Recorded Future: Le Frodi Online Triplicano nel 2024. Magecart e Skimmer in Forte Aumento
Secondo un rapporto Payment Fraud di Recorded Future nel 2024 le frodi finanziarie hanno registrato una notevole evoluzione. Nuove tattiche basate sull’intelligenza artificiale e sull’ingegneria sociale sono diventate strumenti chiave per gli aggressori, portando a un aumento delle violazioni dei dati e a un aumento del numero di attacchi ai servizi digitali. Più di 269 milioni di registrazioni di carte di pagamento e 1,9 milioni di assegni rubati dagli Stati Uniti sono stati pubblicati sul dark web e sull’internet aperto.
Il numero di infezioni da skimmer Magecart è triplicato rispetto al 2023, raggiungendo gli 11.000 domini unici. Il motivo era la vulnerabilità CosmicSting (CVE-2024-34102 , punteggio CVSS: 9,8), nonché l’uso attivo di kit di attacco già pronti, come Sniffer di Fleras. Questi strumenti hanno consentito ai criminali informatici di rubare silenziosamente dati dai negozi online.
Oltre agli attacchi tecnici, gli aggressori hanno utilizzato attivamente siti di e-commerce falsi. Nel corso dell’anno sono stati registrati circa 1.200 domini fraudolenti, la maggior parte dei quali si trovano nel Regno Unito e ad Hong Kong. I siti utilizzavano metodi di ingegneria sociale e account fake per ingannare gli acquirenti e successivamente monetizzare i dati rubati.
I mercati della darknet sono rimasti una piattaforma centrale per la vendita di informazioni rubate e strumenti antifrode. Telegram, nonostante i tentativi di restrizioni, è rimasto rilevante, offrendo agli hacker criminali l’opportunità di distribuire dati, compresi assegni rubati. Gli analisti hanno registrato un aumento significativo dell’attività dei truffatori su Telegram.
Resta rilevante il problema delle frodi sugli assegni negli Stati Uniti: sul dark web e su Telegram sono stati pubblicati più di 1,9 milioni di assegni rubati. La geografia dei crimini copre l’intero Paese, con la maggiore concentrazione di incidenti in alcune zone specifiche.
Gli esperti prevedono un ulteriore aumento degli attacchi tramite skimmer e siti fraudolenti, soprattutto nel contesto dell’introduzione dei portafogli digitali e l’intercettazione dei codici OTP, che diventerà una delle principali vulnerabilità nei sistemi di pagamento. Le piattaforme Darknet rimarranno attive nonostante gli sforzi delle forze dell’ordine e gli aggressori meno sofisticati inizieranno a dominare Telegram.
Per contrastare le minacce, gli esperti suggeriscono diversi passaggi chiave:
- Identificazione ed eliminazione le vulnerabilità dai siti di e-commerce;
- Rafforzamento dei requisiti per la verifica dei nuovi fornitori;
- Aumentare il livello di verifica durante la creazione dei portafogli digitali;
- Utilizzo dei dati analitici di Recorded Future per la protezione predittiva e il blocco delle transazioni sospette;
- Aggiornamento costante delle misure antifrode e utilizzo dei dati interni per configurare i sistemi di protezione.
I progressi nella tecnologia digitale rendono le frodi sempre più sofisticate, quindi le istituzioni finanziarie e i mercati devono implementare strategie di sicurezza proattive e rafforzare la collaborazione tra i team di sicurezza informatica e di prevenzione delle frodi.
L'articolo Recorded Future: Le Frodi Online Triplicano nel 2024. Magecart e Skimmer in Forte Aumento proviene da il blog della sicurezza informatica.
Going Minimal: 64×4, The Fun in Functional Computing
If you’ve ever wondered what makes a computer tick, the Minimal 64×4 by [Slu4] is bound to grab your attention. It’s not a modern powerhouse, but a thoughtfully crafted throwback to the essence of computing. With just 61 logic ICs, VGA output, PS/2 input, and SSD storage, this DIY wonder packs four times the processing power of a Commodore 64.
What sets [Slu4]’s efforts apart is his refusal to follow the beaten track of CPU development. He imposes strict complexity limits on his designs, sticking to an ultra-minimalist Von Neumann architecture. His journey began with the ‘Minimal Ur-CPU’, a logic-chip-based computer that could crunch numbers but little else. Next came the ‘Minimal 64’, featuring VGA graphics and Space Invaders-level performance. The latest ‘Minimal 64×4’ takes it further, adding incredible speed while keeping the design so simple it’s almost ridiculous. It’s computing stripped to its rawest form—no fancy sound, no dazzling graphics, just raw resourcefulness.
For enthusiasts of retro-tech and DIY builds, this project is a treasure trove. From text editors to starfield simulations to Sokoban, [Slu4] proves you don’t need complexity to make magic.
youtube.com/embed/L1oECH6rPvs?…
Mercedes-Benz: Kaspersky svela oltre 12 vulnerabilità nei sistemi di infotainment
Gli specialisti di Kaspersky Lab hanno rivelato i dettagli di oltre una dozzina di vulnerabilità scoperte nel sistema di infotainment Mercedes-Benz MBUX di prima generazione. La casa automobilistica afferma che i problemi sono stati risolti e che non erano facili da gestire.
Gli esperti hanno studiato il funzionamento dell’unità principale Mercedes-Benz denominata Mercedes-Benz User Experience (MBUX) e si sono basati su uno studio precedente condotto dagli specialisti cinesi Tencent Security Keen Lab e pubblicato nel 2021.
La ricerca di Kaspersky Lab si è concentrata su un’analisi dettagliata dei sottosistemi MBUX di prima generazione (in una vera vettura Mercedes B180), a cui non è stata prestata attenzione nello studio KeenLab: diagnostica (CAN, UDS, ecc.), connessioni USB e interfacce specializzate protocolli di comunicazione di processo (IPC).
Alcune delle vulnerabilità scoperte potrebbero essere utilizzate per attacchi DoS, altre per l’estrazione di dati, l’iniezione di comandi e l’escalation dei privilegi.
Sebbene alle vulnerabilità siano stati assegnati identificatori CVE del 2023 e 2024, Mercedes-Benz ha affermato di essere a conoscenza dei risultati di Kaspersky Lab dal 2022. I relativi bollettini sono già stati pubblicati su GitHub e le falle di sicurezza sono state tutte prontamente sanate.
Secondo gli esperti, un utente malintenzionato con accesso fisico all’auto potrebbe sfruttare alcune di queste vulnerabilità per disattivare la protezione antifurto standard nell’unità principale, modificare le impostazioni dell’auto e sbloccare servizi a pagamento.
“Nell’agosto 2022, un gruppo di ricercatori esterni in materia di sicurezza ci ha contattato in merito alla prima generazione di MBUX – Mercedes-Benz User Experience”, hanno detto ai media i rappresentanti di Mercedes-Benz. “I problemi descritti dai ricercatori richiedevano l’accesso fisico al veicolo, nonché l’accesso all’interno del veicolo. Inoltre, l’unità principale deve essere rimossa e aperta. Questi problemi non riguardano le versioni più recenti del sistema di infotainment.”
L'articolo Mercedes-Benz: Kaspersky svela oltre 12 vulnerabilità nei sistemi di infotainment proviene da il blog della sicurezza informatica.
Democratizzazione del Virtuosismo al Piano. NeuroPiano raggiunge l’impossibile
Specialisti di Sony Computer Science Laboratories Inc. Insieme ai colleghi del NeuroPiano Institute di Kyoto, hanno sviluppato un esoscheletro che aiuta i pianisti a superare il limite delle abilità nell’esecuzione di brani musicali veloci. I risultati dello studio, che ha coinvolto più di cento persone, sono stati pubblicati sulla rivista Science Robotics.
L’esperienza dimostra che la maggior parte dei musicisti raggiunge un certo plateau dopo un lungo allenamento. Ciò è particolarmente evidente quando si suonano strumenti che richiedono elevata velocità e precisione dei movimenti delle dita, come la chitarra o il pianoforte.
Gli scienziati giapponesi guidati da Shinichi Furuya hanno deciso di verificare se l’allenamento passivo con l’aiuto di un robot avrebbe aiutato a superare questa barriera. Per fare ciò, hanno invitato 118 pianisti professionisti a prendere parte ad una serie di esperimenti.
L’esoscheletro viene posizionato sul dorso della mano e fissato alle dita con dispositivi di fissaggio speciali, garantendo una vestibilità sicura. Il dispositivo consente di eseguire movimenti complessi con più dita contemporaneamente.
Prima dell’inizio dell’esperimento, tutti i partecipanti hanno imparato a suonare da soli alcuni brani fino a raggiungere la perfezione individuale.
Poi è iniziata la fase dell’allenamento passivo: l’esoscheletro prendeva completamente il controllo delle dita della mano destra dei musicisti e le costringeva a muoversi su e giù in sequenze diverse e a velocità diverse, senza partecipazione umana attiva. Inoltre, i movimenti non erano in alcun modo legati a specifiche tecniche musicali o accordi.
youtube.com/embed/pPqOQ1egLzU?…
Dopo aver completato l’addestramento con il robot, ai volontari è stato chiesto di rimuovere l’esoscheletro e di suonare gli stessi brani che avevano imparato in precedenza. E l’ipotesi è stata confermata: la maggior parte dei soggetti ha superato gli ostacoli prima individuati e ha iniziato a suonare molto più velocemente e con maggiore sicurezza. È particolarmente interessante notare che sono stati osservati miglioramenti in entrambe le mani, sebbene sia stata allenata solo quella destra.
Gli scienziati hanno anche condotto un’analisi approfondita della corteccia motoria del cervello prima e dopo l’allenamento. Si scopre che l’allenamento con l’esoscheletro ha portato a cambiamenti neuroplastici, ovvero si sono formate nuove connessioni neurali responsabili del coordinamento dei movimenti degli arti.
L'articolo Democratizzazione del Virtuosismo al Piano. NeuroPiano raggiunge l’impossibile proviene da il blog della sicurezza informatica.
Making Wire Explode With 4,000 Joules of Energy
In lieu of high-explosives, an exploding wire circuit can make for an interesting substitute. As [Hyperspace Pirate] demonstrates in a recent video, the act of pumping a lot of current very fast through a thin piece of metal can make for a rather violent detonation. The basic idea is that by having the metal wire (or equivalent) being subjected to a sufficiently large amount of power, it will not just burn through, but effectively vaporize, creating a very localized stream of plasma for the current to keep travelling through and create a major shockwave in the process.
This makes the exploding wire method (EWM) an ideal circuit for any application where you need to have a very fast, very precise generating of plasma and an easy to synchronize detonation. EWM was first demonstrated in the 18th century in the Netherlands by [Martin van Marum]. These days it finds use for creating metal nanoparticles, brief momentary light sources and detonators in explosives, including for nuclear (implosion type) weapons.
While it sounds easy enough to just strap a honkin’ big battery of capacitors to a switch and a piece of wire, [Hyperspace Pirate]’s video demonstrates that it’s a bit more involved than that. Switching so much current at high voltages ended up destroying a solid-state (SCR) switch, and factors like resistance and capacitance can turn an exploding wire into merely a heated one that breaks before any plasma or arcing can take place, or waste a lot of potential energy.
