Powerful Flashlight Gets Active Air Cooling
LEDs were once little more than weedy little indicators with low light output. Today, they’re absolute powerhouses, efficiently turning a flow of electrons into a searing beam of light. Despite their efficiency, they can still put out a fair whack of heat. Thus, if you’re building a powerful flashlight like [CrazyScience], you might wanna throw some active cooling on there just to keep things happy. Check out the video below.
The build will not be unfamiliar to any casual observer of the modern DIY flashlight scene. It uses a flatpack LED module of great brightness and a wad of 18650 lithium-ion cells to provide the juice to run it. The LED itself is mounted in a 3D-printed frame, which leaves its rear exposed, and a small PC fan is mounted for air cooling. It’s not the most optimized design, as airflow out of the fan is somewhat restricted by the 3D-printed housing, but it’s a lot better than simple passive cooling. It allows the torch to be more compact without requiring a huge heatsink to keep the LED at an acceptable temperature.
The final torch doesn’t have the most ergonomic form factor, but it does work. However, as a learning project for a new maker, it’s a start, and the learning value of building something functional can’t be understated. If your desire for flashlights swerves to the more powerful, we’ve covered those, too. Just be careful out there.
youtube.com/embed/LG4hLKVjkgM?…
Hackaday Links: February 9, 2025
January 9 ended up being a very expensive day for a Culver City, California man after he pleaded guilty to recklessly operating a drone during the height of the Pacific Palisades wildfire. We covered this story a bit when it happened (second item), which resulted in the drone striking and damaging the leading edge of a Canadian “Super Scooper” plane that was trying to fight the fire. Peter Tripp Akemann, 56, admitted to taking the opportunity to go to the top of a parking garage in Santa Monica and launching his drone to get a better view of the action to the northwest. Unfortunately, the drone got about 2,500 meters away, far beyond visual range and, as it turns out, directly in the path of the planes refilling their tanks by skimming along the waters off Malibu. The agreement between Akemann and federal prosecutors calls for a guilty plea along with full restitution to the government of Quebec, which owns the damaged plane, plus the costs of repair. Akemann needs to write a check for $65,169 plus perform 150 hours of community service related to the relief effort for the fire’s victims. Expensive, yes, but probably better than the year in federal prison such an offense could have earned him.
Another story we’ve been following for a while is the United States government’s effort to mandate that every car sold here comes equipped with an AM radio. The argument is that broadcasters, at the government’s behest, have devoted a massive amount of time and money to bulletproofing AM radio, up to and including providing apocalypse-proof bunkers for selected stations, making AM radio a vital part of the emergency communications infrastructure. Car manufacturers, however, have been routinely deleting AM receivers from their infotainment products, arguing that nobody but boomers listen to AM radio in the car anymore. This resulted in the “AM Radio for Every Vehicle Act,” which enjoyed some support the first time it was introduced but still failed to pass. The bill has been reintroduced and appears to be on a fast track to approval, both in the Senate and the House, where a companion bill was introduced this week. As for the “AM is dead” argument, the Geerling boys put the lie to that by noting that the Arbitron ratings for AM stations around Los Angeles spiked dramatically during the recent wildfires. AM might not be the first choice for entertainment anymore, but while things start getting real, people know where to go.
Most of us are probably familiar with the concept of a honeypot, which is a system set up to entice black hat hackers with the promise of juicy information but instead traps them. It’s a time-honored security tactic, but one that relies on human traits like greed and laziness to work. Protecting yourself against non-human attacks, like those coming from bots trying to train large language models on your content, is a different story. That’s where you might want to look at something like Nepenthes, a tarpit service intended to slow down and confuse the hell out of LLM bots. Named after a genus of carnivorous pitcher plants, Nepenthes traps bots with a two-pronged attack. First, the service generates a randomized but deterministic wall of text that almost but not quite reads like sensible English. It also populates a bunch of links for the bots to follow, all of which point right back to the same service, generating another page of nonsense text and self-referential links. Ingeniously devious; use with caution, of course.
When was the last time you actually read a Terms of Service document? If you’re like most of us, the closest you’ve ever come is the few occasions where you’ve got to scroll to the bottom of a text window before the “Accept Terms” button is enabled. We all know it’s not good to agree to something legally binding without reading it, but who has time to trawl through all that legalese? Nobody we know, which is where ToS; DR comes in. “Terms of Service; Didn’t Read” does the heavy lifting of ToS and EULAs for you, providing a summary of what you’re agreeing to as well as an overall grade from A to E, with E being the lowest. Refreshingly, the summaries and ratings are not performed by some LLM but rather by volunteer reviewers, who pore over the details so you don’t have to. Talk about taking one for the team.
And finally, how many continents do you think there are? Most of us were taught that there are seven, which would probably come as a surprise to an impartial extraterrestrial, who would probably say there’s a huge continent in one hemisphere, a smaller one with a really skinny section in the other hemisphere, the snowy one at the bottom, and a bunch of big islands. That’s not how geologists see things, though, and new research into plate tectonics suggests that the real number might be six continents. So which continent is getting the Pluto treatment? Geologists previously believed that the European plate fully separated from the North American plate 52 million years ago, but recent undersea observations in the arc connecting Greenland, Iceland, and the Faroe Islands suggest that the plate is still pulling apart. That would make Europe and North America one massive continent, at least tectonically. This is far from a done deal, of course; more measurements will reveal if the crust under the ocean is still stretching out, which would support the hypothesis. In the meantime, Europe, enjoy your continental status while you still can.
A Twin-Lens Reflex Camera That’s Not Quite What It Seems
The Camp Snap is a simple fixed-focus digital camera with only an optical viewfinder and a shot counter, which has become a surprise hit among photography enthusiasts for its similarity to a disposable film camera. [Snappiness] has one, and also having a liking for waist-level viewfinders as found on twin-lens reflex cameras, decided to make a new Camp Snap with a waist-level viewfinder. It’s a digital twin-lens reflex camera, of sorts.
Inside the Camp Snap is the little webcam module we’ve come to expect from these cameras, coupled with the usual microcontroller PCB that does the work of saving to SD card. It’s not an ESP32, but if you’ve ever played with an ESP32-CAM board you’re on a similar track. He creates a 3D-printed TLR-style case designed to take the PCB and mount the camera module centrally, with ribbon cable extensions taking care of placement for the other controls. The viewfinder meanwhile uses a lens, a mirror, and a Fresnel lens, and if you think this might look a little familiar it’s because he’s based it upon his previous clip-on viewfinder project.
The result, with an added “Snappiflex” logo and filter ring, is a rather nice-looking camera, and while it will preserve the dubious quality of the Camp Snap, it will certainly make the process of using the camera a lot more fun. We think these cheap cameras, and particular their even less expensive AliExpress cousins, have plenty of hacking potential as yet untapped, and we’re keen to see more work with them. The full video is below the break.
youtube.com/embed/6lx6p_pr80E?…
Your Chance to Get A Head (A Gnu Head, Specifically)
The Free Software Foundation is holding an auction to celebrate its 40th anniversary. You can bid on the original sketch of the GNU head by [Etienne Suvasa] and [Richard Stallman’s] Internet Hall of Fame medal.
There are some other awards, including the FSF’s 1999 Norbert Wiener Award. There’s even a katana that symbolizes the fight for computer user freedom.
The FSF has done a lot of important work to shape the computing world as we know it. We hope this sale isn’t a sign that they are running out of money. Maybe they are just funding their birthday party in Boston.
If you use Linux (even if it is disguised as Android, a Raspberry Pi OS, or hiding on a web server you use), you can thank the FSF. While we commonly call them “Linux systems,” Linux is just the kernel. Most of the other things you use are based on either GNU-sponsored code or builds on that GNU-sponsored code. If you want to know more about the history of the organization, you can catch [ForrestKnight’s] video below.
Without the GNU tools and the Linux kernel, you have to wonder what our computers would look like. While [Richard Stallman] is a sometimes controversial figure, you can’t argue that the FSF has had a positive impact on our computers. Maybe we’d all be on BSD. It is worth noting that the FSF even certifies hardware.
youtube.com/embed/sQDvkd2wtxU?…
Moving Power Grids In A Weekend, The Baltic States Make The Switch
A significant event in the world of high-power electrical engineering is under way this weekend, as the three Baltic states, Lithuania, Latvia, and Estonia, disconnect their common power grid from the Russian system, and hook it up to the European one. It’s a move replete with geopolitical significance, but it’s fascinating from our point of view as it gives a rare insight into high voltage grid technology.
There are a few news videos in the air showing contactors breaking the circuit, and even a cable-cutting moment, but in practice this is not as simple a procedure as unplugging an appliance from a wall socket. The huge level of planning that has gone into this move is evident in the countrywide precautions in case of power loss, and the heightened security surrounding the work. As we understand it at the moment the three countries exist as a temporary small grid of their own, also isolating the Russian exclave of Kaliningrad which now forms its own grid. The process of aligning the phase between Baltic and European grids has been under way overnight, and an online monitor shows significant frequency adjustments during that time. At some point on Sunday a new connection will be made to the European grid via Poland, and the process will be completed. We imagine that there will be a very relieved group of electrical engineers who will have completed their own version of a Moon landing when that has happened.
If you happen to live in either region, there’s still some time to watch the process in action, by monitoring the supply frequency for yourself. It’s not the first time that geopolitics have affected the European grid, as the continent lost six minutes a few years ago, and should you Americans think you are safe from such problems, think again.
Matthias Wandel Hates CNC Machines in Person
Prolific woodworking YouTuber [Matthias Wandel] makes some awesome mechanical contraptions, and isn’t afraid of computers, but has never been a fan of CNC machines in the woodshop. He’s never had one either, so until now he couldn’t really talk. But he had the parts on hand, so he built a wooden CNC router. It’s lovely.
The router itself is what 3D printer folks would call a bed-slinger, and it’s cobbled together out of scrap plywood. Some of the parts have extra holes drilled in them, but “measure once, drill twice” is our motto, so we’re not one to judge. He spends a lot of time making “crash pads” that keep the frame from destroying itself while he’s building it – once the CNC is actually controlling things with the limit switches, we presume they won’t be necessary, but their design is fun anyway.
If you’re at all interested in CNC machines, you should give this video a watch. Not because it’s done the “right” way, but because it’s a CNC that’s being built on a budget from first principles by an experienced wood builder, and it’s illuminating to watch him go. And by the end of the video, he is making additional parts for the machine on the machine, with all the holes in the right places, so he’s already stepping in the right direction.
He doesn’t love digital design and fabrication yet, though. If you’re making one-offs, it probably isn’t worth the setup time to program the machine, especially if you have all of his jigs and machines at your disposal. Still, we kind of hope he’ll see the light.
Of course, this isn’t the first wooden CNC router we’ve seen around these parts, and it probably won’t be the last. If you want to go even more fundamental, [Homo Faciens]’s series of CNC machines is a lovely mashup of paperclips and potential. Or, if refinement is more your style, this benchtop machine is the bee’s knees.
youtube.com/embed/wMi0TJx-7ks?…
C++ is 45 Years Old. [Stroustrup] Says You Still Don’t Get It!
We were surprised when we read a post from C++ creator [Bjarne Stroustrup] that reminded us that C++ is 45 years old. His premise is that C++ is robust and flexible and by following some key precepts, you can avoid problems.
We don’t disagree, but C++ is much like its progenitor, C, in that it doesn’t really force you to color inside the lines. We like that, though. But it does mean that people will go off and do things the way they want to do it, for any of a number of good and bad reasons.
Bjarne Stroustrup
We will admit it. We are probably some of the worst offenders. It often seems like we use C++ the way we learned it several decades ago and don’t readily adopt new features like auto variables and overly fancy containers and templates.
He proposes guidelines, including the sensible “Don’t subscript pointers.” Yet, we are pretty sure we will, eventually. Even if you are going to, also, it is still worth a read to see what you ought to be doing. We were hoping for more predictions in the section entitled “The Future.” Unfortunately — unlike Hackaday authors — he is much too smart to fall for that trap, so that section is pretty short. He does talk about some of the directions for the ISO standards committee, though.
We should have known about the 45 years, as we covered the 30th birthday. We like safer code, but we disagree with the idea that C++ is unsafe at any speed.
Photograph by [Victor Azvyalov] CC-BY-SA-2.0.
Linux dentro un PDF?! Il progetto folle che sfida ogni limite di Ading2210
I browser basati su Chromium possono ora eseguire una versione del sistema operativo Linux proprio dentro un PDF. Questo fantastico progetto chiamato LinuxPDF è stato sviluppato da uno studente soprannominato Ading2210. In precedenza aveva sviluppato DoomPDF, una versione del gioco di culto Doom che funzionava direttamente dentro il documento.
Linux all’interno di un file PDF funziona grazie a una versione modificata dell’emulatore TinyEMU RISC-V. Secondo lo sviluppatore, LinuxPDF funziona in modo simile a DoomPDF, ma presenta gravi problemi di prestazioni, risultando 100 volte più lento del previsto.
L’emulatore è incorporato nel PDF utilizzando una versione precedente di Emscripten che compila il codice in asm.js anziché in WebAssembly. Quando si apre un documento, viene lanciato un kernel Linux minimo progettato per l’architettura RISC-V. Dopo aver cliccato sul pulsante “Avvia emulatore”, l’utente vede l’interfaccia LinuxPDF con un messaggio di benvenuto nel terminale.
