Il 9 agosto 2024, gli utenti russi hanno segnalato in massa problemi con Signal. Allo stesso tempo, alcuni hanno notato che Signal non funzionava neanche con l’uso di una VPN, e i problemi sono iniziati l’8 agosto.

I rappresentanti del Roskomnadzor (RKN) della Federazione Russa hanno riferito che l’agenzia ha un accesso limitato al sistema di messaggistica sicuro “a causa della violazione dei requisiti della legislazione russa”.

Roskomnadzor, ha successivamente confermato che il Messenger è stato effettivamente bloccato in Russia.

“L’accesso al messenger Signal è limitato a causa della violazione dei requisiti della legislazione russa, la cui attuazione è necessaria per impedire l’uso per scopi terroristici ed estremisti“, ha riferito il servizio stampa RKN.

Roskomnadzor non ha specificato quali requisiti legali siano stati violati.

L'articolo Muri Digitali: Signal fuori dalla Federazione Russa proviene da il blog della sicurezza informatica.

E’ una provocazione? Ovviamente.

Anche perché il pagamento del premio è direttamente proporzionale alla “insicurezza” aziendale che viene valutata durante la stipula. Oggi come oggi l’assicurazione cyber deve essere paragonata ad un rischio comune, come un incendio ad un capannone di produzione o ad un incidente sul lavoro.

La Casa Bianca sta sviluppando una nuova polizza assicurativa informatica volta a proteggere da incidenti informatici catastrofici. La nuova politica dovrebbe essere introdotta entro la fine dell’anno. Lo ha affermato il direttore nazionale della Cyber ​​Security Harry Coker alla conferenza Black Hat 2024 .therecord.media/white-house-cy…

L’obiettivo della nuova politica è gestire i rischi, non evitarli. Ciò è necessario per stabilizzare i mercati assicurativi e migliorare il livello di sicurezza informatica nel Paese. Il governo degli Stati Uniti vuole prepararsi in anticipo a possibili incidenti informatici, per non affrettarsi a sviluppare misure di emergenza quando il disastro si è già verificato. Tale preparazione dovrebbe migliorare la resilienza economica e la fiducia del mercato.

Una delle sfide principali rimane la mancanza di dati per la valutazione del rischio. Coker ha osservato che il lavoro è ora concentrato su questo problema.

Sebbene i dettagli della nuova polizza non siano stati ancora resi noti, i rappresentanti dell’ONCD hanno confermato che l’attuale mercato assicurativo non è sufficientemente preparato per incidenti informatici catastrofici. Le agenzie stanno prendendo in considerazione una serie di misure che potrebbero migliorare la sicurezza informatica della nazione e garantire la stabilità del mercato.

Il mercato delle assicurazioni informatiche è da tempo controverso. Gli esperti ritengono che i pagamenti assicurativi possano contribuire ad aumentare il numero di attacchi da estorsione. Alcuni hacker stabiliscono addirittura l’importo del riscatto in base alle polizze assicurative delle vittime.

Inoltre, è in corso un dibattito giuridico sul ruolo dell’assicurazione informatica in caso di attacchi da parte di uno stato-nazione.

L'articolo Ma se la Casa Bianca fa l’Assicurazione Cyber, a che serve un programma di Cybersecurity? proviene da il blog della sicurezza informatica.

A luglio è apparso nel cyberspazio un nuovo gruppo di ransomware, chiamato Mad Liberator, che utilizza il programma Anydesk e tecniche di ingegneria sociale per infiltrarsi nei sistemi aziendali, rubare dati e chiedere riscatti.

Gli esperti di Sophos hanno rivelato i metodi di attacco del gruppo utilizzando l’esempio di un incidente in fase di studio.

A differenza della maggior parte dei ransomware, Mad Liberator non crittografa i file, ma si concentra piuttosto sul furto di informazioni e sulle minacce di fuga di dati. Mad Liberator gestisce anche un sito web dove pubblica i dati rubati se il riscatto non è stato pagato.

Per penetrare nei sistemi, Mad Liberator utilizza Anydesk, che viene spesso utilizzato dalle aziende per gestire da remoto i computer. Le vittime, ignare del pericolo, accettano richieste di connessione, credendo che la richiesta provenga dal reparto IT dell’organizzazione. Dopo aver ottenuto l’accesso al dispositivo, gli aggressori avviano un falso processo di aggiornamento di Windows.

