Category Archives: Public safety

IoT, Potential Risk of CVE, Public safety

CVE-2025-68620: Signal K Server, no authentication is required, and authentication can be completely bypassed. (5th Jan 2026)

Leave a comment

NVD Published Date: 01/01/2026

Preface: Signal K’s popularity in the IoT space, especially in marine tech, is growing due to its open-source nature, enabling advanced, connected, and personalized vessel data systems, integrating with trends like AI, edge computing (via Meshtastic), and edge devices for remote monitoring and control, mirroring the broader IoT boom expected to hit 70+ billion devices by 2025.

GPS tells a ship where it is using satellites (passive location), while AIS (Automatic Identification System) is a communication system that broadcasts and receives data like who it is, where it’s going, and its position to other vessels using VHF radio (active sharing), often using GPS data as its source for location.

Background: When a client connects to a server’s event stream endpoint using a WebSocket or an HTTP request with a specific query parameter (e.g., serverevents=all), the server is designed to send all cached server events, including ACCESS_REQUEST events. 

This mechanism typically operates as follows:

Connection and Parameter Usage 

  • WebSocket: A client establishes a WebSocket connection using a URL that includes the desired query parameter, such as wss://server-address/stream?serverevents=all.
  • HTTP (Server-Sent Events): The client makes a long-lived HTTP GET request (using the EventSource API in a browser) to a similar URL, like https://server-address/stream?serverevents=all.
  • Server Logic: The server’s event handling function iterates over its internal cache of past events and writes each one to the newly connected client as part of the initial data synchronization. 

Ref: The original NMEA 2000 and automotive CAN bus protocols do not have built-in authentication or encryption requirements. The design of these standards focused on reliable data exchange and real-time performance, not cybersecurity.

Vulnerability details: When a client connects to a server event stream endpoint using a WebSocket or an HTTP request was approved .In essence, if anonymous send HTTP request with a specific query parameter (e.g., serverevents=all), the signalK-server will send all cached server events, including ACCESS_REQUEST events.

If anonymous receive the events, try and error polls those IDs. Under this try action. They have change to steals the JWT tokens (administrators approved).

Ref: Cached ACCESS_REQUEST Events – Among these cached events are ACCESS_REQUEST objects. These contain sensitive details about pending security access requests, including:

  • Request IDs
  • Client identifiers and descriptions
  • Requested permission levels (e.g., admin, read-only)
  • Client IP addresses

Remedy: SignalK-server Version 2.19.0 fixes the underlying issues

Official announcement: Please refer to the link for details –

https://nvd.nist.gov/vuln/detail/CVE-2025-68620

Public safety, Science

The relationship between the solar wind and the Earth (14-06-2025)

Leave a comment

Preface: Auroras are a visible manifestation of geomagnetic storms. Geomagnetic storms are disturbances in Earth’s magnetosphere caused by the interaction of charged particles from the sun (the solar wind) with Earth’s magnetic field. Auroras typically appear in high latitudes, including northern North America and parts of Asia.

Background: The Sun’s corona and heliosphere, while constantly present, are often unseen. The corona, the Sun’s outermost atmosphere, is extremely hot and extends far into space. This hot gas is flung outwards by the Sun, forming the solar wind, which creates the heliosphere, a bubble surrounding our solar system. In June 2025, NASA’s PUNCH (Polarimeter to the Unseen Corona and Heliosphere) mission has been actively observing coronal mass ejections (CMEs). These observations, including detailed images from the Narrow Field Imager (NFI) and Wide Field Imagers, are providing new insights into the origins and paths of CMEs, helping scientists better understand and predict space weather.

Observation: Due to the high-speed flow of the coronal hole, NASA has issued a G2 (moderate) geomagnetic storm warning on June 14.

Ref: Geomagnetic storms, disturbances in Earth’s magnetic field caused by solar activity, can impact our planet in various ways, primarily affecting technology and infrastructure. While not directly harmful to humans due to our planet’s protective magnetic field and atmosphere, they can disrupt communication systems, navigation, and power grids.

