The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

A Really Low Level Guide To Doing Ethernet on an FPGA
poliverso.org/display/0477a01e…
A Really Low Level Guide To Doing Ethernet on an FPGA With so much of our day-to-day networking done wirelessly these days, it can be easy to forget about Ethernet. But it’s a useful standard and can be a great way to add a reliable high-throughput network link to your projects. To that end, [Robert Feranec] and [Stacy Rieck] whipped up a tutorial on how to work with Ethernet


A Really Low Level Guide To Doing Ethernet on an FPGA

With so much of our day-to-day networking done wirelessly these days, it can be easy to forget about Ethernet. But it’s a useful standard and can be a great way to add a reliable high-throughput network link to your projects. To that end, [Robert Feranec] and [Stacy Rieck] whipped up a tutorial on how to work with Ethernet on FPGAs.

As [Robert] explains, “many people would like to transfer data from FPGA boards to somewhere else.” That basically sums up why you might be interested in doing this. The duo spend over an hour stepping through doing Ethernet at a very low level, without using pre-existing IP blocks to make it easier. The video explains the basic architecture right down to the physical pins on the device and what they do, all the way up to the logic blocks inside the device that do all the protocol work.

If you just want to get data off an embedded project, you can always pull in some existing libraries to do the job. But if you want to really understand Ethernet, this is a great place to start. There’s no better way to learn than doing it yourself. Files are on GitHub for the curious.

youtube.com/embed/78tkdc6Lq_8?…


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

Laser Cutters: Where’s the Point?
poliverso.org/display/0477a01e…
Laser Cutters: Where’s the Point? It is funny how when you first start doing something, you have so many misconceptions that you have to discard. When you look back on it, it always seems like you should have known better. That was the case when I first got a low-end laser cutter. When you want to cut or engrave something, it has to be in just the right spot. It is like hanging a picture. You can


Laser Cutters: Where’s the Point?

It is funny how when you first start doing something, you have so many misconceptions that you have to discard. When you look back on it, it always seems like you should have known better. That was the case when I first got a low-end laser cutter. When you want to cut or engrave something, it has to be in just the right spot. It is like hanging a picture. You can get really close, but if it is off just a little bit, people will notice.

The big commercial units I’ve been around all had cameras that were in a fixed position and were calibrated. So the software didn’t show you a representation of the bed. It showed you the bed. The real bed plus whatever was on it. Getting things lined up was simply a matter of dragging everything around until it looked right on the screen.

Today, some cheap laser cutters have cameras, and you can probably add one to those that don’t. But you still don’t need it. My Ourtur Laser Master 3 has nothing fancy, and while I didn’t always tackle it the best way, my current method works well enough. In addition, I recently got a chance to try an XTool S1. It isn’t that cheap, but it doesn’t have a camera. Interestingly, though, there are two different ways of laying things out that also work. However, you can still do it the old-fashioned way, too.

Humble Beginnings


I started out with a Laser Master 2, but it really had no comfort features. You had to focus the laser by observing the beam, and there was nothing to help you with positioning. I thought I would be clever and have the laser cut a grid into a spoil board so I could lay things out. That didn’t work well at all.

There are a few reasons a grid like that isn’t as useful as you’d think. First, if you do want to try it, the board needs to be totally secure with respect to the laser cutter’s frame. Otherwise, if the board or laser moves, you are now off. Even just a little tilt or slide will show up in the finished product. But the big problem is the workpiece has to be totally square with the frame, or things will be crooked.

A Better Plan


It didn’t take many ruined pieces to realize I needed a better way. The answer turned out to be wrapping paper. A trip to the dollar store will give you plenty of wrapping paper, and it can be ugly — you don’t care what it looks like since you’ll use the back.
Leather notebooks engrave well if you can keep them straight and centered
Suppose I’m going to engrave a notebook with a logo and name. I’ll have some outline representing the book. The steps are simple:

1) Put down the wrapping paper and tape it to the cutter’s bed.

2) Turn off everything and then turn on just the outline vector.

3) Focus on the paper and do the engrave.

Now, you have a perfect book-shaped rectangle on the paper. If the bed is tilted, it doesn’t matter because so is the rectangle.

4) Place the book inside the outline on the paper.

5) Refocus the laser.

6) Turn off the outline layer and turn on the other layers.

7) Burn!

The Laser Master 3 added a nice feature, which was a little hinged stick that flops out of the laser and lets you easily set the focus. I’d been doing that before with a little homemade cube, but it was nice to have it all set up.

No Camera, No Problem


The S1 is a fairly high-end machine for a diode laser, so I was a little surprised it didn’t have a camera. However, what it does have is closed-loop motor control. What that means is that if you move the laser head with your hands, the machine still knows where it is. There’s also a little laser pointer cross that shows you where the laser head is — sort of. There is an offset between the actual beam and the cross, but if you use their software, they know that. If you use Lightburn, you have to set that yourself.

So if you have a book you want to engrave on the bed, you tell the software to “mark.” It lets you pick a few shapes, but usually, you want a rectangle. You line up the laser cross with the top corner of the book (or whatever) and press the button on the machine. You hear a loud beep. Then, you move to the far bottom corner and press the button again. That’s it.

Now, the software will place a little box that shows exactly where the book is. This doesn’t help you correct for small skew problems, but it does let you accurately move things to the right location.

The machine also has an interesting way of dealing with autofocus. It has a metal pin that drops from the laser head sort of like a BL Touch on a 3D printer. When it hits something, it knows how far away the surface is. Then, it moves to a corner where a metal plate pushes the pin back up. You need to make sure the head is over something before you tell it to measure. If you have a honeycomb bed, the laser head will bottom out before the pin, and you’ll hear some ugly noises.

But A Picture is Worth…


If you can’t stand not having an image of your workspace, the S1 can do it, but honestly, it is a pain. The printer comes with little sticky target decals, and you can make more if you need them. Three of them look like little bullseyes, and one is just a small dot. You place them somewhere on the bed where the laser can reach.
A phone camera image of the bed with a purple vector overlaid
After you install the phone app, you can connect to the printer and calibrate the dots. You do this just like the marking routine. You aim at each target and press the button. Now, the software knows exactly where each bullseye is.

The next step is to take a picture of the bed with your phone. Since the software knows the bullseyes are circles and where they are, it can reconstruct a proper view of your bed. Moving it to your computer is a pain the first time since you have to scan a QR code on the computer to make a connection. After that, though, it just sends it. The problem, of course, is the shot isn’t live. You have to fix up the bed the way you want, shoot the picture, and then don’t change anything after that.

One tip: don’t cut anything on top of the bullseyes. They will blacken up and then you’ll need some extras. Not that we’ve done that, of course!

The Answer


It seems odd that cameras haven’t taken over everything. They work well, and a live view is handy. However, if you don’t have a camera, there are clear alternatives. For as much as the Xtool system is clever, it still doesn’t help you with crooked alignment. It is, however, better than the wrapping paper method for things where you don’t know the size already.

If you do know the size of the workpiece, though, it really isn’t that handy. Sure, you don’t have to tape down paper and score it with a framing cut, but that’s a small price to pay for the benefit you get. If we were building our own cutter, we’d seriously consider adding a probe, though.

How do you get engraving to go where you want it? Do you have another method? Let us know in the comments. If you haven’t splurged on a laser yet, you might enjoy a tutorial.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

Ready for @FrOSCon? We cannot wait to see you there!

Remember that we will be present with a booth, several talks and a reading of Ada & Zangemann!

fsfe.org/events/index.en.html#…

#FreeSofware #SoftwareFreedom

The Privacy Post reshared this.

in reply to Free Software Foundation Europe

the talk "It is not just about money" reminds me the interview to the leader of Blender, Ton Roosendaal: youtu.be/qJEWOTZnFeg
The point of view differs but the focus, freedom above money, is the same.
Questa voce è stata modificata (1 anno fa)
The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

EastWind campaign: new CloudSorcerer attacks on government organizations in Russia
poliverso.org/display/0477a01e…
EastWind campaign: new CloudSorcerer attacks on government organizations in Russia In late July 2024, we detected a series of ongoing targeted cyberattacks on dozens of computers at Russian government organizations and IT companies. The threat actors infected devices using phishing emails with malicious shortcut attachments. These shortcuts were


EastWind campaign: new CloudSorcerer attacks on government organizations in Russia

In late July 2024, we detected a series of ongoing targeted cyberattacks on dozens of computers at Russian government organizations and IT companies. The threat actors infected devices using phishing emails with malicious shortcut attachments. These shortcuts were used to deliver malware that received commands via the Dropbox cloud service. Attackers used this malware to download additional payloads onto infected computers, in particular tools used by the APT31 group and an updated CloudSorcerer backdoor. We dubbed this campaign EastWind.

Below are the most interesting facts about the implants used in this campaign:

  • The malware downloaded by the attackers from Dropbox has been used by APT31 since at least 2021. We named it GrewApacha.
  • The attackers updated the The CloudSorcerer backdoor (described by us in early July 2024) ) after we published our blogpost. It currently uses LiveJournal (a social network popular in Russia) and Quora profiles as initial C2 servers.
  • The attacks additionally deploy a previously unknown implant with a classic backdoor functionality, which we dubbed PlugY. It is loaded via the CloudSorcerer backdoor, and its command set is quite extensive. It supports three different protocols for communicating with C2, and what’s more, its code resembles that of the DRBControl backdoor (aka Clambling), which several companies attribute to the APT27 group.


Technical information


As mentioned above, the attackers used spear phishing to gain an initial foothold into the organizations. They sent malicious emails with attached RAR archives to target organizational email addresses. These archives had the following names:

  • инициативная группа из Черниговского района Приморского края.rar (translates as advocacy group from Chernigov district of Primorsky Krai.rar)
  • вх.rar

They contained the following files:

  • .con folder, which contained:
    • 1.docx, a legitimate decoy document
    • desktop.exe, a legitimate file
    • VERSION.dll, a malicious file


  • A malicious shortcut with a name similar to that of the archive.

When clicked on, the shortcut executed the following command:
C:\Windows\System32\cmd.exe /c .con\1.docx & echo F | move .con\doc %public%\Downloads\desktop.exe & move .con\docs %public%\Downloads\VERSION.dll & start /b %public%\Downloads\desktop.exe && exit
This command opens the document contained in the archive, copies the files desktop.exe and VERSION.dll to the C:\Users\Public\Downloads folder, and then launches the desktop.exe file.

Note the use of a similar infection method in an attack on a US organization that involved use of the CloudSorcerer backdoor, reported by Proofpoint in July 2024:


Contents of the malicious archive used in the attack on a US organization

VERSION.dll – a backdoor that uses Dropbox


The attackers use classic DLL sideloading to load the malicious library VERSION.dll into the desktop.exe process:

MD51f5c0e926e548de43e0039858de533fc
SHA1426bbf43f783292743c9965a7631329d77a51b61
SHA256668f61df2958f30c6a0f1356463e14069b3435fb4e8417a948b6738f5f340dd9
File size9.82 MB

This library is a backdoor packed using the VMProtect tool. When started, it attempts to contact Dropbox using a hardcoded authentication token. Once connected to the Dropbox cloud, the backdoor reads commands to be executed from the file <computer name>/a.psd contained in the storage. The backdoor supports a total of five commands, named as follows:

  • DIR
  • EXEC
  • SLEEP
  • UPLOAD
  • DOWNLOAD

The results of running these commands are uploaded to the file <computer name>/b.psd that is stored in the cloud..

GrewApacha: a RAT used by APT31 since 2021


The threat actors used the above backdoor to collect information about infected computers and install additional malware on them. On one of these computers, we observed the download of the following files to the directory C:\ProgramData\USOShared\Logs\User:

  • msedgeupdate.exe, a legitimate executable file signed by Microsoft
  • msedgeupdate.dll, a malicious library
  • wd, a file with an encrypted payload

When the attackers launched msedgeupdate.exe, the malicious library msedgeupdate.dll was loaded into its process by means of DLL sideloading:

MD5f6245f64eaad550fd292cfb1e23f0867
SHA1fccdc059f92f3e08325208f91d4e6c08ae646a78
SHA256e2f87428a855ebc0cda614c6b97e5e0d65d9ddcd3708fd869c073943ecdde1c0
File size9 MB

While this set of three files resembles the “sideloading triad” that is typical of attacks involving PlugXanalysis of these files revealed that the malware inside them is a RAT of the APT31 group, already described in 2021 and 2023. We dubbed this RAT ‘GrewApacha’.

The behavior of the loader (msedgeupdate.dll) hasn’t changed since the 2023 post was published. As before, it decrypts the payload stored on the drive using the XOR key 13 18 4F 29 0F, and loads it into the dllhost.exe process.

While the GrewApacha loader has not changed since last year, there have been minor differences introduced to the RAT itself. Specifically, the new version now uses two C2 servers instead of one. Through network communications, the cybercriminals first retrieve a webpage with a profile bio on GitHub. This profile contains a string encoded with the Base64 algorithm:


Profile of a user created by the attackers on GitHub

The malware first decodes the string extracted from the GitHub profile, then decrypts it using a single-byte XOR algorithm with the key 0x09, thereby obtaining the address of the main C2 server (for the screenshot above – update.studiokaspersky[.]com).