As for whether it’s ‘try at home’ safe, note that he had to move to an abandoned industrial site due to the noise levels, and the resulting machine he cobbled together involves a lot of high-voltage wiring. Hearing protection and extreme caution are more than warranted.
youtube.com/embed/agwKNLoU6g8?…
The Nokia Design Archive Is Open For Viewing
During the Cambrian Explosion of cellphone form factors at the turn of the millenium, Nokia reigned supreme. If you’d like to see what they were doing behind the scenes to design these wild phones, you’ll love the Nokia Design Archive from Aalto University.
Featuring images, presentations, videos and a number of other goodies (remember transparencies?), this collection gives us some in-depth insight into how consumer products were dreamed up, designed, and brought to market. Some projects require more reading between the lines than others as the Archive is somewhat fragmented, but we think it could still be an invaluable peek into product design, especially if you’re working on projects that you want to be usable outside of a hacker audience.
The Archive also includes approximately 2000 objects including many unreleased “unknown” models and prototypes of phones that actually did make it into the wild. While we’d love to get our hands on some of these devices IRL, having images with reference colors is probably the next best thing. Having replaced a number of smartphone screens, we hope more hackers take up the buttons and indestructible casing of these elegant devices for a more civilized age.
Thanks to [Michael Fitzmayer] for the tip! Be sure to checkout his work on Nokia N-Gage phones, including an SDK if you too love to taco talk.
Probably Ruining a Keyboard For Science
Lubing your keyboard’s switches is definitely a personal preference, though we’re sure that many would call it absolutely necessary. However, people from both camps would probably not suggest is using WD-40 to do so, instead pointing toward Krytox or at least Super Lube. But there are enough people out there who have tried the great water displacer and claim to have experienced no problems that [Sea_Scheme6784] decided to give it a go (so you don’t have to).
Having now collected enough boards to sacrifice one to the lubrication gods, [Sea_Scheme6784] chose a completely stock Logitech G413 SE with brown switches and heavily sprayed every one. Oh yeah, there was no taking them apart first as most lube enthusiasts would advise. No carefully painting it on in the right places with a small brush. Just mad spraying, y’all.
The effects were noticeable immediately — it changed the feel for the better and made the switches way less scratchy. Also the sound is more poppy, despite drowning in not-lubricant. Interesting! [Sea_Scheme6784] says the stabilizers are still rattling away, so that’s no good. Keep an eye on r/mechanicalkeyboards for updates on these shenanigans. We know we will.
Want to know what else you can do to to switches besides lube? Lots of stuff.
Main and thumbnail images via Kinetic Labs
Interactive LED Matrix Is A Great Way To Learn About Motion Controls
It’s simple enough to wire up an LED matrix and have it display some pre-programmed routines. What can be more fun is when the LEDs are actually interactive in some regard. [Giulio Pons] achieved this with his interactive LED box, which lets you play with the pixels via motion controls.
The build runs of a Wemos D1 mini, which is a devboard based around the ESP8266 microcontroller. [Giulio] hooked this up to a matrix of WS2812B addressable LEDs in two 32×8 panels, creating a total display of 512 RGB LEDs. The LEDs are driven with the aid of an Adafruit graphics library that lets the whole display be addressed via XY coordinates. For interactivity, [Giulio] added a MPU6050 3-axis gyroscope and accelerometer to the build. Meanwhile, power is via 18650 lithium-ion cells, with the classic old 7805 regulator stepping down their output to a safe voltage. Thanks to the motion sensing abilities of the MPU6050, [Giulio] was able to code animations where the LEDs emulate glowing balls rolling around on a plane.
It’s a simple build, but one that taught [Giulio] all kinds of useful skills—from working with microcontrollers to doing the maths for motion controls. There’s a lot you can do with LED matrixes if you put your mind to it, and if you just start experimenting, you’re almost certain to learn something. Video after the break.
youtube.com/embed/ZSptC0_V9_Y?…
Hydroelectric Generator Gets Power From Siphoning
Siphons are one of those physics phenomena that, like gyroscopes, non-Newtonian fluids, and electricity, seem almost magical. Thanks to atmospheric pressure, simply filling a tube with liquid and placing the end of the tube below the liquid level of a container allows it to flow against gravity, over a barrier, and down into another container without any extra energy inputs once the siphon is started. They’re not just tricks, though; siphons have practical applications as well, such as in siphon-powered hydroelectric turbine.
This is an iteration of [Beyond the Print]’s efforts to draw useful energy from a local dam with an uneconomic amount of water pressure and/or volume for a typical hydroelectric power station. One of his earlier attempts involved a water wheel but this siphon-based device uses a more efficient impeller design instead, and it also keeps the generator dry as well. Using 3″ PVC piping to channel the siphon, as well as a short length of thinner pipe to attach a shop vac for priming the siphon, water is drawn from the reservoir, up the pipe, and then down through the impeller which spins a small DC generator.
This design is generating about 9 V open-circuit, and we’d assume there’s enough power available to charge a phone or power a small microcontroller device. However, there’s a ton of room for improvement here. The major problem [Beyond the Print] is currently experiencing is getting air into the system and having the siphon broken, which he’s solved temporarily by adding a bucket at the outflow. This slows down the water though, so perhaps with any air leaks mitigated the power generation capabilities will be greatly increased.
youtube.com/embed/SXsQaYP3Sh8?…
Family Bass Is Musical NES Magic
The Family BASIC keyboard was a peripheral that was built for programming on the Nintendo Family Computer, or Famicom. As [Linus Åkesson] demonstrates, though, it can do so much more. Meet the Family Bass.
The core of the project is a special adapter which [Linus] created to work with the Family BASIC keyboard. Traditionally, the keyboard plugs into the Famicom’s expansion port, but [Linus] wanted to hook it up to the controller port on a Nintendo Entertainment System instead. Getting them to talk was achieved with an ATtiny85 which could cycle through the 72-key matrix in the keyboard and spit out a serial stream of data the controller port could understand.
On the NES end, the console is set up to run custom code from [Linus] that lets him play the internal sound chip’s triangle wave with the keyboard. He demonstrates this ably in a video where he performs a song called Platform Hopping along with some of his other retro computer instruments.
We’ve seen [Linus] build some other great instruments in the past too, which are both creative and nostalgic. Video after the break.
youtube.com/embed/j9D4a6ws6TY?…
youtube.com/embed/Gds1EeQGMaQ?…
Mining and Refining: The Halogens
I was looking at the periodic table of the elements the other day, as one does, when my eye fell upon the right-hand side of the chart. Right next to the noble gases at the extreme edge of the table is a column of elements with similar and interesting properties: the halogens. Almost all of these reactive elements are pretty familiar, especially chlorine, which most of us eat by the gram every day in the form of table salt. As the neighborhoods of the periodic table go, Group 17 is pretty familiar territory.
But for some reason, one member of this group caught my attention: iodine. I realized I had no idea where we get iodine, which led to the realization that apart from chlorine, I really didn’t know where any of the halogens came from. And as usual, that meant I needed to dig in and learn a little bit about the mining and refining of the halogens. At least most of them; as interesting as they may be, we’ll be skipping the naturally occurring but rare and highly radioactive halogen astatine, as well as the synthetic halogen tennessine, which lives just below it in the group.
Fluorine
We’ll start our look at the halogens with fluorine, partly because we’ve already covered the production of hydrofluoric acid, the primary industrial source of elemental fluorine, but also because it’s a bit of an outlier compared to the other halogens, all of which are most commonly sourced from brines. Rather, hydrofluoric acid comes from rocks, specifically fluorspar, which produces HF and calcium sulfate when treated with sulfuric acid.
Hydrofluoric acid is converted into fluorine gas by electrolysis. Unfortunately, HF is a poor electrical conductor, so some potassium bifluoride is added to make the solution conductive enough for electrolysis. No water is used to make the electrolyte; rather, the HF and potassium bifluoride mixture is kept molten at up to 250°C in the electrolysis cell. HF is continuously added as electrolysis proceeds, to keep the electrolyte at the correct ratio. The steel walls of the cell act as the cathode, while a block of graphite is used as the anode. Fluorine gas is captured from the anode, dried and filtered, and compressed for storage.
Most industrial processes requiring fluorine get it from hydrofluoric acid, so only about 2% of all fluorine mined as fluorspar makes it into fluorine gas. The primary use for fluorine gas is the production of uranium hexafluoride, the feedstock for uranium purification for nuclear fuels. Most of the rest of fluorine gas production goes to the manufacture of sulfur hexafluoride for the electrical industry, where it serves as a gaseous dielectric for high-voltage switchgear.
Chlorine
Next up on our tour of the halogens is chlorine, a reactive element with so many industrial uses it’s hard to name them all. Apart from its familiar uses in disinfection and public sanitation, chlorine is used to create polymers like polyvinyl chloride along with a host of organic and inorganic chlorides. Chlorine is also needed to produce the next halogen on our list, bromine, which we’ll cover below.
Like fluorine gas, gaseous chlorine is produced by electrolysis using the chlor-alkali process. The electrolyte for chlorine production, though, is an aqueous brine solution, normally sourced from naturally occurring deposits that form by groundwater seeping into underground salt formations. The concentrated NaCl solution — or sometimes potassium chloride; the method works for both — is pumped to the surface from great depths and filtered to high purity before being piped into the cell house, where long rows of special electrolysis cells are ready to receive it.
Each electrolysis cell is divided into two compartments, one for the anode and one for the cathode. Between them is a thin membrane made from a resin material that is selectively permeable to cations. Fresh brine is pumped into the anode side of the cell, while plain water is pumped into the cathode side. On the anode side, the chlorine gas is liberated from the chloride ions and collected. The positively charged sodium or potassium ions move across the membrane into the cathode side of the cell. There, water is electrolyzed to hydrogen gas, a valuable byproduct that is also collected and, and hydroxide ions, which greedily bind with the sodium or potassium from the other side of the cell. This creates the third useful product of the chlor-alkali process, either sodium hydroxide or potassium hydroxide, which is generically referred to as caustic. The caustic is pumped off, filtered, and further purified before being shipped.
The raw chlorine gas coming off the anode side of the cell has a lot of water vapor mixed in with it. The gas is dried by passing it through a heat exchanger that cools it enough to condense the water vapor. The dried gas is then further cooled and compressed before being liquified for shipping. Alternatively, the dried gas can be piped to other parts of the plant for immediate use in other processes, including the production of bromine.
Bromine
In elemental terms, bromine is a strange beast. It’s the only non-metallic element that exists as a liquid under standard temperature and pressure conditions. That presents both challenges and opportunities for its extraction and purification.
As with most halogens, brine is the source material for bromine production. Sodium chloride is the main salt in most brines, but in places such as the Dead Sea area on the border between Israel and Jordan, the brine has enough bromides to be commercially viable. The Smackover Formation, which stretches in an arc from Texas to Florida in the United States also has bromide-rich brines, particularly in southern Arkansas.