Mentre l’utente guarda il falso aggiornamento, gli hacker ottengono l’accesso allo spazio di archiviazione e ai file di OneDrive sul server aziendale. Utilizzando la funzione FileTransfer di Anydesk, gli aggressori scaricano dati riservati e utilizzano anche lo strumento Advanced IP Scanner per cercare di sondare altri dispositivi sulla rete. In questo caso il ransomware non ha trovato alcun sistema prezioso e si è limitato solo al computer principale. Una volta completato il furto, gli hacker lasciano una richiesta di riscatto sul dispositivo.

L’attacco è durato quasi 4 ore, al termine delle quali gli aggressori hanno completato il falso aggiornamento e disabilitato la sessione di Anydesk, restituendo il controllo del dispositivo alla vittima.

È interessante notare che il malware è stato lanciato manualmente, senza riavvio automatico. Ciò significa che il malware è rimasto inattivo sul sistema della vittima anche dopo la conclusione dell’attacco.

L'articolo Mad Liberator: La vulnerabilità sei solo tu! Anydesk e aggiornamento Windows per per un hack di successo proviene da il blog della sicurezza informatica.

A feature of many modern network-connected entertainment devices is that they will play streamed music while on standby mode. This so-called “network standby”is very useful if you fancy some gentle music but don’t want the Christmas lights or the TV. It was a feature [Caramelfur] missed on their Sony AV receiver, something especially annoying because it’s present on the US-market equivalent of their European model. Some gentle hackery ensued, and now the rece3iver follows its American cousin.

A first examination of the firmware found the two downloads to be identical, so whatever differences had to be in some form of configuration. Investigating what it exposed to the network led to a web server with device configuration parameters. Some probing behind the scenes and a bit of lucky guesswork identified the endpoint to turn on network standby, and there it was, the same as the US market model. Should you need it, the tooling is in a GitHub repository.

This isn’t the first time we’ve seen identical hardware being shipped with different firmwares in Europe from that in the USA, perhaps our most egregious example was a Motorola phone with a much earlier Android version for Europeans. We don’t understand why manufacturers do it, in particular with such an innocuous feature as network standby. If you have a Sony receiver you can now fix it, but you shouldn’t have to.

RJ45, Devcore, CC0.

Recently Canada’s Canadarm2 caught its 50th spacecraft in the form of a Northrop Grumman Cygnus cargo vessel since 2009. Although perhaps not the most prominent part of the International Space Station (ISS), the Canadarm2 performs a range of very essential functions on the outside of the ISS, such as moving equipment around and supporting astronauts during EVAs.
Power and Data Grapple Fixture on the ISS (Credit: NASA)
Officially called the Space Station Remote Manipulator System (SSRMS), it is part of the three-part Mobile Servicing System (MSS) that allows for the Canadarm2 and the Dextre unit to scoot around the non-Russian part of the ISS, attach to Power Data Grapple Fixtures (PDGFs) on the ISS and manipulate anything that has a compatible Grapple Fixture on it.

Originally the MSS was not designed to catch spacecraft when it was installed in 2001 by Space Shuttle Endeavour during STS-100, but with the US moving away from the Space Shuttle to a range of unmanned supply craft which aren’t all capable of autonomous docking, this became a necessity, with the Japanese HTV (with grapple fixture) becoming the first craft to be caught this way in 2009. Since the Canadarm2 was originally designed to manipulate ISS modules this wasn’t such a major shift, and the MSS is soon planned to also started building new space stations when the first Axiom Orbital Segment is launched by 2026. This would become the Axiom Station.

With the Axiom Station planned to have its own Canadarm-like system, this will likely mean that Canadarm2 and the rest of the MSS will be decommissioned with the rest of the ISS by 2031.

Top image: Canadarm2 captures Cygnus OA-5 S.S. Alan Poindexter in late 2016 (Credit: NASA)

[Mellow_Labs] wanted an Everything Presence Lite kite but found it was always out of stock. Therefore, he decided to create his own. The kit uses a millimeter wave sensor as a super-sensitive motion tracker for up to three people. It can even read your heart rate remotely. You can see a video of the project below.

There are a few differences from the original kit. Both use the C4001 24 GHz human presence detection sensor. However, the homebrew version also includes a BME680 environmental sensor.

