Many of us check the weather before heading out for the day — we want to know if we’re dressed (or equipped) properly to handle what Mother Nature has planned for us. This is even more important if you’re going out hiking, because you’re going to be out in a more rugged environment. To aid in this regard, [Mukesh Sankhla] built a tool called Enhiker.

The concept is simple; it’s intended to tell you everything you need to know about current and pending conditions before heading out on a hike. It’s based around Unihiker, a single-board computer which also conveniently features a 2.8-inch touch screen. It’s a quad-core ARM device that runs Debian and has WiFi and Bluetooth built in, too. The device is able to query its GPS/GNSS receiver for location information, and then uses this to get accurate weather data online from OpenWeatherMap. It makes some basic analysis, too. For example, it can tell you if it’s a good time to go out, or if there’s a storm likely rolling in, or if the conditions are hot enough to make heat stroke a concern.

It’s a nifty little gadget, and it’s neat to have all the relevant information displayed on one compact device. We’d love to see it upgraded further with cellular connectivity in addition to WiFi; this would make it more capable when out and about.

We’ve seen some other neat hiking hacks before, too, like this antenna built with a hiking pole. Meanwhile, if you’ve got your own neat hacks for when you’re out on the trail, don’t hesitate to let us know!

hackaday.com/2024/11/22/enhike…

La Lamborghini Huracan del giocatore di baseball Kris Bryant è stata rubata mentre veniva trasportata a Las Vegas. Gli aggressori sono riusciti a modificare il percorso di consegna, ma l’auto è stata recuperata in meno di una settimana, il che ha aiutato a rintracciare diversi sospettati e altre auto rubate.

Il giocatore dei Colorado Rockies ha incaricato una compagnia di trasporti di trasportare una Lamborghini Huracan dal Colorado a Las Vegas, Nevada, dove l’atleta ha giocato in bassa stagione. L’auto però non è mai arrivata a destinazione. La polizia ne ha registrato la scomparsa il 2 ottobre e ha avviato un’indagine.

Si è scoperto che la compagnia di trasporti è stata vittima di un attacco BEC, che ha permesso ai criminali di organizzare il trasporto non autorizzato di automobili in tutto il paese. Grazie all’analisi dei dati provenienti dalle telecamere di riconoscimento targhe, è stato possibile ricostruire il percorso di movimento del camion e del rimorchio che hanno consegnato la Lamborghini.

La Lamborghini Huracan del 2023 presentava modifiche uniche che hanno contribuito a identificare l’auto quando un agente di polizia di Las Vegas l’ha avvistata. L’auto è stata ritrovata il 7 ottobre nella zona di Las Vegas e le persone coinvolte nel rapimento sono state arrestate.

Il conducente della Lamborghini ha affermato di possedere un’autofficina e di aver ricevuto una richiesta da uno sconosciuto in Texas per riparare il sistema elettronico dell’auto. Un altro sospettato è stato arrestato all’aeroporto di Las Vegas, dove avrebbe dovuto ritirare la Lamborghini. Durante la perquisizione dell’auto, la polizia ha rinvenuto strumenti atti a scassinare l’auto.

La scoperta dell’auto è stata un anello chiave per scoprire una rete criminale più ampia. Nel corso di ulteriori indagini, la polizia ha ricevuto informazioni su altri membri del gruppo criminale, che hanno portato alla scoperta di altre due auto rubate, serie di numeri VIN falsi, documenti di immatricolazione falsi, chiavi elettroniche e strumenti per cambiare targa. Inoltre, nell’ambito del caso, è stato possibile restituire un’altra auto rubata in precedenza in California.

Sebbene Bryant non sia stato nominato nella dichiarazione ufficiale della polizia, il Denver Post ha collegato l’incidente a lui.

L'articolo Caccia alla Lamborghini Huracan Rubata a Kris Bryant! Dietro l’Attacco una Rete Criminale proviene da il blog della sicurezza informatica.

La polizia sudcoreana ha confermato il coinvolgimento di hacker legati all’intelligence nordcoreana in un grave furto della criptovaluta Ethereum nel 2019. L’importo dei beni rubati in quel momento era stimato a 41,5 milioni di dollari.

Più della metà dei fondi rubati sono stati riciclati attraverso 3 scambi di criptovalute creati dagli stessi hacker. I fondi rimanenti sono stati distribuiti su 51 piattaforme. I criminali si sono infiltrati nell’exchange di criptovalute in cui era archiviato Ethereum e hanno prelevato 342.000 ETH. Oggi il loro valore supera il miliardo di dollari.

Il nome dell’exchange non è stato specificato nella dichiarazione, ma nel 2019 l’exchange sudcoreano Upbit ha segnalato un trasferimento non autorizzato di 342.000 ETH su un wallet sconosciuto. Non è specificato se questi due incidenti siano collegati.

Dall’inchiesta è emerso che l’attacco è stato effettuato dai gruppi Lazarus e Andariel, legati all’intelligence nordcoreana. I risultati si basano sull’analisi degli indirizzi IP e sul tracciamento delle risorse. Ciò ha segnato la prima volta che la Corea del Nord ha colpito un exchange di criptovalute sudcoreano.

Le forze dell’ordine sono riuscite a rintracciare 4,8 BTC trasferiti su uno scambio di criptovalute svizzero. Nel mese di ottobre gli asset sono stati restituiti alla piattaforma sudcoreana. Oggi il loro valore è di circa 427.800 dollari. La Corea del Nord nega il coinvolgimento in attacchi informatici e furti di criptovalute.

Secondo l’ONU, dal 2017 al 2024, gli hacker nordcoreani hanno effettuato 97 attacchi informatici contro società di criptovalute, causando danni per circa 3,6 miliardi di dollari. Tra gli attacchi c’era un attacco allo scambio di criptovalute HTX: nel novembre 2023 gli hacker hanno rubato 147,5 milioni di dollari e ha riciclato il bottino a marzo del 2024.

L'articolo Gli Hacker Nordcoreani Rubano 1 Miliardo di Dollari ad un Exchange della Corea del Sud proviene da il blog della sicurezza informatica.

The world of security research is no stranger to the phenomenon of not-a-vulnerability. That’s where a security researcher finds something interesting, reports it to the project, and it turns out that it’s something other than a real security vulnerability. There are times that this just means a researcher got over-zealous on reporting, and didn’t really understand what was found. There is at least one other case, the footgun.

A footgun is a feature in a language, library, or tool that too easily leads to catastrophic mistake — shooting ones self in the foot. The main difference between a footgun and a vulnerability is that a footgun is intentional, and a vulnerability is not. That line is sometimes blurred, so an undocumented footgun could also be a vulnerability, and one possible solution is to properly document the quirk. But sometimes the footgun should really just be eliminated. And that’s what the article linked above is about. [Alex Leahu] takes a look at a handful of examples, which are not only educational, but also a good exercise in thinking through how to improve them.

