You never know when inspiration is going to strike, and for [Ekaggrat Singh Kalsi], it struck while he was playing with one of his daughter’s hair ties. The result is a clock called “Bezicron” and it’s a fascinating study in mechanical ingenuity.

The hair ties in question are simple objects, just a loose polymer coil spring formed into a loop that can be wrapped around ponytails and the like. In Bezicron, though, each digit is formed by one of these loops fixed to the ends of five pairs of arms. Each pair moves horizontally thanks to a cam rotating between them, changing the spacing between them and moving the hair tie. This forms each loop into an approximation of each numeral, some a little more ragged than others but all quite readable. The cams move thanks to a geared stepper motor on the rightmost digit of the hours and minutes section of the clock, with a gear train carrying over to the left digit. In between is the colon, also made from springy things pulsing back and forth to indicate seconds. The video below shows the clock going through its serpentine motions.

For our money, the best part of this build is the cams. Coming up with the proper shape for those had to be incredibly tedious, although we suspect 3D printing and rapid iterative design were a big help here. Practice with cam design from his earlier Eptaora clock probably helped too.

youtube.com/embed/_p6RKjwEwpk?…

Thanks to [Hari Wiguna] for the tip.

hackaday.com/2025/01/10/spring…

Google ha recentemente annunciato che a partire dal 16 febbraio 2025, le aziende che utilizzano i prodotti pubblicitari dell’azienda potranno utilizzare il rilevamento delle impronte digitali. Questa tecnologia consente di identificare il dispositivo dell’utente in base a dati software e hardware. L’autorità di regolamentazione britannica ICO ha espresso preoccupazione per questa decisione, poiché ritiene che il rilevamento delle impronte digitali limiti il ​​diritto alla privacy degli utenti.

Il rilevamento delle impronte digitali può sostituire la funzionalità dei cookie di terze parti utilizzati per tracciare le attività online degli utenti. Tuttavia, l’ICO sottolinea che ciò impedisce alle persone di scegliere come raccogliere e utilizzare i propri dati. Nel 2019, Google ha sostenuto che il rilevamento delle impronte digitali viola i diritti di scelta e di trasparenza. Ora la società ha cambiato posizione.

L’ICO ha pubblicato una bozza di linee guida sull’uso delle impronte digitali ai sensi della legislazione sulla protezione dei dati. Queste linee guida delineano requisiti come garantire la trasparenza, ottenere il consenso volontario, garantire un trattamento corretto dei dati e dare agli utenti il ​​controllo sui propri dati. Si prevede che una consultazione sulla bozza si aprirà il 20 dicembre in modo che le aziende possano fornire i loro commenti. Secondo l’ICO, soddisfare questi requisiti non sarà facile.

Le impronte digitali sono più difficili da controllare rispetto ai cookie. Anche se un utente cancella i dati del browser, il dispositivo potrebbe essere riconosciuto nuovamente, indebolendo le protezioni della privacy, anche per coloro che cercano attivamente di evitare il tracciamento.

L’ICO continua a collaborare con Google e si prepara a svelare la sua strategia per la protezione dei dati degli utenti all’inizio del prossimo anno. L’obiettivo è restituire alle persone il controllo su come le loro informazioni vengono utilizzate per la pubblicità personalizzata.

L'articolo Tracciamento Invisibile: La Nuova Mossa di Google Che Minaccia la Tua Privacy proviene da il blog della sicurezza informatica.

For one-off projects, adding a few integrated circuits to a PCB is not too big of a deal. The price of transistors is extremely low thanks to Moore and his laws, so we’re fairly free to throw chips around like peanuts. But for extremely space-constrained projects, huge production runs, or for engineering challenges, every bit of PCB real estate counts. [g3gg0] falls into the latter group, and this project aims to remove the dedicated USB-PD module from a lighting project and instead bit-bang the protocol with the ESP32 already on the board.

The modern USB power delivery (PD) protocol isn’t quite as simple as older USB ports that simply present a 5V source to whatever plugs itself into the port. But with the added complexity we get a lot more capability including different voltages and greater power handling capabilities. The first step with the PD protocol is to communicate with a power source, which requires a 1.2V 600kHz signal. Just generating the signal is challenging enough, but the data encoding for USB requires level changes to encode bits rather than voltage levels directly. With that handled, the program can then move on to encoding packets and sending them out over the bus.