New version of the CloudSorcerer backdoor


Besides launching the GrewApacha Trojan described above, we found that the attackers also downloaded the CloudSorcerer backdoor onto infected computers. To do that, they downloaded and launched a tool named GetKey.exe that is packed with the VMProtect obfuscator.

MD5bed245d61b4928f6d6533900484cafc5
SHA1e1cf6334610e0afc01e5de689e33190d0c17ccd4
SHA2565071022aaa19d243c9d659e78ff149fe0398cf7d9319fd33f718d8e46658e41c
File size51 KB

The utility receives a four-byte number (the value of the GetTickCount() function at runtime), encrypts it using the CryptProtectData function, and then outputs the number with its ciphertext. The screenshot below shows the code of the tool’s main function:

The attackers used the tool output on their side as a unique key to encrypt the payload file. By handling the encryption with the CryptProtect function, the attackers made it possible to decrypt the payload only on the infected machine.

After running the tool, the attackers downloaded the following files to the infected machine:

  • The renamed legitimate application dbgsrv.exe (example name: WinDRMs.exe), signed by Microsoft
  • The malicious library dll
  • A file with the .ini extension, containing the encrypted payload. The name of this file varied across infected machines.

As in the above case of GrewApacha, this set resembles the “sideloading triad” used in attacks involving PlugX.

IIn most cases, the attackers uploaded files inside a subdirectory of C:\ProgramData, such as C:\ProgramData\Microsoft\DRM. Afterwards, they used the task scheduler to configure the renamed dbgsrv.exe application to launch at OS startup. This involved the schtasks utility (usage example:
schtasks /create /RL HIGHEST /F /tn \Microsoft\Windows\DRM\DRMserver /tr "C:\ProgramData\Microsoft\DRM\WinDRMs.exe -t run" /sc onstart /RU SYSTEM").
Upon startup of the renamed application, the malicious dbgeng.dll library is loaded into its process, again using DLL sideloading.

MD5d0f7745c80baf342cd218cf4f592ea00
SHA1c0e4dbaffd0b81b5688ae8e58922cdaa97c8de25
SHA256bd747692ab5db013cd4c4cb8ea9cafa7577c95bf41aa2629a7fea875f6dcbc41
File size1.11 MB

This library was programmed to read the previously mentioned .ini file, which contains:

  • The ciphertext of a four-byte number generated and encrypted by the GetKey.exe utility
  • A PE file compressed with the LZNT1 algorithm and XOR-encrypted using the four-byte number as a key.

Accordingly, the library proceeded to decrypt the four-byte number using the CryptUnprotectData function, use it to decrypt the .ini file, and then load the decrypted file into the memory of the current process.

Analysis of the decrypted .ini files revealed them to be updated versions of the CloudSorcerer backdoor. After we publicly described this backdoor in early July 2024, the attackers modified it: the new version of CloudSorcerer uses profile pages on the Russian-language social network LiveJournal and the Q&A site Quora as the initial C2 servers:


As with past versions of CloudSorcerer, the profile bios contain an encrypted authentication token for interaction with the cloud service.

PlugY: an implant that overlaps with APT27 tools


Having analyzed the behavior of the newly found CloudSorcerer samples, we found that the attackers used it to download a previously unknown implant. This implant connects to the C2 server by one of three methods:

  • TCP protocol
  • UDP protocol
  • Named pipes

The set of commands this implant can handle is quite extensive, and implemented commands range from manipulating files and executing shell commands to logging keystrokes and monitoring the screen or the clipboard.

Analysis of the implant is still ongoing, but we can conclude with a high degree of confidence that the code of the DRBControl (aka Clambling) backdoor was used to develop it. This backdoor was described in 2020 by Trend Micro and Talent-Jump Technologies. Later, Security Joes and Profero linked it to the APT27 group. The backdoor also has similarities to PlugX.

Our comparison of samples of the PlugY implant (MD5 example: faf1f7a32e3f7b08017a9150dccf511d) and the DRBControl backdoor (MD5: 67cfecf2d777f3a3ff1a09752f06a7f5) revealed that these two samples have the exact same architecture. Additionally, many commands in them are implemented almost identically, as evidenced by the screenshots below:


Command code for retrieving information about connected disks in the DRBControl backdoor (left) and the implant (right)


Command code for retrieving information about the active window in the DRBControl backdoor (left) and the implant (right)


Command code for taking screenshots in the DRBControl backdoor (left) and the implant (right)

Thus, the code previously observed in attacks by APT27 was likely used in developing the implant.

While analyzing the PlugY implant we also noticed that it uses a unique malicious library to communicate with the C2 server via UDP. We found the very same library in the DRBControl backdoor, as well as several samples of the PlugX backdoor, which is popular among Chinese-speaking groups. Apart from DRBControl and PlugX, this library has not been detected in any other malware.


Screenshot of the library communicating with the C2 server via UDP

Tips for attack detection


The implants identified during the attack significantly differ from each other. As such, it’s necessary to use a separate set of IoCs for each malware used in any compromise.

The backdoor that uses Dropbox and is delivered via email can be found by looking for relatively large DLL files (> 5 MB) located in the directory C:\Users\Public. Regular access to the Dropbox cloud in network traffic can serve as an additional indicator of this backdoor’s operation.

The GrewApacha Trojan can be detected by searching for an unsigned file named msedgeupdate.dll in the file system. This file also reaches several megabytes in size.
The PlugY implant that is delivered using the CloudSorcerer backdoor launches a process named msiexec.exe for each user signed to the OS, and also creates named pipes with the name template \.\PIPE\Y. The presence of these two indicators in the system is strong evidence of an infection.

Conclusion


In attacks on government organizations, threat actors often use toolkits that implement a wide variety of techniques and tactics. In developing these tools, they go to the greatest lengths possible to hide malicious activity in network traffic. For instance, the attackers behind the EastWind campaign, for instance, used popular network services (GitHub, Dropbox, Quora, LiveJournal and Yandex.Disk) as C2 servers.

Notably, the EastWind campaign bore traces of malware from two different Chinese-speaking groups: APT27 and APT31. This clearly shows that APT groups very often team up, actively sharing knowledge and tools. To successfully counter such collaborations, we closely monitor the techniques and tactics of APT groups operating around the world.


securelist.com/eastwind-apt-ca…


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

Musk: ma quale attacco DDoS! 9 milioni di ascoltatori per una interessante intervista
poliverso.org/display/0477a01e…
Musk: ma quale attacco DDoS! 9 milioni di ascoltatori per una interessante intervista Lunedì sera sulla piattaforma X Spaces avrebbe dovuto svolgersi la tanto attesa intervista di Elon Musk con l’ex presidente degli Stati Uniti Donald Trump. Tuttavia, l’evento, previsto per le 20:00 è stato rinviato a causa di gravi problemi tecnici.Subito dopo


Musk: ma quale attacco DDoS! 9 milioni di ascoltatori per una interessante intervista

Lunedì sera sulla piattaforma X Spaces avrebbe dovuto svolgersi la tanto attesa intervista di Elon Musk con l’ex presidente degli Stati Uniti Donald Trump. Tuttavia, l’evento, previsto per le 20:00 è stato rinviato a causa di gravi problemi tecnici.

Subito dopo l’inizio della trasmissione si è verificato un problema tecnico e l’intervista è iniziata 42 minuti dopo. Coloro che sono riusciti a connettersi alla piattaforma hanno riferito che la musica lo-fi è stata trasmessa dall’account di Trump per circa 30 minuti.

18 minuti dopo l’inizio previsto, Musk ha annunciato che X era l’obiettivo di un “massiccio attacco DDoS “. Tuttavia, il resto di X sembrava funzionare bene. Una fonte aziendale ha confermato che in realtà non si è verificato alcun attacco di negazione del servizio. Un altro dipendente ha detto che con molta probabilità Musk mentiva riguardo all’attacco.

In una serie di post successivi, Musk ha affermato che lunedì la società ha testato il sistema con 8 milioni di ascoltatori. Quando finalmente l’intervista è iniziata, intorno alle 20:40, X ha riferito che Space aveva 915.000 ascoltatori.

Musk ha ripetuto la dichiarazione sull’attacco DDoS quando finalmente è iniziata la trasmissione. “Come dimostra questo massiccio attacco, l’opposizione semplicemente non vuole che la gente senta ciò che il presidente Trump ha da dire“, ha detto. Quindi, se il miliardario ha mentito, le sue parole sarebbero una sorta di manipolazione politica.

youtube.com/embed/JUlDHBKR-fM?…

Il mancato avvio dell’intervista ha ricordato gli eventi del 2023, quando il governatore della Florida Ron DeSantis annunciò su X la sua partecipazione alla corsa presidenziale. Poi l’evento è stato accompagnato anche da problemi tecnici, che Elon ha spiegato con un sovraccarico dei server.

Il Register inoltre non ha trovato prove di un attacco DDoS contro X. La mappa delle minacce informatiche di Check Point Software non ha registrato livelli insoliti di attività al momento della trasmissione. La mappa degli attacchi DDoS in tempo reale di NetScout ha mostrato solo piccoli attacchi negli Stati Uniti.

Quando finalmente l’intervista è iniziata, era inclusa una retorica e un linguaggio che sarebbero stati familiari ai fan di entrambi i partecipanti. Trump ha criticato le politiche dell’amministrazione Biden, ha definito i suoi oppositori politici radicali pericolosi e ha messo in guardia dalle conseguenze negative. Ha anche fatto alcune dichiarazioni criptiche, inclusa la menzione del “riscaldamento nucleare“.

Entrambi gli interlocutori hanno lamentato l’eccessiva regolamentazione come un ostacolo per le imprese e l’innovazione, chiedendo riforme. Hanno trovato un linguaggio comune sulla questione dello sviluppo delle infrastrutture di trasporto interurbano ad alta velocità, anche se Trump preferisce i treni e Musk preferisce fare affidamento sui tunnel sotterranei.

Durante la conversazione è stato toccato anche il tema della tecnologia. Trump ha espresso preoccupazione per il fatto che il potenziale dell’intelligenza artificiale potrebbe non essere realizzato a causa delle attuali politiche energetiche che danno priorità alle fonti rinnovabili. “L’intelligenza artificiale richiede il doppio dell’energia prodotta attualmente dagli Stati Uniti”, ha affermato il politico. Musk ha espresso l’opinione che la generazione solare diventerà in futuro la principale fonte di energia negli Stati Uniti.

In sintesi, questa intervista, nonostante le difficoltà tecniche, è stata un momento culminante che ha dimostrato sia le capacità che i limiti delle moderne piattaforme di trasmissione online. Ha inoltre offerto al pubblico l’opportunità di ascoltare due figure influenti su un’ampia gamma di questioni attuali, dalla politica all’economia, alla tecnologia e al futuro dell’energia.

L'articolo Musk: ma quale attacco DDoS! 9 milioni di ascoltatori per una interessante intervista proviene da il blog della sicurezza informatica.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

Whacky Science: Using Mayonnaise to Study Rayleigh-Taylor Instability
poliverso.org/display/0477a01e…
Whacky Science: Using Mayonnaise to Study Rayleigh-Taylor Instability Sometimes a paper in a scientific journal pops up that makes you do a triple-take, case in point being a recent paper journals.aps.org/pre/abstract/… by [Aren Boyaci] and [Arindam Banerjee] in Physical Review E titled “Transition to plastic regime for


Whacky Science: Using Mayonnaise to Study Rayleigh-Taylor Instability

Sometimes a paper in a scientific journal pops up that makes you do a triple-take, case in point being a recent paper by [Aren Boyaci] and [Arindam Banerjee] in Physical Review E titled “Transition to plastic regime for Rayleigh-Taylor instability in soft solids”. The title doesn’t quite do their methodology justice — as the paper describes zipping a container filled with mayonnaise along a figure-eight track to look at the surface transitions. With the paper paywalled and no preprint available, we have to mostly rely the Lehigh University press releases pertaining to the original 2019 paper and this follow-up 2024 one.

Rayleigh-Taylor instability (RTI) is an instability of an interface between two fluids of different densities when the less dense fluid acts up on the more dense fluid. An example of this is water suspended above oil, as well as the expanding mushroom cloud during a explosion or eruption. It also plays a major role in plasma physics, especially as it pertains to nuclear fusion. In the case of inertial confinement fusion (ICF) the rapidly laser-heated pellet of deuterium-tritium fuel will expand, with the boundary interface with the expanding D-T fuel subject to RTI, negatively affecting the ignition efficiency and fusion rate. A simulation of this can be found in a January 2024 research paper by [Y. Y. Lei] et al.

As a fairly chaotic process, RTI is hard to simulate, making a physical model a more ideal research subject. Mayonnaise is definitely among the whackiest ideas here, with other researchers like [Samar Alqatari] et al. as published in Science Advances opting to use a Hele-Shaw cell with dyed glycerol-water mixtures for a less messy and mechanically convoluted experimental contraption.

What’s notable here is that the Lehigh University studies were funded by the Lawrence Livermore National Laboratory (LLNL), which explains the focus on ICF, as the National Ignition Facility (NIF) is based there.

