Long before we had internet newsfeeds or Twitter, Ceefax delivered up-to-the-minute news right to your television screen. Launched by the BBC in 1974, Ceefax was the world’s first teletext service, offering millions of viewers a mix of news, sports, weather, and entertainment on demand. Fast forward 50 years, and the iconic service is being honored with a special exhibition at the Centre for Computing History in Cambridge.

At its peak, Ceefax reached over 22 million users. [Ian Morton-Smith], one of Ceefax’s original journalists, remembers the thrill of breaking stories directly to viewers, bypassing scheduled TV bulletins. The teletext interface, with its limited 80-word entries, taught him to be concise, a skill crucial to news writing even today.

We’ve talked about Ceefax in the past, including in 2022 when we explored a project bringing Ceefax back to life using a Raspberry Pi. Prior to that, we delved into its broader influence on early text-based information systems in a 2021 article.

But Ceefax wasn’t just news—it was a global movement toward interactive media, preceding the internet age. Services like Viditel and the French Minitel carried forward the idea of interactive text and graphics on screen.

hackaday.com/2024/09/30/ceefax…

YouTuber [MechPanda] has recreated a DIY STM hack we covered about ten years ago, updating it to be primarily 3D-printed, using modern electronics, making it much more accessible to many folks. This simple STM setup utilises a piezoelectric actuator constructed by deliberately cutting a piezo speaker into four quadrants. With individual drive wires attached to the four quadrants. They (re)discovered that piezoelectric ceramic materials are not big fans of soldering heat. Still, in the absence of ultrasonic welding equipment, they did manage to get some wires to take to the surface using low-temperature solder paste.
As you can tell, you can only image conductive samples
They glued a makeshift probe holder on the rear side of the speaker actuator, which was intended to take a super sharp needle-like piece of tungsten wire. Putting the wire in tension and cutting at a sharp angle makes it possible with many attempts to get some usable points. Usable, in this instance, means sharp down the atomic level. The sample platform, actuator mount and all the connecting parts are 3D-printed with PA-CF. This is necessary to achieve enough mechanical stability with normal room temperature fluctuations. Three precision screws are used to level the two platforms in a typical kinematic mount structure, which looks like the only hard-to-source component. A geared stepper motor attached to the probe platform is set up to allow the probe to be carefully advanced towards the sample surface.
Graphite is not orange. This is a false-colour image!
The next issue concerns vibration damping of the whole assembly. This was achieved with a simple hanging sprung platform, damped using an aluminium plate and magnets mounted underneath—a simple and effective eddy-current damper setup. For the electronics, a Teensy 4.1 runs the show, driving the four quadrants via a brace of AD5761 serial DACs and a few summing amplifiers. Three DACs generate the X, Y and Z signals, which are sent to the quadrants as Z+/-X and Z+/-Y, and the fourth DAC generates a sample bias signal. The tunnelling current picked up by the probe tip is first sent to a preamplifier constructed using a very high gain transconductance (current-to-voltage) amplifier. However, the part used was not identified. The whole assembly is electrically shielded with metallic tape, including the cable running down the main analog board, which hosts an LTC2326 ADC that can handle the bipolar differential signal being fed to it. The software was programmed using the Arduino stack for ease of use. The reason for the high-speed micro is the need to control the scanning signals based on the measured tunnelling current to form a control loop. We didn’t dig into precisely how that works! As can be seen from the video, they managed to get some quite decent images of the surface of a freshly peeled HOPG (graphite) lab specimen, so the setup works, and the noise sources are under control.

To read along, check out the project GitHub page, but more importantly, the original project by [Dan Berard.]

youtube.com/embed/7N3OqTEq08g?…

Thanks to [rolmie] for the tip!

hackaday.com/2024/09/30/buildi…

When you think 1080p video, you probably don’t think STM32 microcontroller. And yet! [Gabriel Cséfalvay] has pulled off just that through the creative use of on-chip peripherals. Sort of.

The build is based around the STM32L4P5—far from the hottest chip in the world. Depending on the exact part you pick, it offers 512 KB or 1 Mbyte of flash memory, 320 KB of SRAM, and runs at 120 MHz. Not bad, but not stellar.

Still, [Gabriel] was able to push 1080p at a sort of half resolution. Basically, the chip is generating a 1080p widescreen RGB VGA signal. However, to get around the limited RAM of the chip, [Gabriel] had to implement a hack—basically, every pixel is RAM rendered as 2×2 pixels to make up the full-sized display. At this stage, true 1080p looks achievable, but it’ll be a further challenge to properly fit it into memory.

Output hardware is minimal. One pin puts out the HSYNC signal, another handles VSYNC. The same pixel data is clocked out over R, G, and B signals, making all the pixels either white or black. Clocking out the data is handled by a nifty combination of the onboard DMA functionality and the OCTOSPI hardware. This enables the chip to hit the necessary data rate to generate such a high-resolution display.

