Information Security *

One of our readers recommended paying heed to the Espressif IoT Development Framework. He found an error in the project code and asked if the PVS-Studio static analyzer could find it. The analyzer can't detect this specific error so far, but it managed to spot many others. Based on this story and the errors found, we decided to write a classic article about checking an open source project. Enjoy exploring what IoT devices can do to shoot you in the foot.

About a year ago, we released Token2 Molto-1, the world's first programmable multi-profile hardware token. While Molto-1 is still the only solution of its kind currently available on the market, we will be soon releasing a new variation of a multi-profile hardware token, in a different form-factor and with a different set of features available.

While Molto-1 has its advantages, there were some shortcomings that we wanted to address, for example, it can only hold up to ten TOTP profiles, which is not enough for many users. Also, using NFC to program the device does not look very convenient for some users. There were also requests to have a backlight for the screen of the token, so it can be used in the dark. With Molto-2 we tried to address this and a few other concerns. So, we hereby present our new device model, Token2 Molto-2 with the following specifications:

TOKEN2 MOLTO-2 multi-profile programmable TOTP hardware token:

▣ RFC 6238 compliant

▣ supports up to 50 accounts/profiles

▣ USB-programmable with a Windows app

▣ RTC battery life: 8 years

▣ LCD screen battery: 3-4 months (rechargeable)

The table below shows the comparison between Molto-1 and Molto-2

In July 2020, the European Court of Justice invalidated an exchange of the personal data between the European Union and the United States. The times of the Safe Harbor and the Privacy Shield are over. Now what?

Introduction

How much does your privacy cost? Your medical information, your home address? How much is your browsing and search history? You might have never thought about that.

What is EVVIS-QR1?

We are a team of independent developers. We have created a new messenger, the purpose of which is to solve the critical problems of the modern Internet and the modes of communication it provides. We see users become hostages to the services they have grown accustomed to and we see corporations exploiting their users and controlling them. And we don’t like it. We believe the Internet should be different.
In this Manifesto, we disclose our vision of the Internet and describe what we have done to make it better. If you share our ideas — join us. Together we can achieve more than each of us can alone.

The case: You fire up a professionally prepared Linux image at a cloud platform provider (Amazon, DO, Google, Azure, etc.) and it will run a kind of production level service moderately exposed to hacking attacks (non-targeted, non-advanced threats).

What would be the standard quick security related tuning to configure before you install the meat?

release: 2005, Ubuntu + CentOS (supposed to work with Amazon Linux, Fedora, Debian, RHEL as well)