The humble piezo disc buzzer is much more than something that makes tinny beeps in retro electronic equipment, it can also be used as a sensor. Tapping a piezo buzzer gives an interesting waveform, with a voltage spike followed by an envelope, and then a negative rebound voltage. It’s something [Igor Brichkov] is using, to make a simple but effective electronic drum.

First of all, the output of the buzzer must be tamed, which he does by giving it a little impedance to dissipate any voltage spikes. There follows some simple signal conditioning with passive components, to arrive at an envelope for the final drum sound. How to turn a voltage into a sound? Using a voltage controlled amplifier working on a noise source. The result is recognizably the drum sound, entirely in electronics.

In a world of digital music it’s easy to forget the simpler end of sound synthesis, using circuits rather than software. If you hanker for the Good Old Days, we have an entire series on logic noise, doing the job with 4000 series CMOS logic.

youtube.com/embed/R2vQ3F3-Kuk?…

hackaday.com/2025/01/15/piezo-…

E’ stato scoperto un istituto di formazione dove venivano addestrati truffatori e hacker criminali, i cui obiettivi erano le aziende russe. Lo ha annunciato Stanislav Kuznetsov, vicepresidente del consiglio di amministrazione di Sberbank, in un’intervista a RIA Novosti.

Secondo lui ci sono addirittura intere “università” pronte a preparare simili attentati. Sembrerebbe che siano riusciti a identificare una di queste piattaforme; operava in formato online e reclutava adepti tramite le darknet. Il programma di formazione comprendeva corsi, materiali di studio ed esami e la sua durata era di sette settimane.

Gli analisti bancari hanno stimato che circa 10mila persone hanno completato la formazione e altre 20mila non hanno superato la selezione. “Cioè, c’è anche una concorrenza”, ha osservato Kuznetsov, aggiungendo che la frode è diventata un settore separato dell’economia sommersa con molte specializzazioni.

Secondo Sberbank, nel 2024, i truffatori hanno rubato alle aziende russe dai 250 a 300 miliardi di rubli (circa 3 miliardi di euro).

Il Ministero degli Affari Interni aveva precedentemente riferito che una delle maggiori somme trasferite ai criminali nel 2024 ammontava a circa 180 milioni di rubli. Il dipartimento ha chiarito che il danno causato a ciascuna vittima individualmente non viene preso in considerazione dalle statistiche, quindi è difficile determinare l’importo maggiore per un caso specifico. Le vittime hanno trasferito denaro direttamente sui conti dei truffatori. Secondo il Ministero degli Interni della Federazione Russa, se prima i criminali si concentravano su chiamate di massa e furti di contanti, ora coordinano le azioni delle vittime, coinvolgendole nelle transazioni immobiliari, nonché nell’elaborazione di prestiti attraverso organizzazioni di microfinanza.

Sberbank prevede che nel 2025 i truffatori si concentreranno sul furto di conti presso i servizi statali, sulle false chiamate per conto dei dipartimenti governativi e tramite gli instant messenger fingendosi dirigenti. La banca rileva inoltre che gli schemi di base rimarranno invariati, ma aumenterà il rischio di un utilizzo attivo dell’intelligenza artificiale, il che renderà le falsificazioni più convincenti.

Il Ministero dello Sviluppo Digitale e Roskomnadzor hanno iniziato a discutere del possibile blocco delle chiamate vocali nei servizi di messaggistica istantanea a causa dell’aumento delle attività fraudolente. Secondo una fonte del settore delle telecomunicazioni, tale misura può essere attuata solo a livello di Roskomnadzor, gli operatori delle telecomunicazioni non possono influenzarlo.

L'articolo Cybercrime Academy: Come i Criminali informatici Si Addestrano Per Sferrare Colpi Micidiali proviene da il blog della sicurezza informatica.

A couple of years ago one of the Hackaday Prize finalists was a project to take highschoolers through building a direct conversion radio receiver for the 40 metre amateur band. It was originated by the SolderSmoke podcast, and we’re pleased to see that they’ve recently put up an overview video taking the viewer through the whole project in detail.

It’s a modular design, with all the constituent building blocks broken out into separate boards on which the circuitry is built Manhattan style. Direct conversion receivers are pretty simple, so that leaves us with only four modules for oscillator, bandpass filter, mixer, and audio amplifier. We particularly like that it’s permeability tuned using a brass screw and an inductor, to make up for the once-ubiquitous variable capacitors now being largely a thing of the past.