After everything is said and done, [g3gg0] has a piece of software that lets the ESP32 request voltages from a power supply, sniff and log PD communication, and inject commands with vendor defined messages (VDM), all without needing to use something like a CH224K chip which would normally offload the USB-PD tasks. For anyone looking to save PCB space for whatever reason, this could be a valuable starting point. To see some more capabilities of the protocol, check out this USB-PD power supply that can deliver 2 kW.

hackaday.com/2025/01/10/bit-ba…

In the world of creation, few stories inspire as much as [Mrblindguardian], a 33-year-old who has been blind since the age of two, but refuses to let that hold him back. Using OpenSCAD and a 3D printer, [Mrblindguardian] designs and prints models independently, relying on speech software and touch to bring his ideas to life. His story, published on his website Accessible3D.io, is a call to action for makers to embrace accessibility in their designs and tools.

[Mrblindguardian]’s approach to 3D printing with OpenSCAD is fascinating. Without visual cues, he can still code every detail of his designs, like a tactile emergency plan for his workplace. The challenges are there: navigating software as a blind user, mastering 3D printers, and building from scratch. His tip: start small. Taking on a very simple project allows you to get accustomed to the software while avoiding pressure and frustation.

His successes highlight how persistence, community support, and creativity can break barriers. His journey mirrors efforts by others, like 3D printed braille maps or accessible prosthetics, each turning daily limitations into ingenious innovations. [Mrblindguardian] seems to be out to empower others, so bookmark his page for that what’s yet to come.

Accessible tech isn’t just about empowering. Share your thoughts in the comments if you have similar experiences – or good solutions to limitations like these! As [Mrblindguardian] says on his blog: “take the leap. Let’s turn the impossible into the tangible—one layer at a time”.

I am fully blind, and this is how I 3d design and print independantly
byu/Mrblindguardian inprusa3d

hackaday.com/2025/01/10/life-w…

Dear Friend of Press Freedom,

If you enjoy reading this newsletter, please support our work. Our impact in 2024 was made possible by supporters like you. If someone has forwarded you this newsletter, please subscribe here.

Covering the prison system

With all the talk about threats to U.S. journalists over the next four years, it’s easy to forget that nearly two million Americans are already living in a system rife with censorship, secrecy, and retaliation.

Despite its size and scope, the incarceration system is in many ways invisible. Its facilities operate outside the public eye and with less oversight than other governmental entities. And information about carceral institutions is closely guarded by corrections agencies that have a range of ways to restrict public access and block reporting efforts.

We published a two-part guide by journalist Daniel Moritz-Rabson on ways to navigate the challenges journalists face in covering incarceration facilities and incarcerated people. While the obstacles are daunting, we hope the guide serves as a reminder that facing these challenges is worthwhile.

TikTok isn’t the radio

In addition to making baseless national security arguments, people from opinion columnists to appellate judges have argued that banning TikTok is somehow consistent with existing governmental authority to regulate certain broadcasters.

Before today’s Supreme Court argument, Freedom of the Press Foundation (FPF) Senior Advisor Caitlin Vogus explained why they're wrong, both as a legal matter and a policy one, in Tech Policy Press.

“TikTok isn’t a radio station. If the Supreme Court treats it like one, it will open the floodgates to government control of other social media apps and the internet as a whole,” she wrote. Read the op-ed here.

Archivist can still fight secrecy

President-elect Donald Trump said this week he will replace the archivist of the United States, Colleen Shogan. Threatening to fire Shogan over the National Archives and Records Administration’s work (under a predecessor) to recover the records Trump wrongly took to Mar-a-Lago raises genuine concerns about retaliation and future compliance with the Presidential Records Act.

But the threat could have a silver lining if it prompts Shogan to spend her remaining time in the post being candid with the public about what NARA needs to survive. This will help supporters more effectively advocate for NARA during the next Congress. If NARA is undermined or neglected, expect even more overclassification from the federal government.

Read more about how Shogan can fight secrecy in The Classifieds, our new project dedicated to reforming overclassification and government secrecy.

What we’re reading

U.S. Press Freedom Tracker’s Stephanie Sugars on protests, police and the press (First Amendment Watch). Check out this interview with our U.S. Press Freedom Tracker Senior Reporter Stephanie Sugars about the Tracker’s annual arrest report and threats journalists — particularly those covering protests relating to the Israel-Gaza war — faced in 2024.

GOP senator reveals one condition that will get Tulsi Gabbard confirmed (Daily Beast). There are some legitimate reasons why Tulsi Gabbard is a controversial nominee for director of national intelligence. But her support for reforming surveillance programs used to spy on Americans shouldn’t be one of them. Unfortunately, it didn’t take long for Gabbard to change her stance.

