The Category5.TV Newsroom

Here are the stories we're following for the week of Wednesday October 24, 2018

Raspberry Pi's new TV add-on is out: But there's a catch for users in Canada and the US.

Raspberry Pi's new TV add-on is out: But there's a catch for users in Canada and the US.

If you've got a Raspberry Pi, you can now attach a new Raspberry Pi TV add-on to the single-board computer and then plug it into your home antenna to receive and decode digital TV streams.

Users can then watch TV using a Raspberry Pi or set it up so that the Pi streams TV content to any computer or mobile device on the same network as the TV-equipped Raspberry Pi.

The Raspberry Pi TV HAT has the same design as the Raspberry Zero, with the addition of an aerial adapter to plug into a TV antenna.

The TV HAT costs just $20 and can be attached to any Raspberry Pi board with a 40-pin GPIO, even the Pi Zero.

There's a catch for Raspberry Pi owners in Canada and the US though because of the HAT's built in DVB-T2 tuner. While the format has been widely deployed in Europe, Russia and the Asia Pacific, it doesn't work here.

Due to this issue and for compliance reasons, at the moment the TV HAT is only being offered in Europe. However, the Raspberry Pi Foundation says that compliance work is under way to open other DVB-T2 regions.

Source: www.zdnet.com

Sent to us by: Jeff Weston

Running a VMWare server virtualization product? It's time to check for patches as a bug in the video system allows malicious code in VMs to leap out of their guest OS and execute code on the hosting server.

Running a VMWare server virtualization product? It's time to check for patches as a bug in the video system allows malicious code in VMs to leap out of their guest OS and execute code on the hosting server.

Get busy, VMware admins and users: the virtualisation virtuoso has patched a programming blunder in ESXi, Workstation Pro and Player, and Fusion and Fusion Pro products that can be exploited by malicious code to jump from guest OS to host machine.

The bug has been designated CVE-2018-6974. The out-of-bounds read is present in the products' SVGA video device emulation, and if exploited, allows software within a guest operating system to execute code on the host machine. In other words, a hypervisor guest escape. That's enough of a privilege escalation to get the bug rated “critical” across most of the affected products.

The vulnerable versions include ESXi 6.0, 6.5 and 6.7, Workstation 14 and Fusion 10. If you run one of these products, be sure to patch to secure the exploit.

Source: www.theregister.co.uk

Sent to us by: Roy W. Nash

Eight D-Link router variants are vulnerable to complete pwnage via a combination of security blunders, and only two are going to get patched.

Eight D-Link router variants are vulnerable to complete pwnage via a combination of security blunders, and only two are going to get patched.

Despite insisting patches would be released four months ago from now, D-Link hasn't addressed the issues reported in May of this year, so the security researcher who found them is releasing them to the public. That spells danger for D-Link device users.

For some of the affected devices there will not be patches. The vulnerable units are all in D-Link's DWR range: the DWR-116, -140, -512, -640, -712, -912, -921, and DWR-111. Most of these will be left unpatched because D-Link has said they're end-of-life; only the DWR-116 and 111 would be fixed.

The full compromise of these devices arises from a cascade of several vulnerabilities. They require access to the device's web-based settings panel, either on the local network or from the internet, depending on the configuration.

Data that can be accessed by the attacker include password files, and guess what? – yes, there are passwords stored in plaintext. The administrative password can be found in cleartext form in a temporary file.

The exploit also allows an attacker the ability to log into the router to inject shell commands into the routers' HTTP web server.

Keep an eye out for patches, if they ever turn up. You may want to turn to a new firmware or even replace your router if one doesn't exist.

Source: www.theregister.co.uk

Sent to us by: Roy W. Nash

Hardkernel has unveiled the Odroid-H2: the first hacker board with an Intel Gemini Lake system on a chip.

Hardkernel has unveiled the Odroid-H2: the first hacker board with an Intel Gemini Lake system on a chip.

The Ubuntu 18.10-driven single board computer will ship with 2 SATA 3.0 ports, 2 gigabit Ethernet ports, HDMI and Displayport, 4 USB ports, and if that's not impressive enough for you, it has an M.2 slot for NVMe storage.

When the Odroid-H2 goes on sale in November at a price that will be “higher than $100,” Hardkernel will join a small group of vendors that have launched a community backed x86-based SBC.

The Odroid project had hoped to be launching its second or third-gen x86 board by now. In 2015, the project started working on an Odroid-H SBC, however there were problems with RAM sourcing and the overall cost of manufacturing it was too high.

In 2016, the company built an Odroid-H1, based on an Intel Braswell Celeron N3160. The board was successfully used in a dedicated project, but Hardkernel decided not to release it publicly due to RAM shortages and concerns that the processor was no longer competitive. They considered an AMD Ryzen 5 2500U, but it was too expensive.

Then Intel announced Gemini Lake at the end of last year, which seemed to be just right. Hardkernel says, “It was slower than Ryzen but much faster than Intel Apollo Lake, and the price was reasonable.”

One argument for x86 hacker boards is that Linux drivers tend to work more reliably than on a typical Arm board. The downsides are high price and high power consumption. However, the Odroid project is claiming a reasonable 14W consumption under CPU stress and a 4W idle.

Earlier this year, Hardkernel had another false start with an Odroid-N1 board, once again due to RAM sourcing issues.

With the Odroid-H2 launch set for only a few weeks away, we’re confident that the third time around the x86 merry-go-round will be the charm. Hardkernel may need to work on its supply chain management, but it tends to make high quality, well supported boards backed up by a thriving community.

The Odroid-H2 will ship with Ubuntu 18.10 which was just released last week.

Source: linuxgizmos.com

Sent to us by: Roy W. Nash