It’s not often that the passing of a medium sized company on an industrial estate on a damp and soggy former airfield in southern England is worthy of a Hackaday mention, but the news of hypersonic propulsion company Reaction Engines ceasing trading a few weeks ago is one of those moments that causes a second look. Their advanced engine technology may have taken decades to reach the point of sustainable testing, but it held the promise of one day delivering true spaceplanes able to take off from a runway and fly to the edge of the atmosphere before continuing to orbit. It seems their demise is due to a failure to secure more funding.

We’ve written about their work more than once in the past, of their hybrid engines and the development of the advanced cooling system required to deliver air to a jet engine working at extreme speeds. The rights to this tech will no doubt survive the company, and given that its origins lie in a previously canceled British Aerospace project it’s not impossible that it might return. The dream of a short flight from London to Sydney may be on hold for now then.

Writing this from the UK there’s a slight air of sadness about this news, but given that it’s not the first time a British space effort has failed, we should be used to it by now.

Header: Science Museum London / Science and Society Picture Library, CC BY-SA 2.0

hackaday.com/2024/12/04/runway…

This week, Jonathan Bennett and David Ruggles chat with Sylvestre and Brian about Firefox! What’s up in the browser world, what’s coming, and what’s the new feature for Firefox on mobile that has Jonathan so excited? Watch to find out!

• mozilla.org/en-US/firefox/deve…
• briangrinstead.com/blog/firefo…
• browserbench.org/announcements…

Subscribe to catch the show live, and come to Hackaday for the rest of the story!

youtube.com/embed/8j69gjQGYqA?…

Did you know you can watch the live recording of the show Right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.

play.libsyn.com/embed/episode/…

Direct Download in DRM-free MP3.

If you’d rather read along, here’s the transcript for this week’s episode.

Places to follow the FLOSS Weekly Podcast:

• Spotify
• RSS

Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

hackaday.com/2024/12/04/floss-…

In the last two articles, I talked about two systems relying on audio notifications. The first one is the Alt-Tab annihilator system – a system making use of my window monitoring code to angrily beep at me when I’m getting distracted. The other is the crash prevention system – a small script that helps me avoid an annoying failure mode where I run out of energy before getting myself comfortable for it.

I’ve been appreciating these two systems quite a bit – not only are they at my fingertips, they’re also pretty effective. To this day, I currently use these two systems to help me stay focused as I hack on my own projects or write articles, and they are definitely a mainstay in my self-hacking arsenal.

There is a particular thing I’ve noticed – audio notifications help a fair bit in a way that phone or desktop notifications never would, and, now I have a framework to produce them – in a way that calls for a purpose-tailored device. It’s just wireless headphones, Pi-powered, connected through WiFi, and a library to produce sounds on my computer, but it turns out I can squeeze out a lot out of this simple combination.

Here’s a pocketable device I’ve developed, using off-the-shelf hardware – an audio receiver/transmitter with extra IO, paired to my laptop. And, here’s how I make use of this device’s capabilities to the fullest.

Audio Output

In the “producing sound out of a Pi” article, I’ve mentioned USB-C 3.5mm soundcards. You can use them with a USB-C host port, and you don’t even need any sort of resistors for that – the soundcard doesn’t try and detect state of the CC pin, and why would it, anyway? Get VBUS, GND, D+, and D-, and you got yourself an audio card with high quality output.

I’ve also talked about the Roc toolkit – it’s a system for transferring audio over a network connection, whether LAN or WAN. It requires Linux/Mac/Android, so it fits wonderfully in my Windows-less ecosystem. I’ve been using it for years, on this kind of devices, and my friends use it with Android phones. Whenever I meet up IRL with some of my friends, at times, we might use a Roc sender on someone’s laptop to stream music or some YouTube video into everyone’s headphones at the same time.
This $10 Apple USB soundcard has been instrumental in many of my Pi audio projects – it’s just that good
A Roc receiver works wonderfully on a Pi Zero. It only made sense to marry Roc, a USB-C soundcard, and a Pi – they work wonders together. Here’s a script you can run on the Pi, coupled with an audio service, and the repo contains all the laptop-side commands you could need. You don’t need to install Pulseaudio for it or anything of the sort – it uses an Alsa card number, so as long as that remains static (very likely on a pocket system), you got it.

On the laptop side, I use pavucontrol to switch audio outputs – if your OS uses Pipewire, you can still use pavucontrol, and, you can also use qpwgraph if you ever want to route audio in a very specific way. It’s like Bluetooth headphones, except they work over WiFi, which avoids Bluetooth software nuances, antenna sharing issues, annoying pairing and battery level noises, audio quality limitations, and relatively short range, not to mention all the features I can add myself. And, the battery also works throughout the entire day – no need to take the headphones off to top them up every now and then, charging the device overnight is sufficient.

