EDRi affiliate Danes je nov dan recently launched Razkrinkaj.ai – an online tool that allows users to test their ability to recognise AI-generated content through an interactive quiz while learning about the risks and challenges associated with it.

The post A new tool helps Slovenian public identify AI-generated content and educates about its risks appeared first on European Digital Rights (EDRi).

The EDRi-gram is back after the winter break and yes, we missed you too. Before we dive into the new year, we have a review of 2024 for you. From stopping Chat Control to hosting the first-ever Tech and Society Summit, read up on what kept EDRi so busy last year.

In this edition, also catch-up with some important developments from the end of 2024 which are bound to pop up again on the digital rights radar soon. The infamous High Level Group Going Dark presented their "insecurity by design agenda". So don’t be surprised if EU politics sees another iteration of flawed proposals on data retention and circumventing encryption. Ugh.

Meanwhile, the European Commission presented their proposal for digitalising travel documents. “Didn’t they promise that for the third quarter of 2023,” you say? Indeed, but after the initiative received a devastating amount of negative feedback, it took more than a year for the adjusted EU travel app proposal. We provide an extensive analysis of the (so far) voluntary system for pre-travel controls.

For our more masochistically inclined readers, we take a look over to the US and how corporate social media such as Meta and X align with the new administration. Recent changes to content moderation policies empower far-right extremists and expose marginalised and minoritised communities to hate speech.

The post EDRi-gram, 22 January 2025 appeared first on European Digital Rights (EDRi).

The piece of copper wire moments before getting vaporized by 4,000 joules. (Credit: Hyperspace Pirate, Youtube)
In lieu of high-explosives, an exploding wire circuit can make for an interesting substitute. As [Hyperspace Pirate] demonstrates in a recent video, the act of pumping a lot of current very fast through a thin piece of metal can make for a rather violent detonation. The basic idea is that by having the metal wire (or equivalent) being subjected to a sufficiently large amount of power, it will not just burn through, but effectively vaporize, creating a very localized stream of plasma for the current to keep travelling through and create a major shockwave in the process.

This makes the exploding wire method (EWM) an ideal circuit for any application where you need to have a very fast, very precise generating of plasma and an easy to synchronize detonation. EWM was first demonstrated in the 18th century in the Netherlands by [Martin van Marum]. These days it finds use for creating metal nanoparticles, brief momentary light sources and detonators in explosives, including for nuclear (implosion type) weapons.

While it sounds easy enough to just strap a honkin’ big battery of capacitors to a switch and a piece of wire, [Hyperspace Pirate]’s video demonstrates that it’s a bit more involved than that. Switching so much current at high voltages ended up destroying a solid-state (SCR) switch, and factors like resistance and capacitance can turn an exploding wire into merely a heated one that breaks before any plasma or arcing can take place, or waste a lot of potential energy.

As for whether it’s ‘try at home’ safe, note that he had to move to an abandoned industrial site due to the noise levels, and the resulting machine he cobbled together involves a lot of high-voltage wiring. Hearing protection and extreme caution are more than warranted.

youtube.com/embed/agwKNLoU6g8?…

hackaday.com/2025/01/21/making…

Gli specialisti di Kaspersky Lab hanno rivelato i dettagli di oltre una dozzina di vulnerabilità scoperte nel sistema di infotainment Mercedes-Benz MBUX di prima generazione. La casa automobilistica afferma che i problemi sono stati risolti e che non erano facili da gestire.

Gli esperti hanno studiato il funzionamento dell’unità principale Mercedes-Benz denominata Mercedes-Benz User Experience (MBUX) e si sono basati su uno studio precedente condotto dagli specialisti cinesi Tencent Security Keen Lab e pubblicato nel 2021.
Struttura e componenti MBUX
La ricerca di Kaspersky Lab si è concentrata su un’analisi dettagliata dei sottosistemi MBUX di prima generazione (in una vera vettura Mercedes B180), a cui non è stata prestata attenzione nello studio KeenLab: diagnostica (CAN, UDS, ecc.), connessioni USB e interfacce specializzate protocolli di comunicazione di processo (IPC).

Alcune delle vulnerabilità scoperte potrebbero essere utilizzate per attacchi DoS, altre per l’estrazione di dati, l’iniezione di comandi e l’escalation dei privilegi.