If you haven’t seen a millimeter wave sensor—often written mmwave—before, it is essentially a tiny radar that can measure movement, acceleration, and angles very accurately. They are available at different microwave wavelengths and have onboard processing to easily provide useful information for a processor like the one in this project. The processor on board is an ESP32, which works well with [Mellow_Labs’] home automation system.

A 3D-printed case rounds everything out. Circuit-wise, there isn’t much going on since everything is on a module PCB. You essentially just have to connect everything together.

These sensors can do a lot of things. For example, inspecting pipelines. Another common way to detect people is to use a specialized camera.

youtube.com/embed/P8RO9gjs_h4?…

We’ve all got our favorite hand tools, and while the selection criteria are usually pretty subjective, it usually boils down to a combination of looks and feel. In our opinion, the king of both these categories when it comes to screwdrivers is those clear, hard acetate plastic handles, which are a joy to use — at least until the plastic starts to degrade and exude a characteristically funky aroma.

But perhaps we can change that if these experiments on screwdriver “mange” hold up. That’s [357magdad]’s unappealing but accurate description of the chemical changes that eventually occur in the strong, hard, crystal-clear handles of your favorite screwdrivers. The polymer used for these handles is cellulose acetate butyrate, or CAB, which is mostly the same cellulose acetate that replaced the more explode-y cellulose nitrate in things like pool balls and movie film, except with some of the acetate groups replaced with a little butyric acid. The polymer is fine at first, but add a little UV light and over time the outer layer of CAB decomposes into a white flaky cellulose residue while the butyric acid volatilizes, creating the characteristic odor of vomitus. Lovely.

In the video below, [357magdad] takes a look at different concoctions that all allegedly cure the mange. TL, DW; it was a dunk in household ammonia that performed the best, well ahead of other common agents like vinegar and bleach. The ammonia — or more precisely, ammonium hydroxide — works very quickly on the cellulose residue, dissolving it readily and leaving the handle mange-free and looking nearly new after some light scrubbing. None of the other agents came close, although acetone did manage to clear up the mange a bit, at the cost of softening the underlying CAB in a process that’s probably similar to acetone smoothing ABS prints.

As for the funky smell, well, the results were less encouraging. Nothing really got rid of the pukey smell, even a roll in baking soda. We suspect there won’t be much for that, since humans can detect it down to 10 parts per million. Consider it the price to pay for a nice-looking screwdriver that feels so good in your hand.

youtube.com/embed/n_Q4zsE_bFA?…

If you’re thinking about building a single tiny game or even a platform, you might be tempted to use a single button for everything. Such is the case with [Alex]’s Salsa ONE minimalist game console, which is inspired by both the Arduboy and the ergonomics of the SanDisk Sansa music player.

With Salsa ONE, [Alex] aimed to make something that is both simple and challenging. The result is something that, awesomely enough, doesn’t need a PCB, and can be comfortably controlled with just one thumb. There isn’t much to this thing, which is essentially an RP2040, an OLED, a vibration motor, a buzzer, a button, and a CR2032 coin cell. [Alex] chose to program Salsa ONE in MicroPython. Be sure to check it out in action in the brief demo after the break.

Have you got an idea for a tiny game? Don’t hesitate to enter the 2024 Tiny Games Contest! You have until September 10th, so head on over to Hackaday.io and get started today.

youtube.com/embed/o96_ZfCg81I?…

You may have heard about a very large data breach, exposing the Social Security numbers of three billion individuals. Now hang on. Social Security numbers are a particularly American data point, and last time we checked there were quite a few Americans shy of even a half of a billion’s worth. As [Troy Hunt] points out, there are several things about this story that seem just a bit odd.

First up, the claim is that this is data grabbed from National Public Data, and there’s even a vague notice on their website about it. NPD is a legitimate business, grabbing data on as many people as possible, and providing services like background checks and credit checks. It’s not impossible that this company has records on virtually every citizen of the US, UK, and Canada. And while that’s far less than 2.9 billion people, it could feasibly add up to 2.9 billion records as was originally claimed.

The story gets strange as we consider the bits of data that have been released publicly, like a pair of files shared with [Troy] that have names, birthdays, addresses, phone numbers, and social security numbers. Those had a total of 2.69 billion records, with an average of 3 records for each ID number. That math is still just a little weird, since the US has to date only generated 450 million SSNs and change.