A point that resonated was that most radio amateurs never make something like this. Arguments can be made about off-the-shelf rigs and chequebook amateurs, but we’d like to suggest that everyone can benefit from a feel for analogue circuitry even if they rarely have a need for a little receiver like this one. We like this radio, and we hope you will too after seeing the video below the break.

Need reminding? See the Hackaday.io project page, and the Hackaday Prize finalists from that year.

youtube.com/embed/rLjxU2rMeXw?…

hackaday.com/2025/01/15/a-dire…

Raspberry Pi’s new microcontroller, the RP2350, has a small section of memory that is meant for storing secrets. It’s protected by anti-glitching and other countermeasures, and the Raspberries wanted to test it. So this summer, they gave them out, pre-programmed with a secret string, as part of the badge for DEFCON attendees. The results of the cracking efforts are in, and it’s fair to say that the hackers have won.

First place went to [Aedan Cullen], who also gave a great talk about how he did it at 38C3. One of the coolest features of the RP2350, from a hacker perspective, is that it has dual ARM and dual RISC-V cores onboard, and they can be swapped out by multiplexers. The security module has a critical register that has disable bits for both of these processors, but it turns out that the ARM disable bits have priority. When [Aedan] glitched the security module just right, it disabled the ARM cores but left the RISC-V cores running in the secure context, with full debug(!), and the game was over. As of yet, there is no mitigation for this one, because it’s baked into the secure boot module’s silicon.

[Marius Muench] managed to pre-load malicious code into RAM and glitch a reboot-out-of-secure-mode on the USB module. This one is possibly fixable by checking other reboot flags. [Kévin Courdesses] has a sweet laser fault-injection rig that’s based on the 3D-printable OpenFlexure Delta Stage, which we’ve seen used for microscopy purposes, but here he’s bypassing the anti-glitching circuitry by exposing the die and hitting it hard with photons.

Finally, [Andrew Zonenberg] and a team from IOActive went at the RP2350 with a focused ion beam and just read the memory, or at least the pairwise-OR of neighboring bits. Pulling this attack off isn’t cheap, and it’s a more general property of all anti-fuse memory cells that they can be read out this way. Chalk this up as a mostly-win for the offense in this case.

If you want to read up on voltage glitching attacks yourself, and we promise we won’t judge, [Matthew Alt] has a great writeup on the topic. And ironically enough, one of his tools of choice is [Colin O’Flynn]’s RP2040-based Chip Shouter EMP glitcher, which he showed us how to make and use in this 2021 Remoticon talk.

hackaday.com/2025/01/15/all-th…

These days, anything with copper in it is expensive. If you doubt that, a walk into any Home Depot electrical department, where the wire is locked up tighter than Fort Knox, will prove otherwise. Coaxial cable is a particularly expensive species, which is a pity for hams and other radio enthusiasts since it’s the only thing we can use for antenna feedlines.

Or is it? [Steve (VE6WZ)] has found a way to use ordinary Cat 6 Ethernet cable for antenna feed lines that seems pretty clever. As he points out, Ethernet cables are designed to handle frequencies that coincide nicely with most of the interesting amateur radio bands, and their insertion losses are acceptably low, especially for Cat 6 cable. The twisted pairs are also a balanced system that’s good at rejecting common mode noise. Cat 6 cable also has four pairs of conductors, allowing you to feed multiple antennas with one cable, or to distribute power to amplifiers and switches along with antenna feeds.

The downside? Cat6 conductor pairs have a characteristic impedance of around 100 ohms, which isn’t a match for the 50-ohm feedline impedance universally expected by ham radios. Also, the relatively small wires probably aren’t up to the job of carrying much current, limiting their use to feedlines for receive-only antennas. That works for [Steve] since he uses Cat 6 to support his massive Beverage antenna farm (Beverage antennas are non-resonant horizontal antennas that live close to the ground and point in the direction of the signal, rather than broadside to the signal as with a resonant antenna like a dipole.) Each antenna in his farm has a transimpedance amplifier that needs to be powered, plus switching relays so he can turn the correct antennas on for the signals he wants to receive. He describes the amps in detail in the video below, along with the custom impedance-matching transformers he uses and the combining gear.

Coax will probably still be the cable of choice for most feedline applications, but it’s nice to know there are alternatives. And who knows—if you stick to QRP work, maybe Cat 6 could even be used for transmitting.

youtube.com/embed/i44PU8NJf1M?…

hackaday.com/2025/01/15/forget…

Un cessate il fuoco è stato finalmente raggiunto tra Israele e Hamas, un passo fondamentale tanto atteso dalla popolazione di Gaza, che ha vissuto sotto le bombe per 15 mesi.