Extraction starts with pumping brine up from deep wells. The brine is naturally hot, which reduces the amount of energy needed to extract the bromine. Filtered brine is pumped to the top of a tall reaction tower through a long vertical section of pipe. At the bottom of the pipe, chlorine gas is injected into the brine. Chlorine, a powerful oxidant, preferentially strips electrons away from bromides in the brine, which converts bromides to bromine (Br2). The brine enters the top of the reactor tower, which has an outlet at the top that’s connected to a venturi. High-pressure steam passes over the venturi, creating a partial vacuum in the tower. The combination of heat and vacuum causes the bromine in the brine to flash-evaporate. The gaseous bromine is sucked out of the venturi into the steam, while the remaining brine falls back down to the bottom of the tower through a matrix of plastic discs. The discs break the droplets up and slow them down, giving any remaining bromine in the brine a chance to evaporate and make its way back up and out of the tower.
youtube.com/embed/kOpC11j1u8w?…
The bromine gas is sent to a condenser to remove water vapor and another, colder condenser to turn it into a liquid. The liquid bromine then goes into a dryer that removes all remaining traces of water, chlorine, and other contaminants. The liquid bromine is then shipped in specialized rail or truck tankers while waste brine is pumped back into the geologic formation it came from. Bromine has many industrial uses, but its most familiar use is probably in flame-retardent compounds. Most of us have probably seen the sickly orange color of old plastics, which is caused by the bromine-based flame retardants breaking down over time. Bromine compounds also figure prominently in the FR4 substrate used to make flame-retardant printed circuit boards.
Iodine
Last up is iodine, the halogen that kicked this whole thing off. Iodine is unique in that it used to be extracted mainly from plants, specifically kelp. The discovery of a type of soil called caliche in the Atacama Desert of Chile changed things in the 19th century. While mainly prized as a rich source of potassium nitrate, some caliche deposits also have iodate minerals, up to 1% by weight. It’s not much, but it’s enough to make extraction commercially viable.
The current process for extracting iodine starts with making an artificial brine. Caliche is blasted free from the ground and piled into huge plastic-lined pits. Water is pumped over the caliche, which leaches the iodates as it works its way down through the pile. The resulting brine is pumped into evaporation ponds, where solids settle out of solution as the brine concentrates in the fierce desert sun.
The concentrated brine is pumped out of the ponds and filtered before being sent to large absorption towers. There, sulfur dioxide gas is injected into the brine, which causes it to release iodine. The elemental iodine immediately combines with the SO2 to form iodide ions. The iodide-rich solution then gets a shot of iodic acid (HIO3), which converts all the iodide ions into solid iodine.
Kerosene is then added to the solution to extract the iodine. This dark purple witch’s brew is then pumped into a reactor where high temperature and pressure are used to melt the solid iodine, dropping it back out of the suspension. The molten iodine is then pumped to a prilling tower, where it drips through a sieve of fine holes. The droplets cool as they drop through the tower, forming small balls of solid iodine, or prills, which are ready for shipping.
13 milioni di clienti Carrefour a Rischio: Il Threat Actors li mette in vendita nel Dark Web
Un nuovo capitolo si aggiunge alla lista degli attacchi informatici contro grandi aziende: il threat actor “LaFouine” ha dichiarato di essere in possesso di un database Carrefour Francia e di averlo messo in vendita su un forum dedicato alle violazioni di dati. Se confermata, questa fuga di informazioni rappresenterebbe un disastro senza precedenti per l’azienda e i suoi clienti.
Questo accade dopo che un altra grande distribuzione è stata colpita da un attacco ransomware da parte di criminali informatici di Lynx che hanno preso di mira la Conad qualche giorno fa.
Al momento, non possiamo confermare la veridicità della notizia, poiché l’organizzazione non ha ancora rilasciato alcun comunicato stampa ufficiale sul proprio sito web riguardo l’incidente. Pertanto, questo articolo deve essere considerato come ‘fonte di intelligence’.
La violazione
Secondo le informazioni fornite dall’attore malevolo, il presunto dataset comprende dati personali e sensibili di oltre 13 milioni di clienti che hanno effettuato ordini sul sito web di Carrefour. Tra i dettagli rubati spiccano:
- Nome e cognome
- Indirizzo, CAP, città e stato
- Numero di telefono e email
- Informazioni sul profilo utente
- Data di nascita
- Preferenze di acquisto
- ID carrello, totale spese, sconti e risparmi accumulati
Si tratterebbe, se confermato, di un vero tesoro per i cybercriminali, che potrebbero sfruttare questi dati per furti di identità, frodi finanziarie e campagne di phishing mirate.
Come potrebbe essere avvenuto l’attacco?
Sebbene i dettagli tecnici del breach non siano stati ancora divulgati, le dinamiche suggeriscono alcune ipotesi sulle TTPs (Tactics, Techniques, Procedures) potenzialmente utilizzate:
- SQL Injection: sfruttando vulnerabilità nei database del sito web.
- Accesso non autorizzato: tramite credenziali rubate o deboli associate ai sistemi di gestione.
- Phishing mirato: colpendo dipendenti o fornitori con email fraudolente e successivamente attraverso movimenti laterali nella rete.
- Esfiltrazione di dati: sfruttando endpoint non adeguatamente protetti.
Nonostante le ipotesi, una domanda cruciale resta: Carrefour ha sottovalutato i rischi di sicurezza?
Raccomandazioni
Per limitare i danni e prevenire futuri incidenti, è necessario adottare azioni decisive.
Per l’Azienda
- Effettuare un’analisi interna per identificare la fonte del breach e collaborare con esperti di cybersecurity per risolvere le vulnerabilità.
- Informare tempestivamente i clienti sull’accaduto, fornendo indicazioni su come proteggere i propri dati.
- Migliorare la sicurezza con standard di crittografia avanzati, controlli di accesso più rigidi e audit regolari per prevenire ulteriori minacce.
Per i clienti coinvolti
- Monitorare regolarmente i propri conti bancari e account online per rilevare eventuali attività sospette.
- Cambiare immediatamente le password associate agli account Carrefour e adottare credenziali uniche e robuste.
- Prestare attenzione a email o messaggi sospetti che richiedano informazioni personali o finanziarie
Conclusione
Questo attacco dimostra ancora una volta come le grandi aziende siano bersagli ambiti per i cybercriminali. Tuttavia, non si tratta solo di una questione aziendale: ogni individuo coinvolto rischia conseguenze reali e tangibili.
La vicenda deve servire da monito per tutte le organizzazioni, grandi e piccole: investire in sicurezza informatica non è solo una scelta strategica, ma una responsabilità imprescindibile in un mondo digitale sempre più vulnerabile.
Come nostra consuetudine, lasciamo sempre spazio ad una dichiarazione da parte dell’azienda qualora voglia darci degli aggiornamenti sulla vicenda. Saremo lieti di pubblicare tali informazioni con uno specifico articolo dando risalto alla questione.
RHC monitorerà l’evoluzione della vicenda in modo da pubblicare ulteriori news sul blog, qualora ci fossero novità sostanziali. Qualora ci siano persone informate sui fatti che volessero fornire informazioni in modo anonimo possono utilizzare la mail crittografata del whistleblower.
L'articolo 13 milioni di clienti Carrefour a Rischio: Il Threat Actors li mette in vendita nel Dark Web proviene da il blog della sicurezza informatica.
Quanto Costa Un Attacco Ransomware? Ai Black Hacker bastano 20.000 Dollari!
I ricercatori di Positive Technologies hanno studiato il mercato della darknet e hanno analizzato i prezzi dei servizi e dei beni informatici illegali, nonché i costi sostenuti dagli aggressori per effettuare attacchi. Per questo studio, gli esperti hanno analizzato 40 fonti in russo e inglese, inclusi i più grandi forum e mercati della darknet, nonché canali Telegram su vari argomenti. In totale sono stati studiati più di 20.000 messaggi che parlavano di malware, vulnerabilità, accesso alle reti aziendali e servizi della criminalità informatica.
I risultati della ricerca nelle underground
A quanto pare, il tipo di malware più costoso è il ransomware, con un costo medio di 7.500 dollari. Di particolare valore sono anche gli exploit 0-day, che spesso vengono venduti per milioni di dollari. Tuttavia, i ricercatori scrivono che il profitto netto di un attacco riuscito può essere in media cinque volte superiore al costo della sua preparazione, anche a prezzi elevati.
Secondo gli esperti, organizzare uno scenario popolare di attacchi di phishing utilizzando ransomware costa ai criminali informatici alle prime armi almeno 20.000 dollari.
Se la preparazione per un attacco inizia da zero, gli hacker criminali affittano server dedicati, acquistano abbonamenti a servizi VPN e altri strumenti per creare un’infrastruttura di controllo sicura e anonima. Tra i costi rientrano anche l’acquisto tramite abbonamento del codice sorgente del malware o del malware già pronto, i programmi per scaricarlo sul sistema della vittima e per camuffarlo dalle misure di sicurezza.
Inoltre, gli hacker criminali possono acquistare l’accesso dagli Initial Access Broker (IaB) scegliendo l’azienda presa di mira e quindi utilizzare servizi per aumentare i privilegi sul sistema compromesso. Va notato che l’elenco dei prodotti e delle opzioni, nonché il malware e le relative istruzioni, possono semplificare il più possibile le attività dei principianti.
Loader, Ransomware, infostealer. Tutto serve per un attacco riuscito
Il malware è uno degli strumenti principali nell’arsenale di un hacker. Pertanto, il 53% degli annunci pubblicitari riguardanti tali programmi sono in vendita.
Nel 19% dei casi sono stati messi in vendita infostealer progettati per rubare dati, nel 17% cryptolocker e strumenti di offuscamento del codice che consentono di nascondersi dalle misure di sicurezza, nel 16% downloader / loader.
Il costo medio di questo tipo di malware è rispettivamente di 400, 70 e 500 dollari. Il malware più costoso è il ransomware, il cui costo medio è di 7.500 dollari (ci sono anche offerte per 320.000 dollari). Questo malware viene distribuito principalmente attraverso un programma di affiliazione (RaaS, Ransomware-as-a-Service), i cui partecipanti ricevono il 70–90% del riscatto della vittima. Per diventare un “affiliato” di solito è necessario versare un contributo di 0,05 Bitcoin (da 5.000 dollari) e avere una buona reputazione sulla darknet.
Un altro strumento di attacco popolare sono gli exploit: il 69% degli annunci su questo argomento sono legati alle vendite, mentre i messaggi relativi alle vulnerabilità zero-day guidano con una quota del 32%. Nel 31% dei casi, il costo degli exploit supera i 20.000 dollari e talvolta può raggiungere diversi milioni.
I prezzi più bassi sono inerenti all’accesso alle reti aziendali delle aziende: il 72% degli annunci in questo segmento sono in vendita e il 62% di essi arriva fino a 1.000 dollari.
0day ed exploit fanno la differenza
Tra i servizi hacker, il più popolare è l’hacking di risorse (49% dei messaggi): ad esempio, i prezzi per compromettere un account di posta elettronica personale partono da 100 dollari e per una casella di posta aziendale da 200 dollari.