This also makes the breathless hype about ‘mayo enabling fusion power’ somewhat silly, as ICF is even less likely to lead to net power production, far behind even Z-pinch fusion. That said, a better understanding of RTI is always welcome, even if one has to question the practical benefit of studying it in a container of mayonnaise.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

US aligns with EU on Google antitrust case, hinting at enforcement measures
poliverso.org/display/0477a01e…
US aligns with EU on Google antitrust case, hinting at enforcement measuresFollowing the recent US court ruling on Google’s market dominance, Washington may be aligning more closely with the Brussels approach to tech competition regulation, hinting at possible enforcement measures.euractiv.com/section/competiti…


US aligns with EU on Google antitrust case, hinting at enforcement measures


Following the recent US court ruling on Google’s market dominance, Washington may be aligning more closely with the Brussels approach to tech competition regulation, hinting at possible enforcement measures.


euractiv.com/section/competiti…


The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

6 Gruppi Criminali sono i responsabili del 50% degli Attacchi Ransomware
poliverso.org/display/0477a01e…
6 Gruppi Criminali sono i responsabili del 50% degli Attacchi Ransomware “Le erbacce devono essere estirpate dalla radice altrimenti non faranno altro che rispuntare da un’altra parte“, questo è il redhotcyber.com/post/il-mondo-… prima metà del 2024 ha visto un costante


6 Gruppi Criminali sono i responsabili del 50% degli Attacchi Ransomware

Le erbacce devono essere estirpate dalla radice altrimenti non faranno altro che rispuntare da un’altra parte“, questo è il cybercrime.

La prima metà del 2024 ha visto un costante aumento dell’attività dei gruppi di estorsione, nonostante gli sforzi significativi delle forze dell’ordine per reprimerli.

Secondo Unit 42, il numero di nuovi post di compromissione dei dati ha raggiunto 1.762, ovvero una media di 294 post al mese. Questo dato conferma che il livello di minaccia dei ransomware rimane elevato, nonostante le operazioni riuscite che non producono specifiche pubblicazioni

Si distinguono in particolare 6 gruppi, che rappresentano oltre la metà di tutti gli incidenti registrati. Sebbene gruppi BlackCat e LockBit abbiano ridotto la loro attività a causa dell’intervento delle forze dell’ordine, nuovi autori di minacce hanno preso il loro posto.

Tra questi spiccano RansomHub e DragonForce.
Confronto dei 6 principali gruppi di ransomware per (tutto il 2023 e la prima metà del 2024)
I settori più colpiti dagli attacchi sono stati il ​​manifatturiero, la sanità e l’edilizia. Il settore manifatturiero è risultato essere il più vulnerabile, con il 16,4% di tutti gli attacchi, confermando l’importanza del settore per il ransomware.

Anche il settore sanitario, pur essendo altamente suscettibile alle interruzioni, ha subito attacchi significativi, con il 9,6% di tutti gli incidenti segnalati. Al terzo posto si colloca invece il settore edile con il 9,4%
Settori colpiti dal ransomware nella prima metà del 2024
Gli Stati Uniti si sono rivelati il ​​Paese con il maggior numero di vittime di ransomware: il 52% di tutti gli incidenti. Tra i primi dieci paesi più colpiti figurano anche Canada, Regno Unito, Germania, Italia, Francia, Spagna, Brasile, Australia e Belgio.
Paesi in cui le organizzazioni sono state colpite dal ransomware nella prima metà del 2014
Gli analisti sottolineano che il motivo principale dell’aumento dell’attività ransomware nel 2024 è stato il rapido sfruttamento delle vulnerabilità recentemente identificate.

I criminali informatici sfruttano attivamente le opportunità per infiltrarsi nelle reti delle vittime, aumentare i privilegi e spostarsi lateralmente all’interno dei sistemi compromessi.

Nella prima metà del 2024 le forze dell’ordine hanno condotto con successo una serie di operazioni che hanno portato all’arresto di figure chiave e al sequestro delle infrastrutture di alcuni dei gruppi più noti. Tuttavia, nonostante questi sforzi, le minacce continuano ad evolversi.

Nuove fazioni stanno riempiendo il vuoto creato dalla chiusura dei player più anziani, evidenziando la necessità di un monitoraggio e un aggiornamento continui delle misure di difesa.

L'articolo 6 Gruppi Criminali sono i responsabili del 50% degli Attacchi Ransomware proviene da il blog della sicurezza informatica.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

Ryobi Battery Pack Gives Up Its Secrets Before Giving Up the Ghost
poliverso.org/display/0477a01e…
Ryobi Battery Pack Gives Up Its Secrets Before Giving Up the Ghost Remember when dead batteries were something you’d just toss in the trash? Those days are long gone, thankfully, and rechargeable battery packs have put powerful cordless tools in the palms of our hands. But when those battery packs go bad, replacing them becomes an expensive proposition. And that’s


Ryobi Battery Pack Gives Up Its Secrets Before Giving Up the Ghost

Remember when dead batteries were something you’d just toss in the trash? Those days are long gone, thankfully, and rechargeable battery packs have put powerful cordless tools in the palms of our hands. But when those battery packs go bad, replacing them becomes an expensive proposition. And that’s a great excuse to pop a pack open and see what’s happening inside.

The battery pack in question found its way to [Don]’s bench by blinking some error codes and refusing to charge. Popping it open, he found a surprisingly packed PCB on top of the lithium cells, presumably the battery management system judging by the part numbers on some of the chips. There are a lot of test points along with some tempting headers, including one that gave up some serial data when the battery’s test button was pressed. The data isn’t encrypted, but it is somewhat cryptic, and didn’t give [Don] much help. Moving on to the test points, [Don] was able to measure the voltage of each battery in the series string. He also identified test pads that disable individual cells, at least judging by the serial output, which could be diagnostically interesting. [Don]’s reverse engineering work is now focused on the charge controller chip, which he’s looking at through its I2C port. He seems to have done quite a bit of work capturing output and trying to square it with the chip’s datasheet, but he’s having trouble decoding it.

This would be a great place for the Hackaday community to pitch in so he can perhaps get this battery unbricked. We have to admit feeling a wee bit responsible for this, since [Don] reports that it was our article on reverse engineering a cheap security camera that inspired him to dig into this, so we’d love to get him some help.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

AI Generativa e Business Oggi: Cosa stanno facendo le Aziende? I Numeri del Report di Google Cloud
poliverso.org/display/0477a01e…
AI Generativa e Business Oggi: Cosa stanno facendo le Aziende? I Numeri del Report di Google Cloud Nonostante lo scetticismo di alcuni analisti, l’intelligenza artificiale redhotcyber.com/post/che-cose-… generativa comincia a portare benefici concreti alle


AI Generativa e Business Oggi: Cosa stanno facendo le Aziende? I Numeri del Report di Google Cloud

Nonostante lo scetticismo di alcuni analisti, l’intelligenza artificiale generativa comincia a portare benefici concreti alle imprese. Questa conclusione può essere tratta sulla base dei risultati di uno studio condotto dal Gruppo Nazionale di Ricerca commissionato da Google Cloud.

L’indagine ha coinvolto 2.508 dirigenti senior di varie aziende. I risultati hanno mostrato che il 61% degli intervistati ha già implementato strumenti di intelligenza artificiale generativa nei propri processi produttivi. Tra questi, l’86% ha notato una crescita dei ricavi superiore al 6%.

L’intelligenza artificiale generativa ha ottenuto risultati particolarmente impressionanti nel campo dell’aumento della produttività del lavoro. Il 43% degli intervistati ha riferito che l’intelligenza artificiale ha avuto un impatto significativo sulla produttività dei dipendenti. Quasi la metà stimava che la produttività fosse più che raddoppiata.

L’intelligenza artificiale generativa ha anche aiutato le aziende a espandere le proprie attività. Il 39% dei dirigenti intervistati ha notato un impatto positivo della tecnologia sulla crescita aziendale. Di questi, il 77% ritiene di essere riuscito a migliorare il processo di acquisizione di nuovi clienti.

Migliorare l’esperienza dell’utente è un’altra area in cui l’intelligenza artificiale generativa ha preso il sopravvento. Il 37% degli intervistati ha notato cambiamenti significativi in ​​questo ambito. L’85% di loro ha riscontrato un aumento del coinvolgimento degli utenti: un aumento del traffico, delle percentuali di clic e del tempo trascorso sul sito. Inoltre, l’80% ha notato un aumento della soddisfazione del cliente.

Anche la sicurezza non è stata lasciata incustodita, con l’intelligenza artificiale generativa che mostra risultati promettenti anche in questo settore. Il 56% dei dirigenti ha confermato che la tecnologia ha contribuito a rafforzare la sicurezza delle proprie organizzazioni. La maggior parte di loro (82%) ha notato che è diventato più facile individuare le minacce e il 71% ha segnalato una riduzione dei tempi per risolvere i problemi.

Tuttavia, vale la pena notare che i dati di questo studio differiscono significativamente dalle statistiche dell’US Census Bureau. Secondo l’Ufficio di presidenza, solo il 5,4% delle aziende statunitensi ha utilizzato l’intelligenza artificiale da febbraio. Anche nel settore dell’informazione, dove il tasso di adozione è più elevato, ha raggiunto solo il 18%.

Tuttavia, un sondaggio del National Research Group mostra un crescente interesse delle imprese per l’intelligenza artificiale generativa. Il 47% degli intervistati prevede di utilizzare le tecnologie intelligenti per sviluppare nuovi prodotti e servizi. E il 49% intende sfruttare i vantaggi delle reti neurali per aumentare i profitti.

Le grandi aziende tecnologiche stanno promuovendo attivamente l’intelligenza artificiale generativa, cercando di convincere i clienti del suo valore. Ad esempio, il CEO di Amazon Andy Jesse ha affermato che il loro assistente AI per lavorare con il codice chiamato “Q” ha permesso all’azienda di risparmiare 260 milioni di dollari. Tuttavia, questo importo rappresenta meno dell’1% dei guadagni di Amazon per l’anno fiscale 2023.

L'articolo AI Generativa e Business Oggi: Cosa stanno facendo le Aziende? I Numeri del Report di Google Cloud proviene da il blog della sicurezza informatica.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

Il tuo Smartphone domani verrà caricato tramite il Wi-Fi
poliverso.org/display/0477a01e…
Il tuo Smartphone domani verrà caricato tramite il Wi-Fi Un team internazionale di ricercatori dell’Università di Tohoku, dell’Università Nazionale di Singapore e dell’Università di Messina in Italia hanno sviluppato un metodo innovativo per convertire l’energia delle onde elettromagnetiche in corrente continua.La nostra vita quotidiana è piena di onde elettromagnetiche.


Il tuo Smartphone domani verrà caricato tramite il Wi-Fi

Un team internazionale di ricercatori dell’Università di Tohoku, dell’Università Nazionale di Singapore e dell’Università di Messina in Italia hanno sviluppato un metodo innovativo per convertire l’energia delle onde elettromagnetiche in corrente continua.

La nostra vita quotidiana è piena di onde elettromagnetiche. Gli edifici sono letteralmente pieni di segnali Wi-Fi , connessioni Bluetooth tra telefoni e cuffie wireless, laptop e stampanti. I router wireless emettono energia sotto forma di radiazione di radiofrequenza, che consente la trasmissione dei dati a vari dispositivi.

Gli scienziati hanno proposto di utilizzare l’energia in radiofrequenza in eccesso nell’ambiente per alimentare piccoli gadget. Questo approccio può ridurre significativamente la dipendenza dalle batterie, prolungarne la durata e ridurre l’impatto negativo sull’ambiente. Questa soluzione può essere particolarmente rilevante per le aree remote dove la sostituzione frequente delle batterie è difficile.

In un articolo pubblicato sulla rivista Nature Electronics, i ricercatori spiegano in dettaglio come sono riusciti a migliorare il raddrizzatore tradizionale, aumentando l’efficienza della conversione dell’energia. Un raddrizzatore converte la corrente alternata, in corrente continua, che scorre in una direzione. Questo processo viene eseguito utilizzando vari componenti, principalmente diodi e condensatori.

Le tecnologie esistenti, come il diodo Schottky, hanno avuto difficoltà a convertire l’energia in modo efficiente. Gli scienziati sono riusciti a superare questi problemi sviluppando un raddrizzatore di spin compatto su scala nanometrica (SR). Il dispositivo è in grado di convertire segnali RF wireless ambientali inferiori a -20 dBm in tensione CC.

La sorgente del segnale deve trovarsi nelle immediate vicinanze del dispositivo elettronico. Tuttavia, i ricercatori stanno lavorando attivamente per migliorare la tecnologia. Forse in futuro verrà integrata un’antenna sul chip per migliorare l’efficienza e la compattezza.

Inoltre, gli scienziati stanno sviluppando connessioni serie-parallele per ottimizzare l’impedenza in grandi schiere di raddrizzatori di spin. Per raggiungere questo obiettivo, i progettisti utilizzano interconnessioni su chip per connettere i singoli SR.

Secondo i ricercatori, la tecnologia dei raddrizzatori di spin può essere facilmente integrata nei moduli di raccolta di energia per alimentare dispositivi elettronici e sensori.

Lo studio della tecnologia apre la strada alla creazione di una soluzione energetica autosufficiente e pulita che può aiutare ad affrontare le sfide del futuro.