Bring The Sound Everywhere

What does this device let me do? First off, I can listen to music or videos even if I get up from my computer and go to a different room. This alone frees up a hefty amount of executive function – it’s way easier to get up from the desk and go cook some food while I am watching a video or a livestream, it just keeps playing in my ears all throughout, so I don’t have to feel like I’m missing out on something!

With Tailscale, or any other personal VPN accessible from the outside, I could also take this pocket device outside on a walk or cycling trip, connected to my phone in mobile hotspot mode, and listen through a queue of videos I was long planning to watch. Roc also let me pass the headset microphone back to my computer – which, I often use to have Discord calls with friends while going around the house and doing cleaning or other chores.

Another worthwhile addition is audio notifications, and the alt-tab annihilator audio library helps a fair bit. I already get audio notifications from some browser tabs, so I can get little beeps when someone from a select group of friends of mine messages me, and you could easily make a utility like beep to let yourself know when long-running shell scripts finish. Not to mention that you could definitely port a “beep every X minutes” script to it!

Now, you might notice – this device is output-only, and most of the tasks above could use some input capabilities. For instance, remote audio streaming could use volume control and media seek/switching – all the more so when I’m listening to my laptop’s audio while being ten kilometers away. I’m not a fan of voice commands, though you could definitely use those – for me, the headset’s single button was more than enough.

One Button For All Seasons

The USB-C soundcard has a USB HID endpoint, and it produces keypress events (for the PLAYPAUSE keycode) when I press the button – what’s more, it even keeps track of when the button is pressed and when it’s released! I’ve been working with HID devices a fair bit now – perhaps, I could extract multiple features out of that single button.
With just one button, you can make wireless multi-functional controls for anything you want
The main problem was, while the headset is connected to a Pi Zero in my pocket, the HID device is completely unused – it’s a CLI distribution of Raspbian, after all, no software would care for those keypresses. This wasn’t hard to fix – there’s two crucial elements to a HID device, first one is the descriptor, and another one is the report. Forward these aspects over the network using rawhid and uhid respectively , and you can have your device work natively over the network. I wrote a client-server application, ran the server on the pocket Pi, client on my laptop, and now I could use the headset button seamlessly as if the USB-C soundcard were connected to my laptop directly.

Now, I could pause or resume music of videos wherever I needed. I also hardcoded a feature into the server – restart the Roc streaming service once the HID device is connected, and restart it again once the device is unplugged. The Roc commandline receiver doesn’t exit on its own when an audio device disappears, instead, consuming 100% of the CPU, and it doesn’t restart by itself when the audio device disappears, either. Both of these problems were easy to solve as an aside of the HID forwarding server.

The single purpose of this button was a problem, though – not even volume controls would work. What can you do with a single button? A lot – if you can distinguish button press from a button release, and this soundcard sure can. If you’ve ever controlled your phone using headset button double presses or long presses, rejoice – reimplementing that is trivial; not that a three-button headset isn’t a more comfortable option still. I wrote a script distinguishing press length, and assigned different callbacks to different sequences.

From here, I can do a double click of the button, or a long press, or a long press followed by a double click, or long-short-long press – map different actions to different combinations and off we go. So far, I use it for volume control, seeking and pausing/resuming media, and poking some of my other self-hacking scripts remotely – but you can add features seamlessly, like running scripts of your choosing, reading out your desktop notifications through text-to-speech, setting timers, making notes of specific events in your life, or even combining it with the on-headset mic to record audio notes as you go.

Headphone Friend

All you need – a Pi Zero W, a power management board, and a USB-C host socket (no CC resistors, even!)
At this point, I have a pocket audio receiver device tied into my laptop over the local network, and, just as easily, Internet. While using it, it’s as inobtrusive as a pair of headphones paired to a wireless receiver, except that every single feature is used to the max. From a constant stream of audio, be it videos and music to notifications, to controlling my laptop remotely, this device is an augment like no other, codename’d “headphone friend” among my friends.

There’s another fun futuristic aspect to this build. With minimal modifications, it’s the kind of device I can take out of my pocket, connect to a USB-serial or USB-Ethernet adapter, wire it into a network switch in a rack, and then sit ten meters away from it on a comfy couch, reconfiguring the switch through its serial port. Or, I can hook this device onto a robot riding around, and collect telemetry through its debug port. Pair your Pi with a battery and a USB-C soundcard, and, you too can benefit from such a device – or accidentally build an even cooler platform while at it, after all, that’s how it worked out for me.

We’ve been fans of the Yosys / Nextpnr open-source FPGA toolchain for a long while now, and like [Michael] we had no idea that their oss-cad-suite installer sets up everything so that you can write in Verilog or VHDL, your choice. Very cool!

Verilog and VHDL are kind of like the C and ADA of the FPGA world. Verilog will seem familiar to you if you’re used to writing code for computers. For instance, it will turn integer variables into wires that carry the binary values for you. VHDL code looks odd from a software programmer’s perspective because it’s closer to the hardware and strongly typed: an 8-bit integer isn’t the same as eight wires in VHDL. VHDL is a bigger jump if you have software in your brain, but it’s also a lot closer to describing how the hardware actually works.