The first example is Tesla from the Elixer language. Tesla is an HTTP/HTTPS client, not unlike libcurl, and the basic usage pattern is to initialize an instance with a base_url defined. So we could create an instance, and set the URL base to [url=https://hackaday.com/feed/]https://hackaday.com/feed/[/url]. Then, to access a page or endpoint on that base URL, you just call a Tesla.get(), and supply the client instance and path. The whole thing might look like:

client = build_client(config, "https://hackaday.com", headers)
response = Tesla.get(client, "/floss")

All is well, as this code snippet does exactly what you expect. The footgun comes when your path isn’t just /floss. If that path starts with a scheme, like http:// or https://, the base URL is ignored, and path is used as the entire URL instead. Is that a vulnerability? It’s clearly documented, so no, definitely not. Is this a footgun, that is probably responsible for vulnerabilities in other code? Yes, very likely. And here’s the interesting question: What is the ideal resolution? How do you get rid of the footgun?

There are two related approaches that come to mind. The first would be to add a function to the library’s API, a Tesla.get_safe() that will never replace the base URL, and update the documentation and examples to use the safe version. The related solution is to then take the extra step of deprecating the unsafe version of the function.

The other example we’ll look at is Psychopg, a PostSQL driver library for Python. The example of correctly using the driver is cur.execute("INSERT INTO numbers VALUES (%s, %s)", (10, 20)), while the incorrect example is cur.execute("INSERT INTO numbers VALUES (%s, %s)" % (10, 20)). The difference may not seem huge, but the first example is sending the values of 10 and 20 as arguments to the library. The second example is doing an printf-like Python string formatting with the % operator. That means it bypasses all the protections this library has to prevent SQL injection. And it’s trivially easy because the library uses % notation. The ideal solution here is pretty straightforward. Deprecate the % SQL notation, and use a different character that isn’t overloaded with a particularly dangerous language functino.

Wormable Bing

[pedbap] went looking for a Cross-Site Scripting (XSS) flaw on Microsoft’s services. The interesting thing here is that Bing is part of that crowd of Microsoft websites, that users automatically get logged in to with their Microsft accounts. An XSS flaw there could have interesting repercussions for the entire system. And since we’re talking about it, there was obviously something there.

The flaw in question was found on Bing maps, where a specific URL can load a map with custom features, though the use of json file specified in the URL. That json file can also include a Keyhole Markup Language file, a KML. These files have a lot of flexibility, like including raw HTML. There is some checking to prevent running arbitrary JavaScript, but that was defeated with a simple mixed case string: jAvAsCriPt:(confirm)(1337). Now the example does require a click to launch the JS, so it’s unclear if this is actually wormable in the 0-click sort of way. Regardless, it’s a fun find, and netted [pedbap] a bounty.

youtube.com/embed/_brKdFmYGdI?…

Right There in Plain Text

[Ian] from Shells.Systems was inside a Palo Alto Global Protect installation, a VPN server running on a Windows machine. And there was something unusual in the system logs. The log contained redacted passwords. This is an odd thing to come across, particularly for a VPN server like this, because the server shouldn’t ever have the passwords after creation.

So, to prove the point, [Ian] wrote an extractor program, that grabs the plaintext passwords from system memory. As far as we can tell, this doesn’t have a CVE or a fix, as it’s a program weakness rather than a vulnerability.

Your Gogs Need to Go

Speaking of issues that haven’t been patched, if you’re running gogs, it’s probably time to retire it. The latest release has a Remote Code Execution vulnerability, where an authenticated user can create a symlink to a real file on the gogs server, and edit the contents. This is a very quick route to arbitrary code execution.

The real problem here isn’t this specific vulnerability, or that it hasn’t been patched yet, or even that gogs hasn’t seen a release since 2023. The real problem is that the project seems to have been almost completely abandoned. The last change was only 2 weeks ago, but looking through the change log, almost all of the recent changes appear to be automated changes. The vulnerability was reported back in August, the 90 day disclosure deadline came and went, and there was never a word from the project. That’s concerning. It’s reminiscent of the sci-fi trope, when some system keeps running itself even after all the humans have left.

Bits and bytes

The NPM account takeover hack now has an Open Source checking tool. This is the issue of expired domains still listed on the developer email addresses on NPM packages. If an attacker can register the dangling domain, it’s possible to take over the package as well. The team at Laburity are on it, with the release of this tool.

Lutra Security researchers have an interesting trick up their sleeves, when it comes to encrypted emails. What if the same encrypted text encrypted to different readable messages for each different reader? With some clever use of both encryption and the multipart/alternative MIME type, that;s what Salamander/MIME pulls off.

And finally, it’s time to dive in to DOMPurify bypasses again. That’s the JavaScript library for HTML sanitizing using the browser’s own logic to guarantee there aren’t any inconsistent parsing issues. And [Mizu] has the lowdown on how to pull off an inconsistent parsing attack. The key here is mutations. When DOMPurify runs an HTML document through the browser’s parsing engine, that HTML is often modified — hence the Purify in the title. What’s not obvious is that a change made during this first iteration through the document can have unexpected consequences for the next iteration through the document. It’s a fun read, and only part one, so keep your eyes peeled for the rest of it!

hackaday.com/2024/11/22/this-w…

Old-school technology can spark surprising innovations. By combining the vintage zoetrope concept with digital displays, [Mike Ando] created the Andotrope, a surprisingly simple omnidirectional display.

Unlike other 3D displays, the Andotrope lets you view a normal 2D video or images that appear identical irrespective of your viewing angle. The prototype demonstrated in the video below consists of a single smart phone and a black cylinder spinning at 1,800 RPM. A narrow slit in front of each display creates a “scanning” view that our brain interprets as a complete image, thanks to persistence of vision. [Mike] has also created larger version with a higher frame rate, by mounting two tablets back-to-back.

Surprisingly, the Andotrope appears to be an original implementation, and neither [Mike] nor we can find any similar devices with a digital display. We did cover one that used a paper printout in a a similar fashion. [Mike] is currently patenting his design, seeing the potential for smaller displays that need multi-angle visibility. The high rotational speed creates significant centrifugal force, which might limit the size of installations. Critically, display selection matters — any screen flicker becomes glaringly obvious at speed.

This device might be the first of its kind, but we’ve seen plenty of zoetropes over the years, including ones with digital displays or ingenious time-stretching tricks.

youtube.com/embed/YxkUCFis668?…

hackaday.com/2024/11/22/a-surp…

Sono venuto a conoscenza di questa tecnica circa 9 mesi fa e ora sto analizzando un attacco condotto da Qilin Ransomware Gang, quindi è giunto il momento di parlarne per far conoscere questa nuova tecnica.

