Making Braille Signs out of PCBs

Making Braille Signs out of PCBs

http://ift.tt/2z33eMU

[jg] recently passed some damaged Braille signs and took on the challenge of repairing them. Informed by his recent work on PCB lapel pins, [jg] immediately thought of using circuit boards for this project. He’d noticed that round solder pads made for uniform hills of solder, and this reminded him of the bumps in Braille.

He began by reading up on the standards of the Braille Authority of North America, which stipulates a dot height of 0.6mm. He loaded up the PharmaBraille font system and laid it out the dots in photoshop, then and imported it into KiCad and laid out the boards. When the PCBs had arrived from OSH Park, [jg] soldering up the pads (lead free, but of course) to see if he could get the hills to 0.6mm. He’s experimenting with different methods of melting the solder to try to get more even results.

Braille interfaces crop up a surprising amount in hacker projects. This refreshable Braille display and keyboard and the Braigo LEGO Braille printer are prime examples.

[thanks, Drew!]

Filed under: misc hacks

Security News

via Hackaday https://hackaday.com

October 31, 2017 at 07:00PM

CVE-2017-1000257

CVE-2017-1000257

http://ift.tt/2gSBtvw

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because
they may have information that would be of interest to you. No inferences should be drawn on account of other sites
being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose.
NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,
NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about
this page to nvd@nist.gov.

Technical Details

Vulnerability Type
(View All)

Security News

via National Vulnerability Database http://ift.tt/OD63ZH

October 31, 2017 at 06:26PM

CVE-2017-1000382

CVE-2017-1000382

http://ift.tt/2lxBDxy

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because
they may have information that would be of interest to you. No inferences should be drawn on account of other sites
being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose.
NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,
NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about
this page to nvd@nist.gov.

Technical Details

Vulnerability Type
(View All)

Security News

via National Vulnerability Database http://ift.tt/OD63ZH

October 31, 2017 at 06:26PM

CVE-2017-1000383

CVE-2017-1000383

http://ift.tt/2yjTsXb

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because
they may have information that would be of interest to you. No inferences should be drawn on account of other sites
being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose.
NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,
NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about
this page to nvd@nist.gov.

Technical Details

Vulnerability Type
(View All)

Security News

via National Vulnerability Database http://ift.tt/OD63ZH

October 31, 2017 at 06:26PM

Popular ‘Circle with Disney’ Parental Control System Riddled With 23 Vulnerabilities

Popular ‘Circle with Disney’ Parental Control System Riddled With 23 Vulnerabilities

http://ift.tt/2yiMFwM

The makers of the popular parental control system called Circle with Disney patched 23 vulnerabilities over the weekend. The bugs ran the gamut from memory corruption and denial of service, to SSL validation vulnerabilities and impact all devices managed on a network.

Circle with Disney is a $90 device made in partnership by Disney Interactive and Circle Media, introduced last year. It pairs wirelessly to a home Wi-Fi network and allows parents to manage devices on the network such as tablets, TVs or laptops. The affected model is Circle with Disney 2.0.1. Users are urged to patch devices, however Circle said patches were pushed out to connected devices over this past weekend.

User use iOS or Android apps to manage networked devices. However, it isn’t clear whether the iOS and Android devices running the apps are also vulnerable to attack.

“Through these exploitable vulnerabilities, a malicious attacker could gain various levels of access and privilege,” wrote Cisco Talos researchers who worked with Circle Media to mitigate against the near two-dozen vulnerabilities.

Of those flaws, one vulnerability (CVE-2017-12087) received a CVSS score of 10, the highest you can get. That was for a Tinysvcmdns Multi-label DNS Heap Overflow Vulnerability, according to Cisco Talos.

“An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability,” researchers wrote.

Another bug, a command injection vulnerability (CVE-2017-2917), has a CVSS rating of 9.9. “An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability,” according to a Cisco Talos researcher.

One particularly menacing vulnerability (CVE-2017-12085), in the Circle Media with Disney software, could allow hackers to effectively use the Circle cloud infrastructure to attack other customer devices.

