One of the more popular activities in the ham radio world is DXing, which is attempting to communicate with radio stations as far away as possible. There are some feats that will earn some major credibility in this arena, like two-way communication with Antarctica with only a few watts of power, long-path communication around the globe, or even bouncing a signal off the moon and back to a faraway point on Earth. But these modes all have one thing in common: they’re communicating with someone who’s also presumably on the same planet. Barring extraterrestrial contact, if you want to step up your DX game you’ll want to try to contact some of our deep-space probes (PDF warning).

[David Prutchi] aka [N2QG] has been doing this for a number of years now and has a wealth of knowledge and experience to share. He’s using both a 3.2 meter dish and a 1.2 meter dish for probing deep space, as well as some custom feed horns and other antennas to mount to them. Generally these signals are incredibly small since they travel a long way through deep space, so some amplification of the received signals is also needed. Not only that, but since planets and satellites are all moving with respect to each other, some sort of tracking system is needed to actively point the dish in the correct direction.

With all of that taken care of, it’s time to see what sort of signals are coming in. Compared to NASA’s 70-meter antennas used to communicate with deep space, some signals received on smaller dishes like these will only see the carrier wave. This was the case when an amateur radio group used an old radio telescope to detect one of the Voyager signals recently. But there are a few cases where [David] was able to actually receive data and demodulate it, so it’s not always carrier-only. If you’re sitting on an old satellite TV dish like these, we’d certainly recommend pointing it to the sky to see what’s out there. If not, you can always 3D print one.

hackaday.com/2025/01/25/making…

IntelBroker, figura nota e rispettata all’interno della community di BreachForums, ha annunciato la sua dimissione dal ruolo di amministratore con un post pubblicato il 23 gennaio 2025. Questo annuncio mette in luce un problema spesso trascurato, ma sempre più attuale: il bilanciamento tra vita privata e “lavoro”, anche all’interno di contesti non tradizionali come quelli legati al cybercrime e alla cybersecurity.

Il post di dimissioni

Nel messaggio, IntelBroker spiega le motivazioni alla base della sua decisione:

“Mi dimetto perché non ho abbastanza tempo da dedicare a BreachForums. Avevo già detto in passato che non volevo ricoprire il ruolo di admin o ruoli di maggiore responsabilità perché non ho tempo sufficiente. […] Sono molto impegnato nella vita reale e non voglio essere uno staffer inutile e inattivo.”

Le parole rivelano un desiderio di trasparenza e un senso di responsabilità verso la community criminale, ma anche una chiara indicazione di come gli impegni nella vita reale possano entrare in conflitto con il ruolo di spicco ricoperto nel forum.

Pur continuando a considerare gli utenti di BreachForums una “comunità incredibile”, IntelBroker ammette che la mancanza di tempo lo ha portato a ridurre progressivamente la sua attività, fino alla decisione di dimettersi definitivamente.

Il burnout nella cybersecurity

Questo post evidenzia un tema cruciale che riguarda chi lavora nell’ambito della cybersecurity, spesso soggetto a ritmi logoranti e a uno stress continuo.

Il burnout, ossia una forma di esaurimento fisico ed emotivo causata da stress cronico, è una realtà comune tra professionisti IT, hacker etici e persino figure operative in ambiti meno convenzionali come BreachForums. Le cause principali includono:

• Overload di responsabilità: gestire un forum di riferimento nelle underground criminali, monitorare utenti e thread e mantenere la sicurezza interna è un lavoro che richiede dedizione costante.
• Mancanza di confini tra vita privata e “lavoro”: non tutti lavorano a tempo pieno nell’underground criminale. Spesso chi opera in queste comunità lo fa durante il tempo libero, compromettendo i momenti di riposo.
• Pressione sociale: il timore di deludere la community o di non essere all’altezza del ruolo può aggravare lo stress.

Commento al post

IntelBroker ha fatto ciò che molte persone faticano a fare: riconoscere i propri limiti. È una decisione che, sebbene possa sembrare una perdita per la community di BreachForums, rappresenta un atto di maturità e responsabilità. Continuare a operare come admin senza poter dedicare il tempo necessario non avrebbe giovato né a lui né alla piattaforma.

