This Week In Security: Ubiquiti, Nissan, Zyxel, And Dovecot

You may have been one of the many of us who received an email from Ubiquiti this week, recommending a password change. The email stated that there was an unauthorized access of Ubiquiti systems, and while there wasn’t evidence of user data being accessed, there was also not enough evidence to say emphatically that user data was not accessed. Ubiquiti has mentioned that the database that may have been accessed contains a user’s name, email address, hashed password, and optionally the mailing address and phone number.

Depending on how the Ubiquiti authentication system is designed, that hashed password may be enough to log in to someone’s account. In any case, updating your password would invalidate the potentially compromised hash. This event underscores a complaint voiced by Ubiquiti users: Ubiquiti has been making it difficult to administrate hardware without a cloud-enabled account. Continue reading “This Week In Security: Ubiquiti, Nissan, Zyxel, And Dovecot”

3D Printing In Five Axes Makes The World Flat

Just when you thought your 3D printer was hot stuff, along comes a 5D printer. Two doctoral students at Penn State want to add two more axes to get rid of overhangs. This means that instead of supports or breaking objects into pieces, the printer simply orients the print so each region of the part is printing as if it were flat. Of course, 5D printers aren’t really new, even though you don’t hear much about them. However, the paper details a new algorithm that eliminates manually defining print regions and rotations.

You do this all the time manually when you’re setting the print up. For example, if you want to print a letter T, you could print it with supports under the cross pieces or flip it upside down and print it with no support at all. The difference here is the printer can flip the workpiece itself to different angles and can change it on the fly during printing. The printer might print the shaft of the T, rotate it to draw half of the crossbar, then rotate it 180 degrees to print the other half. In all three zones, the print head is depositing materials flat with no overhang. In a simple case like a T that doesn’t really require a special machine or an algorithm, but in the general case, you often can’t just rotate a model to avoid using supports.

Continue reading “3D Printing In Five Axes Makes The World Flat”

South Korea Blankets Country With Free WiFi On All Public Transit

Wrapping up a multi-year project to provide free WiFi on all public transportation, South Korea’s Ministry of Science and Information and Communications Technology (MSIT) announced that a total of 35,006 buses had been equipped nationwide.

Previously, subscriber-based WiFi had been installed on subways and in subway stations. It was provided privately by two phone carriers and free only for their subscribers. The coverage was spotty and slow, and in 2017 the government took over and implemented a better system. With this announcement, the whole public transportation system is now covered with stable and free WiFi.

We also noticed that the government has released the details of the 220,000 WiFi access points to the public. This includes the location, IP address, and RSSI data for use by people and companies wanting to develop location-based services. What is the state of free WiFi access points in your region, and does it extend to public transportation? Do you find it reliable, or do you use your data plan when out and about?

This Week In Security: Android Bluetooth RCE, Windows VMs, And HTTPS Everywhere

Android has released it’s monthly round of security updates, and there is one patched bug in particular that’s very serious: CVE-2021-0316. Few further details are available, but a bit of sleuthing finds the code change that fixes this bug.

Fix potential OOB write in libbluetooth
Check event id if of register notification command from remote to avoid OOB write.

It’s another Bluetooth issue, quite reminiscent of BleedingTooth on Linux. In fact, in researching this bug, I realized that Google never released their promised deep-dive into Bleedingtooth. Why? This would usually mean that not all the fixes have been rolled out, or that a significant number of installations are unpatched. Either way, the details are withheld until the ramifications of releasing them are minimal. This similar Bluetooth bug in Android *might* be why the BleedingTooth details haven’t yet been released. Regardless, there are some serious vulnerabilities patched this in this Android update, so make sure to watch for the eventual rollout for your device. Continue reading “This Week In Security: Android Bluetooth RCE, Windows VMs, And HTTPS Everywhere”

Powered Exoskeletons In Rough Terrain: An Interesting Aspect Of The Chang’e 5 Recovery Mission

At this point in time, one would be hard pressed to find anyone who is not at least aware of some of the uses of exoskeletons as they pertain to use by humans. From supporting people during rehabilitation, to ensuring that people working in industrial and warehouse settings do not overexert themselves, while also preventing injuries and increasing their ability to carry heavy loads without tiring.

During the recovery mission of the Chang’e 5 sample container in the rough terrain of Inner Mongolia, the crew which was tasked with setting up the communications center, electrical supply systems and other essential services in the area wore exoskeletons. Developed by a relatively new Chinese company called ULS Robotics (see embedded promotional video after the break), the powered exoskeletons allowed the crew to carry 50 kg loads at a time for a hundred meters across the rough, snowy terrain.

The obvious benefit of an exoskeleton here is that while humans are pretty good at navigating rough terrain, this ability quickly degrades the moment a heavy load is involved, as anyone who has done serious mountain trekking can probably attest to. By having the exoskeleton bear most of the load, the wearer can focus on staying upright and reaching the destination quickly and safely.

With the growing interest for exoskeletons from various industries, the military, as well as the elderly, it probably won’t be too long before we’ll be seeing more of them in daily life the coming years.

(Thanks, Qes)

Continue reading “Powered Exoskeletons In Rough Terrain: An Interesting Aspect Of The Chang’e 5 Recovery Mission”

Amazon’s Custom T-Shirt May Rub You The Wrong Way

How far would you go in pursuit of the perfect black t-shirt? Would you let Amazon build a virtual double of your body? They already know so much about you, so what’s a body scan or two between customer and company?

So here’s the deal — Amazon is trying to launch a brand of bespoke clothing called Made for You, and they’re starting with custom solid color t-shirts. Here’s how it works: you give them $25 along with information about your height, weight, and skin tone. Then you upload two pictures of your torso to their app, and these get turned into a 3D model of your body. Once your avatar is built to match, you design your shirt to fit the model. In theory, you get a really good idea of how it will fit.

You can choose from two different fabrics and eight colors, and can customize the neckline, the shirt length, and the sleeve length. If you want to, you can put your name on the tag. Then your perfect t-shirt gets made in the US from imported fabric — either lightweight or medium weight pima cotton. We’re not sure if robots or people are making them, but our money is on people. After all, Amazon is the company that created Mechanical Turk to form a pool of humans available to do on-demand work via the Internet. This is along those lines but with tailors sewing to your specifications. The big questions are what do you get, how does the technology make these better than off-the-rack, and do you give up your privacy in return?

One-Size Fits One

To say that these are custom t-shirts is a bit of a stretch. Oh you don’t need to worry about the t-shirts being skin-tight and showcasing your spare tire — if it’s a relaxed fit you want, that’s one of the options. But the current options are limited.

Continue reading “Amazon’s Custom T-Shirt May Rub You The Wrong Way”

Review: Pine64 Pinecil Soldering Iron

There was a time when decent quality soldering irons were substantial affairs, soldering stations with a chunky base unit containing the electronics and a lightweight handheld iron for the work. That has changed with the arrival of a new breed of microprocessor controlled lightweight handheld irons. There’s a new kid on the block from a company we associate more with open-source phones, laptops, and single board computers, Pine64 have produced the Pinecil. It’s a lightweight handheld iron with some innovative features at an attractive price, but does it raise the bar sufficiently to take on the competition?

I put the Pinecil through its paces, and and although the device is fully open source, give it a teardown for good measure. Spoiler: it’s my new favorite.
Continue reading “Review: Pine64 Pinecil Soldering Iron”