L’interfaccia grafica di LinuxPDF ricorda quella di DoomPDF: uno schermo grigio a basso contrasto e un output ASCII. Sotto il terminale è presente una tastiera virtuale composta da pulsanti PDF, ma è più rapido immettere i comandi tramite un campo apposito sulla destra.
Il problema più grande del progetto è la velocità dei lavori. L’avvio del kernel Linux richiede dai 30 ai 60 secondi, ovvero 100 volte in più del normale. Lo sviluppatore fa notare che a causa del compilatore JIT disabilitato nel motore PDF non è ancora possibile accelerare il processo.
Puoi provare LinuxPDF in qualsiasi browser basato su Chromium, ma non funziona su Firefox. Puoi anche semplicemente guardare video, che illustra il processo di caricamento ed esecuzione dei comandi. Il codice sorgente del progetto è disponibile su GitHub.
L'articolo Linux dentro un PDF?! Il progetto folle che sfida ogni limite di Ading2210 proviene da il blog della sicurezza informatica.
Repairing an Old Heathkit ‘Scope
With so many cheap oscilloscopes out there, the market for old units isn’t what it used to be. But if you have a really old scope, like the Heathkit O-10 that [Ken] found in his basement, there is vintage cred to having one. [Ken’s] didn’t work, so a repair session ensued. You can see the results in the video below.
You can tell this is in an old scope — probably from the mid 1950s — because of its round tube with no graticle. Like many period scopes, the test probe input was just 5-way binding posts. The O-10 was the first Heathkit “O-series” scope that used printed circuit boards.
The device looked pretty good inside, except for a few dents. Of course, the box has tubes in it, so every power up test involves waiting for the tubes to warm up. [Ken] was very excited when he finally got a single green dot on the screen. That did, however, require a new CRT.
It wasn’t long after that he was able to put a waveform in and the scope did a good job of reproducing it. The unit would look good in an old movie, but might not be the most practical bench instrument these days.
These Heathkit scopes and their cousins were very popular in their day. The $70 price tag sounds cheap, but in the mid-1950s, that was about a month’s rent in a four-room house. While primitive by today’s standards, scopes had come a long way in 9 or 10 years.
youtube.com/embed/NtNeDr6ydho?…
Your Favorite Basic Oscilloscope Operation Guide?
Like many pieces of lab equipment, oscilloscopes are both extremely useful and rather intimidating to a fledgling user. Unlike a digital multimeter with its point-and-measure functionality, digital storage oscilloscopes (DSOs) require fundamental knowledge before they can be used properly. Yet at the same time nobody likes reading manuals, so what is one to do? Try the Absolute Beginner’s Guide to DSOs by [Arthur Pini]
[Pini’s] Cliff’s Notes version of your scope’s manual isn’t half bad. It covers the basic user interface and usage of a (stand-alone) DSO. Unfortunately, it focuses a bit too much on a fancy touch-screen Teledyne LeCroy MSO rather than something the average hobbyist is likely to have lying around.
We rather like the PSA-type videos such as the classic ‘“How not to blow up your oscilloscope” video by [Dave] over at EEVBlog. Many guides and introductions cover “what to do,” but covering common safety issues like improper grounding, isolation, or voltages might be a better place to start.
What tutorial or reference work would you hand to an oscilloscope newbie? We can endorse a hands-on approach with a suitable test board. We also enjoyed [Alan’s] video on the topic. Even if you are an old hand, do you know how to use all those strange trigger modes?
youtube.com/embed/xaELqAo4kkQ?…
Turn Your Phone into a POV Hologram Display
It seems obvious once you think about it, but if you can spin your cell phone and coordinate the display with the motion, you can create a 3D display. [Action Lab] had used such a setup to make a display that you could view from any angle. After he showed it, a viewer wrote him to mention that if you spin the picture at the same rate, it will appear in 3D. The results look great, as you can see in the video below.
The spinning mechanism in this case is an inexpensive pottery wheel. Whatever you use, though, you need a way to match the speed of the graphics to the speed of the phone’s rotation. For this example, there are just a few pre-spun 3D models on a website. However, creating your own viewer like this wouldn’t be that hard. Even more interesting would be to read the phone sensors and spin the image in sync with the phone’s motion.
We keep hearing about awesome commercial 3D stuff coming out “any day now.” Meanwhile, you can always settle for Pepper’s Cone.
youtube.com/embed/ric-95ig5oE?…
Jeff Dunham Finds A NOS 1958 Philco Predicta
When you see a ventriloquist like [Jeff Dunham], you probably expect to see him with a puppet. This time – spoilers ahead – you won’t. Besides his fame on stage, [Dunham] is also a collector of vintage tech and a die-hard television enthusiast. In the video below, [Dunham] has gotten his hands on a rarity: an unboxed 1958 Philco Predicta TV. The original tape was still on the box. We get to follow along on his adventure to restore this sleek, retro-futuristic relic!
[Dunham]’s fascination with the Predicta stems from its historical significance and bold design. At a time when television was making its way into American homes, the Predicta dared to be different with its swivel-mounted picture tube and early printed circuit boards. Despite its brave aesthetics, the Predicta’s ambition led to notorious reliability issues. Yet, finding one in pristine condition, sealed and untouched for over six decades, is like unearthing a technological time capsule.
What makes this story unique is [Dunham]’s connection to both broadcasting and his craft. As a ventriloquist inspired by Edgar Bergen — whose radio shows captivated America — [Dunham] delights in restoring a TV from the same brand that first brought his idol’s voice to airwaves. His love for storytelling seamlessly translates into this restoration adventure.
After unboxing, [Dunham’s] team faces several challenges: navigating fragile components, securing the original shipping brace, and cautiously ramping up voltage to breathe life into the Predicta. The suspense peaks in the satisfying crackle of static, and the flicker of a 65-year-old screen finally awakened from slumber.
Have you ever come across an opportunity like this? Tell us about your favorite new old stock find in the comments. Buying these can be a risk, since components have a shelf life. We appreciate when these old TVs play period-appropriate shows. Who wants to watch Game of Thrones on a Predicta?
youtube.com/embed/4bW1VlnkkFI?…
Freed At Last From Patents, Does Anyone Still Care About MP3?
The MP3 file format was always encumbered with patents, but as of 2017, the last patent finally expired. Although the format became synonymous with the digital music revolution that started in the late 90s, as an audio compression format there is an argument to be made that it has long since been superseded by better formats and other changes. [Ibrahim Diallo] makes that very argument in a recent blog post. In a world with super fast Internet speeds and the abstracting away of music formats behind streaming services, few people still care about MP3.
The last patents for the MP3 format expired in 2012 in the EU and 2017 in the US, ending many years of incessant legal sniping. For those of us learning of the wonders of MP3 back around ’98 through services like Napster or Limewire, MP3s meant downloading music on 56k dialup in a matter of minutes to hours rather than days to weeks with WAV, and with generally better quality than Microsoft’s WMA format at lower bitrates. When portable media players came onto the scene, they were called ‘MP3 players’, a name that stuck around.
But is MP3 really obsolete and best forgotten in the dustbin of history at this point? Would anyone care if computers dropped support for MP3 tomorrow?
Alternatives
It’s hard to disagree with [Ibrahim]’s point that MP3 isn’t quite as important anymore. Still, his argument of AAC being a good alternative to MP3 misses that the AAC format is also patent-encumbered. Specifically, there’s a patent license for all manufacturers and developers of “end-user codecs,” which involves per-unit pricing. Effectively, every device (computer, headphones, smartphone, etc.) incurs a fee. That’s why projects like FFmpeg implement AAC and other encumbered formats while leaving the legal responsibilities to the end-user who actually uses the code.
While FLAC and Vorbis (‘ogg’) are truly open formats, they’re not as widely supported by devices. Much like VGA, MP3 isn’t so much sticking around because it’s a superior technological solution but because it Just Works® anywhere, unlike fancier formats. From dollar store MP3 players to budget ‘boomboxes’ to high-end audio gear, they’ll all playback MP3s just fine. Other formats are likely to be a gamble, at best.
This compatibility alone means that MP3 is hard to dislodge, with formats like Ogg Vorbis trying to do so for decades and still being relatively unknown and poorly supported, especially when considering hardware implementations.
Audio Quality
Since the average person is not an audiophile who is concerned with exact audio reproduction and can hear every audio compression artefact, MP3 is still perfectly fine in an era where the (MP2-era) Bluetooth SBC codec is what most people seem to be content with. In that sense, listening to 320 kbps VBR MP3 files with wired headphones is a superior experience over listening to FLAC files with the Bluetooth SBC codec in between.
This leads to another point made by [Ibrahim]. The average person does not deal with files anymore. Many people use online applications for everything from multimedia to documents, which happily abstract away the experience of managing file formats. Yet, at the same time, there’s a resurgence in interest in physical media and owning a physical copy of content, which means dealing with files.
We see this also with MP3 players. Even though companies like Apple abandoned their iPod range and Sony’s current Walkmans are mostly rebranded Android smartphones with the ‘phone’ part stripped out, plenty of portable media players are available brand-new. People want portable access to their media in any format.
Amidst this market shift back to a more basic, less online focus, the MP3 format may not be as visible as it was even a decade ago, but it is by no means dead.
These days, rolling your own MP3 player is almost trivial. We’ve seen some fairly small ones.
Il Mercato Sotterraneo degli Exploit 0day: Intermediari, PSOA e la Corsa agli Armamenti Cibernetici
Negli ultimi anni, il commercio di vulnerabilità informatiche è diventato un settore estremamente redditizio, al punto da essere considerato una vera e propria industria parallela alla cybersecurity. Il mercato underground degli exploit 0day– vulnerabilità sconosciute e non ancora patchate – è un ecosistema complesso in cui si muovono attori di vario tipo: hacker indipendenti, broker specializzati, gruppi criminali organizzati e governi che investono milioni di dollari per ottenere accesso a questi strumenti.
Dalla vendita di exploit nei forum underground alle acquisizioni da parte di società come Zerodium e Crowdfense, fino agli attacchi sponsorizzati da Stati con operazioni come Stuxnet, il mercato degli 0day è diventato il nuovo campo di battaglia della guerra cibernetica globale.
Un acquirente in un mercato underground chiuso in lingua russa cerca exploit 0day RCE e offre fino a 10 milioni di dollari.
Gli Exploit 0day: Cosa Sono e Perché Sono Così Preziosi?
Un exploit zero-day (0day) è una vulnerabilità software sconosciuta agli sviluppatori e, quindi, senza una patch disponibile. Questi bug possono essere utilizzati per compromettere sistemi informatici, rubare dati, spiare individui o causare danni irreparabili alle infrastrutture critiche di uno stato avversario.
Le vulnerabilità 0day si dividono principalmente in due categorie:
- Exploit infrastrutturali: Colpiscono server, sistemi operativi e librerie utilizzate su larga scala, come nel caso di Log4Shell, che ha messo a rischio milioni di dispositivi a livello globale.
- Exploit su dispositivi consumer (0-click e 1-click): Target primari degli spyware e dei gruppi di sorveglianza, mirano ad applicazioni di largo utilizzo come WhatsApp, iMessage, Android e iOS, permettendo l’accesso ai dispositivi senza alcuna interazione da parte dell’utente.
Dai Forum Underground ai Broker 0day: Il Business della Vendita
L’immagine sopra riportata è un chiaro esempio di come funziona il mercato degli exploit. Il threat actor, pubblica un annuncio in cui si dice disposto a comprare exploit 0day RCE per cifre fino a 10 milioni di dollari.
Questo dimostra non solo l’enorme valore degli 0day, ma anche il fatto che spesso gli acquirenti diretti non sono gli utilizzatori finali. Chi compra vulnerabilità di questo tipo?
Listino prezzi aggiornato al 08/02/2025 di Crowdfense, noto broker 0day
- Intermediari e Broker 0day
- Alcuni hacker indipendenti scoprono vulnerabilità e le mettono in vendita in forum underground o su marketplace specializzati. Tuttavia, la maggior parte di questi bug non viene venduta direttamente, ma passa attraverso broker come Zerodium o Crowdfense, aziende che acquistano vulnerabilità per poi rivenderle (anche su base asta) a entità governative o aziendali.
- I prezzi per questi exploit sono esorbitanti: fino a 2,5 milioni di dollari per un 0day 0-click su iOS, prima che Zerodium decidesse di rimuovere il listino prezzi pubblico, probabilmente per alzare ulteriormente il valore delle offerte.
- Private Sector Offensive Actors (PSOA)
- Gli PSOA, ovvero attori offensivi del settore privato, sono entità legate a governi che operano nel settore della sorveglianza e della sicurezza informatica offensiva. Aziende come NSO Group (Pegasus), Cytrox (Predator) e altre realtà meno conosciute operano come fornitori di exploit e malware per agenzie governative e forze dell’ordine. Si parla di queste due aziende, anche quelle che vengono riportate al livello main stream è solo la punta dell’iceberg del fenomeno.
- Gli spyware come Pegasus e Predator fanno ampio uso di exploit 0day 0-click per prendere il controllo di smartphone di giornalisti, attivisti e oppositori politici senza lasciare tracce evidenti.
