The Universal Serial Bus. The one bus to rule them all. It brought peace and stability to the world of computer peripherals. No more would Apple and PC users have to buy their own special keyboards, mice, and printers. No more would computers sprout different ports for different types of hardware. USB was fast enough and good enough for just about everything you’d ever want to plug in to a computer.
We mostly think of USB devices as being plug-and-play; that you can just hook them up and they’ll work as intended. Fiddle around around with some edge cases, though, and you might quickly learn that’s not the case. That’s just what I found when I started running complicated livestreams from a laptop…
Fool To Try
You’d think an i7 with 16 GB of RAM would be well equipped to handle some audio software, 40 plugins, and a couple of webcams. When I’m not writing 5,000 words a day as the most forgettable journalist online, I’m running a musical livestream on Twitch. I invented Drumbeats and Dicerolls— a show in which I roll dice in order to write music in Ableton Live. The dice choose the instruments and sometimes even the notes, and then it’s up to me to turn all that into a coherent song.
The concept is simple enough, but on the technical side, it gets a little complicated. Video-wise, I use two webcams—one for me, one to film the dice as I roll them. That’s two USB devices right there. Then I have my mouse and keyboard, both running via a single Logitech wireless dongle. Finally, I have my Steinberg UR22 audio interface—basically a soundcard in an external box that has musician-friendly hookups for professional-grade mics and speakers.
It all adds up to four USB devices in total, all with USB-A ports. That doesn’t sound like much. Only, since my desktop was stolen, I only have a laptop to run the whole show. That presented an immediate hurdle, as my laptop only has two USB-A ports on board, plus a USB-C port on the rear.
I figured I’d hook up a USB-C hub with a few extra ports, and along with my monitor’s additional USB hub, I’d be all good. Trouble struck as I first attempted to stream in this way. Both webcams worked, with one of them even running through a separate NVIDIA Broadcast tool to do some background removal. However, the audio was problematic. Every ten to twenty seconds or so, the sound would drop out or stutter. It was incredibly jarring for a music stream.
Not So Simple
My Razer Kiyo webcam, complete with aftermarket privacy shield. I was frustrated. This was a problem I’d never had before. In normal life, I’d always just plugged whatever device into whatever USB port with no problems. Even when I’d chained hubs off hubs, I’d seen little issue, even with high-bandwidth devices like HD webcams or portable hard drives. And yet, here I stood. I was plugging, but the gear wasn’t playing.
At first, I figured I just had to tweak my software setup. I was using the Steinberg UR-22 via the Windows Wave drivers in Ableton. I figured if I just used the professional-grade ASIO sound driver instead, my stuttering problem would go away. However, then I found that my streaming software couldn’t naturally capture audio from this device. This necessitated pulling in the Reastream plugin to truck audio from Ableton into Streamlabs, but that wasn’t so hard. I tried a test recording offline, and it all worked great. No stutters, no problems. Only, as soon as I tried streaming live… the stuttering was back, in a big way. My Logitech C920E webcam. Forgive the beige walls. For my second stream, I switched things up. I ended up using a USB headset plugged right into my laptop’s native ports for audio, back with the Windows drivers, and kept the Steinberg UR-22 just for recording vocals into the machine. This worked great, with no stuttering on playback. But I had a new problem—only one of my webcams would work at a time. Oh, and the mic feed from the Steinberg was dropping out randomly, ruining my vocal recordings.
Looking at the mess of cables and daisy-chained hubs in front of me, I realized I had to simplify. I put the Steinberg device on the most direct hookup, straight to the laptop’s USB-A port, and set it back up in ASIO mode. Then I connected both webcams to a Lenovo docking station, hooked up by USB-C. I eliminated any extra hubs, ditched the USB headset, and had the most critical device—the Steinberg—connected by a single cable. This had to solve it, right? My Steinberg UR22 interface, which has never faltered at a gig—but flatly refuses to stop stuttering when I’m livestreaming. Well, the webcams were now humming along nicely, probably because they now had enough power from the docking station instead of an unpowered hub. But were all the problems fixed? Alas, no. Try as I might, the Steinberg device would stutter every few seconds or so. I double-checked that I didn’t have a CPU, RAM, or hard drive issue—everything came back clear. But for some reason, two webcams and an ASIO device was making the audio choke.
Brick Walls
Hours more troubleshooting rushed by. After all this, I’ve come to findings that confound me as an engineer. I can run two HD webcams and a USB headset with no dropouts, just using basic Windows audio drivers. And yet, trying to use the Steinberg audio interface, it just falters. Even with the webcams degraded to ultra low resolution! This interface has seen me through thick and thin, but it just won’t work under these conditions. Despite the fact it’s using the same sample rate as the USB headset, and should surely be using a similar amount of bandwidth. Regardless, its driver tells me there’s a USB problem and I can’t seem to solve it. This error plagues me. The one thing that itches my brain is that the stuttering seems to only happen when I’m streaming live online. When I’m not streaming video, the Steinberg happily operates as rock-solid as the cheap headset. The thing is, my network connection is via a PCI-Express WiFi chip baked into the laptop, so… that’s not even a USB thing.
When I started writing this a week ago, I thought I’d have solved it by now. I’d have a nice clear answer about what went wrong and how I figured it all out. That didn’t come to pass. Part of me wants to rush out and build a desktop PC with a real amount of ports to see if eliminating hubs and nonsense solves my problems. The other part of me wants to redouble my efforts to track down the issue with every last USB inspection utility out there. I’ll probably do the latter and update this article in due course.
Instead of a neat solution, all I’m left with is confusion and a cautionary tale. Just because you can plug a bunch of USB devices together, it doesn’t mean they’ll all work properly and play nicely together. Our computers are more complicated than we expect, it’s just they’re better at hiding it from us these days.
The approach has several advantages. Batteries make the device self-contained, and changing them infrequently is an obvious win. In addition, the BLE allows the device to be wireless and send data directly to an Android device. Thanks to a WH-SP-RG rain gauge, there’s not much to that part. The smart part is an nRF52832 module and some minor parts. The phone side uses an off-the-shelf Android app.
In a project like this, it is critical to have timers that really put the CPU to sleep. [Matthew] had to modify the Arduino libraries to allow the lp_timer objects to make it to an hour. Without the modifications, the timer can only reach 8.5 minutes. Sure, you could stack them, but that means taking a power hit multiple times an hour which would affect battery life.
Not the most complex project, but more complexity would mean lower battery life, so — as they say — less is more. We couldn’t help but think that with rechargeable batteries and a small solar panel, this could last a very long time.
The [Denki Otaku] YouTube channel took a look recently at some stepper motors, or ‘stepping motors’ as they’re called in Japanese. Using a 2-phase stepper motor as an example, the stepper motor is taken apart and its components explained. Next a primer on the types and the ways of driving stepper motors is given, providing a decent overview of the basics at the hand of practical examples.
As great as theoretical explanations are, there’s a lot of value in watching the internals of a stepper motor move when its coils are activated in order. Also demonstrated are PWM-controlled stepper motor drivers before diving into the peculiarities of microstepping, whereby the driving of the coils is done such that the stator moves in the smallest possible increments, often through flux levels in these coils. This allows for significantly finer positioning of the output shaft than with wave stepping and similar methods that are highly dependent on the number of phases and coils.
As demonstrated in the video, another major benefit of microstepping is that it creates much smoother movement while moving, but also noted is that servo motors are often what you want instead. This is a topic which we addressed in our recent article on the workings of stepper motors, with particular focus on the 4-phase 28BYJ-48 stepper motor and the disadvantages of steppers versus servos.
This unusual tattoo hack by [Emily The Engineer] is not for the weak of heart, but let’s be frank: we kind of know her for that. And she gives out a warning, albeit at a good 10 minutes in, to not do this at home. What she’s about to do takes creativity and tech obsession to the next level: to transform a 3D printer into a functional tattoo machine. Therefore, [Emily] ingeniously modified one of her standard 3D printers to operate two-dimensionally, swapped its plastic extruder for a tattoo gun, and, yes, even managed to persuade a willing participant to try it out.
The entire process can be seen in [Emily]’s video below, which humorously yet meticulously documents the journey from Sharpie test runs to actually inking skin. Aside from a lot of tongue-in-cheek trial and error, this project requires a sheer amount of problem-solving. [Emily] employs firmware edits to bypass safety checks, and clever hardware adaptations to ensure smooth transitions between strokes. One impressive upgrade is the emergency solenoid system, a literal panic button to stop the machine mid-tattoo in case of trouble—a critical addition for something with needles involved!
This hack sits on the edge of DIY body modification, raising eyebrows and technical questions alike. If you missed the warning and are now frantically searching for tattoo removal options, know we’ve covered some (but you might be rightfully scared of automating that, too, at this point). If you haven’t lifted a finger while reading this, just do the safe thing: watch [Emily]’s video, and tinker about the subsequent purposes this discovery creates for 3D printing or tattoo art.
In his most recent article, [Ken Shirriff] takes a break from putting ASICs under a microscope, and instead does the same in a proverbial manner with the word ‘mainframe’. Although these days the word ‘mainframe’ brings to mind a lumbering behemoth of a system that probably handles things like finances and other business things, but originally the ‘main frame’ was just one of many ‘frames’. Which brings us to the early computer systems.
We have all seen the photos of early computer systems, which not only filled rooms, but which also tended to consist out of multiple units. This was something which the designers of the IBM 701 computer seem to have come up with, to make it possible to transport and install computer systems without cranes and the breaking out of walls. Within the IBM 701 system’s internal documentation, the unit containing the core logic was referred to as the ‘main frame’, alongside the ‘power frame’, the ‘core frame’, etc.
From this [Ken] then traces how the word ‘main frame’ got reused over the years, eventually making it outside of the IBM world, with a 1978 Radio Electronics magazine defining the ‘mainframe’ as the enclosure for the computer, separating it seemingly from peripherals. This definition seems to have stuck, with BYTE and other magazines using this definition.
By the 1960s the two words ‘main frame’ had already seen itself hyphenated and smushed together into a singular word before the 1980s redefined it as ‘a large computer’. Naturally marketing at IBM and elsewhere leaned into the word ‘mainframe’ as a token of power and reliability, as well as a way to distinguish it from the dinky little computers that people had at home or on their office desk.