In total, 17 of the 23 CVSS scores were ranked 9.0 or higher. Successful attacks could of given adversaries the “ability to alter network traffic, execute arbitrary remote code, inject commands , install unsigned firmware, accept a different certificate than intended, bypass authentication, escalate privileges, reboot the device, install a persistent backdoor, overwrite files, or even completely brick the device,” Cisco Talos researchers.

“If an attacker were to gain access, a family’s online activity could be monitored and controlled from a malicious outside source, potentially putting the family’s personal information at risk,” wrote researchers.

Vulnerability disclosures by Cisco Talos to Circle Media occurred over several months this summer. The coordinated public disclosure was Oct. 31. Many Cisco Researchers are credited for finding the bugs including Marcin Noga, Cory Duplantis, Yves Younan, Claudio Bozzato, Lilith Wyatt, Aleksandar Nikolic and Richard Johnson.

Security News

via Threatpost | The first stop for security news http://threatpost.com

October 31, 2017 at 05:37PM

Vuln: HP ArcSight ESM and ArcSight ESM Express CVE-2017-14356 SQL Injection Vulnerability

Vuln: HP ArcSight ESM and ArcSight ESM Express CVE-2017-14356 SQL Injection Vulnerability

http://ift.tt/2yjAv6Y

HP ArcSight ESM and ArcSight ESM Express CVE-2017-14356 SQL Injection Vulnerability

Bugtraq ID: 101627
Class: Input Validation Error
CVE:

CVE-2017-14356

Remote: Yes
Local: No
Published: Oct 31 2017 12:00AM
Updated: Oct 31 2017 12:00AM
Credit: Cosmin Maier from Zeroday.PRO Threat Research Lab
Vulnerable:

HP ArcSight ESM Express 6.0

HP ArcSight ESM 6.8

HP ArcSight ESM 6.5

HP ArcSight ESM 6.0

Not Vulnerable:

HP ArcSight ESM Express 6.9.1c Patch 4

HP ArcSight ESM Express 6.11.0 Patch 1

HP ArcSight ESM 6.9.1c Patch 4

HP ArcSight ESM 6.11.0 Patch 1

Security News

via SecurityFocus Vulnerabilities http://ift.tt/Y0pFEv

October 31, 2017 at 05:36PM

Vuln: McAfee Network Data Loss Prevention CVE-2017-3933 Unspecified Cross Site Scripting Vulnerability

Vuln: McAfee Network Data Loss Prevention CVE-2017-3933 Unspecified Cross Site Scripting Vulnerability

http://ift.tt/2lAE2rB

McAfee Network Data Loss Prevention CVE-2017-3933 Unspecified Cross Site Scripting Vulnerability

Bugtraq ID: 101628
Class: Input Validation Error
CVE: CVE-2017-3933
Remote: Yes
Local: No
Published: Oct 31 2017 12:00AM
Updated: Oct 31 2017 12:00AM
Credit: State Bank Of India.
Vulnerable: McAfee Network Data Loss Prevention 9.2.2
McAfee Network Data Loss Prevention 9.2.1
McAfee Network Data Loss Prevention 9.3
McAfee Network Data Loss Prevention 9.2.0
McAfee Network Data Loss Prevention 9.1
McAfee Network Data Loss Prevention 9.0
McAfee Network Data Loss Prevention 8.6
Not Vulnerable: McAfee Network Data Loss Preventation 9.3.4.1.5

Security News

via SecurityFocus Vulnerabilities http://ift.tt/Y0pFEv

October 31, 2017 at 05:36PM

Vuln: Trihedral Engineering Limited VTScada ICSA-17-304-02 Multiple Local Security Vulnerability

Vuln: Trihedral Engineering Limited VTScada ICSA-17-304-02 Multiple Local Security Vulnerability

http://ift.tt/2yjDGeQ

Trihedral Engineering Limited VTScada ICSA-17-304-02 Multiple Local Security Vulnerability