“Sulle piattaforme underground, i prezzi si formano principalmente in due modi: o i venditori stessi determinano un prezzo fisso, oppure si tengono aste. Questi ultimi sono rilevanti per prodotti esclusivi, ad esempio per gli exploit zero-day. Guadagnano denaro anche le risorse su cui si svolgono le transazioni, anche con l’aiuto dei propri servizi di garante, che trattengono temporaneamente i fondi dell’acquirente fino a quando non conferma la ricezione del prodotto o del servizio. Su molti siti tali servizi sono forniti da uno degli amministratori o da utenti con una buona reputazione. Per questo ricevono almeno il 4% dell’importo della transazione: le tariffe sono stabilite dai forum stessi“, commenta Dmitry Streltsov, analista del dipartimento di ricerca analitica di Positive Technologies.
L'articolo Quanto Costa Un Attacco Ransomware? Ai Black Hacker bastano 20.000 Dollari! proviene da il blog della sicurezza informatica.
Cyber Walkman Does It In Style
One of the best things about adulthood is that finally we get to, in most cases, afford ourselves the things that our parents couldn’t (or just didn’t for whatever reason). When [Yakroo108] was a child, Walkmans were expensive gadgets that were out of reach of the family purse. But today, we can approximate these magical music machines ourselves with off-the-shelf hardware.
We also like the fact that there are two displays: the smaller one on the SSD1306 OLED handles the less exciting stuff like the volume level and the current time, so that the main UNIHIKER screen can have all the equalizer/cyberpunk fun.
Speaking of, this user-friendly GUI shows play/stop buttons and next buttons, but it looks like there’s no easy way to get to the previous track. To each their own, we suppose. Everything is enclosed in a brick-like 3D-printed enclosure that mimics early Walkmans with orange foam headphones.
If you want an updated Walkman with keyboard switches (who wouldn’t?), check this out.
Gravi Vulnerabilità nei Protocolli VPN: 4 Milioni di Sistemi Vulnerabili a Nuovi Bug di Tunneling!
Una nuova ricerca ha identificato problemi in diversi protocolli di tunneling. Più di 4 milioni di sistemi sono vulnerabili a questi bug, inclusi server e router VPN. Gli esperti hanno avvertito che gli host che accettano pacchetti tunnel senza verificare il mittente potrebbero essere hackerati e utilizzati per effettuare attacchi anonimi e ottenere l’accesso alle reti.
Lo studio è stato pubblicato da Top10VPN ed è stato realizzato in collaborazione con la professoressa e rinomata ricercatrice di sicurezza informatica della KU Leuven Mathy Vanhoef e lo studente laureato Angelos Beitis. Si noti che Vanhof è ampiamente noto per le sue ricerche nel campo della sicurezza Wi-Fi. Così è stato lui a scoprire e descrivere problemi sensazionali come SSID Confusion, Frag AttacksDragonblood e KRACK .
La ricerca e il bug rilevato
Questa volta gli esperti hanno studiato i protocolli di tunnelingche vengono utilizzati per trasferire dati tra reti diverse e consentono di trasferire dati che potrebbero non supportare (ad esempio, lavorando con IPv6 su una rete IPv4). Per fare ciò, incapsulano alcuni pacchetti all’interno di altri.
Sulla base di ricerche precedenti che hanno dimostrato che gli host IPv4 accettano traffico IPIP non autenticato da qualsiasi fonte, Vanhoof e Baitis hanno identificato diversi protocolli di tunneling (inclusi IPIP/IP6IP6, GRE/GRE6, 4in6 e 6in4) che sono vulnerabili agli abusi perché non forniscono l’autenticazione e crittografare il traffico senza applicare la sicurezza adeguata (ad esempio, utilizzando IPsec).
Gli esperti spiegano che i sistemi configurati in modo errato accettano i pacchetti tunnel senza verificare il mittente. Ciò consente agli aggressori di inviare pacchetti appositamente predisposti contenenti l’indirizzo IP della vittima a un host vulnerabile, costringendo l’host a inoltrare un pacchetto interno alla vittima, che apre la porta agli aggressori per lanciare ulteriori attacchi.
“Gli aggressori devono semplicemente inviare un pacchetto incapsulato utilizzando uno dei protocolli interessati con due intestazioni IP. L’intestazione esterna contiene l’indirizzo IP di origine dell’aggressore e la destinazione è l’indirizzo IP dell’host vulnerabile. L’intestazione interna contiene l’indirizzo IP dell’host vulnerabile, non dell’aggressore”, spiegano gli esperti.
Pertanto, dopo aver ricevuto un pacchetto dannoso, l’host vulnerabile rimuove automaticamente l’intestazione esterna e inoltra il pacchetto interno alla sua destinazione. Dato che l’indirizzo IP nel pacchetto interno appartiene a un host vulnerabile ma affidabile, riesce a bypassare i filtri di rete.
Non solo VPN
È stato riferito che gli aggressori possono utilizzare questa tecnica per condurre attacchi anonimi, incluso l’utilizzo di host come proxy unidirezionali, conducendo attacchi DoS e spoofing DNS, nonché per ottenere l’accesso alle reti interne e ai dispositivi IoT.
I ricercatori hanno scansionato Internet e hanno scoperto che 4,26 milioni di host sono vulnerabili a questi problemi, inclusi server VPN, router (che i provider forniscono ai propri abbonati), router backbone, gateway, nodi di rete mobile e CDN. Va notato che più di 1,8 milioni di questi host vulnerabili possono essere utilizzati per lo spoofing.
La maggior parte degli appliance vulnerabili è stata trovata in Cina, Francia, Giappone, Stati Uniti e Brasile.
4 CVE emesse dai ricercatori
“Tutti gli host vulnerabili possono essere compromessi per effettuare attacchi anonimi perché le intestazioni dei pacchetti esterni contenenti il vero indirizzo IP dell’aggressore vengono rimosse. Tuttavia, questi attacchi possono essere facilmente ricondotti a un host compromesso, che può quindi essere protetto, scrivono i ricercatori. Gli host adatti allo spoofing possono utilizzare qualsiasi indirizzo IP come indirizzo di origine nel pacchetto interno, quindi non solo l’aggressore rimane anonimo, ma l’host compromesso diventa molto più difficile da rilevare e proteggere.”
Di conseguenza, alle vulnerabilità identificate sono stati assegnati gli identificatori CVE CVE-2024-7595 (GRE e GRE6), CVE-2025-23018 (IPv4-in-IPv6 e IPv6-in-IPv6), CVE-2025-23019 (IPv6- in-IPv4) e CVE-2024-7596 (UDP generico Incapsulamento).
“Gli aggressori possono sfruttare queste vulnerabilità per creare proxy unidirezionali e falsificare gli indirizzi di origine IPv4/6”, aggiunge il Centro di coordinamento CERT (CERT/CC). “I sistemi vulnerabili potrebbero anche consentire l’accesso alla rete privata di un’organizzazione o essere utilizzati per condurre attacchi DDoS”.
Per protezione, gli esperti consigliano di utilizzare IPSec o WireGuard per fornire autenticazione e crittografia e di accettare pacchetti sottoposti a tunnel solo da fonti attendibili. Si consiglia inoltre di implementare il filtraggio del traffico a livello di rete su router e nodi intermedi, utilizzare DPI e bloccare tutti i pacchetti sottoposti a tunnel non crittografati.
Dettagli tecnici più approfonditi dello studio sono disponibili in un articolo scientifico già pubblicato da Vanhoof e Baitis.
L'articolo Gravi Vulnerabilità nei Protocolli VPN: 4 Milioni di Sistemi Vulnerabili a Nuovi Bug di Tunneling! proviene da il blog della sicurezza informatica.
3D-Printed RC Car Focuses on Performance Fundamentals
There are a huge number of manufacturers building awesome radio-controlled cars these days. However, sometimes you just have to go your own way. That’s what [snamle] did with this awesome 3D-printed RC car—and the results are impressive.
This build didn’t just aim to build something that looked vaguely car-like and whizzed around on the ground. Instead, it was intended to give [snamle] the opporunity to explore the world of vehicle dynamics—learning about weight distribution, suspension geometry, and so many other factors—and how these all feed into the handling of a vehicle. The RC side of things is all pretty straightforward—transmitter, receiver, servos, motors, and a differential were all off-the-shelf. But the chassis design, the steering, and suspension are all bespoke—designed by [snamle] to create a car with good on-road handling and grip.
It’s a small scale testbed, to be sure. Regardless, there’s no better way to learn about how a vehicle works on a real, physical level—you can’t beat building one with your own two hands and figuring out how it works.
It’s true, we see a lot of 3D printed RC cars around these parts. Many are built with an eye to robotics experimentation or simply as a learning exercise. This one stands out for its focus on handling and performance, and of course that nicely-designed suspension system. Video after the break.
youtube.com/embed/yxx4tnBufh8?…
Smallest USB Device… So Far
For better or worse it seems to be human nature to compete with one another, as individuals or teams, rather than experience contentedness while moving to the woods and admiring nature Thoreau-style. On the plus side, competition often results in benefits for all of us, driving down costs for everything from agriculture to medical care to technology. Although perhaps a niche area of competition, the realm of “smallest USB device” seems to have a new champion: this PCB built by [Emma] that’s barely larger than the USB connector pads themselves.
With one side hosting the pads to make contact with a standard USB type-A connector, the other side’s real estate is taken up by a tiny STM32 microcontroller, four phototransistors that can arm or disarm the microcontroller, and a tiny voltage regulator that drops the 5V provided by the USB port to the 3.3V the STM32 needs to operate. This is an impressive amount of computing power for less than three millimeters of vertical space, and can operate as a HID device with a wide variety of possible use cases.
Perhaps the most obvious thing to do with a device like this would be to build a more stealthy version of this handy tool to manage micromanagers, but there are certainly other tasks that a tiny HID can be put to use towards. And, as far as the smallest USB device competition goes, we’d also note that USB-A is not the smallest connector available and, therefore, the competition still has some potential if someone can figure out how to do something similar with an even smaller USB connector.
Thanks to [JohnU] for the tip!
Modulathe Is CNC Ready And Will Machine What You Want
Once upon a time, lathes were big heavy machines driven by massive AC motors, hewn out of cast iron and sheer will. Today, we have machine tools of all shapes and sizes, many of which are compact and tidy DIY creations. [Maxim Kachurovskiy]’s Modulathe fits the latter description nicely.
The concept behind the project was simple—this was to be a modular, digital lathe that was open-source and readily buildable on a DIY level, without sacrificing usability. To that end, Modulathe is kitted out to process metal, wooden, and plastic parts, so you can fabricate in whatever material is most appropriate for your needs.
It features a 125 mm chuck and an MT5 spindle, and relies on 15 mm linear rails, 12 mm ball screws, and NEMA23 stepper motors. Because its modular, much of the rest of the design is up to you. You can set it up with pretty much any practical bed length—just choose the right ball screw and rail to achieve it. It’s also set up to work however you like—you can manually operate it, or use it for CNC machining tasks instead.
If you want a small lathe that’s customizable and CNC-ready, this might be the project you’re looking for. We’ve featured some other similar projects in this space, too. Do your research, and explore! If you come up with new grand machine tools of your own design, don’t hesitate to let us know!