Ci uniamo alla speranza che questo momento porti sollievo al popolo palestinese. In attesa dei dettagli dell’accordo, auspichiamo che il cessate il fuoco comporti un immediato ritiro delle forze israeliane dalla Striscia di Gaza, permettendo l’ingresso illimitato di scorte alimentari e beni di prima necessità per alleviare la sofferenza di chi sta subendo un genocidio. Un genocidio sistematicamente portato avanti da Israele per oltre un anno.

Questo accordo evidenzia ulteriormente la necessità di smantellare il sistema di oppressione e occupazione che Israele impone al popolo palestinese da decenni. Solo con la fine di questo sistema si potrà sperare in una pace giusta. Qualsiasi accordo futuro deve rispettare il diritto internazionale, che costituisce la base minima per garantire giustizia e sicurezza. È essenziale che la comunità internazionale agisca con maggiore determinazione di quanto fatto finora. Non dovrebbe essere necessario un accordo tra chi commette un genocidio e chi lo subisce per interromperlo immediatamente. Non è stato fatto tutto il possibile per evitarlo, anzi, molti stati europei e gli Stati Uniti hanno contribuito a renderlo possibile.

Il cessate il fuoco non può farci dimenticare le terribili immagini giunte da Gaza e la realtà di un genocidio in corso. È cruciale fermare ogni violenza, garantire l’accesso completo e senza restrizioni alla stampa internazionale e consentire che la giustizia faccia il suo corso.

L'articolo Cessate il fuoco a Gaza: una speranza, finalmente proviene da Possibile.

This week, Jonathan Bennett and Aaron Newcomb chat with Simon Phipps and Stefano Maffulli about Open Source AI. Why did we need a new definition? Has it been controversial? And why did OSI step into this particular conversation?

• opensource.org/ai

youtube.com/embed/qQlw25Vwgzc?…

Did you know you can watch the live recording of the show Right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.

play.libsyn.com/embed/episode/…

Direct Download in DRM-free MP3.

If you’d rather read along, here’s the transcript for this week’s episode.

Places to follow the FLOSS Weekly Podcast:

• Spotify
• RSS

Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

hackaday.com/2025/01/15/floss-…

The EPFL LisRaptor with adjustable wings and tail.
Throughout evolution, the concept of powered flight has evolved and refined itself multiple times across both dinosaurs (birds), mammals (bats) and insects. So why is it that our human-made flying machines are so unlike them? The field of nature-inspired flying drones is a lively one, but one that is filled with challenges. In a recent video on the Ziroth YouTube channel, [Ryan Inis] takes a look at these efforts, in particular those of EPFL, whose recent RAVEN drone we had a look at recently already.

Along with RAVEN, there is also another project (LisRaptor) based on the Northern Goshawk, a bird of prey seen in both Europe and North-America. While RAVEN mostly focused on the near-vertical take-off that smaller birds are capable of, this project studies the interactions between the bird’s wings and tail, and how these enable rapid changes to the bird’s flight trajectory and velocity, while maintaining efficiency.

The video provides a good overview of this project. Where the LisRaptor differs from the animal is in having a rudder and a propeller, but the former should ideally not be necessary. Obviously the kinematics behind controlled flight are not at all easy, and the researchers spent a lot of time running through configurations aided by machine learning to achieve the ideal – and most efficient – wing and tail configuration. As these prototypes progress, they may one day lead to a drones that are hard to differentiate from birds and bats.

youtube.com/embed/al-PRRAs2vI?…

hackaday.com/2025/01/15/avian-…

From a practical standpoint, [John] may be correct that his recent creation is the “world’s worst digital dash”, but we’re still oddly enamored with the idea of using a Nintendo Game Boy as a digital speedometer. Pulling it off meant interfacing the handheld with the vehicle’s CAN bus system, so whether you’re into retro gaming or car hacking, this project has something to offer.

Showing real-time vehicle speed on the Game Boy sounds like it should be relatively easy, but the iconic game system wasn’t exactly built for such a task. Its 2 MHz CPU and 160×144 pixel dot-matrix screen were every kid’s dream in 1989, but using it as a car dashboard is pushing it. To bridge that gap, [John] designed two custom circuit boards. One interfaces with the Game Boy, intercepting its memory requests and feeding it data from a microcontroller. The other processes the CAN bus signals, translating speed information into a form the Game Boy can display. [John] used inexpensive tools and software to read the CAN bus data, and used GBDK-2020 to write the software in C. His video goes in great detail on how to do this.