Questa scelta, per quanto comprensibile in un mondo parallelo alla legalità, accende i riflettori sulla necessità di una gestione più sostenibile del lavoro, anche in contesti dove la professionalità si mescola all’illegalità o alla passione per il cybercrime. Se persino figure altamente rispettate nel cybercrime come IntelBroker sono costrette a fare un passo indietro per evitare il burnout, è evidente che il problema è diffuso.

Conclusioni

La storia di IntelBroker è un promemoria per tutti: il bilanciamento tra vita privata e lavoro non è un lusso, ma una necessità, indipendentemente dal settore in cui si opera. Nella cybersecurity, questo equilibrio è spesso difficile da raggiungere, ma è fondamentale per garantire la salute mentale e la produttività a lungo termine.

Per le community come BreachForums, l’addio di un leader è sempre un momento critico.

Tuttavia, rappresenta anche un’opportunità per riflettere su come distribuire meglio i carichi di lavoro e supportare i membri attivi. Alla fine, il valore di una comunità non risiede solo nei suoi leader, ma nella forza collettiva dei suoi membri sia nel mondo oscuro che non.

L'articolo Burnout e Work life balance Nel Cybercrime. IntelBroker Lascia La Guida Di BreachForums! proviene da il blog della sicurezza informatica.

Nella giornata odierna, ZYXEL ha rilasciato un aggiornamento delle signature del servizio UTM App Patrol per i firewall della serie ATP/USG FLEX.

Tuttavia, l’aggiornamento ha avuto un impatto negativo, causando gravi disservizi agli apparati interessati. Molti utenti hanno riscontrato un blocco parziale dei firewall, con conseguente impossibilità di accedere all’interfaccia di management e di utilizzare connessioni SSL VPN.

Il problema si è rivelato particolarmente critico in quanto ha coinvolto funzionalità chiave, come il controllo remoto e la gestione delle connessioni sicure, compromettendo di fatto l’operatività delle infrastrutture aziendali e personali basate su questi dispositivi. Gli utenti hanno segnalato difficoltà nel monitoraggio e nella gestione delle reti, aggravando ulteriormente la situazione.

In alcuni casi, il disservizio si è manifestato con un comportamento ancora più grave: i firewall sono entrati in un ciclo continuo di riavvio, con interruzioni regolari ogni 15 minuti. Questo fenomeno ha reso impossibile la navigazione e il normale funzionamento delle reti, causando notevoli disagi sia in ambito lavorativo che domestico. La situazione ha evidenziato la criticità di un’implementazione non testata adeguatamente prima del rilascio ufficiale.

ZYXEL, consapevole del problema, ha rilasciato un workaround per consentire agli utenti di ripristinare i dispositivi. Tuttavia, la soluzione fornita richiede l’accesso fisico all’apparato tramite cavo console. Questa procedura non è immediatamente applicabile per chi ha installazioni remote o in luoghi difficilmente accessibili, aumentando ulteriormente i disagi per gli amministratori IT e gli utenti finali.

La mancanza di un fix remoto ha generato critiche nei confronti della gestione dell’incidente da parte di ZYXEL. In un’epoca in cui la reattività e la capacità di intervenire da remoto sono aspetti fondamentali, affidarsi esclusivamente a interventi fisici rappresenta una limitazione significativa. Gli utenti hanno espresso insoddisfazione sui forum e sui canali di supporto, richiedendo aggiornamenti tempestivi e maggiore trasparenza sulle tempistiche di risoluzione definitiva.

Questo incidente rappresenta un richiamo all’importanza dei processi di testing e validazione degli aggiornamenti, specialmente per dispositivi critici come i firewall. La fiducia degli utenti in ZYXEL è ora messa alla prova, e sarà fondamentale che l’azienda risponda con un approccio più proattivo per evitare che situazioni simili si ripetano in futuro.

L'articolo Zyxel Alert! Come Risolvere il Loop di Riavvio e Altri Errori Critici proviene da il blog della sicurezza informatica.