Una delle cose più importanti per la sicurezza negli EDR è la possibilità di intercettare le chiamate al kernel. A questo scopo, i venditori di EDR utilizzano i driver MiniFilter che si caricano all’avvio. Ma cosa succede quando questi driver vengono forzati a essere disabilitati dall’attaccante? L’attaccante può tranquillamente effettuare chiamate al kernel senza essere intercettato dagli EDR.

Quando Windows carica un driver MiniFilter, c’è un ordine per caricarlo; questo ordine è specificato con un parametro che Microsoft fornisce ai driver MiniFilter, chiamato Altitudine. Questa tecnica è semplice e altamente efficace.

Ora vediamo come funziona questo attacco e come fermarlo.

In questa schermata possiamo vedere che abbiamo diversi driver MiniFilter caricati nel nostro sistema e uno di questi è quello dell’EDR. La terza colonna è l’Altitudine del driver.

Cosa succede se modifichiamo l’Altitudine di questi driver, come FileInfo in quella dell’EDR?
Per fare questo possiamo modificare una chiave di registro REG_MULTI_SZ.

Andiamo a modificare questa chiave specifica con Altitude dal MultiFilter Driver di EDR.

Per rendere effettiva la modifica dobbiamo riavviare l’endpoint. Ora possiamo verificare che la nostra modifica sia effettiva.

Possiamo vedere che ora FileInfo contiene l’altitudine del driver MiniFilter dell’EDR.

Possiamo vedere anche il MiniFilter dell’EDR che prima era caricato ora non lo è più a causa della nostra modifica. Con questa modifica del registro possiamo interagire con i Kernel Callbacks ad esempio senza essere segnalati dagli EDR.

Ho fatto questo test con 6 EDR negli ultimi mesi e NESSUNO di loro ha segnalato la modifica del registro come malevola. Ora, come possiamo monitorarlo? È semplice, possiamo monitorare la modifica di qualsiasi MiniFilter Altitude nel registro e segnalarla come malevola. Con questa tecnica, il Threat Actor
(Qilin Ransomware) che ho visto in un recente attacco in natura, esegue LaZagne senza essere segnalato da EDR.

Spero che i fornitori di EDR possano aggiungere questa telemetria ai loro prodotti, in modo che la tecnica diventi inutile.

L'articolo Come i Threat Actors Bypassano gli EDR con un semplice e banale Reboot proviene da il blog della sicurezza informatica.

Whether you’re a kid or a kid at heart, learning about science and engineering can be a lot more fun if it’s practical. You could sit around learning about motors and control theory, or you could build a robot arm and play with it. If the latter sounds like your bag of hammers, you might like Pedro 2.0.

Pedro 2.0 is a simple 3D-printable robot arm intended for STEAM education. If you’re new to that acronym, it basically refers to the combination of artistic skills with education around science, technology, engineering and mathematics.

The build relies on components that are readily available pretty much around the world—SG90 servo motors, ball bearings, and an Arduino running the show. There’s also an NRF24L01 module for wireless remote control. All the rest of the major mechanical parts can be whipped up on a 3D printer, and you don’t need a particularly special one, either. Any old FDM machine should do the job just fine if it’s calibrated properly.

If you fancy dipping your toes in the world of robot arms, this is a really easy starting point that will teach you a lot along the way. From there, you can delve into more advanced designs, or even consider constructing your own tentacles. The world really is your octopus oyster.

hackaday.com/2024/11/22/learn-…

La neve non era ancora caduta sull’Île-de-France, ma un’ondata di gelo digitale aveva già attraversato la Camera. Secondo Politico, negli ultimi giorni diversi account Telegram di parlamentari francesi sono stati violati. Mercoledì 20 novembre, i rappresentanti eletti dell’Assemblea nazionale hanno ricevuto un’e-mail dai servizi informatici del Palazzo Borbone che li avvertiva della compromissione degli account sulla popolare piattaforma di messaggistica russa. Gli attacchi, secondo quanto riportato da BFMTV, avrebbero colpito deputati di diversi schieramenti politici, un ex ministro del governo Macron, giornalisti politici e dipendenti dell’Assemblea.

Gli hacker avrebbero sfruttato un “attacco di phishing poco sofisticato”, spiega Baptiste Robert, esperto di sicurezza informatica e fondatore di Predicta Lab, in un’intervista a RTL. Le vittime ricevevano messaggi su Telegram con inviti apparentemente innocui: “Ho trovato una tua foto da bambino” o “Una foto del tuo maestro delle elementari”, oppure frasi come “Devo assolutamente mostrarti una cosa”. I messaggi contenevano link fraudolenti che, una volta cliccati, reindirizzavano a una finestra di login falsa. Questo permetteva agli hacker di prendere il controllo degli account in modo invisibile e remoto.

“L’attacco si presenta come un messaggio standard con un link fraudolento che richiede di inserire il proprio numero di telefono”, si legge nella mail inviata ai deputati dal delegato alla protezione dei dati dell’Assemblea nazionale. “Una volta fornito il numero, l’account Telegram viene compromesso immediatamente, consentendo all’aggressore di usarlo per diffondere contenuti dannosi.”

La vicenda mette in luce l’urgenza di rafforzare la sicurezza informatica, anche di fronte a minacce apparentemente banali.

L'articolo Parlamentari Francesi Hackerati! Un attacco Banalissimo di Phishing Li Colpisce in Massa proviene da il blog della sicurezza informatica.

Nella giornata di ieri, arriva in redazione una segnalazione da parte del Dott. Ilario Capurso, Responsabile Servizio Sistemi Informativi del Comune di Calenzano risultata interessante e allo stesso tempo allarmante. I siti delle Pubbliche Amministrazioni italiane stanno letteralmente scomparendo da Google, il motore più utilizzato da tutti gli “essere digitali”. Perché accade questo?

A partire dall’inizio di Novembre su forum.italia.it (gestito da AgID e Dipartimento per la Trasformazione Digitale) si sono moltiplicate le segnalazioni di malfunzionamento di indicizzazione dei siti web ufficiali di molte pubbliche amministrazioni locali italiane da parte di Google Search.

In alcuni casi si è assistito ad una repentina deindicizzazione delle pagine, in altri casi sono scomparsi interi domini di terzo livello riconducibili alla PA (nel formato comune.nomecomune.provincia.it).

Il problema riscontrato

Nel dibattito conseguente non è stata trovata una “causa comune” che potrebbe aver portato a questa deindicizzazione massiva (almeno da parte dei tecnici o incaricati della PA). Dapprima l’ipotesi più quotata pareva essere quella relativa all’implementazione del template “Design Italia”(designers.italia.it/) a cui gli enti pubblici sono obbligati ad allinearsi e che ha come scopo la standardizzazione dei contenuti ed una corretta accessibilità (e condizione necessaria per l’accesso ai finanziamenti PNRR in particolare la misura 1.4.1 “Esperienza del cittadino nei servizi pubblici”).

