappointment with D-Link security on the Omna Webcam and tell you about an awesome new webcam called WyzeCam that’s only $20.

mp3 download

Continue reading “NC #664 Nite Ize Taglit, Mira Ovulation, Spartan Boxers, D-Link and KRACK, Lynky Smart Home Hub, WyzeCam, TRAE Lamps”

Open post
KRACK logo

D-Link’s Attention to the KRACK Vulnerability Gives Me Pause

omna webcam in my handOne of our goals in Home Automation has been to buy HomeKit-compatible devices whenever possible for security reasons. I’ve even created an elaborate network setup to isolate non-HomeKit (and Windows) devices from the rest of my gear.

Last year we bought the first HomeKit-compatible webcam, the Omna 180 Cam HD from D-Link. At $150 it wasn’t cheap but buying from a reputable company like D-Link who clearly have been in the business of network gear for ages gave us peace of mind.

The camera hasn’t been a huge success for us for a few reasons. The video isn’t as sharp as we’d expected. It was supposed to be 1080p but it’s pretty fuzzy. It doesn’t store information anywhere but on its own SD card, which might be a plus for some people but for us it limits the usefulness. It gets pretty hot which concerns us, and it is simply offline sometimes and we have to unplug it and plug it in to get it running again.

Continue reading “D-Link’s Attention to the KRACK Vulnerability Gives Me Pause”

Open post
Security Bits Logo

Security Bits – Canvas Fingerprinting, KRACK Updates, TOR Browser Bug, New Zero-Day WiFi Bug, Brother Printer Exploit

Security Medium 1 — Canvas Fingerprinting

Before we look at canvas finger printing, I just want to set the scene with a reminder of one of the most fundamental truths about how the web was designed – each web page load is an independent event. Because that meant websites had no memory of anything that went before, i.e. no concept of state the original web could not cope with concepts like logging in, or shopping baskets. Something had to be bolted on to allow web servers connect individual requests into related groups of requests.

The official mechanism added to the HTTP protocol for retaining state between requests is the humble cookie. Cookies gave us the ability to log in, and basically, the modern web. But, they came with a dark side — as well as enabling all the cool things we like about the modern web, they also enabled tracking.

Continue reading “Security Bits – Canvas Fingerprinting, KRACK Updates, TOR Browser Bug, New Zero-Day WiFi Bug, Brother Printer Exploit”

Open post
NosillaCast Logo

NC #650 Resetting People Album in Photos, Grammarly, KRACK and ROCA in Security Bits

Bart was on the Phileas Club this week to talk about Ireland, and I was on Daily Tech News Show with Sarah Lane. Rick from Baltimore joins us with his first audio submission, where he tells us about how he discovered how to reset the People album in Apple Photos. I’ve found a tool called Grammarly to help me minimize typos that makes me happy. Bart brings us an out-of-band Security Bits session because of the big vulnerability discovered this week in WiFi. It’s oddly a reassuring session!

mp3 download

Continue reading “NC #650 Resetting People Album in Photos, Grammarly, KRACK and ROCA in Security Bits”

Open post
Security Bits Logo

Security Bits – 22 October 2017

Security Medium 1 – WPA WiFi Encryption Develops KRACKs

This week started with a big security news announcement (responsibly disclosed, which is nice). Security researchers at the Belgian university KU Leuven revealed a collection of related attacks against the WPA2 protocol (WiFi Protected Access version 2). The problem at the root of these attacks was not related to any specific implementation of the spec, but with the spec itself, so every manufacturer who implemented the spec correctly would have introduced these vulnerabilities into their WiFi drivers. Because you have to give a bug a fancy name to get any media attention these days, it was given the somewhat strained pseudo-acronym KRACKs, from key reinstallation attacks.

We’re not going to go into the technical minutia here, but I have included links to some good explanations below. I do want to give a high-level overview of the problem though.

Continue reading “Security Bits – 22 October 2017”

Scroll to top