There’s more work to be done, but it’s neat to see [Gabriel] get even this far with such limited hardware. We’ve seen others theorize similar feats on chips like the RP2040 in the Pi Pico, too. Video after the break.

youtube.com/embed/jpltZa2un9g?…

hackaday.com/2024/09/30/doing-…

It can often feel like modern devices are less hackable than their thicker and far less integrated predecessors, but perhaps it’s just that our techniques need to catch up. Here’s an outstanding hack that adds a dual SIM slot to a US-sold eSIM iPhone 15/15 Pro, while preserving its exclusive mmwave module. No doubt, making use of the boardview files and schematics, it shows us that smartphone modding isn’t dead — it could be that we need to acknowledge the new tools we now have at our disposal.

When different hardware features are region-locked, sometimes you want to get the best of both worlds. This mod lets you go the entire length seamlessly, no bodges. It uses a lovely looking flexible printed circuit (FPC) patch board to tap into a debug header with SIM slot signals, and provides a customized Li-ion pouch cell with a cutout for the SIM slot. There’s just the small matter of using a CNC mill to make a cutout in the case where the SIM slot will go, and you’ll need to cut a buried trace to disable the eSIM module. Hey, we mentioned our skills needed to catch up, right? From there, it appears that iOS recognizes the new two SIM slots seamlessly.

The video is impressive and absolutely worth a watch if modding is your passion, and if you have a suitable CNC and a soldering iron, you can likely install this mod for yourself. Of course, you lose some things, like waterproofing, the eSIM feature, and your warranty. However, nothing could detract from this being a fully functional modkit for a modern-day phone, an inspiration for us all. Now, perhaps one of us can take a look at building a mod helping us do parts transplants between phones, parts pairing be damned.

youtube.com/embed/FHqtbzT4OMc?…

hackaday.com/2024/09/30/iphone…

The Raspberry Pi has been around for over a decade now in various forms, and we’ve become plenty familiar with the Pi Pico in the last three years as well. Still, these devices have a great deal of potential if you know where to look. If you wade beyond the official datasheets, you might even find more than you expected.

Kumar is presently a software engineer with Google, having previously worked for Analog Devices earlier in his career. But more than that, Kumar has been doing a deep dive into maxing out the capabilities of the Raspberry Pi and the Pi Pico, and shared some great findings in an excellent talk at the 2023 Hackaday Supercon.

Under The Hood

youtube.com/embed/0yNb_4VnbCI?…

Kumar begins by noting that a great many resources went into the creation of this talk. Worthy of note are Jeremy Bentham’s blog, which provided plenty of details on the Raspberry Pi and the workings of the Secondary Memory Interface (SMI). Beyond that, the Pi Pico documentation proved fruitful, as did several logic analyzer projects from out in the wild. Kumar collated this knowledge along with plenty of research, and put together a guide to some of the deeper functionality of the hardware with regards to the concept of a Pi Pico-based logic analyzer capable of running at 100 megasamples per second.
Kumar’s concept is for a hat that has an RP2040 connected to the Raspberry Pi via the SMI interface. It in turn is controlled via its debug pins.
Kumar notes the RP2040 chip at its heart has the useful Programmable I/O (PIO) subsystem, which allows for doing various I/O and data tasks quickly and efficiently. However, the chip is still limited to just 256 KB of RAM and a 1.5 MB/sec max data speed over USB. However, by combining the Pico with a Raspberry Pi 4, Kumar reckons its possible to create a 16 bit, 100 megasample/sec logic analyzer by using the right techniques. For looking at 3.3 V logic, the minimum hardware required would just be a Raspberry Pi and a single RP2040 microcontroller.

However, a little extra functionality never goes astray. Kumar talks about building a prototype HAT add-on that adds a separate LDO regulator for the RP2040, 5 V tolerant logic buffers, and an I2C input expander to create a pretty useful little logic analyzer. Kumar’s original idea was to use the Pi Pico itself, but there was a problem. With only 26 usable GPIOs, it’s not possible to get 16-bits in and out of the device very easily. Hence, the idea to use the raw RP2040 for direct access to all the necessary pins. However, there was still a problem. The PIO subsystem can only control 30 pins.
Kumar was hacking on the prototype up to the last minute.
To get around this, Kumar noted that the less-flexible SIO subsystem can control all 36 GPIO pins. Kumar found a way to use the dual cores of the Pi Pico to sample the GPIOs via the SIO hardware every clock cycle while remaining in sync. Basically, the SIO hardware samples the inputs, puts the results in RAM, and then the DMA subsystem trucks this over to the PIO. The PIO then handles clocking the data out to the attached Raspberry Pi as required. Combining this technique with overclocking the Pi Pico would help Kumar nail the 100 megasamples/sec target; at the stock clockrate, it wouldn’t be fast enough.