L'articolo Il tuo Smartphone domani verrà caricato tramite il Wi-Fi proviene da il blog della sicurezza informatica.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

Original Game Boy Gets Display “Upgrade”
poliverso.org/display/0477a01e…
Original Game Boy Gets Display “Upgrade” Before LCD and LED screens were ubiquitous, there was a time when the cathode ray tube (CRT) was essentially the only game in town. Even into the early 2000s, CRTs were everywhere and continuously getting upgrades, with the last consumer displays even having a semi-flat option. Their size and weight was still a major problem, though, but for a long


Original Game Boy Gets Display “Upgrade”

Before LCD and LED screens were ubiquitous, there was a time when the cathode ray tube (CRT) was essentially the only game in town. Even into the early 2000s, CRTs were everywhere and continuously getting upgrades, with the last consumer displays even having a semi-flat option. Their size and weight was still a major problem, though, but for a long time they were cutting edge. Wanting to go back to this time with their original Game Boy, [James Channel] went about replacing their Game Boy screen with a CRT.

The CRT itself is salvaged from an old video conferencing system and while it’s never been used before, it wasn’t recently made. To get the proper video inputs for this old display, the Game Boy needed to be converted to LCD first, as some of these modules have video output that can be fed to other displays. Providing the display with power was another challenge, requiring a separate boost converter to get 12V from the Game Boy’s 6V supply. After getting everything wired up a few adjustments needed to be made, and with that the CRT is up and running.

Unfortunately, there was a major speed bump in this process when [James Channel]’s method of automatically switching the display to the CRT let the magic smoke out of the Game Boy’s processor. But he was able to grab a replacement CPU from a Super Game Boy, hack together a case, and fix the problem with the automatic video switcher. Everything now is in working order for a near-perfect retro display upgrade. If you’d like to do this without harming any original hardware, we’ve seen a similar build based on the ESP32 instead.

youtube.com/embed/irHI_2WdQXc?…

Thanks to [Lurch] for the tip!


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

Possible Discovery of Liquid Water In Mars’ Mid-Crust by the Insight Lander
poliverso.org/display/0477a01e…
Possible Discovery of Liquid Water In Mars’ Mid-Crust by the Insight Lander hackaday.com/wp-content/upload… of the most sought after substances in the Universe is water – especially in its liquid form – as its presence on a planet makes the presence of life (as we know it) significantly more likely. While there are


Possible Discovery of Liquid Water In Mars’ Mid-Crust by the Insight Lander

One of the most sought after substances in the Universe is water – especially in its liquid form – as its presence on a planet makes the presence of life (as we know it) significantly more likely. While there are potentially oceans worth of liquid water on e.g. Jupiter’s moon Europa, for now Mars is significantly easier to explore as evidenced by the many probes which we got onto its surface so far. One of these was the InSight probe, which was capable of a unique feat: looking inside the planet’s crust with its seismometer to perform geophysical measurements. These measurements have now led to the fascinating prospect that liquid water may in fact exist on Mars right now, according to a paper published by [Vashan Wright] and colleagues in PNAS (with easy-read BBC coverage).

InSight’s mission lasted from November 2018 to December 2022 by which time too much dust had collected on its solar panels and communication was lost. During those active years it had used its seismometer (SEIS) to use the vibrations from natural marsquakes and similar to map the internals of the planet. Based on rock physics models and the data gathered by InSight, there is a distinct possibility that significant liquid water may exist in Mars’ mid-crust, meaning at a depth of about 11.5 to 20 km. Most tantalizing here is perhaps that at these depths, enough liquid water may exist today than may have filled Mars’ past oceans.

Since we’re talking about just a single lander with a single instrument in a single location, it would be highly presumptuous to draw strong conclusions, and at these depths we would have no means to access it. Even so, it would offer interesting ideas for future Mars missions, not to mention underground Mars bases.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

From Vehicle-to-Grid to DIY Home Powerwalls
poliverso.org/display/0477a01e…
From Vehicle-to-Grid to DIY Home Powerwalls As battery-to-grid and vehicle-to-home technologies become increasingly mainstream, the potential for repurposing electric vehicle (EV) batteries has grown significantly. No longer just a niche pursuit, using retired EV batteries for home energy storage has become more accessible and appealing, especially as advancements in DIY solutions


From Vehicle-to-Grid to DIY Home Powerwalls

Maker [Dala] showing powerwall statistics

As battery-to-grid and vehicle-to-home technologies become increasingly mainstream, the potential for repurposing electric vehicle (EV) batteries has grown significantly. No longer just a niche pursuit, using retired EV batteries for home energy storage has become more accessible and appealing, especially as advancements in DIY solutions continue to emerge. Last year, this project by [Dala] showcased how to repurpose Nissan Leaf and Tesla Model 3 battery packs for home energy storage using a LilyGO ESP32, simplifying the process by eliminating the need for battery disassembly.

In the past few months, this project has seen remarkable progress. It now supports over 20 different solar inverter brands and more than 25 EV battery models. The most exciting development, however, is the newly developed method for chaining two EV packs together to create a single large super-battery. This breakthrough enables the combination of, for example, two 100kWh Tesla packs into a massive 200kWh storage system. This new capability offers an accessible and affordable way to build large-scale DIY home powerwalls, providing performance that rivals commercial systems at a fraction of the cost.

With these advancements, the possibilities for creating powerful, cost-effective energy storage solutions have expanded significantly. We do however stress to put safety first at all times.

Hungry for more home powerbanks? We’ve been there before.

youtube.com/embed/skBhH_EwBUE?…


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

New note by cybersecurity
poliverso.org/display/0477a01e…
L’intervista di Elon Musk a Donald Trump ha sviluppato un self DDoS sulla sua stessa piattaforma insicurezzadigitale.com/linter… (Italy e non Italy 😁)Un’intervista attesa da molti (per lo più sovranisti americani) tra il CEO di Twitter, Elon Musk, e l’ex Presidente Donald Trump ha subit


L’intervista di Elon Musk a Donald Trump ha sviluppato un self DDoS sulla sua stessa piattaforma


@Informatica (Italy e non Italy 😁)
Un’intervista attesa da molti (per lo più sovranisti americani) tra il CEO di Twitter, Elon Musk, e l’ex Presidente Donald Trump ha subito una breve interruzione a causa di un attacco DDoS che ha colpito i server della


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

Microsoft Avverte: L’Iran Intensifica gli Attacchi Hacker contro le Elezioni Presidenziali USA
poliverso.org/display/0477a01e…
Microsoft Avverte: L’Iran Intensifica gli Attacchi Hacker contro le Elezioni Presidenziali USA blogs.microsoft.com/on-the-iss… Corporation ha riferito che l’Iran sta intensificando i suoi tentativi di interferire nelle prossime elezioni presidenziali americane. Il rapporto,


Microsoft Avverte: L’Iran Intensifica gli Attacchi Hacker contro le Elezioni Presidenziali USA

Microsoft Corporation ha riferito che l’Iran sta intensificando i suoi tentativi di interferire nelle prossime elezioni presidenziali americane. Il rapporto, pubblicato il 9 agosto, descrive come gli hacker di stato si stiano preparando a diffondere notizie false e cercando di accedere agli account dei candidati.

Uno degli episodi descritti nel rapporto è un attacco di phishing contro un collaboratore della campagna elettorale di uno dei partiti.

2 mesi fa gli è stata inviata una lettera per conto di un ex consulente il cui account era stato precedentemente compromesso. È stato effettuato anche un tentativo di hackerare l’account di uno degli ex candidati alla presidenza. Microsoft non rivela i nomi degli obiettivi.

In totale, il rapporto menziona le attività di quattro diversi gruppi di hacker, ognuno dei quali opera a modo autonomo. Una campagna di notizie false ha preso di mira entrambi i lati dello scacchiere politico.

Recentemente, uno dei gruppi ha violato le risorse interne della campagna di Trump e ha rubato documenti riservati, incluso un dossier su James David Vance. Inoltre si è verificato un caso di compromissione del conto di un dipendente a livello di governo distrettuale. Secondo gli esperti Microsoft, questo incidente faceva parte di un’operazione più ampia.

Gli analisti di Microsoft notano che la crescente attività degli hacker iraniani riflette la loro tattica caratteristica: iniziare a interferire nelle elezioni più tardi rispetto agli altri attori. Secondo il Microsoft Threat Intelligence Center, gli attacchi informatici dell’Iran sono più mirati a interferire con il processo elettorale stesso piuttosto che a cercare di influenzare le opinioni degli elettori.

Clint Watts, direttore generale del Centro, ha osservato che le azioni degli hacker iraniani possono essere divise in due tipologie. Il primo tipo prevede campagne che mirano a suscitare polemiche e influenzare gli elettori negli stati indecisi con questioni elettorali scottanti. Il secondo tipo di attività si concentra sulla raccolta di informazioni sulle campagne politiche, che possono poi essere utilizzate per affinare le strategie.

Il rapporto menziona che una delle piattaforme di notizie false scoperte da Microsoft si rivolgeva al pubblico liberale e chiamava Donald Trump un “elefante oppioide in un negozio di porcellane”. Un’altra piattaforma, rivolta ai conservatori, si è concentrata sulla riassegnazione di genere e su altre questioni LGBT. Entrambe le piattaforme sono state create da uno dei gruppi iraniani.

Watts ha inoltre sottolineato che un altro gruppo di hacker potrebbe prepararsi ad azioni più estreme. I personaggi politici o le comunità possono dover affrontare minacce e provocazioni. L’obiettivo finale di queste azioni sarà quello di creare caos, minare l’autorità e seminare dubbi sull’integrità delle elezioni.

In precedenza il governo americano aveva già accusato gli iraniani di aver tentato di interferire nelle elezioni. Uno dei più famosi è stato il caso del gruppo di estrema destra Proud Boys: per suo conto gli hacker iraniani hanno inviato lettere agli elettori democratici.

Altri rapporti Microsoft di quest’anno hanno evidenziato anche i tentativi della Cina di utilizzare l’intelligenza artificiale per influenzare le elezioni.

L'articolo Microsoft Avverte: L’Iran Intensifica gli Attacchi Hacker contro le Elezioni Presidenziali USA proviene da il blog della sicurezza informatica.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

Cheap DIY Button Pad Uses Neat Punchcard Trick
poliverso.org/display/0477a01e…
Cheap DIY Button Pad Uses Neat Punchcard Trick A StreamDeck is effectively a really cool box full of colorful buttons that activate various things on your PC. They’re fun and cool but they’re also something you can build yourself if you’re so inclined. [Jason] did just that for his sim racing setup, and he included some nifty old-school youtube.com/watch?v=CaWsJdYNwy…


Cheap DIY Button Pad Uses Neat Punchcard Trick

A StreamDeck is effectively a really cool box full of colorful buttons that activate various things on your PC. They’re fun and cool but they’re also something you can build yourself if you’re so inclined. [Jason] did just that for his sim racing setup, and he included some nifty old-school tech as well.

An ESP32 is at the core of the build, listening to button presses and communicating with the PC. However, the build doesn’t actually use regular buttons. Instead, it uses infrared sensors wired up in a matrix. This was an intentional choice, because [Jason] wanted the device to be reconfigurable with different paper card overlays. There are ways to do this with regular buttons too, but it works particularly well with the infrared technique. Plus, each button also gets a Neopixel allowing its color to be changed to suit different button maps.

What’s really neat is that the button maps change instantly when a different overlay card is inserted. [Jason] achieved this with an extra row of infrared sensors to detect punched holes in the bottom of the overlay cards.

Once upon a time, even building your own keyboard was an uphill battle. Today, it’s easier than ever to whip up fun and unique interface devices that suit your own exact needs. That’s a good thing! Video after the break.

youtube.com/embed/CaWsJdYNwyQ?…


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

Stemfie, The 3D-Printable Construction Set
poliverso.org/display/0477a01e…
Stemfie, The 3D-Printable Construction Set Construction kit toys are cited by many adults as sparking great creativity and engineering talent in their youth. LEGO, Meccano, K’NEX, Lincoln Logs—these are all great commercial options. But what about printing your very own construction kit at home? stemfie.org/ Meethttps://hackaday.com/wp-content/uploads/2024/08/SPS-000003_Deskt


Stemfie, The 3D-Printable Construction Set

Construction kit toys are cited by many adults as sparking great creativity and engineering talent in their youth. LEGO, Meccano, K’NEX, Lincoln Logs—these are all great commercial options. But what about printing your very own construction kit at home? Meet Stemfie.

Fundamentally, Stemfie isn’t that different from any other construction kit you might have seen before. It has various beams and flat plates that are full of holes so they can be assembled together in various ways. It also uses bolts, spacers, and small plastic nuts that can be tightened using a special hand tool. Think of a mixture between LEGO Technic and Meccano and that will get you in the ballpark. It includes neat motion components too, including gears, wheels, and even a large flat spring!

What can you build with it? Well, as every construction kit toy says, you’re only limited by your imagination! However, if your imagination is especially small, you can just use the Stemfie 3D YouTube channel for inspiration. It features everything from a ping pong ball catapult to a rubber-band driven car. Plus, since it’s all 3D printed, you can simply scale up the parts and build even bigger designs. Like a giant catapult that can hurl entire water jugs. Fun!