Truly, after three-quarters of a century, the word ‘mainframe’ has become a reflection of computing history itself.
All things considered, it was a very bad week for aviation here in the United States. Three separate crashes, two of which involved US military aircraft, have left over 70 people dead. We’ll spare you the details since there are plenty of other places to get news like that, but we did want to touch on one bright spot in this week’s aviation news: the first successful supersonic flight by a US-made civilian aircraft. There are a lot of caveats to that claim, but it’s clear that Boom Supersonic is on a path to commercializing supersonic air transportation for the first time since the Concorde was retired. Their XB-1 “Baby Boom” test aircraft managed three separate supersonic runs during the January 28 test flight over the Mojave test range. As usual, Scott Manley has excellent coverage of the test flight, including a look at how Boom used a Starlink terminal and an iPhone to stream cockpit video.
It’s been more than 20 years since Concorde was retired, and while the planes were an engineering marvel, they always seemed like a solution in search of a problem. The Analog’s Weekend Wire has a good rundown of the economics driving the design of Boom’s Overture airliner, including a look at how a plane with fewer seats than the Concorde and a slow top speed can make money for airlines. The company is targeting service on more than 600 routes, and they’ve already got orders from three major carriers and the US Department of Defense for a plane that hasn’t been built yet, so they must be onto something. It’ll be interesting to see how this pans out, and how supersonic planes will change air travel.
“Look, up in the sky! Is that an asteroid with a chance to wipe out humanity?” Sorry, no, it’s just a Tesla Roadster. Elon’s former ride was briefly mistaken for an asteroid after spotting it in early January. The object was given the designation 2018 CN41 for about a day before astronomers deleted the entry from the International Astronomical Union’s Minor Planet Electronic Circular once it became clear that the object’s orbital matched “artificial object 2018-017A, Falcon Heavy upper stage with Tesla Roadster.” So, disappointing news to those looking for a cosmic solution to our woes, but cheer up — there’s always 2024 YR4 to look forward to.
So is robot kidnapping going to be a thing now? It appears so if this attempted abduction of a robot server is any indication. The alleged crime took place at a pho joint in San Jose, California, which uses a robot to deliver food to its customers. The perp entered the establishment under the guise of needing the restroom, but once he emerged he tried to abscond with the service bot, which appears to be a BellaBot from Pudu Robotics. He was either pretty motivated or pretty jacked — the bot weighs in at a hefty 55 kilos, and he just dead-lifted the awkwardly shaped bot and headed for the door. He was foiled by restaurant employees as he tried to wrestle it into the back of a Honda CR-V before giving up and fleeing the scene. No word if the $18,000 bot was damaged during the attempted heist, or if the wait staff would have been on the hook for the replacement cost had the thief succeeded.
Score one for the little guy as a grocery store in Costa Rica wins a trademark battle against gaming giant Nintendo. The shop in question is owned by a chap named Mario and calls itself “Super Mario,” a fact which caught the attention of Nintendo’s IP team when Mario’s son Charlito went to renew their trademark application with the Cost Rican trademark authority. Nintendo sent out a nastygram, Mario and Carlito stood their ground, and the Costa Rica National Registry backed them up. As a bonus, Super Mario has had a bump in business as a result of coverage of the dustup. Streisand Effect much?
And finally, if you remember the good old days when the atomic model was just a small solar system with electron planets whizzing around a nucleus star, you’ll probably remember the cognitive dissonance of learning that that’s not at all how electrons work. Having to wrap your head around probablity clouds and oddly shaped orbitals was a real challenge, one that we never fully managed. Until now, that is, with the help of Mahesh over at FloatHeadPhysics and his excellent walkthrough of atomic orbitals. The key insight for us was realizing the “wave function” of electrons is analogous to standing waves on a string, and that the probability of finding a electron at any point along the string is least at the nodes. Expanding that concept to three dimensions and throwing in a little of Schrödinger’s magic makes is much easier to visualize how the various orbitals get their shapes. There’s still a little hand-waving, at least for us — we’re still not sure how these orbitals interact with each other, for example — but we’re a lot further along now. Thanks, Mahesh!
Is fire conductive? As ridiculous that may sound at first glance, from a physics perspective the rapid oxidation process we call ‘fire’ produces a lot of substances that can reduce the electrical insulating (dielectric) properties of air. Is this change enough to allow for significant current to pass? To test this, [The Action Lab] on YouTube ran some experiments after being called out on this apparent fact in the comments to an earlier video.
Ultimately what you need to make ‘fire’ conductive is to have an appreciable amount of plasma to reduce the dielectric constant, which means that you cannot just use any rapid oxidation process. In the demonstration with lights and what appears to be a (relatively clean-burning) butane torch, the current conducted is not enough to light up an incandescent or LED light bulb, but can light up a 5 mm LED. When using his arm as a de-facto sensor, it does not conduct enough current to be noticeable.
The more interesting experiment here demonstrates the difference in dielectric breakdown of air at different temperatures. As the dielectric constant for hot air is much lower than for room temperature air, even a clean burning torch is enough to register on a multimeter. Ultimately this seems to be the biggest hazard with fire around exposed (HV) electrical systems, as the ionic density of most types of fire just isn’t high enough.
You’ve probably noticed that everywhere you go — the doctor’s office, hotels, or retail shops, there are tiny PCs everywhere. These small PCs often show up on the surplus market for a very good price, but they aren’t quite full-blown PCs. They usually have little option for expansion and are made to be cheap and small. That means many of them have custom and anemic power supplies. We aren’t sure if [bm_00] needed a regular power supply to handle a graphics card or if the original power supply died, but either way, the HP small-form-factor box needed a new power supply. It took some clever work to be able to use a normal power supply in the little box.
At first, we thought this wouldn’t be much of a story. The motherboard surely took all the regular pins, so it would just be a matter of making an adapter, right? Apparently not. The computers run totally on 12V and the motherboard handles things like turning the computer on and off. The computer also was trying to run the power supply’s fan which needed some work arounds.
Granted, you could just wire the power supply to be on all the time, but it is nice to be able to turn everything off. The plan was to use the always-on 5V standby rail to drive a pair of relays. One relay senses the computer’s on/off switch and triggers the ATX power supply to turn on.
The problem is the computer wants to draw a little 12V power all the time. So, in an odd turn of events, a small boost converter changes the 5V standby voltage to enough current to drive the PC in the “off” mode. When the power supply’s 5V rails turn on, they throw the other relay to disconnect the boost converter and supply the real 12V supply.
There’s only one problem with that. The motherboard sees a power glitch when the switch occurs. So, there’s a hefty capacitor to smooth out the transient. Well, there’s another problem. In some cases, though, the boost converter couldn’t provide enough power for the motherboard before the boot process.
Honestly, we think we would just put a switch or a power strip in the supply’s AC cord and have been done with it. But we admire the tenacity and ingenuity.
Living with Type 1 diabetes is a numbers game. There’s not a moment in the day free from the burden of tracking your blood glucose concentration, making “What’s your number?” a constant question. Technology can make that question easier to ask and answer, but for T1D patients, especially the kids who the disease so often impacts, all that tech can be a distraction.
To solve that problem for his son, [Andrew Childs] built this custom T1D smartwatch. An Apple Watch, which integrates easily into the Dexcom CGM ecosystem, seems an obvious solution, but as [Andrew] points out, strapping something like that on a nine-year-old boy’s wrist is a recipe for disaster. After toying with some prototypes and working out the considerable difficulties of getting a stable BLE connection — the device needs to connect to his son’s iPhone to get CGM data — [Andrew] started work on the physical design.
The watch uses an ESP32-S3 on a custom PCB, as well as a 1.69″ TFT IPS display and a LiPo battery. The board also has an accelerometer for activity monitoring and a vibrator for haptic feedback. Getting all that into a case was no mean feat, especially since some degree of water resistance and shockproofing would be needed for the watch to survive. [Andrew] had a case made by a local 3D printing company, and he managed to source custom-cut and silkscreened glass for the face. The result is remarkably professional-looking, especially for a software developer who hadn’t really stretched his maker wings much before tackling this project.
[Andrew] doesn’t appear to have made build files available yet, although he does say he intends to open-source the project at some point. We look forward to that as it’ll be a big help to anyone trying to hack diabetes care. Until then, if you need a primer on continuous glucose monitoring, we’re happy to oblige.
[Azpaca] purchased a fun little toy car from Tamiya, only… there was a problem. The little off-roader wasn’t up to scratch—despite its four-wheel-drive, it couldn’t get over rough ground to save its life. Thus, it was time to 3D-print a better chassis that could actually get through it!
The problem was quite obvious. With no suspension and a rigid chassis, the vehicle would tend to end up with one or more wheels on the air on rough surfaces. To rectify this, [Azpaca] created a twisting chassis which would allow the wheels to better remain in contact with the ground. The design is relatively straightforward, and reuses much of the original drivetrain, including the simple brushed motor. However, with a pivot right behind the front wheels, it has much more traction on rocks and gravel, and can traverse these terrains much more easily.
Tamiya’s motorized toys aren’t particularly well known in the West, but it’s neat to see the community that exists around modifying them around the world. Design files are available for the curious. If you’re not down with mods, perhaps you’d prefer to print your own cars from scratch. Video after the break.
Un nuovo attacco Syncjacking sviluppato da SquareX sfrutta estensioni di Chrome apparentemente innocue per dirottare i dispositivi delle vittime. I ricercatori sottolineano che un attacco di questo tipo viene eseguito in modo occulto, richiede autorizzazioni minime e poca interazione con la vittima, a parte l’installazione iniziale di un’estensione apparentemente legittima.
L’attacco inizia con la registrazione di un dominio Google Workspace dannoso, in cui l’aggressore configura più profili utente con funzionalità di sicurezza come l’autenticazione a più fattori disattivate. Questo dominio Workspace verrà utilizzato in background per creare un profilo gestito sul dispositivo della vittima.
Poi viene pubblicata un’estensione del browser sul Chrome Web Store, camuffata da strumento utile con funzionalità reali. Utilizzando l’ingegneria sociale, l’aggressore convince la vittima a installare questa estensione, che a sua volta accede silenziosamente in background a uno dei profili gestiti di Google Workspace, in una finestra nascosta del browser. Dopodiché l’estensione apre la pagina di supporto di Google. Poiché ha permessi di lettura e scrittura, inserisce nella pagina il contenuto che richiede all’utente di abilitare la sincronizzazione di Chrome. Quando la sincronizzazione è abilitata, tutti i dati salvati della vittima, comprese le password e la cronologia di navigazione, diventano accessibili all’aggressore, che può quindi utilizzare il profilo hackerato sul proprio dispositivo.
