summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhellekin <hellekin@dyne.org>2016-08-07 20:16:36 +0000
committerhellekin <hellekin@dyne.org>2016-08-07 20:16:36 +0000
commit6d4c4fb0898ee3a304f507b4cc5385405dffbcdf (patch)
treeeb6b99021cebf94942d0e93cc4712f75531918ea
parent853ab685ee0b2dac69eb69595465a8f0303fea2d (diff)
downloadwww-6d4c4fb0898ee3a304f507b4cc5385405dffbcdf.tar.gz
www-6d4c4fb0898ee3a304f507b4cc5385405dffbcdf.tar.bz2
www-6d4c4fb0898ee3a304f507b4cc5385405dffbcdf.zip
Fix abbreviations, and more contents
-rw-r--r--content/0021-migrating-away-from-eagle-to-kicad.html116
1 files changed, 71 insertions, 45 deletions
diff --git a/content/0021-migrating-away-from-eagle-to-kicad.html b/content/0021-migrating-away-from-eagle-to-kicad.html
index 2b6765d..11366f0 100644
--- a/content/0021-migrating-away-from-eagle-to-kicad.html
+++ b/content/0021-migrating-away-from-eagle-to-kicad.html
@@ -55,51 +55,58 @@
released on July, 18<sup>th</sup>, 2016 to the public in a
coordinated release with the vendor.</p>
- <blockquote>Abstract Syntax Notation One (ASN.1) is a technical
- standard and formal notation that describes rules and structures
- for representing, encoding, transmitting, and decoding data in
+ <blockquote>Abstract Syntax Notation One (<abbr title="Abstract
+ Syntax Notation One">ASN.1</abbr>) is a technical standard and
+ formal notation that describes rules and structures for
+ representing, encoding, transmitting, and decoding data in
telecommunications and computer networking.</blockquote>
- <blockquote>A vulnerability found in the runtime support libraries
- of the ASN1C compiler for C/C++ from Objective Systems Inc. could
- allow an attacker to remotely execute code in software systems,
- including embeded software and firmware, that use code generated
- by the ASN1C compiler. The vulnerability could be triggered
- remotely without any authentication in scenarios where the
- vulnerable code receives and processes ASN.1 encoded data from
- untrusted sources, these may include communications between
- mobile devices and telecommunication network infrastructure
- nodes, communications between nodes in a carrier's network or
- across carrier boundaries, or communication between mutually
- untrusted endpoints in a data network.</blockquote>
+ <blockquote>A vulnerability found in the runtime support
+ libraries of the ASN1C compiler for C/C++ from Objective
+ Systems Inc. could allow an attacker to remotely execute code
+ in software systems, including embeded software and firmware,
+ that use code generated by the ASN1C compiler. The
+ vulnerability could be triggered remotely without any
+ authentication in scenarios where the vulnerable code receives
+ and processes <abbr>ASN.1</abbr> encoded data from untrusted
+ sources, these may include communications between mobile
+ devices and telecommunication network infrastructure nodes,
+ communications between nodes in a carrier's network or across
+ carrier boundaries, or communication between mutually untrusted
+ endpoints in a data network.</blockquote>
<p>The proprietary software vendor released a hot patch (v7.0.1)
available upon request to their customers, and will integrate the
fix in the upcoming v7.0.2 of their compiler.</p>
- <p>On July, 1<sup>st</sup>, Programa STIC mentioned that <q>memory
- corruption bugs in ASN.1 related components of an LTE stack have
- been announced or hinted at in several infosec conference
- presentations over the past few weeks and its likely the same or
- similar bugs will become public soon.</q></p>
+ <p>On July, 1<sup>st</sup>, Programa STIC mentioned
+ that <q>memory corruption bugs in <abbr>ASN.1</abbr> related
+ components of an <abbr title="Long Term Evolution">LTE</abbr>
+ stack have been announced or hinted at in several infosec
+ conference presentations over the past few weeks and its likely
+ the same or similar bugs will become public soon.</q></p>
<h4>How is Neo900 Affected?</h4>
- <p>In
+ <p>The short answer is: Neo900 is not affected. Keep reading to
+ know why.</p>
+
+ <p>In
our <a href="https://neo900.org/news/paypal-resumes-neo900-sources-again">last
communication</a> we noted that <q><strong>Neo900 is the only
- phone that provides a hardware protection from remote activation
- of the baseband chip</strong></q>.</p>
+ phone that provides a hardware protection from remote
