Computers and cellphones can do so many things, but sometimes if you want to doodle or take a note, pencil and paper is the superior technology. You could carry a device and a pocket notebook, or you could combine the best of analog and digital with the KeyMo.

[NuMellow] wanted a touchpad in addition to a keyboard for his portable terminal since he felt Raspbian wouldn’t be so awesome on a tiny touchscreen. With a wider device than something like Beepy, and a small 4″ LCD already on hand, he realized he had some space to put something else up top. Et voila, a cyberdeck with a small notebook for handwritten/hand drawn information.

The device lives in a 3D printed case, which made some iterations on the keyboard placement simpler, and [NuMellow] even provided us with actual run time estimates in the write-up, which is something we often are left wondering about in cyberdeck builds. If you’re curious, he got up to 7.5 hours on YouTube videos with the brightness down or 3.5 hours with it at maximum. The exposed screen and top-heaviness of the device are areas he’s pinpointed as the primary cons of the system currently. We hope to see an updated version in the future that addresses these.

If you’d like to check out some other rad cyberdecks, how about a schmancy handheld, one driven by punch cards in a child’s toy, or this one with a handle and a giant scroll wheel?

hackaday.com/2025/07/24/keymo-…

After World War II, as early supersonic military aircraft were pushing the boundaries of flight, it seemed like a foregone conclusion that commercial aircraft would eventually fly faster than sound as the technology became better understood and more affordable. Indeed, by the 1960s the United States, Britain, France, and the Soviet Union all had plans to develop commercial transport aircraft capable flight beyond Mach 1 in various stages of development.
Concorde on its final flight
Yet today, the few examples of supersonic transport (SST) planes that actually ended up being built are in museums, and flight above Mach 1 is essentially the sole domain of the military. There’s an argument to be made that it’s one of the few areas of technological advancement where the state-of-the-art not only stopped moving forward, but actually slid backwards.

But that might finally be changing, at least in the United States. Both NASA and the private sector have been working towards a new generation of supersonic aircraft that address the key issues that plagued their predecessors, and a recent push by the White House aims to undo the regulatory roadblocks that have been on the books for more than fifty years.

The Concorde Scare

Those with even a passing knowledge of aviation history will of course be familiar with the Concorde. Jointly developed by France and Britain, the sleek aircraft has the distinction of being the only SST to achieve successful commercial operation — conducting nearly 50,000 flights between 1976 and 2003. With an average cruise speed of around Mach 2.02, it could fly up to 128 passengers from Paris to New York in just under three and a half hours.

But even before the first paying passengers climbed aboard, the Concorde put American aircraft companies such as Boeing and Lockheed into an absolute panic. It was clear that none of their SST designs could beat it to market, and there was a fear that the Concorde (and by extension, Europe) would dominate commercial supersonic flight. At least on paper, it seemed like the Concorde would quickly make subsonic long-range jetliners such as the Boeing 707 obsolete, at least for intercontinental routes. Around this time, the Soviet Union also started developing their own SST, the Tupolev Tu-144.

The perceived threat was so great that US aerospace companies started lobbying Congress to provide the funds necessary to develop an American supersonic airliner that was faster and could carry more passengers than the Concorde or Tu-144. In June of 1963, President Kennedy announced the creation of the National Supersonic Transport program during a speech at the US Air Force Academy. Four years later it was announced that Boeing’s 733-390 concept had been selected for production, and by the end of 1969, 26 airlines had put in reservations to purchase what was assumed to be the future of American air travel.
Boeing’s final 2707-300 SST concept shared several design elements with the Concorde. Original image by Nubifer.
Even for a SST, the 733-390 was ambitious. It didn’t take long before Boeing started scaling back the design, first deleting the complex swing-wing mechanism for a fixed delta wing, before ultimately shrinking the entire aircraft. Even so, the redesigned aircraft (now known as the Model 2707-300) was expected to carry nearly twice as many passengers as the Concorde and travel at speeds up to Mach 3.

A Change in the Wind

But by the dawn of the 1970s it was clear that the Concorde, and the SST concept in general, wasn’t shaping up the way many in the industry expected. Even though it had yet to make its first commercial flight, demand for the Concorde among airlines was already slipping. It was initially predicted that the Concorde fleet would number as high as 350 by the 1980s, but by the time the aircraft was ready to start flying passengers, there were only 76 orders on the books.