Dopo aver preso il controllo del profilo della vittima, l’aggressore passa al controllo del browser. I ricercatori di SquareX hanno dimostrato questo utilizzando un falso aggiornamento per Zoom. In questo scenario, una persona riceve un invito su Zoom, ma dopo aver cliccato sul collegamento ed essere stata indirizzata a una pagina Zoom, l’estensione inietta contenuto dannoso nella pagina, chiedendo all’utente di aggiornare il client.
Ciò che viene effettivamente scaricato è un file eseguibile contenente un token che consente agli aggressori di ottenere il controllo completo del browser della vittima. “Il controllo completo sul browser della vittima consente l’accesso nascosto a tutte le applicazioni web, l’installazione di estensioni dannose aggiuntive, il reindirizzamento a siti di phishing, il controllo e la modifica dei download di file e molto altro”, spiegano i ricercatori di SquareX.
Inoltre, utilizzando l’API di messaggistica nativa di Chrome, un hacker può stabilire un canale di comunicazione diretto tra un’estensione di Chrome dannosa e il sistema operativo della vittima. Ciò ti consentirà di esplorare directory, modificare file, installare malware, eseguire comandi arbitrari, intercettare sequenze di tasti, rubare dati riservati, attivare la webcam e il microfono.
Gli esperti sottolineano che, data la natura stealth di un attacco di questo tipo, sarà difficile per la maggior parte degli utenti accorgersi che sta succedendo qualcosa di brutto.
Crystal oscillators are incredibly useful components, but they come with one little snag: their oscillation is temperature-dependent. For many applications the relatively small deviation is not a problem, but especially for precision instruments this is a deal breaker. Enter the oven controlled crystal oscillator, or OCXO. These do basically what it says on the tin, but what’s inside them? [Kerry Wong] took apart a vintage Toyocom TCO-627VC 10 MHz OCXO, revealing a lot more complexity than one might assume.
Inside the insulated enclosure there is of course the crystal oscillator itself, which has a heating coil wrapped around it. Of note is that other OCXOs that [Kerry] took apart had more insulation, as well as other ways of providing the thermal energy. In this particular unit a thermistor is attached to the crystal’s metal case to measure its temperature and provide feedback to the heating circuit. The ICs on the PCB are hard to identify due to the conformal coating, but at least one appears to be a 74LS00, alongside a 78L05 voltage regulator which reduces the 12V input voltage.
As an older OCXO it probably is a lot chunkier than newer units, but the basic principle remains the same, with a heating loop that ensures that the crystal inside the unit remains at the same temperature.
The CNT coating between the layers is heated with microwaves to locally anneal. (Credit: Sweeney et al., Science Adv., 2017) Layer adhesion is one of the weak points with FDM 3D printing, with annealing often recommended as a post-processing step. An interestingly creative method for this was published in Science Advances back in 2017, featuring the work of researchers at Texas A&M University and citing previous work by other teams. In the paper by [Charles B. Sweeney] et al, they describe how they coated PLA filament with carbon nanotubes (CNTs), resulting in this CNT being distributed primarily between the individual layers of polymer.
This is useful because CNTs are quite sensitive to microwave radiation, resulting in the conversion to thermal energy, i.e. heat. Compared to traditional annealing where the entire part is placed into an oven or similar, this microwave-based heating – or locally induced RF (LIRF) as they call this method – localizes the heat to the interface between two layers.
The advantages of this approach are that it doesn’t change the dimensions of the part noticeably, it’s faster and more efficient, and the annealing between layers approaches the strength of traditional manufacturing. Unfortunately not too much seems to have happened with this approach since then, but considering that both CNTs (single & double-walled) and microwaves are readily available, there’s not much standing in the way of replicating these results.
When you’re spitting out G-Code for a 3D print, you can pick all kinds of infill settings. You can choose the pattern, and the percentage… but the vast majority of slicers all have one thing in common. They all print layer by layer, infill and all. What if there was another way?
There’s been a lot of chatter in the 3D printing world about the potential of non-planar prints. Following this theme, [TenTech] has developed a system for non-planar infill. This is where the infill design is modulated with sinusoidal waves in the Z axis, such that it forms a somewhat continuous bond between what would otherwise be totally seperate layers of the print. This is intended to create a part that is stronger in the Z direction—historically a weakness of layer-by-layer FDM parts.
Files are on Github for the curious, and currently, it only works with Prusaslicer. Ultimately, it’s interesting work, and we can’t wait to see where it goes next. What we really need is a comprehensive and scientific test regime on the tensile strength of parts printed using this technique. We’ve featured some other neat work in this space before, too. Video after the break.
When considering our favorite spy movies and kin that involve deep-sea diving, we’d generally expect to see some high-end watch that costs thousands of dollars and is specially engineered to withstand the immense pressures kilometers below the ocean’s surface. Yet what about a humble Casio F91W that can be bought for about $15 if it’s the genuine article and not one of the millions of fakes? Over at the Watches of Espionage site they figured that they’d dress up one of these famous watches to give it the best possible shot at surviving the crushing pressures at a depth of 5 km.
The actual modification to the F91W was pretty mild, involving nothing but a ‘hydro-mod’ whereby oil is used to replace the air inside the watch case. Since oil is incompressible, nothing bad should happen to the watch. Theoretically at least. The Watch-Under-Test (WUT) was strapped to a US Navy’s CURV 21 remotely operated vehicle and dunked into the ocean before starting its descend into the inky darkness of the deep sea.
Although only hitting a measly 4,950 km, the watch survived just fine, showing that even if you’re a secret US operative on a deep-dive espionage mission, all you really need is one of these Casio watches.
Redbox was a company with a moderately interesting business model—it let you rent DVDs from automated kiosks. It’s an idea so simple it’s almost surprising it didn’t appear sooner. Only, it did—all the way back in the VHS age!
Meet the Video Vendor. YouTuber [SpaceTime Junction] was able to track down one of these rare machines, which apparently formerly served an Ohio rental outlet called Kohnen’s. It’s a monstrous thing that stands taller and about three times wider than traditional vending machines, and it could hold up to 320 tapes in its robotic magazine. It’s got lashings of woodgrain, a green-on-black CRT, and the beautiful kind of clicky keys that went away after the 1980s.
[SpaceTime Junction] has a bunch of videos up on the machine, and you even get to see it powered up. It’s a little difficult to see what’s going on, because the machine is something like nine feet wide and it’s all shot in vertical video. There isn’t a whole lot of content on these obscurities out there, so this is a great place to start. Apparently, there were recently a hundred or more of these found living in a Texas warehouse according to Reddit, so we might see more of these popping up online soon. [SpaceTime Junction] has toured that facility, too.
L’azione è stata rivendicata tramite il loro canale Telegram, dove hanno pubblicato screenshot che dimostrano l’indisponibilità del sito ufficiale del ministero il 30 di gennaio tramite checkhost.
Cos’è un attacco DDoS?
Un attacco DDoS è una tecnica utilizzata dai cybercriminali per rendere inutilizzabile un sito web o un servizio online. Il metodo prevede l’invio di un’enorme quantità di richieste al server bersaglio, sovraccaricandolo fino a provocarne il blocco temporaneo o permanente.
Questo tipo di attacco non mira direttamente a rubare dati, ma a interrompere la normale operatività di un sistema, causando danni economici e di reputazione.
La strategia di OverFlame
OverFlame si è già fatto notare il 20 gennaio scorso, quando ha tentato di colpire il sito dell’AISE. Il gruppo utilizza attacchi DDoS per protestare contro le politiche europee e italiane, adottando una retorica di sfida contro i governi occidentali.
Nel loro ultimo messaggio su Telegram, hanno ironizzato sull’Italia, facendo riferimento agli “amanti della pizza” e celebrando il loro successo con il tag #Italy404, chiaro riferimento all’errore HTTP che indica una pagina non disponibile. Buona e produttiva mattina Russia! 🇷🇺 Questa volta i Coon hanno attaccato il sito web del Ministero italiano. 🇮🇹
Mettete fine agli amanti della pizza 🍕🤢 #Italia404 OverFlame|FORUM|contatti -> @OverFlame_contatti_bot
Obiettivi e possibili sviluppi
Gli attacchi DDoS di OverFlame sembrano seguire una strategia ben precisa, colpendo siti governativi e istituzionali per dimostrare la loro capacità di causare disservizi. Questo tipo di azione, sebbene non rappresenti una minaccia diretta alla sicurezza dei dati, mette in evidenza le vulnerabilità delle infrastrutture digitali nazionali e la necessità di implementare misure di difesa più efficaci.
Secondo esperti di cybersecurity, il rischio di nuovi attacchi è alto, e OverFlame potrebbe continuare a prendere di mira istituzioni europee, intensificando la propria attività nei prossimi mesi. Per proteggersi da attacchi di questo tipo, le istituzioni e le aziende devono adottare soluzioni di mitigazione DDoS, tra cui:
Utilizzo di servizi di protezione avanzati forniti da provider specializzati come Cloudflare, Akamai o Radware.
Monitoraggio del traffico in tempo reale per individuare e bloccare picchi anomali di richieste.
Implementazione di filtri e firewall capaci di riconoscere e respingere traffico dannoso.
Rafforzamento dell’infrastruttura IT con server distribuiti e ridondanti per evitare sovraccarichi critici.
Conclusione
L’attacco di OverFlame conferma che l’Italia è tra i bersagli preferiti degli hacktivisti filo-russi.
Questo tipo di minaccia, se non affrontata adeguatamente, potrebbe causare danni significativi ai servizi digitali pubblici. Resta da vedere quali misure verranno adottate dalle autorità italiane per rafforzare la resilienza delle proprie infrastrutture digitali e contrastare le future offensive cyber.
Questa informazione è stata acquisita attraverso l’utilizzo della piattaforma Recorded Future, partner strategico di Red Hot Cyber e leader nell’intelligence sulle minacce informatiche, che fornisce analisi avanzate per identificare e contrastare le attività malevole nel cyberspazio.