Questo uno screenshot relativo al mio Ente (Comune di Calenzano) che ci è stato inviato in redazione dal Comune stesso, con un confronto con il mese scorso sulle visite in arrivo da Google:

Effettuando ulteriori verifiche attraverso la Google Search Console si è scoperta una continua deindicizzazione delle pagine senza che venga segnalato un problema specifico.

Ancora nessuna risposta da Google

Sono state cercate incongruenze rispetto a piattaforme di hosting diverse, diversi provider, diversi template del sito, file robots.txt, file di sitemap.xml e diversi fornitori esterni ma non sembra esserci un fattor comune. Fatto da non tralasciare è che i siti incriminati sono normalmente raggiungibili e ricercabili da altri motori di ricerca.

Google è a conoscenza del problema (anche se non c’è una dichiarazione ufficiale) e “non è possibile fare altro che aspettare” riportano i comuni della Pubblica Amministrazione. Probabilmente qualche modifica nell’algoritmo di ranking ha generato il problema (qualcuno suppone l’introduzione dell’AI che è “scappata di mano”). Fatto sta che dopo 3 settimane il problema non è stato risolto.

Questo ha sollevato anche una discussione più ad ampio raggio su quanto i servizi messi a disposizione dei cittadini siano in verità dipendenti da Google che può far “sparire” una PA dall’oggi al domani (tant’è che si è registrato un forte calo nelle visite attraverso i vari analytics).

L'articolo I Siti delle Pubbliche Amministrazioni stanno scomparendo Google! Cosa sta succedendo? proviene da il blog della sicurezza informatica.

Il 19 novembre 2024, Apple ha distribuito una serie di aggiornamenti cruciali per migliorare la sicurezza e la stabilità dei dispositivi che utilizzano macOS, iOS, iPadOS e visionOS.

Questi aggiornamenti risolvono vulnerabilità critiche e ottimizzano le prestazioni di sistema, proteggendo i dati e l’esperienza utente su una vasta gamma di dispositivi Apple. Di seguito, un’analisi dettagliata delle principali novità.L’azienda ha reso prioritaria la protezione dei propri utenti, affrontando falle legate a WebKit e JavaScriptCore, il cuore del rendering delle pagine web sui dispositivi Apple.

Dettagli sulle vulnerabilità risolte

1. JavaScriptCore (CVE-2024-44308)

• Impatto: Un exploit permetteva di eseguire codice arbitrario utilizzando contenuti web dannosi. Secondo Apple, questa vulnerabilità potrebbe essere stata sfruttata attivamente, soprattutto su sistemi Mac con processori Intel.
• Soluzione: L’azienda ha introdotto controlli migliorati per prevenire ulteriori abusi.

1. WebKit (CVE-2024-44309)

• Impatto: La gestione errata dei cookie poteva portare ad attacchi di tipo cross-site scripting (XSS), mettendo a rischio la sicurezza delle sessioni utente. Anche in questo caso, Apple ha confermato il rischio di sfruttamento attivo della vulnerabilità.
• Soluzione: Apple ha risolto il problema migliorando la gestione dello stato dei cookie.

Entrambe le vulnerabilità sono state identificate dai ricercatori Clément Lecigne e Benoît Sevens del Google Threat Analysis Group, noti per il loro lavoro nel contrastare minacce informatiche avanzate.

L’importanza dell’aggiornamento

Le vulnerabilità risolte in iOS 18.1.1 dimostrano la continua necessità di mantenere aggiornati i dispositivi. Le falle di sicurezza possono essere sfruttate per compromettere dati personali o controllo remoto dei dispositivi. Con questa patch, Apple garantisce una maggiore protezione contro minacce emergenti.

Come aggiornare

Per installare iOS 18.1.1:

1. Vai su Impostazioni > Generali > Aggiornamento Software.
2. Assicurati che il dispositivo sia connesso a una rete Wi-Fi e abbia almeno il 50% di batteria.

Per maggiori informazioni sul contenuto di sicurezza degli aggiornamenti, Apple invita a consultare la pagina ufficiale degli aggiornamenti di sicurezza.

Conclusione

Questo aggiornamento conferma l’impegno costante di Apple nel proteggere la privacy e la sicurezza degli utenti, agendo rapidamente per mitigare rischi e garantire la massima affidabilità dei propri dispositivi.

L'articolo Apple rilascia iOS 18.1.1: aggiornamento cruciale per la sicurezza dei dispositivi proviene da il blog della sicurezza informatica.

When electronics release the Magic Smoke, more often than not it’s a fairly sedate event. Something overheats, the packaging gets hot enough to emit that characteristic and unmistakable odor, and wisps of smoke begin to waft up from the defunct component. Then again, sometimes the Magic Smoke is more like the Magic Plasma, as was the case in this absolutely smoked Omron programmable logic controller.

Normally, one tasked with repairing such a thing would just write the unit off and order a replacement. But [Defpom] needed to get the pump controlled by this PLC back online immediately, leading to the somewhat unorthodox repair in the video below. Whatever happened to this poor device happened rapidly and energetically, taking out two of the four relay-controlled outputs. [Defpom]’s initial inspection revealed that the screw terminals for one of the relays no longer existed, one relay enclosure was melted open, its neighbor was partially melted, and a large chunk of the PCB was missing. Cleaning up the damaged relays revealed what the “FR” in “FR4” stands for, as the fiberglass weave of the board was visible after the epoxy partly burned away before self-extinguishing.

With the damaged components removed and the dangerously conductive carbonized sections cut away, [Defpom] looked for ways to make a temporary repair. The PLC’s program was locked, making it impossible to reprogram it to use the unaffected outputs. Instead, he redirected the driver transistor for the missing relay two to the previously unused and still intact relay one, while adding an outboard DIN-mount relay to replace relay three. In theory, that should allow the system to work with its existing program and get the system back online.

Did it work? Sadly, we don’t know, as the video stops before we see the results. But we can’t see a reason for it not to work, at least temporarily while a new PLC is ordered. Of course, the other solution here could have been to replace the PLC with an Arduino, but this seems like the path of least resistance. Which, come to think of it, is probably what caused the damage in the first place.

youtube.com/embed/yZbEM-Sy79Q?…

hackaday.com/2024/11/21/quick-…

Visualization of magnetic skyrmions. (Credit: KRISS)
Magnetic skyrmions are an interesting example of solitons that occurs in ferromagnetic materials with conceivable solutions in electronics, assuming they can be created and moved at will. The creation and moving of such skyrmions has now been demonstrated by [Yubin Ji] et al. with a research article in Advanced Materials. This first ever achievement by these researchers of the Korea Research Institute of Standards and Science (KRISS) was more power efficient than previously demonstrated manipulation of magnetic skyrmions in thicker (3D) materials.