We learned Verilog, because it’s what Yosys supported. But thanks to GHDL, a VHDL analyzer and synthesizer, and the yosys-ghdl-plugin, you can write your logic in VHDL too. Does this put an end to the FPGA-language holy wars? Thanks, Yosys.

[Michael] points out that this isn’t really news, because the oss-cad-suite install has been doing this for a while now, but like him, it was news to us, and we thought we’d share it with you all.

Want to get started with FPGAs and the open-source toolchain? Our own [Al Williams] wrote up a nice FPGA Boot Camp series that’ll take you from bits to blinking in no time.

hackaday.com/2024/12/04/did-yo…

Le agenzie di sicurezza informatica di Stati Uniti, Australia, Canada, Nuova Zelanda e Regno Unito hanno emesso un avvertimento congiunto sulle attività di spionaggio da parte degli hacker cinesi. Gli aggressori hanno compromesso le reti delle principali società di telecomunicazioni del mondo per condurre una massiccia campagna di raccolta di informazioni.

Secondo il rapporto gli aggressori sfruttano le vulnerabilità presenti nell’infrastruttura delle reti di telecomunicazione per penetrare e successivamente raccogliere informazioni. L’enfasi principale è sulla compromissione dei dispositivi di rete: router, switch e firewall.

Gli esperti sottolineano che gli aggressori sfruttano attivamente le vulnerabilità note nella configurazione dei dispositivi di rete, ma non è stato ancora individuato alcun segno dell’utilizzo di nuovi metodi.

Raccomandazioni per migliorare la sicurezza

Le principali misure di sicurezza della rete includono:

• Monitoraggio della configurazione. È necessario monitorare tutte le modifiche nelle configurazioni dei dispositivi di rete, identificare e analizzare le modifiche sospette. Gli esperti consigliano di utilizzare l’archiviazione centralizzata delle configurazioni, eliminando la possibilità di gestire direttamente i dispositivi.
• Analisi del traffico di rete. Per monitorare la trasmissione dei dati, si consiglia di posizionare sistemi di raccolta del traffico nei nodi chiave della rete, che consentono di identificare rapidamente anomalie e potenziali minacce.
• Protezione del registro. I registri di sistema devono essere crittografati e archiviati in più luoghi per evitare perdite o modifiche non autorizzate. Si propone di utilizzare sistemi di registrazione centralizzati con la capacità di analizzare grandi volumi di dati.

Gli autori del documento sottolineano l’importanza della segmentazione della rete. VLAN (Virtual Local Area Networks) e zona demilitarizzata (DMZ) aiutano a isolare i sistemi critici dalle minacce esterne. Si consiglia inoltre di limitare l’accesso ai dispositivi tramite Internet. La gestione dovrebbe essere effettuata solo da dispositivi attendibili attraverso canali di comunicazione sicuri.

Inoltre, si consiglia di disabilitare i protocolli non utilizzati come Telnet, FTP e le versioni legacy di SSH. Un elemento importante è il passaggio ai moderni standard di crittografia, come TLS 1.3 e AES-256, per ridurre la probabilità di uno sfruttamento efficace delle vulnerabilità.

Cisco nel mirino ma anche l’esigenza di una Security By Design ben fatta

Gli esperti hanno identificato le apparecchiature Cisco come una delle più frequentemente attaccate. Per ridurre al minimo i rischi, si consiglia di disabilitare i servizi Cisco Smart Install e implementare una protezione tramite password più rigorosa. Si consiglia inoltre di utilizzare versioni aggiornate del software ed evitare di utilizzare algoritmi di crittografia obsoleti.

Uno dei compiti chiave è aumentare il livello di visibilità dei processi nelle reti. Ciò implica la capacità delle organizzazioni di monitorare, analizzare e comprendere ciò che sta accadendo nell’infrastruttura. L’elevata visibilità consente di identificare rapidamente minacce, anomalie e vulnerabilità. Per raggiungere tali obiettivi, si consiglia di implementare soluzioni SIEM in grado di raccogliere e analizzare dati da varie fonti.

Inoltre, si propone di verificare tutti i dispositivi di rete, compreso il controllo degli account utente e la disattivazione degli account inattivi. I dispositivi devono essere protetti dal controllo remoto da parte di fonti non autorizzate.

Il documento sottolinea inoltre l’importanza di adottare un approccio Secure by Design nello sviluppo di software e dispositivi di rete. Il metodo implica che i produttori di hardware e software debbano fornire il massimo livello di protezione nella fase di sviluppo. Le organizzazioni sono incoraggiate a richiedere ai fornitori di aderire a tali principi.

Gli attacchi legati alla Cina

Gli attacchi informatici legati alla Cina continuano a rappresentare una seria minaccia per le reti di telecomunicazioni globali. Gli esperti sottolineano l’importanza di una risposta tempestiva alle minacce, eliminando le vulnerabilità e applicando metodi di sicurezza moderni. Le organizzazioni che gestiscono infrastrutture critiche sono fortemente incoraggiate ad attuare le misure descritte per migliorare la resilienza della sicurezza informatica.