Months of work have gone into decoding the Game Boy’s data bus and creating a schematic for the interface board. Tricking the Game Boy into thinking it was loading a game, while actually displaying incoming speed data. The screen’s low resolution and slow refresh rate rendered it barely readable in a moving vehicle. But [John]’s goal wasn’t practicality — it was just proving it could be done.

Want to dive deep into the Game Boy? Have you seen the Ultimate Game Boy talk?

youtube.com/embed/xroxYBp9DOo?…

hackaday.com/2025/01/15/a-game…

Gli attacchi informatici stanno evolvendo con una rapidità impressionante, e i criminali informatici continuano a trovare modi innovativi per aggirare le difese. Recentemente, è stata scoperta una nuova campagna che sfrutta la libreria FastHTTP per eseguire attacchi brute-force ad alta velocità contro account Microsoft 365 in tutto il mondo.

L’attacco: brute-force e MFA Fatigue

Gli attacchi, identificati dalla società di incident response SpearTip, hanno preso il via il 6 gennaio 2024 e mirano agli endpoint dell’API di Azure Active Directory Graph. Utilizzando FastHTTP, una libreria Go progettata per massimizzare l’efficienza e la velocità nella gestione delle richieste HTTP, i cybercriminali automatizzano tentativi di login non autorizzati con un tasso di successo inquietante: quasi il 10% dei tentativi porta a un takeover dell’account.

Oltre al brute-force, la campagna utilizza anche attacchi di MFA fatigue, bombardando gli utenti con richieste di autenticazione multi-fattore fino a indurli a concedere l’accesso.

Origini e numeri della campagna

Secondo SpearTip, la maggior parte del traffico malevolo proviene dal Brasile (65%), seguito da Turchia, Argentina, Uzbekistan, Pakistan e Iraq. I numeri sono impressionanti:

• 41.5% degli attacchi fallisce.
• 21% provoca il blocco dell’account.
• 17.7% viene respinto per violazioni delle policy di accesso.
• 10% è protetto da MFA.

Tuttavia, resta quel preoccupante 9.7% di successo, che mette a rischio dati sensibili, proprietà intellettuale e la continuità operativa delle aziende.

Difendersi: rilevamento e contromisure

Per contrastare questa minaccia, SpearTip ha fornito un PowerShell script per rilevare la presenza dello user agent FastHTTP nei log di audit. Inoltre, gli amministratori possono verificare manualmente i tentativi sospetti nel portale Azure seguendo questi passaggi:

1. Accedere al portale di Azure.
2. Navigare su Microsoft Entra ID → Utenti → Log degli accessi.
3. Applicare il filtro: Client app: “Other Clients”.

Se viene individuata attività malevola, le azioni consigliate includono:

• Terminare immediatamente le sessioni utente e reimpostare tutte le credenziali.
• Verificare e rimuovere eventuali dispositivi MFA non autorizzati.
• Consultare gli indicatori di compromissione (IoC) pubblicati nel rapporto di SpearTip.

Conclusione

Gli attacchi contro Microsoft 365 rappresentano una minaccia concreta per le aziende, con conseguenze devastanti: esposizione di dati riservati, furto di proprietà intellettuale e danni alla reputazione. Questa campagna dimostra quanto sia essenziale adottare un approccio proattivo alla sicurezza, combinando tecnologie avanzate e una costante attenzione ai segnali di compromissione.

Di fronte alla velocità con cui si evolvono queste minacce, è fondamentale rispondere con tempestività e decisione.

L'articolo Microsoft 365 sotto attacco: brute-force ad alta velocità con FastHTTP proviene da il blog della sicurezza informatica.

Full disclosure: ham radio isn’t for everyone, and there are many different facets to it. What appeals to one person might bore another to death. One area of ham radio that has changed a lot in the last few years is more or less local and typically mobile operation on VHF or UHF. Not long ago, hams used HTs (walky-talkies or handi-talkies) or mobile radios via repeaters to talk to each other and — the golden prize back then — make phone calls from their cars. Cell phones have made that much less interesting, but there is still an active community of operators talking on repeaters. However, the traffic has gone digital, the Internet is involved, and people with inexpensive, low-powered radios can talk to each other across the globe. This is nothing new, of course. However, having digital services means that operators with special interests can congregate in what amounts to radio chat rooms organized by region or topic.

There’s a long history of people listening to ham radio conversations with shortwave radios, SDRs, and scanners. But with so much activity now carried on the Internet, you can listen in using nothing more than your web browser or a phone app. I’ll show you how. If you get interested enough, it is easy enough to get your license. You don’t need any Morse code anymore, and a simple Technician class license in the United States is all you need to get going.