Magnetic skyrmions are sometimes described as ‘magnetic vortices’, forming statically stable solitons. In a broader sense skyrmions are a topologically stable field configuration in particle physics where they form a crucial part of the emerging field of spintronics. For magnetic skyrmions their stability comes from the topological stability, as changing the atomic spin of the atoms inside the skyrmion would require overcoming a significant energy barrier.

In the case of the KRISS researchers, electrical pulses together with a magnetic field were used to create magnetic skyrmions in the ferromagnetic (Fe₃GaTe₂, or FGaT) film, after which a brief (50 µs) electric current pulse was applied. This demonstrated that the magnetic skyrmions can be moved this way, with the solitons moving parallel to the electron flow injection, making them quite steerable.

While practical applications of magnetic skyrmions are likely to be many years off, it is this kind of fundamental research that will enable future magnetic storage and spintronics-related devices.

hackaday.com/2024/11/21/creati…

If you’re into CNC machining, mechanical tinkering, or just love a good engineering rabbit hole, you’re in for a treat. Substack’s [lcamtuf] has written a quick yet insightful 15-minute introduction to involute gears that’s as informative as it is accessible. You can find the full article here. Compared to Hackaday’s more in-depth exploration in their Mechanisms series over the years, this piece is a beginner-friendly gateway into the fascinating world of gear design.

Involute gears aren’t just pretty spirals. Their unique geometry minimizes friction and vibration, keeps rotational speeds steady, and ensures smooth torque transfer—no snags, no skips. As [lcamtuf] points out, the secret sauce lies in their design, which can’t be eyeballed. By simulating the meshing process between a gear and a rack (think infinite gear), you can create the smooth, rolling movement we take for granted in everything from cars to coffee grinders.

From pressure angles to undercutting woes, [lcamtuf] explores why small design tweaks matter. The pièce de résistance? Profile-shifted gears—a genius hack for stronger teeth in low-tooth-count designs.

Whether you’re into the theory behind gear ratios, or in need of a nifty tool to cut them at home, Hackaday has got you covered. Inspired? Read the full article by [lcamtuf] here.

hackaday.com/2024/11/21/gear-u…

A mouse is just two buttons, and a two-dimensional motion tracking system, right? Oh, and a scroll wheel. And a third button. And…now you’re realizing that mice can be pretty complicated. [DIY Yarik] proves that in spades with his impressive—and complex—mouse build. The only thing is, you might argue it isn’t really a mouse.

The inspiration for the mouse was simple. [Yarik] wanted something that was comfortable to use. He also wanted a mouse that wouldn’t break so often—apparently, he’s had a lot of reliability issues with mice in recent years. Thus, he went with a custom 3D-printed design with a wrist rest at the base. This allows his hand to naturally rest in a position where he can access multiple buttons and a central thumbstick for pointing. In fact, there’s a secondary scroll control and a rotary dial as well. It’s a pretty juicy control surface.

The use of a thumbstick is controversial—some might exclaim “this is not a mouse!” To them, I say, “Fine, call it a pointing device.” It’s still cool, and it look like a comfortable way to interface with a computer.

We’ve seen some other neat custom mice over the years, too, like this hilarious force-feedback mouse. Video after the break.

youtube.com/embed/GpYnQJRw7pw?…

hackaday.com/2024/11/21/custom…

With few exceptions, electronic event badges are often all but forgotten as soon as the attendee gets back home. They’re a fun novelty for the two or three days they’re expected to be worn, but after that, they end up getting tossed in a drawer (or worse.) As you might imagine, this can be a somewhat depressing thought thought for the folks who design and build these badges.

But thanks to a new firmware released by the FREE-WILi project, at least one badge is going to get a shot at having a second life. When loaded onto the RP2350-powered DEF CON 32 badge, the device is turned into a handy hardware hacking multi-tool. By navigating through a graphical interface, users will be able to control the badge’s GPIO pins, communicate over I2C, receive and transmit via infrared, and more. We’re particularly interested in the project’s claims that the combination of their firmware and the DC32 badge create an ideal platform for testing and debugging Simple Add-Ons (SAOs).

Don’t know what the FREE-WILi project is? Neither did we until today, which is actually kind of surprising now that we’re getting a good look at it. Basically, it’s a handheld gadget with a dozen programmable GPIO pins and a pair of CC1101 sub-GHz radios that’s designed to talk to…whatever you could possibly want to interface with.

It’s a bit like an even more capable Bus Pirate 5, which considering how many tricks that particular device can pull off, is saying something. As an added bonus, apparently you can even wear the FREE-WILi on your wrist for mobile hardware hacking action!

Anyway, while the hardware in the FREE-WILi is clearly more capable than what’s under the hood of the DC32 badge, there’s enough commonality between them that the developers were able to port a few of the key features over. It’s a clever idea — there’s something like 30,000 of these badges out there in the hands of nerds all over the world, and by installing this firmware, they’ll get a taste of what the project is capable of and potentially spring for the full kit.

If you give your DC32 badge the FREE-WILi treatment, be sure to let us know in the comments.

hackaday.com/2024/11/21/free-w…

Your project needs a cable, and since USB-C cables are omnipresent now, it’s only natural to want to reuse them for your evil schemes. Ever seen USB 3.0 cables used for PCIe link carrying duty? It’s because USB 3.0 cables are built to a reasonably high standard, both sockets and cables are easy to find, and they’re cheap. Well, USB-C cables beat USB 3.0 cables by all possible metrics.

Let’s go through USB-C cable reuse in great detail, and see just what exactly you get when you buy either a gas station C-C USB 2.0 cable, or, the fanciest all-features-supported 240 W Thunderbolt cable that money can buy. Looking for a cable to cut, or something to pass a seriously high-speed link? You’re reading the right article.

The Omnipresent Cables

USB-A to USB-C cables are the least interesting. They’re equivalent to a microUSB to USB-A cable, except there’s a resistor on the USB-C plug, connected from VBUS to one of the CC pins. That’s it. The cable contains four conductors, there’s really not much new. Save these cables for all the devices still built without the 5.1 kΩ resistors.

Now, a USB-C to USB-C cable – let’s say, 60 W max, the default USB-C cable capability. If your cable says anything less than 60 W, say, “2 A” or “15 W”, that’s a lie – it can handle 60 W no problem, all USB-C to C cables can do 60 W. This cable is also cool – for one, it has five conductors; GND, VBUS, D+, D-, and CC. Two of them (GND and VBUS) are guaranteed to be thick enough to carry 3 A without much voltage drop if any, too!

five conductors, two of them thicker – yep, you know where to find a replacement!
What does this mean? If you need a five-wire cable to fix your headphones, and you want something solid, a USB-C cable is probably your best bet ever – and you have a ton of choice here. You will inevitably end up with a heap of broken USB-C cables, which means you’ll never be short of 5-conductor cables – the kind of cable that has always been kind of a rarity, unless you’re pilfering headphone cables for your projects.