L'articolo CISA: Attacco alle Reti! Gli Hacker Cinesi Minacciano la Sicurezza Mondiale proviene da il blog della sicurezza informatica.

The London Underground is an iconic piece of Victorian era engineering. What started in 1863 quickly became a core piece of infrastructure that would define the modern character of the British capital. It’s grown and changed immensely in the many years that have passed. Sadly, increasing patronage and more trains have created problems that the original designers never envisaged.

Deep in those London tunnels lies an engineering challenge. The Tube is literally cooking itself. Every day, millions of commuters descend into a network of tunnels that have been absorbing heat since the reign of Queen Victoria. Those clay-lined tubes have been soaking up excess thermal energy like a giant underground radiator, and now they’re giving it back with interest. The tunnels are simply too hot, and cooling them down is inordinately difficult.

The Perfect Storm of Thermal Chaos

The Tube’s heat problem isn’t just about one thing gone wrong – it’s about everything gone wrong at once. When Victorian engineers designed these tunnels, cooling wasn’t a major consideration. The tight, compact tunnels were built deep, nestled in the clay beneath London. In the early days, temperatures in the Underground were considered comfortably low.

“The Underground’s the only spot for comfort when the days are hot; it is cooler below.” – London Underground poster, 1926

Originally, the clay surrounding the tunnels sat at around 14°C, acting as a heat sink for the network. However, over the years, with more trains coming and going and more heat pouring in, the temperature has risen. It now typically sits anywhere from 19° to 26 °C. That’s just the earth around the tunnels, though. Air temperatures are worse—hitting as high as 47°C during a 2006 heatwave. The problem has been a continual bugbear of the beloved Tube, with concerns that future heatwaves could see temperatures rise ever higher.
Victoria and Central have been the hottest lines in recent years, according to TfL data.
The problem varies depending on which part of the Tube you’re on; some lines are worse than others. The Central Line is worthy of the nickname “The Central Heat Line”, with temperatures historically reaching 35°C. That’s not just uncomfortable – it’s approaching the limit of what the human body can handle efficiently. Much of this is due to the tunnel’s design. Opened in 1900, it featured two compact tunnels buried over 20 meters underground with minimal space for ventilation. It’s one of the so-called “deep-level” lines on the Underground network. Meanwhile, the Victoria line hit 31°C at its peak in 2023, and actually overtook the Central line as the hottest line, recording an average temperature of 28°C last year. Contrast that with the newer Jubilee line, which recorded an average temperature of just 22°C—far more comfortable.

To understand the problem, we need to know where the heat is coming from. A breakdown of heat sources was provided by Rail Engineering in 2007. Trains using their brakes, converting kinetic energy to heat, contributed 38% of the total heat input to the underground. The rest was put down to mechanical sources (22%) and the drivetrain (16%)—because those big electric motors get hot in operation.

As we wrap up for cooler temperatures outside, remember to remove coats whilst travelling to prevent overheating.

— TfL (@TfL) November 6, 2018

TfL at times has to remind customers that the Underground is warm even when it’s cold outside.

The rest of the heat came from a variety of sources, with train auxiliary equipment and tunnel support systems making up 13% and 4% respectively. The human factor can’t be ignored—each passenger is basically a 100-watt heater on legs. Multiply that by the millions of commuters that pass through each day, and you can see the scale of the problem. Indeed, passengers contributed the final 7% of heat generation in the Tube system. Of all the heat generated in the Tube, 79% passed into the tunnel walls, with 11% going into the tunnel itself. The remainder—just 10%—was removed via ventilation.

While the Tube had been slowly getting hotter for some time, the problem really started coming to a head in the mid-2000s, particularly when the European heatwave hit in 2006. Solutions were demanded, but the Underground wasn’t going to make it easy. The oldest parts of the network presented the greatest challenges, with precious little space to fit additional equipment for cooling. Many lines were simply too tight to allow for air conditioners to be retrofitted to existing trains, for example. Even if they were fitted, there would be a further problem of how to remove the additional waste heat generated from the tunnels, which were already too tight to ventilate effectively.
Victoria Station has had plenty of attention in recent decades, with TfL installing new cooling systems. Credit: Oxyman, GNU Free Documentation License
The quagmire had even prompted then-Mayor Ken Livingstone to put forth a £100,000 bounty for anyone that could solve the problem. However, it went unawarded. Despite over 3,500 proposals, the Underground authorities found only unworkable or unaffordable solutions, or ones they were already considering.

As you might expect, the problem hasn’t just gone away. Indeed, British media have begun regularly putting out articles on the hottest tube lines each year, as well as updates on what is to be done. Looking ahead, climate change is only going to make this underground sauna more challenging to manage. TfL’s engineers are in a race against time and physics, trying to cool a system that was never designed to be cooled.