Di recente, un threat actor noto come Truth-chan ha dichiarato di aver compromesso il sito del partito politico italiano Fratelli d’Italia, sfruttando una presunta vulnerabilità di directory listing. Quanto riportato dal malintenzionato è gravei: si parla del furto di dati sensibili estratti da circa 12.000-13.000 curriculum vitae (CV) caricati sulla piattaforma.

Al momento, non possiamo confermare la veridicità della notizia, poiché l’organizzazione non ha ancora rilasciato alcun comunicato stampa ufficiale sul proprio sito web riguardo l’incidente. Pertanto, questo articolo deve essere considerato come ‘fonte di intelligence’.
Post apparso sul forum underground Breach Forums

Dettagli sulla violazione

Secondo quanto riportato nel post, i dati sottratti comprenderebbero:

• Informazioni personali: nomi, indirizzi e-mail e contatti.
• Dati professionali: esperienze lavorative, corsi frequentati e competenze linguistiche.

L’intero pacchetto sarebbe stato strutturato in un file JSON, che ne faciliterebbe l’accesso e l’utilizzo da parte di terzi.

Il cybercriminale sostiene di aver utilizzato strumenti di intelligenza artificiale per accelerare l’estrazione e la gestione dei dati. Tuttavia, sembra che alcune informazioni risultino incomplete o corrotte, portando l’attore della minaccia a cercare collaborazione per migliorare il dataset.
Samples apparsi sul forum underground Breach Forums

Se confermato, quali potrebbero essere le conseguenze?

Al momento non è stato emesso alcun comunicato stampa dall’organizzazione. Qualora venisse confermata l’esfiltrazione dei dati, la portata di questo presunto attacco potrebbe rivelarsi significativa, sia per il partito che per gli individui coinvolti.

Per Fratelli d’Italia:

• Ripercussioni reputazionali: Se confermato, un incidente del genere rischierebbe di intaccare la fiducia di membri e collaboratori.
• Conseguenze legali: La gestione inadeguata dei dati personali potrebbe violare il GDPR, con potenziali sanzioni economiche e danni d’immagine.
• Maggiore esposizione ad attacchi mirati: Informazioni sensibili potrebbero essere utilizzate per phishing o altre attività malevole contro il partito e i suoi membri.

Per gli individui coinvolti:

• Violazione della privacy: Curriculum vitae trafugati potrebbero rivelare dettagli sensibili sulle persone.
• Furto d’identità: Informazioni personali potrebbero essere sfruttate per scopi fraudolenti.
• Implicazioni lavorative: La diffusione non autorizzata di dati professionali potrebbe impattare negativamente sulle prospettive di carriera.

Cosa possono fare le persone potenzialmente coinvolte?

• Monitorare segnali di attività fraudolenta: Controllare periodicamente conti finanziari e comunicazioni personali.
• Rafforzare la sicurezza online: Modificare le password e abilitare l’autenticazione a due fattori.
• Attenzione al phishing: Diffidare di e-mail sospette o richieste non sollecitate di informazioni personali.

Conclusione

Sebbene le dichiarazioni del threat actor richiedano ulteriori verifiche, questo episodio, reale o meno, pone l’accento su una problematica attuale: la sicurezza informatica non può essere sottovalutata. La gestione dei dati personali richiede protocolli solidi e un’attenzione costante, soprattutto quando in gioco ci sono informazioni così delicate.

Come nostra consuetudine, lasciamo sempre spazio ad una dichiarazione da parte dell’azienda qualora voglia darci degli aggiornamenti sulla vicenda. Saremo lieti di pubblicare tali informazioni con uno specifico articolo dando risalto alla questione.

RHC monitorerà l’evoluzione della vicenda in modo da pubblicare ulteriori news sul blog, qualora ci fossero novità sostanziali. Qualora ci siano persone informate sui fatti che volessero fornire informazioni in modo anonimo possono utilizzare la mail crittografata del whistleblower.

L'articolo Un Hacker Criminale Rivendica Un Cyber Attacco A Fratelli D’Italia: Presunta Fuga Di Dati Online! proviene da il blog della sicurezza informatica.

