A czy Ty wpiąłeś już swoje łóżko w oddzielnego VLANa?

Urządzenia Internetu Rzeczy, z jakiegoś powodu nazywane “smart” zaczynają już denerwować ludzi zajmujących się bezpieczeństwem (w tym nas). Nie bez powodu powstało powiedzenie, że literka “S” w skrócie IoT pochodzi od “Security”. O niskiej jakości zabezpieczeń zabawek dla dzieci pisaliśmy już jakiś czas temu, ale to tylko kropla w morzu...

#WBiegu #Aws #Cloud #Iot #Łóżko #Podatność

https://sekurak.pl/a-czy-ty-wpiales-juz-swoje-lozko-w-oddzielnego-vlana/

We're very excited to announce that Apollo Automation have joined the Works With Home Assistant - the first @esphome-based devices to receive this certification!

Check out how Apollo got started building devices with ESPHome and which ones have been certified on our blog

#HomeAutomation #SmartHome #ESPHome #DIY #IoT
https://www.home-assistant.io/blog/2025/02/27/apollo-joins-wwha/

Ein #OpenData fundiertes LoRaWAN in Hamm, kurz #lorahamm nimmt so langsam Gestalt an. Wir haben eine liebevolle Einladung der Stadt #Hamm (CDO) und der #HSHL erhalten hier mit zu machen.

Wesen die Lust haben mitzuwirken, oder welche kennen die Lust haben könnten... you're welcome.

Wir wollen dabei verstärkt und unbedingt Aspekte, wie #OpenSource #InfoSec ( #NIS2 & co), #DigitaleSoevereiniteit und #Teilhabe einbringen.

\__
#cccRegio #IoT #Thingsboard

Nieoczywista podatność w interface administracyjnym urządzeń Palo Alto. Możliwość ominięcia uwierzytelnienia. CVE-2025-0108

Dla lubiących korzystać tylko z materiałów źródłowych polecam to opracowanie oraz informacje o łatce producenta. No dobra, o co tutaj chodzi? Urządzenie ma skonfigurowany Nginx na froncie (w szczególności podejmuje on decyzję, które żądanie uwierzytelnić, a które nie), oraz serwer webowy Apache w backendzie (tutaj działa aplikacja). Na starcie Nginx...

#WBiegu #Apache #Iot #Nginx #PaloAlto #PathConfusion #Websec

https://sekurak.pl/nieoczywista-podatnosc-w-interface-administracyjnym-urzadzen-palo-alto-mozliwosc-ominiecia-uwierzytelnienia-cve-2025-0108/

That guy hacked his air purifier, reversed part of the Android app, then the PCB, downloaded the firmware and reversed everything .. to integrate it to HomeAssistant! :o

Didn't know about MessagePack nor esp32knife.

https://jmswrnr.com/blog/hacking-a-smart-home-device

Next week, join our friends at @esphome for their New Year live stream! Catch up with the team as they update you on what's new in the world of ESPHome - and what's to come.

Hit the to get notified when they're live!

#SmartHome #DIY #IoT
https://www.youtube.com/watch?v=HtG3fjAO96c

Interesting...I'm using ESP-IDF's OpenEthernet driver. At first, it looked like there was a memory leak each time I stopped and restarted the driver. But after a while, the free heap memory settled into a regular pattern. Anyone with deep #ESP32 knowledge know why this happens? #microcontroller #IoT

Analyzing ELF/Sshdinjector (IoT bot) with r2ai.

It's really helpful and time save to use AI (with r2ai) for analysis *but* use it with a non-AI decompiler side by side:

1. To direct the AI, and lose less money ;P
2. To spot more easily hallucinations or extrapolations.

https://www.fortinet.com/blog/threat-research/analyzing-elf-sshdinjector-with-a-human-and-artificial-analyst

Our sponsor for episode 493( https://embedded.fm/episodes/493 ) -- Nordic Semi --
is giving away a couple of awesome products from their collection.

Join the contest here( https://lnkd.in/eyrNqQS8 ) for a chance to win anything from https://www.nordicsemi.com/Products/Development-hardware/Nordic-Thingy-91-X to https://www.nordicsemi.com/Products/Development-hardware/Power-Profiler-Kit-2.

A talk about WebAssembly for IoT devices by Merljin Sebrechts.