What about 100 W to 240 W cables? There’s good news and bad news. Good news is, the cable is likely to contain six wires. One extra wire is for VCONN – power for the emarker chip inside the cable plug, a memory chip you can read over the CC line, letting the PSU know whether the cable is indeed capable of carrying over 5 A – required for the 61 W to 240 W range.

Bad news is – there could still be five wires, if the cable is built using the alternative scheme with two emarkers, one per plug. The VCONN wire won’t be present then, and there’s no way to know until you cut the wire apart, so if you’re looking for a six-wire cable, you might have to try a few different cables. Also, the VCONN wire doesn’t connect the two plugs together – it’s isolated at one end, so don’t expect it to help if you use USB-C sockets instead of cutting the cable.

Now, you don’t always want to cut the cable – you can use USB-C sockets and apply your custom five-wire scheme to them. An idea I hear often is using USB-C cables for 3D printer hotends. It makes sense – such cables can handle 60 W of power without breaking a sweat, and you could likely do a fair bit more. Put extruder power onto the VBUS and GND pins, and use the three wires left for a thermistor and a limit switch. But the cable and socket mechanicals might be a dealbreaker. If your extruder-powering cable vibrates out of the socket, you might end up with a high-resistance-contact high-current connection on your hands – a recipe for melted plastic and possibly flames. Try it at your own risk!

You also won’t be able to make such cable reuse standard-compliant, and such port won’t be safe for any USB-C devices someone might plug into it, so label it accordingly, please.

What About Voltages?

What about putting arbitrary voltages onto VBUS, without PD negotiation? Again, it won’t be standards-compliant unless you really put some effort in – mark your jury-rigged sockets and cables accordingly, or they will eat your devices for breakfast. Also, SPR (100 W) cables contain 30 V 10 nF capacitors at each plug end, and EPR cables contain 63 V ones – reach these limits at your own risk, those capacitors are known to fail short-circuit.

Another factor is if you decide to go for the 48 V / 5 A target while bypassing the USB-C standard, because 48 V support is not as simple as putting 48 V on VBUS. If you just put 48 V on the VBUS pins, you’ll really want to figure out spark management, so that suddenly unplugging the cable won’t burn either the plug or the socket or both – PD has ways to deal with that, but they do require you to actually implement PD, specifically, EPR, which brings a heap of safety guarantees due to exceeding the 20 V limit.

That’s about it when it comes to reusing the cheapest kinds of USB-C cables – you get an extra wire compared to previous USB standards, it can handle a fair bit more power, and you can even use USB-C sockets. However, it will kill your devices if you’re not careful, and you need to take extra care if you go over 25 V or so. What about if you want to get more wires and pull some differential pairs instead?

Up The Speed

Fully-featured USB-C cables and sockets are genuinely wonderful for pulling high-speed communications over them. They are built to a solid standard, with proper impedance controls, shielding, and a modern-day understanding of digital transmission standards. Now, what exactly do you get from a fully-featured USB-C cable?
HDMI over USB C – as in, passing HDMI signals through USB-C cables. I guess, that’s one way to circumvent connector royalties!
Short answer is, you get six differential pairs, and one single-ended wire (CC), in addition to VBUS and GND. You might want to keep GND at a stable level here, and perhaps don’t mess too much with VBUS. There’s a ton you can do with these six diffpairs – two USB3 ports, or a PCIe x2 link, or two SATA, or HDMI, or CSI/DSI. You can even do Ethernet if you really want to – just don’t expect galvanic isolation to work.

There are nuances, of course! Ever see a teardown or an X-ray of a fancy fully-featured cable? There’s typically all sorts of ICs inside each plug. The first one is the emarker chip, and it’s a fun one to keep in mind. For a start, it will result in some ESD diodes between GND and CC – watch out, don’t bring CC below 0 V or above 5 V.

A second kind of IC is the signal re-driver, used in active cables. You have to provide power to these redrivers through either VBUS or VCONN, just like emarkers. If you don’t do it, your high-speed lines might just be unresponsive to any high-speed signal you apply to the pins.

What about rotation? That’s a tough one – unless your signal is very much like USB3/DisplayPort/Thunderbolt, you might not be able to find a suitable mux chip to rotate your signals. As such, you will likely want to stick to a single rotation and wire your signals directly. Then, if you plug in the cable in an unexpected way, it won’t work, so you should probably consider using the CC pin or the two SBU pins for lighting up LEDs. showing you whether you’re good, or whether you should unplug the cable, rotate it, and plug it back in, like in the good old days.

There’s one last thing you might care about. USB-C cables connect TX on one end to RX on another end, and vice-versa. This is nice for PCIe purposes, since it, too, flips pair naming at the connector. For any other signal, you’ll want to keep it in mind – RX1 won’t go to RX1 on the other end, it will go to TX1, and you’ll have to re-layout accordingly. Unfortunately, I’m not intimately familar with active cable inner workings – so, it’s hard for me to tell whether any active cable redriver chips would reject certain sorts of signaling, perhaps, signals that don’t match USB3, DisplayPort or Thunderbolt signaling types.

And One Last Hack

These are the basics of what you should know before you try and reuse a USB-C cable, no matter its complexity. That said, here’s an extra hack before we conclude!

Only one USB2 pair is actually connected at the USB-C cable end – the pair on the same side as the CC pin. My guess is, this was initially done to avoid stubs and cable plug PCB routing complications, as well as to accomodate standards like VirtualLink. Regretfully, we never got VirtualLink cables, which would allow us to use seven differential pairs at a time, but there is another hack we still get out of this!

What does this mean for you? If you use two USB2-grade 2:1 muxes, you can get two extra differential signals out of a fully-compliant USB socket, and they won’t even interfere with standard-compliant cables. Use this for SWD, JTAG, or whatever else, with your signals broken out through a custom plug – just make sure you dutifully switch the muxes depending on cable orientation, then you can keep your USB2 cake and eat it, too.

hackaday.com/2024/11/21/usb-c-…

Il Centro nazionale giapponese per gli affari dei consumatori ha raccomandato la pianificazione dell’eredità digitale per rendere più semplice per i propri cari la gestione degli account e degli abbonamenti dei cittadini dopo la loro morte. Questa iniziativa è nata a causa di numerosi casi in cui i parenti hanno incontrato difficoltà nel cancellare gli abbonamenti a causa della mancanza di accesso ai conti del defunto.

Il Centro suggerisce quattro passaggi per ridurre al minimo tali difficoltà:

1. nominare una persona di fiducia per la gestione dei dati digitali (nei servizi che supportano questo)
2. assicurati che i tuoi cari abbiano accesso ai tuoi dispositivi annotando login, password e codici PIN chiave;
3. creare una lista con l’intero elenco degli abbonamenti completati;
4. inserire tutte le informazioni di cui sopra nel testamento.