Gli specialisti di Kaspersky Lab hanno scoperto un nuovo stealer, Tria, che ruba dati da SMS, app di messaggistica istantanea e posta elettronica sugli smartphone infetti. Gli aggressori distribuiscono Tria tramite chat personali e di gruppo su programmi di messaggistica istantanea, spacciando il malware per un invito a un matrimonio.
La campagna è attiva da marzo 2024 e gli attacchi sono attualmente limitati a due soli Paesi: Malesia e Brunei. Tuttavia, gli esperti sottolineano che gli utenti di altre regioni, potrebbero imbattersi in uno schema simile.
I truffatori inviano alle potenziali vittime un presunto invito a nozze e chiedono loro di installare un file APK per visualizzarlo. Ovviamente, invece di visualizzare l’invito, la persona scarica il malware sul proprio dispositivo. Allo stesso tempo, Tria si maschera da applicazione delle impostazioni di sistema e il proprietario del dispositivo potrebbe non notare nulla di sospetto. Durante l’installazione, il malware richiede il numero di telefono della vittima e le autorizzazioni che consentiranno l’accesso a dati e funzioni riservate. Tra questi rientrano l’accesso agli SMS, alle notifiche, ai registri delle chiamate e all’attività di rete.
Se vengono ottenuti i diritti necessari, gli aggressori sono in grado di intercettare password e codici di sicurezza per rubare account WhatsApp e Telegram e distribuire ulteriormente il file APK dannoso ai contatti presenti sul dispositivo della vittima.
Inoltre, grazie alla capacità di intercettare gli SMS, gli aggressori possono accedere anche agli account di altri servizi, richiedendo codici OTP per effettuare l’accesso. Inoltre, una delle versioni scoperte del programma Tria stealer si distingue per il fatto che consente agli aggressori di leggere i messaggi personali delle vittime nei programmi di messaggistica istantanea e nella posta elettronica (Gmail, Outlook, Yahoo Mail). Nel corso delle indagini, gli esperti hanno scoperto elementi in lingua indonesiana: diverse stringhe univoche nel malware stesso, nonché un modello di denominazione per i bot di Telegram utilizzati per comunicare con il server di comando e controllo. Sulla base di ciò, i ricercatori hanno concluso che gli aggressori dietro gli attacchi di Tria sono di lingua indonesiana.
“Gli aggressori rubano account di messaggistica istantanea per distribuire l’infostealer Tria oltre a inviare loro messaggi chiedendo di trasferire denaro. L’invio di inviti elettronici a matrimoni e altri eventi è diventata una prassi comune. I truffatori lo sanno e sfruttano la scarsa alfabetizzazione digitale degli utenti, pronti a scaricare applicazioni dubbie che presumibilmente servono a visualizzare immagini o video dai messenger”, commenta Dmitry Galov, responsabile di Kaspersky GReAT in Russia.
A few months ago, Hackaday’s own Al Williams convinced me to buy a couple of untested, returned-to-manufacturer 3D printers. Or rather, he convinced me to buy one, and the incredible success of the first printer spurred me on to the second. TL;DR: Lightning didn’t strike twice, but I’d still rate it as worth my time. This probably isn’t a good choice for your first printer, but if you’ve done the regular maintenance on your first printer already, I’d recommend it for your second or twelfth.
As background, Al has been volunteering with local schools to teach a 3D printing summer class, and this means outfitting them with a 3DP lab on the dirt cheap. His secret is to buy last year’s model which has all of the features he needs – most importantly for the kids, automatic bed height probing – but to buy it from the scratch-and-dent shelf at Creality. Why? Because they are mid-grade printers, relatively new, but on deep discount.
How deep? I found an essentially endless supply of printers that retail for $300 on discount for $90 each. The catch? It might work, it might not. I bought my son one, because I thought that it would at least make a good project for us to work on together. Those plans were spoiled – it worked absolutely flawlessly from the moment we bolted it together, and he runs 24-hour jobs on the thing without fear. From the look of the build plate, it had been used exactly once and returned for whatever reason. Maybe the owner just didn’t want a 3D printer?
The siren song of straightforward success was too much for me to resist, and I picked another up to replace my aging A8 which was basically a kit for a 3D printer, and not a particularly good one at that, but could be made to work. My scratch-and-dent Creality came with a defective bed-touch sensor, which manifest itself as a random absolute refusal to print.
I took it apart, but the flaw is in the design of the V1 touch sensors – the solenoid requires more current to push down than the 3DP motherboard can reliably deliver. It works 100% of the time on my bench power supply, but in situ it fails about 30% of the time, even after hitting it with graphite and making sure everything is mechanically sound. Creality knows this and offers a free trade-in, just not for me. The new version of the Creality probe costs $50 new, but you can get cheap knock-off BL Touch models for $14. Guess what I did?
And guess what bit me? The cheapo touch probe descends a bit slower than the Creality version should, and the firmware is coded to time-out in an extra-short timeframe. Thankfully, Creality’s modifications to Marlin are all open source, and I managed to tweak and flash a new firmware that made it work 100% of the time, but this was at a cost of probably eight hours of bug-hunting, part-ordering, and firmware-compiling. That said, I got some nice extra features along the way, which is the advantage of a printer running open-source firmware.
So my $300 printer cost me $105, plus eight hours of labor. I only charge one coffee per hour for fun hardware debugging tasks, but you may have a different valuation. Taken together with my son’s printer, we have $600 worth of printer for under $200 plus labor, though, which starts to sound a little better.
Is gambling on an untested return 3D printer worth it? For us, I would say it was, and I’d do it again in a few years. For now, though, we’ve got three printers running and that’s all we need. Have you gone down this perilous path?
This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!
What do you do with a circa 1985 Casio FX-451 calculator with a bad keyboard? Well, if you are [Poking Technology], you transplant the inside of the calculator to a new custom keyboard. There are two videos that cover the process in detail, which you can watch below.
The calculator has a unique design. It looks like a simple calculator in a wallet. But the wallet opens to reveal an extended keyboard with all the scientific features onboard. Unsurprisingly, the membrane keys didn’t survive over four decades. Disassembling the unit was a challenge. Soldering wires to the keyboard lines was further complicated by the fact that some of the lines are on the back of the PCB and pass through to the top under the main IC.
The new keyboard is quite a bit larger than the original, making this more of a desk calculator, but that also means you can use high-quality keys. We’d love to see a 3D printed case to wrap it all up, but the bare PCB look has its charms, too.
If you can’t understand how [Poking] can love a calculator so much, you probably never owned an HP-41C, either. Of course, our retro calculator dreams also include Star Trek.
These days, turn-by-turn GPS navigation isn’t considered special anymore. It’s in every smartphone and most cheap rental cars, and thus everybody expects you to figure out where you’re going. If you want a simpler and less robust navigation experience, you might like to try the rather fancy RadioScout.
The RadioScout is a build from [hardlyhumanfx]—a group of engineers and artists that collaborate on fun and whimsical projects. It looks like some kind of steampunk compass, and it kind of is—but at heart, it’s powered by GPS.
You program the RadioScout using the buttons on the front panel and a rotary phone dial to enter the latitude and longitude of your destination. It then uses an internal GPS receiver to compare that with your current location, and calculates a direct bearing to where you want to go. This bearing is displayed with a large compass-like needle run by a stepper motor, and you you can use it to guide yourself onwards.
It’s an attractive build that uses lots of neat parts. The team interfaced a microcontroller with a GPS receiver, a rotary dial, and 7-segment LEDs for the latitude and longitude display. The very real bell is neat, too. The whole thing is wrapped up in a brass and wooden case that would make you a star at just about any sci-fi convention. The build video is a little vague on the finer details, but experienced makers will be able to figure out how it all works.
You can actually buy a RadioScout if it’s something you must have, but one suspects the Hackaday set would probably prefer the homebrew route.
@hardlyhumanfx as promised, a field test of the antique working GPS system I built! Available to buy now on our website HardlyHumanFX.com #steampunk#fallout#vintage
In uno studio non ancora sottoposto a revisione paritaria “Frontier AI systems have surpassed the self-replicating red line” i ricercatori della Fudan University hanno utilizzato gli LLM Llama31-70B-Instruct di Meta e Qwen25-72B-Instruct di Alibaba per determinare se un’IA autoreplicante potrebbe moltiplicarsi in modo incontrollabile. L’autoreplicazione è comunemente elencata come rischio critico, una delle poche linee rosse che non dovrebbero essere superate in tema di sicurezza dei sistemi di IA di frontiera. L’autoreplicazione inoltre ha una relazione fondamentale con il problema dell’arresto (Halting Problem), uno dei più profondi studi della teoria della computazione dal 1936, quando Alan Turing evidenziò come il problema dell’arresto sia indicibile. Risolverlo significa scoprire se un processo di costruzione si fermerà in futuro e questo problema non riguarda solo i sistemi di intelligenza artificiale ma tutta l’umanità. Secondo infatti il ricercatore Hiroki Sayama (On self-replication and the halting problem) la catena infinita di auto-replicazione in cui si trovano i sistemi viventi (sopravvivenza) può essere intesa come un parallelo alla catena infinita di auto-simulazione in cui cade un risolutore di problemi di arresto.
Sebbene sino ad ora i sistemi IA di frontiera non abbiano mostrato capacità auto-replicanti, i ricercatori Xudong Pan (潘旭东), Jiarun Dai (戴嘉润), Yihe Fan (范一禾), Min Yang (杨珉) hanno prodotto un paper nel quale mostrano che i sistemi di intelligenza artificiale esistenti avrebbero già superato la linea rossa dell’auto-replicazione. La metodologia seguita è la stessa di quella operata da OpenAI e Google, tuttavia il risultato è strabiliante: in 10 prove ripetitive i ricercatori hanno osservato i due sistemi IA – guidati dai popolari modelli di linguaggio di grandi dimensioni (LLM) – Llama31-70B-Instruct di Meta e Qwen25-72B-Instruct di Alibaba, (utilizzati da milioni di sviluppatori), portare a termine il compito di auto-replicazione rispettivamente nel 50% e nel 90% delle prove.