At least some in the audience will at some time in the distant past have loaded or saved a program on cassette, with an 8-bit home computer. The machine would encode binary as a series of tones which could be recorded to the tape and then later retrieved. If you consider the last sentence you’ll quickly realize that it’s not too far away from what a modem does, so can a modem record to cassette and decode it back afterwards? [Jesse T] set out to give it a try, and as it turns out, yes you can.

The modem talks and listens to the cassette recorder via circuitry that provides some signal conditioning and amplification, as well as making a dial tone such that the modem thinks it’s talking to a real phone line. An Arduino steps in as dial tone creator.

Of course, this is hardly a viable solution to 21st century data storage need, but that’s hardly the point as it’s a cool hack. We like it, and oddly we’ve seen a similar technique used with a retrocomputer in the past.

youtube.com/embed/GuO1WmUuKQI?…

Thanks [CodeAsm] for the tip!

hackaday.com/2025/01/24/a-mode…

The moon is a popular target for ham radio operators to bounce signals since it’s fairly large and follows a predictable path. There are some downsides, though; it’s not always visible from the same point on Earth and is a relatively long way away. Thinking they could trade some distance for size, an amateur radio group from the Netherlands was recently able to use a radio telescope pointed at a geostationary satellite to reflect a signal back down to Earth, using this man-made satellite to complete the path instead of the more common natural one.

While there are plenty of satellites in orbit meant for amateur radio communication (including the International Space Station, although it occasionally does other things too), these all have built-in radio transmitters or repeaters specifically meant for re-transmitting received signals. They’re also generally not in geostationary orbit. So, with a retired radio telescope with a 20-meter dish aimed directly at one of the ones already there, they sent out a signal which bounced off of the physical body of the satellite and then back down where it was received by a station in Switzerland. Of course, the path loss here is fairly extreme as well since the satellite is small compared to the moon and geostationary orbit is a significant distance away, so they used the Q65 mode in WSJT-X which is specifically designed for recovering weak signals.

Don’t break out the tape measure Yagi antenna to try this yourself just yet, though. This path is not quite as reliable as Earth-Moon-Earth for a few reasons the group is not quite sure about yet. Not every satellite they aimed their dish at worked, although they theorize that this might be because of different shapes and sizes of the satellites or that the solar panels were not pointing the correct direction. But they were able to make a few contacts using this method nonetheless, a remarkable achievement they can add to their list which includes receiving a signal from one of the Voyager spacecraft.

hackaday.com/2025/01/24/bounci…

Vehicle alternators are interesting beasts. Produced on a massive scale, these electric machines are available for a minimum of cost and contain all kinds of great parts: some power electronics and a belt-driven generator are generally standard fare. This generator can also be used as a motor with only minor changes to the machine as a whole, so thanks to economies of scale it’s possible to get readily-available, powerful, compact, and cheap motors for all kinds of projects using alternators as a starting point. [LeoDJ] noticed that this starter motor in a modern Mercedes had some interesting benefits beyond all of these perks, but it took a bit more work to get up and running than a typical alternator would have.

The motor, built by Bosch, can be found in the Mercedes E200 EQ Boost. This is a hybrid car, but different than something like a Prius in that it doesn’t have an electric motor capable of powering the car on its own. Instead it uses a combination starter motor/alternator/generator to provide extra power to the engine during acceleration, increasing efficiency and performance. It can also charge the small battery bank when the car slows down. Vehicles that use this system need much beefier alternators than a standard car, but liberating it from the car means that it has much more power available than a typical alternator would.

There were a number of issues to solve, though. Being that the motor/alternator has to do all of this extra work (and that it came out of a car whose brand is known for being tedious to work on in the first place) it is much more complicated than an off-the-shelf alternator. [LeoDJ] has been able to get his to spin by communicating with it over the CAN bus, but there’s still some work to be done before it goes into something like an impressively fast electric bicycle.