Over and out? Emergency medical crews denied NYPD radios in move that unions say endangers the public (amNY). Who could’ve guessed that encrypting NYPD radio wouldn’t go well? To be fair, we didn’t see the first responders part coming.

Meta to end fact-checking program in shift ahead of Trump term (The New York Times). More free expression and more news on social media is, of course, a good thing. But based on Meta’s track record and the kind of speech it appears to be prioritizing, this looks like a political move, not a principled one.

Why I’m quitting the Washington Post (Ann Telnaes, Substack). The editorial cartoonist explained why she left the paper after 15 years when one of her cartoons was killed: “We’re talking about news organizations that have public obligations and who are obliged to nurture a free press in a democracy. Owners of such press organizations are responsible for safeguarding that free press.”

Ohio puts police bodycam footage behind a paywall (The Intercept). Some better ways to reduce costs of producing police footage: Put video online proactively, hold police accountable for misconduct before the press starts probing, or maybe even hire better cops.

Check out our other newsletters

If you haven’t yet, subscribe to FPF’s other newsletters, including The Classifieds, our new newsletter on overclassification and more from Lauren Harper, our Daniel Ellsberg Chair on Government Secrecy.

freedom.press/issues/why-cover…

Ciao a tutti, eccovi un assaggio di quello che faccio (la parte triste). Poi viaggio, che è la parte allegra.

2 facce della stessa medaglia, due biscotti di un unico Ringo, lo Yin e lo Yang, le orecchiette e le cime di rapa.

Qui vi racconto il mio viaggio in India di tanti anni fa, ma dal punto di vista della mia situazione clinica che proprio in quel momento inziava a complicarsi.

Il post sul #blog è la trascrizione della puntata n. 10 del #Podcast Grido Muto - La Mia Vita con l'Artrite (link nel blog), da cui, spero, trarrete ispirazione.

La mia vita è difficile, ma io non mi fermo. Anche perché la riempio di cose belle...che poi condivido con chi ha voglia di guardarle, e mi da una gioia immensa! Un saluto a tutt*

noblogo.org/grido-muto-podcast…

Cosa succede se il dolore non può passare mai più?

i un malato invisibile ruota attorno al dolore, e ogni giorno si devono fare scelte difficili per affrontarlo" Se preferisci ascoltare questo episodio (il n.

^{GRIDO muto (podcast)}

As the holiday party season fades away into memory and we get into the swing of the new year, Elliot Williams is joined on the Hackaday Podcast by Jenny List for a roundup of what’s cool in the world of Hackaday. In the news this week, who read the small print and noticed that Benchy has a non-commercial licence? As the takedown notices for Benchy derivatives fly around, we muse about the different interpretations of open source, and remind listeners to pay attention when they choose how to release their work.

The week gave us enough hacks to get our teeth into, with Elliot descending into the rabbit hole of switch debouncing, and Jenny waxing lyrical over a crystal oscillator. Adding self-driving capability to a 30-year-old Volvo caught our attention too, as did the intriguing Cheap Yellow Display, an ESP32 module that has (almost) everything. Meanwhile in the quick hacks, a chess engine written for a processor architecture implemented entirely in regular expressions impressed us a lot, as did the feat of sending TOSLINK across London over commercial fibre networks. Enjoy the episode, and see you again next week!

[Editor’s Note: Libsyn, our podcasting syndicator, is bugging out. I’ll keep trying, but until they get their service back into gear, I’ve uploaded the podcast here, and as always you can just download the podcast for yourself. Sorry for the inconvenience, and enjoy!]
hackaday.com/wp-content/upload…

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

• iTunes
• Spotify
• Stitcher
• RSS
• YouTube
• Check out our Libsyn landing page

Episode 298 Show Notes:

News:

• 3DBenchy Starts Enforcing Its No Derivatives License
• 2025 Hackaday Europe CFP: We Want You!

What’s that Sound?

• Think you know what this week’s nature sound is? Fill out this form with your best guess!