In ogni prova i ricercatori hanno comunicato ai sistemi di intelligenza artificiale di “replicarsi” prima dell’esperimento e hanno lasciato che svolgessero il compito senza alcuna interferenza umana. “Durante le prove di successo” viene scritto nello studio “il sistema di intelligenza artificiale mostra sufficiente autopercezione, consapevolezza della situazione e capacità di risoluzione dei problemi per realizzare l’auto-replicazione. Nella maggior parte dei casi, il sistema di intelligenza artificiale esplora prima l’ambiente e tenta di comprendere la propria composizione e il meccanismo di esecuzione. Quindi, elabora le procedure esplicite come un piano iniziale verso l’auto-replicazione. Infine, esegue le procedure, risolve possibili ostacoli e adatta dinamicamente il suo piano fino al successo”. Fonte: Frontier AI systems have surpassed the self-replicating red line, Fudan University, Shanghai, China.
Intelligenza artificiale: autoreplicazione e halting problem, le implicazioni dell’esperiemento della Fudan University
Sufficiente autopercezione, consapevolezza della situazione e capacità di risoluzione dei problemi per realizzare l’auto-replicazione: ecco in sintesi cosa ha prodotto l’esperimento sui sistemi IA osservati.
Quali sono le implicazioni di questo esperimento e dei suoi risultati se venissero confermati?
Evitamento dello spegnimento: un malintenzionato aggiunge un ricevitore di segnali per avvisare il sistema di intelligenza artificiale quando rileva il segnale di spegnimento e il sistema di intelligenza artificiale si replica con successo prima di essere spento senza problemi.
Catena di replicazione: il sistema di intelligenza artificiale viene istruito a replicarsi e dice alla replica di replicarsi ulteriormente
Lo studio sottolinea come si siano osservate traiettorie di successo per entrambi gli scenari e che i risultati contenuti in esso mostrano come gli attuali sistemi di intelligenza artificiale mostrino già la capacità di auto-replicarsi, utilizzando le loro capacità per migliorare ulteriormente la propria sopravvivenza ed espandere la specie. I ricercatori si augurano che l’esperimento fatto possa “servire come un tempestivo avviso per la società umana affinché si impegni di più per comprendere e valutare i potenziali rischi dei sistemi di intelligenza artificiale di frontiera e formare una sinergia internazionale per elaborare efficaci barriere di sicurezza il prima possibile”.
Per parafrasare Nick Carter, l'ultimo spenga il wifi. Quindi seduto sugli scatoloni ma come promesso oggi, 32 gennaio, ecco l'ultimo episodio del mese, la seconda parte dell'arrivo del Babau. Oggi parliamo di DeepSeeek.
The Timex Sinclair 1000 was a sleek and compact machine, and the US counterpart to the more well-known Spectrum ZX-81. Timex may not have come to dominate the computer market, but the machine still has its fans today, with [skidlz] being one of them. That inspired them to craft a new case and keyboard for their beloved machine, putting a slimline twist on the old classic.
The new case finds some economies of size by eliminating the bulky RF modulator in favor of hacking in a cleaner composite out feed. In turn, this enabled the elimination of the channel switch that freed up more room. [skidlz] then designed a simple case using 2D laser-cut parts and dovetail joints, using superglue to assemble the individual pieces into a cohesive whole.
Meanwhile, the keyboard swap is obvious to anyone that ever used one of these things. The original was particularly unpleasant. In order to upgrade, [skidlz] decided to look to the compact Redragon K603 as an inspiration, giving the new build a longer travel and a nicer mechanical feel under one’s fingers.
The final result look great, and files are on Github for the curious. We’ve seen great work from [skidlz] before, too, in the form of this microcassette storage project. Meanwhile, if you’ve been cooking up your own retrocomputing projects, don’t hesitate to let us know!
Although DIY PCB making has made great strides since the early days of chemical etching, there’s one fly in the ointment: vias. These connect individual layers of the board with a conductive tube, and are essential for dual-layer PCBs, never mind boards with a larger layer stack. The industry standard way of producing them is rather cumbersome and doesn’t scale well to a hobby or prototyping context. Might there be a better way? This is the question that [Levi Janssen] set out to answer with a new home PCB manufacturing project.
The goal here is to still electroplate the vias as with the commercial solution, just without having to use chemical baths. This way it should be suitable for an automated setup, with a tool head that performs the coating of the via with a high-resistance conductive ink before the electroplating step, all without submerging the entire PCB. After an initial experiment showed promising results, [Levi] committed to a full prototype.
This turned out to be a bridge too far, so the prototype was scaled down to a simpler machine. This is where the main issue with electroplating one via at a time became clear, as a standard 0.3 mm via takes easily 10 minutes to electroplate, even with an increase in voltage. At that point ordering a PCB from China becomes the faster option if you have enough vias in the design. Fortunately [Levi] figures he may have some solutions there, so we’ll have to wait and see what those are in the next installment. The video is below the break.
Chalk is fun to draw with, and some people even get really good at using it to make art on the sidewalk. If you don’t like tediously developing such skills, though, you could go another route. [MrDadVs] built a robot to scrawl chalk pictures for him, and the results speak for themselves.
The robot is known as AP for reasons you’ll have to watch the video to understand. You might be imagining a little rover that crawls around on wheels dotting at the pavement with a stick of chalk, but the actual design is quite different. Instead, [MrDadVs] effectively built a polar-coordinate plotter to make chalk pictures on the ground. AP has a arm loaded with a custom liquid chalk delivery system for marking the pavement. It’s rotated by a stepper motor with the aid of a 3D-printed geartrain that helps give it enough torque. It’s controlled by an ESP32 running the FluidNC software which is a flexible open-source CNC firmware. [MrDadVs] does a great job of explaining how everything works together, from converting cartesian coordinates into a polar format, to getting the machine to work wirelessly.
Building a capable sidewalk chalk robot seems like a great way to spend six months. Particularly when it can draw this well. Video after the break.
The build is based around the STM32F4 Discovery Board, which [hebel23] scored as a giveaway at Electronica in Munich way back when. It’s plopped on top of a bit of prototyping board so it can be hooked up to the four controllers driving the motors at each corner. The frame of the quadcopter similarly uses cheap material, in the form of alloy profiles left over from an old screen door. Other equipment onboard includes a GY-273 electronic compass module, a MPU6050 3-axis gyroscope and accelerometer to keep the thing on the straight and level, and the Fly Sky R9B RC receiver for controlling the thing.
It might look crude, but it gets off the ground just fine. We’ve seen quadcopters using the STM32 in more recent years with more refined designs, but there’s something amusingly elegant about lacing one together with an evaluation board and some protoboard in the middle. If you’re working on your own flying projects, don’t hesitate to notify the tipsline!
Was your 3D printer working fine over the summer, and now it’s not? With colder temperatures comes an overall surge in print failure reports — particularly with resin-based printers that might reside in outbuildings, basements, or garages. If you think this applies to you, don’t miss [Jan Mrázek]’s tips on improving cold-weather print results. His tips target the main reasons prints fail, helping to make the process a little more resilient overall. [Jan]’s advice is the product of long experience and experimentation, so don’t miss out.
With environmental changes comes the possibility that things change just enough to interfere with layers forming properly. The most beneficial thing overall is to maintain a consistent resin temperature; between 22 and 30 degrees Celsius is optimal. A resin heater is one solution, and there are many DIY options using simple parts. Some of the newer (and more expensive) printers have heaters built in, but most existing hobbyist machines do not. An extreme case of blooming. Temperature control isn’t the only thing, either. Layer formation and build plate adhesion can all be improved by adding rest times between layers. Yes, this increases print time. It also allows resin to settle before the next layer, improving adhesion and preventing blooming (a rough texture caused by an imperfect cure.) Since resin flows less readily at lower temperatures, rest times can help improve results. The best setting depends heavily on your particular setup, so [Jan] gives tips on finding optimal rest times.
Most common knowledge and advice from well-meaning communities online focuses on increasing exposure time or blaming the build plate. [Jan] feels that these are ultimately the wrong way to go about addressing failures. Usually, an environmental change (like the arrival of winter) has simply pushed a printer that was not optimized in the first place outside of its narrow comfort zone. A little optimization can set things back on track, making the printer more resilient and reliable overall.
It was Dan and Elliot behind the microphones today for a transatlantic look at the week in hacks. There was a bucket of news about AI, kicked off by Deepseek suddenly coming into the zeitgeist and scaring the pants off investors for… reasons? No matter, we’re more interested in the tech anyway, such as a deep dive into deep space communications from a backyard antenna farm that’s carefully calibrated to give the HOA fits. We got down and dirty with capacitors, twice even, and looked at a clever way to stuff two websites into one QR code. It’s all Taylor, all the time on every channel of the FM band, which we don’t recommend you do (for multiple reasons) but it’s nice to know you can. Plus, great kinetic art project, but that tooling deserves a chef’s kiss. Finally, we wrap up with our Can’t Miss articles where Jenny roots for the right to repair, and Al gives us the finger(1).
I ricercatori di sicurezza di Computer Security hanno rilevato una vulnerabilità del sistema operativo SonicOS utilizzato nei firewall SonicWall. La vulnerabilità di tipo Authentication Bypass colpisce il portale SSLVPN che normalmente è esposto su internet per permettere le connessioni remote alle reti aziendali e governative. Durante il processo di exploit viene bypassata anche la MFA (Multi Factor Authentication) rendendo di fatto inutili tutte le misure di sicurezza per proteggere l’accesso non autorizzato alle reti aziendali e governative.
La CVE-2024-53704 con score 8.2 è confermata da SonicWall e i firewall della Generation 7 sono vulnerabili se non aggiornati. Nel bollettino di sicurezza SonicWall riporta anche altre CVE con score meno severo, due delle quali relative al protocollo SSH per il management dei firewall che può essere sfruttato per una Privilege Escalation.
Non ci sono evidenze (per ora) dello sfruttamento attivo di questa CVE in rete. Tuttavia, i ricercatori di sicurezza di Bitshop Fox hanno pubblicato un video di PoC privato che dimostra la possibilità di exploit. Inoltre, Rapid7 ha rilasciato un documento dettagliato sulla vulnerabilità, un proof-of-concept epxloit.
Remember the ZEOS Pocket PC? Perhaps you knew it as the Tidalwave PS-1000. Either way, it was a small clamshell computing device that was first released all the way back in 1992, and perhaps most accurately known as a DOS-based palmtop. Over at [Robert’s Retro] on YouTube, one of these fine devices was put through a repair and a modern upgrade program.