Things only get more complicated from there. Kumar explains issues around bus contention within the Pico, as well as how to clock data into the Pi via the SMI interface. It’s poorly documented, but Jeremy Bentham’s blog was a big help. The talk gets into the nitty gritty here, diving into the precise conditions needed to pipe lots of data out of the RP2040 and into the Pi itself. Meanwhile, the Pi itself gets control over the RP2040 via the SWD pins and GDB debugging with OpenOCD. Everything was then laced together with some code crafted with the aid of ChatGPT.
There were some kinks left to work out, with some aberrations that aren’t quite right in the data marked in red in Kumar’s testing.
By the time Supercon rolled around, Kumar was still tangling with some details. The system was passing data from RP2040 to the Raspberry Pi at 41.666 MHz, though there were some aberrations. There was work left to be done on flow control and some other details to get the thing more functional. Kumar also speculated that the Pi 5 might open up new avenues to further improve the project.

It’s always interesting to see a project that pushes the limits of existing hardware. Kumar might not have finished his project just yet, but this talk gives us a great look at the challenges you face when you start trying to truck masses of data into and out of an RP2040, and in to a Raspberry Pi to boot!

hackaday.com/2024/09/30/superc…

[Andre Me] has long-standing interest in automating 3D print jobs, and his latest project is automating build plate changes on the Bambu A1 Mini.

Here’s how it works: each build plate gets a sort of “shoe” affixed to it, with which attachments on the printer itself physically interact when loading new plates and removing filled ones.

When a print job is finished, custom G-code causes an attachment on the printer to wedge itself under the build plate and peel it off until it is freed from the magnetic bed, after which the finished plate can be pushed towards the front. A stack of fresh build plates is behind the printer, and the printer slips a new one from the bottom when needed. Again, since the printer’s bed is magnetic, all one has to do is get the new plate to reliably line up and the magnetic attraction does the rest.

Some methods of automating print jobs rely on ejecting the finished parts and others swap the print beds. [Andre]’s is the latter type and we do really like how few moving parts are involved, although the resulting system has the drawback of requiring considerably more table space than just the printer itself. Still, it’s not at all a bad trade-off.

Watch it in action in the two videos embedded below. The first shows a time-lapse of loading and ejecting over 100 build plates in a row, and the second shows the whole system in action printing bowls in different colors.

youtube.com/embed/JmvMXlC8NsI?…

youtube.com/embed/WWLAxwAwhJo?…

hackaday.com/2024/09/30/3d-pri…

A range of academics, from Turing award-winner Yoshua Bengio to PhD candidates have been named chairs and vice-chairs of working groups that will draft a Code of Practice on general-purpose artificial intelligence (GPAI), according to a Monday (30 September) Commission press release.

euractiv.com/section/tech/news…

La Commissione irlandese per la protezione dei dati (DPC) ha multato Meta Platforms Ireland Limited (MPIL) di 91 milioni di euro per aver archiviato le password di centinaia di milioni di utenti in chiaro. Il DPC sta indagando su questo incidente dal 2019.

Ricordiamo che nel 2019 i ricercatori hanno scoperto che le password di 200-600 milioni di utenti di Facebook Lite, Facebook e Instagram venivano erroneamente archiviate sui server dell’azienda in formato testo ed erano accessibili a migliaia di dipendenti dell’azienda.

I registri hanno rivelato che circa 2.000 ingegneri e sviluppatori dell’azienda hanno effettuato circa 9.000.000 di richieste interne per elementi di dati contenenti password degli utenti in chiaro.

È interessante notare che Meta ha poi ammesso di aver effettivamente memorizzato le password, ma non ha fornito numeri specifici, dicendo solo che l’incidente ha colpito centinaia di milioni di utenti di Facebook Lite, decine di milioni di utenti di Facebook e milioni di utenti di Instagram.

Ora la Commissione irlandese per la protezione dei dati, che è l’organismo principale dell’UE in materia di privacy e questioni relative a Meta (poiché la sede europea della società è in Irlanda), ha completato un’indagine di cinque anni sull’incidente.

“Nel marzo 2019, MPIL ha notificato al DPC di aver inavvertitamente archiviato le password di alcuni utenti di social media in “testo semplice” sui suoi sistemi interni (ovvero, senza protezione crittografica o crittografia)”, si legge nella dichiarazione del DPC.

Anche se è noto che terze parti hanno avuto accesso alle password, le revisioni condotte non hanno rilevato alcuna prova di abuso o accesso non autorizzato.

Poiché la memorizzazione delle password senza adeguate misure di sicurezza, come la crittografia e il controllo degli accessi, costituisce una violazione di diversi articoli del Regolamento generale sulla protezione dei dati dell’UE (GDPR), l’autorità di controllo ha deciso di infliggere a Meta una multa di 91 milioni di euro (101,6 milioni di dollari USA).

Ad oggi, Meta è stata multata per oltre 2,23 miliardi di dollari nell’UE per varie violazioni del GDPR, entrato in vigore nel 2018. Questo importo include anche una multa record di 1,3 miliardi di dollari che è stata inflitta alla società lo scorso anno, contro la quale Meta sta ora cercando di presentare ricorso.

L'articolo Meta multata per 91 milioni di euro! Password in chiaro per uno scandalo globale proviene da il blog della sicurezza informatica.

Static electricity often just seems like an everyday annoyance when a wool sweater crackles as you pull it off, or when a doorknob delivers an unexpected zap. Regardless, the phenomenon is much more fascinating and complex than these simple examples suggest. In fact, static electricity is direct observable evidence of the actions of subatomic particles and the charges they carry.