Transport for London’s engineers haven’t taking this lying down, however. In recent decades, they’ve thrown a range of complicated solutions at this difficult problem. Victoria Station saw major upgrades, with the successful trial of a groundwater-based cooling system and heavily-upgraded ventilation. On the toasty Central line, engineers realized there was an additional heat input into the system. Trains travelled above ground for part of their route, which would see them heat up in the sun and then bring that energy underground. Countermeasures included installing reflective material on train roofs and solar-reducing films on the windows.

Trials of a new panel-based cooling system have also taken place in recent years at the disused Holborn station, with TfL considering a rollout to various stations after successful trials. The system involves circulating cold water through a curved metal structure. Air is chilled by blowing it through the curved panels and into the station. The system is designed specifically to operate in stations on the deep parts of the Tube network, with an eye to keeping maintenance and operation of the system as practical as possible.
Subsurface lines have been running S-Stock trains, which feature full air conditioning to keep passengers comfortable. Credit: (c) Transport for London
Some Tube lines have been lucky enough to get air-conditioned trains, too. These can be found on the Circle, District, Hammersmith & City, and Metropolitan lines. The modern S-Stock trains run largely on the less-deep sub-surface Tube lines, where it’s possible to easily deal with the hot exhaust of the air conditioning systems. These trains also have regenerative brakes, which turn some kinetic energy back into electricity to feed into the tube network. This cuts the amount of kinetic energy turned into heat, which aids in keeping the network cooler.

The Picadilly line is due to gain air conditioning in 2025, when it abandons its 1973 Stock trains for newer models. Other lines will have to wait longer. Central Line is slated to receive new air-conditioned trains in early 2030, which will replace the aging 1992 Stock models operating on that line. Bakerloo, Waterloo and City, and Jubilee lines are slated to receive upgraded trains “within the next 20 years” according to a Transport for London statement late last year.
The Picadilly line will see its aging trains replaced with newer air-conditioned models starting in 2025.
Air conditioned trains will help to some degree by cooling passengers on the move. However, those air conditioners will necessarily pump heat out of carriages and straight into the tunnels the trains are travelling through, plus some waste heat to boot. That heat will have to be dealt with one way or another, lest the network heat up further. There’s also the problem that passengers on platforms will still be exposed to high temperatures. Ultimately, both the stations and the trains need to be brought down to reasonable temperature levels. Ideally, the tunnels would be, too, in order to protect any customers that get stuck in a tunnel on a broken-down service. TfL also needs to find a way to bring temperatures under control if it wants to increase services. More trains means more heat going into the system—so it’s important to find a way to pull more heat out, too.

Overall, the problem is still a long way from being solved. The fact is that the London Underground has 11 lines, 272 stations, and more than 4,000 trains. Upgrading all of those at once simply isn’t economically viable. Instead, it appears that Transport for London will keep chipping away at the issue, bit by bit, over the years to come. Ideally, this will outpace any increases in average temperatures brought on by our seemingly-ever-hotter climate. For now, London’s commuters will continue their daily descent into one of the world’s most interesting thermal management case studies. Just remember to bring a bottle of water and some breathable clothing– you’re going to need it.

hackaday.com/2024/12/04/the-lo…

Il noto gruppo di entusiasti cracker Massgrave ha riferito di essere riuscito a violare “quasi tutta la protezione delle licenze dei software Windows/Office”. Questa svolta consente presumibilmente di attivare “praticamente qualsiasi versione di Windows e Office” per sempre.

Come sai, l’installazione di Windows e Office richiede l’attivazione e per questo processo esistono da tempo varie soluzioni alternative e hack. Un’opzione popolare richiede solo una riga di istruzioni tramite PowerShell e consente di attivare Windows 8 e Office.

Ora i membri del gruppo Massgrave hanno riferito di aver trovato un modo per estendere questo metodo di attivazione ad altre versioni dei prodotti Microsoft.

Secondo loro, il nuovo metodo funziona su qualsiasi versione client o server di Windows e include aggiornamenti di sicurezza estesi (ESU) e chiavi di licenza per volume specifiche del client Microsoft (CSVLK).

“Grazie al nuovo metodo, possiamo attivare in modo permanente quasi tutte le versioni di Windows e Office, da Vista fino agli ultimi Windows 11 e Server 2025, inclusi CSVLK ed ESU”, scrivono gli sviluppatori e affermano che questa è la più grande innovazione in Windows e Office. La pirateria in ufficio negli ultimi anni.

Se prima era impossibile attivare in modo permanente tutti i prodotti, ora tale attivazione diventerà possibile, ad esempio, per Microsoft Office, Windows 7, Windows 8 e 8.1, Windows Server (qualsiasi versione più recente). È stato inoltre riferito che il crack sarà in grado di fornire supporto esteso (Aggiornamenti di sicurezza estesi, ESU) per Windows 10 non appena sarà attivo nell’ottobre 2025.

Massgrave scrive che il crack sarà disponibile nei prossimi mesi, ma è ancora in fase di sviluppo.