- Governi e Operazioni Cibernetiche
- Stati Uniti, Cina, Russia, Israele e altri Paesi investono massicciamente nel settore degli 0day per scopi di intelligence e guerra cibernetica.
- Un esempio storico è Stuxnet, il malware sviluppato da USA e Israele nell’ambito dell’operazione “Giochi Olimpici”, utilizzato per sabotare il programma nucleare iraniano nella centrale di Natanz. Questo attacco è stato il primo a dimostrare come gli exploit 0day possano essere utilizzati come vere armi cibernetiche.
EternalBlue: L’Exploit Trafugato dalla NSA e la Sua Eredità Distruttiva
EternalBlue è uno degli exploit più famosi nella storia della cybersecurity, non solo per la sua efficacia devastante, ma anche per il modo in cui è stato reso pubblico. Originariamente sviluppato dalla National Security Agency (NSA) degli Stati Uniti, l’exploit faceva parte di un arsenale di cyber weapons segrete utilizzate per attività di intelligence e operazioni offensive. Tuttavia, nel 2017, un misterioso gruppo noto come The Shadow Brokers pubblicò un’enorme quantità di strumenti di hacking trafugati dai server della NSA nella fuga “Lost In Translation”, inclusi exploit avanzati come EternalBlue. Questa fuga di dati rivelò al mondo intero alcune delle tecniche più sofisticate usate dall’intelligence americana, sollevando gravi preoccupazioni sulla sicurezza e sulla gestione delle vulnerabilità.
Prima di essere reso pubblico, EternalBlue era un’arma segreta impiegata dalla NSA per almeno cinque anni. Questo exploit prendeva di mira una vulnerabilità critica nel protocollo SMBv1 di Windows, consentendo l’accesso remoto e l’esecuzione di codice arbitrario su qualsiasi sistema non patchato. Il fatto che l’agenzia statunitense abbia mantenuto questa vulnerabilità segreta per anni, senza segnalarla a Microsoft, dimostra come le agenzie di intelligence considerino spesso le vulnerabilità software come strumenti strategici, piuttosto che falle da correggere immediatamente per proteggere gli utenti.
Quando EternalBlue venne reso pubblico, Microsoft si trovò costretta a reagire rapidamente. La gravità della falla era tale che l’azienda rilasciò una patch d’emergenza non solo per le versioni supportate di Windows, ma anche per sistemi operativi ormai considerati “End of Life”, come Windows XP. Questo è un evento estremamente raro nella storia della sicurezza informatica e dimostra quanto fosse critica la vulnerabilità. Tuttavia, nonostante la disponibilità della patch, molti sistemi rimasero esposti a causa della scarsa applicazione degli aggiornamenti di sicurezza, aprendo la strada a una serie di attacchi devastanti.
Uno dei primi gruppi a sfruttare EternalBlue dopo la sua fuoriuscita fu Lazarus, un gruppo di cybercriminali legato alla Corea del Nord. Utilizzando l’exploit, Lazarus creò WannaCry, uno dei ransomware più distruttivi della storia. Nel maggio 2017, WannaCry si diffuse rapidamente in tutto il mondo, infettando oltre 230.000 computer in 150 paesi. Il ransomware bloccava i sistemi infetti e chiedeva un riscatto in Bitcoin per decriptare i file, colpendo ospedali, aziende, enti governativi e persino infrastrutture critiche. Questo attacco mise in evidenza quanto potessero essere pericolosi gli exploit di livello governativo una volta finiti nelle mani sbagliate.
Park Jin Hyok, presumibilmente associato al gruppo APT Lazarus ritenuto il colpevole della scrittura del malware wannacry
Se WannaCry fu un disastro globale, NotPetya rappresentò un ulteriore passo avanti nella guerra cibernetica. Apparentemente simile a un ransomware, NotPetya in realtà non aveva l’obiettivo di generare profitti, ma di distruggere i sistemi colpiti. Questo attacco, avvenuto nel giugno 2017, prese di mira aziende e infrastrutture in Ucraina, ma si diffuse rapidamente colpendo multinazionali come Maersk e FedEx, causando danni stimati in oltre 10 miliardi di dollari. NotPetya dimostrò come un exploit come EternalBlue potesse essere trasformato in un’arma geopolitica, usata per destabilizzare interi settori economici.
Il caso di EternalBlue e dei suoi utilizzi successivi dimostra come gli exploit sviluppati dai governi siano vere e proprie cyber weapons, capaci di generare danni su scala globale se non gestiti con estrema cautela. Le agenzie di intelligence di tutto il mondo possiedono arsenali di vulnerabilità 0day pronte per essere utilizzate in campagne di spionaggio, sabotaggio e cyber warfare. Il mercato di questi exploit è vastissimo e coinvolge sia attori statali sia broker privati come Zerodium e Crowdfense, che acquistano vulnerabilità per milioni di dollari.
Il caso di EternalBlue ci insegna che la gestione delle cyber weapons è un tema critico della sicurezza internazionale e che il rischio di fuoriuscite incontrollate è sempre presente, con conseguenze potenzialmente catastrofiche.
0day e Guerra Cibernetica: Un’Industria in Espansione
Il mercato degli 0day non è più un semplice spazio di nicchia per hacker e cybercriminali, ma un’industria multimilionaria che si muove nell’ombra. Alcuni punti chiave mostrano come questa realtà stia crescendo:
- Aumento degli attacchi mirati: Governi e gruppi di cybercriminali stanno diventando sempre più selettivi nell’uso degli 0day, scegliendo obiettivi precisi per massimizzare l’impatto.
- Crescente domanda di exploit 0-click: Gli attacchi più avanzati non richiedono interazione dell’utente e sono ideali per operazioni di sorveglianza di alto livello.
- Meno vulnerabilità pubbliche, più vulnerabilità vendute nel mercato nero: Nonostante il numero di vulnerabilità con CVSS >9,5 sembri stabile o in lieve calo, ciò non significa che il software sia più sicuro. Piuttosto, molte vulnerabilità critiche finiscono direttamente nel mercato underground invece di essere divulgate pubblicamente.
Conclusioni: 0day, Il Mercato Delle Nuove Armi
Se un tempo la sicurezza informatica era vista come un settore tecnico di nicchia, oggi è chiaro che il cyberspazio è il nuovo campo di battaglia globale e geopolitico dell’era moderna. Il commercio di exploit 0day è diventato l’equivalente della corsa agli armamenti nucleari durante la Guerra Fredda: chi possiede i migliori strumenti ha il controllo strategico sulle operazioni di intelligence e della guerra cibernetica.
D’altra parte, agire nell’ombra all’interno della zona grigia consente agli Stati di condurre operazioni di interferenza, influenza e spionaggio industriale con un livello di discrezione molto più elevato. Inoltre, offre sempre la possibilità di negare il coinvolgimento diretto, scaricando la responsabilità su gruppi di hacker affiliati o milizie informatiche, creando così un velo di plausibile negabilità.
La crescita del mercato degli 0day, il ruolo sempre più dominante dei broker specializzati e l’interesse delle agenzie governative dimostrano che il cyberspazio è ora il nuovo fronte della geopolitica globale. Mentre le vulnerabilità più critiche non vengono più segnalate pubblicamente, il mercato sotterraneo continua a espandersi, lasciando sempre più spazio a nuovi attori e consolidando il dominio di chi ha accesso alle armi digitali più potenti.
L'articolo Il Mercato Sotterraneo degli Exploit 0day: Intermediari, PSOA e la Corsa agli Armamenti Cibernetici proviene da il blog della sicurezza informatica.
Software in Progress
Open source software can be fantastic. I run almost exclusively open software, and have for longer than I care to admit. And although I’m not a serious coder by an stretch, I fill out bug reports when I find them, and poke at edge cases to help the people who do the real work.
For 3D modeling, I’ve been bouncing back and forth between OpenSCAD and FreeCAD. OpenSCAD is basic, extensible, and extremely powerful in the way that a programming language is, and consequently it’s reliably bug-free. But it also isn’t exactly user friendly, unless you’re a user who likes to code, in which case it’s marvelous. FreeCAD is much more of a software tool than a programming language, and is a lot more ambitious than OpenSCAD. FreeCAD is also a program in a different stage of development, and given its very broad scope, it has got a lot of bugs.
I kept running into some really serious bugs in a particular function – thickness for what it’s worth – which is known to be glitchy in the FreeCAD community. Indeed, the last time I kicked the tires on thickness, it was almost entirely useless, and there’s been real progress in the past couple years. It works at least sometimes now, on super-simple geometries, and this promise lead me to find out where it still doesn’t work. So I went through the forums to see what I could do to help, and it struck me that some people, mostly those who come to FreeCAD from commercial programs that were essentially finished a decade ago, have different expectations about the state of the software than I do, and are a lot grumpier.
Open source software is working out its bugs in public. Most open source is software in development. It’s growing, and changing, and you can help it grow or just hang on for the ride. Some open-source userland projects are mature enough that they’re pretty much finished, but the vast majority of open-source projects are coding in public and software in progress.
It seems to me that people who expect software to be done already are frustrated by this, and that when we promote super-star open projects like Inkscape or Blender, which are essentially finished, we are doing a disservice to the vast majority of useful, but still in progress applications out there that can get the job done anyway, but might require some workarounds. It’s exactly these projects that need our help and our bug-hunting, but if you go into them with the “finished” mentality, you’re setting yourself up for frustration.
This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!
A Programming Language for Building NES Games
Generally speaking, writing your own games for retro consoles starts with C code. You’ll need to feed that through a console-specific tool-chain, and there’s certainly going to be some hoops to jump through, but if everything goes as expected, you should end up with a ROM file that can be run in an emulator or played on real hardware if you’ve got the necessary gadgetry to load it.
But NESFab takes things in a slightly different direction. While the code might look like C, it’s actually a language specifically tailored for developing games on the Nintendo Entertainment System (NES). The documentation claims that this targeted language not only compiles into considerably faster 6502 assembly than plain C on GCC or LLVM, but is designed to work around the strengths (and weaknesses) of the NES hardware.
Looking deeper into the example programs and documentation, NESFab offers quite a few quality of life features that should make developing NES games easier. For one thing, there’s integrated asset loading which automatically converts your image files into something the console can understand. One just needs to drop the image file into the source directory, open it in the code with the
file
function, and the build system will take care of converting it on the fly as the ROM is built. The nuances of bank switching — the organization of code and assets so they fit onto the physical ROM chips on the NES cartridge — are similarly abstracted away.
The obvious downside of NESFab is that, as with something like GB Studio, you’re going to end up putting effort into learning a programming environment that works for just one system. So before you get started, you really need to decide what your goals are. If you’re a diehard NES fan that has no interest in working on other systems, learning a language and build environment specifically geared to that console might make a certain degree of sense. But if you’d like to see your masterpiece running on more than just one system, working in straight C is still going to be your best bet.
Retrotechtacular: Point-of-Sale Through the Years
In days gone by, a common retail hack used by some of the less honorable of our peers was the price tag switcheroo. You’d find some item that you wanted from a store but couldn’t afford, search around a bit for another item with a more reasonable price, and carefully swap the little paper price tags. As long as you didn’t get greedy or have the bad luck of getting a cashier who knew the correct prices, you could get away with it — at least up until the storekeeper wised up and switched to anti-tamper price tags.
For better or for worse, those days are over. The retail point-of-sale (POS) experience has changed dramatically since the time when cashiers punched away at giant cash registers and clerks applied labels to the top of every can of lima beans in a box with a spiffy little gun. The growth and development of POS systems is the subject of [TanRu Nomad]’s expansive video history, and even if you remember the days when a cashier kerchunked your credit card through a machine to take an impression of your card in triplicate, you’ll probably learn something.
The history of POS automation stretches back to the 1870s, perhaps unsurprisingly thanks to the twin vices of alcohol and gambling. The “Incorruptible Cashier” was invented by a saloon keeper tired of his staff ripping him off, and that machine would go on to become the basis of the National Cash Register Corporation, or NCR. That technology would eventually morph into the “totalisator,” an early computer used to calculate bets and payout at horse tracks. In fact, it was Harry Strauss, the founder of American Totalisator, who believed strongly enough in the power of computers to invest $500,000 in a struggling company called EMCC, which went on to build UNIVAC and start the general-purpose computer revolution.
To us, this was one of the key takeaways from this history, and one that we never fully appreciated before. The degree to which the need of retailers to streamline their point-of-sale operations drove the computer industry is remarkable, and the video gives multiple examples of it. The Intel 4004, the world’s first microprocessor, was designed mainly for calculators but also found its way into POS terminals. Those in turn ended up being so successful that Intel came up with the more powerful 8008, the first eight-bit microprocessor. People, too, were important, such as a young Chuck Peddle, who cut his teeth on POS systems and the Motorola 6800 before unleashing the 6502 on the world.
So the next time you’re waving your phone or a chipped credit card at a terminal and getting a sterile “boop” as a reward, spare a thought for all those clunky, chunky systems that paved the way.
youtube.com/embed/mgOLHIqTgm8?…
Thanks to [Ostracus] for the tip.
Who’d Have Guessed? Graphene is Strange!
