The VDOO Blog

Fill in your email below to subscribe
to our monthly device security newsletter

Technical
January 22, 2020
Researchers Announce BLAKE3 Hash Function
The newly announced BLAKE3 hash function offers impressive performance. In this blog entry, we briefly review it and its possible uses in IoT devices.
Leo Dorrendorf
5 min read
IoT Ecosystem
January 14, 2020
Our 2020 Prediction: Automotive Cybersecurity Will Finally Be Regulated
With more and more connected cars on the roads these days, the issue of automotive cybersecurity is increasingly making its way into industrial and governmental awareness as a critical priority.
Amber Katz
16 min read
Technical
January 9, 2020
PAN and XOM: When Security Features Collide
On this VDOO blog, we explain how and why a bug in the ARM v8.1 PAN mechanism has caused Linux maintainers to roll back support for XOM pages. This is a case of one security mitigation interfering with another.
Leo Dorrendorf
12 min read
IoT Ecosystem
January 7, 2020
Device Security - Monthly Newsletter - January 2020
Happy 2020 - we hope this year will be a safe and secure one for you and for all your connected devices!
Monthly Newsletter
17 min read
Technical
December 31, 2019
Setting Up U-Boot to Harden the Boot Process
In this article, we will discuss setting up the popular U-Boot bootloader to achieve a secure configuration, hardening the boot process by removing unnecessary and insecure functionality such as shell and network access.
Leo Dorrendorf
15 min read
IoT Ecosystem
December 18, 2019
Key Takeaways from the California "Security of Connected Devices" Senate Bill (SB-327)
We review the California Senate Bill 327, "Security of Connected Devices" from a technical perspective. After reading this article, you should be able to understand the practical steps that it mandates, and its meaning for the IoT industry as a whole.
Leo Dorrendorf
12 min read
IoT Ecosystem
December 11, 2019
Device Security - Monthly Newsletter - December 2019
Amazon has to fix its devices again, while D-Link simply adds them to the "no fix" list. Palo Alto Networks found a severe Docker vulnerability, and in Israeli researcher found control panels for aircraft warning lights that were open on the internet!
Monthly Newsletter
17 min read
Vulnerability Research
December 3, 2019
Exploiting custom protocol handlers in Windows
In this article we focus on the mechanism for custom protocol handling in Windows and how it can be exploited using a simple command injection vulnerability, so our readers can avoid making such mistakes when implementing protocol handlers.
Andrey Polkovnychenko
19 min read
IoT Ecosystem
November 19, 2019
Device Security - Monthly Newsletter - November 2019
The discovery of another Gafgyt (AKA Bashlight) variant shows the classic threat resulting from ever evolving malware, just like the many variants of the infamous Mirai.
Monthly Newsletter
17 min read