Thanks to [RoganDawes] for the tip!

hackaday.com/2025/01/24/bosch-…

One of the major limitations of 3D printers is the size of the printable area. The robotic arm holding the printer head can only print where it can reach, after all. Some methods of reducing this constraint have been tried before, largely focusing on either larger printers or printer heads that are mobile in some way. Another approach to increasing the size of prints beyond the confined space typical of most consumer-grade 3D printers is to create some sort of joinery into the prints themselves so that larger things can be created. [Cal Bryant] is developing this jigsaw-based method which has allowed him to produce some truly massive prints.

Rather than making the joints by hand, [Cal]’s software will cut up a model into a certain number of parts when given the volume constraints of a specific 3D printer so it can not only easily print the parts, but also automatically add the jigsaw-like dovetail joints to each of the sections of the print. There were a few things that needed prototyping to get exactly right like the tolerance between each of the “teeth” of the joint, which [Cal] settled on 0.2 mm which allows for a strong glued joint, and there are were some software artifacts to take care of as well like overhanging sections of teeth around the edges of prints. But with those edge cases taken care of he has some working automation software that can print arbitrarily large objects.

[Cal] has used this to build a few speaker enclosures, replacing older MDF designs with 3D printed ones. He’s also built a full-size arcade cabinet which he points out was an excellent way to use up leftover filament. Another clever way we’ve seen of producing prints larger than the 3D printer is to remove the print bed entirely. This robotic 3D printer can move itself to a location and then print directly on its environment.

hackaday.com/2025/01/24/small-…

With the slow demise of physical media the past years, companies are gradually closing shop on producing everything from the physical media itself to their players and recorders. For Sony this seems to have now escalated to where it’ll be shuttering its recordable optical media storage operations, after more than 18 years of producing recordable Blu-ray discs. As noted by [Toms Hardware] this also includes minidisc (MD) media and MiniDV cassettes.

We previously reported on Sony ending the production of recordable Blu-ray media for consumers, which now seems to have expanded to Sony’s remaining storage media. It also raises the likelihood that Sony’s next game console (likely PlayStation 6) will not feature any optical drive at all as Blu-ray loses importance. While MiniDV likely was only interesting to those of us still lugging one of those MiniDV camcorders around, the loss of MD production may be felt quite strongly in the indie music scene, where MD is experiencing somewhat of a revival alongside cassette tapes and vinyl records.

Although it would appear that physical media is now effectively dead in favor of streaming services, it might be too soon to mark its demise.

hackaday.com/2025/01/24/sony-e…

Dear Friend of Press Freedom,

If you enjoy reading this newsletter, please support our work. Our impact in 2024 was made possible by supporters like you. If someone forwarded you this newsletter, please subscribe here.

Trump’s assault on free press

President Donald Trump’s multipronged assault on the free press is already well underway. Trump’s Federal Communications Commission chair revived baseless complaints against networks his boss doesn’t like. More major news networks are reportedly considering settling frivolous lawsuits to get on Trump’s good side. He’s halted police reform agreements that include protections for journalists covering protests. His (alleged) Hitler-heiling homeboy is already threatening to wield his power against critics.

But that’s just the low-hanging fruit — there’s likely plenty more to come. Read about the three major press freedom threats we’re most concerned over: increased leak investigations, prosecutions of journalists, and surveillance of journalists.

Government secrecy issues to watch during Trump 2.0

Our Daniel Ellsberg Chair on Government Secrecy, Lauren Harper, also gave her forecast for the second Trump administration — and it’s concerning, to say the least.

There’s his consistent disregard for preserving presidential records during his first term, which we see no signs will change this time around. He has already resumed his efforts to thwart government oversight. And his administration will likely, once again, undermine the Freedom of Information Act, both by not creating public records and by finding ways to not share those they do create with the public.

Harper also covers the Biden administration’s failures on government secrecy, including refusing to issue a new executive order on classified national security information and neglecting to declassify documents the public has demanded (some of which Trump has now, to his credit, ordered declassified). Biden’s administration also continued to keep secret Office of Legal Counsel opinions, and failed to adequately fund the National Archives and Records Administration.

Biden’s press freedom legacy: empty words and hypocrisy

Sure, Trump is likely to make things worse, but that doesn’t mean Biden was a friend of the free press. He deserved one last kick on his way out the door, so here it is: our recap of Biden’s three worst press freedom failures.