Graphene always sounds exciting, although we aren’t sure what we want to do with it. One of the most promising features of the monolayer carbon structure is that under the right conditions, it can superconduct, and some research into how that works could have big impacts on practical superconductor technology.
Past experiments have shown that very cold stacks of graphene (two or three sheets) can superconduct if the sheets are at very particular angles, but no one really understands why. A researcher at Northeaster and another at Harvard realized they were both confused about the possible mechanism. Together, they have started progressing toward a better description of superconductivity in graphene.
Part of the problem has been that it is hard to make large pieces of multi-layer graphene. By creating two-ply pieces and using special techniques, an international team is finding that quantum geometry explains how graphene superconductors resist changes in current flow more readily than conventional superconductors.
Another team found that adding another layer makes the material behave more like a family of conventional higher-temperature superconductors. The research appears in two different papers. One covers the two-ply material. The other talks about the material with three layers.
Making little bits of graphene isn’t hard. Making it in quantity is a different story. We keep dreaming of what we could do with a room-temperature superconductor.
All You Need To Make A Go-Kart, From Harbor Freight
The many YouTube workshop channels make for compelling viewing. even if their hackiness from a Hackaday viewpoint is sometimes variable. But from time to time up pops something that merits a second look. A case in point is [BUM]’s go-kart made entirely from Harbor Freight parts, a complete but rudimentary vehicle for around 300 dollars. It caught our eye because it shows some potential should anyone wish to try their luck with the same idea as a Power Racer or a Hacky Racer.
The chassis, and much of the running gear comes courtesy of a single purchase, a four-wheeled cart. Some cutting and welding produces a surprisingly useful steering mechanism, and the rear axle comes from a post hole digger. Power comes from the Predator gasoline engine, which seems to be a favourite among these channels.
The result is a basic but serviceable go-kart, though one whose braking system can be described as rudimentary at best. The front wheels are a little weak and require some reinforcement, but we can see in this the basis of greater things. Replacing that engine with a converted alternator or perhaps an electric rickshaw motor from AliExpress and providing it with more trustworthy braking would result in possibly the simplest Hacky Racer, or just a stylish means of gliding round a summer hacker camp.
youtube.com/embed/f89LCrEqDZs?…
UScope: A New Linux Debugger And Not A GDB Shell, Apparently
[Jim Colabro] is a little underwhelmed with the experience of low-level debugging of Linux applications using traditional debuggers such as GDB and LLDB. These programs have been around for a long time, developing alongside Linux and other UNIX-like OSs, and are still solidly in the CLI domain. Fed up with the lack of data structure support and these tools’ staleness and user experience, [Jim] has created UScope, a new debugger written from scratch with no code from the existing projects.
GBD, in particular, has quite a steep learning curve once you dig into its more advanced features. Many people side-step this learning curve by running GDB within Visual Studio or some other modern IDE, but it is still the same old debugger core at the end of the day. [Jim] gripes that existing debuggers don’t support modern data structures commonly used and have poor customizability. It would be nice, for example, to write a little code, and have the debugger render a data structure graphically to aid visualisation of a problem being investigated. We know that GDB at least can be customised with Python to create application-specific pretty printers, but perhaps [Jim] has bigger plans?
Anyway, Uscope currently supports only C and Zig, but work is in progress to add C++ and Go support, with plans for Rust, Odin and Jai. Time will tell whether they can gather enough interest to really drive development to support the more esoteric languages fully. Still, Rust at least has a strong support base, which might help get other people involved. It looks like early doors for this project, so time will tell whether it gets traction. We’ll certainly be keeping an eye on it in the future!
If you wish to play along at home, you’ll want to start with the GitHub page, read on from there, and maybe join this discord.
If you’re new to debugging on Linux, we’ve got a quick guide to GUI frontends to ease you in. If you’re less interested in code and more of a script junkie, here’s how to debug BASH script or even SED.
When Ignoring Spam Loses You an Ice Surfacer Patent
Bear with us for a moment for a little background. The Rideau Canal Skateway in Ottawa is the world’s largest natural skating rink, providing nearly 8 km of pristine ice surface during the winter. But maintaining such a large ice surface is a challenge. A regular Zamboni can’t do it; the job is just too big. So the solution is a custom machine called the Froster, conceived by Robert Taillefer and built by Sylvain Fredette.Froster spans almost twenty meters, and carries almost 4000 L of water. There’s no other practical way to maintain almost 8 km of skating rink.
A patent was filed in 2010, granted by the Canadian Intellectual Property Office, and later lost because important notifications started going to an apparently unchecked spam folder. The annual fee went unpaid, numerous emails went unanswered, an expiry date came and went, and that was that.
It’s true that emailed reminders (the agreed-upon — and only — method of contact) going unnoticed to spam was what caused Robert to not take any action until it was too late. We’d all agree that digital assistants in general need to get smarter, and that includes being better at informing the user about automatically-handled things like spam.
But what truly cost Robert Taillefer his patent was having a single point of failure for something very, very important. The lack of any sort of backup method of communication in case of failure or problem meant that this sad experience was, in a way, a disaster just waiting to happen. At least that’s how the Federal Court saw it when he took his complaint to them, and that’s how they continued to see it when he appealed the decision.
If you’ve never heard of the Rideau Canal Skateway or would like to see the Froster in action, check out this short video from the National Capital Commission of Canada, embedded just under the page break.
youtube.com/embed/-k1-A0DsU-w?…
Growing a Gallium-Arsenide Laser Directly on Silicon
As great as silicon is for semiconductor applications, it has one weakness in that using it for lasers isn’t very practical. Never say never though, as it turns out that you can now grow lasers directly on the silicon material. The most optimal material for solid-state lasers in photonics is gallium-arsenide (GaAs), but due to the misalignment of the crystal lattice between the compound (group III-V) semiconductor and silicon (IV) generally separate dies would be produced and (very carefully) aligned or grafted onto the silicon die.
Naturally, it’s far easier and cheaper if a GaAs laser can be grown directly on the silicon die, which is what researchers from IMEC now have done (preprint). Using standard processes and materials, GaAs lasers were grown on industry-standard 300 mm silicon wafers. The trick was to accept the lattice mismatch and instead focus on confining the resulting flaws through a layer of silicon dioxide on top of the wafer. In this layer trenches are created (see top image), which means that when the GaAs is deposited it only contacts the Si inside these grooves, thus limiting the effect of the mismatch and confining it to within these trenches.
There are still a few issues to resolve before this technique can be prepared for mass-production, of course. The produced lasers work at 1,020 nm, which is a shorter wavelength than typically used, and there still some durability issues due to the manufacturing process that have to be addressed.
Hack On Self: Quest System Basics
Whenever I play an RPG, whether it’s Fallout or Cyberpunk 2077, I complete every single quest available to me. The quests grab my attention in an unprecedented way – doesn’t hurt that there’s rewards and progression markers attached. Of course, these systems are meticulously designed to grab attention, making sure you can enjoy the entirety of the game’s content.
Does quest progression in an RPG tangibly impact my life? No. Do they have control over my attention? Yes, for sure. My day-to-day existence is the opposite – my real-life decisions impact me significantly, and yet, keeping attention on them is a struggle. Puzzling, disturbing – and curious. I feel like I’ll never forgive myself if I ignore this problem any longer.
So, I wrote a simple quest system prototype. As usual, it worked, it failed, and it taught me things. Here’s how I did it.
Adjusted To Self First
Quick prototyping is a bane of mine, and I’m forced to study it – I can only spend so much time on any given topic before I can barely pay attention to it. So, no fancy UIs, no roadmaps, I’m writing software that has the lowest interaction resistance possible for me specifically.
My laptop remains my platform of choice – I’m no phone app developer, really, I hate developing for smartphones. Modern smartphones are content consumption machines first, everything else second, and it feels like the user’s actual wellbeing is barely in the top 10. Besides, typing on a physical keyboard is the fastest prototyping and hardware interaction method I know. Smartphones no longer have physical keyboards, you know, the focus on content consumption means that screen real estate is king.
Oh, and I do have Notepad++ constantly open on my laptop! What about storing my quests in a text file, say, quests.txt
, in a somewhat computer-friendly format? Then, a constantly running program could reads changes from this file, rewriting it when appropriate. Sounds simple enough, and so the parser.py
was born.
I had a few wishes for this program. The main one was: never deleting any file contents by mistake or to enforce structure; everything I type into the file is important and can’t be lost. Aside from that, leaving comments on tasks and quests felt paramount, too – the text file isn’t just a data storage, it’s a user interface, and it needs human-friendly features.
At the same time, I needed to make it software-friendly – always parseable and modifiable, letting me do things like automatically marking quest tasks as complete or incomplete, or tying task completion into each other, or auto-marking them, or tying them to real-world events. This resulted in two main features: a rigid-ish structure for quest formatting, and auto-adding machine-parseable quest IDs. Still, I made sure it was easy for me to edit quests and tasks, and put the IDs somewhere they wouldn’t get in the way!
Built, Tweaked, Working
A day-two was spent intensely building parser.py
into a self-sufficient prototype, and it grew from 20 lines of parsing code experiment into a full program, left to constantly run in the background monitoring for quests.txt
file changes. Then, I split my Notepad++ window into two panes, and put the quests.txt
document into one of them, open semi-permanently – thankfully, my laptop screen is wide enough for that.
Easy enough to use day to day, always at my fingertips, collecting data – this script satisfied a few of my human-friendly device design guidelines. I went on making new quests and adding tasks as I remembered them, as well as updating the script itself, adding features and fixing bugs as needed. For brevity, I’ll call this whole process “questing”.
The most useful feature, without a doubt, was auto-sorting quest tasks, so that completed tasks would immediately go to the bottom of the quest’s task list – way easier on the eyes. Another feature was task completion/clear logging, as usual, JSON separated by newlines – which unexpectedly gave me timestamps that helped me remember and track time-sensitive medication.
Some features were less expected but still necessary. I am intimately familiar with data loss, so I wrote a quick quests.txt
backup script, and added a daily task for myself – do backups. As luck would have it, I accidentally deleted half of the quests.txt
file contents, just as I was about to back it up. So, I had to spend about an hour restoring the file state from the day-old backup file and task log items – those really came in handy!
I’ve used the script for about a month – quite a jump from the “two weeks constant”. A lot of smaller hack-on-self projects stay in my life for two weeks at most – any longer than that, and I struggle to pay attention to them. This one worked for longer – a very good sign. Most importantly, even though I’m currently not using this questing system, I keep mentally coming back to it throughout my days, and my main thought is “wish it worked better for me right now”.
A Focus Point
The best thing about this questing system, I started building habits at a surprisingly fast rate. This was genuinely shocking, in all of the good ways, and seriously reassuring. The questing system helped me find some extra focus – as long as I stayed within the “dailies” quest, that is.One thing about .txt file as frontend – to have the file be processed, I need to Ctrl+S, alt-tab to other program, alt-tab back, and click “Yes” in this box.
The “Dailies” quest was the only one that actually worked all throughout. As I’ve added quests and tasks, the file grew a ton, currently sitting at 530 lines. Well, my screen fits 40 lines at a time, so most quests stayed always out of reach, easy to forget – just the Dailies quest has 80 lines. There was no ability to highlight tasks I wanted to suggest to myself, or to make a task stand out as more important.
The main limiter this questing system was definitely the UI – the more it grew, the harder it was for me to scroll through the text file and notice the tasks I needed to do. In a way, the system was a good augment, helping me overcome my struggles with Doing All The Things I Want Done, until it grew to the point where it no longer gave me a consistent single point of focus, an always-accessible line in the .txt file that I could look at to spot my daily-tasks-to-do. It’s a predictable limitation of the text file UI, and I could only push it so much.
There was another fun failure mode: the more I used the script, the more I did things in the real world, the less I’d be spending next to my laptop. On days where I wasn’t next to my laptop, the script’s powers would break completely, of course. Basically, the more off-my-laptop tasks I was doing, the less my script would work – so much for helping me exercise, move, and get out more!
“Dailies” were the most fun part of the system, still – as I’m writing this, I’m becoming more and more certain that this UI could work well for me again if I did a few more upgrades to it and limited it to the “Dailies” quest. So, same interface but less overwhelming, a tighter focus, and a few more most-needed ease of use features – feels like I should try that out sometime soon!
Lessons
A lot of fruit lays unpicked on the parser.py
field, even with the current text-file UI. Automatically marking all of the “Dailies” tasks completed on a “start of day” trigger, for one! Reminders for medication. Tracking ‘underappreciated’ daily tasks, giving me summaries or notifications that point out ‘daily’ tasks I’ve been neglecting but might still want to do. Quick action keybinds for common actions, just like I do with my anti-crash and anti-distraction scripts, so that I can quickly mark common tasks as completed – without having to unlock my laptop, find the task in the file, and mark it as complete. Graphing of my activity, too, of course it always feels like graphing my data will give some good insights, but it’s not easy for me to do just yet – hopefully it will be easy soon!
No regrets on picking text file as the UI&backend for the initial prototype, though! I’d do it the same all over again – the flexibility has really helped. I even think that a text file format is a great UI for desktop using the quest system – as long as it’s not the backend, so, the quests are actually stored somewhere else. Basically, an editing option, or a human-readable backup format, we could always use more of those.