While zaps from a fuzzy carpet or playground slide are funny, humanity has learned how to harness this naturally occurring force in far more deliberate and intriguing ways. In this article, we’ll dive into some of the most iconic machines that generate static electricity and explore how they work.

What Is It?

Before we look at the fancy science gear, we should actually define what we’re talking about here. In simple terms, static electricity is the result of an imbalance of electric charges within or on the surface of a material. While positively-charged protons tend to stay put, electrons, with their negative charges, can move between materials when they come into contact or rub against one another. When one material gains electrons and becomes negatively charged, and another loses electrons and becomes positively charged, a static electric field is created. The most visible result of this is when those charges are released—often in the form of a sudden spark.

Since it forms so easily on common materials, humans have been aware of static electricity for quite some time. One of the earliest recorded studies of the phenomenon came from the ancient Greeks. Around 1000 BC, they noticed that rubbing amber with fur would then allow it to attract small objects like feathers. Little came of this discovery, which was ascribed as a curious property of amber itself. Fast forward to the 17th century, though, and scientists were creating the first machines designed to intentionally store or generate static electricity. These devices helped shape our understanding of electricity and paved the way for the advanced electrical technologies we use today. Let’s explore a few key examples of these machines, each of which demonstrates a different approach to building and manipulating static charge.

The Leyden Jar

An 1886 drawing of Andreas Cunaeus experimenting with his apparatus. In this case, his hand is helping to store the charge. Credit: public domain
Though not exactly a machine for generating static electricity, the Leyden jar is a critical part of early electrostatic experiments. Effectively a static electricity storage device, it was independently discovered twice, first by a German named Ewald Georg von Kleist in 1745. However, it gained its common name when it was discovered by Pieter van Musschenbroek, a Dutch physicist, sometime between 1745 and 1746. The earliest versions were very simple, consisting of water in a glass jar that was charged with static electricity conducted to it via a metal rod. The experimenter’s hand holding the jar served as one plate of what was a rudimentary capacitor, the water being the other. The Leyden jar thus stored static electricity in the water and the experimenter’s hand.

Eventually the common design became a glass jar with layers of metal foil both inside and outside, separated by the glass. Early experimenters would charge the jar using electrostatic generators, and then discharge it with a dramatic spark.

The Leyden jar is one of the first devices that allowed humans to store and release static electricity on command. It demonstrated that static charge could be accumulated and held for later use, which was a critical step in understanding the principles that would lead to modern capacitors. The Leyden jar can still be used in demonstrations of electrostatic phenomena and continues to serve as a fascinating link to the history of electrical science.

The Van de Graaff Generator

A Van de Graaff generator can be configured to run in either polarity, depending on the materials chosen and how it is set up. Here, we see the generator being used to feed negative charges into an attached spherical conductor. Credit: Omphalosskeptic, CC BY-SA 3.0
Perhaps the most iconic machine associated with generating static electricity is the Van de Graaff generator. Developed in the 1920s by American physicist Robert J. Van de Graaff, this machine became a staple of science classrooms and physics demonstrations worldwide. The device is instantly recognizable thanks to its large, polished metal sphere that often causes hair to stand on end when a person touches it.

The Van de Graaff generator works by transferring electrons through mechanical movement. It uses a motor-driven belt made of insulating material, like rubber or nylon, which runs between two rollers. At the bottom roller, plastic in this example, a comb or brush (called the lower electrode) is placed very close to the belt. As the belt moves, electrons are transferred from the lower roller onto the belt due to friction in what is known as the triboelectric effect. This leaves the lower roller positively charged and the belt carrying excess electrons, giving it a negative charge. The electric field surrounding the positively charged roller tends to ionize the surrounding air and attracts more negative charges from the lower electrode.

As the belt moves upward, it carries these electrons to the top of the generator, where another comb or brush (the upper electrode) is positioned near the large metal sphere. The upper roller is usually metal in these cases, which stays neutral rather than becoming intensely charged like the bottom roller. The upper electrode pulls the electrons off the belt, and they are transferred to the surface of the metal sphere. Because the metal sphere is insulated and not connected to anything that can allow the electrons to escape, the negative charge on the sphere keeps building up to very high voltages, often in the range of hundreds of thousands of volts. Alternatively, the whole thing can be reversed in polarity by changing the belt or roller materials, or by using a high voltage power supply to charge the belt instead of the triboelectric effect.

The result is a machine capable of producing massive static charges and dramatic sparks. In addition to its use as a demonstration tool, Van de Graaff generators have applications in particle physics. Since they can generate incredibly high voltages, they were once used to accelerate particles to high speeds for physics experiments. These days, though, our particle accelerators are altogether more complex.

The Whimsical Wimshurst Machine

Two disks with metal sectors spin in opposite directions upon turning the hand crank. A small initial charge is able to induce charge in other sectors as the machine is turned. Credit: public domain
Another fascinating machine for generating static electricity is the Wimshurst machine, invented in the late 19th century by British engineer James Wimshurst. While less famous than the Van de Graaff generator, the Wimshurst machine is equally impressive in its operation and design.