Thanks to [mip] for the tip!
Keebin’ with Kristina: the One with the Hardware-Layered Keyboard
You know (or maybe you didn’t), I get super excited when y’all use the links at the bottom of this round-up we call Keebin’ to communicate with your old pal Kristina about your various labors of love. So just remember that.
Case in point: I was typing up this very issue when I heard from [Jay Crutti] and [Marcel Erz]. Both are out there making replacement keyboards for TRS-80s — [Jay] for Models 3 and 4, and [Marcel] for the Model 1. Oooh, I said to myself. This is going at the top.
I think the TRS-80 is probably the one I miss the most. If I still had it, you can bet I would be using [Jay] and [Marcel]’s work to build my own replacement keyboard, which the 40-year-old machine would likely need at this point if the Model 4 is any indication with its failing keyboard contacts.
To create the replacements, [Jay] used Keyboard Layout Editor (KLE), Plate & Case Builder, and EasyEDA. Using the schematic from the maintenance manual, he matched the row/column wiring of the original matrix with Cherry MX footprints. Be sure to check out [Jay]’s site for a link to the project files, or to purchase parts or an assembled keyboard. On the hunt for TRS-80 parts in general? Look no further than [Marcel]’s site.
Keyboards On the Molekula Level
While some focus aesthetically on keyboards, or on comfort, [zzeneg] is simultaneously rocking both and coming up with new keyboard frameworks. Take the open-source Molekula for example.
The big idea with molekula and future keyboards is to have dumb sides and a smart central module that does the braining and the hosting. Additionally, [zzeneg]’s plan is to keep the central PCBs’ footprint under 100 mm² in order to make it more affordable for experimentation. You can see this in the third photo of the gallery.
There are a couple of cool things going on in addition to the modularity — the switch footprints cover pretty much anything you’d want to use, and [zzeneg] left the hot swap sockets exposed around back. This thing is just cool through and through.
Via reddit
The Centerfold: Alice, 1989 Style
Do you rock a sweet set of peripherals on a screamin’ desk pad? Send me a picture along with your handle and all the gory details, and you could be featured here!
Historical Clackers: the Chicago No. 3
At first glance, the Chicago No. 3 looks a bit like a car that’s missing a bumper. But then you look again and see it sitting on round feet firmly planted behind the frame-less keyboard and think, it might be kind of nice to type on this one. And without that extra iron, it’s probably pretty light and portable, too.
Given all of that, the No. 3 does have an interesting WERTY layout, with the ‘Q’ appearing on the bottom row. So did the model that sold concurrently, the No. 1 (which did have a frame around the keyboard). The base of the No. 3 was slotted, which made it even lighter to carry around.
Additionally, the two models had different ribbon mechanisms. The No. 3 used a 3/8″ ribbon that fed through those vertically-oriented spools, which is something I haven’t seen before. The No. 3 had two additional keys — a Backspace and a Margin Release. Whereas the No. 1 cost $35, the No. 3 went for $50 in early 1900s money (about $1,600 today).
Functionally speaking, the two were quite similar. In addition to both having a WERTY keyboard, they each used a typesleeve — a cylindrical component that can be swapped out, much like the IBM Selectric’s golf ball type element — and a hammer to print. Interestingly enough, in order to use either model, the typist had to turn the safety off by pulling a “hammer extension arm” on the left side before typing. Hopefully, nothing terrible happened if you forgot to do this.
And What Do We Think of Hardware Layers?
Wow. This might actually be a good use of image recognition; I am undecided. It certainly looks cool at first blush, anyway. And I hope it makes a little zhoop! sound in the process of working.
Okay, so, imagine you’re sitting there at your split keyboard and need to mouse or enter some digits real fast. With this number, all you have to do is stretch out your fingers for a second and whoosh — the QWERTY retracts, and in its place comes a 10-key on the left and a mouse on the right.
That’s the power of AutoKeybo. Here, watch the demo video. It’s only nine seconds long.
youtube.com/embed/GXim-IJ4EXc?…
So, let’s start with the obvious. This is supposed to be an ergonomic keyboard, given that you don’t have to move your hand over to mouse. But you do have to rest your arms on a big plastic box that’s two keyboards tall, and that probably isn’t good for you. But it is split, and the sides are angled toward one another, so there’s that.
The cool part is that the trays move independently, so you just stretch out whichever hand is hiding what you need to use real quick. It would be nice to access the mouse without losing the left half of the keyboard. Don’t ask me why, it just would. Just so you wouldn’t have to move both hands.
Okay, so how does it work already? Basically, there’s a built-in camera that detects the splaying of your fingers to trigger the switch. It has a Raspberry Pi 5 doing all of the crunching, which of course you could use as a standalone computer. Here’s a report from someone else who tried it out at CES.
Got a hot tip that has like, anything to do with keyboards? Help me out by sending in a link or two. Don’t want all the Hackaday scribes to see it? Feel free to email me directly.
DIY Strontium Aluminate Glows in the Dark
[Maurycyz] points out right up front: several of the reagents used are very corrosive and can produce toxic gasses. We weren’t sure if they were trying to dissuade us not to replicate it or encourage us to do so. The project in question is making strontium aluminate which, by the way, glows in the dark.
The material grows strongly for hours and, despite the dangers of making it, it doesn’t require anything very exotic. As [Maurycyz] points out, oxygen and aluminum are everywhere. Strontium sounds uncommon, but apparently, it is used in ceramics.
For the chemists among us, there’s an explanation of how to make it by decomposing soluble nitrate salts. For the rest of us, the steps are to make aluminum hydroxide using potassium alum, a food preservative, and sodium hydroxide. Then, it is mixed with nitric acid, strontium carbonate, europium, and dysprosium. Those last elements determine the color of the glow.
A drying step removes the acid, followed by dissolving with urea and water. The heat of the reaction wasn’t enough to form the final product, but it took time with an oxy-propane torch to form blobs of strontium aluminate. The product may not have been pure, because it didn’t glow for hours like commercial preparations. But it did manage to glow for a few minutes after light exposure.
We try to limit our chemistry to less toxic substances, although ferric chloride can make a mess. You could probably track down the impurities with a gas chromatograph. What we really want is a glow-in-the-dark car antenna.
OverFlame Vs Anonymous Italia. Nell’Obiettovo il sito Dell’AISE, Colpito Con Poco Successo
Come riportato di recente, il collettivo italiano di hacker Anonymous Italia ha sferrato un attacco mirato come ritorsione contro le recenti operazioni condotte dal gruppo NoName057(16). L’azione, denominata “dis-CARICA dei 101”, è parte dell’iniziativa più ampia #OpRussia e ha portato al defacing di 101 siti web russi legati ai sistemi di biglietteria online per i trasporti pubblici nella Federazione Russa.
Questa risposta coordinata da Anonymous Italia rappresenta un chiaro messaggio di opposizione agli attacchi informatici condotti da NoName057(16), consolidando il loro impegno all’interno della campagna contro obiettivi strategici russi.
In un’ulteriore escalation, questa mattina il gruppo OverFlame, come contromossa agli attacchi di Anonymous Italia, ha rivendicato un’azione a loro volta, pubblicando il seguente messaggio sul proprio canale Telegram:
Buongiorno, Russia 🇷🇺
Stiamo lanciando una contro-operazione sull'Italia “Defuse 102” in risposta agli attacchi degli hacktivisti italiani. Il primo obiettivo è stato il servizio di sicurezza statale italiano, l'obiettivo è gravemente danneggiato 🔥
Rapporto:
❌check-host.net/check-report/22…
Gloria alla Russia 🇷🇺
Per Kursk ❤️
Per il Donbass ❤️
Per Belgorod ❤️
#OP404
OverFlame|Riserva OverFlame|FORUM|contattaci -> @OverFlame_contact_bot 
L’impatto dell’attacco
Dal link pubblicato all’interno del canale telegram di OverFlame, il sito in questione che avrebbero preso di mira è una pagina dell’Aise e nello specifico sicurezzanazionale.gov.it/web.…. Inoltre tale pagina sembrerebbe non essere la pagina dell’AISE (ed infatti risponde con 404 all’interno del body).
L’AISE è l’acronimo di Agenzia Informazioni e Sicurezza Esterna, il servizio di intelligence italiano responsabile per la sicurezza nazionale nell’ambito delle attività all’estero. L’AISE è una delle due principali agenzie di intelligence in Italia, insieme all’AISI (Agenzia Informazioni e Sicurezza Interna), e fa parte del Sistema di Informazione per la Sicurezza della Repubblica (SISR).
Il sito è sempre risultato perfettamente funzionante pertanto è probabile che solo alcune connessioni siano andate offline, come riporta il ChackHosts pubblicato dal gruppo di hacktivisti filorussi.
OverFlame annuncia una Partner con NoName057(16)
Il gruppo OverFlame, attivo dal gennaio 2025, ha ufficializzato il 16 gennaio una partnership operativa con il collettivo NoName057(16), consolidando una collaborazione mirata a rafforzare le loro azioni congiunte.
Fino a oggi, OverFlame non aveva mai preso di mira obiettivi italiani, rendendo l’attacco attuale un’escalation significativa nelle sue operazioni. Tuttavia, il gruppo si è già distinto per una serie di campagne mirate contro siti web in Lituania, caratterizzati dal dominio nazionale .lt, confermando un focus strategico su obiettivi specifici.
L'articolo OverFlame Vs Anonymous Italia. Nell’Obiettovo il sito Dell’AISE, Colpito Con Poco Successo proviene da il blog della sicurezza informatica.
Time-of-Flight Sensors: How Do They Work?
If you need to measure a distance, it is tempting to reach for the ubiquitous ultrasonic module like an HC-SR04. These work well, and they are reasonably easy to use. However, they aren’t without their problems. So maybe try an IR time of flight sensor. These also work well, are reasonably easy to use, and have a different set of problems. I recently had a project where I needed such a sensor, and I picked up a TF-MiniS, which is a popular IR distance sensor. They aren’t very expensive, and they work serial or I2C. So how did it do?
The unit itself is tiny and has good specifications. You can fit the 42 x 15 x 16 mm module anywhere. It only weighs about five grams — as the manufacturer points out, less than two ping-pong balls. It needs 5 V but communicates using 3.3 V, so integration isn’t much of a problem.
At first glance, the range is impressive. You can read things as close as 10 cm and as far away as 12 m. I found this was a bit optimistic, though. Although the product sometimes gets the name of LiDAR, it doesn’t use a laser. It just uses an IR LED and some fancy optics.
How it Works
The simple explanation for how these sensors work is that they bounce light off a target and measure how long it takes to see the reflection. This is oversimplified, but one thing to keep in mind is that light is fast. To measure a millimeter, you need to measure a difference of less than 7 picoseconds. Light travels 1 mm in 3.3 picoseconds, and then the return flight doubles that.
Because of practical considerations, there are typically a few specialized techniques used. A pulsed sensor turns the illumination on and off and samples pixels to determine the ratio of the overlap in the outbound beam and the reflected light.