Should we release PoCs publicly - after they have been fixed? or should we not?

While releasing a PoC is positive for research and awareness, there's no denying it increases the vulnerability's exploitation in the wild.

- CVE-2024-41710 fixed on July 17, 2024
- Two weeks later: PoC published on Github
- Jan 2025: Aquabot v3 noticed "using a payload almost identical to the PoC"

Ref: https://www.akamai.com/blog/security-research/2025-january-new-aquabot-mirai-variant-exploiting-mitel-phones

#botnet #phone #entreprise #mirai #IoT #CVE-2024-41710

Hi!

I'm Adrian, a FullStack #Developer looking for a job either in #Québec (or from it if you allow for remote work). I already have a permanent and open visa

I have experience building and maintaining web apps and APIs, designing systems, doing #DevOps and a bit of #BigData, #MachineLearning and #IoT

I'm experienced using #Elixir, #Phoenix, #LiveView, #NodeJS, #TypeScript, #Fastify, #Express and #Python ; and on the DevOps side in CI/CD pipelines (either #GithubActions and Gitlab CI/CD), #Docker and a bit of #Kubernetes

I was tasked with a lot of the #innovation happening in my previous company, researching tools, librairies, patterns or general technologies either for our own #DeveloperExperience or for our products

I also wrote a lot of technical and non technical documentation and internal presentations, and even participated in a few meetups. You can read some of my writing on my blog: https://blog.adrianc.eu

You might also have seen me on a few Elixir-related Discord servers, or even Bluesky (@adrianc.eu) and Twitter ; either sharing tech news, helping people, reading in book clubs or just chatting

I’m open to full-time right now, contracting work can be discussed.

I'm looking for any developer position, not only #ElixirLang, even though it represents most of my experience. And if the technology you're using isn't on my resume, give me a chance! I'm a fast learner and I might anyway have studied it in class :P

DM me for more info, like github link, my resume or anything :)

Boosts, responses and DM welcome, of course!

#MyElixirStatus #FediJobs #FediJob #FediGetHired #OpenToWork

EDIT: I already have a visa, it was not super clear before

Hello Friends, my current contract role wraps up at the end of January, so I am looking to get #FediHired FT or PT in the arena of Internet of Things #IoT , Embedded Systems, and Making Friends With The Robot Overlords When They Were Babies.

I have an electronics and advanced manufacturing lab in Brisbane, so am ideally placed to assist businesses who need a "hardware wizard on retainer".

This week we worked out that EE now (it was announced last year, not sure when it got turned on) has an NB-IoT network.

We noticed because it decides to start dropping UDP packets after about 120KB of transfer, which is about 41% of the way through downloading a new firmware version.

Turns out the devices we thought were in poor network coverage and wouldn't update over the air had just chosen the EE network rather than the Vodafone one...

Bypassing UART protection in TL-WR841N home router

https://iotsrg.org/blog/unlocking-full-shell-functionality-uart-rx-mitigation-bypass-on-tl-wr841n

https://www.youtube.com/watch?v=hdi8QCjMTuE

Pt. 2 of the @alexlynd #DevKitty #hardware #security kit workshop goes live in ~20! We'll be programming #LEDs & custom #IoT payloads

Plus, tune into our Hackster.io Holidays Finale next Tuesday to win a kit! https://events.hackster.io/hacksterholidays

Find both workshop episodes and the Finale here: https://youtube.com/playlist?list=PLsRBa4uXjihbcHnRkc2SoPLnoC_ilO_SM

Can’t think of a single time when I’ve thought, “oh yeah, now is a *great* time to update the firmware” #iot #internetOfBrokenThings

Banana Pi BPI-CanMV-K230D-Zero AIoT SBC design with Canaan K230D RISC-V chip
https://docs.banana-pi.org/en/BPI-CanMV-K230D/BananaPi_BPI-CanMV-K230D-Zero
#bananapi #riscv #SBC #IoT #AIoT #AI #Canaan #K230D

#IoT #developers face challenges at the #cloud-edge continuum: performance, resilience & #energy efficiency. Learn how the #EU #COGNIT project tackles these with #AI-driven #FaaS! Explore use cases in Industry, #SmartCities, #Cybersecurity & more. https://youtu.be/CwXApt-LLyQ?si=9LkqwTpVieTpDZEQ