The key functional parts of the machine are the two large, circular disks made of insulating material—originally glass, but plastic works too. These disks are mounted on a shared axle, but they rotate in opposite directions when the hand crank is turned. The surfaces of the disks have small metal sectors—typically aluminum or brass—which play a key role in generating static charge. As the disks rotate, brushes made of fine metal wire or other conductive material lightly touch their surfaces near the outer edges. These brushes don’t generate the initial charge but help to collect and amplify it once it is present.

The key to the Wimshurst machine’s operation lies in a process called electrostatic induction, which is essentially the influence that a charged object can exert on nearby objects, even without touching them. At any given moment, one small area of the rotating disk may randomly pick up a small amount of charge from the surrounding air or by friction. This tiny initial charge is enough to start the process. As this charged area on the disk moves past the metal brushes, it induces an opposite charge in the metal sectors on the other disk, which is rotating in the opposite direction.

For example, if a positively charged area on one disk passes by a brush, it will induce a negative charge on the metal sectors of the opposite disk at the same position. These newly induced charges are then collected by a pair of metal combs located above and below the disks. The combs are typically connected to Leyden jars to store the charge, until the voltage builds up high enough to jump a spark over a gap between two terminals.
It is common to pair a Wimshurst machine with Leyden jars to store the generated charge. Credit: public domain
The Wimshurst machine doesn’t create static electricity out of nothing; rather, it amplifies small random charges through the process of electrostatic induction as the disks rotate. As the charge is collected by brushes and combs, it builds up on the machine’s terminals, resulting in a high-voltage output that can produce dramatic sparks. This self-amplifying loop is what makes the Wimshurst machine so effective at generating static electricity.

The Wimshurst machine is seen largely as a curio today, but it did have genuine scientific applications back in the day. Beyond simply using it to investigate static electricity, its output could be discharged into Crookes tubes to create X-rays in a very rudimentary way.

youtube.com/embed/6zd_HwgrJjI?…

The Electrophorus: Simple Yet Ingenious

One of the simplest machines for working with static electricity is the electrophorus, a device that dates back to 1762. Invented by Swedish scientist Johan Carl Wilcke, the electrophorus consists of two key parts: a flat dielectric plate and a metal disk with an insulating handle. The dielectric plate was originally made of resinous material, but plastic works too. Meanwhile, the metal disk is naturally conductive.
An electrophorus device, showing the top metal disk, and the bottom dielectric material, at times referred to as the “cake.” The lower dielectric was classically charged by rubbing with fur. Credit: public domain
To generate static electricity with the electrophorus, the dielectric plate is first rubbed with a cloth to create a static charge through friction. This is another example of the triboelectric effect, as also used in the Van de Graaff generator. Once the plate is charged, the metal disk is placed on top of it. The disc then becomes charged by induction. It’s much the same principle as the Wimshurst machine, with the electrostatic field of the dielectric plate pushing around the charges in the metal plate until it too has a distinct charge.

For example, if the dielectric plate has been given a negative charge by rubbing, it will repel negative charges in the metal plate to the opposite side, giving the near surface a positive charge, and the opposite surface a negative charge. The net charge, though, remains neutral. But, if the metal disk is then grounded—for example, by briefly touching it with a finger—the negative charge on the disk can drained away, leaving it positively charged as a whole. This process does not deplete the charge on the dielectric, so it can be used to charge the metal disk multiple times, though the dielectric’s charge will slowly leak away in time.

Though it’s simple in design, the electrophorus remains a remarkable demonstration of static electricity generation and was widely used in early electrostatic experiments. A particularly well-known example is that of Georg Lichtenberg. He used a version a full two meters in diameter to create large discharges for his famous Lichtenberg figures. Overall, it’s an excellent tool for teaching the basic principles of electrostatics and charge separation—particularly given how simple it is in construction compared to some of the above machines.

Zap

Static electricity, once a mysterious and elusive force, has long since been tamed and turned into a valuable tool for scientific inquiry and education. Humans have developed numerous machines to generate, manipulate, and study static electricity—these are just some of the stars of the field. Each of these devices played an important role in furthering humanity’s understanding of electrostatics, and to a degree, physics in general.

Today, these machines continue to serve as educational tools and historical curiosities, offering a glimpse into the early days of electrical science—and they still spark fascination on the regular, quite literally. Static electricity may be an everyday phenomenon, but the machines that harness its power are still captivating today. Just go to any local science museum for the proof!

Una recente ricerca di SentinelOne ha evidenziato la resurrezione di Kryptina, un ransomware precedentemente ritenuto invendibile, che è stato trasformato in una minaccia rilevante grazie al modello Ransomware-as-a-Service (RaaS). Questa trasformazione ha ampliato la diffusione del malware, rendendolo disponibile anche a criminali con competenze tecniche limitate.