Top Stories: Please see the link for details – https://www.livescience.com/space/the-sun/friday-the-13th-solar-storm-could-bring-auroras-to-18-us-states-this-weekend

Potential Risk of CVE, Public safety

CVE-2024-10455 Reachable Assertion in BPv7 parser in µD3TN v0.14.0 allows attacker to disrupt service via malformed Extension Block (28 Oct 2024)

Leave a comment

Preface: µD3TN is a free space-tested software protocol stack for delay-tolerant networks. It runs on POSIX and Linux operating systems and can easily adapt to a variety of challenging networks. The source code is available under a BSD license.

AREAS OF APPLICATION : Car-to-X Communication ,Offshore Communication , Maritime Research , Satellite Communication and Reliable One-Way Communication.

Background: µD3TN can be accessed by the application layer via plain IPC as well as TCP sockets. µD3TN can be operated on top of different lower-layer protocols. A generic interface, called a Convergence Layer Adapter, enables the Bundle Protocol to connect heterogeneous networks.

Vulnerability details: A BPv7 bundle with a malformed extension block can trigger an assertion failure that causes the service to terminate unexpectedly. This could be used by an attacker for launching a denial of service (DoS) attack.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2024-10455

IoT, Potential Risk of CVE, Public safety

About CVE-2024-36843: libmodbus v3.1.6 design weakness (3 June 2024)

Leave a comment

Preface: Modbus is a communication protocol widely used in the field of industrial automation. It provides a standardized method for devices to communicate with each other over the network, making it an important tool for connecting and controlling various industrial equipment.

Background: libmodbus supports the following functions:

  • Support Modbus-RTU and Modbus-TCP
  • Support common function codes, such as 01/02/03/04/05/06/07/0F/10/11/16/17 Support coil type reading and writing, register reading and writing, discrete quantity reading, etc.
  • Support broadcast address 0, slave address 1-247
  • Support floating point and integer data conversion, big endian and small endian and other modes
  • Parameters are designed according to the official standard document Modbus_Application_Protocol_V1_1b.pdf, such as the maximum number of read and write coils, the maximum number of read and write registers, etc.
  • The source code is written in C, which is convenient for porting on various platforms, with only 11 files.

Vulnerability details: libmodbus v3.1.6 was discovered to contain a heap overflow via the modbus_mapping_free() function.

Official announcement: For detail, please refer to link –https://www.tenable.com/cve/CVE-2024-36843

Potential Risk of CVE, Public safety

Ccache technical matter , whether it will bring your attention? (13th Mar 2023)

Leave a comment

Preface: Multiphysics Object-Oriented Simulation Environment (MOOSE) – An open-source, parallel finite element framework.

  • Free and open source (LGPL license).
  • Large user community
  • Easy to use and customize
  • Takes advantage of high performance computing

Background: ccache is a compiler cache that speeds up recompilation by caching previous compilations and detecting when the same compilation is being done again. ccache can deliver significant speedups when developing MOOSE-based applications, or working on the framework itself.
Multiphysics Object Oriented Simulation Environment (MOOSE) is an open-source framework to facilitate solving complex real-world engineering problems.

Major components of a mesh based numerical solution technique:
1 Read the mesh from file
2 Initialize data structures
3 Construct a discrete representation of the governing equations

Security Focus: In order to use ccache with MOOSE-based applications, it will be necessary to first build libMesh using ccache. Ccache prior to 4.7.4 suffered from a design weakness of inode cache race conditions.

Solution: Upgrade to 4.7.4.

IoT, Public safety, Ransomware, Under our observation

Cyber Défense from narrow to broad  (5th Jan 2023)

Leave a comment

Preface: Sustainability is a buzzword in the modern world in recent years. It applies to business, culture…even our education. A slogan, keep learning. Maybe it’s the Cantonese mantra, One is never too old to learn. Perhaps it also apply to cyber security protection.