Sebbene alle vulnerabilità siano stati assegnati identificatori CVE del 2023 e 2024, Mercedes-Benz ha affermato di essere a conoscenza dei risultati di Kaspersky Lab dal 2022. I relativi bollettini sono già stati pubblicati su GitHub e le falle di sicurezza sono state tutte prontamente sanate.

Secondo gli esperti, un utente malintenzionato con accesso fisico all’auto potrebbe sfruttare alcune di queste vulnerabilità per disattivare la protezione antifurto standard nell’unità principale, modificare le impostazioni dell’auto e sbloccare servizi a pagamento.

“Nell’agosto 2022, un gruppo di ricercatori esterni in materia di sicurezza ci ha contattato in merito alla prima generazione di MBUX – Mercedes-Benz User Experience”, hanno detto ai media i rappresentanti di Mercedes-Benz. “I problemi descritti dai ricercatori richiedevano l’accesso fisico al veicolo, nonché l’accesso all’interno del veicolo. Inoltre, l’unità principale deve essere rimossa e aperta. Questi problemi non riguardano le versioni più recenti del sistema di infotainment.”

L'articolo Mercedes-Benz: Kaspersky svela oltre 12 vulnerabilità nei sistemi di infotainment proviene da il blog della sicurezza informatica.

Specialisti di Sony Computer Science Laboratories Inc. Insieme ai colleghi del NeuroPiano Institute di Kyoto, hanno sviluppato un esoscheletro che aiuta i pianisti a superare il limite delle abilità nell’esecuzione di brani musicali veloci. I risultati dello studio, che ha coinvolto più di cento persone, sono stati pubblicati sulla rivista Science Robotics.

L’esperienza dimostra che la maggior parte dei musicisti raggiunge un certo plateau dopo un lungo allenamento. Ciò è particolarmente evidente quando si suonano strumenti che richiedono elevata velocità e precisione dei movimenti delle dita, come la chitarra o il pianoforte.

Gli scienziati giapponesi guidati da Shinichi Furuya hanno deciso di verificare se l’allenamento passivo con l’aiuto di un robot avrebbe aiutato a superare questa barriera. Per fare ciò, hanno invitato 118 pianisti professionisti a prendere parte ad una serie di esperimenti.

L’esoscheletro viene posizionato sul dorso della mano e fissato alle dita con dispositivi di fissaggio speciali, garantendo una vestibilità sicura. Il dispositivo consente di eseguire movimenti complessi con più dita contemporaneamente.

Prima dell’inizio dell’esperimento, tutti i partecipanti hanno imparato a suonare da soli alcuni brani fino a raggiungere la perfezione individuale.

Poi è iniziata la fase dell’allenamento passivo: l’esoscheletro prendeva completamente il controllo delle dita della mano destra dei musicisti e le costringeva a muoversi su e giù in sequenze diverse e a velocità diverse, senza partecipazione umana attiva. Inoltre, i movimenti non erano in alcun modo legati a specifiche tecniche musicali o accordi.

youtube.com/embed/pPqOQ1egLzU?…

Dopo aver completato l’addestramento con il robot, ai volontari è stato chiesto di rimuovere l’esoscheletro e di suonare gli stessi brani che avevano imparato in precedenza. E l’ipotesi è stata confermata: la maggior parte dei soggetti ha superato gli ostacoli prima individuati e ha iniziato a suonare molto più velocemente e con maggiore sicurezza. È particolarmente interessante notare che sono stati osservati miglioramenti in entrambe le mani, sebbene sia stata allenata solo quella destra.

Gli scienziati hanno anche condotto un’analisi approfondita della corteccia motoria del cervello prima e dopo l’allenamento. Si scopre che l’allenamento con l’esoscheletro ha portato a cambiamenti neuroplastici, ovvero si sono formate nuove connessioni neurali responsabili del coordinamento dei movimenti degli arti.

L'articolo Democratizzazione del Virtuosismo al Piano. NeuroPiano raggiunge l’impossibile proviene da il blog della sicurezza informatica.

E’ tempo di previsioni. Dopo il boom previsto nella sicurezza informatica entro il 2028, ora si parla del boom complessivo di IT e lo fa Forrester.