It is also possible to sample four measurements on each cycle (that is, four measurements 90 degrees apart) and compute the distance with some fancy trigonometry. TI has a paper that goes into some detail. Or, if you prefer video, they have a video on the topic, too, which you can see below.
youtube.com/embed/TpjnooXhOmY?…
Practical Concerns
Of course, you can’t measure infinitesimally small times, so the sensors are typically blind when you get too close. This sensor claims to be able to read as little as 10 cm. However, if you read closely, you’ll see that if the total distance is under 6 meters, the sensor is only accurate to within plus or minus 6 cm. So at 10 cm, you might read 4 cm to 16 cm, which is a pretty big difference.
Ambient light can affect measurements, too. One thing you might not think about is that it also matters how reflective the target item is. All of these things can reduce the 12-meter range.
You also have to think about the field of view. The further away something is, the larger it needs to be. At 12 meters, for example, the target has to be at least 42 cm on a side to present a big enough target. At 1 meter, a 3.5 cm side will suffice.
The target must also be fairly flat in the field of view. If the sensor sees a partial reflection at one distance and more reflection at a further distance, you’ll get an inaccurate reading. None of these things are insurmountable, of course.
Connecting isn’t hard. You use the red/black wires for 5 V power. A 3.3 V serial port is on the white and green wires: white is the line the unit receives data on. We’ve read that if you hook these up backwards or overvolt them, they’ll die. We didn’t test that.
Code
It is pretty easy to write some MicroPython code to get some readings. You can download the code to try it out. The heart of it is very simple:
while True:
total_distance = 0
valid_samples = 0
for _ in range(NUM_SAMPLES):
distance, strength, _ = get_lidar_data()
if distance >= 0 and strength >= 100: # throw out "weak" values or errors
total_distance += distance
valid_samples += 1 # only count good values
if valid_samples > 0:
print(total_distance / valid_samples)
By default, the device sends data out frequently. If you want to change things, you can and you can even save your setup so that it will continue to operate to your last settings.
The output is two 0x59 bytes followed by the distance (two bytes), the strength (two bytes, LSB), a device temperature (two bytes), and a checksum. All the two-byte values are least-significant byte first.
Commands all start with 0x5A and the length of the packet. Then there’s a command code, any data the command needs, and a checksum. Many of the commands are fixed, so the checksum is already computed in the documentation for you.
Speaking of documentation, if you want to write your own code, you don’t really need the datasheet. You do want the “Product Manual” from the Benewake website. The commands are all in that document. You can switch to a readout in millimeters or centimeters. You can set how often the system sends data. You can also put it in a polling mode. The slowest you can get data is once per second.
In Use
So how did it work? Some informal testing on the bench wasn’t too bad. The error at near distances was within range but pretty bad at about 3 cm. However, it looked relatively constant, so you can account for it in your code. We don’t know if different materials or different sensors would require different offsets, but we’d guess they do.
There was some very small noise in the sensor output, but, honestly, not much. There were no wild results to filter out. Averaging didn’t buy much because the output was pretty stable already.
Conclusion
Like most things, this is a good solution if you need it, but there are other options, and you have to weigh the pros and cons of each method. Of course, you can build your own, which might help you optimize. Sometimes, the ultrasonic sensors are just fine.
Ogni Lunedì Mattina: Allarme PEC! Vidar Malware Torna a Colpire Gli Italiani
Le campagne malware Vidar proseguono con la loro cadenza ormai regolare, riporta il CERT-AgID, le quali prendono di mira gli utenti italiani ogni lunedì mattina.
L’ultima ondata, rilevata nella notte del 20 gennaio 2025, sfrutta nuovamente le PEC compromesse per inviare e-mail esclusivamente ai possessori di caselle PEC, puntando sulla attendibilità di queste comunicazioni per massimizzare il tasso di successo degli attacchi.
Come già osservato in precedenti campagne, anche questa volta gli attori malevoli hanno fatto largo uso della tecnica del Domain Generation Algorithm (DGA) e della rotazione di utilizzo di numerosi host: sono stati rilevati 147 host utilizzati per distribuire il payload sotto forma di file JavaScript.
Queste strategie, sebbene già ampiamente note e sfruttate da tempo, si rivelano sempre efficaci nel complicare il rilevamento e la mitigazione delle campagne. In particolare, le URL generate con DGA ed i percorsi randomizzati restano inattive durante la fase iniziale notturno dell’attacco e si attivano solo nella mattinata successiva, aumentando le difficoltà della prevenzione proattiva.
Le attività di contrasto sono state già messe in atto con il supporto dei Gestori PEC. Gli IoC relativi alla campagna sono stati diramati attraverso il Feed IoC del CERT-AGID verso i Gestori PEC e verso le strutture accreditate.
Si raccomanda di prestare sempre la massima attenzione alle comunicazioni ricevute via PEC, in particolare quando contengono link ritenuti sospetti. Nel dubbio, è sempre possibile inoltrare le email ritenute sospette alla casella di posta malware@cert-agid.gov.it
L'articolo Ogni Lunedì Mattina: Allarme PEC! Vidar Malware Torna a Colpire Gli Italiani proviene da il blog della sicurezza informatica.
Who's who on tech policy in Trump 2.0 administration
WELCOME BACK. THIS IS DIGITAL POLITICS. I'm Mark Scott, and as many of us unpack the impact of Meta's recent decision to roll back its content moderation policies, here's a reminder that Mark Zuckerberg, the company's chief executive, once had an extremely awkward interaction with astronauts. Enjoy.
— Jan 20 marks the start of Donald Trump's second term in the White House. Here are the people you need to know that will shape tech policy over the next four years.
— The 'will they, or won't they' ban on TikTok in the United States is a reminder, to all countries, that you shouldn't mistake national security for digital policymaking.
— In case it wasn't clear, the US dominates the world of 'online platforms.' But countries from Singapore to Turkey are making a play, too.
Let's get started:
Who's who on tech policy in Trump 2.0 administration
WELCOME BACK. THIS IS DIGITAL POLITICS. I'm Mark Scott, and as many of us unpack the impact of Meta's recent decision to roll back its content moderation policies, here's a reminder that Mark Zuckerberg, the company's chief executive, once had an extremely awkward interaction with astronauts. Enjoy.
— Jan 20 marks the start of Donald Trump's second term in the White House. Here are the people you need to know that will shape tech policy over the next four years.
— The 'will they, or won't they' ban on TikTok in the United States is a reminder, to all countries, that you shouldn't mistake national security for digital policymaking.
— In case it wasn't clear, the US dominates the world of 'online platforms.' But countries from Singapore to Turkey are making a play, too.
Let's get started:
You Can Now Play DOOM In Microsoft Word, But You Probably Shouldn’t
DOOM used to primarily run on x86 PCs. It later got ported to a bunch of consoles with middling success, and then everything under the sun, from random embedded systems to PDFs. Now, thanks to [Wojciech Graj], you can even play it in Microsoft Word.
To run DOOM inside Microsoft Word, you must enable VBA macros, and ignore security warnings, to boot. You’ll need a modern version of Word, and it will only work on Windows on an x64 CPU. As you might imagine, too, the *.DOCM file is not exactly lightweight. It comes in at 6.6 MB, no surprise given it contains an entire FPS. It carries inside it a library called doomgeneric_docm.dll and the whole doom1.wad data file. Once the file is opened, a macro then extracts all the game data and executes it.
If you think that Microsoft Word doesn’t really have a way of displaying live game graphics, you’d be correct. Instead, that DLL is creating a bitmap image of the game state for every frame, which is then displayed inside Word itself. It uses the GetAsyncKeyState function to grab inputs from the arrow keys, number keys, and CTRL and space so the player can move around. It certainly sounds convoluted, but it actually runs pretty smoothly given all the fuss.
While this obviously works, you shouldn’t get in the habit of executing random code in your word processor. It’s just not proper, you see, like elbows on the dinner table! And, you know. It’s insecure. So don’t do that.
youtube.com/embed/G3XoOCMnSNg?…
[Thanks to Josiah Gould for the tip!]
Innovative Clock Uses Printed Caustic Lens
Hackers and makers have built just about every kind of clock under the sun. Digital, analog, seven-segment, mechanical seven-segment, binary, ternary, hexadecimal… you name it. It’s been done. You really have to try to find something that shocks us… something we haven’t seen before. [Moritz v. Sivers] has done just that. 
Meet the Caustic Clock. It’s based on the innovative Hollow Clock from [shiura]. It displays time with an hour hand and a minute hand, and that’s all so conventional. But what really caught our eye was the manner in which its dial works. It uses caustics to display the clock dial on a wall as light shines through it.
If you’ve ever seen sunlight reflect through a glass, or the dancing patterns in an outdoor swimming pool, you’ve seen caustics at play. Caustics are the bright patterns we see projected through a transparent object, and if you shape that object properly, you can control them. In this case, [Moritz] used some GitHub code from [Matt Ferraro] to create a caustic projection clockface, and 3D printed it using an SLA printer.
The rest of the clock is straightforward enough—there’s some WS2812 LEDs involved, an Arduino Nano, and even an RP2040. But the real magic is in the light show and how it’s all achieved. We love learning about optics, and this is a beautiful effect well worth studying yourself.
youtube.com/embed/vHKDAkZ5_38?…
“The EvilLoader”: L’Exploit Che Minaccia Telegram e Gli Utenti Android
In un recente post pubblicato sul forum underground XSS.IS, un utente, noto con il nickname “Ancryno”, ha pubblicizzato uno strumento di exploit chiamato “The EvilLoader”. Questo exploit, stando a quanto affermato dall’autore, è progettato per colpire utenti Android attraverso video Telegram manipolati. L’autore sottolinea la possibilità di personalizzare l’exploit in base alle necessità dell’attaccante, rendendolo una minaccia versatile e particolarmente insidiosa. Ma quali sono i dettagli di questa minaccia, e quali potrebbero essere le sue ripercussioni sul panorama della cybersecurity?
Il Contenuto del Post
Il messaggio si apre con un tono autocelebrativo, sottolineando l’impegno dell’autore nel rilasciare nuove tecnologie di exploit. Nello specifico, il post evidenzia le seguenti caratteristiche dell’exploit:
- Compatibilità con tutte le versioni Android di Telegram.
- Funzionalità personalizzabili, inclusa la possibilità di caricare contenuti spoofati e video manipolati.
- Bypass della soddisfazione dell’utente, che suggerisce la capacità di eludere i controlli di sicurezza o mascherare le attività malevole.
Un aspetto particolarmente preoccupante è la dichiarazione che lo strumento può essere utilizzato per:
- Infezioni dei dispositivi Android.
- Furto di sessioni Telegram, con implicazioni dirette sul furto di dati personali e aziendali.
- Creazione di attacchi di phishing personalizzati, sfruttando la piattaforma di Telegram.
Analisi e Implicazioni
Se quanto descritto nel post fosse vero, “The EvilLoader” rappresenterebbe una minaccia altamente sofisticata, soprattutto considerando l’ampio utilizzo di Telegram come piattaforma di messaggistica sia a livello personale che professionale. Gli attaccanti potrebbero sfruttare video apparentemente innocui per veicolare payload malevoli, consentendo l’installazione di malware sui dispositivi delle vittime.