Background: In last twenty years, computing technology driven growth of the world. The rapid growth of telecommunication especially TCP/IP communication protocol. The invention of this technology unintended interconnect different zone and culture. The TCP/IP network protocol  empower to Industrial world transformation. So we have industrial 4.0, smart city facilities and smart home. This is the theory of sustainability. But this key word just appear in last five years.

We all concerning privacy. So European countries and union driven GDPR. Whatever data run in internet including your personal data, web browser connection cookies are fall into their protection coverage. Before that, cyber security vendor especially antivirus and cyber security protection vendor have been done predictive technology. Their way is do a passive information gathering. When incident occur with unknown cyber-attack, they will do enhancement based on your former activities log.

Cyber defence from narrow to broad  : Set up monitoring and logging of systems that trip the DNS sinkhole so that they can be investigated and remediated if they are infected with malware. Until now, such services have been run by private business owners. So if you can afford to pay for the service, you can receive updates from the online world. To avoid risking your connection, such service will integrate to your defence solution can provide protection. Perhaps this is a narrow usage.

We all know that artificial intelligence improves our lives. But they rely on data. In fact, enterprise companies, especially Amazon, Google, Cisco… are already using AI technologies in their cyber defence solutions. So their umbrella technology covers a lot. Whether it is prevention, detection or correction, it is in place. However, they are all running businesses and thus have not disclosed their technology to the public.

But when will generalized artificial intelligence develop. For example, this month the cybersecurity defence vendor discovered malicious activity that can infect the operating system Linux. In fact, AI can target these activities and make predictions (see attached image).

Sustainability seems to be the definition of the big data world. The accumulation of data to the database is a long-term process. So keywords accumulate or sustainably contain similarities.

For more information about cyber-attacks against Linux environments, you can find the details at the link – https://asec.ahnlab.com/en/45182/

Public safety

The injustice invasion – Destructive Malware (28th Feb 2022)

Leave a comment

Preface: No matter what your reasons are, children are victims!

Human nature: Human desires are infinite. We may meet some of our needs, but new ones will soon emerge. Thus, scarcity explains the relationship between having unlimited demand and the problems within it.

Security Focus: The malware, known as WhisperGate, has two stages that corrupts a system’s master boot record, displays a fake ransomware note, and encrypts files based on certain file extensions.

Malware contained destructive goal and special evasion method:

  1. They targets Windows devices, manipulating the master boot record, which results in subsequent boot failure. 
    PhysicalDrive0″, GENERIC_ALL, FILE_SHARE_READ | FILE_SHARE_WRITE
  2. Once the malware running under Anti-Debug, it can adjust its usual code execution path or modify the code to cause a crash, preventing analysts’ attempts to decipher it.
    The idea is to identify the machine code of some functions for 0xCC byte which stands for INT 3 assembly instruction.

God bless the children and the families of the victims – https://youtu.be/dzPmfaWXsvE

2021, Data privacy, Public safety, Under our observation

Kubernetes Hardening Guidance by NSA & CISA (3rd Aug 2021)

Leave a comment

Preface: Docker helps to “create” containers, and Kubernetes allows you to “manage” them at runtime. What is Kubernetes Security? That is Cloud, Cluster, Container and code.

Background: Kubernetes is commonly targeted for three reasons observing by NSA and CISA. They are data theft, computational power theft, or denial of service. Cyber attacks encountered in the Kubernetes environment in 2020. Details are as follow:

Capital One – Occurring in 2019, this breach saw 30GB of credit application data affecting about 106 million people being exfiltrated.
A mis-configured firewall that allowed an attacker to query internal metadata and gain credentials of an Amazon Web Services
Docker hub – Attackers managed to plant malicious images in the Docker hub. unknowingly deployed cryptocurrency miners in the form of Docker
containers that then diverted compute resources toward mining cryptocurrency for the attacker.
Microsoft Azure – Microsoft is another organization that’s been seeing a lot of cryptojacking woes of its own. After disclosing that there was a large-scale cryptomining attack against Kubernetes cluster in Azure in April 2020.
Telsa – Automaker Tesla was one of the earlier victims of cryptojacking when a Kubernetes cluster was compromised due to an administrative
console not being password protected.(Mis-configuration)
Jenkins – Hackers managed to exploit a vulnerability in Jenkins to cryptomine to the tune of about $3.5 million, or 10,800 Monero in 18 months. In Docker’s operation environment, it was discovered that six malicious images had been collectively pulled over 2 million times, that’s 2 million users potentially mining Monero for the attacker.

To avoid similar incidents from happening – The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Technical Report, “Kubernetes Hardening Guidance,” Primary actions include the scanning of containers and Pods for vulnerabilities or mis-configurations, running containers and Pods with the least privileges possible, and using network separation, firewalls, strong authentication, and log auditing. Please refer to the link for details – https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/

Application Development, IoT, Public safety

32-bit design limitation (0x7ffffffff). Another episode of Y2K. (23-07-2021)

Leave a comment

Preface: Because humans have destroyed the environment. Therefore, natural disasters resemble God’s punishment. In the digital world, the situation is the same. The reason for the penalty is the design weakness of the software.

Background: Perhaps the younger generation has not experienced “Y2K” technical problems because they are still children. The millennium bug is about 22 years until today. I think many people have forgotten. The digital world disaster is similar to the Old Testament description of the earth flood, and God instructed to build an ark to save the species.

Fundamental design weakness: On a 32-bit Linux system, the maximum value that time_t can represent is 0x7ffffffff. When time_t takes the maximum value, it means that the system time is 2038-01-19 03:14:07, but when the clock keep going, time_t will overflow and become A negative value. At this time, the system time will start over and the operating system and upper-layer software will run incorrectly.

IoT current status 2021: The trend by today – 8-bit and 16-bit MCUs had been the hardware of choice for IoT devices, but 32-bit MCUs are now becoming increasingly popular, leading to many manufacturers using two different powered processes in devices. Therefore, your RTOS should be scalable in order to manage any future MCU upgrades.

Reports indicate that there will be 35.82 billion IoT devices installed worldwide by 2021 and 75.44 billion by 2025.

Remedy: In order to remedy this technical limitation. Software developer require to use GNU C Library 2.32 and Musl libc 1.2 to build user space for 64-bit time_t.
Musl, a C standard library, is mainly used on operating systems based on the Linux kernel. The target is embedded systems and mobile devices. It is released under the MIT license. The author is Rich Felker. The purpose of developing this library is to write a clean, efficient, and standard-compliant C standard library.

Expectation: We pass a new challenge token to the younger generation, because they have grown up now. It’s your turn.

Potential Risk of CVE, Public safety

Is the CVE process late? Esri has managed and remedy those vulnerabilities in May 2021.

Leave a comment

Preface: When smartphones and Google Maps were born. The GIS function determines these two functions in a silent manner.

Background: Geographic Information System (GIS) plays a key role in military operations. The military uses GIS in various applications, including cartography, intelligence, battlefield management, terrain analysis, remote sensing, etc.

– Use of geospatial intelligence:The role of machine learning and GEOINT in disaster response
– Open geospatial data platform and food shortage
– Interoperability of GEOINT applications and military data
– The role of data management in crisis mapping

Vulnerability details: There are vulnerabilities announcement of GIS server on 11th Jul, 2021. Whereby those vulnerability has been addressed by ESRI on May, 2021. Seems the details of two announcement are similar and believed that both are describe the same matters. In fact, designated vulnerabilities are common vulnerabilities in OWASP Top 10. However, the applicability of GIS is becoming more and more important for human life and daily use. So we should seriously consider it.

Official announcement – https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-1-patch/