Secondo la società di analisi, la spesa globale per i servizi IT raggiungerà i 2 trilioni di dollari entro il 2028. Sebbene il settore rimanga spesso nell’ombra, assorbe più di un terzo della spesa tecnologica globale annua, quattro volte quella destinata all’hardware dei computer.

La crescita principale è prevista nel segmento delle infrastrutture come servizio (IaaS), dove il tasso medio annuo sarà di circa il 16%. La regione Asia-Pacifico mostrerà lo sviluppo più dinamico con un tasso di crescita di quasi il 6%.

Il settore finanziario e quello manifatturiero rimangono i principali motori dello sviluppo industriale. Secondo lo studio, le dieci maggiori aziende IT ricevono il 44% dei loro ricavi da questi settori, compresa l’energia. Allo stesso tempo, come osserva Accenture, solo il 5% delle aziende manifatturiere scala con successo le tecnologie digitali.

I servizi cloud rafforzeranno significativamente la loro posizione nel mercato dei servizi IT: la loro quota aumenterà dall’8% nel 2022 al 15% entro il 2028. I leader di mercato stanno già mostrando risultati impressionanti: Google Cloud ha mostrato una crescita del 26%, AWS del 13% e i servizi cloud Microsoft Azure del 17%.

La sicurezza informatica occuperà una quota di mercato significativa.

Gli analisti di Canalys prevedono che nel 2024, due terzi dei 224 miliardi di dollari di spesa per la sicurezza informatica andranno alla consulenza, all’outsourcing e ai servizi correlati.

Il futuro dei servizi IT dipenderà dalla scalabilità globale, dalla capacità delle aziende di adattarsi alle condizioni regionali e di innovare. Per raggiungere il successo, le aziende dovranno continuare a sviluppare le proprie competenze e rafforzare la collaborazione con i principali attori del settore.

L'articolo 2 trilioni di dollari entro il 2028: Forrester spiega il futuro dei servizi IT nei trend chiave proviene da il blog della sicurezza informatica.

WELCOME BACK. THIS IS DIGITAL POLITICS. I'm Mark Scott, and as many of us unpack the impact of Meta's recent decision to roll back its content moderation policies, here's a reminder that Mark Zuckerberg, the company's chief executive, once had an extremely awkward interaction with astronauts. Enjoy.

— Jan 20 marks the start of Donald Trump's second term in the White House. Here are the people you need to know that will shape tech policy over the next four years.

— The 'will they, or won't they' ban on TikTok in the United States is a reminder, to all countries, that you shouldn't mistake national security for digital policymaking.

— In case it wasn't clear, the US dominates the world of 'online platforms.' But countries from Singapore to Turkey are making a play, too.

Let's get started:

digitalpolitics.co/newsletter0…

The Family BASIC keyboard was a peripheral that was built for programming on the Nintendo Family Computer, or Famicom. As [Linus Åkesson] demonstrates, though, it can do so much more. Meet the Family Bass.

The core of the project is a special adapter which [Linus] created to work with the Family BASIC keyboard. Traditionally, the keyboard plugs into the Famicom’s expansion port, but [Linus] wanted to hook it up to the controller port on a Nintendo Entertainment System instead. Getting them to talk was achieved with an ATtiny85 which could cycle through the 72-key matrix in the keyboard and spit out a serial stream of data the controller port could understand.

On the NES end, the console is set up to run custom code from [Linus] that lets him play the internal sound chip’s triangle wave with the keyboard. He demonstrates this ably in a video where he performs a song called Platform Hopping along with some of his other retro computer instruments.

We’ve seen [Linus] build some other great instruments in the past too, which are both creative and nostalgic. Video after the break.

youtube.com/embed/j9D4a6ws6TY?…

youtube.com/embed/Gds1EeQGMaQ?…

hackaday.com/2025/01/21/family…

During the Cambrian Explosion of cellphone form factors at the turn of the millenium, Nokia reigned supreme. If you’d like to see what they were doing behind the scenes to design these wild phones, you’ll love the Nokia Design Archive from Aalto University.