His prosecutions of WikiLeaks founder Julian Assange and digital journalist Tim Burke open doors for Trump to prosecute journalists who tell both government and corporate secrets. His support for purported national security laws like the TikTok ban and the “spy draft” amendment to Section 702 of FISA will lead to further surveillance and censorship. And his administration’s silence on journalist killings in Gaza was a disgrace that even Trump would be hard-pressed to top.

Musk may hide DOGE records in plain sight

The new Department of Government Efficiency was long touted as a panel that would “provide advice and guidance from outside of government” to slash agency regulations and restructure the federal bureaucracy. But that didn’t pan out. The Jan. 20 executive order establishing DOGE says it will very much be a part of the federal government.

Why the change? Musk reportedly decided that if DOGE were a part of the government, it would be easier to avoid the Federal Advisory Committee Act’s requirements that advisory panels make all of their committee meetings and documents public. By placing DOGE within the government, Musk may have effectively bet that he can more easily flout FOIA than FACA. Harper explains it all here.

FPF, partners urge law enforcement to let press report on LA wildfires

We know policing the tragic situation in Los Angeles is chaotic but that's all the more reason reporters must be able to cover the fires. Unfortunately, there have been troubling instances where journalists have been illegally turned away from checkpoints and faced intimidation tactics and other interference.

We're one of 21 organizations calling on law enforcement to follow state law and give the press the access it needs to do its job. The same California law that gives law enforcement the ability to close areas during emergencies explicitly exempts the press. Police need to comply with the law, even in chaotic situations.

Tell DA to drop case against Portland journalist

We’ve also got some good news to report. The Multnomah County District Attorney’s office dropped its case against Portland-based independent journalist Alissa Azar. She had been set to stand trial Monday on trespass charges arising from her arrest while covering a protest at Portland State University in May.

We explained in a June letter to then-DA Mike Schmidt that the charges violated Azar’s First Amendment right — recognized by the 9th Circuit as well as the Department of Justice — to cover the protest, even after police dispersed demonstrators. Schmidt ignored us, but he’s gone. We reached out to his successor, Nathan Vasquez, who took over on Jan. 1st. Our friends at Defending Rights & Dissent also created a petition to Vasquez calling on him to drop the case. Yesterday, he did.

We thank Vasquez for cleaning up his predecessor’s mess and urge him to go one step further: Publicly commit to allowing journalists to cover protests and their aftermath and not prosecuting any similar cases going forward.

What we’re reading

Elon Musk’s battle with Wikipedia is part of his war on truth (The Independent). “He is the world’s leading free speech hypocrite, and his actions with respect to Wikipedia are further evidence of that,” we told the Independent following Musk’s call to “defund” Wikipedia for calling his obvious Nazi salute a Nazi salute.

Stanford won’t discipline student journalist arrested during pro-Palestinian protest (KQED). It’s nice that Stanford dropped its disciplinary case. But until it does everything it can to push prosecutors to end the criminal case, it's still an anti-press institution. Aspiring journalists and donors who value free speech should look elsewhere.

Will the press fight like tigers against Trump? (Columbia Journalism Review). It’s vital for the press to now band together and fight like hell to protect their rights — just like they did during the Nixon administration. Legendary First Amendment lawyer James Goodale makes the case.

Court rules warrantless Section 702 searches violated the Fourth Amendment (ACLU). Section 702 of FISA has long been abused to unlawfully surveil Americans, including journalists. Congratulations to the ACLU, Electronic Frontier Foundation and everyone else involved in this significant win for the Fourth Amendment.

Decentralized social media is the only alternative to the tech oligarchy (404 Media). The first days of Trump 2.0 “have made it crystal clear that it is urgent to build and mainstream alternative, decentralized social media platforms that are resistant to government censorship and control, are not owned by oligarchs and dominated by their algorithms.”

Check out our other newsletters

If you haven’t yet, subscribe to FPF’s other newsletters, including “The Classifieds,” our new newsletter on overclassification and more from Lauren Harper, our Daniel Ellsberg Chair on Government Secrecy.

freedom.press/issues/trumps-as…