Kryptina era stato inizialmente considerato un progetto fallimentare nel mercato del malware. Tuttavia, con il passaggio al modello RaaS, i suoi creatori hanno trovato un nuovo modo di commercializzare il ransomware, trasformandolo in uno strumento di attacco accessibile a chiunque fosse disposto a pagare per utilizzarlo. Questo modello abbassa significativamente la soglia di ingresso per i potenziali criminali informatici, aumentando il numero di attacchi mirati contro organizzazioni e aziende.

Che cosa si intende per modello RaaS

Il modello RaaS consente ai cybercriminali di noleggiare l’infrastruttura e il codice di ransomware come Kryptina, senza dover sviluppare da soli il malware. Questa evoluzione ha rivoluzionato l’ecosistema del ransomware, creando un mercato in cui anche chi non ha capacità avanzate può orchestrare attacchi dannosi. Gli sviluppatori del malware forniscono strumenti di facile utilizzo e supporto ai loro clienti, in cambio di una percentuale sui riscatti ottenuti.

L’efficienza del modello ha reso Kryptina una minaccia particolarmente efficace, in grado di diffondersi rapidamente e colpire numerose vittime in tutto il mondo. Le aziende sono costrette a confrontarsi con attacchi ransomware sempre più sofisticati, che richiedono contromisure altrettanto avanzate per difendersi.
Ransom Note Originale di Kryptina

L’adattabilità di Kryptina

Una delle caratteristiche chiave che ha contribuito alla rinascita di Kryptina è la sua capacità di adattarsi alle esigenze degli attaccanti. L’integrazione di tecnologie più recenti e la facilità di personalizzazione hanno aumentato il suo appeal. I criminali informatici possono configurare il ransomware per mirare a specifici settori o aziende, aumentando le possibilità di successo dell’attacco.

Inoltre, Kryptina sfrutta vulnerabilità comuni nei sistemi aziendali, come il mancato aggiornamento di software critici o la scarsa formazione del personale in termini di sicurezza informatica. Questo rende molte organizzazioni vulnerabili agli attacchi, anche se implementano alcune misure di sicurezza di base.

Implicazioni per la sicurezza delle imprese

La rinascita di Kryptina rappresenta un chiaro esempio di come le minacce informatiche possano evolversi e rimanere rilevanti nel tempo. Anche un ransomware inizialmente fallimentare può essere riproposto e diventare una minaccia significativa, grazie ai cambiamenti nel panorama delle minacce e ai nuovi modelli di business nel dark web.

Per le imprese, questo significa che la semplice adozione di soluzioni di sicurezza tradizionali potrebbe non essere sufficiente. Gli attacchi ransomware come quelli veicolati da Kryptina richiedono un approccio proattivo, che includa l’adozione di tecnologie avanzate di rilevamento delle minacce, la formazione continua dei dipendenti e una strategia di backup solida.

Conclusione

La storia di Kryptina dimostra come il panorama del ransomware stia cambiando. Il modello RaaS ha reso il crimine informatico più accessibile e diffuso, mettendo in pericolo le imprese di tutto il mondo. Le organizzazioni devono adottare misure di sicurezza più sofisticate e restare sempre aggiornate sugli sviluppi del ransomware per proteggersi efficacemente da minacce in costante evoluzione.

IOC

Files SHA1
0b9d2895d29f7d553e5613266c2319e10afdda78
0de92527430dc0794694787678294509964422e6
0e83d023b9f6c34ab029206f1f11b3457171a30a
0f1aea2cf0c9f2de55d2b920618a5948c5e5e119
0f632f8e59b8c8b99241d0fd5ff802f31a3650cd
1379a1b08f938f9a53082150d53efadb2ad37ae5
21bacf8daa45717e87a39842ec33ad61d9d79cfe
262497702d6b7f7d4af73a90cb7d0e930f9ec355
29936b1aa952a89905bf0f7b7053515fd72d8c5c
2b3fc20c4521848f33edcf55ed3d508811c42861
341552a8650d2bdad5f3ec12e333e3153172ee66
43377911601247920dc15e9b22eda4c57cb9e743
58552820ba2271e5c3a76b30bd3a07144232b9b3
5cf67c0a1fa06101232437bee5111fefcd8e2df4
88a039be03abc7305db724079e1a85810088f900
9050419cbecc88be7a06ea823e270db16f47c1ea
93ef3578f9c3db304a979b0d9d36234396ec6ac9
a1a8922702ffa8c74aba9782cca90c939dfb15bf
b07c725edb65a879d392cd961b4cb6a876e40e2d
b27d291596cc890d283e0d3a3e08907c47e3d1cc
b768ba3e6e03a77004539ae999bb2ae7b1f12c62
c20e8d536804cf97584eec93d9a89c09541155bc
c4d988135e960e88e7acfae79a45c20e100984b6
d46fbc4a57dce813574ee312001eaad0aa4e52de
d618a9655985c33e69a4713ebe39d473a4d58cde
dc3f98dded6c1f1e363db6752c512e01ac9433f3
ee3cd3a749f5146cf6d4b36ee87913c51b9bfe93
ef2565c789316612d8103056cec25f77674d78d1
f17d9b3cd2ba1dea125d2e1a4aeafc6d4d8f12dc

Network Comms
185[.]73.125[.]6
grovik71[.]theweb[.]place

Tox ID
290E6890D02FBDCD92659056F9A95D80854534A4D76EE5D3A64AFD55E584EA398722EC2D3697

BTC Address
18CUq89XR81Y7Ju2UBjER14fYWTfVwpGP3

L'articolo La resurrezione di Kryptina: Da ransomware fallimentare a minaccia globale grazie al RaaS proviene da il blog della sicurezza informatica.