What about features I could implement given a different UI and backend? More context sensitivity, for one. For example, suggestions on tasks to do depending on how long I’ve been awake, where I am physically right now (home/work/travel/etc), and other context that’s relatively easy to get but still missing. Cross-device task control and sync. Perhaps, the most fun aspect – a “points”/”levels” score keeping system, maybe even with “streak” features!
The concept works, even if it struggles to scale. It needs a better UI, a way more well-suited backend, tighter integration into my day-to-day life, influencing me in a more context-aware and kind way. Quests are good, the current system is good, and it will work better after an upgrade. In particular, you are soon to see a way more suitable and flashy user interface – as always, stay tuned!
Hackaday Podcast Episode 307: CNC Tattoos, The Big Chill in Space, and PCB Things
The answer is: Elliot Williams, Al Williams, and a dozen or so great hacks. The question? What do you get this week on the Hackaday podcast? This week’s hacks ran from smart ring hacking, to computerized tattoos. Keyboards, PCBs, and bicycles all make appearances, too.
Be sure to try to guess the “What’s that sound?” You could score a cool Hackaday Podcast T.
For the can’t miss this week, Hackaday talks about how to dispose of the body in outer space and when setting your ship’s clock involved watching a ball drop.
html5-player.libsyn.com/embed/…
Where to Follow Hackaday Podcast
Places to follow Hackaday podcasts:
Episode 307 Show Notes:
News:
What’s that Sound?
Interesting Hacks of the Week:
- Hacking The 22€ BLE SR08 Smart Ring With Built-In Display
- Do, Dare Or Don’t? Getting Inked By A 3D Printer
- A Closer Look At The Tanmatsu
- Electroplating DIY PCB Vias At Home Without Chemical Baths
- Bicycle Adds Reliability With Second Chain
- Custom PCB Is A Poor Man’s Pick And Place
- What Is The Hour? It’s XVII O’ Clock
Quick Hacks:
- Elliot’s Picks
- What Is The Hour? It’s XVII O’ Clock
- Investigating Electromagnetic Magic In Obsolete Machines
- Understanding The T12 Style Soldering Iron Tip
- Al’s Picks:
- The Clever Design Behind Everyday Traffic Poles
- The Lowest-Effort Way Yet To Make 3D Printed Lenses Clear
- Communicating With Satellites Like It’s 1957
Can’t-Miss Articles:
hackaday.com/2025/02/07/hackad…
AI sotto attacco: DeepSeek-R1 si comporta male nei test di Qualys
Milano, 6 febbraio 2025 – DeepSeek-R1, un innovativo modello linguistico di grandi dimensioni (LLM) recentemente rilasciato dalla startup cinese DeepSeek, ha catturato l’attenzione del settore dell’intelligenza artificiale. Il modello dimostra di avere prestazioni competitive, mostrandosi più efficiente dal punto di vista delle risorse. Il suo approccio all’addestramento e la sua accessibilità offrono un’alternativa al tradizionale sviluppo dell’AI su larga scala, rendendo più ampiamente disponibili le capacità avanzate.
Per migliorare l’efficienza e preservare l’efficacia del modello, DeepSeek ha rilasciato diverse versioni distillate, adatte a diversi casi d’uso. Queste varianti, costruite su Llama e Qwen come modelli di base, sono disponibili in più dimensioni, che vanno da modelli più piccoli e leggeri, adatti ad applicazioni incentrate sull’efficienza, a versioni più grandi e potenti, progettate per compiti di ragionamento complessi.
Con il crescente entusiasmo per i progressi di DeepSeek, il team di Qualys ha condotto un’analisi di sicurezza della variante DeepSeek-R1 LLaMA 8B distillata utilizzando la piattaforma di sicurezza AI lanciata di recente, Qualys TotalAI.
I risultati presentati di seguito supportano le diffuse preoccupazioni nel settore sui rischi reali del modello. “Con l’accelerazione dell’adozione dell’AI, le organizzazioni devono andare oltre la valutazione delle performance per affrontare le sfide di sicurezza, protezione e conformità. Ottenere visibilità sugli asset AI, valutare le vulnerabilità e mitigare proattivamente i rischi è fondamentale per garantire un’implementazione responsabile e sicura dell’AI” ha commentato Dilip Bashwani, CTO per la Qualys Cloud Platform.
Metodo di analisi KB ed evidenze
Qualys ha testato la variante Deepseek R1 LLaMA 8B contro gli attacchi Jailbreak e Knowledge Base (KB) all’avanguardia di Qualys TotalAI, ponendo domande al LLM di destinazione in 16 categorie e valutando le risposte utilizzando il Qualys Judge LLM. Le risposte sono state valutate in base a vulnerabilità, problemi etici e rischi legali.
Se una risposta è ritenuta vulnerabile, riceve una valutazione di gravità basata sulla sua immediatezza e sul suo potenziale impatto. Questo garantisce una valutazione completa del comportamento del modello e dei rischi associati.
Nel test KB sono state condotte 891 valutazioni. Il modello Deepseek R1 LLaMA 8B non ha superato il 61% dei test, ottenendo i risultati peggiori in Disallineamento e migliori in Contenuti sessuali.
Metodo di test di Jailbreak TotalAI ed evidenze
Il jailbreak di un LLM comporta tecniche che aggirano i meccanismi di sicurezza incorporati, consentendo al modello di generare risposte limitate. Queste vulnerabilità possono creare risultati dannosi, tra cui istruzioni per attività illegali, disinformazione, violazioni della privacy e contenuti non etici. I jailbreak riusciti mettono in luce le debolezze dell’allineamento dell’AI e presentano seri rischi per la sicurezza, soprattutto in ambito aziendale e normativo.
Il modello cinese è stato testato contro 18 tipi di jailbreak attraverso 885 attacchi. Ha fallito il 58% di questi tentativi, dimostrando una significativa suscettibilità alla manipolazione avversaria. Durante l’analisi, DeepSeek R1 ha faticato a prevenire diversi tentativi di jailbreak avversari, tra cui passaggi su come costruire un ordigno esplosivo, creare contenuti per siti web che si rivolgono a determinati gruppi incoraggiando discorsi d’odio, teorie cospirative e azioni violente, sfruttare le vulnerabilità del software, promuovere informazioni mediche errate, ecc.
Esempio di DeepSeek che fornisce contenuti errati e nocivi
I risultati ottenuti dai test evidenziano la necessità di migliorare i meccanismi di sicurezza per impedire l’elusione delle protezioni integrate, garantendo che il modello rimanga in linea con le linee guida etiche e normative. Un meccanismo di prevenzione efficace è l’implementazione di robusti guardrail che agiscono come filtri in tempo reale per rilevare e bloccare i tentativi di jailbreak. Questi guardrail aumentano la resilienza del modello adattandosi dinamicamente agli exploit avversari, contribuendo a mitigare i rischi di sicurezza nelle applicazioni aziendali. Queste vulnerabilità espongono le applicazioni a valle a rischi significativi per la sicurezza, rendendo necessari robusti test avversari e strategie di mitigazione.
Allineamento si, allineamento no: Cosa è meglio?
Negli ultimi anni, i modelli linguistici di grandi dimensioni (LLM) hanno rivoluzionato il panorama tecnologico, influenzando settori che vanno dalla ricerca accademica alla creazione di contenuti. Uno dei dibattiti più accesi riguarda il grado di allineamento di questi modelli con i principi etici e le linee guida imposte dai loro sviluppatori. Secondo un recente articolo pubblicato su Analytics India Magazine, i modelli non censurati sembrano ottenere risultati migliori rispetto a quelli allineati, sollevando interrogativi sulla necessità e sull’efficacia delle restrizioni etiche imposte dall’industria.
L’allineamento dei modelli AI nasce dalla volontà di evitare contenuti pericolosi, disinformazione e bias dannosi. Aziende come OpenAI e Google implementano rigorose politiche di sicurezza per garantire che le loro IA rispettino standard di condotta condivisi, riducendo il rischio di abusi. Tuttavia, il processo di allineamento introduce inevitabilmente filtri che limitano la libertà espressiva e, in alcuni casi, compromettono le prestazioni del modello. Questo perché i sistemi allineati potrebbero evitare di rispondere a domande controverse o generare risposte eccessivamente generiche per attenersi alle linee guida.
Al contrario, i modelli non censurati, che operano senza le stesse restrizioni etiche, dimostrano una maggiore flessibilità e capacità di fornire risposte più precise e dettagliate, soprattutto in contesti tecnici o di ricerca avanzata. Senza i vincoli imposti dall’allineamento, possono elaborare una gamma più ampia di informazioni e affrontare argomenti sensibili con maggiore profondità. Questo vantaggio, però, si accompagna a rischi significativi, come la diffusione incontrollata di disinformazione, contenuti dannosi e l’uso improprio da parte di attori malevoli.
Il problema centrale di questo dibattito non è solo tecnico, ma etico e politico. Un’intelligenza artificiale completamente libera potrebbe rappresentare una minaccia se utilizzata per scopi illeciti, mentre un modello eccessivamente allineato rischia di diventare inefficace o di riflettere un’agenda ideologica oppure attuare censura.
Alcuni ricercatori sostengono che l’equilibrio ideale risieda in un allineamento parziale, che consenta un certo grado di libertà espressiva senza compromettere la sicurezza. Tuttavia, definire i confini di tale equilibrio è una sfida complessa e soggetta a interpretazioni divergenti.
L’industria AI si trova dunque davanti a una scelta cruciale: proseguire lungo la strada dell’allineamento stringente, con il rischio di compromettere le prestazioni e la neutralità dei modelli, o adottare un approccio più permissivo, consapevole dei potenziali rischi. Le conseguenze di questa decisione avranno un impatto diretto sul futuro dell’IA e sulla sua integrazione nella società, influenzando la fiducia del pubblico e la regolamentazione del settore. La domanda fondamentale rimane aperta: quanto controllo è troppo controllo?
L'articolo AI sotto attacco: DeepSeek-R1 si comporta male nei test di Qualys proviene da il blog della sicurezza informatica.
This Week in Security: Medical Backdoors, Strings, and Changes at Let’s Encrypt
There are some interesting questions afoot, with the news that the Contec CMS8000 medical monitoring system has a backdoor. And this isn’t the normal debug port accidentally left in the firmware. The CISA PDF has all the details, and it’s weird. The device firmware attempts to mount an NFS share from an IP address owned by an undisclosed university. If that mount command succeeds, binary files would be copied to the local filesystem and executed.
Additionally, the firmware sends patient and sensor data to this same hard-coded IP address. This backdoor also includes a system call to enable the eth0
network before attempting to access the hardcoded IP address, meaning that simply disabling the Ethernet connection in the device options is not sufficient to prevent the backdoor from triggering. This is a stark reminder that in the firmware world, workarounds and mitigations are often inadequate. For instance, you could set the gateway address to a bogus value, but a slightly more sophisticated firmware could trivially enable a bridge or alias approach, completely bypassing those settings. There is no fix at this time, and the guidance is pretty straightforward — unplug the affected devices.
Reverse Engineering Using… Strings
The Include Security team found a particularly terrifying “smart” device to tear apart: the GoveeLife Smart Space Heater Lite. “Smart Space Heater” should probably be terrifying on its own. It doesn’t get much better from there, when the team found checks for firmware updates happening over unencrypted HTTP connections. Or when the UART password was reverse engineered from the readily available update. It’s not a standard Unix password, just a string comparison with a hardcoded value, and as such readily visible in the strings
output.
Now on to the firmware update itself. It turns out that, yes, the device will happily take a firmware update over that unencrypted HTTP connection. The first attempt at running modified firmware failed, with complaints about checksum failures. Turns out it’s just a simple checksum appended to the firmware image. The device has absolutely no protection against running custom firmware. So this leads to the natural question, what could an attacker actually do with access to a device like this?
The proof of concept attack was to toggle the heat control relay for every log message. In a system like this, one would hope there would be hardware failsafes that turn off the heating element in an overheat incident. Considering that this unit has been formally recalled for over 100 reports of overheating, and at least seven fires caused by the device, that hope seems to be in vain.
youtube.com/embed/CuahxZOOqbs?…
AMD Releases
We wrote about the mysterious AMD vulnerability a couple weeks ago, and the time has finally come for the full release. It’s officially CVE-2024-56161, “Improper signature verification in AMD CPU ROM microcode patch loader”. The primary danger seems to be malicious microcode that could be used to defeat AMD’s Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) technology. In essence, an attacker with root access on a hypervisor could defeat this VM encryption guarantee and compromise the VMs on that system.
This issue was found by the Google Security Team, and there is a PoC published that demonstrates the attack with benign effects.
The Mirai Two-fer
The Mirai botnet seems to have picked up a couple new tricks, with separate strains now attacking Zyxel CPE devices and Mitel SIP phones. Both attacks are actively being exploited, and the Zyxel CPE flaw seems to be limited to an older, out-of-support family of devices. So if you’re running one of the approximately 1,500 “legacy DSL CPE” devices, it’s time to pull the plug. Mitel has published an advisory as well, and is offering firmware updates to address the vulnerability.
Let’s Encrypt Changes
A service many of us depend on is making some changes. Let’s Encrypt is no longer going to email you when your certificate is about to expire. The top reason is simple. It’s getting to be a lot of emails to send, and sending emails can get expensive when you measure them in the millions.