We’ve seen other projects in this vein before. One of our favorites is [Ivan Miranda]’s giant 3D printed assembly kit that he uses to build big monster toys.

youtube.com/embed/8AIVcwuRmV4?…

youtube.com/embed/FtJwLNqRd8E?…


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

Portable Router Build: Picking Your CPU
poliverso.org/display/0477a01e…
Portable Router Build: Picking Your CPU I want to introduce you to a project of mine – a portable router build, and with its help, show you how you can build a purpose-built device. You might have seen portable routers for sale, but if you’ve been in the hacking spheres long enough, you might notice there are “coverage gaps”, so to speak. The Pi-hole project is a household staple that keeps


Portable Router Build: Picking Your CPU

I want to introduce you to a project of mine – a portable router build, and with its help, show you how you can build a purpose-built device. You might have seen portable routers for sale, but if you’ve been in the hacking spheres long enough, you might notice there are “coverage gaps”, so to speak. The Pi-hole project is a household staple that keeps being product-ized by shady Kickstarter campaigns, a “mobile hotspot” button is a staple in every self-respecting mobile and desktop OS, and “a reset device for the ISP router” is a whole genre of a hacker project. Sort the projects by “All Time” popularity on Hackaday.io, and near the very top, you will see an OpenVPN &Tor router project – it’s there for a reason, and it got into 2014 Hackaday Prize semifinals for a reason, too.

I own a bunch of devices benefitting from both an Internet connection and also point-to-point connections between them. My internet connection comes sometimes from an LTE uplink, sometimes from an Ethernet cable, and sometimes from an open WiFi network with a portal you need to click through before you can even ping anything. If I want to link my pocket devices into my home network for backups and home automation, I can put a VPN client on my laptop, but a VPN client on my phone kills its battery, and the reasonable way would be to VPN the Internet uplink – somehow, that is a feature I’m not supposed to have, and let’s not even talk about DNSSEC! Whenever I tried to use one of those portable LTE+WiFi[+Ethernet] routers and actively use it for a month or two, I’d encounter serious hardware or firmware bugs – which makes sense, they are a niche product that won’t get as much testing as phones.

I’ve come to hate these little boxes with a passion. By [www.digitalpush.net], CC BY 4.0Solving these problems and implementing my desired features is quite motivational for me – it’s not just that I need my devices to work for me, it’s also that every time I tackle a project like this, I push some cool tech boundaries, find out a number of fun things I can share with you all, and I end up creating yet another device I use to significantly improve my life. What’s more, routers are a sea of proprietary hardware coupled to proprietary software, and it shows. The Pi-hole project is about cutting profit margins, and the Tor network, so you won’t see them on a commercial device. Your Huawei portable router’s battery died? Good luck sourcing a replacement. Router randomly shutting down because of overheating? Either do something and lose your warranty, or send it away for repair for weeks with no guarantee of having it fixed, and stars help you if it’s made by Asus.

Feature Plan


I need a router with an always-on WiFi AP, LTE, Ethernet and an optional WiFi station interface. As for software, I need it to run a lightweight VPN client like Wireguard and route my traffic through it, as well as run a bunch of quality-of-life features – from reasonable static IP allocation and DNS configurability, to captive portal auto-clicking and DNSSEC. The best part about building your hardware is that you can pick your batteries and can choose cells as large as you desire, so it shouldn’t be hard to make it last a day, either.

You also get to pick your own CPU, LTE modem, power management circuits. Thankfully, I have building blocks for most of these, and I’ve discussed them before – let’s talk CPUs first, and next time, go into LTE modem selection.

You might have seen fun boards throughout the last decade – a half-a-GHz CPU, from 64 to 512 MB of external RAM, WiFi and Ethernet interfaces done in hardware, an SPI flash for firmware, a bunch of GPIOs, OpenWRT shipped by default, and no video output interface in sight. You might have bought one for a generic Raspberry Pi grade project, misunderstanding its purpose. It’s a a router CPU board, put into a maker-friendly form-factor – tt will work wonders for routing packets, but it won’t work well for streaming video. I know, because I bought my first board ever with the intention of running mjpg-streamer on it, and as soon as I set it to a reasonable resolution, the CPU went to 100% consumption in a heartbeat.

Perhaps one of the most promising “router CPU” modules to this day. By [Pinguinguy], CC0 1.0There are plenty of boards like this around – the VoCore, the Carambola boards, the BlackSwift boards I keep nostalgically remembering, LinkIt boards, and the Onion Omega modules. Of these, to the best of my knowledge, the Onion Omega 2 is the most up-to-date of them all, so I got one for cheap locally with a breakout – despite their name, they have nothing to do with Tor routing, though I do aim to change that. The Omega-designed breakout is underwhelming in my eyes – they used a powerbank IC to add battery backup functionality, with all the inefficiency and bugs that entails. As you might already know, you literally don’t need to do that.

Still, it ships with OpenWRT, it’s reasonably open, and it’s got everything I need. I started this project in 2018, but thankfully, I picked well – the Onion Omega repositories are active to this day, which means that, to this day, I can resume my project by just reflashing OpenWRT to a newer version; if you don’t do this, you can’t use the repositories meaningfully, which is a large part of the fun!
Want to prototype a project that contains multiple components? Just tape them to a piece of board while you map it out and test things together!
Could you pick something more powerful? Yes, absolutely – a Raspberry Pi would have a beefier CPU for anything I’d want to hack – in fact, many boards today can boast a faster CPU and better peripherals. My hunch, however, is that native WiFi and Ethernet are an important thing to have – I don’t want to go full USB for everything I need, lest I get throttled by the 480 Mbps restriction. Also, I do want to make sure the module I pick is well-suited for the task in aspects I might not even foresee yet, and it just feels right to use a router CPU.

In short, I’m cool with throttling my Internet uplink in some ways, as long as this gives me a bunch of cool features in return; later on, I can do a market review and see if there’s a more suitable board I could integrate, but until then, I see no boards like this. Do you have better CPU board suggestions for a portable router? Drop them in the comments down below.

Choice Outcomes


So, this is what I set out to do – use an Onion Omega as my personal WiFi repeater, for now, without an LTE uplink integrated. I’ve used it as my portable router, in a half-complete configuration, and here’s what I found. First off, the WiFi adapter allows combined STA (station=client) and AP (access point=hotspot) mode – something that might feel like a pretty nifty feature to you, and it did to me. Initially, I thought this would allow me to do WiFi forwarding easily – and it did, but as soon as I leave the house with the router in my backpack and the STA mode goes inactive, things break.
Test setup, creating an access point with an Ethernet uplink. With two 18650 cells, no LTE enabled, it works for about 20 hours.
Here’s a bug – if you expect an always-on AP and an occasionally active STA, your AP will be regularly glitching out, at least on the Onion Omega, and this is a fundamental problem that might translate into other hardware too. This is because, whenever the STA interface is disconnected, it needs to periodically re-scan the network to see if it needs to reconnect to an AP. Your WiFi radio needs to stop and drop what it’s doing, including any ongoing transmissions, and listen to the aether for a while – switching between different channels while at it. This is very noticeable when doing live audio or video streaming; if you do a local file transfer over the AP’s network and the transfer speed is plotted, there will be visible gaps in the transmission speed.

First lesson – scrutinize cool features like the combined STA+AP modes if you’re actually building a network you want to rely on, especially if you don’t see them – you will notice that many devices don’t come with STA+AP simultaneous connection support out of the box. Sharing an antenna for two different purposes at once feels like an error-prone situation, and if you’re having a connectivity problem, you will want to look into that.

Is the hardware support ideal? No. Is this fun so far? Yes, absolutely, and it gives some cool insights into features you might consider worth building your project around. Does this router beat the performance of a Huawei battery-powered router I used to carry in my pocket? Yep, it already has quite a few important features I always wanted to have, like static IP assignments and an Ethernet port I can use for an uplink. Now, it doesn’t have LTE just yet – let’s talk about that in the next article, showing you how to pick an LTE modem, and what can you do to make the process significantly easier for you.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

Il Passato Segreto di Thomas White: Da Criminale del Dark Web a Fondatore di DDoSecrets
poliverso.org/display/0477a01e…
Il Passato Segreto di Thomas White: Da Criminale del Dark Web a Fondatore di DDoSecrets Thomas White, uno dei fondatori dell’organizzazione Distributed Denial of Secrets ( DDoSecrets ddosecrets.com/), ha recentemente rivelato informazioni sul suo passato criminale. Dopo aver scontato una pena detentiva di cinque anni, White ha


Il Passato Segreto di Thomas White: Da Criminale del Dark Web a Fondatore di DDoSecrets

Thomas White, uno dei fondatori dell’organizzazione Distributed Denial of Secrets ( DDoSecrets ), ha recentemente rivelato informazioni sul suo passato criminale. Dopo aver scontato una pena detentiva di cinque anni, White ha condiviso i dettagli delle sue attività con 404 Media.

DDoSecrets, che White ha co-fondato con Emma Best nel 2018, è diventata una piattaforma chiave per la pubblicazione di fughe di dati su larga scala, riempiendo la nicchia precedentemente occupata da WikiLeaks. Tuttavia, è stato rivelato che prima di fondare DDoSecrets, White era profondamente coinvolto in attività criminali sul dark web.

Alla fine del 2013, dopo che l’FBI ha chiuso il famigerato mercato della droga Silk Road e arrestato il suo creatore Ross Ulbricht, White ha assunto il ruolo del suo successore. Sotto lo pseudonimo di Dread Pirate Roberts 2.0, lui, insieme all’utente Defcon (in seguito identificato come ex dipendente di SpaceX Blake Bentall), ha lanciatoSilk Road 2.0. L’investigatore della National Crime Agency Paul Choles ha detto che White “era il capo” dell’operazione.

Le attività criminali di White non si limitavano al traffico di droga. È stato arrestato nel novembre 2014 e, quando la polizia ha perquisito il suo appartamento di Liverpool, ha trovato un laptop contenente 464 immagini di categoria A di abusi sui minori, la classificazione più grave. Inoltre, si è scoperto che White aveva discusso con l’amministratore di Silk Road 2.0 l’idea di creare un sito web per pedofili, sostenendo che avrebbero potuto ricavarne dei soldi. Successivamente ha chiarito che le sue parole erano state dette più come un processo di pensiero provocatorio e non riflettevano le sue vere intenzioni.

Nonostante i suoi trascorsi criminali, White ha iniziato a collaborare con Emma Best nel 2015, utilizzando lo pseudonimo di The Cthulhu per vari progetti di archiviazione e fuga di dati. Questa collaborazione ha infine portato alla creazione di DDoSecrets nel 2018, con White che si è occupato degli aspetti tecnici, tra cui la registrazione del dominio e la configurazione del server. Ha detto che le forze dell’ordine e le agenzie di intelligence erano probabilmente a conoscenza del suo coinvolgimento perché il server era inizialmente registrato a suo nome.

Emma Best ha confermato che tutti i membri di DDoSecrets conoscevano il passato di Thomas White. Informazioni al riguardo non sono state rese pubbliche in precedenza per garantire la sicurezza del lavoro del team e per evitare possibili problemi legali per White legati alla sua partecipazione al progetto.

Il caso di White è rimasto soggetto a rigide restrizioni sulla copertura mediatica fino alla sua conclusione. Nel 2019 è stato condannato a cinque anni e quattro mesi di carcere dopo essersi dichiarato colpevole di traffico di droga, riciclaggio di denaro e creazione di immagini indecenti di bambini. Afferma di non aver avuto alcun coinvolgimento diretto nell’operazione DDoSecrets mentre scontava la pena.

L'articolo Il Passato Segreto di Thomas White: Da Criminale del Dark Web a Fondatore di DDoSecrets proviene da il blog della sicurezza informatica.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

DIY Gaming Laptop Built Entirely With Desktop Parts
poliverso.org/display/0477a01e…
DIY Gaming Laptop Built Entirely With Desktop Parts Gaming laptops often tend towards implementing more desktop-like hardware in the pursuit of pure grunt. But what if you were to simply buy desktop hardware yourself, and build your own gaming laptop? That would be very cool, as [Socket Science] demonstrates for us all. youtube.com/watch?v=SfUCBTpOvC… project


DIY Gaming Laptop Built Entirely With Desktop Parts

Gaming laptops often tend towards implementing more desktop-like hardware in the pursuit of pure grunt. But what if you were to simply buy desktop hardware yourself, and build your own gaming laptop? That would be very cool, as [Socket Science] demonstrates for us all.

The project began with lofty goals. The plan wasn’t to build something rough and vaguely laptop-like. [Socket Science] wanted to build something of genuine quality, that for all intents and purposes, looked and worked like a proper commercial-grade laptop. Getting to that point took a full 14 months, but the final results are impressive.

Under the hood lies an AMD Ryzen 5 5600X and a XFX Radeon RX6600, hooked into an ITX motherboard with some low-profile RAM sticks. Those components were paired with a thin keyboard, a touchpad, and a portable gaming monitor. Getting all that into a thin laptop case, even a custom one, was no mean feat. Ports had to be cut down to size, weird ribbon cables had to be employed, and heatsinks and coolers had to be rearranged. To say nothing of all the work to 3D print a case that was strong and actually worked!