Ever want to build a RP2040 devboard that has everything you could ever want? Bad news, “everything” also means adding 1.8 V GPIO voltage support. The good news is that this write-up by [xenia] explains the process of adding a “3.3 V/1.8 V” slide switch onto your board.

Some parts are obvious, like the need to pick a flash chip that works at either voltage, for instance. Unfortunately, most of them don’t. But there’s more you’d be surprised by, like the crystal, a block where the recommended passives are tuned for 3.3 V, and you need to re-calculate them when it comes to 1.8 V operation – not great for swapping between voltages with a flick of a switch. Then, you need to adjust the bootloader to detect the voltage supplied — that’s where the fun begins, in large part. Modifying the second stage bootloader to support the flash chip being used proved to be quite a hassle, but we’re graced with a working implementation in the end.

All the details and insights laid out meticulously and to the point, well-deserved criticism of Raspberry Pi silicon and mask ROM design choices, code fully in Rust, and a success story in the end – [xenia]’s write-up has all you could wish for.

Want to learn more about the RP2040’s bootloader specifically? Then check this out — straight out of Cornell, a bootloader that’s also a self-spreading worm. Not only is it perfect for updating your entire RP2040 flock, but it also teaches you everything you could want to know about RP2040’s self-bringup process.

hackaday.com/2024/09/30/switch…

A marzo, il pilota dell’American Airlines Dan Carey si è imbattuto in un inaspettato allarme mentre il suo Boeing 777 si trovava a oltre 9.700 chilometri sopra il Pakistan. La causa era lo spoofing del GPS, che creava falsi segnali per i sistemi di navigazione.

Anche se in questo caso il segnale non rappresentava una minaccia reale, il problema dello spoofing GPS colpisce sempre più i voli commerciali, compresi i voli internazionali delle compagnie aeree statunitensi.

I sistemi GPS negli aerei moderni sono fondamentali per la navigazione e la gestione della sicurezza. Tuttavia, i segnali creati artificialmente possono causare gravi malfunzionamenti nel funzionamento delle apparecchiature di bordo. Secondo SkAI Data Services e l’Università di Scienze Applicate di Zurigo, il numero di voli che hanno ricevuto segnali falsi, è aumentato da poche decine a febbraio a oltre 1.100 nell’agosto 2024.

Episodi di spoofing GPS sono stati segnalati non solo nelle zone di conflitto dell’Europa orientale e del Medio Oriente, ma anche in altre regioni, causando interruzioni della navigazione e tensione sui piloti che devono rispondere rapidamente ai falsi allarmi. Secondo rapporti anonimi, i piloti hanno subito una serie di conseguenze, tra cui il ripristino degli orologi di volo, falsi allarmi e rotte sbagliate.

L’industria aeronautica riconosce che lo spoofing del GPS non ha ancora creato una minaccia critica alla sicurezza, ma l’impatto degli attacchi è in crescita. La Federal Aviation Administration (FAA) degli Stati Uniti rileva che se un paese dovesse perdere un aereo a causa di tali attacchi, soprattutto in caso di emergenza, “le conseguenze sarebbero disastrose”.

I produttori, i fornitori e gli enti regolatori di aeromobili stanno lavorando a soluzioni temporanee per ridurre l’impatto dello spoofing, ma gli standard per migliorare la sicurezza dei sistemi di navigazione non appariranno prima del prossimo anno. Per ora, i piloti ricevono istruzioni dettagliate su come identificare e rispondere ai falsi allarmi, incluso talvolta ignorare i falsi comandi del sistema di allarme di prossimità al suolo.

La maggior parte degli attacchi avviene grazie a potenti trasmettitori di electronic war. In alcuni casi, i piloti hanno addirittura eseguito manovre non necessarie. Anche altri sistemi di bordo, inclusa la rete di messaggistica, sono disturbati da dati falsi su ora e posizione.

Un rapporto di OpsGroup, che comprende piloti e controllori del traffico aereo, indica che lo spoofing può portare a gravi conseguenze. Nel settembre 2023, un jet privato Embraer è quasi finito nello spazio aereo iraniano e un Airbus A320 ha perso i dati di navigazione durante il decollo da Cipro. Il Boeing 787 ha interrotto l’atterraggio due volte a causa della perdita del segnale GPS e dei successivi guasti agli strumenti.

La FAA non ha ancora identificato alcun caso di spoofing negli Stati Uniti, ma nell’ottobre 2022 sono stati osservati problemi al GPS all’aeroporto di Dallas/Fort Worth che hanno causato la deviazione dell’aereo dalla rotta. Anche l’Agenzia aeronautica europea ha segnalato interruzioni della navigazione, ma nessun problema per la sicurezza.