Part of the problem was the immense cost overruns of the Concorde program, which lead to a higher sticker price on the aircraft than the airlines had initially expected. But there was also a growing concern over the viability of SSTs. A newer generation of airliners including the Boeing 747 could carry more passengers than ever, and were more fuel efficient than their predecessors. Most importantly, the public had become concerned with the idea of regular supersonic flights over their homes and communities, and imagined a future where thunderous sonic booms would crack overhead multiple times a day.

Although President Nixon supported the program, the Senate rejected any further government funding for an American SST in March of 1971. The final blow to America’s supersonic aspirations came in 1973, when the Federal Aviation Administration (FAA) enacted 14 CFR 91.817 “Civil Aircraft Sonic Boom” — prohibiting civilian flight beyond Mach 1 over the United States without prior authorization.

In the end, the SST revolution never happened. Just twenty Concorde aircraft were built, with Air France and British Airways being the only airlines that actually went through with their orders. Rather than taking over as the standard, supersonic air travel turned out to be a luxury that only a relatively few could afford.

The Silent Revolution

Since then, there have been sporadic attempts to develop a new class of civilian supersonic aircraft. But the most promising developments have only occurred in the last few years, as improved technology and advanced computer modeling has made it possible to create “low boom” supersonic aircraft. Such craft aren’t completely silent — rather than creating a single loud boom that can cause damage on the ground, they produce a series of much quieter thumps as they fly.

The Lockheed Martin X-59, developed in partnership with NASA, was designed to help explore this technology. Commercial companies such as Boom Supersonic are also developing their own takes on this concept, with eyes on eventually scaling the design up for passenger flights in the future.
The Boom XB-1 test aircraft, used to test the Mach cutoff effect.
In light of these developments, on June 6th President Trump signed an Executive Order titled Leading the World in Supersonic Flight which directs the FAA to repeal 14 CFR 91.817 within 180 days. In its place, the FAA is to develop a noise-based certification standard which will “define acceptable noise thresholds for takeoff, landing, and en-route supersonic operation based on operational testing and research, development, testing, and evaluation (RDT&E) data” rather than simply imposing a specific “speed limit” in the sky.

This is important, as the design of the individual aircraft as well as the environmental variables involved in the “Mach Cutoff” effect mean that there’s really no set speed at which supersonic flight becomes too loud for observers on the ground. The data the FAA will collect from these new breed of aircraft will be key in establishing reasonable noise standards which can protect the public interest without unnecessarily hindering the development of civilian supersonic aircraft.

hackaday.com/2025/07/24/supers…

😍😍😍

youtu.be/18QQWa5MEcs?si=tFj9-s…

#marvel #Fantastic4

Immagina di aprire, come ogni sera, il bookmark del tuo forum preferito per scovare nuove varianti di stealer o l’ennesimo pacchetto di credenziali fresche di breach. Invece della solita bacheca di annunci, ti appare un banner con tre loghi in bella vista: la Brigata francese per la lotta alla cyber‑criminalità, il Dipartimento Cyber dell’intelligence ucraina ed Europol.

Sotto, una scritta secca: «Questo dominio è stato sequestrato». Così è calato il sipario su XSS.IS, la sala d’aste clandestina che per dodici anni ha fatto incontrare sviluppatori di malware, broker di accessi e affiliati ransomware.

Quello che segue non è soltanto il racconto di un blitz all’alba: è la storia di un’indagine a orologeria che, in quattro anni, ha trasformato log di chat cifrate e transazioni Bitcoin in un mandato d’arresto internazionale. È il viaggio dietro le quinte di un’operazione che, colpendo l’infrastruttura e la fiducia, ha dato uno scossone a tutto il mercato nero del cyber‑crime. Se credi che un forum oscuro sia al riparo da occhi indiscreti, questa storia potrebbe farti cambiare idea.

L’indagine francese prende forma (2021‑2023)

Quando, il 2 luglio 2021, la Procura nazionale francese per la criminalità informatica (JUNALCO) apre un dossier su XSS.SI, l’obiettivo è capire come quel forum riesca a restare online malgrado continui riferimenti a estorsioni e intrusioni contro aziende francesi. Gli investigatori della Brigata per la lotta alla cybercriminalità della Préfecture de Police (BL2C) cominciano dal basso: enumerano DNS, analizzano certificati TLS “freschi” e ricostruiscono una mappa di server bullet‑proof in Olanda, Russia e Malesia.