The full journey is quite the ride. If you want to go right back to the start, you can find part one here.

We’ve seen some builds along these lines before, but seldom few that get anywhere near this level of fit and finish. Oftentimes, it’s that kind of physical polish that is most difficult to achieve. All we can say is “Bravo!” Oh, and… video after the break.

youtube.com/embed/SfUCBTpOvCE?…


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

Attenzione a Google Quick Share! Delle Vulnerabilità Critiche Consentono RCE
poliverso.org/display/0477a01e…
Attenzione a Google Quick Share! Delle Vulnerabilità Critiche Consentono RCE Numerose vulnerabilità redhotcyber.com/post/vulnerabi… nell’utilità di trasferimento dati redhotcyber.com/post/quic-prot… Share


Attenzione a Google Quick Share! Delle Vulnerabilità Critiche Consentono RCE

Numerose vulnerabilità nell’utilità di trasferimento dati Quick Share possono essere utilizzate per eseguire attacchi MiTM e inviare file a dispositivi Windows senza il permesso del destinatario, hanno affermato gli specialisti di SafeBreach.

Quick Share è un’utilità di condivisione file P2P disponibile per gli utenti di dispositivi con Android, Chrome e Windows. Ti consente di inviare file a dispositivi compatibili nelle vicinanze, supportando Bluetooth, Wi-Fi, Wi-Fi Direct, WebRTC e NFC.

Sviluppata originariamente per Android con il nome Nearly Share e rilasciata per Windows nel luglio 2023, l’utilità è stata ribattezzata Quick Share nel gennaio 2024 dopo che Google ha unito la sua tecnologia con Quick Share di Samsung. Google sta inoltre collaborando con LG per preinstallare l’utilità su alcuni dispositivi Windows.

Gli specialisti di SafeBreach hanno studiato il protocollo a livello di applicazione utilizzato da Quick Share per trasferire file tra dispositivi e hanno immediatamente scoperto 10 vulnerabilità, inclusi problemi che consentono l’esecuzione di codice remoto in Windows.

I bug rilevati includono due errori di scrittura di file remoti non autorizzati in Quick Share per Windows e Android, nonché otto problemi in Quick Share per Windows relativi alla connessione Wi-Fi forzata, all’attraversamento di directory remote e al Denial of Service (DoS).

Questi errori consentono la scrittura di file sul dispositivo in remoto (senza l’autorizzazione dell’utente), causano l’arresto anomalo, reindirizzano il traffico a un punto di accesso Wi-Fi specifico.
Catena di attacco sviluppata dai ricercatori
Ora tutte le vulnerabilità sono già state corrette con il rilascio della versione 1.0.1724.0 e agli errori rilevati vengono assegnati due identificatori comuni: CVE-2024-38271 (5,9 punti sulla scala CVSS) e CVE-2024-38272 (7,1 punti sulla scala CVSS ) nella scala CVSS.

Secondo SafeBreach, il protocollo di comunicazione Quick Share è “altamente generico, contiene classi astratte e di base, nonché una classe di gestione per ciascun tipo di pacchetto Inoltre, abbiamo scoperto che funziona in qualsiasi modalità. Pertanto, anche se il dispositivo è configurato per accettare file solo dai contatti dell’utente, possiamo comunque inviargli un file che non richiede conferma”, affermano i ricercatori.

Pertanto, una volta installato, Quick Share crea un’attività pianificata che controlla ogni 15 minuti per vedere se l’applicazione è in esecuzione e la avvia se necessario. Gli esperti hanno utilizzato il CVE-2024-38271 per creare una catena RCE: l’attacco MiTM ha permesso loro di rilevare quando i file eseguibili venivano scaricati tramite il browser, quindi gli esperti hanno sfruttato il problema di path traversal per sovrascrivere il file eseguibile con il proprio file dannoso

Attualmente i ricercatori di SafeBreach hanno già pubblicato informazioni tecniche dettagliate sulle vulnerabilità scoperte e ne hanno anche presentato una presentazione alla recente conferenza DEF CON 32 .

L'articolo Attenzione a Google Quick Share! Delle Vulnerabilità Critiche Consentono RCE proviene da il blog della sicurezza informatica.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

The Long, Slow Demise of DVD-RAM
poliverso.org/display/0477a01e…
The Long, Slow Demise of DVD-RAM While CDs were still fighting for market share against cassettes, and gaming consoles were just starting to switch over to CD from cartridge storage, optical media companies were already thinking ahead. Only two years after the introduction of the original PlayStation, the DVD Forum had introduced the DVD-RAM standard: 2.58 GB per side of a disc in a protective cad


The Long, Slow Demise of DVD-RAM

While CDs were still fighting for market share against cassettes, and gaming consoles were just starting to switch over to CD from cartridge storage, optical media companies were already thinking ahead. Only two years after the introduction of the original PlayStation, the DVD Forum had introduced the DVD-RAM standard: 2.58 GB per side of a disc in a protective caddy. The killer feature? Essentially unlimited re-writeability. In a DVD drive that supports DVD-RAM, they act more like removable hard drive platters. You can even see hard sectors etched into the media at the time of manufacture, giving DVD-RAM its very recognizable pattern.

At the time, floppy drives were still popular, and CD-ROM drives were increasingly available pre-installed in new computers. Having what amounted to a hard drive platter with a total of 5 GB per disc should have been a killer feature for consumers. Magneto-optical drives were still very expensive, and by 1998 were only 1.3 GB in size. DVD-RAM had the same verify-after-write data integrity feature that magneto-optical drives were known for, but with larger capacity, and after the introduction of 4.7 GB size discs, no caddy was required.

So why didn’t DVD-RAM completely take over removable storage? The gigabyte-size MO drives in 2002 sold for about $400 in 2001 (roughly $721 today), whereas the first 4.7 GB DVD-RAM drives sold in 1998 for $500-$800, with blank discs costing $30 for single-sided and $45 for double-sided, which would have been 9.4 GB total per disc. Around the same time, MO discs with 1.3 GB capacity were often around $20-$25, though they varied widely. So we can see the up-front cost for a DVD-RAM drive was higher, with the media cost per megabyte lower.

Another benefit of DVD-RAM over MO drives was the ability to do hard-drive-like fast random seeks and support various filesystems, allowing non-contiguous data. MO drives were typically quite a bit slower, though they had a decent continuous write speed if writing large blocks of data contiguously. Around this same time, devices like the LS-120 and ZIP drive were trying to replace floppy drives, but their relatively small media sizes of 120 MB / 240 MB and 100 MB / 250 MB couldn’t do the same things DVD could do. Despite this, the Iomega ZIP in particular did have some breakthrough success. This was mostly because of the relatively low drive cost, and the price per 100 MB ZIP disk being $10-$15 on average. These were more expensive per MB than DVD-RAM or MO, but with lower overall consumer investment. So it really seems like the up-front drive costs for DVD-RAM kept them from becoming ubiquitous, though reviews at the time showed that those who bought and used the drives loved them and felt they were an economical way to store and transfer data.
A DVD-RAM disc, with its distinct hard sector pattern clearly visible

DVD-RAM, What’s It Good For?


One of the killer apps for DVD-RAM ended up being Personal Video Recorders, or PVRs. The TiVo introduced consumers to the idea of easy, high-quality timeshifting without having to faff about with the timer feature on their VCRs. A DVD-RAM-based PVR could easily record many shows in high quality, play them back instantly, and be used an essentially unlimited number of times. With the purchase of 3-4 DVD-RAM discs, you could easily record and store your favourite TV shows and later transfer them to another medium for long-term storage. Similarly, DVD-RAM drives in handheld camcorders made a lot of sense, but for various reasons, DVD-RW and some tape formats continued to dominate in that field.

For archival and backup purposes, CD-R, DVD-R and even LTO tape drives were still much more popular. Despite write-once optical media being single-use, the much lower media cost and the rapidly falling price of CD and then DVD burners meant they were much more popular. Many consumers didn’t even realize that their newly purchased DVD burner could almost certainly also support DVD-RAM discs. And for audio and video, write-once media made more sense for the vast majority of end users. Though CD-RW and DVD-RW weren’t quite as popular as the write-once media, they remained more popular than DVD-RAM despite lacking the extreme write endurance of DVD-RAM. It’s hard to say definitively why this is the case, though consumer confusion about all the different blank media formats likely played a part. People were already confused enough about the difference between DVD-R and DVD+R!

Of course, we can’t talk about DVD-RAM’s downfall without mentioning USB flash drives. First introduced commercially around 1999 in sizes of 8 MB, by 2002 drives in the 1 GB – 2 GB capacity were available. These were much smaller and lighter than optical media and had very fast read/write speeds (comparatively) — especially with USB 2.0 becoming popular. Their cost and ubiquity were the death knell not only for DVD-RAM as a portable storage format, but also floppies, magneto-optical, ZIP drives, and essentially everything except for CD-R and DVD-R for audio and movie burning, respectively. While USB drives didn’t have the write endurance of DVD-RAM drives, for most users this wasn’t a problem — they were just transferring office documents, pictures, and other files back and forth between computers. If one started to wear out, another could be cheaply purchased.

So in 2024, is there any use for DVD-RAM left? I recently purchased a pack of 6 brand-new, Japanese-made Panasonic DVD-RAM discs to test out with my USB DVD burner. Essentially all DVD drives still support DVD-RAM, though as Technology Connections discovered in his rundown on the format, the drive firmware support for DVD-RAM seems to be slapdash and lacking in many ways. Write speeds are nowhere near what they should be. On my Arch Linux laptop, I couldn’t believe how slow copy speeds were. iostat showed utilization of less than 1% of the available bandwidth, and with the disc constantly speeding up and spinning down, I was seeing speeds way under 50 kB/s most of the time. Considering DVD-RAM discs support up to 3x (4140 kB/s), something was clearly wrong.

I connected the drive to my Windows 10 virtual machine and saw mostly similar speeds, except when writing an ISO to the drive. Because this seems to be a firmware issue, the usefulness of DVD-RAM for doing backups of important files depends entirely on the drive you happen to own. My idea was to back up all my code, schematic, and PCB design files as they are the most valuable files on my laptop. If I can find a decent drive, I might still follow through — but with 128GB USB drives being less than the cost of the 6 DVD-RAM discs I bought, I can’t say it’s economical, more just for the nerd cred.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

Euronews ha incontrato @echo_pbreyer per discutere della sua battaglia in corso per la privacy online e della sua prospettiva sull'impatto trasformativo delle tecnologie emergenti.

"Credo che #privacy e sicurezza non siano reciprocamente esclusive; in effetti, la privacy è una componente essenziale della vera sicurezza"

@privacypride

euronews.com/next/2024/08/13/e…

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

APT trends report Q2 2024
poliverso.org/display/0477a01e…
APT trends report Q2 2024 For over six years now, Kaspersky’s Global Research and Analysis Team (GReAT) has been sharing quarterly updates on advanced persistent threats (APTs). These summaries draw on our threat intelligence research, offering a representative overview of what we’ve published and discussed in more detail in our private APT reports. They’re designed to highlight the key events and


APT trends report Q2 2024

For over six years now, Kaspersky’s Global Research and Analysis Team (GReAT) has been sharing quarterly updates on advanced persistent threats (APTs). These summaries draw on our threat intelligence research, offering a representative overview of what we’ve published and discussed in more detail in our private APT reports. They’re designed to highlight the key events and findings that we think people should know about.

In this latest installment, we focus on activities that we observed during Q2 2024.

Readers who would like to learn more about our intelligence reports or request more information about a specific report, are encouraged to contact intelreports@kaspersky.com.

Most notable findings


In March, a backdoor was discovered in XZ, a compression utility integrated into many popular distributions of Linux. The backdoored library
liblzma is used by the OpenSSH server process sshd. OpenSSH is patched to use systemd features on a number of systemd-based distributions, including Ubuntu, Debian and RedHat/Fedora Linux, and therefore depends on this library (Arch Linux and Gentoo are not affected). The code was inserted in February and March 2024, mostly by Jia Cheong Tan – probably a fictitious identity. The likely goal of the attack was to introduce exclusive remote code execution capabilities into the sshd process by targeting the XZ build process, and then to push the backdoored code to major Linux distributions as a part of a large-scale supply-chain attack. The attackers used social engineering to gain prolonged access to the source/development environment, and extended that access by faking human interactions in plain sight to build credibility for introducing the malicious code.
There are two levels at which the backdoor in the
liblzma library was introduced. The source code of the build infrastructure that generated the final packages was tweaked slightly (by adding an extra file, build-to-host.m4) to extract the next stage script that was hidden in a test case file (bad-3-corrupt_lzma2.xz). The script then extracted a malicious binary component from another test case file (good-large_compressed.lzma) that was linked with the legitimate library during the compilation process to be shipped to Linux repositories. Some of the big vendors ended up shipping the malicious component in beta and experimental builds without realizing it. The compromise of XZ Utils was given the identifier CVE-2024-3094 and a maximum severity score of 10.
The attackers’ initial goal was to successfully hook one of the functions related to RSA key manipulation. In our analysis of the hook process, we focused on the backdoor’s behavior inside OpenSSH, specifically OpenSSH portable version 9.7p1 (the most recent version). Our analysis revealed a number of interesting details about the functionality of the backdoor.