A Quick DMR Primer

There are several digital ham networks around and like real networks, you can have different physical transport layers and then build on top of that. For the purposes of this post, I’m going to focus on DMR (digital mobile radio) on the Brandmeister network which is very large and popular ham network. You won’t need a license nor will you need to sign up for anything as long as you are content to just listen.

Here’s how it works: Brandmeister operates a large number of servers worldwide that communicate with each other and provide calling services, including group calls. So, if we set up a Hackaday talk group (fictitious, by the way) on group 1337, interested people could connect to that talk group and have a conversation.

Since we are just going to listen, I’m going to skip some of the details, but the trick is how people get to talk to these networks. In general, there are three ways. The classic way is to use a digital radio to talk to a repeater that is connected to the network. The repeater may have one or more talk groups on all the time, or you might request access to one.

However, another way to connect your radio to a “hotspot” connected to the Internet. That is, more or less, a special form of repeater that is very low power, and you have complete control over it compared to a repeater on some faraway hill. However, if you don’t mind operating using just a computer, you don’t need a radio at all. You simply talk directly to the nearest server, and you are on the network. Some of your audio will go to other computers, and it may go over the airwaves via someone else’s hotspot or repeater.

Talk Groups

Just a few of the 1,600+ talkgroups available on the network
The Brandmeister website has a lot of info and you don’t need to be logged in to see it. Head over to their site and you’ll see a lot of info including a network map and statistics about repeaters and hotspots. You can get an idea of who has been talking lately by clicking Last Heard link. While this is interesting, it isn’t as interesting as you’d think, because you really want to focus on talk groups, not individual users.

To see a list of all the talk groups on the system, you can click Information and then Talkgroups. You can filter the list and you can also download the dataset in different formats if you want to browse it in a different format.
The hoseline shows you all the activity across the network and lets you listen in, too.
There are three buttons on each row of the database. The LH button shows you the last heard stations for that group. The Wiki button takes you to a Wiki page that, for some groups, has more information about it. But the really interesting button is the one marked Hoseline. You can also open the Hoseline directly which is what I usually do.

What’s the Hoseline? It shows activity across the network as a bunch of boxes indicating recently active talk groups. Boxes with red lines around them have people actively talking on them. The others have been recently active. It is visually interesting, yes, but that’s not the big selling point.

If you click on a box, you will hear the activity on that talk group. That’s all there is to it.

Overwhelming

There are a lot of talk groups. You can filter at the top left part of the page where it says “Everything.” You’ll have to drop the list down and unselect Everything. Then, you can select any countries or areas you want to follow. If you are brave, you can click RegEx mode and enter regular expressions to match talk group numbers (e.g. ^310.*).

The “Player” button at the top right gives you more control. You can add multiple groups from a list, see information about who is talking, and stop or start the audio.
The hose is available on Android, too.
If you prefer to do your listening mobile, you can also get the hoseline on your Android device. Just install the app, and you’ll find it works the same way.

Finding Something Interesting

Lord Nelson once said, “The greatest difficulty in war is not to win the battle, but to find the enemy.” That’s accurate here, too. Finding an interesting conversation out of all those talk groups is somewhat a needle in a haystack. A quick look around at the talk group lists might help.

The 91 and 93 groups stay busy but generally with short exchanges since they cover a wide area. The USA bridge at 3100 sometimes has traffic, too.
Talk group 31484 (SE Texas) has 66 devices attached, some of which you can see here.
If you look at the group’s listing on the Web, you can click the group number and see what stations are connected to it. Keep in mind, some of these may be repeaters or gateways that could have no one on the other side, or could have dozens of people on the other side. But it can give you an idea if the talkgroup has any users at all.

You can also search the Internet for DMR nets and repeaters. Sometimes, it is interesting to listen to local repeaters. Sometimes, it is fun to listen to repeaters in other places. Want to find out what’s going on at your next vacation spot? Practice your French?

You can find many DMR repeaters using the RepeaterBook search page. There are also man lists of DMR nets.

Next Steps

There are many other similar networks, but they may not have a way to listen that doesn’t require some software, registration, or licenses. There’s plenty on Brandmeister to keep you busy. If you worry about people listening in, that’s no different than regular radio has been since the beginning.

You can always get your ham license and join in. Even without a radio, there are ways to talk on the network. [Dan Maloney] has advice for getting your “ticket.” It is easier than you think, and you can do a lot more with a license, including talking through satellites, sending TV signals over the air, and bouncing signals of meteors or the moon. If you want to listen to more traditional ham radio in your browser, try a Web-based SDR.

hackaday.com/2025/01/15/no-ham…