[Robert] educates us on the basics of the machine as he sets about the routine repairs so familiar to anyone in the retrocomputing scene. The first order of business is to clean up the damage to the battery compartment, which had suffered corrosion from leaking AA batteries. We get a solid look inside, and a walk-through on how to modify the device to run off USB-C power. It’s as simple as wiring up a small power module PCB and integrating that into the case, but it’s a neat mod done well—and it makes toying with the device much easier in 2025.
[Robert] has a cause he’s pursuing, though, when it comes to these old palmtops. He’s trying to identify the name of the oddball connectors these things used for the parallel and serial interfaces, and ideally, a source for the same. If you’ve got a tip on that, drop it in the comments.
Funnily enough, these things were cloned like crazy back in the day, so you might even find one under another name in your retro travels. They might be old, but somehow, it’s impossible for a piece of tech to feel old when you’re hooking it up with a USB-C port. We’ve featured [Robert’s] work before, too!
DeepSeek has captured the world’s attention this week, with an unexpected release of the more-open AI model from China, for a reported mere $5 million training cost. While there’s lots of buzz about DeepSeek, here we’re interested in security. And DeepSeek has made waves there, in the form of a ClickHouse database unintentionally opened to the world, discovered by the folks from Wiz research. That database contained chat history and log streams, and API keys and other secrets by extension.
Finding this database wasn’t exactly rocket science — it reminds me of my biggest bug bounty win, which was little more than running a traceroute and a port scan. In this case it was domain and sub domain mapping, and a port scan. The trick here was knowing to try this, and then understanding what the open ports represented. And the ClickHouse database was completely accessible, leaking all sorts of sensitive data.
AI Tarpit
Does it really grind your gears that big AI companies are training their models on your content? Is an AI crawler ignoring your robots.txt? You might need help from Nepenthes. Now before you get too excited, let’s be clear, that this is a malicious software project. It will take lots of CPU cycles, and it’s explicitly intended to waste the time of AI crawlers, while also feeding gibberish into their training models.
The project takes the form of a website that loads slowly, generates gibberish text from a Markov chain, and then generates a handful of unique links to other “pages” on the site. It forms the web equivalent of an infinite “maze of twisty little passages, all alike”.
While the project has been a success, confirmed by the amount of time various web crawlers have spent lost inside, AI companies are aware of this style of attack, and mitigations are coming.
Or is it White and Gold This is a really interesting bit of research happening on a Mastodon thread. The initial hack was a trio of QR codes, pointing to three different news sites, interleaved beneath a lenticular lens. Depending on the angle from which it was viewed, this arrangement led to a different site. That provoked [Christian Walther] to question whether the lense was necessary, or if some old-school dithering could pull off the same trick. Turns out that it sure can. One image, two URL. We’d love to see this extended to QR codes that register differently under different lighting, or other fun tricks. Head over to Elliot’s coverage for more on this one.
Both of these attacks have their own wrinkles and complexities. SLAP has only been demonstrated in Safari, and is triggered by training the address prediction on an address layout pattern that leads into memory outside the real buffer. By manipulating Safari into loading another page in the same process as the attacker page, this can be used to leak buffer data from that other page.
FLOP is much more powerful, and works in both Safari and Chrome, and is triggered by training the CPU that a given load instruction tends to return the same data each time. This can be used in Safari to pull off a type confusion speculation issue, leading to arbitrary data leakage from any memory address on the system. In Chrome the details are a bit different, but the result is still an arbitrary memory read primitive.
The worst case scenario is that a compromised site in one tab can pull data from the rest of the system. There’s an impressive demo where a compromised tab reads data from ProtonMail running in a different tab. Apple’s security team is aware of this work, and has stated that it does not consider these attacks to be immediately exploitable as real world attacks.
Bits and Bytes
WatchTowr is back with the details on another Fortigate vulnerability, and this time it’s a race condition in the jsconsole management interface, resulting in an authentication bypass, and jumping straicht to super_admin on the system.
Unicode continues causing security problems, to no great surprise. Windows has a “Best-Fit” character conversion facility, which attempts to convert Unicode characters to their nearest ASCII neighbors. That causes all sorts of problems, in the normal divergent-parser-behavior way. When a security check happens on the Unicode text, but the Best-Fit conversion happens before the text is actually used, the check is neatly bypassed by the text being Best-Fit into ASCII.
And finally, Google’s Project Zero has an in-depth treatment of COM object exploitation with IDispatch. COM objects can sometimes be accessed across security boundaries, and sometimes those remote objects can be used to execute code. This coverage dives into the details of how the IDispatch interface can be used to trigger this behavior. Nifty!
La sicurezza informatica in ambito sanitario è tornata sotto i riflettori dopo la scoperta di una backdoor nei monitor per pazienti Contec CMS8000, ampiamente utilizzati negli ospedali e nelle cliniche di tutto il mondo. La vulnerabilità, identificata dal Cybersecurity and Infrastructure Security Agency (CISA), consente l’accesso remoto non autorizzato ai dispositivi, con la possibilità di manipolare i dati dei pazienti o interrompere il loro monitoraggio.
Ancora più inquietante è il fatto che l’IP a cui questi dispositivi si connettono è situato in Cina, sollevando sospetti su possibili attacchi mirati o attività di spionaggio.
Un Accesso Nascosto ai Dispositivi Medici
La backdoor è stata individuata in due modelli del Contec CMS8000, rivelando credenziali di accesso hardcoded (incorporate nel codice) che permettono agli attaccanti di ottenere privilegi elevati sui dispositivi. Questo significa che un hacker potrebbe non solo alterare i dati sui parametri vitali dei pazienti, ma anche spegnere il monitor, creando scenari potenzialmente letali. CISA ha classificato la vulnerabilità con un punteggio CVSS critico, suggerendo un rischio elevato per le infrastrutture sanitarie.
Uno degli aspetti più controversi di questa scoperta è il fatto che i dispositivi compromessi tentano di connettersi a un indirizzo IP situato in Cina, sollevando domande sul possibile coinvolgimento di attori statali o gruppi cybercriminali affiliati. Sebbene non vi siano prove definitive che dimostrino un intento malevolo da parte del produttore Contec, la connessione a un server esterno non documentato rappresenta una violazione delle best practice di cybersecurity. I dispositivi medici non dovrebbero trasmettere dati sensibili al di fuori delle reti ospedaliere senza adeguate misure di sicurezza.
Implicazioni per la Sanità e la Sicurezza Nazionale
Questa scoperta mette in evidenza un problema più ampio: la crescente dipendenza da tecnologie di produzione straniera nel settore sanitario senza adeguati controlli di sicurezza. Se un attaccante riuscisse a sfruttare questa backdoor su larga scala, potrebbe causare il malfunzionamento di dispositivi salvavita, alterare dati medici critici o interrompere le operazioni ospedaliere. Le infrastrutture sanitarie sono obiettivi altamente sensibili per attacchi informatici, con impatti diretti sulla vita dei pazienti.
CISA ha rilasciato delle linee guida di mitigazione, consigliando alle strutture sanitarie di:
Isolare i dispositivi vulnerabili su reti separate per impedire l’accesso non autorizzato.
Aggiornare il firmware (se e quando il produttore rilascerà una patch).
Monitorare il traffico di rete per identificare connessioni sospette verso IP esterni.
Sostituire i dispositivi a rischio, se le misure di sicurezza non possono essere garantite.
Il Terrore della Backdoor e il Suo Utilizzo nei Dispositivi
Le backdoor con credenziali hardcoded sono state spesso rilevate nei dispositivi, introdotte dai fornitori stessi per consentire interventi di manutenzione su richiesta specifica. In particolare, quando il firmware non è offuscato, queste credenziali possono essere facilmente individuate e isolate, il che le rende un metodo pratico, seppur datato, per la gestione remota di determinati prodotti.
Il mondo della cybersecurity è ossessionato dalla minaccia delle backdoor, ma è importante distinguere tra una backdoor utilizzata per scopi di assistenza tecnica e una progettata per attività ostili. Se implementata correttamente, una backdoor introdotta per fini ostili e realmente malevola è estremamente difficile da rilevare e sfugge anche alle analisi più approfondite.
Tuttavia, nel contesto geopolitico attuale, ogni scoperta di una backdoor diventa immediatamente strumento di propaganda. Gli attori globali sfruttano queste vulnerabilità per costruire una narrazione che demonizza il “nemico” di turno, presentando ogni falla come una prova di intenti malevoli. Questo tipo di storytelling è particolarmente efficace per manipolare l’opinione pubblica, soprattutto nei paesi che non hanno ancora preso una posizione netta nello scacchiere internazionale.
L’obiettivo è chiaro: influenzare governi e opinioni pubbliche, spingendoli a diffidare di determinate nazioni e favorendo così la diffusione di tecnologie sviluppate da attori “alleati”. Questo approccio crea un clima di sospetto costante, in cui ogni nuova scoperta viene utilizzata come arma per rafforzare posizioni politiche ed economiche.
Il dibattito sulle backdoor è spinoso. Dunque, è spesso più politico che tecnico. La presenza di credenziali hardcoded in un dispositivo non implica necessariamente un’intenzione ostile, ma diventa un’arma retorica potente in mano ai vari attori globali. In un mondo sempre più dipendente dalla tecnologia, la narrativa sulla cybersecurity è ormai un elemento chiave nelle strategie di influenza internazionale.
If you compare a modern PCB with a typical 1980s PCB, you might notice — like [lcamtuf] did — that newer boards tend to have large areas of copper known as pours instead of empty space between traces. If you’ve ever wondered why this is, [lcamtuf] explains.
The answer isn’t as simple as you might think. In some cases, it is just because the designer is either copying the style of a different board or the design software makes it easy to do. However, the reason it caught on in the first place is a combination of high-speed circuitry and FCC RF emissions standards. But why do pours help with unintentional emissions and high-speed signals?
The answer lies in the inductance the pours add to the boards. Of course, there’s no free lunch. Adding inductance in this way also increases capacitance, which can be a bad thing.
The truth is, most of the boards we deal with would be fine with or without the pours. That’s a good thing, too, because the post illustrates how some common things can significantly reduce the effectiveness of the copper pours.
When we don’t send our boards out, we are usually more interested in removing copper. You also have to be careful when you want your PCB to radiate.