L’intuizione chiave arriva quando un analista nota che, ogni volta che un grosso affare viene concluso sul forum, parecchi utenti citano lo stesso dominio Jabber, thesecure.biz. BL2C chiede al giudice istruttore di monitorare quel server: non un’acquisizione massiva, ma un “log chirurgico” delle chat usate dallo staff. L’ordinanza di intercettazione svela i turni di lavoro dell’amministratore – sempre fra le 9 e le 18 di Kiev – e soprattutto i wallet Bitcoin su cui confluiscono le commissioni del 3 % trattenute sugli escrow (AP News, SecurityWeek).

A fine 2023 il fascicolo è già una pila di prove tecniche: indirizzi IP, timestamp, importi in criptovaluta, screenshot di back‑end e perfino gli hash dei backup automatici salvati dall’admin su un NAS remoto.

Dal nickname al passaporto (2023‑2025)

Individuare il vero nome dietro al nickname richiede pazienza. Europol – entrata in scena con il suo European Cybercrime Centre – incrocia tre famiglie di dati:

• Open‑source e leak: avatar riutilizzati in forum minori, vecchi commit su GitHub e una PGP‑key del 2014 generata a Kyiv.
• Stilometria: gli esperti di linguistica forense confrontano grammatica, emoji e lunghezza media delle frasi con migliaia di post di XSS e con i suddetti commit: la corrispondenza supera il 90 %.
• Follow‑the‑money: grazie a un ordine europeo di indagine, due exchange forniscono i dati Know‑Your‑Customer di chi ha convertito BTC in Tether e poi in contanti presso un chiosco cripto di Kyiv. Le cifre coincidono con i guadagni dell’admin stimati in oltre 7 milioni di euro (Reuters, CyberScoop).

Quando la sicurezza interna ucraina (Služba Bezpeky Ukraïny, Dipartimento Cyber) verifica che l’uomo abita davvero nel quartiere indicato dall’analisi, le tessere del puzzle combaciano.

L’alba del 22 luglio 2025

Alle 06:00 del mattino, gli agenti della SBU suonano alla porta di un appartamento al quarto piano di un condominio di Kyiv. All’interno vengono trovati un portatile Linux, un NAS Synology e due token FIDO: il tutto viene clonato sul posto con kit forensi portatili Europol. Le frasi‑pass – scritte a mano su un taccuino – permettono di decifrare i dischi prima ancora che l’indagato raggiunga la centrale di polizia.

In parallelo, i registrar che gestiscono xss.is ricevono un ordine di sequestro francese, controfirmato da Europol, e reindirizzano il DNS verso un server a Parigi con il banner di presa in carico. Lo stesso succede al nodo Jabber: il traffico residuo confluisce in un sinkhole sotto controllo della polizia, utile per mappare affiliati ignari che tentano di collegarsi (Hackread, Ars Technica).

Nel giro di due ore il forum scompare dal web e il presunto amministratore – un trentacinquenne ucraino – è in custodia cautelare con accuse di associazione a delinquere, estorsione e riciclaggio di denaro.

Timeline sintetica

Gli “sportelli bancari” del dark‑web

Se XSS era la piazza, il suo vero tesoro era il servizio di escrow: un amministratore‑garante che custodiva i fondi finché compratore e venditore non dichiaravano “ok, tutto a posto”. Commissione fissa: 3 % – a volte 5 % per le vendite più rischiose (securitymagazine.com, ReliaQuest). Il pagamento avveniva in Bitcoin, l’ok finale via Jabber. È lo stesso modello che vediamo su Exploit e WWH‑Club, ma XSS aveva due plus: arbitri veloci (entro 24 ore) e un canale “VIP” per transazioni sopra i 50 000 dollari.

Un altro indizio: anche thesecure.biz è irraggiungibile

Anche thesecure.biz – il server Jabber usato dallo staff di XSS per gestire le dispute e gli escrow – risulta completamente offline. Una semplice “multiloc check” (vedi screenshot) mostra timeout da tutti i nodi di test, dall’Australia alla Finlandia: nessuna risposta HTTP, nessun banner sostitutivo, soltanto silenzio di rete.