Tieni presente che gli strumenti di Massgrave sono posizionati come open sourcee che i file di progetto Microsoft Activation Scripts (MAS) sono disponibili da un po’ di tempo su GitHub, di proprietà di Microsoft. Tuttavia, l’azienda non intraprende alcuna azione contro i cracker.

Inoltre, l’anno scorso si è appreso che anche anche gli ingegneri del supporto Microsoft a volte ricorrono alle soluzioni Massgrave.

L'articolo Addio Licenze Office! Massgrave ha trovato il modo per una “Attivazione Eterna” proviene da il blog della sicurezza informatica.

For most people, a battery pack that’s misbehaving simply means it’s time to get a new battery. But when the battery in their ThinkPad wasn’t able to muster up more than 20 minutes of runtime, [Shrinath Nimare] saw an opportunity to dig deeper and do a bit of investigating.

The problem seemed to be that the battery pack was reporting that it was 100% charged at just 11.7 V instead of the correct 12.3 V. As it turns out, that 11.7 V figure is only slightly above what the battery should be when its run flat — so in reality, the battery was never actually getting a charge and would report that it was dead after just a few minutes of use. But why?

With a logic analyzer attached to the pins of the battery, [Shrinath] set out to sniff its communications with the ThinkPad. Even if it wouldn’t lead to fixing the battery pack, the information obtained would potentially be useful for other projects, such as creating a custom high-capacity LiFePO4 pack down the line.

With the pack opened, [Shrinath] determined that a 51F51 BMS IC was running the show. The battery communicates with the host computer over SMBus, which is very similar to I2C. In fact, they’re so similar that [Shrinath] was able to use the I2C decoder in sigrok to break out the read and write commands and compare them to a PDF of the Smart Battery Data Specification.
Using the I2C decoder to read SMBus messages.
With a few captures in hand, [Shrinath] made some good progress in decoding what the two devices are saying to each other. For example, when the computer sent the command 0x15, the battery correctly responded with the desired charge voltage of 12.3 V. The command 0x18 was then given, which the specification says should cause the battery to report its capacity. Here again, valid data was returned, confirming that [Shrinath] was on the right path.

Even though it’s still early in the investigation, [Shrinath] had enough trouble finding practical examples of sniffing SMBus data that they thought it would be worth uploading their captures and notes to Hackaday.io. Hopefully further poking will show if the battery can be revived, but even if not, we’re always glad to see when hackers are willing to document their exploits for the benefit of the community.

This actually isn’t the first time we’ve heard of somebody snooping on their ThinkPad battery — back in 2020, we covered [Alexander Parent]’s efforts to create an open source battery pack for the T420 based on the ATtiny85.

hackaday.com/2024/12/04/sniffi…

L’universo delle minacce informatiche evolve senza sosta, e gli attaccanti continuano a spingersi oltre i limiti per superare le difese di sicurezza. Una recente campagna di phishing ha messo in luce un metodo particolarmente insidioso: l’uso di file ZIP e documenti Microsoft Office intenzionalmente corrotti. Questa tecnica non solo aggira i tradizionali strumenti di sicurezza, ma lo fa in modo quasi invisibile, rendendo ancora più difficile individuare e bloccare l’attacco prima che sia troppo tardi.

In un’epoca in cui la digitalizzazione è il cuore pulsante delle attività aziendali, è cruciale capire la portata di questa minaccia, le sue implicazioni e, soprattutto, come difendersi.

Come Funziona l’Attacco: Un Approccio Subdolo

Gli attaccanti, sempre più creativi, inviano email accuratamente confezionate con allegati apparentemente legittimi, come file ZIP o documenti Office. Tuttavia, c’è un dettaglio che sfugge a un occhio distratto: questi file sono stati deliberatamente danneggiati. La corruzione dei file è studiata per sfruttare una debolezza nei sistemi di scansione automatica degli antivirus e dei filtri antispam.

Quando un utente riceve e tenta di aprire questi file, entra in gioco un meccanismo astuto. Strumenti comuni come Microsoft Word, Outlook o software di decompressione come WinRAR dispongono di funzioni integrate per il recupero di file danneggiati. Questi programmi cercano di “riparare” i file corrotti, permettendo loro di aprirsi nonostante i danni intenzionali. Questo processo, però, offre agli attaccanti l’opportunità di eseguire codice malevolo, spesso senza alcun segnale d’allarme per l’utente.

Un’Evoluzione nel Cybercrimine

Questo tipo di attacco rappresenta un’evoluzione rispetto alle tecniche di phishing tradizionali. In passato, i documenti Office contenenti macro erano il vettore preferito per veicolare malware. Le macro, piccole sequenze di comandi automatizzati, venivano attivate manualmente dalle vittime, spesso ingannate da messaggi che richiedevano di “abilitare i contenuti” per visualizzare correttamente il documento.