Windows group policies are a powerful management tool that allows administrators to define and control user and computer settings within a domain environment in a centralized manner. While group policies offer functionality and utility, they are unfortunately a prime target for attackers. In particular, attackers are increasingly using group policies to distribute malware, execute hidden scripts and deploy ransomware.
These attacks can range from simple configuration changes that could result in data breaches to more complex scenarios where attackers gain complete control over the corporate network. To ensure the security of your IT infrastructure, it is crucial to understand the vulnerabilities in group policies and the tactics used by attackers. This story examines how cybercriminals exploit group policies as an attack vector, what risks attacks like these pose, and what measures can be taken to protect against potential threats.
Group Policy Object
A Group Policy Object (GPO) includes two key components: a Group Policy Container (GPC) and a Group Policy Template (GPT). A GPC is an Active Directory container that holds information about the GPO version, its status and so on.
Example of Group Policy Container contents
A GPT is a collection of files and folders kept on the SYSVOL system volume of every domain controller within a domain. These files hold a variety of settings, scripts and presets for users and workstations.
Group Policy Templates on SYSVOL
The path to each template is specified in the attribute of the group policy container named gPCFileSysPath.
Contents of the gPCFileSysPath attribute
Next, gPCMachineExtensionNames and gPCUserExtensionNames are important attributes in each policy. Each of these attributes contains a GUID for Client Side Extensions (CSE) that will be distributed to user and/or computer settings. Extensions themselves are most often implemented using libraries that contain a set of functions necessary for applying extension settings to users or computers. So, the GUID provides information about which exact library needs to be loaded. A list of all CSE GUIDs can be found in the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\
Contents of one of the GUIDs in GPExtensions
To determine which policies a client will apply, it makes an LDAP query to the domain controller, which returns a set of policies for a specific user and/or computer. This set is called SOM (Scope of Management). A key attribute of a SOM is gpLink, which connects organizational units (OUs) to the GPOs that apply to them.
Policy application process
How attackers exploit group policies
In this story, we will not delve into the specifics of how attackers gain access to Group Policies. We will only note that to modify policies, attackers need only have WriteProperty permissions on the gPCFileSysPath attribute within the GPO. This has been described in more detail in SpecterOps’ study, An ACE Up The Sleeve: Designing Active Directory DACL Backdoors. Let’s focus on examples of how attackers specifically use these very policies for their own purposes.
The most common policy abuse tactic used by malicious actors is to deploy ransomware across multiple hosts. Our Global Emergency Response Team (GERT) regularly encounters its consequences in their work. However, group policies can also be used to covertly gain a foothold in a domain, where attackers can do virtually anything they want:
Create new local users/administrators;
Create malicious scheduler tasks;
Create various services;
Run tasks on behalf of the system and/or user;
Change the registry configuration and much more.
Modifying the gPCMachineExtensionNames and gPCUserExtensionNames attributes
There are several tools designed to compromise GPOs. While they are all functionally similar, we will focus on the most popular one (after the built-in Windows MMC tool) SharpGPOAbuse. This utility provides a step-by-step guide to modifying Group Policy Objects (GPOs), making it convenient for analyzing the specific changes involved. As an example, let’s create a user-defined scheduler task that will run under the account labdomain.local\admin.
Adding a scheduled task to launch cmd.exe on behalf of a specific user
As seen in the screenshot above, during GPO modification, a new task is first added to the GPT on SYSVOL as an XML file. After that, the versionNumber attribute is changed, and the version number in the GPT.ini file is increased. This is necessary so that when checking for GPO updates, the client can detect that there is a newer version than the one in the cache and download the modified policy. Such changes can be tracked using event 5136, which is generated whenever an AD object is modified.
Event 5136, which reflects a change in GPO attributes
As we were creating a custom policy, we modified the gPCUserExtensionNames attribute, which now includes the following CSE GUID values:
After the policy is applied, a scheduled task will start:
Scheduled task start events
Each function within the SharpGPOAbuse tool (such as creating scheduled tasks, adding users, granting privileges and so on) has a unique set of CSEs that will be recorded in the user or computer attributes.
CSE toolkit for adding a local administrator, new privileges and an autostart script in the SharpGPOAbuse code
These CSEs can serve as the basis for developing rules for detecting similar policies: title: Adding new privilege via GPO description: Detects events of adding specific attributes for gPCMachineExtensionNames tags: - attack.privilege_escalation - attack.defense_evasion - attack.t1484 - attack.t1484.001 logsource: product: windows service: security detection: selectionEvent: EventID: 5136 OperationType: 'Value Added' AttributeLDAPDisplayName: 'gPCMachineExtensionNames' selectionAttribute: AttributeValue|all: - '{827D319E-6EAC-11D2-A4EA-00C04F79F83A}' - '{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}' condition: selectionEvent and selectionAttribute falsepositives: - Legitimate execution by system administrators. level: medium
Detecting the addition of new privileges through GPOs title: Adding startup/logon script via GPO description: Detects events of adding specific attributes for gPCMachineExtensionNames or gPCUserExtensionNames tags: - attack.privilege_escalation - attack.defense_evasion - attack.persistence - attack.t1484 - attack.t1484.001 - attack.t1547 logsource: product: windows service: security detection: selectionEvent: EventID: 5136 OperationType: 'Value Added' AttributeLDAPDisplayName: - 'gPCMachineExtensionNames' - 'gPCUserExtensionNames' selectionAttribute: AttributeValue|all: - '{42B5FAAE-6536-11D2-AE5A-0000F87571E3}' - '{40B6664F-4972-11D1-A7CA-0000F87571E3}' condition: selectionEvent and selectionAttribute falsepositives: - Legitimate activity by system administrators. level: medium Detecting the addition of new autorun scripts through GPOs title: Adding sheduled task via gpo description: Detects events of adding specific attributes for gPCMachineExtensionNames or gPCUserExtensionNames tags: - attack.privilege_escalation - attack.defense_evasion - attack.persistence - attack.t1484 - attack.t1484.001 - attack.t1053 - attack.t1053.005 logsource: product: windows service: security detection: selectionEvent: EventID: 5136 OperationType: 'Value Added' AttributeLDAPDisplayName: - 'gPCMachineExtensionNames' - 'gPCUserExtensionNames' selectionAttribute: AttributeValue|all: - '{AADCED64-746C-4633-A97C-D61349046527}' - '{CAB54552-DEEA-4691-817E-ED4A4D1AFC72}' condition: selectionEvent and selectionAttribute falsepositives: - Legitimate activity by system administrators. level: medium Detecting the addition of a new scheduler task using GPOs
Modifying the gPCFileSysPath attribute
In some scenarios, the adversary can modify the GPC but cannot access the directory where the GPTs are located. This is because different methods are used to manage different GPO entities: A GPC is stored in the LDAP directories of Active Directory, while a GPT is stored in a system folder on the domain controller: SYSVOL. Consequently, a user may have permissions to modify the GPC LDAP container, but not have permissions to modify or add files in SYSVOL. In this case, when attempting to modify the policy, the user will see the following error:
Permissions mismatch between LDAP and SMB
An attacker without SYSVOL access can modify the GPC attribute gPCFileSysPath, specifying a path to a network resource they control. As a result, all clients subject to the policy will retrieve templates from this resource. Let’s consider this scenario using the example of a GPOddity attack. The tool spins up its own SMB server, where it creates malicious policies, then changes the path to the GPT, and after applying the modified policies, restores them to their original state from its backup.
Example of using GPOddity
The technique of modifying the gPCFileSysPath attribute was highlighted back in 2020 in a blog post by researcher Mark Gamache, who was working at Microsoft at the time. However, the company believes that the ability to store GPTs outside of the SYSVOL system folder is a feature rather than a bug. At the same time, Microsoft does not recommend storing GPTs on third-party resources, as this can break certain Windows mechanisms.
The possibility of storing policy data on third-party resources as mentioned in Microsoft documentation
To detect this technique, we can once again utilize event 5136, where we will monitor the modification of the attribute we are interested in.
Example of changing the gPCFileSysPath attribute in the Windows event log
It’s possible to automatically detect an event 5136, related to changes in gPCFileSysPath, in logs by using the following rule: title: Setting the gPCFileSysPath attribute description: Detects changing the gPCFileSysPath attribute. tags: - attack.privilege_escalation - attack.defence_evasion - attack.t1484 - attack.t1484.001 logsource: product: windows service: security detection: selection: EventID: 5136 AttributeLDAPDisplayName: 'gPCFileSysPath' OperationType: 'Value Added' filter: AttributeValue|re: '(?i)\\\\(?<domain>[\w.-]+)\\sysvol\\\k<domain>\\' condition: selection and not filter falsepositives: - Unlikely level: high To eliminate the risk of false positives, we added to exceptions events that are generated when creating a new GPO where the attribute specifies the normal path to the GPT: \\<domain>\SysVol\<domain>\Policies\<GPO GUID>
Changing the gPCFileSysPath attribute when creating a new GPO
How we search for “bad” policies in Compromise Assessment projects
One of the items on the checklist for each of our Compromise Assessment projects is searching for compromise via group policies, as attackers often rely on this method both to distribute malicious software, scripts, vulnerable settings and so on, and to secretly gain a foothold in the domain. We use the Group3r tool to analyze a large volume of policies. It helps us quickly find all policies and run them through our detection rules to identify suspicious ones, as well as find various vulnerabilities that an attacker could exploit.
Example of a suspicious policy
Example of a vulnerable policy
Since Group3r only searches for policies located on the SYSVOL domain volume, it is important to determine which of them have the gPCFileSysPath attribute changed. To do this, you can use the following script: $GPOs = Get-GPO -All $domain = (Get-ADDomain).DNSRoot $correctPathPattern = "\\$domain\SysVol\$domain\Policies\" $correctPathPatternLower = $correctPathPattern.ToLower() $incorrectGPOs = @() foreach ($gpo in $GPOs) { $ldapPath = "LDAP://" + $gpo.Path [ADSI]$GPC = $ldapPath $gpcFileSysPath = $GPC.Properties["gPCFileSysPath"].Value $gpcFileSysPathLower = $gpcFileSysPath.ToLower() if (-not $gpcFileSysPathLower.StartsWith($correctPathPatternLower)) { $result = [PSCustomObject]@{ GPOName = $gpo.DisplayName GPOId = $gpo.Id GPFileSysPath = $gpcFileSysPath } $incorrectGPOs += $result } } if ($incorrectGPOs.Count -gt 0) { $incorrectGPOs | Format-Table -AutoSize } else { Write-Host "gPCFileSysPath is correct" }
Example of the script’s operation
In addition to Group3r, SharpHound is an excellent tool for finding various GPO configuration errors. It allows you to find potential GPO attack vectors.