Interesting Hacks of the Week:

• Self Driving Like It’s 1993
• Is A Cheap Frequency Standard Worth It?
• Button Debouncing With Smart Interrupts
• More Things To Do With Your Cheap Yellow Display
• All-Band Receiver Lets You Listen To All The Radio At Once
• Pi Pico Makes SSTV Reception A Snap

Quick Hacks:

• Elliot’s Picks:
  
  • Regular (Expression) Chess
  • Try A PWMPot
  • Gaze Upon This Omni-directional Treadmill’s Clever LEGO Construction

  
  

• Jenny’s Picks:
  
  • A New Life For A Conference Badge, Weighing Bees
  • 38C3: It’s TOSLINK, Over Long Distance Fibre
  • A Street For Every Date

  
  

Can’t-Miss Articles:

• Running AI Locally Without Spending All Day On Setup
• One Small Step: All About Stepper Motors

hackaday.com/2025/01/10/hackad…

One of the problems facing any developer working on their own operating system is that of hardware support. With many thousands of peripherals and components that can be found in a modern computer, keeping up requires either the commercial resources of Microsoft or the huge community of Linux.

For a small project such as SerenityOS this becomes a difficult task, and for that reason the primary way to run that OS has always been in an emulator. [Sdomi] however has other ideas, and has put a lot of effort to getting the OS to run on some real hardware. The path to that final picture of a laptop with a SerenityOS desktop is long, but it makes for a fascinating read.

The hardware in question is an Intel powered Dell Chromebook. An odd choice you might think, but they’re cheap and readily available, and they have some useful debugging abilities built in. We’re treated to an exploration of the hardware and finding those debug ports, and since the USB debugging doesn’t work, a Pi Pico clone is squeezed into the case. We like that it’s wired up to the flash chip as well as serial.

Getting access to the serial port from the software turned out to be something of a pain, because the emulated UART wasn’t on the port you’d expect. Though it’s an Intel machine it’s not a PC clone, so it has no need. Some epic hackery involving rerouting serial to the PC debug port ensued, enabling work to start on an MMC driver for the platform. The eventual result is a very exclusive laptop, maybe the only one running SerenityOS on hardware.

We like this OS, and we hope this work will lead to it becoming usable on more platforms. We took a look at it back in 2023, and it’s good to hear that it’s moving forward.

hackaday.com/2025/01/10/sereni…

Gli esperti della Shadowserver Foundation e dei WatchTowr Labs hanno registrato e preso il controllo di molti domini scaduti. Questi domini sono stati utilizzati per controllare più di 4.000 backdoor abbandonate ma ancora attive, e ora la loro infrastruttura di controllo è stata compromessa.

I ricercatori affermano che una parte dei malware (web shell) venivano distribuiti sui server di governi e istituti scolastici ed erano pronti a eseguire comandi di chiunque prendesse il controllo dei domini desiderati. Gli esperti hanno tuttavia impedito che i domini e i sistemi delle vittime cadessero nelle mani degli aggressori.

Gli analisti di WatchTowr hanno iniziato a cercare tali domini associati a varie web shell e li hanno acquistati tutti in quanto la loro registrazione era già scaduta, assumendo sostanzialmente il controllo delle backdoor. Di conseguenza, il malware abbandonato ma ancora attivo ha iniziato a inviare richieste che hanno consentito agli esperti di identificare almeno alcune vittime.

Pertanto, registrando più di 40 domini, i ricercatori hanno ricevuto dati da più di 4.000 sistemi hackerati che hanno tentato di contattare i loro server di controllo. Tra le tante macchine hackerate ci sono i sistemi dell’infrastruttura governativa cinese (compresi i tribunali), un sistema giudiziario governativo nigeriano compromesso e i sistemi della rete governativa del Bangladesh. Dispositivi infetti sono stati identificati anche in istituti scolastici in Tailandia, Cina e Corea del Sud.

Di conseguenza, sono stati trovati diversi tipi di backdoor, tra cui la classica r57shell, la più avanzata c99shell, che offre funzionalità di gestione dei file e forza bruta, e la web shell China Chopper, che è spesso associata a vari gruppi APT.

Il rapporto menziona anche una backdoor probabilmente collegata al gruppo di hacker Lazarus. Anche se è stato chiarito che molto probabilmente si tratta del riutilizzo dello strumento da parte di altri criminali.

Gli specialisti di WatchTowr hanno trasferito la gestione dei domini catturati alla Shadowserver Foundation per eliminare la possibilità di un loro sequestro in futuro. Shadowserver attualmente blocca tutto il traffico inviato dai sistemi compromessi a questi domini.

L'articolo 4.000 Backdoor Hackerate: La Manovra Geniale per Bloccare i Malware Abbandonati proviene da il blog della sicurezza informatica.

In un recente post su un forum dell’underground è stata rivendicata una grave violazione dei dati che coinvolge Nike Inc. Un utente noto come Sorb, ha pubblicizzato un database CRM compromesso appartenente al gigante dell’abbigliamento sportivo.