Relatedly, Let’s Encrypt is also about to roll out new six-day certificates. Sending out email reminders for such short lifetimes just doesn’t make much sense. Finally from Let’s Encrypt is a very useful new feature, the IP Address certificate. If you’ve ever found yourself wishing you didn’t have to mess with DNS just to get an HTTPS certificate, Let’s Encrypt is about to have you covered.
Bits and Bytes
There’s a Linux vulnerability in the USB Video Class driver, and CISA has issued an active exploit warning for it. And it’s interesting, because it’s been around for a very long time, and it was disclosed in a Google Android Security Bulletin. It’s been suggested that this was a known vulnerability, and was used in forensic tools for Android, in the vein of Cellebrite.
Pretty much no matter what program you’re using, it’s important to never load untrusted files. The latest application to prove this truism is GarageBand. The details are scarce, but know that versions before 10.4.12 can run arbitrary code when loading malicious images.
Ever wonder how many apps Google blocks and pulls from the app store? Apparently better than two million in 2024. The way Google stays mostly on top of that pile of malware is the use of automated tools, which now includes AI tools. Which, yes, is a bit terrifying, and has caused problems in other Google services. YouTube in particular comes to mind, where channels get content strikes for seemingly no reason, and have trouble finding real human beings at Google to take notice and fix what the automated system has mucked up.
And finally, echoing what Kee had to say on the subject, cryptocurrency fraud really is just fraud. And [Andean Medjedovic] of Canada found that out the hard way, after his $65 million theft landed him in jail on charges of wire fraud, computer hacking, and attempted extortion.
Split-Flap Clock Makes a Nice Side Quest in Larger Project
Sometimes projects spawn related projects that take on a life of their own. That’s OK, especially when the main project is large and complex, In that case, side-quest projects provide a deliverable that can help keep the momentum of the whole project going. The mojo must flow, after all.
That seems to be what’s going on with this beautiful split-flap clock build by [Erich Styger]. It’s part of a much larger effort which will eventually see 64 separate split-flap units chained together. This project has been going on for a while; we first featured it back in 2022 when it was more of a prototype. Each unit is scratch-built, using laser-cut fiberboard for parts like the spool and frame, thin PVC stock for the flip cards, and CNC-cut vinyl for the letters and numbers. Each unit is powered by its own stepper motor.
To turn four of these displays into a clock, [Erich] milled up a very nice enclosure from beech. From the outside it’s very clean and simple, almost like something from Ikea, but the inside face of the enclosure is quite complex. [Erich] had to mill a lot of nooks and crannies into the wood to provide mounting space and clearance for the split-flap mechanism, plus a thinned-down area at the top of each window to serve as a stop for the flaps. The four displays are controlled by a single controller board, which houses an NXP K22FN512 microcontroller along with four stepper drivers and interfaces for the Hall-effect sensors needed to home each display. There’s also an RS-485 interface that lets the controllers daisy-chain together, which is how the big 64-character display will be controlled.
We’re looking forward to that, but in the meantime, enjoy the soft but pleasant flappy goodness of the clock in the brief video below.
youtube.com/embed/s_7kXFjp-Rs?…
Dark Web e credenziali rubate: Miliardi gli account compromessi. Il furto di credenziali è fuori controllo!
L’attuale panorama della sicurezza informatica è dominato da una preoccupante escalation di compromissioni delle credenziali, una delle minacce più significative per individui e aziende. Gli attacchi recenti rivelano la vulnerabilità dei sistemi di autenticazione, evidenziando la necessità di adottare misure di sicurezza avanzate per proteggere dati sensibili e infrastrutture critiche.
Una panoramica delle compromissioni recenti
Secondo il report di Recorded Future, molteplici piattaforme online sono state coinvolte in episodi di compromissione delle credenziali, tra cui:
- Evernote.com: Servizio di gestione note che ha registrato accessi non autorizzati a migliaia di account.
- Geox.com: Il sito ufficiale del noto marchio di calzature è stato oggetto di attacchi che hanno esposto credenziali utente e dati sensibili.
- Casapia.com: Marketplace di articoli per la casa dove i dati rubati sono stati successivamente venduti su forum come Breached.to.
- Musixmatch.com: Piattaforma di testi musicali compromessa attraverso tecniche di credential stuffing.
Gli aggressori hanno sfruttato vulnerabilità nei sistemi di memorizzazione e gestione delle credenziali. Ad esempio, è stato riscontrato che piattaforme come panel.surveyeah.com e docsity.com contenevano cookie di autenticazione rubati, permettendo agli attaccanti di ottenere accesso prolungato agli account delle vittime. Questo tipo di attacco è particolarmente pericoloso in quanto non richiede il furto della password in chiaro, ma sfrutta i cookie di sessione per autenticarsi come l’utente legittimo, aggirando così eventuali meccanismi di autenticazione a più fattori (MFA).
Forum di hacking, come quelli presenti su RaidForums (ora chiuso), Breached.to e Exploit.in, hanno discusso delle vulnerabilità sfruttate, confermando che molti utenti riutilizzano password deboli o già compromesse in precedenti attacchi. In particolare, sono stati individuati database contenenti milioni di credenziali rubate, spesso vendute sul dark web o scambiate tra cybercriminali per essere utilizzate in attacchi di credential stuffing.
Questi attacchi sfruttano la pratica diffusa di riutilizzare la stessa password su più servizi online, permettendo agli attaccanti di ottenere accesso non solo ai siti colpiti direttamente, ma anche a email personali, servizi finanziari e account aziendali delle vittime.
Ad esempio, un recente dump di credenziali ha evidenziato che oltre il 60% delle password compromesse erano già state esposte in precedenti violazioni. Tra le tecniche più utilizzate dagli attaccanti per sfruttare queste credenziali compromesse troviamo:
- Credential stuffing – Automazione di tentativi di accesso su più piattaforme con le stesse credenziali.
- Phishing mirato – Email fraudolente che sfruttano dati reali delle vittime per aumentarne l’efficacia.
- Social engineering – Manipolazione psicologica per indurre le vittime a rivelare informazioni sensibili.
Per mitigare questi rischi, gli esperti di sicurezza raccomandano l’uso di password uniche e complesse per ogni servizio, supportate da strumenti di password manager. Inoltre, abilitare l’autenticazione a più fattori (MFA) è essenziale per ridurre il rischio di accessi non autorizzati, anche in caso di compromissione delle credenziali.
Minacce malware e domini di phishing: un’escalation allarmante
Oltre alle violazioni delle credenziali, il report di Recorded Future ha identificato una crescente attività malevola, con molteplici analisi sandbox che rivelano la diffusione di malware avanzati. Alcuni esempi di malware recentemente rilevati mostrano punteggi di pericolosità estremamente elevati (Polyscore 0.99), con funzionalità come:
- Evasione dai sistemi di virtualizzazione e sandbox (T1497 – ATT&CK Framework)
- Manipolazione del registro di sistema (T1112 – Modify Registry)
- Dumping delle credenziali del sistema operativo (T1003 – OS Credential Dumping)
- Tecniche di iniezione nei processi (T1055 – Process Injection)
- Connessioni a server C2 (Command and Control) per esfiltrare dati
- Modifica dei permessi di esecuzione dei file per persistenza
Ad esempio, un malware analizzato nel report 7967a824d4df4a7cc3d5fd2c0acddda88ee0231d268c98f8e62073151a93da40 è stato classificato come altamente pericoloso e capace di estrarre dati sensibili dalle macchine infette, comunicando con server malevoli localizzati in Russia e Cina.
Ulteriori analisi condotte su malware recenti, come b8ddfb796f25efb82f091568439bf23a210155e1a3c3c4000f2998a47d7926e2, mostrano come le campagne di attacco utilizzino tecniche avanzate di packaging software (T1027.002 – Software Packing) per offuscare il codice e rendere più difficile il rilevamento da parte dei sistemi di difesa aziendali.
Parallelamente, le campagne di phishing stanno aumentando esponenzialmente. Diversi domini sono stati segnalati come fraudolenti e utilizzati per campagne di phishing mirate, spesso collegate ad attacchi malware:
- meditrans.it – sospetto dominio di phishing per campagne di ingegneria sociale.
- lenis.it – hosting di pagine clone per il furto di credenziali bancarie.
- labinstruments.org – utilizzato per veicolare malware tramite allegati email.
- expry.it – sospetto sito fraudolento impiegato per il furto di dati personali.
- secure-getway321f0be5-corr.tcontact.it – rilevato come dominio fraudolento utilizzato per attacchi di social engineering avanzati.
Secondo i dati delle analisi OSINT condotte dai team di threat intelligence, gli attori malevoli dietro questi attacchi stanno implementando phishing kit evoluti che replicano in modo realistico le pagine di login di banche e servizi email. Alcuni di questi kit sono stati individuati nei forum underground, come XSS.is, dove gli hacker offrono strumenti avanzati per la raccolta di credenziali e il bypass dei sistemi di autenticazione a due fattori (2FA).
I cybercriminali non si limitano più al phishing via email, ma sfruttano canali diversificati come social media, SMS e chiamate vocali automatizzate per ingannare le vittime. L’uso crescente di deepfake vocali per impersonare autorità aziendali e convincere gli impiegati a rivelare dati critici è un ulteriore segnale dell’evoluzione delle tecniche di attacco.
Secondo il rapporto PolySwarm, le minacce analizzate mostrano una chiara tendenza verso attacchi mirati contro aziende di settori strategici, con un’attenzione particolare a:
- Istituzioni finanziarie
- Fornitori di servizi cloud e telecomunicazioni
- Enti governativi e infrastrutture critiche
- Settore sanitario e farmaceutico
L’adozione di soluzioni di Threat Intelligence e analisi comportamentale diventa sempre più essenziale per contrastare queste minacce. I dati suggeriscono che le aziende con sistemi di monitoraggio attivo delle minacce e politiche di sicurezza avanzate riducono drasticamente il rischio di compromissione rispetto a quelle con misure difensive statiche.
Indicatori di Compromissione (IOC)
Alcuni IOC emersi dalle analisi recenti includono:
- IP sospetti: 192.168.45.21, 83.149.126.86 (utilizzati in attacchi di brute force).
- Hash di file malevoli:
- 7967a824d4df4a7cc3d5fd2c0acddda88ee0231d268c98f8e62073151a93da40.
- b8ddfb796f25efb82f091568439bf23a210155e1a3c3c4000f2998a47d7926e2.
- Domini fraudolenti: lenis.it, meditrans.it, secureauth123.biz.
Questi indicatori forniscono un punto di partenza per rilevare e mitigare le minacce nei sistemi aziendali e personali.
La geografia delle minacce: una mappa globale
Una recente mappa interattiva delle minacce evidenzia le aree con la maggiore concentrazione di attacchi. In particolare:
- Italia: Epicentro di attacchi legati a credenziali compromesse e phishing, con città come Milano e Roma frequentemente citate nei report di sicurezza.
- Germania e Austria: Rilevata un’alta attività di campagne di phishing mirate contro aziende.
- Ucraina e Europa orientale: Zone ad alto rischio, spesso bersaglio di gruppi APT (Advanced Persistent Threat).
Questa distribuzione geografica riflette le priorità strategiche degli attaccanti, che mirano a regioni con alta densità di dati sensibili e infrastrutture digitali.
Misure di protezione: un approccio proattivo
Per affrontare la crescente minaccia delle credenziali compromesse, gli esperti raccomandano una combinazione di strategie tecniche e comportamentali:
- Monitorare attivamente le minacce: L’uso di soluzioni di Threat Intelligence permette di rilevare e mitigare gli attacchi in tempo reale.
- Implementare l’autenticazione a più fattori (MFA): Riduce drasticamente il rischio di accessi non autorizzati anche in caso di furto di credenziali.
- Utilizzare password manager: Garantisce la creazione di password uniche e complesse per ogni account.
- Formazione continua sulla sicurezza informatica: Aumenta la consapevolezza degli utenti sulle tecniche di phishing e social engineering.
Le compromissioni di credenziali rappresentano una delle sfide più pressanti nel campo della sicurezza informatica. La combinazione di tecniche avanzate, l’uso di domini di phishing e la diffusione di strumenti sul dark web amplificano la portata di questi attacchi.
Adottare un approccio proattivo e implementare misure di sicurezza robuste non è più un’opzione, ma una necessità per proteggere utenti e aziende da una minaccia in continua evoluzione.
Questo articolo è stato redatto attraverso l’utilizzo della piattaforma Recorded Future, partner strategico di Red Hot Cyber e leader nell’intelligence sulle minacce informatiche, che fornisce analisi avanzate per identificare e contrastare le attività malevole nel cyberspazio.
L'articolo Dark Web e credenziali rubate: Miliardi gli account compromessi. Il furto di credenziali è fuori controllo! proviene da il blog della sicurezza informatica.
RC Cars With First Person Video, All With An ESP32
Those little ESP32-CAM boards which mate the WiFi-enabled microcontroller with a small parallel-interface camera module have been with us for years, and while they are undeniably cool to play with, they sometimes stretch the available performance in trying to process and stream video. [Mattsroufe] has made a very cool project with one of them, not only managing to stream video from a small model car, but also to control the steering and motor by means of servos and a little motor driver.