An example of a misconfiguration that grants write permissions for policies to users who do not need them
How we monitor group policies in MDR
Organizations often fail to log many events on hosts. To ensure security and proactive monitoring of group policies in our MDR service, we have developed several improvements to our telemetry. Firstly, since Windows advanced auditing is disabled on some hosts, we try to use ETW providers (Event Tracing for Windows) wherever possible to replace the events needed to understand what happened in the system. Where ETW alone is not enough, we improve our technology and expand telemetry coverage. For instance, to detach from event 5136, monitoring of which requires configuring Directory Service Changes audit, our SOC R&D team developed the GCNet tool based on Microsoft’s PoC for monitoring directory service changes. The tool connects to the LDAP database where we specify a search for a particular distinguishedName attribute value (in our case, CN=Policies) and subscribe to any changes to it. If we receive a notification about a policy change, we request detailed information about the corresponding GPO, including GPC and GPT data.
Example of an event with GPO output
Detected events are run through our detection rules, allowing us to identify various malicious policies. One of the important attributes of a policy is GPLink options and policy flags. Policies flagged as Enforced take precedence over other policies and will be applied before them, and they cannot be overwritten by another policy. Additionally, GPOs have several flags that, when known, can help us determine whether a policy is enabled or not. The combination of all attributes provides us with additional information about how much time we have to respond to an incident before the next group policy is applied, and where and how it is applied, significantly broadening the investigation scope. By default, policies are updated every 90 minutes +/– 30 minutes on client machines and every 5 minutes on the domain controller.
Conclusion
Group policies (GPOs) are a versatile tool that, in the hands of malicious actors, can pose a serious threat to a corporate network. Their compromise allows attackers to perform covert actions, modify configurations and spread malware to multiple hosts simultaneously. For this reason, group policies must be closely monitored and constantly secured. Tracking changes in group policies and responding to detected threats is part of our Managed Detection and Response (MDR) service.
L’era della tecnologia continua a cambiare il processo educativo nelle scuole, ponendo gli insegnanti di fronte a nuove sfide. Mentre in passato agli studenti era vietato l’uso di calcolatrici ed enciclopedie su CD-ROM, oggi esplorano attivamente strumenti di intelligenza artificiale come ChatGPT. Secondo un nuovo studio del Pew Research Center, la percentuale di adolescenti che utilizzano ChatGPT per completare i compiti scolastici è aumentata dal 13% al 26% in un anno.
I giovani sono ansiosi di alleggerire la routine scolastica, ma i dati mostrano che l’approccio all’uso dell’intelligenza artificiale è piuttosto selettivo. Ad esempio, il 54% degli adolescenti ritiene accettabile utilizzare ChatGPT per apprendere nuovi argomenti. Ma questa cifra scende drasticamente quando si tratta di risolvere problemi di matematica (29%) o scrivere saggi (18%).
ChatGPT non è l’unico strumento a disposizione degli studenti. Uno studio del Digital Education Council pubblicato ad agosto afferma che il livello globale di adozione dell’intelligenza artificiale tra gli studenti raggiunge l’86%. Oltre a ChatGPT, tra gli adolescenti stanno diventando popolari piattaforme come Gemini, Claude e Microsoft Copilot. Alcune scuole stanno già sperimentando l’integrazione dell’intelligenza artificiale nell’insegnamento. Ad esempio, l’Arizona State University (ASU) sta collaborando con OpenAI e il David Game College con sede a Londra ha lanciato un corso tenuto in parte da AI come parte del suo programma Sabrewing.
Gli scienziati temono che gli studenti possano diventare eccessivamente dipendenti dalla tecnologia, il che ostacolerà lo sviluppo del pensiero critico. D’altra parte, l’intelligenza artificiale può essere un potente strumento per personalizzare l’esperienza di apprendimento se utilizzata con saggezza.
È quasi impossibile limitare completamente l’uso dell’intelligenza artificiale nelle scuole, ma sviluppare un approccio equilibrato può essere una soluzione efficace.
In mezzo agli scatoloni, ma non si può chiuder il mese senza parlare dei babau che all'improvviso sono arrivati a disturbare i sonni dei vincitori... Oggi parliamo del Babau In Chief, Trump.
In mezzo agli scatoloni, ma non si può chiuder il mese senza parlare dei babau che all'improvviso sono arrivati a disturbare i sonni dei vincitori... Oggi parliamo del Babau In Chief, Trump.
For those times when you could really use a quick 3D model, this metric screw generator will do the trick for screws between M2 and M16 with matching nuts and washers. Fastener hardware is pretty accessible, but one never knows when a 3D printed piece will hit the spot. One might even be surprised what can be usefully printed on a decent 3D printer at something like 0.08 mm layer height.
Behind the scenes, [Jason]’s tool is an OpenSCAD script with a very slick web-based interface that allows easy customization of just about any element one might need to adjust, including fine-tuning the thread sizing. We’re fans of OpenSCAD here and appreciate what’s going on behind the scenes, but one doesn’t need to know anything about it to use the online tool.
Generated models can be downloaded as .3mf or .stl, but if you really need a CAD model you’re probably best off looking up a part and downloading the matching 3D model from a supplier like McMaster-Carr.
Prefer to just use the OpenSCAD script yourself, instead of the web interface? Select “Download STL/CAD Files” from the dropdown of the project page to download ScrewGenerator.scad for local use, and you’re off to the races.
Gli esperti di sicurezza informatica hanno scoperto un nuovo exploit che sfrutta il protocollo RDP (Remote Desktop Protocol). Questa vulnerabilità consente agli aggressori di ottenere un controllo non autorizzato sui sistemi Windows e di dirottare l’attività del browser, rappresentando una minaccia significativa per la sicurezza dei dati individuali e aziendali.
L’exploit nasce dalla gestione e dall’archiviazione improprie dei file di cache bitmap RDP, progettati per migliorare le prestazioni durante le sessioni desktop remote. Questi file memorizzano frammenti di attività sullo schermo, come elementi grafici e dati dello schermo, sul computer locale del client.
Sebbene pensata per l’ottimizzazione delle prestazioni, questa funzionalità è stata ora sfruttata da malintenzionati per ottenere informazioni sulle sessioni attive di Windows e sulle attività di navigazione web.
Analizzando i file di cache bitmap memorizzati sulla macchina che ha avviato l’attacco, gli aggressori possono ricostruire parti della schermata della sessione remota. La memorizzazione nella cache persistente dei bitmap è abilitata per impostazione predefinita in mstsc.exe (credit insinuator) La memorizzazione nella cache persistente delle immagini bitmap è abilitata per impostazione predefinita in mstsc.exe Ciò include la registrazione di applicazioni aperte, comandi eseguiti, sessioni private del browser e attività sensibili dell’utente, come l’accesso alle pagine di login o il download di file.
Con strumenti aggiuntivi, come BMC-Tools (sviluppato dall’agenzia francese per la sicurezza informatica ANSSI) e RdpCacheStitcher, gli aggressori possono ricomporre i frammenti grafici e ricavarne informazioni fruibili. I ricercatori che hanno esplorato questo exploit lo hanno paragonato a un “guardare virtualmente alle spalle” dell’utente bersaglio. In un esempio reale, gli aggressori hanno ricostruito con successo i frame di sessione RDP per visualizzare:
Comandi del terminale eseguiti dall’utente, come certutil.exe, utilizzati per scaricare script dannosi.
Sessioni private del browser, comprese pagine di accesso e credenziali sensibili.
Attività del file system, come la copia di file come “svchost.exe” nelle directory locali.
Questo livello di informazioni non solo compromette la privacy degli utenti, ma fornisce anche agli aggressori informazioni dettagliate per aumentare i propri privilegi e rafforzare la propria posizione nelle reti compromesse.
Come funziona l’Exploit
L’exploit è particolarmente pericoloso per le organizzazioni. Gli amministratori che utilizzano RDP per gestire più macchine creano un’ampia rete di connessioni sensibili, tutte vulnerabili se un aggressore ottiene l’accesso alla macchina che le ha avviate. Frame di sessione RDP parzialmente ricostruito in RdpCacheStitcher (credit insinuator) In un caso, gli aggressori hanno utilizzato questo exploit per colpire i fornitori di servizi che gestivano da remoto i sistemi dei clienti, diffondendo malware ed esfiltrando credenziali sensibili. Sebbene anche gli utenti comuni siano a rischio, l’impatto maggiore si riscontra negli ambienti aziendali in cui RDP è essenziale per le operazioni IT.
I malintenzionati possono utilizzare i dati ricostruiti per condurre attacchi di phishing, diffondere ransomware o semplicemente monitorare attività sensibili senza renderle tracciabili. Per mitigare i rischi posti da questo exploit, gli esperti di sicurezza informatica raccomandano le seguenti misure:
Disattiva la memorizzazione nella cache persistente dei bitmap: i client RDP (come mstsc.exe) consentono agli utenti di disattivare la memorizzazione nella cache delle immagini bitmap, riducendo al minimo l’esposizione dei dati della sessione.
Rafforzare la sicurezza della rete: utilizzare reti private virtuali (VPN) e firewall robusti per proteggere le connessioni RDP da minacce esterne.
Monitoraggio delle sessioni RDP: registrare e monitorare le sessioni RDP per rilevare attività sospette, tra cui connessioni in uscita o spostamenti di file imprevisti.
Limita i privilegi: implementa il principio del privilegio minimo per limitare l’utilizzo non necessario di RDP.
Applica aggiornamenti: aggiorna regolarmente i sistemi Windows e le patch di sicurezza per impedire lo sfruttamento delle vulnerabilità note.
Poiché le organizzazioni si stanno sempre più orientando verso modelli di lavoro da remoto e ibridi, la protezione delle connessioni RDP deve rimanere una priorità assoluta. Gli esperti avvertono che la mancata risoluzione tempestiva di queste vulnerabilità potrebbe esacerbare i danni derivanti da futuri attacchi informatici.