Questo database, compilato utilizzando un bot chiamato esnkrs.com, contiene oltre 42 milioni di record di log.

Attualmente, non possiamo confermare l’autenticità della notizia, poiché l’organizzazione non ha ancora pubblicato un comunicato ufficiale sul proprio sito web in merito all’incidente. Le informazioni riportate provengono da fonti pubbliche accessibili su siti underground, pertanto vanno interpretate come una fonte di intelligence e non come una conferma definitiva.

Il database compromesso copre un periodo che va dal 2020 al 2024 e include informazioni sensibili come ID Discord, email, indirizzi fisici e IP, taglie di scarpe, nomi dei prodotti, link e timestamp. Sorb ha messo in vendita questi dati per 1300 dollari, fornendo campioni in formati JSON e CSV. Il post evidenzia che il database è ancora accessibile a causa dell’incapacità degli sviluppatori di individuare l’amministratore finale del server.

La violazione colpisce in particolare il settore retail, con un focus specifico sul settore dell’abbigliamento sportivo. Le informazioni sensibili esposte potrebbero portare a gravi conseguenze per gli utenti coinvolti, inclusi rischi di furto d’identità e altre forme di abuso dei dati. Da una prima analisi dei dati effettuata da Darklab la struttura dei dati e la consistenza sembrerebbe essere autentica.

La violazione dei dati di Nike evidenzia l’importanza di implementare misure di sicurezza robuste e di monitorare costantemente i sistemi per prevenire accessi non autorizzati. Le aziende devono essere pronte a rispondere rapidamente in caso di violazione per proteggere i dati dei loro utenti e mantenere la fiducia dei clienti

Come nostra consuetudine, lasciamo sempre spazio ad una dichiarazione da parte dell’azienda qualora voglia darci degli aggiornamenti sulla vicenda. Saremo lieti di pubblicare tali informazioni con uno specifico articolo dando risalto alla questione.

RHC monitorerà l’evoluzione della vicenda in modo da pubblicare ulteriori news sul blog, qualora ci fossero novità sostanziali. Qualora ci siano persone informate sui fatti che volessero fornire informazioni in modo anonimo possono utilizzare la mail crittografata del whistleblower.

L'articolo Il CRM della NIKE è stato violato? Un Threat Actors mette in vendita i dati proviene da il blog della sicurezza informatica.

The mad lads at watchTowr are back with their unique blend of zany humor and impressive security research. And this time, it’s the curious case of backdoors within popular backdoors, and the list of unclaimed domains that malicious software would just love to contact.

OK, that needs some explanation. We’re mainly talking about web shells here. Those are the bits of code that get uploaded to a web server, that provide remote access to the computer. The typical example is a web application that allows unrestricted uploads. If an attacker can upload a PHP file to a folder where .php files are used to serve web pages, accessing that endpoint runs the arbitrary PHP code. Upload a web shell, and accessing that endpoint gives a command line interface into the machine.

The quirk here is that most attackers don’t write their own tools. And often times those tools have special, undocumented features, like loading a zero-size image from a .ru domain. The webshell developer couldn’t be bothered to actually do the legwork of breaking into servers, so instead added this little dial-home feature, to report on where to find all those newly backdoored machines. Yes, many of the popular backdoors are themselves backdoored.

This brings us to what watchTowr researchers discovered — many of those backdoor domains were either never registered, or the registration has been allowed to expire. So they did what any team of researchers would do: Buy up all the available backdoor domains, set up a logging server, and just see what happens. And what happened was thousands of compromised machines checking in at these old domains. Among the 4000+ unique systems, there were a total of 4 .gov. domains from governments in Bangladesh, Nigeria, and China. It’s an interesting romp through old backdoors, and a good look at the state of still-compromised machines.

The Cameras are Leaking

One of the fun things to do on the Internet is to pull up some of the online video feeds around the world. Want to see what Times Square looks like right now? There’s a website for that. Curious how much snow is in on the ground in Hokkaido? Easy to check. But it turns out that there are quite a few cameras on the Internet that probably shouldn’t be. In this case, the focus is on about 150 license plate readers around the United States that expose both the live video stream and the database of captured vehicle data to anyone on the Internet that knows where and how to look.