L'articolo Hacking tra le nuvole! Lo Spoofing GPS è in forte aumento ed inganna i piloti durante i voli proviene da il blog della sicurezza informatica.

Microsoft ha annunciato il ritorno di Recall per Windows 11, uno strumento che ha causato polemiche a causa di problemi di sicurezza e privacy. L’azienda intende lanciare questa funzionalità sui laptop con Copilot+ da novembre di quest’anno, avendo precedentemente introdotto una serie di misure per rafforzare la protezione dei dati degli utenti.

Recall utilizza l’intelligenza artificiale per fornire ricerche avanzate nella cronologia delle attività del tuo computer. Il sistema acquisisce regolarmente schermate (che Microsoft chiama “istantanee“) e le analizza, consentendo all’utente di trovare rapidamente le informazioni di cui ha bisogno dalle sessioni passate.

Uno dei cambiamenti chiave riguarda il modo in cui funziona Recall. Ora verrà attivato solo su richiesta dell’utente. Quando si configura un computer con Copilot+ per la prima volta, il sistema chiederà direttamente se il proprietario desidera abilitare Recall e consentire il salvataggio degli screenshot. Senza consenso esplicito, la funzionalità rimarrà disabilitata e non verranno create istantanee.

Microsoft ha inoltre confermato che tutti gli snapshot e gli altri dati associati a Recall saranno completamente crittografati. Per utilizzare la tecnologia sarà richiesta l’autenticazione tramite Windows Hello. Inoltre, il nuovo strumento verrà eseguito in un ambiente sicuro chiamato Virtualization-based Security Enclave (VBS Enclave). È una macchina virtuale completamente isolata, separata dal sistema principale Windows 11.

David Weston, vicepresidente della sicurezza aziendale e dei sistemi operativi di Microsoft, ha spiegato: Tutti i processi sensibili, ovvero l’acquisizione di screenshot, l’elaborazione e il database vettoriale, si trovano ora in VBS Enclave. Essenzialmente, l’intero motore è collocato in una macchina virtuale, in modo che anche gli utenti con diritti amministrativi non possano interagire con il servizio, eseguire codice o visualizzare dati. Questo vale anche per la stessa Microsoft.

Le informazioni vengono archiviate localmente sul dispositivo e non vengono inviate al cloud. Ecco perché Recall è un’esclusiva dei PC con Copilot+: richiedono un potente processore neurale per l’accelerazione e l’elaborazione locale per mantenere il sistema in esecuzione senza intoppi e senza ritardi.

Gli ingegneri Microsoft si sono occupati anche della protezione dei dati riservati. Recall ora riconosce e rimuove automaticamente le informazioni sensibili dagli screenshot, come password e numeri di carta di credito. Per una protezione aggiuntiva, durante la configurazione del servizio, è possibile specificare le applicazioni e i siti che Recall non deve registrare. Inoltre, il sistema non scatterà istantanee mentre lavora in modalità di navigazione in incognito nei browser più diffusi.

Quando Recall salva un’istantanea, un’icona speciale apparirà nella barra delle applicazioni. Recall tornerà in fase di test a ottobre e il suo rilascio su PC con Copilot+ è previsto a novembre. Si tratta di un percorso abbastanza rapido verso il grande pubblico, anche se limitato ai possessori di laptop con Copilot+. È probabile che Recall verrà ancora etichettato come “anteprima” per questi utenti e resta la domanda se valga la pena utilizzare tale tecnologia quando non è ancora completamente matura.

L'articolo Recall torna su Windows 11: Istanze di sicurezza rafforzate, ma preoccupazioni rimangono proviene da il blog della sicurezza informatica.

[Ken] recently obtained an attitude indicator—sometimes called an artificial horizon—from an F-4 fighter jet. Unlike some indicators, the F-4’s can rotate to show pitch, roll, and yaw, so it moves in three different directions. [Ken] wondered how that could work, so, like any of us, he took it apart to find out.

With the cover off, the device is a marvel of compact design. Then you realize that some of the circuit is inside the ball, so there’s even more than it appears at a quick glance. As you might have guessed, there are two separate slip rings that allow the ball to turn freely without tangling wires. Of course, even if you don’t tangle wires, getting the ball to reflect the aircraft’s orientation is an exercise in control theory, and [Ken] shows us the servo loop that makes it happen. There’s a gyroscope and synchros—sometimes known by the trade name selsyn—to keep everything in the same position.

You have to be amazed by the designers of things like this. Sophisticated both electrically and mechanically, rugged, compact, and able to handle a lot of stress. Good thing it didn’t have to be cheap.

We’ve seen inside an ADI before. If you want to make any of this look simple, check out the mechanical flight computers from the 1950s.

youtube.com/embed/uKzj5shVtlo?…

hackaday.com/2024/09/30/inside…

Germany’s proposed revision of its Federal Data Protection Act (BDSG) would allow automatic credit scoring, a common practice that is currently in legal muddy waters.

euractiv.com/section/data-priv…