Con la crescente popolarità degli smartphone e dei servizi online, la necessità di tale pianificazione diventa sempre più urgente. I parenti affrontano problemi nel chiudere conti o annullare abbonamenti, il che porta a spese indesiderate.

Una soluzione potrebbe essere rappresentata da applicazioni che funzionano in modalità “interruttore a uomo morto”. Questi servizi inviano dati agli individui selezionati se l’utente non ha effettuato l’accesso all’account per un lungo periodo.

Inoltre, Meta offre la possibilità di nominare un cosiddetto “custode” (Legacy Contact) – l’erede dei poteri dell’utente, che sarà in grado di gestire l’account dopo la conferma ufficiale della morte del proprietario. Tali funzioni facilitano notevolmente molti processi per i parenti che stanno già vivendo un forte stress. Gli esperti sottolineano che disporre di dati preparati in anticipo aiuta a evitare difficoltà finanziarie ed emotive.

L’idea della pianificazione digitale non solo aiuta a organizzare la propria eredità, ma apre anche nuove opportunità per gli imprenditori che creano tali servizi. Prima o poi, la maggior parte dei siti e dei servizi sarà in grado di fornire tale funzionalità, e l’unica domanda che resta è se il nostro patrimonio digitale si trasformerà in un archivio ordinato o rimarrà un’eco caotica del passato che giace da qualche parte su Internet.

L'articolo Eredità digitale: chi gestirà i tuoi abbonamenti Netflix quando sarai nell’aldilà? proviene da il blog della sicurezza informatica.

With the rapidly evolving situation surrounding the Redbox vending machines still out in the wild, it’s about time somebody put together a Wiki to keep it all straight.

The unredbox wiki has information on the various different hardware revisions that Redbox put out into the wild, from the regular outdoor machines to the weird indoor blue variant. The site also has breakdowns on individual components. For example, it covers the computers inside the machines, built by Dell, Lenovo, and Premio, and bits and pieces like the DVD carousel and the modems used inside.

Basically, if you’re working with these machines and you don’t have a manual, this resource could help you out. As could the neat video below that shows the internals of a Redbox machine during the reloading process.

Whatever you do, though, don’t steal the kiosks. There’s folks handling that already, you’re not allowed to just walk up and haul them away. Check out our earlier coverage of people that are still out there renting from these machines, too.

youtube.com/embed/X7XRjBMUoh0?…

hackaday.com/2024/11/21/theres…

The SR-71 with its blended wing body design. (Photo by Tech. Sgt. Michael Haggerty, US Air Force, 1988)
Ask someone to picture an airplane and they’re likely to think of what is essentially a tube with wings and a stabilizing tail tacked onto one end of said tube. Yet it is also no secret that the lift produced by such a tube is rather poor, even if they’re straightforward for loading cargo (static and self-loading) into them and for deciding where to put in windows. Over the decades a number of alternative airplane designs have been developed, with some of them also ending up being produced. Here most people are probably quite familiar with the US Air Force’s B-2 Spirit bomber and its characteristic flying wing design, while blended wing body (BWB) maintains a somewhat distinctive fuselage, as with for example the B-1 Lancer.

Outside of military airplanes BWBs are a pretty rare sight. Within the world of passenger airplanes the tube-with-wings pattern that the first ever passenger airplanes adopted has persisted with the newest designs, making it often tricky to distinguish one airplane from another. This could soon change, however, with a strong interest within the industry for passenger-oriented BWBs. The reason for this are the significant boosts in efficiency, quieter performance and more internal (useful) volume, which makes airline operators very happy, but which may also benefit passengers.

With that said, how close are we truly to the first BWB passenger airplane delivery to an airline?

Heavier Than Air Aerodynamics

Wright Flyer II flying circles in 1904 (Photo by the Wright brothers)
When regarding the first ever airplanes to make a successful powered flight, in particular the Wright Flyer, it’s notable where the focus was put in the design. The Wright Flyer doesn’t have much of a fuselage, but is mostly wing, along with some means for control by changing the shape of the wings (wing warping) in addition to the dual elevators and rudders. As an early attempt at controlled (powered) flight, it rather mimicked the way that birds control their flight by changing the shape of their wings.

As airplane designs evolved and saw explosive growth throughout World War I with practically weekly new designs, we saw the appearance of the now familiar design with a distinct fuselage and control scheme including wing-mounted ailerons and similar methods. Bi- and tri-planes gave way to monoplanes, and especially for passenger jets the tube fuselage ended up being extremely useful as a way to add more internal capacity by lengthening said tube or widen it (so-called wide-body jets).

Despite experiments with early BWBs such as the 1924 Westland Dreadnought prototype, 1938’s Miles M.30, 1944’s McDonnell XP-67 interceptor and Canadian Burnelli CBY-3, only these last two saw significant usage, albeit with the XP-67 failing US Army trials. The single CBY-3 airplane that was built did see significant use as a commercial airliner until its retirement in 1964 after which it was restored and moved into the collection of the New England Air Museum in Windsor Locks, Connecticut.

With seemingly an endless string of failures and one quite unremarkable non-military airplane resulting from BWB research by the 1960s, one might be excused for thinking that the BWB advantages are mostly hot air. Here the designs that began to appear by the 1970s began to turn heads, however.

Trade-offs

A B-2 Spirit from Whiteman Air Force Base, Mo., flies over an undisclosed location in the U.S. Pacific Command area of operations. (Credit: Senior Airman Joel Pfiester)
The advantages of blending the wings into the body are obvious: it first of all reduces the wetting surface (i.e. the wetting aspect ratio), meaning that there’s less of the airplane’s structure interacting with the atmosphere and thus less drag. Second, it makes it possible to turn more or all of the fuselage into part of the airfoil, and thus have it too generate lift. The disadvantages mostly lie in that it makes controlling the airplane more complex as you abandon the inherent aerodynamic stability of a tube. The more extreme examples of this issue are found in both flying wings and lifting body design.

A flying wing design such as the Northrop B-2 Spirit bomber is a purely fly-by-wire design, as only the lightning-fast reflexes of a computerized system can keep what is ultimately an inherently unstable aerodynamic shape stable. This is an approach which was pioneered for a large part in the Lockheed F-117 airplane, which got referred to in such loving terms as for example ‘the flying brick’ due to its rather poor aerodynamic properties.

The move from a tube to a blended wing design can be likened to creating arrows that abandon the cylindrical shape for a blended fletching design: you lose the natural stability (and radar cross-section) that comes with a cylinder-with-fletching. This is of course great if you are designing an agile jet fighter that has to pull off dramatic course changes, or a long-distance (stealth) bomber, but less great if you’re designing a passenger airplane. In a naturally risk-averse industry like commercial aviation, this has kept airplane designs roughly as exciting and innovative as when the Boeing 737 first rolled off the production line, with mostly incremental tweaks and improvements, including to the engines.