Featuring images, presentations, videos and a number of other goodies (remember transparencies?), this collection gives us some in-depth insight into how consumer products were dreamed up, designed, and brought to market. Some projects require more reading between the lines than others as the Archive is somewhat fragmented, but we think it could still be an invaluable peek into product design, especially if you’re working on projects that you want to be usable outside of a hacker audience.

The Archive also includes approximately 2000 objects including many unreleased “unknown” models and prototypes of phones that actually did make it into the wild. While we’d love to get our hands on some of these devices IRL, having images with reference colors is probably the next best thing. Having replaced a number of smartphone screens, we hope more hackers take up the buttons and indestructible casing of these elegant devices for a more civilized age.

Thanks to [Michael Fitzmayer] for the tip! Be sure to checkout his work on Nokia N-Gage phones, including an SDK if you too love to taco talk.

hackaday.com/2025/01/21/the-no…

Lubing your keyboard’s switches is definitely a personal preference, though we’re sure that many would call it absolutely necessary. However, people from both camps would probably not suggest is using WD-40 to do so, instead pointing toward Krytox or at least Super Lube. But there are enough people out there who have tried the great water displacer and claim to have experienced no problems that [Sea_Scheme6784] decided to give it a go (so you don’t have to).

Having now collected enough boards to sacrifice one to the lubrication gods, [Sea_Scheme6784] chose a completely stock Logitech G413 SE with brown switches and heavily sprayed every one. Oh yeah, there was no taking them apart first as most lube enthusiasts would advise. No carefully painting it on in the right places with a small brush. Just mad spraying, y’all.

The effects were noticeable immediately — it changed the feel for the better and made the switches way less scratchy. Also the sound is more poppy, despite drowning in not-lubricant. Interesting! [Sea_Scheme6784] says the stabilizers are still rattling away, so that’s no good. Keep an eye on r/mechanicalkeyboards for updates on these shenanigans. We know we will.

Want to know what else you can do to to switches besides lube? Lots of stuff.

Main and thumbnail images via Kinetic Labs

hackaday.com/2025/01/21/probab…

It’s simple enough to wire up an LED matrix and have it display some pre-programmed routines. What can be more fun is when the LEDs are actually interactive in some regard. [Giulio Pons] achieved this with his interactive LED box, which lets you play with the pixels via motion controls.

The build runs of a Wemos D1 mini, which is a devboard based around the ESP8266 microcontroller. [Giulio] hooked this up to a matrix of WS2812B addressable LEDs in two 32×8 panels, creating a total display of 512 RGB LEDs. The LEDs are driven with the aid of an Adafruit graphics library that lets the whole display be addressed via XY coordinates. For interactivity, [Giulio] added a MPU6050 3-axis gyroscope and accelerometer to the build. Meanwhile, power is via 18650 lithium-ion cells, with the classic old 7805 regulator stepping down their output to a safe voltage. Thanks to the motion sensing abilities of the MPU6050, [Giulio] was able to code animations where the LEDs emulate glowing balls rolling around on a plane.

It’s a simple build, but one that taught [Giulio] all kinds of useful skills—from working with microcontrollers to doing the maths for motion controls. There’s a lot you can do with LED matrixes if you put your mind to it, and if you just start experimenting, you’re almost certain to learn something. Video after the break.

youtube.com/embed/ZSptC0_V9_Y?…

hackaday.com/2025/01/21/intera…

Siphons are one of those physics phenomena that, like gyroscopes, non-Newtonian fluids, and electricity, seem almost magical. Thanks to atmospheric pressure, simply filling a tube with liquid and placing the end of the tube below the liquid level of a container allows it to flow against gravity, over a barrier, and down into another container without any extra energy inputs once the siphon is started. They’re not just tricks, though; siphons have practical applications as well, such as in siphon-powered hydroelectric turbine.

This is an iteration of [Beyond the Print]’s efforts to draw useful energy from a local dam with an uneconomic amount of water pressure and/or volume for a typical hydroelectric power station. One of his earlier attempts involved a water wheel but this siphon-based device uses a more efficient impeller design instead, and it also keeps the generator dry as well. Using 3″ PVC piping to channel the siphon, as well as a short length of thinner pipe to attach a shop vac for priming the siphon, water is drawn from the reservoir, up the pipe, and then down through the impeller which spins a small DC generator.