So far all we have are partial datasets, and claims on the Internet. The story is that there’s a grand total of 4 TB of data once uncompressed. The rest of the details are unclear, and it’s likely to take some time for the rest of the story to come out.

Windows IPv6 RCE

Microsoft has patched a Remote Code Execution (RCE) in Windows 10, 11, and server systems. By all accounts, it’s a nasty one, but there’s a redeeming wrinkle to the story, that may also be bad news. It’s an IPv6 vulnerability. The actual details are scarce, for obvious reasons. By next week, I anticipate someone will have reverse engineered the patch enough to have some details on the flaw.

What we do know is that Microsoft scores this a 9.8 out of 10 for severity, and considers it a low complexity attack that is likely to be used in the wild. Trend Micro considers it a wormable flaw. The built-in Windows firewall doesn’t block it, because the vulnerability triggers before processing by the firewall. This leads to a theory that it’s another problem related to defragmenting incoming IPv6 packets, or a similar process.

The good news is that it requires actual IPv6 connectivity, which at least in my corner of the world is a rather rare thing. It’s hard to know definitively without more details, but it’s at least likely that a proper stateful firewall would block these unsolicited IPv6 packets from the wider Internet. There’s still a lot of room for trouble inside the network — where you probably have working IPv6 connectivity even without routable IPv6 from your ISP. In conclusion, get this one patched ASAP.

Considering its harm, I will not disclose more details in the short term.

— wei (@XiaoWei___) August 14, 2024

Don’t Roll Your Own Crypto!

There’s a rallying cry, aimed at anyone responsible for build secure systems: “Don’t roll your own crypto!” But why? Surely a secret algorithm that only you understand is more secure, right? No. Particularly not when tools like Ghidra that put firmware reverse engineering within grasp of every security researcher. Case in point, the Vstarcam CB73 security camera that [Brown Fine Security] took a look at.

The first clue that somethign was wrong was that packets were being repeated, byte-for-byte identically. As [Brown] points out, a good cryptography scheme has some sort of protection against replay attacks. This one had none at all. Another issue with this homebrew crypto scheme is that it only has 256 possible internal states, and once you know the trick the whole thing is trivially decryptable, no key required. This is why you don’t roll your own crypto.

Old School CSS Trick

This write-up from Adepts of 0xCC is a trip down memory lane, to a time when browsers let websites get away with way more, like detecting whether links had been visited by detecting the style that the browser used to display them. Browsers eventually locked down those sorts of tricks, but what’s old is new again, with just a bit of cleverness. In this case, generate a captcha, and set the page’s CSS to make the visited links blend in with the background. The user completes the captcha, and based on which characters were typed, you have some basic history information. Clever!

Ring -2

The classic x86 architecture has a four ring system, where userspace applications run in Ring 3 and the kernel runs in Ring 0. But the sneaky truth is that our X86 processors are actually emulating the x86 instruction set, Rings 1 and 2 are never used, and there’s a CPU management engine running all the way down at Ring -3. This suggests to the security minded, that it would be particularly bad for something malicious to run at one of those hidden ring levels. And that’s exactly what [jjensn] managed to pull off.

In this case it’s in the motherboard firmware, in the System Management Engine. A bit of vulnerable code in a couple places allows writing data into protected SMRAM memory, into Ring -2. A bit of clever work corrupts the SMRAM just enough to jump into shellcode without crashing the machine. And suddenly an attacker can own a machine on a level two layers below the OS.

Bits and Bytes

Careful with your artifacts. Apparently quite a few Github CI scripts take the easy wqy out, and just zip up the entire work directory as an artifact. That’s not great, as generally artifacts are accessible to anyone with a GitHub account, and the .git folder very likely has a Github token in it.

Speaking of GitHub, another Chrome type confusion vulnerability was written up there in detail. As objects in JavaScript are manipulated, the engine is continually updating the underlying data structures. Cloning objects can be particularly tricky, and changing the properties of an object after a shallow copy can result in memory corruption. Memory corruption, fake objects, and finally code execution outside the JavaScript sandbox.

In Windows, the mark of the Web is rather important for security, warning users when they’re about to access or execute something from the Internet. It’s also been broken in many interesting ways over the years. Most recently, Web-based Distruted Authoring and Versioning (WEBDAV) shares are used, as they can be accessed by either the browser, or the Windows File Explorer. The most recent fix here adds Mark of the Web to files copied from WEBDAV shares using Explorer. Sneaky.