Il furto di sessioni Telegram, in particolare, potrebbe avere conseguenze devastanti. Telegram utilizza un sistema di autenticazione basato su codici inviati via SMS, che, una volta compromesso, potrebbe consentire agli attaccanti di prendere il controllo completo degli account delle vittime. Questo potrebbe portare a:
- Furto di dati sensibili, inclusi messaggi, file condivisi e contatti.
- Accesso a canali e gruppi privati, con conseguenze potenzialmente catastrofiche per organizzazioni che utilizzano Telegram per comunicazioni interne.
- Esecuzione di attacchi secondari, come phishing o spam, sfruttando la fiducia degli altri utenti nei confronti degli account compromessi.
XSS.IS e il Mercato degli Exploit
Il forum XSS.IS è noto per essere un punto di incontro per cybercriminali, hacker e venditori di exploit. Il fatto che strumenti come “The EvilLoader” vengano pubblicizzati su queste piattaforme sottolinea quanto il mercato degli exploit sia florido e in continua evoluzione. Inoltre, l’autore del post fa riferimento a un modello di vendita tramite escrow, che garantisce transazioni sicure tra acquirente e venditore, dimostrando la professionalizzazione di questi ambienti criminali.
Ripercussioni sul Panorama della Cybersecurity
La crescente diffusione di exploit come “The EvilLoader” pone sfide significative per le aziende di cybersecurity e per gli utenti finali. Le principali preoccupazioni includono:
- Aumento degli attacchi mirati: Gli strumenti personalizzabili permettono agli attaccanti di adattare i loro attacchi a specifici bersagli, aumentando l’efficacia delle campagne malevole.
- Compromissione della fiducia nelle piattaforme: Attacchi di questo tipo minano la fiducia degli utenti in piattaforme come Telegram, che sono sempre più utilizzate anche in ambito professionale.
- Evoluzione delle tecniche di difesa: Gli esperti di cybersecurity dovranno sviluppare contromisure più avanzate per identificare e bloccare attacchi veicolati tramite file multimediali apparentemente innocui.
In conclusione il post di “Ancryno” sul forum XSS.IS è un chiaro esempio di come il panorama delle minacce stia evolvendo rapidamente. Strumenti come “The EvilLoader” rappresentano una minaccia concreta non solo per gli utenti individuali, ma anche per le organizzazioni che utilizzano Telegram come piattaforma di comunicazione. È essenziale che gli utenti adottino pratiche di sicurezza adeguate, come l’uso di autenticazione a due fattori e l’aggiornamento regolare delle applicazioni, per mitigare i rischi. Allo stesso tempo, le aziende di cybersecurity devono continuare a monitorare attentamente i forum underground per anticipare e contrastare queste nuove minacce.
L'articolo “The EvilLoader”: L’Exploit Che Minaccia Telegram e Gli Utenti Android proviene da il blog della sicurezza informatica.
Bone Filament, For Printing Practice Bones
Of course there is bone-simulation filament on the market. What’s fun about this Reddit thread is all of the semi-macabre concerns of surgeons who are worried about its properties matching the real thing to make practice rigs for difficult surgeries. We were initially creeped out by the idea, but now that we think about it, it’s entirely reassuring that surgeons have the best tools available for them to prepare, so why not 3D prints of the actual patient’s bones?
[PectusSurgeon] says that the important characteristics were that it doesn’t melt under the bone saw and is mechanically similar, but also that it looks right under x-ray, for fluorscopic surgery training. But at $100 per spool, you would be forgiven for looking around for substitutes. [ghostofwinter88] chimes in saying that their lab used a high-wood-content PLA, but couldn’t say much more, and then got into a discussion of how different bones feel under the saw, before concluding that they eventually chose resin.
Of course, Reddit being Reddit, the best part of the thread is the bad jokes. “Plastic surgery” and “my insurance wouldn’t cover gyroid infill” and so on. We won’t spoil it all for you, so enjoy.
When we first read “printing bones”, we didn’t know if they were discussing making replacement bones, or printing using actual bones in the mix. (Of course we’ve covered both before. This is Hackaday.)
Thanks [JohnU] for the tip!
Robotics Class is Open
If you are like us, you probably just spin up your own code for a lot of simple projects. But that’s wasteful if you are trying to do anything serious. Take a robot, for example. Are you using ROS (Robot Operating System)? If not — or even if you are — check out [Janne Karttunene] and the University of Eastern Finland’s open-source course Robotics and ROS 2 Essentials.
The material is on GitHub. Rather than paraphrase, here’s the description from the course itself:
This course is designed to give you hands-on experience with the basics of robotics using ROS 2 and Gazebo simulation. The exercises focus on the Andino robot from Ekumen and are structured to gradually introduce you to ROS 2 and Docker.No prior experience with ROS 2 or Docker is needed, and since everything runs through Docker, you won’t need to install ROS 2 on your system beforehand. Along the way, you’ll learn essential concepts like autonomous navigation and mapping for mobile robots. All the practical coding exercises are done in Python.
Topics include SLAM, autonomous navigation, odometry, and path planning. It looks like it will be a valuable resource for anyone interested in robotics or anything else you might do with ROS.
If you want a quick introduction to ROS, we can help. We’ve seen a number of cool ROS projects over the years.
Hackaday Links: January 19, 2025
This week, we witnessed a couple of space oopsies as both Starship and New Glenn suffered in-flight mishaps on the same day. SpaceX’s Starship was the more spectacular, with the upper stage of the seventh test flight of the full stack experiencing a “rapid unscheduled disassembly” thanks to a fire developing in the aft section of the stage somewhere over the Turks and Caicos islands, about eight and a half minutes after takeoff from Boca Chica. The good news is that the RUD happened after first-stage separation, and that the Super Heavy booster was not only able to safely return to the pad but also made another successful “chopsticks” landing on the tower. Sorry, that’s just never going to get old.
On the Bezos side of the billionaire rocket club, the maiden flight of Blue Origin’s New Glenn ended with the opposite problem. The upper stage reached orbit, but the reusable booster didn’t make it back to the landing barge parked off the Bahamas. What exactly happened isn’t clear yet, but judging by the telemetry the booster was coming in mighty fast, which may indicate that the engines didn’t restart fully and the thing just broke up when it got into the denser part of the atmosphere.
While we’re not huge fans of doorbell cameras, mainly on privacy grounds but also because paying a monthly fee for service just seems silly, we might reconsider our position after one captured video of a meteorite strike. The impact, which occurred at the Prince Edward Island home of Joe Velaidum, happened back in July but the video was only just released; presumably the delay was for confirmation that the object was indeed a meteorite. Joe’s Ring camera captured video of something yeeting out of the sky and crashing into the sidewalk next to the driveway, in the exact spot he’d been standing only moments before. It’s hard to say if he would have been killed by the impact, but it sure wouldn’t have been fun.
youtube.com/embed/dJJtLtV0Gx4?…
While we’re on space-adjacent topics, we saw an interesting story about a satellite that was knocked out of service for a couple of days thanks to 2024 being a leap year. The Eutelsat OneWeb communications satellite went offline on the last day of the year, apparently because some software wasn’t prepared for the fact that 2024 had 366 days. It’s not clear if this caused any problems with the satellite itself, although the company said the problem was with the “ground segment” so it likely wasn’t. Engineers were able to work through the problem and get it back online within 48 hours, but we’re left wondering how something like this could happen with so many standard libraries out there that specifically deal with leap day calculations.
It’s that time of year again — HOPE_16 is gearing up, and tickets for the August 15-17 conference at St. John’s University in Queens are already on sale. It looks like the Call for Proposals is active now too, so if you’ve got a talk you’d like to give, get going.
And finally, sad news for a hapless early adopter of Bitcoin, whose eleven-year effort to locate a hard drive with 8,000 Bitcoin on it has reached a legal end. Back in 2013, a hard drive owned by James Howells containing the Bitcoin wallet was accidentally disposed of, ending up in a landfill in Newport, Wales. Howells immediately asked for permission to search for the missing fortune, which at the time was worth about $7.5 million. This seems to us like his first mistake; in light of the potential payout, we’d probably have risked a trespassing charge. Howells spent the next couple of years trying to get access while assembling a recovery team, with the effort driven by the ever-increasing price of Bitcoin. Howells also brought suit against the council to get access, an effort that a High Court judge brought to an end last week. So Howells is out of luck, and the hard drive, now worth $765 million, still lies in the landfill.
Dillo Turns 25, and Releases a New Version
The chances are overwhelming, that you are reading this article on a web browser powered by some form of the Blink or WebKit browser engines as used by Google, Apple, and many open source projects, or perhaps the Gecko engine as used by Firefox. At the top end of the web browser world there are now depressingly few maintained browser engines — we think to the detriment of web standards evolution.
Moving away from the big players though, there are several small browser projects which eschew bells and whistles for speed and compactness, and we’re pleased to see that one of the perennial players has released a new version as it passes its quarter century.
Dillo describes itself as ” a fast and small graphical web browser”, and it provides a basic window on the web with a tiny download and the ability to run on very low-end hardware. Without JavaScript and other luxuries it sometimes doesn’t render a site as you’d see it in Chrome or Firefox, but we’re guessing many users would relish some escape from the web’s cycle-sucking garbage. The new version 3.2.0 brings bug fixes, as well as math formula rendering, and navigation improvements.
The special thing about Dillo is that this is a project which came back from the dead. We reported last year how a developer resurrected it after a previous release back in 2015, and it seems that for now at least it has a healthy future. So put it on your retro PC, your original Raspberry Pi, or your Atari if you have one, and try it on your modern desktop if you need reminding just how fast web browsing can be.
This isn’t the only interesting browser project on the block, we’re also keeping an eye on Ladybird, which is aiming for those big players rather than simplicity like Dillo.
Thanks [Feinfinger] for the tip.
Tutto sul ransomware: il commento riga per riga del documento ACN/CSIRT (solo audio)
In questo episodio ho commentato riga per riga un documento di ACN e CSIRT che ripercorre con molta cura tutti gli aspetti più interessanti relativi al ransomware. Sul mio canale YouTube è presente anche il video, per chi volesse seguire il testo del documento.
zerodays.podbean.com/e/tutto-s…
Bambu Connect’s Authentication X.509 Certificate and Private Key Extracted
Hot on the heels of Bambu Lab’s announcement that it would be locking down all network access to its X1-series 3D printers with new firmware, the X.509 certificate and private key from the Bambu Connect application have now been extracted by [hWuxH]. This application was intended to be the sole way for third-party software to send print jobs to Bambu Lab hardware as we previously reported.
The Bambu Connect app is a fairly low-effort Electron-based affair, with some attempt at obfuscation and encryption, but not enough to keep prying eyes out. The de-obfuscated main.js file can be found here, with the certificate and private key clearly visible. These are used to encrypt HTTP traffic with the printer, and is the sole thing standing in the way of tools like OrcaSlicer talking with authentication-enabled Bambu Lab printers.