End Of The Road

Airbus MAVERIC sub-scale model (Credit: Airbus, 2019)
Within the limitations of the tube-with-wings design incredible feats of optimizations have been performed over the decades, with each successive generation being a bit more efficient and their engines more quiet and easier on fuel consumption. New gains within these same limitations are however becoming increasingly harder and more expensive, while a commercial BWB jet liner could see multi-digit percentage fuel savings, increase space for cargo and passengers, while reducing the noise produced by the engines. All with just the first generation of such passenger airplanes.

Most of the fuel savings come simply from the reduced wetting area, and a boost to the airfoil ratio. Together with the ability to move the position of the engines and other tweaks, there is nothing about a passenger BWB airplane that’s truly groundbreaking or revolutionary. The main challenge will be to create an airplane that will both please organizations like the FAA and its international equivalents, and appeal to passengers. Here we have a number of startups and incumbents vying for the limelight, including Nautilus with its Horizon airplane, JetZero and Airbus, as well as NASA research projects like the N3-X BWB.

Of these efforts, the Airbus MAVERIC BWB is a scale model UAV that Airbus used to test and validate the basic BWB design, until 2020 to help design its next-generation airplanes. The Nautilus Horizon is roughly at this level too, with the 2016-founded company working towards building a first full-scale prototype. Meanwhile JetZero got picked by the US Air Force to work on BWB designs for cargo and in-air refueling tankers, which has them cooperating with Northrop Grumman on a full-scale model to demonstrate that is the direction that the US Air Force would want to move into.

Suffice it to say that tapping into the US defense budget is not a bad way to finance a startup, with the know-how and experiences translating into commercial cargo and passenger BWB airplanes. Currently the JetZero Pathfinder 1:8 scale model is test flying at Edwards Air Force Base, with JetZero hoping to have a passenger airplane in service by 2030.

New Skies

Passenger BWB airplanes would be both something very new and exciting, but also very old-school. In a way it would see the commercial aviation market hesitantly abandon the designs that it has been perfecting roughly since Douglas DC-3 propeller airplanes roamed the skies in the 1930s. From new construction methods, new materials, jet engines instead of propellers, to big boosts in efficiency and automation, today’s commercial aviation is both alien and very familiar to that of the 1930s and 1950s.

Even as military airplanes began to morph into new shapes and experiment with pushing every single envelope they could find, commercial aviation became more concerned with not spending money while being dragged by regulators into an era of increased safety and efficiency even as leg space and carry-on luggage size decreased. Now it would seem that, perhaps ironically, the only way forward for commercial aviation is to look at designs that have long since been adopted by air forces.

While for cargo variants of commercial BWB airplanes the question of seating arrangements and windows aren’t very relevant, perhaps the biggest fight will be over how to partition up the much larger inner volume for self-loading freight (i.e. passengers), as SLF is rather partial to having access to a window, an aisle, as much leg space as possible and other such critter comforts. In this 2020 article about the Airbus MAVERIC scale model some sci-fi renders of potential interiors are shown, but as the first BWB passenger airplanes get shown off by the airlines that ordered them, there will surely be very strong opinions by the peanut gallery about whether flying tubes or BWB airplanes are ‘better’.

One thing is certain, however, with the current crisis enveloping Boeing and their lagging behind on fulfilling new airplane orders, if there ever was a decade ripe for big shifts in commercial aviation, this one might just be it. For now all we can do is strap ourselves in and see where things will be in six years or so from now.

Featured image: Rendering of a JetZero blended wing body aircraft with US Air Force markings. (Credit: US Air Force)

hackaday.com/2024/11/21/blende…

È stato scoperto il ransomware Helldown che penetra nelle reti aziendali attraverso le vulnerabilità dei firewall Zyxel. Helldown è stato descritto per la prima volta dagli analisti di Cyfirma nell’estate del 2024 e in ottobre i ricercatori di Cyberint hanno parlato del suo lavoro.

Ora gli esperti Sekoia, che hanno studiato i recenti attacchi di Helldown, hanno dedicato un rapporto anche alla nuova minaccia. Secondo loro, questo ransomware non è uno dei principali attori nel “mercato” dell’estorsione, ma sta rapidamente guadagnando slancio e sul sito web degli aggressori compaiono messaggi su nuove vittime.

All’inizio di novembre 2024 sul sito web degli aggressori sono state pubblicate informazioni su 31 vittime. La maggior parte delle vittime erano piccole e medie imprese degli Stati Uniti e dei paesi europei. Ora il loro numero è sceso a 28, il che potrebbe indicare che alcune delle vittime hanno pagato un riscatto agli hacker.

È noto che la variante Linux del ransomware prende di mira i file VMware e contiene codice per elencare e spegnere le macchine virtuali, oltre a crittografare le immagini. Tuttavia questa funzionalità è abilitata solo parzialmente poiché il malware è ancora in fase di sviluppo.

La versione di Helldown per Windows, secondo gli esperti Sekoia, si basa sulle fonti trapelate del ransomware LockBit 3 e presenta anche somiglianze con i malware Darkrace e Donex. Tuttavia, sulla base dei dati disponibili, non è stato possibile stabilire collegamenti esatti tra queste famiglie di malware.

Allo stesso tempo, gli esperti scrivono che il ransomware non sembra particolarmente avanzato. Ad esempio, utilizza file batch per completare le attività, il che significa che questa funzionalità non è integrata nel malware stesso.

Va inoltre notato che gli operatori di Helldown non sono troppo selettivi quando si tratta di furto di dati e pubblicano immediatamente grandi dump sul loro sito Web (in un caso la perdita ha raggiunto 431 GB).

Sulla base di questi dati, gli esperti Sekoia suggeriscono che Helldown può sfruttare la vulnerabilità CVE-2024-42057 associata all’iniezione di comandi nella VPN IPSec. Questo bug consente a un utente malintenzionato non autenticato di eseguire comandi inviando un nome utente falso (l’attacco avrà successo solo se il dispositivo è configurato per l’autenticazione PSK basata sull’utente e il nome utente è più lungo di 28 caratteri).

La vulnerabilità è stata risolta nella versione firmware 5.39 all’inizio di settembre di quest’anno. Poiché i dettagli sullo sfruttamento del problema non sono ancora stati resi pubblici, i ricercatori ritengono che gli autori di Helldown potrebbero avere accesso a exploit privati ​​di n-day.

L'articolo Zyxel sotto Attacco: Come il Ransomware Helldown Sfrutta la Falla nei Dispositivi VPN proviene da il blog della sicurezza informatica.