The summer doldrums are here, but that doesn’t mean that Elliot and Dan couldn’t sift through the week’s hack and find the real gems. It was an audio-rich week, with a nifty microsynth, music bounced off the moon, and everything you always wanted to know about Raspberry Pi audio but were afraid to ask. We looked into the mysteries of waveguides and found a math-free way to understand how they work, and looked at the way Mecanum wheels work in the most soothing way possible. We also each locked in on more classic hacks, Elliot with a look at a buffer overflow in Tony Hawks Pro Skater and Dan with fault injection user a low-(ish) cost laser setup. From Proxxon upgrades to an RC submarine to Arya’s portable router build, we’ve got plenty of material for your late summer listening pleasure.

html5-player.libsyn.com/embed/…
Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

• iTunes
• Spotify
• Stitcher
• RSS
• YouTube
• Check out our Libsyn landing page

Worried about attracting the Black Helicopters? Download the DRM-free MP3 and listen offline, just in case.

Episode 284 Show Notes:

News:

• Possible Discovery Of Liquid Water In Mars’ Mid-Crust By The Insight Lander
• Superdeep Borehole Samples Create Non-boring Music

What’s that Sound?

• Last week’s sound was the startup chime from an SGI Indigo. But nobody guessed it right!
• Computer and Console Boot Sounds Compilation : Various : Free Download, Borrow, and Streaming : Internet Archive
• Boot chime for an SGI O2 — Dan used to use an O2, but wouldn’t have gotten it either.

Interesting Hacks of the Week:

• Kickflips And Buffer Slips: An Exploit In Tony Hawk’s Pro Skater
• Building AI Models To Diagnose HVAC Issues
• Inside The Mecanum Wheel
• Laser Fault Injection On The Cheap
  
  • Low-Cost Nanopositioning Hack Chat

  
  

• Tulip Is A Micropython Synth Workstation, In An ESP32
  
  • GitHub – shorepine/amy: AMY – the Additive Music synthesizer librarY
  • Generative Music Created In Minimalistic Javascript Code
  • Sonic Pi – The Live Coding Music Synth for Everyone

  
  

• The Waveguide Explanation You Wish You’d Had At School
  
  • Coax Stub Filters Demystified

  
  

Quick Hacks:

• Elliot’s Picks
  
  • Cheap DIY Button Pad Uses Neat Punchcard Trick
  • RC Submarine Build Starts With Plenty Of Research
  • Moonbounce Music

  
  

• Dan’s Picks:
  
  • Proxxon CNC Conversion Makes A Small Mill A Bit Bigger
  • Magnesium And Copper Makes An Emergency Flashlight
  • A Tiny Knob Keeps You In Control
    
    • For the curious

    
    

  
  

Can’t-Miss Articles:

• Audio On Pi: Here Are Your Options
• Portable Router Build: Picking Your CPU
  
  • Fail Of The Week: This Flash Drive Will NOT Self-Destruct In Five Seconds

  
  

Everyone likes a good lunar landing simulator, and [Dominic Doty] wrote a fun take on the idea: your goal is to write an autopilot controller to manage the landing. Try it out!
Virtual landers are far cheaper than real ones, thank goodness.
[Dominic] was inspired in part by this simple rocket landing game which is very much an exercise in reflex and intuition, not to mention being much faster-paced than the classic 1979 video game (which you can also play in your browser here.)

[Dominic]’s version has a similar classic look to the original, but embraces a more thoughtful approach. In it, one uses plain JavaScript to try to minimize the lander’s angle, velocity, and angular velocity in order to land safely on the generated terrain.

Want to see if you have the right stuff? Here’s a direct link to Lunar Pilot. Don’t get discouraged if you don’t succeed right away, though. Moon landings have had plenty of failures, and are actually very hard.

Some old computer languages are destined to never die. They do, however, evolve. For example, Fortran, among the oldest of computer languages, still has adherents, not to mention a ton of legacy code to maintain. But it doesn’t force you to pretend you are using punched cards anymore. In the 1970s, if you wanted to crunch numbers, Fortran was a good choice. But there was another very peculiar language: APL. Turns out, APL is alive and well and has a thriving community that still uses it.

