AUSTIN, Texas – Oct. 13, 2010 – Freescale Semiconductor announced today it is offering expanded security capabilities for its MQX™ real-time operating system (RTOS) by integrating source code versions of Mocana’s NanoSSL™ and NanoSSH™ software. Freescale customers can download and unlock special MQX-optimized versions of Mocana’s code for just $199 (USD) through Freescale and redistribute an unlimited number of binary copies in their own solutions, royalty-free.
Through this offering, embedded developers will have access to fully supported commercial cryptography solutions with instant online access to source-code versions of the NanoSSL and NanoSSH client software products. Integrated into Freescale’s Processor Expert configuration tool, NanoSSL and NanoSSH allow easy implementation and customization through embedded components and do not require crypto expertise on the part of the developer.Read More
DUI defendants are asking courts to mandate source code reviews on the software that runs breathalyzer devices to determine if bugs or malware is present. While it’s easy to see how this tactic would be employed in attempts to get charges reduced or dropped, the more serious issue could be the device failing to detect when a person is under the influence, thus sending them back on the road. Two independent reviews weigh in, according to an Ars Technica article.
The reviews differ in scope and offer different conclusions, but they both agree that the code falls below industry-standard best practices and that it contains bugs. The [Base One] report identifies 24 major defects and points to a wide range of troubling issues. The analysts discovered that the embedded software disables safeguard features built into the device's processor that are intended to detect and prevent the execution of invalid or corrupt instructions. The researchers contend that this circumvention can lead to unpredictable results in the event of fatal errors.
In his blog, security expert Bruce Schneier further notes:Read More
Designed for engineers and developers, this free, 60-minute course provides an introduction to embedded systems security including what could happen if your security is compromised and methods to prevent this from happening. Don't miss it! Content includes:Read More