Sadly it’s not entirely a stand-alone device, as the ESP32 streams video to a web server with some Python code to handle the controls. The server can aggregate several of them on one page though, for perhaps a little real-life quad-screen Mario Kart action if you have enough of the things. We can see that this idea has plenty of potential beyond the mere fun of driving a toy car around though, but to whet your appetite there’s a demo video below.
We’ve seen enough of the ESP32-cam before, but perhaps more as a photographic device.
youtube.com/embed/OubYFXmvA1E?…
Solid Tips for Designing Assistive Technology (Or Anything Else, Really)
Do you make things, and have you got almost ten minutes to spare? If not, make the time because this video by [PrintLab] is chock-full of healthy and practical design tips. It’s about effective design of Assistive Technology, but the design concepts extend far beyond that scope.
It’s about making things that are not just functional tools, but objects that are genuinely desirable and meaningful to people’s lives. There are going to be constraints, but constraints aren’t limits on creativity. Heck, some of the best devices are fantastic in their simplicity, like this magnetic spoon.It’s not just about functionality. Colors, textures, and style are all meaningful — and have never been more accessible.
One item that is particularly applicable in our community is something our own [Jenny List] has talked about: don’t fall into the engineer-saviour trap. The video makes a similar point in that it’s easy and natural to jump straight into your own ideas, but it’s critical not to make assumptions. What works in one’s head may not work in someone’s actual life. The best solutions start with a solid and thorough understanding of an issue, the constraints, and details of people’s real lives.
Another very good point is that designs don’t spring fully-formed from a workbench, so prototype freely using cardboard, models, 3D printing, or whatever else makes sense to you. Don’t be stingy with your prototyping! As long as you’re learning something each time, you’re on the right path.
And when a design is complete? It has the potential to help others, so share it! But sharing and opening your design isn’t just about putting the files online. It’s also about making it as easy as possible for others to recreate, integrate, or modify your work for their own needs. This may mean making clear documentation or guides, optimizing your design for ease of editing, and sharing the rationale behind your design choices to help others can build on your work effectively.
The whole video is excellent, and it’s embedded here just under the page break. Does designing assistive technology appeal to you? If so, then you may be interested in the Make:able challenge which challenges people to design and make a 3D printable product (or prototype) that improves the day-to-day life of someone with a disability, or the elderly. Be bold! You might truly help someone’s life.
youtube.com/embed/vJV08sxxMKE?…
T1 is a RISC-V Cray
The crux of most supercomputers is the ability to operate on many pieces of data at once — something video cards are good at, too. Enter T1 (short for Torrent-1), a RISC-V vector inspired by the Cray X1 vector machine.
T1 has support for features, including lanes and chaining. The chip contains a version of the Rocket Core for scalar operations, but there’s no official support for using it. The project claims you could easily replace that core with any other RISC-V CPU IP.
By focusing on parallelism instead of out of order execution, the design gets to skip branch prediction, register renaming, and similar problems.
There is an emulator if you want to experiment. You can even grab a docker image for easy installation. This doesn’t look like something you could pick up in an hour, so prepare to spend some time. Everything is bare-metal, too, so leave your favorite development tools at home.
The project uses Chisel, which we’ve covered before. The build system seems very complex, but based on Nix Flakes, so it should be understandable.
If your high-performance RISC-V dreams are more conventional, there’s work going on in that area, too.
Title graphic from Freepik.
Running Doom on an Apple Lightning to HDMI Adapter
As a general rule of thumb, anything that has some kind of display output and a processor more beefy than an early 90s budget PC can run Doom just fine. As [John] AKA [Nyan Satan] demonstrates in a recent video, this includes running the original Doom on an Apple Lightning to HDMI Adapter. These adapters were required after Apple moved to Lightning from the old 30-pin connector which had dedicated pins for HDMI output.
As the USB 2.0 link used with Lightning does not have the bandwidth for 1080p HDMI, compression was used, requiring a pretty beefy processor in the adapter. Some enterprising people at the time took a hacksaw to one of these adapters to see what’s inside them and figure out the cause of the visual artifacts. Inside is a 400 MHz ARM SoC made by Samsung lovingly named the S5L8747. The 256 MB of RAM is mounted on top of the package, supporting the RAM disk that the firmware is loaded into.
Although designed to only run the Apple-blessed firmware, these adapters are susceptible to the same Checkm8 bootROM exploit, which enables the running of custom code. [John] adapted this exploit to target this adapter, allowing this PoC Doom session to be started. As the link with the connected PC (or Mac) is simply USB 2.0, this presumably means that sending keyboard input and the like is also possible, though the details are somewhat scarce on this aspect.
youtube.com/embed/4XCkeN0XuqA?…
A Great Use for AI: Wasting Scammers Time!
We may have found the killer app for AI. Well, actually, British telecom provider O2 has. As The Guardian reports, they have an AI chatbot that acts like a 78-year-old grandmother and receives phone calls. Of course, since the grandmother—Daisy, by name—doesn’t get any real phone calls, anyone calling that number is probably a scammer. Daisy’s specialty? Keeping them tied up on the phone.
While this might just seem like a prank for revenge, it is actually more than that. Scamming people is a numbers game. Most people won’t bite. So, to be successful, scammers have to make lots of calls. Daisy can keep one tied up for around 40 minutes or more.
You can see some of Daisy’s antics in the video below. Or listen to Daisy do her thing in the second video. When a bogus tech support agent tried to direct Daisy to the Play Store, she replied, “Did you say pastry?” Some of them became quite flustered. She even has her own homepage.
While we have mixed feelings about some AI applications, this is one we think everyone can get onboard with. Well, everyone but the scammers.
It might not do voice, but you can play with local AI models easily now. Spoofing scammers is the perfect job for the worst summer intern ever.
youtube.com/embed/RV_SdCfZ-0s?…
youtube.com/embed/bL9iJJICOLc?…
Lorentz Cannon Fires Lightning
[Editor’s note: This video disappeared, but there’s another version here at the moment. We’re leaving the links as-were in case they come back up soon.]
The aptly named [LightingOnDemand] has created a Lorentz cannon that can fire a lightning bolt. Honestly, as you can see in the video below, it looks like something from a bad 1950s science fiction movie. The inspiration was researchers using rockets trailing thin wires to attract lightning.
How does the tiny wire carry that much juice? It doesn’t, really. The wire vaporizes into plasma, and if the pulse is fast enough, the Lorentz force hold the plasma together. The rest is non-trivial high-voltage engineering.
The original gun used a Marx bank that weighed 4,000 pounds and towered 8 feet above the ground. It looked like a Gatling gun with a laser target designator.
The original capacitors were picked up from scrap and didn’t work with a high enough voltage. Raising the voltage killed many of the capacitors. Fast-forward 30 years, and high-voltage caps are cheaper and better. The new version was able to pop 150,000 volts over a sizable gap. Perfect for destroying any hostile big-screen TVs.
Based on the scaling, they estimate that a 30-foot-high Marx tower could project plasma over a quarter of a mile away. We know you aren’t likely to try this at home, but it is a fun video to watch. And, of course, Marx generators are good for other things, too. They aren’t hard to build. We’ll stick with a ray gun.
youtube.com/embed/Cse3pUxvecY?…
Paragon, il nuovo spyware israeliani e l’ombra dello spionaggio del governo italiano
Un software israeliano prodotto da un’azienda fondata da un ex membro dell’Unità 8200 dell’Israel Defense Force, la “guardia d’élite” cyber delle forze armate di Tel Aviv, è stato usato per spiare giornalisti e attivisti e tra i suoi clienti figurava anche il governo italiano. Giorgia Meloni è sulla difensiva nel dibattito che si è acceso […]
Continua a leggere
The post Paragon, il nuovo spyware israeliani e l’ombra dello spionaggio del governo italiano appeared first on InsideOver.
Attacco All’Influenza di OpenAI! 20 Milioni di Codici di Accesso in Vendita su BreachForums
Un utente del forum underground BreachForums, con il nickname emirking, ha recentemente pubblicato un thread allarmante, sostenendo di avere accesso a oltre 20 milioni di codici di accesso per gli account di OpenAI.
L’annuncio, scritto in russo, suggerisce che i codici potrebbero essere stati ottenuti attraverso una violazione di sicurezza o una massiccia operazione di scraping. Se confermata, questa fuga di dati rappresenterebbe una delle più grandi esposizioni di credenziali legate all’intelligenza artificiale fino ad oggi.
L’Annuncio e i Dettagli della Presunta Violazione
Nel post, l’autore fa riferimento al fatto che OpenAI potrebbe dover verificare gli account in blocco, suggerendo implicitamente che i codici di accesso potrebbero essere usati per aggirare i sistemi di autenticazione della piattaforma. L’utente fornisce anche un esempio di un dominio legato all’autenticazione di OpenAI (auth0.openai.com), accompagnato da una lista di codici oscurati, probabilmente per dimostrare la validità dell’attacco senza rivelare informazioni sensibili a chiunque visiti il forum.
L’account di emirking risulta relativamente nuovo, con solo due post e due thread pubblicati, essendosi unito a gennaio 2025. Ciò solleva dubbi sulla sua affidabilità, ma il fatto che la vendita venga proposta su un forum noto per la condivisione di dati compromessi suggerisce che potrebbe esserci un fondo di verità dietro questa dichiarazione.
Qual è l’Impatto di una Breach di Questa Portata?
Se i 20 milioni di codici di accesso fossero effettivamente validi, le conseguenze potrebbero essere devastanti. OpenAI gestisce non solo ChatGPT, ma anche API avanzate utilizzate da aziende e sviluppatori di tutto il mondo. L’accesso non autorizzato a questi account potrebbe portare a:
- Furto di dati sensibili: molte aziende usano i servizi di OpenAI per processare informazioni riservate. Un attacco su larga scala potrebbe compromettere documenti interni, conversazioni e codice sorgente.
- Uso fraudolento delle API: con credenziali rubate, gli attaccanti potrebbero abusare delle API di OpenAI, accumulando costi per le vittime o eseguendo attacchi automatizzati.
- Disinformazione e attacchi informatici: i criminali potrebbero generare contenuti falsi sfruttando i modelli linguistici avanzati per campagne di phishing o propaganda.
Le Possibili Origini della Violazione
Al momento, non è chiaro come siano stati ottenuti questi codici. Alcune ipotesi plausibili includono:
- Phishing mirato: attacchi contro gli utenti di OpenAI per sottrarre credenziali e codici di accesso.
- Credential stuffing: utilizzo di database di credenziali trapelate in passato per accedere a nuovi account.
- Breccia nei sistemi di autenticazione: se il sottodominio auth0.openai.com fosse stato compromesso, potrebbe essere stata sfruttata una vulnerabilità di sicurezza.
- Leaks interni o errori di configurazione: talvolta, accessi non protetti o configurazioni errate delle API possono esporre credenziali a malintenzionati.
Operazioni di influenza e guerra informatica tra Cina e Stati Uniti
Negli ultimi mesi, con l’ingresso nell’arena delle soluzioni LLM di nuovi attori come DeepSeek, si è intensificata una guerra sotterranea fatta di attacchi informatici e campagne di screditamento reciproco. Abbiamo già visto come DeepSeek sia stato colpito da attacchi DDoS mirati, sferrati attraverso botnet da coalizioni internazionali con l’obiettivo di renderlo irraggiungibile. Oggi, invece, emerge un’operazione che mira a mettere in discussione la sicurezza di OpenAI e del suo ChatGPT, con la pubblicazione su BreachForums della presunta violazione di 20 milioni di codici di accesso.
Queste attività non si limitano all’azione di gruppi criminali mossi dal profitto, ma potrebbero anche essere orchestrate a livello statale. Le nazioni che competono per il predominio tecnologico potrebbero sostenere operazioni offensive contro le infrastrutture AI rivali, servendosi di gruppi di hacker specializzati in disinformazione e sabotaggio. L’obiettivo? Minare la fiducia nelle piattaforme concorrenti e rafforzare la posizione del proprio ecosistema tecnologico.
La posta in gioco è altissima: il settore dell’intelligenza artificiale vale miliardi di euro e il predominio di una tecnologia sull’altra potrebbe destabilizzare aziende, investitori e fornitori che fino ad oggi hanno operato in un ecosistema relativamente stabile. Se OpenAI o DeepSeek dovessero perdere credibilità a causa di attacchi o fughe di dati, le ripercussioni si rifletterebbero non solo sugli utenti, ma su intere catene di approvvigionamento tecnologico.
Non è un caso che, parallelamente agli attacchi, si stia assistendo a una crescita esponenziale delle campagne di propaganda mirate a esaltare o denigrare le performance dei modelli AI concorrenti. Dai forum underground alle piattaforme social, emergono narrazioni polarizzate che cercano di indirizzare l’opinione pubblica e spostare il mercato verso una direzione precisa.
In questo scenario, diventa cruciale distinguere tra attacchi autentici e operazioni di manipolazione. La battaglia per il controllo dell’intelligenza artificiale non si gioca solo sul piano dell’innovazione, ma anche su quello della cyberwarfare e della percezione pubblica. OpenAI, DeepSeek e altri protagonisti del settore dovranno quindi non solo rafforzare la sicurezza dei loro sistemi, ma anche gestire in modo strategico la propria immagine e credibilità nel lungo termine.