La nuova tecnica elimina questa dipendenza dall’interazione umana, sfruttando la capacità dei software di riparare automaticamente i file corrotti. È un approccio più subdolo, che punta direttamente ai limiti delle difese tecnologiche piuttosto che alla disattenzione degli utenti.

L’Analisi con ANY.RUN: Un Caso Pratico

Un esempio concreto di questa minaccia è stato analizzato tramite la piattaforma ANY.RUN, un ambiente di sandboxing interattivo che consente di studiare in tempo reale il comportamento dei file sospetti.

Nel caso specifico, un file EML, comunemente utilizzato per trasmettere email sospette, è stato esaminato per identificare eventuali comportamenti malevoli. Gli allegati o i link contenuti nel file miravano a indurre l’utente a interagire con contenuti dannosi. La piattaforma ha permesso di osservare il comportamento del malware in un ambiente controllato, rilevando processi attivati, modifiche al file system e comunicazioni di rete.

Questo tipo di analisi è fondamentale per comprendere meglio le minacce emergenti e sviluppare difese adeguate. Le aziende che utilizzano strumenti come ANY.RUN possono rilevare e reagire rapidamente a potenziali attacchi, migliorando significativamente la loro postura di sicurezza.

Perché le Aziende Sono a Rischio

Le implicazioni per le aziende sono significative e vanno ben oltre la compromissione dei singoli dispositivi. Un attacco riuscito può avere conseguenze devastanti:

• Furto di Informazioni Sensibili: Gli attaccanti possono sottrarre dati aziendali riservati, come progetti strategici, informazioni sui clienti o proprietà intellettuale.
• Interruzione delle Operazioni: Malware come il ransomware possono paralizzare le infrastrutture aziendali, bloccando l’accesso ai dati e causando costose interruzioni delle attività.
• Perdite Economiche Dirette e Indirette: Tra i costi di recupero, il riscatto richiesto dai criminali e il danno reputazionale, le perdite possono essere enormi.
• Danno Reputazionale: La pubblicità negativa che segue una violazione può minare la fiducia dei clienti e danneggiare i rapporti con i partner commerciali.

Strategie di Difesa: La Prevenzione è la Chiave

La lotta contro questa nuova minaccia richiede un approccio proattivo. Ecco alcune misure chiave che le aziende possono adottare per proteggersi:

1. Educazione e Consapevolezza
   La formazione dei dipendenti è il primo passo. È fondamentale che ogni membro del team sappia riconoscere email sospette, evitando di aprire allegati o cliccare su link non verificati. Corsi di aggiornamento periodici e simulazioni di phishing possono essere strumenti preziosi.
2. Aggiornamento Costante dei Software
   Molti attacchi sfruttano vulnerabilità nei programmi non aggiornati. Assicurarsi che tutti i software, dalle suite Office agli strumenti di decompressione, siano sempre all’ultima versione è una pratica imprescindibile.
3. Tecnologie di Sicurezza Avanzata
   Investire in soluzioni di sicurezza moderne, come strumenti di analisi comportamentale e sistemi di rilevamento delle anomalie, può fare la differenza. Questi strumenti possono identificare e bloccare attività sospette anche quando i file corrotti sfuggono agli antivirus tradizionali.
4. Controllo Rigoroso degli Accessi
   Politiche di accesso limitato, che restringano l’uso di macro e l’apertura di file provenienti da fonti esterne, riducono significativamente la superficie di attacco.
5. Esercitazioni Periodiche di Sicurezza
   Simulare attacchi reali consente alle aziende di valutare l’efficacia delle loro difese e di migliorare i protocolli esistenti.

Conclusione

La tecnica di attacco che sfrutta file ZIP e documenti Office corrotti evidenzia l’evoluzione continua del panorama delle minacce informatiche. Questa sfida richiede alle aziende un cambiamento di paradigma: non basta più reagire alle minacce, bisogna anticiparle.

Le aziende che investono in formazione, aggiornamento tecnologico e strategie di sicurezza multilivello sono quelle meglio equipaggiate per affrontare questa nuova era del cybercrimine. In un mondo sempre più connesso, la sicurezza informatica non è un costo, ma una priorità strategica.

L'articolo File ZIP e Documenti Office Corrotti: La Nuova Frontiera del Phishing che Minaccia le Aziende proviene da il blog della sicurezza informatica.

All statistics in this report come from Kaspersky Security Network (KSN), a global cloud service that receives information from components in our security solutions voluntarily provided by Kaspersky users. Millions of Kaspersky users around the globe assist us in collecting information about malicious activity. The statistics in this report cover the period from November 2023 through October 2024. The report doesn’t cover mobile statistics, which we will share in our annual mobile malware report.

The year in figures

During the reporting period, Kaspersky solutions:

• Stopped 302,287,115 malware attacks launched from online resources across the globe.
• Detected 85,013,784 unique malicious URLs.
• Blocked 72,194,144 unique malicious objects with the help of Web Anti-Virus components.
• Prevented ransomware attacks on the computers of 303,298 unique users.
• Stopped miners from infecting 999,794 unique users.
• Prevented the launch of banking, ATM or PoS malware on the devices of 208,323 users.