  • The attacker set an anti-replay feature to make sure the backdoor communication couldn’t be captured or hijacked.
  • The author hid the public key for backdoor decryption in the x86 code using a custom steganography technique.
  • The backdoor hooks the logging function to hide its logs of unauthorized connections to the SSH server.
  • The backdoor hooks the password authentication function, which allows the attacker to use any username/password to log in to the infected server without any further checks. It also does the same for public key authentication.
  • The backdoor has remote code execution capabilities, which means the attacker can run any system command on the infected server.

You can read our analysis here, here and here.

Chinese-speaking activity


In an earlier report on ToddyCat, we described various tools used to collect and exfiltrate files of interest to this APT threat actor. One of these tools was PcExter, which was initially only used to exfiltrate data previously collected with the help of other tools, such as FileScan. However, we recently found a new version, PcExter 2.0, which has been completely redesigned and rewritten in .NET to be able to collect the data itself, as well as use an improved file search mechanism. We found several versions of this tool, together with a set of special loaders.

In 2021, we published a private report describing the technical details of QSC, a framework that was discovered while investigating an attack on the telecoms industry in South Asia. While our research did not reveal how the framework was deployed, or the threat group behind it, we continued to monitor our telemetry for further detections of the QSC framework. In October 2023, we saw multiple detections of QSC framework files in the West Asia region targeting an ISP. Our investigation revealed that the target machines had already been infected with Quarian Backdoor version 3 (aka Turian) since 2022, and the same attackers used this access to deploy the QSC framework starting from October 10, 2023. In addition to the QSC framework, the attackers also deployed a new backdoor written in Golang, which we named “GoClient”: we saw the first deployment of this GoClient backdoor on October 17, 2023. After analyzing all the artifacts from this campaign, we assess with medium confidence that the CloudComputating threat actor is behind the deployment of the QSC framework and the GoClient backdoor.

Early in 2023, the activities of GOFFEE were discovered when this threat actor used a modified version of a monitored malicious IIS module called Owowa. Since then, GOFFEE has stopped using Owowa, as well as a PowerShell RCE implant VisualTaskel; however, it has continued to conduct intrusions leveraging PowerTaskel, the threat actor’s previous HTA-based infection chain, and has added a new loader, disguised as a legitimate document and distributed via email, to its arsenal.

We recently found a new remote access tool (RAT) with a low detection rate called SalmonQT that was uploaded from a computer in China to a public multi-scanner platform. What caught our attention was that the sample used GitHub’s REST API to accept instructions and upload data, thereby acting as a C2 (command and control) server. At first glance, it appeared that the path to the GitHub repository had been deleted, but on closer inspection, the repository was set to private and the REST API could only be accessed using the correct token. The C2 server was active from early January 2024 up to the completion of our report at the end of June this year. We attribute this newly discovered RAT with low confidence to the threat actor CNC. CNC (aka APT-C-48) is highly focused on Chinese entities.

Middle East


Gaza Cybergang has been active since at least 2012, targeting the Middle East and North Africa. When we first started tracking the group, its attacks were relatively basic in nature, often relying on publicly available malware families such as QuasarRAT. Nevertheless, the group exhibited a particular TTP that we can still see today – going after only a few targets per campaign. At the start of this year we detected several cases involving Gaza Cybergang in which the threat actor adjusted its TTPs slightly. Instead of using
tabcal.exe as a vehicle to sideload its initial access downloader IronWind, the group switched to setup_wm.exe, another legitimate Windows Media Utility file. The lures were also changed to a more generic theme, rather than focusing on a specific geopolitical situation.

Southeast Asia and Korean Peninsula


We discovered Mysterious Elephant in 2023 while investigating attacks using a set of malware families previously associated with other known threat actors, such as SideWinder and Confucius. As we analyzed the infrastructure, we realized that the attacks were not in fact delivered by any of the previously known actors, but by a new threat actor that we dubbed Mysterious Elephant. The threat actor has remained active since then and has launched several attacks since our initial report. We have discovered a wealth of new malware families developed and used by Mysterious Elephant in its recent attacks, as well as recently created infrastructure and updated tools – mostly backdoors and loaders to minimize detection in the early stages of attacks. In our report, we describe the latest attacks delivered by this threat actor and analyze the newly discovered malware samples and associated infrastructure.

Hacktivism


With the start of the Russian-Ukrainian conflict in February 2022, hundreds of different hacktivist groups have emerged on both sides. One such group is -=Twelve=-. This group announced itself in the information sphere by claiming to have hacked various government and industrial enterprises of the Russian Federation. Some of the targets were published on the group’s official channel on its own platform, while others remained in the shadows. While there are several reports on the internet about the Twelve group from various CTI (Cyber Threat Intelligence) vendors that attempt to describe the group’s activities, we have not seen any that detail the tools and techniques used in the attacks. Our report on Twelve provides a detailed overview of the TTPs used by the group, as well as the connections to its infrastructure.

In February, the Institute of Geography and Statistics of Albania (INSTAT) was attacked. The attack was the work of Homeland Justice – a self-described hacktivist group, but suspected of being a state sponsored group – that has been relentlessly attacking Albanian targets, particularly in the government sector, for over three years. The attackers were able to obtain more than 100TB of data, as well as disrupt the official websites and email services of organizations and wipe database servers and backups. One of the main reasons for the attacks is the presence of a Mujahedeen-e-Khalq (MEK) refugee camp on Albanian territory: Homeland Justice considers this group to be a terrorist organization and believes that specific sectors of the Albanian government and certain companies provide them with support and funding. The threat actor conducts ongoing cyber operations aimed at conveying its anti-MEK political message. They are attempting to garner support among the Albanian people for the government to abandon the MEK – their actions are framed within what are known as psychological operations (PsyOps) campaigns.

We have analyzed the group’s campaign history, which spans almost three years of cyberattacks aimed at exerting long-term pressure on the Albanian government and populace. In our report, we cover its main campaigns, ranging from sophisticated operations involving collaboration with allied groups with the same aims, to opportunistic attacks. We also describe the main techniques employed by the group, which range from exploiting internet-facing servers for initial access, lateral movement activities, expanding the attack surface, to using custom wiping malware and ransomware in the final disruptive phase of the cyber operations. Additionally, we examine the group’s persuasion mechanisms, such as amplifying messaging through social networks and news media, sharing stolen data to gain notoriety and advocate for change, and the continual threat of future attacks to induce a state of permanent vigilance among its targets.

Other interesting discoveries


We discovered a new modular malware framework, which we dubbed “Aniseed Vodka”, on a system in East Africa: the system was infected in 2018. The framework consists of a main module, a JSON-formatted configuration file, and a set of plug-ins. The framework is highly configurable, allowing its operator both to specify operating parameters for plug-ins and to schedule plug-in tasks (such as screen capture, webcam capture, and data exfiltration) at specific intervals. The framework employs anti-detection and anti-forensics techniques, enabling it to operate covertly. It uses non-traditional communication channels to evade network detection, using Google Chat as a C2 channel, Gmail to send alerts and Google Drive as an exfiltration channel. The framework we presented in our report is, as far as we know, not publicly known. We have not been able to tie this framework to an existing threat actor.

Our previous report on DinodasRAT showed a wealth of overlaps in features between the Linux backdoor version and its Windows counterpart, as well as additional Linux-specific functionalities such as persistence through systemd or SystemV. In recent months, we were able to collect more relevant samples, giving us a deeper insight into the Linux variant. There are indications that it has been used in campaigns dating back to 2021. Previously identified as XDealer, an ongoing APT campaign using the Windows version of this threat was disclosed by ESET and named “Operation Jacana”. DinodasRAT was also used in a recent APT campaign, which included both its Windows and Linux versions, as described by Trend Micro. In our latest report on the Linux variant of DinodasRAT, we focus on the network communication with the C2 and the operations performed by the malware on the infected machine, beyond establishing persistence and awaiting C2 commands.

In May 2024, we discovered a new APT targeting Russian government entities. The CloudSorcerer malware is a sophisticated cyber-espionage tool used for stealth monitoring, data collection and exfiltration via Microsoft, Yandex and Dropbox cloud infrastructures. The malware uses cloud resources for its C2 servers, accessing them through APIs using authentication tokens. Additionally, CloudSorcerer uses GitHub as its initial C2 server. CloudSorcerer’s modus operandi of is reminiscent of the CloudWizard APT, which we reported on in 2023. However, the malware code is completely different. We believe that CloudSorcerer is a new threat actor that has adopted a similar method of interacting with public cloud services.

In April, we discovered a previously unknown campaign targeting organizations in Russia, including the government sector, using the Telemos backdoor. The malware is delivered via spear-phishing emails as a ZIP file containing one of two types of dropper – a PE64 executable with an .SCR extension or a Windows Script File with a .WSF extension. These drop and execute a PowerShell-based script with backdoor functionality. We found several malicious samples associated with these attacks and were able to restore the original source code. The main purpose of this threat is espionage – collecting data from browsers such as login credentials, cookies and browsing history, as well as collecting files of interest from available drives on the affected system. The operation cannot be tied to a known threat actor at this point.

Final thoughts


While some threat actors’ TTPs remain the same, such as a heavy reliance on social engineering to gain entry to a target organization or compromising an individual’s device, others have updated their toolsets and broadened the scope of their activities. Our regular quarterly reports are designed to highlight the most significant developments related to APT groups.

Here are the key trends we saw in Q2 2024:

  • The key highlight this quarter was the backdooring of the XZ compression utility integrated into many popular Linux distributions – in particular, the use of social engineering to gain persistent access to the development environment.
  • This quarter we saw APT campaigns focused on Europe, the Americas, Asia, the Middle East and Africa targeting a range of sectors including government, military, telecoms and judicial systems.
  • The purpose of most APT activities is cyber-espionage, although some campaigns are driven by financial gain.
  • Hacktivist attacks have also been a feature of the threat landscape this quarter. Not all of these attacks are focused on areas of open conflict, as illustrated by the attacks on entities in Albania by the Homeland Justice group.

As always, we would like to point out that our reports are the product of our insight into the threat landscape. However, it is important to remember that while we strive for continuous improvement, there is always the possibility that there are other sophisticated attacks that may go unnoticed.

Disclaimer: when referring to APT groups as Russian-speaking, Chinese-speaking or other-language-speaking, we refer to various artifacts used by the groups (such as malware debugging strings, comments found in scripts, etc.) containing words in these languages, based on the information that we obtained directly or that is otherwise publicly known and widely reported. The use of certain languages does not necessarily indicate a specific geographic relation, but rather points to the languages that the developers behind these APT artifacts use.


securelist.com/apt-trends-repo…


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

DIY Rabbit R1 Clone Could Be Neat With More Hardware
poliverso.org/display/0477a01e…
DIY Rabbit R1 Clone Could Be Neat With More Hardware The Teenage Engineering badging usually appears on some cool gear that almost always costs a great deal of money. One such example is the Rabbit R1, an AI-powered personal assistant that retails for $199. It was also revealed that it’s basically a small device running a simple Android app. That raises the question — could


DIY Rabbit R1 Clone Could Be Neat With More Hardware

The Teenage Engineering badging usually appears on some cool gear that almost always costs a great deal of money. One such example is the Rabbit R1, an AI-powered personal assistant that retails for $199. It was also revealed that it’s basically a small device running a simple Android app. That raises the question — could build your own dupe for $20? That’s what [Thomas the Maker] did.

Meet Rappit. It’s basically [Thomas]’s take on an AI friend that doesn’t break the bank. It runs on a Raspberry Pi Zero 2W, which has the benefit of integrated wireless connectivity on board. It’s powered by rechargeable AA batteries or a USB power bank to keep things simple. [Thomas] then wrapped it all up in a cute 3D printed enclosure to give it some charm.

It’s software that makes the Rappit what it is. Rather than including a screen, microphone, or speakers on the device itself, [Thomas] interacts with the Pi-based device via smartphone. It makes it a less convincing dupe of the self-contained Rabbit R1, but the basic concept is the same. [Thomas] can make queries of the Rappit via a simple Android or iOS app he created called “Comfyspace,” and the Rappit responds with the aid of Google’s Gemini AI.

If you’re really trying to duplicate the trend of AI assistants, you really need standalone hardware. To that end, the Rappit design could really benefit from a screen, microphone, speaker, and speech synth. Honestly, though, that would only take you a few hours extra work compared to what [Thomas] has already done here. As it is, [Thomas] could simply throw away the Raspberry Pi and just use the smartphone with Gemini directly, right? But he chose this route of using the smartphone as an interface to keep costs down by minimizing hardware outlay.

If you want a real Rabbit R1, you can order one here. We’ve discussed controversy around the device before, too. Video after the break.

youtube.com/embed/QpYoH_iKno0?…


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

LockBit e rebrand sotto assedio. L’FBI blocca i server di RADAR e DISPOSSESSOR
poliverso.org/display/0477a01e…
LockBit e rebrand sotto assedio. L’FBI blocca i server di RADAR e DISPOSSESSOR L’FBI ha bloccato fbi.gov/contact-us/field-offic… server e siti Web associati al gruppo redhotcyber.com/post/il-ransom…


LockBit e rebrand sotto assedio. L’FBI blocca i server di RADAR e DISPOSSESSOR

L’FBI ha bloccato server e siti Web associati al gruppo ransomware RADAR/DISPOSSESSOR. L’operazione è stata condotta congiuntamente con partner del Regno Unito e della Germania.