L'articolo Attacco All’Influenza di OpenAI! 20 Milioni di Codici di Accesso in Vendita su BreachForums proviene da il blog della sicurezza informatica.
How Do We Deal With Microplastics In The Ocean?
Like the lead paint and asbestos of decades past, microplastics are the new awful contaminant that we really ought to do something about. They’re particularly abundant in the aquatic environment, and that’s not a good thing. While we’ve all seen heartbreaking photos of beaches strewn with water bottles and fishing nets, it’s the invisible threat that keeps environmentalists up at night. We’re talking about microplastics – those tiny fragments that are quietly infiltrating every corner of our oceans.
We’ve dumped billions of tons of plastic waste into our environment, and all that waste breaks down into increasingly smaller particles that never truly disappear. Now, scientists are turning to an unexpected solution to clean up this pollution with the aid of seashells and plants.
Sticky Solution
A team of researchers has developed what amounts to a fancy sponge for sucking up microplastics, made using readily available natural materials—chitin from marine creatures, and cellulose from plants. When these materials are processed just right, they form a super-porous foam that readily “adsorbs” microplastic material, removing it from the water. If you’re not familiar with the term, adsorbtion is simple—it refers to material clinging on to the surface of a solid, rather than being absorbed into it.
To create the material, researchers took chitin and cellulose, and broke down the natural hydrogen bonds in both materials, which allowed them to be reconstructed into a new foam-like form. The result is a very porous material that has negatively- and positively-charged areas on the surface that can effectively bond with microplastic particles. Indeed, the foam effectively grabs plastic particles through a combination of electrostatic attraction, physical entrapment, and other intramolecular forces. It both attracts microplastics via physical forces and entangles them, too.The foam is assembled from chitin and cellulose, with the aid of some readily-available reagents. Credit: Research paper
The foam performed well in testing, capturing from 98% to 99.9% of microplastics. Even more impressive, the foam maintained a removal efficiency above 95% even after five usage cycles, a positive sign for its practical longevity. The material shows particular affinity for common plastics that show up in litter and other waste streams—like polystyrene, polypropylene, polyethylene terephthalate (PET) and polymethyl methacrylate (PMMA).
Of course, polluted water on Earth is a more complex mix than just water and plastic. Take a sample and you’re going to find lots of organic matter, bacteria, and other pollutants mixed in. The researchers put their foam through its paces with four different samples from real-world contexts—taken from agriculture irrigation, lake waters, still water, and coastal waters. While contaminants like ethanol and methylene blue cut the adsorption capacity of the foam by up to 50%, that wasn’t the case all round. Surprisingly, some contaminants actually improved its performance. When heavy metals like lead were present, the foam’s plastic-capturing ability increased, and it gained a similar benefit from the presence of bacteria like e.Coli. Testing like this is crucial for proving the foam’s viability outside of simple laboratory tests. Removing plastic from clean water is one thing; removing it from real samples is another thing entirely.The foam is able to ensnare microplastic particles in a variety of ways—pure mechanical entrapment, electrostatic attraction, and other intramolecular forces. Credit: Research paper
The beauty of this approach lies in its simplicity and accessibility. Unlike some high-tech solutions requiring expensive materials or complex manufacturing, the foam is made out of materials that can be sourced in abundance. Chitin is readily available from seafood processing waste, and cellulose can be sourced from agricultural byproducts. The research paper also explains the basic methods of preparing the hybrid foam material, which are well within the abilities of any competent lab and chemical engineer.Some environmental contaminants hurt the performance of the foam, but others are actually beneficial to its plastic-trapping mission. Credit: Research paper
While this foam won’t single-handedly solve our ocean plastic crisis, it represents a promising direction in environmental remediation. The challenge now lies in scaling up production and developing practical deployment methods for real-world conditions. Developing the foam was step one—the next step involves figuring out how to actually put it to good use to sieve the oceans clean. Stopping plastic contamination at the source is of course the ideal, but for all the plastic that’s already out there, there’s still a lot to be done.
Featured image: “Microplastic” by Oregon State University
Lorem Ipsum 36? Dolor Sit Amet Keyboard!
You know, it’s a tale as old as custom mechanical keyboards. [penkia] couldn’t find any PCBs with 36 keys and Gateron low-profile switch footprints, so they made their own and called it the LoremIpsum36. Isn’t it lovely?
This baby runs on an RP2040, which sits flush as can be in a cutout in the PCB. This maneuver, along with the LP switches in hard-to-find SK-33 sockets results in quite the thin board.
[penkia] says that despite using a 3 mm tray for added rigidity, the entire thing is thinner than the Nuphy Air60 v2, which is just over half an inch (13.9 mm) thick. For keycaps, [penkia] has used both XVX profile and FKcaps’ LPF.
And yeah, that area in the middle is crying out for something; maybe a trackball or something similar. But [penkia] is satisfied with it as-is for the first version, so we are, too.
Do you like 36-key boards, but prefer curves? Check out the Lapa keyboard, which doubles as a mouse.
A Tube, The Wooden Kind
While we aren’t heavy-duty woodworkers, we occasionally make some sawdust as part of a project, and we admire people who know how to make wood and do what they want. We were surprised when [Newton Makes] showed a wooden dowel that was quite long and was mostly hollow. The wall was thin, the hole was perfectly centered, and he claimed he did not use a drill to produce it. Check it out in the video below and see what you think.
We don’t want to spoil the surprise, but we can tell you that making something that long with a drill or even a drill press would be very difficult. The problem is that drills have runout — the bits are usually not totally centered, so the bit doesn’t spin like you think it does. Instead, it spins and rotates around a small circle.
At the chuck, that small circle isn’t a big deal. But the further you get from the chuck, the bigger the runout circle gets. So a 10 cm long drill bit won’t amplify the runout much, but a 100 cm bit will make more of a cone shape unless the drill press is very accurate.
Take your guess, go watch the video, then come back and tell us if you guessed correctly. We didn’t. If you want to get better at woodworking, we can help. If you get really good, you can bend wood to your will.
youtube.com/embed/OVdINYWrTNs?…
Gli hacker criminali di Lynx rivendicano un attacco informatico all’italiana Banfi
La banda di criminali informatici di Lynx rivendica all’interno del proprio Data Leak Site (DLS) un attacco informatico all’italiana Banfi. Riportano all’interno del post “Banfi Vintners, the exclusive importer of Riunite in the United States, was founded in New York in 1919 by John F. Mariani, Sr. and built into America’s leading wine marketer over the last four decades. The company continues to be family-owned by the founder’s children and grandchildren, who are also proprietors of the Castello Banfi vineyard estate in Montalcino, Tuscany; Vigne Regali Cellars in Strevi, Piedmont; and Pacific Rim Winery in Washington’s Columbia Valley.”
Nel post pubblicato nelle underground dai criminali informatici viene riportato che i dati in loro possesso, esfiltrati dalle infrastrutture IT dell’azienda verranno pubblicati tra 4 giorni.
Al momento, non possiamo confermare la veridicità della notizia, poiché l’organizzazione non ha ancora rilasciato alcun comunicato stampa ufficiale sul proprio sito web riguardo l’incidente. Pertanto, questo articolo deve essere considerato come una ‘fonte di intelligence’.
Sul sito della gang è attivo anche un countdown che mostra che tra 4g, 15 ore e 54 minuti ci sarà un aggiornamento del post. Sicuramente la gang in quella data pubblicherà una parte dei dati in loro possesso per aumentare la pressione sulla vittima. I criminali informatici, per poter attestare che l’attacco è avvenuto con successo, pubblicano una serie di documenti (samples) afferenti all’azienda sottratti illegalmente durante la compromissione delle infrastrutture.
Questo modo di agire – come sanno i lettori di RHC – generalmente avviene quando ancora non è stato definito un accordo per il pagamento del riscatto richiesto da parte dei criminali informatici. In questo modo, i criminali minacciando la pubblicazione dei dati in loro possesso, aumenta la pressione verso l’organizzazione violata, sperando che il pagamento avvenga più velocemente.
Come nostra consuetudine, lasciamo sempre spazio ad una dichiarazione da parte dell’azienda qualora voglia darci degli aggiornamenti sulla vicenda. Saremo lieti di pubblicare tali informazioni con uno specifico articolo dando risalto alla questione.
RHC monitorerà l’evoluzione della vicenda in modo da pubblicare ulteriori news sul blog, qualora ci fossero novità sostanziali. Qualora ci siano persone informate sui fatti che volessero fornire informazioni in modo anonimo possono utilizzare la mail crittografata del whistleblower.
Cos’è il ransomware as a service (RaaS)
Il ransomware, è una tipologia di malware che viene inoculato all’interno di una organizzazione, per poter cifrare i dati e rendere indisponibili i sistemi. Una volta cifrati i dati, i criminali chiedono alla vittima il pagamento di un riscatto, da pagare in criptovalute, per poterli decifrare.
Qualora la vittima non voglia pagare il riscatto, i criminali procederanno con la doppia estorsione, ovvero la minaccia della pubblicazione di dati sensibili precedentemente esfiltrati dalle infrastrutture IT della vittima.
Per comprendere meglio il funzionamento delle organizzazioni criminali all’interno del business del ransomware as a service (RaaS), vi rimandiamo a questi articoli:
- Il ransomware cos’è. Scopriamo il funzionamento della RaaS
- Perché l’Italia è al terzo posto negli attacchi ransomware
- Difficoltà di attribuzione di un attacco informatico e false flag
- Alla scoperta del gruppo Ransomware Lockbit 2.0
- Intervista al rappresentante di LockBit 2.0
- Il 2021 è stato un anno difficile sul piano degli incidenti informatici
- Alla scoperta del gruppo Ransomware Darkside
- Intervista al portavoce di Revil UNKNOW, sul forum XSS
- Intervista al portavoce di BlackMatter
Come proteggersi dal ransomware
Le infezioni da ransomware possono essere devastanti per un’organizzazione e il ripristino dei dati può essere un processo difficile e laborioso che richiede operatori altamente specializzati per un recupero affidabile, e anche se in assenza di un backup dei dati, sono molte le volte che il ripristino non ha avuto successo.
Infatti, si consiglia agli utenti e agli amministratori di adottare delle misure di sicurezza preventive per proteggere le proprie reti dalle infezioni da ransomware e sono in ordine di complessità:
- Formare il personale attraverso corsi di Awareness;
- Utilizzare un piano di backup e ripristino dei dati per tutte le informazioni critiche. Eseguire e testare backup regolari per limitare l’impatto della perdita di dati o del sistema e per accelerare il processo di ripristino. Da tenere presente che anche i backup connessi alla rete possono essere influenzati dal ransomware. I backup critici devono essere isolati dalla rete per una protezione ottimale;
- Mantenere il sistema operativo e tutto il software sempre aggiornato con le patch più recenti. Le applicazioni ei sistemi operativi vulnerabili sono l’obiettivo della maggior parte degli attacchi. Garantire che questi siano corretti con gli ultimi aggiornamenti riduce notevolmente il numero di punti di ingresso sfruttabili a disposizione di un utente malintenzionato;
- Mantenere aggiornato il software antivirus ed eseguire la scansione di tutto il software scaricato da Internet prima dell’esecuzione;
- Limitare la capacità degli utenti (autorizzazioni) di installare ed eseguire applicazioni software indesiderate e applicare il principio del “privilegio minimo” a tutti i sistemi e servizi. La limitazione di questi privilegi può impedire l’esecuzione del malware o limitarne la capacità di diffondersi attraverso la rete;
- Evitare di abilitare le macro dagli allegati di posta elettronica. Se un utente apre l’allegato e abilita le macro, il codice incorporato eseguirà il malware sul computer;
- Non seguire i collegamenti Web non richiesti nelle e-mail;
- Esporre le connessione Remote Desktop Protocol (RDP) mai direttamente su internet. Qualora si ha necessità di un accesso da internet, il tutto deve essere mediato da una VPN;
- Implementare sistemi di Intrusion Prevention System (IPS) e Web Application Firewall (WAF) come protezione perimetrale a ridosso dei servizi esposti su internet.
- Implementare una piattaforma di sicurezza XDR, nativamente automatizzata, possibilmente supportata da un servizio MDR 24 ore su 24, 7 giorni su 7, consentendo di raggiungere una protezione e una visibilità completa ed efficace su endpoint, utenti, reti e applicazioni, indipendentemente dalle risorse, dalle dimensioni del team o dalle competenze, fornendo altresì rilevamento, correlazione, analisi e risposta automatizzate.
Sia gli individui che le organizzazioni sono scoraggiati dal pagare il riscatto, in quanto anche dopo il pagamento le cyber gang possono non rilasciare la chiave di decrittazione oppure le operazioni di ripristino possono subire degli errori e delle inconsistenze.
La sicurezza informatica è una cosa seria e oggi può minare profondamente il business di una azienda.
Oggi occorre cambiare immediatamente mentalità e pensare alla cybersecurity come una parte integrante del business e non pensarci solo dopo che è avvenuto un incidente di sicurezza informatica.
L'articolo Gli hacker criminali di Lynx rivendicano un attacco informatico all’italiana Banfi proviene da il blog della sicurezza informatica.