Bugtraq ID: 101629
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Oct 31 2017 12:00AM
Updated: Oct 31 2017 12:00AM
Credit: Karn Ganeshen and Mark Cross.
Vulnerable: Trihedral Engineering Limited VTScada 11.3.3
Trihedral Engineering Limited VTScada 11.3.2
Not Vulnerable: Trihedral Engineering Limited VTScada 11.3.5

Security News

via SecurityFocus Vulnerabilities http://ift.tt/Y0pFEv

October 31, 2017 at 05:36PM

BrandPost: Where Emerging Cybersecurity Technology Fits in Your Business

BrandPost: Where Emerging Cybersecurity Technology Fits in Your Business

http://ift.tt/2gQUw9G

Where Emerging Cybersecurity Technology Fits in Your Business   

By Charles Cooper

As 2017 enters the final stretch, security professionals still find themselves locked in a furious battle with hackers.

Some 80 percent of the IT and security executives surveyed for the most recent AT&T Cybersecurity Insights report said their organizations came under attack during the previous 12 months. The percentage soars to 96 percent for companies in the technology industry.

All the more reason why enterprise defenders are under acute pressure to create multiple layers of defense, detection and mitigation to withstand future attacks. But what worked in the past is no guarantee it will work in the future. This is a threat landscape that is fluid and changes from one year to the next.

Tool Up for the Long Haul

In the end, a good cyberdefense strategy depends on making hard decisions that correctly match investments against an organization’s risk profile. There’s never a one-size-fits-all solution, but the approach should start with the recognition that breaches are inevitable. Then it’s up to management to select countermeasures that will mitigate potential damage, all the while ordering steps to routinely tighten up vulnerabilities in order to reduce the risk of a devastating attack.

The stakes are as high as ever: Ponemon Institute estimates the average cost of a data breach in 2017 at $3.6 million. But in the AT&T report, 65 percent of the executives surveyed expressed confidence about their ability to handle cybersecurity challenges in the coming year.  

Also, more than two-thirds (70 percent) of them said they plan to increase their investments in next-generation security technologies, including threat analytics, cloud security solutions and machine learning.

 New skills will clearly be in high demand as organizations seek to deploy next-generation technologies in areas such as cloud security, data science and analytics. And as more information gets pumped out daily, artificial security intelligence will become increasingly important.

Clearly, those new tools and techniques would not only come in handy against their adversaries. They can also help bridge gaps in their cybersecurity defenses exacerbated by a nagging skills shortage. But what if they don’t have the personnel to deploy them?

Half of the organizations surveyed by AT&T indicated they plan to increase their security staffs over the next 12 months. However, talent has never been as tough to come by. The U.S. has a reported skills gap of 300,000 cybersecurity experts. The shortage is particularly evident when it comes to threat prevention, threat detection and threat analysis – three of the most important areas of any cyberdefense.

Even those organizations that lean heavily toward security technology can be hard-pressed to stay abreast of the rapid advances in security defense because of the state of the IT jobs marketplace.

In the interim, one option is to increase the use of outside consultants and managed service providers, who can provide the needed next-gen capabilities to deal with this ever-changing constellation of cyberthreats.

These specialists are able to attract top-of-the-line talent and can implement cutting-edge security technologies rapidly. They also can deploy analytics that generate deep insights about the overall threat landscape – knowledge that can be shared with all of their customers to strengthen their own defensive postures.

Read the AT&T Cybersecurity Insights report Mind the Gap: Cybersecurity’s Big Disconnect. Learn more about how your organization can minimize gaps its cybersecurity strategy.

Charles Cooper has covered technology and business for the past three decades. All opinions expressed are his own. AT&T has sponsored this blog post.

Security News

via CSO Online http://ift.tt/2gDzvif

October 31, 2017 at 04:40PM

CVE-2017-10940

CVE-2017-10940

http://ift.tt/2lBCxcm

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because
they may have information that would be of interest to you. No inferences should be drawn on account of other sites
being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose.
NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,
NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about
this page to nvd@nist.gov.

Technical Details

Vulnerability Type
(View All)

Security News

via National Vulnerability Database http://ift.tt/OD63ZH

October 31, 2017 at 04:25PM