As for what will be the next steps by Bambu Lab, it’s now clear that security through obfuscation is not going to be very effective here. While playing whack-a-mole with (paying) users who are only interested in using their hardware in the way that they want is certainly an option, this might be a wake-up call for the company that being more forthcoming with their userbase would be in anyone’s best interest.
We await Bambu Lab’s response with bated breath.
An Instant Gratification Game Boy Printer
When the Game Boy Printer was released back in 1998, being able to produce a hard-copy of your Pokémon diploma or your latest Game Boy Camera snapshot at the touch of a button was was pretty slick indeed. But in our modern paperless society, the GB Printer somehow sticks out as even more archaic than the other add-on’s for Nintendo’s iconic handheld. Even among the folks who are still proudly playing the games that support the Printer, nobody actually wants to print anything out — although that doesn’t mean they don’t want to see the images.
The TinyGB Printer, developed by [Raphaël BOICHOT] and [Brian KHUU], could be considered something of a Game Boy Non-Printer. Powered by the RP2040 Zero development board, this open source hardware device plugs into your Game Boy and is picked up by all the games as a legitimate Printer. But instead of cranking out a little slip of thermal paper once you hit the button, the image is displayed in all its 240×240 glory on a 1.3 inch TFT display mounted to the top of the board.
Now, there’s a couple neat things going on here. First of all, because the whole process is digital, [Raphaël] and [Brian] have managed to pull out all the stops and believe they are reproducing these images in the highest fidelity possible. The images are also being simultaneously stored (as PNGs) to a micro SD card on the board, which given the file size of these images, essentially gives you unlimited storage capacity. The documentation says the code might start glitching once you’ve put tens of thousands of images on the card, but surely your sanity would give out before then.
The documentation looks fantastic on this project, and we love the different variations that are possible depending on how you want to build it. For example you can choose to power it with AA or AAA batteries (to match whatever your Game Boy uses), and there’s support for removing the display if you’re more interested in banking the images than viewing them on the go.
If this project seems a bit similar, it’s probably because the duo were involved in the NeoGB Printer we covered back in 2021. Between the two this new version is considerably more polished, and it’s interesting to see how the team has improved on the basic concept over the last few years.
DIY Handheld is an Emulation Powerhouse
If you’re into handheld gaming, you’ve got a wide array of hardware options to choose from these days that are capable of running everything from console classics to full-fledged PC titles. But that doesn’t mean there aren’t enterprising gamers out there who are still building their own custom handhelds — like the Retro Lite CM5.
For this project, [StonedEdge], [GinKage], and [notime2d8] set out to create a powerful enough handheld that could emulate games spanning the PlayStation 2, GameCube, and 3DS eras. Using a Radxa Rk3588s compute module as a base, the build navigates the design and construction of things like the carrier board, custom controllers, and the enclosure.
There are experiments with the MIPI OLED displays and the final revision uses an RP2040 as an HID to read button presses and data from the IMU. WiFi 6 and BLE 5.2 are handled by an M2 slot-mounted module that is interfaced using a PCI Express bus which is always tricky when designing your PCBs. The final product looks great and there are a couple of videos that show the device in action. Additionally, the design files and code are available for anyone who fancies building one themselves.
If you like handheld gaming consoles, then have a look at the Intel NUC based Handheld with Steam Deck vibes.
youtube.com/embed/lf8C4oy6nv0?…
Motorized Coil Tunes Your Ham Antenna on a Budget
When it comes to amateur radio, one size definitely does not fit all. That’s especially true with antennas, which need to be just the right size for the band you’re working, lest Very Bad Things happen to your expensive radio. That presents a problem for the ham who wants the option to work whichever band is active, and doubly so if portable operation is desired.
Of course, there are commercial solutions to this problem, but they tend to be expensive. Luckily [Øystein (LB8IJ)] seems to have found a way around that with this low-cost homebrew motorized antenna coil, which is compatible with the Yaesu Automatic Tuning Antenna System. ATAS is supported by several Yaesu transceivers, including the FT-891 which [Øystein] favors for field operations. ATAS sends signals up the feedline to a compatible antenna, which then moves a wiper along a coil to change the electrical length of the antenna, allowing it to resonate on the radio’s current frequency.
The video below details [Øystein]’s implementation of an ATAS-compatible tuning coil, mainly focusing on the mechanical and electrical aspects of the coil itself, which takes up most of the room inside a 50-mm diameter PVC tube. The bore of the air-core coil has a channel that guides a wiper, which moves along the length of the coil thanks to a motor-driven lead screw. [Øystein] put a lot of work into the wiper, to make it both mechanically and electrically robust. He also provides limit switches to make sure the mechanism isn’t over-driven.
There’s not much detail yet on how the control signals are detected, but a future video on that subject is promised. We’re looking forward to that, but in the meantime, the second video below shows [Øystein] using the tuner in the field, with great results.
youtube.com/embed/skmWhgQLtnM?…
youtube.com/embed/MKAW8y2GVl8?…
Dati di Geolocalizzazione: Gli Hacker Vogliono Pubblicare Il Bottino di Gravy Analytics
Gli hacker hanno annunciato che Gravy Analytics, una società che vende dati sulla posizione degli smartphone al governo degli Stati Uniti, è stata hackerata. Gli aggressori avrebbero avuto accesso a una grande quantità di dati, tra cui elenchi di clienti, informazioni sul settore e geodati precisi degli utenti. Gli hacker minacciano di pubblicare informazioni se l’azienda non risponde entro 24 ore.
L’incidente è stato un serio avvertimento per l’intero settore del commercio di dati di geolocalizzazione. Per anni, le aziende hanno raccolto dati sulla posizione tramite app mobili e reti pubblicitarie per poi venderli ad aziende private e agenzie governative. Tra i clienti figurano il Dipartimento della Difesa degli Stati Uniti, il Dipartimento per la Sicurezza Nazionale, l’Internal Revenue Service e l’FBI. Tuttavia, tali dati diventano un obiettivo attraente per i criminali informatici.
Sui forum, gli hacker hanno pubblicato campioni di dati che includevano le coordinate esatte degli utenti, i tempi di viaggio e ulteriori qualificatori, come “probabilmente alla guida”. Tra i dati sono state trovate informazioni su utenti di diversi paesi, tra cui Russia, Messico e Paesi Bassi. Alcuni dati sono già stati utilizzati dalle agenzie statunitensi per le operazioni di migrazione.
Gli hacker affermano di aver ottenuto l’accesso all’infrastruttura Gravy Analytics nel 2018. Gli screenshot mostrano l’accesso completo ai server, ai domini e allo spazio di archiviazione Amazon S3 dell’azienda. Si dice che anche i server hackerati eseguano Ubuntu, evidenziando la portata della violazione.
Sito web di un’azienda hackerata e screenshot degli hacker (404 Media)
Nel 2023, Gravy Analytics è stata acquisita da Unacast, ma il sito web dell’azienda rimane inaccessibile. I rappresentanti di Unacast non hanno fornito commenti sulla situazione.
I clienti di Gravy Analytics (la società madre di Venntel) includono Apple, Uber, Comcast, Equifax e appaltatori del governo statunitense come Babel Street. Quest’ultimo ha precedentemente utilizzato i dati per strumenti di tracciamento, compreso il monitoraggio dei visitatori delle cliniche per aborti.
In precedenza, la Federal Trade Commission (FTC) degli Stati Uniti aveva avviato un’indagine contro Gravy Analytics e Venntel. Le società sono state accusate di aver venduto dati riservati senza il consenso dell’utente e hanno ordinato di cancellare i dati storici di geolocalizzazione. La FTC ha affermato che le azioni delle società violano una legge che vieta l’uso ingiusto delle informazioni personali.
In precedenza si era saputo che le basi militari americane in Europa erano minacciate a causa della fuga di dati sulla posizione raccolti per la pubblicità mirata. Dall’indagine è emerso che le aziende statunitensi che raccolgono legalmente dati a scopo pubblicitario offrono in realtà la possibilità di tracciare i movimenti del personale militare e dei servizi segreti.
L'articolo Dati di Geolocalizzazione: Gli Hacker Vogliono Pubblicare Il Bottino di Gravy Analytics proviene da il blog della sicurezza informatica.
A Look Inside a Modern Mixed Signal Oscilloscope
High-speed bench equipment has become so much more affordable in the last decade that naturally one wonders what has made that possible. A great source of answers is a teardown by users like [kerry wong] who are kind enough to take apart their MSO2304X 300MHz osilloscope for our viewing pleasure.
The posted teardown video shows the guts of the scope without enclosure, heatsinks and shields that reveal a handful of boards that execute the functions nicely. The motherboard uses the Xilinx KINTEX-7 FPGA that is expected to run core processes such as signal processing as well as managing the sample storage on the paired DDR3 memory.
The analog front-end here is a bit of a surprise as it sports TI’s ADC08D1000 ADCs that are capable of 1.3 GSPS but the scope is advertised to be capable of more. The inferred design is that all four ADCs are being operated in an interleaved symphony to achieve 5 GSPS. Testing confirms that each input uses two ADCs at a time and when two or more channels are employed, the reconstruction quality drops.
The input lanes are pretty standard and are equipped with amps and power regulators that are more than up to the task. More TI chips are discovered such as the DAC128S085 that are the key to the analog waveform generator which is a feature commonly found in modern high-end oscilloscopes. On the application processor side, the scope has a Rockchip RK3568 that is responsible for the GUI and other user-level functions.
An interesting point in the video was how lean the construction is as well as the cost. The FPGA, ADCs, and other analog components are estimated to total the sale price of the scope, which means that manufacturer pricing would have to be heavily discounted to grant gross margin on sales. We loved the review of the scope and is the other part of the story.
youtube.com/embed/rY8mqdbomXA?…
Stealth AirTag Broadcasts When Moved: an Experiment
A simple yet intriguing idea is worth sharing, even if it wasn’t a flawless success: it can inspire others. [Richard]’s experiment with a motion-powered AirTag fits this bill. Starting with our call for simple projects, [Richard] came up with a circuit that selectively powers an AirTag based on movement. His concept was to use an inertial measurement unit (IMU) and a microcontroller to switch the AirTag on only when it’s on the move, creating a stealthy and battery-efficient tracker.
The setup is minimal: an ESP32 microcontroller, an MPU-6050 IMU, a transistor, and some breadboard magic. [Richard] demonstrates the concept using a clone AirTag due to concerns about soldering leads onto a genuine one. The breadboard-powered clone chirps to life when movement is detected, but that’s where challenges arise. For one, Apple AirTags are notoriously picky about batteries—a lesson learned when Duracell’s bitter coating blocks functionality. And while the prototype works initially, an unfortunate soldering mishap sadly sends the experiment off the rails.
Despite the setbacks, this project may spark a discussion on the possibilities of DIY digital camouflage for Bluetooth trackers. By powering up only when needed, such a device avoids constant broadcasting, making it harder to detect or block. Whether for tracking stolen vehicles or low-profile uses, it’s a concept rich with potential. We talked about this back in 2022, and there’s an interesting 38C3 talk that sheds quite some light on the broadcasting protocols and standards.
youtube.com/embed/WpcrsezGGOM?…
Header AirTag: Apple, Public domain, via Wikimedia Commons