This design is generating about 9 V open-circuit, and we’d assume there’s enough power available to charge a phone or power a small microcontroller device. However, there’s a ton of room for improvement here. The major problem [Beyond the Print] is currently experiencing is getting air into the system and having the siphon broken, which he’s solved temporarily by adding a bucket at the outflow. This slows down the water though, so perhaps with any air leaks mitigated the power generation capabilities will be greatly increased.

youtube.com/embed/SXsQaYP3Sh8?…

hackaday.com/2025/01/21/hydroe…

I was looking at the periodic table of the elements the other day, as one does, when my eye fell upon the right-hand side of the chart. Right next to the noble gases at the extreme edge of the table is a column of elements with similar and interesting properties: the halogens. Almost all of these reactive elements are pretty familiar, especially chlorine, which most of us eat by the gram every day in the form of table salt. As the neighborhoods of the periodic table go, Group 17 is pretty familiar territory.

But for some reason, one member of this group caught my attention: iodine. I realized I had no idea where we get iodine, which led to the realization that apart from chlorine, I really didn’t know where any of the halogens came from. And as usual, that meant I needed to dig in and learn a little bit about the mining and refining of the halogens. At least most of them; as interesting as they may be, we’ll be skipping the naturally occurring but rare and highly radioactive halogen astatine, as well as the synthetic halogen tennessine, which lives just below it in the group.

Fluorine

We’ll start our look at the halogens with fluorine, partly because we’ve already covered the production of hydrofluoric acid, the primary industrial source of elemental fluorine, but also because it’s a bit of an outlier compared to the other halogens, all of which are most commonly sourced from brines. Rather, hydrofluoric acid comes from rocks, specifically fluorspar, which produces HF and calcium sulfate when treated with sulfuric acid.

Hydrofluoric acid is converted into fluorine gas by electrolysis. Unfortunately, HF is a poor electrical conductor, so some potassium bifluoride is added to make the solution conductive enough for electrolysis. No water is used to make the electrolyte; rather, the HF and potassium bifluoride mixture is kept molten at up to 250°C in the electrolysis cell. HF is continuously added as electrolysis proceeds, to keep the electrolyte at the correct ratio. The steel walls of the cell act as the cathode, while a block of graphite is used as the anode. Fluorine gas is captured from the anode, dried and filtered, and compressed for storage.

Most industrial processes requiring fluorine get it from hydrofluoric acid, so only about 2% of all fluorine mined as fluorspar makes it into fluorine gas. The primary use for fluorine gas is the production of uranium hexafluoride, the feedstock for uranium purification for nuclear fuels. Most of the rest of fluorine gas production goes to the manufacture of sulfur hexafluoride for the electrical industry, where it serves as a gaseous dielectric for high-voltage switchgear.

Chlorine

Next up on our tour of the halogens is chlorine, a reactive element with so many industrial uses it’s hard to name them all. Apart from its familiar uses in disinfection and public sanitation, chlorine is used to create polymers like polyvinyl chloride along with a host of organic and inorganic chlorides. Chlorine is also needed to produce the next halogen on our list, bromine, which we’ll cover below.

Like fluorine gas, gaseous chlorine is produced by electrolysis using the chlor-alkali process. The electrolyte for chlorine production, though, is an aqueous brine solution, normally sourced from naturally occurring deposits that form by groundwater seeping into underground salt formations. The concentrated NaCl solution — or sometimes potassium chloride; the method works for both — is pumped to the surface from great depths and filtered to high purity before being piped into the cell house, where long rows of special electrolysis cells are ready to receive it.
Schematic of chlor-alkali cell for the electrolytic production of chlorine. Hydrogen and sodium hydroxide are also produced, Credit: Heitner-Wirguin, C., public domain.
Each electrolysis cell is divided into two compartments, one for the anode and one for the cathode. Between them is a thin membrane made from a resin material that is selectively permeable to cations. Fresh brine is pumped into the anode side of the cell, while plain water is pumped into the cathode side. On the anode side, the chlorine gas is liberated from the chloride ions and collected. The positively charged sodium or potassium ions move across the membrane into the cathode side of the cell. There, water is electrolyzed to hydrogen gas, a valuable byproduct that is also collected and, and hydroxide ions, which greedily bind with the sodium or potassium from the other side of the cell. This creates the third useful product of the chlor-alkali process, either sodium hydroxide or potassium hydroxide, which is generically referred to as caustic. The caustic is pumped off, filtered, and further purified before being shipped.