Dentro il database sequestrato

Secondo fonti vicine all’inchiesta, il dump recuperato nel blitz contiene:

• 13 TB di post, messaggi privati e log Jabber;
• 93 000 escrow chiusi (2019‑2025) con importi e wallet associati;
• oltre 1 000 arbitrati con prove di truffe interne (screenshot, file crittati, PGP‑sign).

Per le forze dell’ordine è oro puro: incrociando i wallet con le blacklist di Chainalysis e il database di reclami antiriciclaggio, è possibile risalire a broker di accessi, sviluppatori di ransomware e persino mule che riciclavano il denaro. Gli incident‑responders, invece, potranno avvisare le aziende i cui dati compaiono tra i “pacchetti” venduti: un’occasione rara per chiudere la filiera degli attacchi prima che si concretizzino.

Domino effect: i forum tremano

Con XSS offline, i flussi migrano su Exploit e su piccoli canali Telegram. Ma la “garanzia” manca: aumentano le truffe, come dimostrano i primi thread di scam‑report pubblicati su Exploit meno di 48 ore dopo il sequestro. È la stessa dinamica vista dopo i blitz contro Genesis Market (aprile 2023) e BreachForums (2023‑2024): senza un arbitro credibile, il dark‑web diventa Far West e i margini di profitto crollano (Ministero della Giustizia, CyberScoop).

Uno sguardo al futuro

• Indagini a cascata – Come per Genesis, il banner di sequestro potrebbe presto invitare gli utenti a “farsi vivi” in cambio di uno sconto di pena.
• Forum più piccoli, più privati – Gli operatori migreranno su reti Tox, session “ghost” in Matrix e canali Telegram one‑to‑one.
• Escrow decentralizzati – Si parla già di smart‑contract su blockchain anonime per non dipendere da un singolo garante. Ma la storia insegna che, senza fiducia umana, i contratti automatici durano poco.

Conclusione

Il sequestro di XSS non è solo un arresto in più: è un attacco diretto al meccanismo di fiducia che sorregge i mercati criminali. Senza escrow, il dark‑web rischia di implodere in micro‑comunità sospettose. E ogni nuova micro‑community sarà, a sua volta, un bersaglio più facile da infiltrare.

Fonti utilizzate per questo articolo

Europol, Reuters, Associated Press, SecurityWeek, Infosecurity‑Magazine, CyberScoop, ReliaQuest, Digital Shadows, Department of Justice (Genesis Market), Trend Micro (Operation Cronos), Europol (Operation Endgame) (AP News, Reuters, CyberScoop, SecurityWeek, Europol, trendmicro.com, Ministero della Giustizia, ReliaQuest)

L'articolo XSS.IS messo a tacere! Dentro l’inchiesta che ha spento uno dei bazar più temuti del cyber‑crime proviene da il blog della sicurezza informatica.

redhotcyber.com/post/xss-is-me…

There are a ton of Bluetooth speakers on the market. Just about none of them have any user-serviceable components or replacement parts available. When they break, they’re dead and gone, and you buy a new one. [Jonathan Mueller-Boruttau] wrote in to tell us about the latest speaker from Teufel Audio, which aims to break this cycle. It’s a commercial product, but the design files have also been open sourced — giving the community the tools to work with and maintain the hardware themselves.

The project is explained by [Jonathan] and [Erik] of Teufel, who were part of the team behind the development of the MYND speaker. The basic idea was to enable end-user maintenance, because the longer something is functioning and usable, the lower its effective environmental footprint is. “That was why it was very important for us that the MYND be very easy to repair,” Erik explains. “Even users without specialist knowledge can replace the battery no problem.” Thus, when a battery dies, the speaker can live on—versus a regular speaker, where the case, speakers, and electronics would all be thrown in the garbage because of a single dead battery. The case was designed to be easy to open with minimal use of adhesives, while electronic components used inside are all readily available commercial parts.

Indeed, you can even make your own MYND if you’re so inclined. Firmware and hardware design files are available on GitHub under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license for those looking to repair their speakers, or replicate them from the ground up. The company developed its own speaker drivers, but there’s nothing stopping you from using off-the-shelf replacements if so desired.

It’s a strategy we expect few other manufacturers to emulate. Overall, as hackers, it’s easy to appreciate a company making a device that’s easy to repair, rather than one that’s designed to frustrate all attempts made. As our own Jenny List proclaimed in 2021—”You own it, you should be able to fix it!” Sage words, then as now!

hackaday.com/2025/07/24/teufel…