+ activation of the baseband chip</strong></q>.</p>
<p id="anchor-gta0x">In fact, the
- <a href="#note-gta0x"><strong>GTA0x</strong> design</a>
- contains two unique features:
+ <a href="#note-gta0x"><strong>GTA0x</strong> design</a> contains
+ two unique features:
<ul>
<li>the modem is detached from the power source, unlike other
smartphones, so that the modem has to be authorized by
the <abbr>CPU</abbr> before it can perform its tasks.</li>
- <li>the modem and the CPU <strong>do not share RAM</strong>,
- which prevents a whole range of attack vectors where a rogue
+ <li>the modem and the <abbr>CPU</abbr> <strong>do not share
+ <abbr title="Random Access Memory">RAM</abbr>, which
+ prevents a whole range of attack vectors where a rogue
baseband chip, either by design, by "lawful" or illegal
action, could take control of memory segments pertaining to
other subsystems and inject malicious code.</li>
@@ -119,30 +126,45 @@
<p>Therefore this vulnerability that potentially plagues most
commercial phones on the planet, won't affect Neo900 like it
- will other devices. A rare combination of hardware
- vulnerability in the USB connecting the modem to the CPU and a
- software vulnerability would have a remote chance to do
- that. In other designs where RAM is shared and a rogue modem
- can access the power supply at will, the attack surface is
- infinitely larger, and exploiting a vulnerability such as the
- ASN.1 bug will grant access to the whole system. As long as
- there's no proprietary vulnerable binary blobs in the
- Neo900 <abbr title="Application Processor
+ will other devices. In other designs where RAM is shared and a
+ rogue modem can access the power supply at will, the attack
+ surface is infinitely larger, and exploiting a vulnerability
+ such as the <abbr>ASN.1</abbr> bug will grant access to the
+ whole system.</p>
+
+ <p>But with Neo900, only a rare combination of hardware
+ vulnerability in the <abbr title="Universal Serial
+ Bus">USB</abbr> connecting the modem to the <abbr>CPU</abbr>,
+ and a software vulnerability would have a remote chance to do
+ that. As long as there's no proprietary vulnerable binary blobs
+ in the Neo900 <abbr title="Application Processor
Environment">APE</abbr>, the chance of a modem bug bubbling up
to the rest of the system without a way to control it and fix
it in software remains null.</p>
<p>Our exclusive Neo900 design is more valuable than ever!</p>
- <h3 id="more-n900-sourcing">More N900 Sourcing</h3>
+ <h3 id="server-migrated">Neo900.org Server Migrated</h3>
+
+ <p>Last week we completed the migration of Neo900.org services,
+ including <a href="https://my.neo900.org/">Neo900 Shop</a> to a
+ new server. The old one was running out of space, and
+ dangerously approaching capacity, especially
+ when <a href="https://en.wikipedia.org/wiki/Slashdot_effect">slashdotted</a>.</p>
+
+ <p>If you encounter any problems with the new server,
+ please <a href="mailto:contact@neo900.org?Subject=Neo900.org%20Services%20Issue">report
+ them</a>!</p>
+
+ <h3 id="more-n900-sourcing">More N900 Sourcing</h3>
- <p>After dowsing for a while, our boots in China confirmed the
- source mentioned previously! We already received 20 more N900
- units responding to our quality criteria for enduring the
- metamorphosis into brand new Neo900 units for you lucky (and
- patient) early birds. 20 more units are on the way, and we
- expect more to come. We're already at 70 units and
- counting.</p>
+ <p>After dowsing for a while, our boots in China confirmed the
+ source mentioned previously! We already received 20 more N900
+ units responding to our quality criteria for enduring the
+ metamorphosis into brand new Neo900 units for you lucky (and
+ patient) early birds. 20 more units are on the way, and we
+ expect more to come. We're already at 70 units and
+ counting.</p>
<p>Again, if you know where to find some affordable stocks of N900
units,
@@ -248,7 +270,11 @@
that alone for now:] define the BB-mX interface for prototype v2
(...)</p>
- <p>...</p>
+ <p>Being able to put our schematics under version control moves us
+ away from the Stone Age, into the present. You can watch the
+ evolving contents in our
+ <a href="https://neo900.org/git/?p=ee;a=tree">eletronics
+ engineering Git repository</a>.</p>
<p>Thank you for your attention,</p>