The raw chlorine gas coming off the anode side of the cell has a lot of water vapor mixed in with it. The gas is dried by passing it through a heat exchanger that cools it enough to condense the water vapor. The dried gas is then further cooled and compressed before being liquified for shipping. Alternatively, the dried gas can be piped to other parts of the plant for immediate use in other processes, including the production of bromine.

Bromine

In elemental terms, bromine is a strange beast. It’s the only non-metallic element that exists as a liquid under standard temperature and pressure conditions. That presents both challenges and opportunities for its extraction and purification.

As with most halogens, brine is the source material for bromine production. Sodium chloride is the main salt in most brines, but in places such as the Dead Sea area on the border between Israel and Jordan, the brine has enough bromides to be commercially viable. The Smackover Formation, which stretches in an arc from Texas to Florida in the United States also has bromide-rich brines, particularly in southern Arkansas.

Extraction starts with pumping brine up from deep wells. The brine is naturally hot, which reduces the amount of energy needed to extract the bromine. Filtered brine is pumped to the top of a tall reaction tower through a long vertical section of pipe. At the bottom of the pipe, chlorine gas is injected into the brine. Chlorine, a powerful oxidant, preferentially strips electrons away from bromides in the brine, which converts bromides to bromine (Br₂). The brine enters the top of the reactor tower, which has an outlet at the top that’s connected to a venturi. High-pressure steam passes over the venturi, creating a partial vacuum in the tower. The combination of heat and vacuum causes the bromine in the brine to flash-evaporate. The gaseous bromine is sucked out of the venturi into the steam, while the remaining brine falls back down to the bottom of the tower through a matrix of plastic discs. The discs break the droplets up and slow them down, giving any remaining bromine in the brine a chance to evaporate and make its way back up and out of the tower.

youtube.com/embed/kOpC11j1u8w?…

The bromine gas is sent to a condenser to remove water vapor and another, colder condenser to turn it into a liquid. The liquid bromine then goes into a dryer that removes all remaining traces of water, chlorine, and other contaminants. The liquid bromine is then shipped in specialized rail or truck tankers while waste brine is pumped back into the geologic formation it came from. Bromine has many industrial uses, but its most familiar use is probably in flame-retardent compounds. Most of us have probably seen the sickly orange color of old plastics, which is caused by the bromine-based flame retardants breaking down over time. Bromine compounds also figure prominently in the FR4 substrate used to make flame-retardant printed circuit boards.

Iodine

Last up is iodine, the halogen that kicked this whole thing off. Iodine is unique in that it used to be extracted mainly from plants, specifically kelp. The discovery of a type of soil called caliche in the Atacama Desert of Chile changed things in the 19th century. While mainly prized as a rich source of potassium nitrate, some caliche deposits also have iodate minerals, up to 1% by weight. It’s not much, but it’s enough to make extraction commercially viable.
Iodine prills. Source: Nefronus, CC0, via Wikimedia Commons
The current process for extracting iodine starts with making an artificial brine. Caliche is blasted free from the ground and piled into huge plastic-lined pits. Water is pumped over the caliche, which leaches the iodates as it works its way down through the pile. The resulting brine is pumped into evaporation ponds, where solids settle out of solution as the brine concentrates in the fierce desert sun.

The concentrated brine is pumped out of the ponds and filtered before being sent to large absorption towers. There, sulfur dioxide gas is injected into the brine, which causes it to release iodine. The elemental iodine immediately combines with the SO₂ to form iodide ions. The iodide-rich solution then gets a shot of iodic acid (HIO₃), which converts all the iodide ions into solid iodine.