APL has a lot going for it if you are crunching serious numbers. The main data type is a multidimensional array. In fact, you could argue that a lot of “modern” ideas like a REPL, list types, and even functional programming entered the mainstream through APL. But it did have one strange thing that made it difficult to use and learn.

[Kenneth E. Iverson] was at Harvard in 1957 and started working out a mathematical notation for dealing with arrays. By 1960, he’d moved to IBM and a few years later wrote a book entitled “A Programming Language.” That’s where the name comes from — it is actually an acronym for the book’s title. Being a mathematician, [Iverson] used symbols instead of words. For example, to create an array with the numbers 1 to 5 in it and then print it, you’d write:
⎕←⍳5
Since modern APL has a REPL (read-eval-print loop), you could remove the box and the arrow today.

What Key Was That?

Wait. Where are all those keys on your keyboard? Ah, you’ve discovered the one strange thing. In 1963, CRTs were not very common. While punched cards were king, IBM also had a number of Selectric terminals. These were essentially computer-controlled typewriters that had type balls instead of bars that were easy to replace.

With the right type ball, you could have 26 upper-case letters, 10 digits, a few control characters, and then a large number of “weird” characters. But it is actually worse than that. The available symbols were still not numerous enough for APL’s appetite. So some symbols required you to type part of the symbol, press backspace, then type more of the symbols, sometimes repeating the process several times. On a printing terminal, that works fine. For the CRTs that would soon take over, this was tough to do.

For example, a comment (like a REM in Basic or a // in C++) is represented by a thumbnail (⍝). In other words, this would be an APL comment:
⍝ This is a comment
To make that character, you’d type the “arch” part, backspace, then the “dot” part. Not very speedy. Not very practical on old CRT terminals, either.

The characters aren’t the only strange thing. For example, APL evaluates math right to left.

That is, 3×2+5 is 21 because the 2+5 happens first. You just have to get used to that.

A Solution

Of course, modern screens can handle this easily and most people use an APL keyboard mapping that looks like your normal keyboard, but inserts special symbols when you use the right Alt key (with or without the shift modifier). This allows the keyboard to directly enter every possible symbol.

Of course, your keyboard’s keycaps probably don’t have those symbols etched in, so you’ll probably want a cheat sheet. You can buy APL keycaps or even entire keyboards if you really get into it.

What’s GNU With You?

While there have been many versions of APL over the years, GNU APL is certainly the easiest to setup, at least for Linux. According to the website, the project has more than 100,000 lines of C++ code! It also has many modern things like XML parsers.
A US APL keyboard layout
The real trick is making your keyboard work with the stranger characters. If you are just playing around, you can consider doing nothing. You can see the keyboard layout by issuing the ]KEYBD command at the APL prompt. That will give you something like the adjacent keyboard layout image.

From that image, you can copy and paste odd characters. That’s a pain, though. I had good luck with this command line:
setxkbmap -layout us,apl -variant ,dyalog -option grp:switch
With this setup, I can use the right alt key to get most APL characters. I never figured out how to get the shifted alternate characters, though. If you want to try harder, or if you use a different environment than I do, you might read the APL Wiki.

An Example

Rather than do a full tutorial, here’s my usual binary search high low game. The computer asks you to think of a number, and then it guesses it. Not the best use of APL’s advanced math capabilities, but it will give you an idea of what it can do.

Here’s a survival guide. The upside-down triangle is the start or end of a function. You already know the thumbnail is a comment. A left-pointing arrow is an assignment statement. A right-pointing arrow is a goto (this was created in the 1960s; modern APL has better control structures, but they can vary between implementations). Square boxes are for I/O, and the diamond separates multiple statements on a single line.

∇ BinarySearchGame
⍝ Initialize variables
lower ← 1
upper ← 1024
turns ← 0
cheating ← 0

⍝ Start the game
'Think of a number between 1 and 1024.' ⋄ ⎕ ← ''

Loop:
turns ← turns + 1
guess ← ⌊(lower + upper) ÷ 2 ⍝ Make a guess using binary search

⍞ ← 'Is your number ', ⍕ guess, '? (h for high, l for low, c for correct): '
response ← ⍞

→ (response = 'c')/Finish ⍝ Jump to Finish if correct
→ (response = 'h')/TooHigh ⍝ Jump to TooHigh if too high
→ (response = 'l')/TooLow ⍝ Jump to TooLow if too low
→ InvalidInput ⍝ Invalid input