Fill the form below to download the “Kaspersky Security Bulletin 2024. Statistics” full report (English, PDF)
(function(w,d,u){var s=d.createElement('script');s.async=true;s.src=u+'?'+(Date.now()/180000|0);var h=d.getElementsByTagName('script')[0];h.parentNode.insertBefore(s,h);})(window,document,'https://cdn.bitrix24.eu/b30707545/crm/form/loader_1126.js');

initBxFormValidator({ formId: "inline/1126/4te5h3", emailFieldName: 'CONTACT_EMAIL', naturalFieldNames: [ 'CONTACT_UF_CRM_NODES' ], lengthRestrictedFieldNames: { CONTACT_EMAIL: 250, CONTACT_POST: 128, CONTACT_NAME: 50, CONTACT_UF_CRM_COMPANY: 255, CONTACT_UF_CRM_COMPANY_TAX_ID: 50, CONTACT_UF_CRM_PRODUCT_INTEREST: 255, CONTACT_UF_CRM_FORM_QUESTION_2: 255, CONTACT_UF_CRM_FORM_QUESTION_3: 255, CONTACT_UF_CRM_FORM_QUESTION_5: 255 }, redirectUrl: 'https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/12/03153220/KSB-statistics-of-the-year-EN-final.pdf' })

securelist.com/ksb-2024-statis…

Un nuovo studio ha scoperto che le persone non riescono a distinguere tra le poesie scritte da poeti famosi e quelle create dall’intelligenza artificiale che ne imita lo stile. Inoltre, le persone spesso preferiscono la poesia dell’intelligenza artificiale rispetto al lavoro di veri poeti.

L’articolo suggerisce che i lettori potrebbero confondere la complessità della poesia scritta dall’uomo con la confusione che potrebbe essere creata da un’intelligenza artificiale. Allo stesso tempo, i testi dell’intelligenza artificiale sembrano più comprensibili e “umanizzati”.

Lo studio ha utilizzato la poesia di dieci poeti le cui opere abbracciano quasi 700 anni di letteratura in lingua inglese. L’elenco comprende Geoffrey Chaucer, William Shakespeare, Samuel Butler, Lord Byron, Walt Whitman, Emily Dickinson, Thomas Eliot, Allen Ginsberg, Sylvia Plath e l’unica poetessa moderna, Dorothy Lasky.

Per ogni poeta sono state selezionate 5 poesie. I ricercatori hanno quindi utilizzato ChatGPT 3.5 per generare 5 poesie nello stile di ciascun autore. I risultati della generazione sono stati presi senza modifiche: sono stati utilizzati i primi 5 testi ricevuti.

Il primo esperimento ha coinvolto 1634 persone. Sono stati assegnati in modo casuale a gruppi e è stato loro chiesto di leggere 10 poesie, tra cui poesie miste di AI e opere vere e proprie (5 pezzi ciascuna). I partecipanti dovevano indovinare se ogni poesia era stata scritta da un essere umano o da un’intelligenza artificiale. I risultati hanno mostrato che le persone avevano maggiori probabilità di sbagliarsi e di pensare che le poesie dell’intelligenza artificiale fossero state create dagli esseri umani. Allo stesso tempo, spesso consideravano le vere poesie di poeti famosi come opera dell’IA.

Nel secondo esperimento, quasi 700 persone hanno valutato le poesie in base a 14 criteri, tra cui qualità, bellezza, emozione, ritmo e originalità. I partecipanti sono stati divisi in 3 gruppi: al primo è stato detto che tutte le poesie sono state scritte da persone, al secondo è stato detto che sono state create dall’intelligenza artificiale e al terzo non è stata fornita alcuna informazione sull’autore. È interessante notare che i partecipanti che non sapevano chi avesse scritto le poesie hanno valutato i lavori dell’intelligenza artificiale più in alto rispetto alle poesie di autori reali. E se sapevano che le poesie erano state create dall’intelligenza artificiale, davano voti più bassi.

I ricercatori hanno concluso che i partecipanti all’esperimento hanno utilizzato metodi simili ma errati per distinguere i versi. Le poesie semplici dell’IA erano più facili e comprensibili per i partecipanti, quindi erano percepite come di qualità superiore. Allo stesso tempo, le complesse poesie dei veri poeti spesso sembravano confuse e “robotiche”.

Contrariamente alle ricerche precedenti, le persone non possono più distinguere in modo affidabile la poesia scritta da poeti famosi dalla poesia creata dall’intelligenza artificiale. Secondo gli scienziati, il fenomeno per cui le opere di intelligenza artificiale vengono percepite come più “umane” delle opere reali dimostra un nuovo livello di sviluppo delle tecnologie generative.

L'articolo IA vs Shakespeare: l’AI vince il Premio del Sonetto Più Emozionante! proviene da il blog della sicurezza informatica.