Kerosene is then added to the solution to extract the iodine. This dark purple witch’s brew is then pumped into a reactor where high temperature and pressure are used to melt the solid iodine, dropping it back out of the suspension. The molten iodine is then pumped to a prilling tower, where it drips through a sieve of fine holes. The droplets cool as they drop through the tower, forming small balls of solid iodine, or prills, which are ready for shipping.

hackaday.com/2025/01/21/mining…

One of the best things about adulthood is that finally we get to, in most cases, afford ourselves the things that our parents couldn’t (or just didn’t for whatever reason). When [Yakroo108] was a child, Walkmans were expensive gadgets that were out of reach of the family purse. But today, we can approximate these magical music machines ourselves with off-the-shelf hardware.

Besides the cyberpunk aesthetic, the main attraction here is the UNIHIKER Linux board running the show. After that, it’s probably a tie between that giant mystery knob and the super-cool GUI made with Tkinter.

We also like the fact that there are two displays: the smaller one on the SSD1306 OLED handles the less exciting stuff like the volume level and the current time, so that the main UNIHIKER screen can have all the equalizer/cyberpunk fun.

Speaking of, this user-friendly GUI shows play/stop buttons and next buttons, but it looks like there’s no easy way to get to the previous track. To each their own, we suppose. Everything is enclosed in a brick-like 3D-printed enclosure that mimics early Walkmans with orange foam headphones.

If you want an updated Walkman with keyboard switches (who wouldn’t?), check this out.

hackaday.com/2025/01/21/cyber-…

I ricercatori di Intezer Labs hanno identificato una serie di attacchi informatici contro organizzazioni nelle regioni di lingua cinese, tra cui Hong Kong, Taiwan e la Cina continentale. Questi attacchi utilizzano il downloader multifase PNGPlug per diffondere il malware ValleyRAT.

L’attacco inizia con una pagina di phishing che convince la vittima a scaricare un file MSI dannoso mascherato da software legittimo. Una volta avviato, questo file esegue due compiti: installa un’applicazione innocua per creare l’illusione di legittimità ed estrae un archivio crittografato contenente componenti dannosi.

Il file MSI utilizza la funzionalità CustomAction di Windows Installer per eseguire codice dannoso. L’archivio crittografato “all.zip” viene decrittografato utilizzando la password integrata “hello202411“. I componenti principali includono “libcef.dll” (il downloader), “down.exe” (l’applicazione legittima) e i file “aut.png” e “view.png“, che sono mascherati da immagini ma contengono dati dannosi.

Il compito del caricatore “libcef.dll” è preparare un ambiente per l’esecuzione del malware. Apporta modifiche al file di sistema “ntdll.dll” per inserire i dati in memoria e analizzare i parametri della riga di comando. Se viene rilevato il parametro /aut, il boot loader estrae il percorso del file down.exe, lo scrive nel registro ed esegue il codice dal file aut.png. Altrimenti viene eseguito il file “view.png” e il suo contenuto viene inserito nel processo “colorcpl.exe”.

ValleyRAT, distribuito utilizzando PNGPlug, è un malware sofisticato attribuito al gruppo Silver Fox. Questo strumento include meccanismi di esecuzione multilivello come l’esecuzione di shellcode in memoria, l’esecuzione privilegiata e la presenza persistente nel sistema tramite il registro e le attività di pianificazione.

L’analisi mostra che gli attacchi utilizzano un’ampia gamma di tattiche: siti di phishing, mascheramento di file dannosi come programmi legittimi e utilizzo di software gratuito che i dipendenti sono spesso costretti a utilizzare a causa della mancanza di strumenti aziendali.

Il gruppo Silver Fox APT è specializzato in operazioni di spionaggio rivolte a organizzazioni di lingua cinese, compreso l’uso di ValleyRAT e Gh0st RAT per raccogliere dati, monitorare l’attività e fornire moduli aggiuntivi. La campagna si distingue per il suo focus su un pubblico monolingue, che ne sottolinea la portata e l’obiettivo strategico. La mancanza di investimenti nella sicurezza informatica da parte delle vittime aumenta la loro vulnerabilità a tali attacchi.

L’utilizzo del caricatore modulare PNGPlug consente agli aggressori di adattare la minaccia a diverse campagne, il che la rende particolarmente pericolosa. Questi eventi dimostrano la necessità di implementare tecniche avanzate di rilevamento e protezione contro le minacce in continua evoluzione.

L'articolo PNGPlug: Quando il Malware è nascosto dentro immagini innocenti proviene da il blog della sicurezza informatica.