TooHigh:
upper ← guess - 1
→ (lower > upper)/CheatingDetected ⍝ Detect cheating
→ Loop

TooLow:
lower ← guess + 1
→ (lower > upper)/CheatingDetected ⍝ Detect cheating
→ Loop

InvalidInput:
⍞ ← 'Invalid input. Please enter "h", "l", or "c".' ⋄ ⎕ ← ''
turns ← turns - 1 ⍝ Invalid input doesn't count as a turn
→ Loop

CheatingDetected:
⍞ ← 'Hmm... Something doesn''t add up. Did you make a mistake?' ⋄ ⎕ ← ''
cheating ← 1
→ Finish

Finish:
→ (cheating = 0)/Continue ⍝ If no cheating, continue
→ EndGame

Continue:
⍞ ← 'Great! The number is ', ⍕ guess, '. It took ', ⍕ turns, ' turns to guess it.' ⋄ ⎕ ← ''

EndGame:
⍞ ← 'Would you like to play again? (y/n): '
restart ← ⍞
→ (restart = 'y')/Restart ⍝ Restart the game if 'y'
→ Exit ⍝ Exit the game otherwise

Restart:
BinarySearchGame ⍝ Restart the game

Exit:
⍞ ← 'Thank you for playing!' ⋄ ⎕ ← '' ⍝ Exit message
∇

What’s Next?

If you want to get an idea of how APL’s special handling of data make some programs easier, the APL Wiki has a good page for that. If you don’t want to install anything, you can run APL in your browser (although it is the Dyalog version, a very common choice for modern APL).

If you don’t want to read the documentation, check out [phoebe’s] video below. We always wanted the IBM computer that had the big switch to go from Basic to APL.

youtube.com/embed/UltnvW83_CQ?…

APL Keyboard image via Reddit

Come spesso riportiamo, il cybercrime non si ferma mai, soprattutto quando le difese delle aziende sono al minimo come il periodo delle ferie estive.

Ieri, in pieno ferragosto, la cyber gang Ciphbit rivendica un attacco informatico che ha coinvolto la FD-SRL, un’azienda dinamica e innovativa specializzata in soluzioni avanzate per diversi settori industriali.

L’attacco è stato rivendicato all’interno del Data Leak Site (DLS) di Ciphbit, che ha dichiarato di aver compromesso i sistemi della FD-SRL, minacciando di pubblicare i dati sottratti entro 3-4 giorni.

Al momento, non possiamo confermare la veridicità della notizia, poiché l’organizzazione non ha ancora rilasciato alcun comunicato stampa ufficiale sul proprio sito web riguardo l’incidente. Pertanto, questo articolo deve essere considerato come ‘fonte di intelligence‘.

Chi è FD-SRL?

FD-SRL è un’azienda italiana specializzata in opere pubbliche, con particolare attenzione alla costruzione di strade e ferrovie.

Grazie all’impiego di tecnologie avanzate e di una forza lavoro qualificata, l’azienda è in grado di offrire soluzioni efficienti, affidabili e sostenibili ai propri clienti, guadagnandosi così una reputazione di partner fidato nel suo settore.

Conclusione

L’attacco rappresenta una seria minaccia per FD-SRL, che ora si trova di fronte alla possibilità di vedere esposti dati sensibili relativi ai propri progetti e clienti. L’attacco è stato annunciato dalla piattaforma web Ransomfeed.

Come nostra consuetudine, lasciamo sempre spazio ad una dichiarazione da parte dell’azienda qualora voglia darci degli aggiornamenti sulla vicenda. Saremo lieti di pubblicare tali informazioni con uno specifico articolo dando risalto alla questione.

RHC monitorerà l’evoluzione della vicenda in modo da pubblicare ulteriori news sul blog, qualora ci fossero novità sostanziali. Qualora ci siano persone informate sui fatti che volessero fornire informazioni in modo anonimo possono utilizzare la mail crittografata del whistleblower.

L'articolo Ransomware di Ferragosto! Ciphbit rivendica un attacco informatico all’italiana FD-SRL proviene da il blog della sicurezza informatica.

The European Commission sent a request for information to Meta under the Digital Services Act (DSA) on Friday (16 August), seeking details on compliance with data access and election monitoring requirements.

euractiv.com/section/platforms…