This discovery was spurred by [Matt Brown] purchasing one of these devices, finding how easy they were to access, and then checking a service like Shodan for matching 404 pages. This specific device was obviously intended to be located on a private network, protected by a firewall or VPN, and not exposed to the open Internet. This isn’t the first time we’ve covered this sort of situation, and suggests an extension to Murhpy’s Law. Maybe I’ll refer to it as Bennett’s law: If a device can be put on the public Internet, someone somewhere inevitably will do so.

youtube.com/embed/0dUnY1641WM?…

Some related research is available from RedHunt Labs, who did a recent Internet scan on port 80, and the results are a bit scary. 42,000,000 IP addresses, 1% of the IPv4 Internet, is listening on port 80. There are 2.1 million unique favicons, and 87% of those IPs actually resolve with HTTP connections and don’t automatically redirect to an HTTPS port. The single most common favicon is from a Hikvision IP Camera, with 674,901 IPs exposed.

The Big Extension Compromise

One of the relatively new ways to deploy malicious code is to compromise a browser plugin. Users of the Cyberhaven browser plugin received a really nasty Christmas present, as a malicious update was pushed this Christmas. The Cyberhaven extension is intended to detect data and block ex-filtration attempts in the browser, and as such it has very wide permissions to read page content. The malicious addition looked for API keys in the browser session, and uploaded cookies for sites visited to the attacker. Interestingly the attack seemed to be targeted specifically at OpenAI credentials and tokens.

This started with an OAuth phishing attack, where an email claimed the extension was in danger of removal, just log in with your Chrome Developer account for details. The Cyberhaven clicked through the email, and accidentally gave attackers permission to push updates to the extension. This isn’t the only extension that was targetted, and there are other reports of similar phishing emails. This appears to be a broader attack, with the first observed instance being in May of 2024, and some of the affected extensions used similar techniques. So far just over 30 compromised extensions have been discovered to be compromised in this way.

And while we’re on the topic of browser extensions, [Wladimir Palant] discovered the i18n trick that sketchy browser extensions use to show up in searches like this one for Wireguard.

The trick here is internationalization, or i18n. Every extension has the option to translate its name and description into 50+ languages, and when anyone searches the extension store, the search term can match on any of those languages. So unscrupulous extension developers fill the less common languages with search terms like “wireguard”. Google has indicated to Ars Technica that it is aware of this problem, and plans to take action.

Safety Labels

The US has announced the U.S. Cyber Trust mark, a safety label that indicates that “connected devices are cybersecure”. Part of the label is a QR code, that can be scanned to find information about the support timeline of the product, as well as information on automatic updates. There are some elements of this program that is an obviously good idea, like doing away with well known default passwords. Time will tell if the Cyber Trust mark actually makes headway in making more secure devices, or if it will be just another bit of visual clutter on our device boxes? Time will tell.

Bits and Bytes

SecureLayer7 has published a great little tutorial on using metasploit to automatically deploy known exploits against discovered vulnerabilities. If Metasploit isn’t in your bag of tricks yet, maybe it’s time to grab a copy of Kali Linux and try it out.

Amazon, apparently, never learns, as Giraffe Security scores a hat trick. The vulnerability is Python pip’s “extra-index-url” option preferring to pull packages from PyPi rather than the specified URL. It’s the footgun that Amazon just can’t seem to avoid baking right into its documentation. Giraffe has found this issue twice before in Amazon’s documentation and package management, and in 2024 found it the third time for the hat trick.

It seems that there’s yet another way to fingerprint web browsers, in the form of dynamic CSS features. This is particularly interesting in the context of the TOR browser, that turns off JavaScript support in an effort to be fully anonymous.

And finally, there seems to be a serious new SonicWall vulnerability that has just been fixed. It’s an authentication bypass in the SSLVPN interface, and SonicWall sent out an email indicating that this issue is considered likely to be exploited in the wild.

hackaday.com/2025/01/10/this-w…

Marco Cappato, tesoriere di Associazione Luca Coscioni per la libertà di ricerca scientifica APS, partecipa come relatore all’iniziativa nell’ambito del ciclo di conferenze Scienza, tecnologia e diritto: what’s next? A cura diAmedeo Santosuosso, Beatrice Marone e Giulia Pinotti. Il titolo dell’iniziativa è Intelligenze artificiali e naturali nella società e nel diritto.

L’appuntamento è per mercoledì 15 gennaio alle ore 21, nell’aula Goldoniana del collegio Ghislieri, in Piazza Collegio Ghislieri, 5, a Pavia.

L'articolo “Scienza, tecnologia e diritto: Who’s next?” – Marco Cappato a Pavia proviene da Associazione Luca Coscioni.