Red Hot Cyber ha intervistato RADAR/DISPOSSESSOR circa un mese fa dove il gruppo ha fornito una serie di informazioni sul suo funzionamento.

Di conseguenza, le forze dell’ordine hanno confiscato server e domini utilizzati dagli hacker per sferrare gli attacchi. In particolare sono stati sequestrati 3 server negli USA, 3 server nel Regno Unito, 18 server in Germania nonché diversi domini (radar[.]tld, dispossessor[.]com, cybernewsint[.]com e altri). I siti servivano sia a coordinare gli attacchi che a creare notizie false e piattaforme video.

Dall’agosto 2023, il gruppo DISPOSSESSOR, guidato da un criminale informatico di nome Brain, attacca le piccole e medie imprese in vari paesi, tra cui Stati Uniti, Argentina, Australia, Germania e altri. In totale sono state colpite 43 aziende. Gli hacker sono penetrati nelle reti attraverso vulnerabilità, password deboli e mancanza di autenticazione a più fattori, rubando dati e crittografando i dispositivi delle vittime, negando loro l’accesso alle informazioni.

Dopo l’attacco, se l’azienda non si metteva in contatto, i criminali stessi contattavano i dipendenti tramite e-mail o chiamate, minacciando di pubblicare i dati rubati. Gli aggressori hanno anche inviato collegamenti a piattaforme dove venivano pubblicati i file rubati, aumentando la pressione sulle vittime. Invece di screenshot con informazioni rubate, gli hacker hanno allegato alla pagina di fuga piccoli video che mostravano chiaramente cataloghi con dati rubati.

L’FBI ha esortato chiunque sia stato violato da DISPOSSESSOR a contattare l’Internet Crime Complaint Center (IC3) o la hotline 1-800-CALL dell’FBI.

In precedenza, il gruppo Dispossesor operava come gruppo ransomware, rilasciando dati rubati da altri attacchi ransomware come LockBit. Successivamente gli hacker hanno rivenduto i dati su vari forum clandestini. Nel giugno 2024, i criminali hanno iniziato a utilizzare il ransomware LockBit 3.0 trapelato, che ha aumentato notevolmente la portata dei loro attacchi.

Alcuni ricercatori ritengono che il gruppo sia stato creato da ex membri di LockBit, cosa confermata dagli stessi hacker, ma non è possibile verificare l’autenticità delle loro parole.

L'articolo LockBit e rebrand sotto assedio. L’FBI blocca i server di RADAR e DISPOSSESSOR proviene da il blog della sicurezza informatica.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

Presentato il progetto Franklin al DEF CON. Una visione diversa della sicurezza nazionale
poliverso.org/display/0477a01e…
Presentato il progetto Franklin al DEF CON. Una visione diversa della sicurezza nazionale Alla conferenza DEF CON 2024 è stato lanciato un nuovo ambizioso progetto denominato “Franklin”, che mira ad attrarre specialisti della sicurezza informatica redhotcyber.com/rubriche/alla-… per creare


Presentato il progetto Franklin al DEF CON. Una visione diversa della sicurezza nazionale

Alla conferenza DEF CON 2024 è stato lanciato un nuovo ambizioso progetto denominato “Franklin”, che mira ad attrarre specialisti della sicurezza informatica per creare politiche nel campo della protezione delle infrastrutture critiche.

Il progetto Franklin ha due obiettivi principali:

1. pubblicazione dell’annuale “Hacker’s Almanac”, che includerà le più importanti questioni di sicurezza delle infrastrutture critiche individuate durante la conferenza. Tale documento ha lo scopo di offrire agli hacker l’opportunità di influenzare le discussioni sulla sicurezza nazionale e sulla politica estera. I creatori del progetto stanno attivamente cercando e analizzando i dati ottenuti al DEF CON per includerli nel futuro “Almanacco”.

Tuttavia, qui sorgono alcune difficoltà. Gli hacker sono bravissimi a penetrare nei sistemi, ma creare documentazione è un compito molto più difficile. Resta ancora molto lavoro per tradurre i risultati tecnici in un linguaggio comprensibile a un vasto pubblico, nonché per raccogliere le opinioni dei ricercatori e verificare i risultati del lavoro.

2. Portare l’attenzione dei legislatori e degli esperti politici sulle questioni di sicurezza informatica al fine di creare una risorsa che servirà come base per lo sviluppo di nuove leggi per proteggere le infrastrutture critiche.

È interessante notare che il Progetto Franklin rende omaggio anche a Benjamin Franklin, che creò i primi vigili del fuoco volontari negli Stati Uniti. In questo contesto, l’iniziativa mira a mettere insieme un esercito di hacker volontari e specialisti di sicurezza informatica per aiutare a proteggere le infrastrutture critiche.

La registrazione dei volontari è ora iniziata e si è riscontrato un notevole interesse da parte della comunità per il progetto.

L'articolo Presentato il progetto Franklin al DEF CON. Una visione diversa della sicurezza nazionale proviene da il blog della sicurezza informatica.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

Youth Hacking 4 Freedom 2024 participants' submitted their projects on 30 June. Now, it's the jury's turn to evaluate them.

💥 We are also happy to announce a new sponsor for the contest: @openssf

fsfe.org/news/2024/news-202408…

#yh4f #freesoftware

reshared this

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

RC Submarine Build Starts with Plenty of Research
poliverso.org/display/0477a01e…
RC Submarine Build Starts with Plenty of Research [Ben]’s a 15-year-old who loves engineering and loves taking on new challenges. He’s made some cool stuff over the years, but the high water mark (no pun intended) has to be this impressively documented remote controlled submarine instructables.com/Diy-Rc-Subma… new build starts off with more research than the


RC Submarine Build Starts with Plenty of Research

RC submarine surfaced in a pool

[Ben]’s a 15-year-old who loves engineering and loves taking on new challenges. He’s made some cool stuff over the years, but the high water mark (no pun intended) has to be this impressively documented remote controlled submarine.

His new build starts off with more research than the actual building. [Ben] spent a ton of time investigating the design of the submarine from its shape, to the propeller system, to the best way to waterproof everything, keeping his sub in tip-top shape. He decides to go with the Russian-style Akula submarine, which is probably the generic look that most of us would think of when we hear the word submarine. He had some interesting thoughts on the propeller system (like the syringe ballast we’ve seen before), and which type of motor to use. In the end, he decided with a pump that would fill a chamber with water, allowing the submarine to submerge, or fill with air, making the submarine buoyant, allowing it to resurface.

However, what we found most interesting about his build is how he explains the rationale for all his design decisions and clearly documents his thought process on his project page. We really can’t do [Ben]’s project justice in a short post, so head over to his project page to see it for yourself.

While you’re at it, check out some of these other cool submarine builds that we’ve featured here on Hackaday


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

Sicurezza Online in Cina: Introduzione del Numero di Rete Unico
poliverso.org/display/0477a01e…
Sicurezza Online in Cina: Introduzione del Numero di Rete Unico Il Ministero della Pubblica Sicurezza e l’Amministrazione statale delle informazioni su Internet della Cina hanno sottoposto cac.gov.cn/2024-07/26/c_172367… alla discussione una bozza del nuovo “Regolamento sulla rete nazionale di identificazione personale”. Questo passo mira a


Sicurezza Online in Cina: Introduzione del Numero di Rete Unico

Il Ministero della Pubblica Sicurezza e l’Amministrazione statale delle informazioni su Internet della Cina hanno sottoposto alla discussione una bozza del nuovo “Regolamento sulla rete nazionale di identificazione personale”. Questo passo mira a rafforzare la protezione delle informazioni personali dei cittadini e a creare un sistema affidabile per verificare l’identità su Internet.

La nuova legge si basa su leggi cinesi chiave come la legge sulla sicurezza informatica, la legge sulla protezione dei dati, la legge sulla protezione dei dati personali e la legge contro le telecomunicazioni e le frodi su Internet. Ciò fornisce una solida base giuridica per l’implementazione del nuovo sistema e garantisce che sia conforme alle normative esistenti sulla protezione dei dati e sulla sicurezza informatica.

Una caratteristica fondamentale del nuovo sistema sarà l’introduzione di un “numero di rete” (net ID) e di un “certificato di rete”. Questi strumenti consentiranno agli utenti di registrarsi e verificare in modo sicuro la propria identità online senza rivelare informazioni personali.

Il numero di rete è un identificatore univoco composto da lettere e numeri che corrisponderà alle informazioni personali del cittadino. Un certificato online è un ID digitale che contiene un numero online e informazioni personali crittografate. È importante notare che l’ottenimento di questi ID digitali sarà volontario per i cittadini di età superiore ai 14 anni.

Il nuovo sistema aiuterà a ridurre al minimo la raccolta e l’archiviazione dei dati personali, riducendo così i rischi di fuga di informazioni. La piattaforma fornirà solo i risultati della verifica dell’identità senza la necessità di archiviare dati completi. Nei casi in cui ciò sia necessario, i dati verranno archiviati solo con il consenso dell’utente e nella misura minima necessaria.

Il progetto di legge prevede inoltre requisiti rigorosi per il trattamento e la protezione dei dati personali. Gli utenti devono essere informati delle finalità e delle modalità del trattamento dei loro dati, nonché dei loro diritti e delle misure per proteggere le informazioni.

Il progetto presta particolare attenzione alla tutela dei diritti dei minori. Per i minori di 14 anni, l’ottenimento dell’ID digitale è possibile solo con il consenso dei genitori o dei tutori. Gli adolescenti dai 14 ai 18 anni potranno ottenere un numero di rete e un certificato sotto la supervisione di un adulto.

Le nuove regole incoraggiano le società di Internet ad implementare questo sistema. Qualora l’utente sia stato identificato attraverso la piattaforma nazionale, i servizi non potranno richiedere ulteriori dati personali. Ciò può ridurre significativamente i rischi di fuga di dati e uso improprio.

Il Ministero della Pubblica Sicurezza e l’Amministrazione statale delle informazioni su Internet monitoreranno il funzionamento di questo sistema e garantiranno il rispetto dei requisiti di sicurezza dei dati.

L'articolo Sicurezza Online in Cina: Introduzione del Numero di Rete Unico proviene da il blog della sicurezza informatica.


The Privacy Post ha ricondiviso questo.

Polish billionaire plans to sue Meta over fake advertisements
poliverso.org/display/0477a01e…
Polish billionaire plans to sue Meta over fake advertisementsPolish billionaire Rafal Brzoska and his wife plan to sue Meta over fake advertisements on Facebook and Instagram that feature his face and false information regarding her circulating on the social media platforms.euractiv.com/section/platforms…


Polish billionaire plans to sue Meta over fake advertisements


Polish billionaire Rafal Brzoska and his wife plan to sue Meta over fake advertisements on Facebook and Instagram that feature his face and false information regarding her circulating on the social media platforms.


euractiv.com/section/platforms…


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

A Simple Portable PS4 Build
poliverso.org/display/0477a01e…
A Simple Portable PS4 Build Building a portable console is hard, right? You have to do lots of wiring, maybe trim a few PCBs, and learn all about the finer points of high-end motherboard design! Or, you could keep it simple. That’s just what [Francesco6n] did when he built this portable PS4. instagram.com/francesco6n/p/C4… aim for this build wasn’t to build the


A Simple Portable PS4 Build

Building a portable console is hard, right? You have to do lots of wiring, maybe trim a few PCBs, and learn all about the finer points of high-end motherboard design! Or, you could keep it simple. That’s just what [Francesco6n] did when he built this portable PS4.

The aim for this build wasn’t to build the smallest, sleekest, or prettiest portable PS4. It was just to build a functional one that worked. To that end, the guts of the PS4 was installed in a 3D-printed case decorated with the usual square-circle-cross-triangle motif. A 1024×600 Acer Aspire One laptop display was installed in a clamshell configuration to act as the screen for the build. Inside the case is a large GPU-style cooler which helps keep temperatures down. As for power, there’s no need to plug this thing in everywhere you go. Instead, it’s capable of running for up to 90 minutes continuously thanks to a battery pack consisting of eighteen 18650 cells. In a beautiful touch of cross-platform cooperation, an Xbox 360 supply is used to power the thing when mains power is available.

It’s a neat build, and one that doesn’t overcomplicate things. Projects like this are a great way to get your feet wet with portable console hacking, letting you learn the ropes without too much pressure. More pictures after the break.

View this post on Instagram


A post shared by Francesco Tempra (@francesco6n)



The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

Un Hacker di 19 anni scopre le chiavi API di OpenAI oltre a 66.000 Vulnerabilità sul web
poliverso.org/display/0477a01e…
Un Hacker di 19 anni scopre le chiavi API di OpenAI oltre a 66.000 Vulnerabilità sul web Il 19enne Bill Demirkapi archive.is/DHRRL ricercatore indipendente e redhotcyber.com/post/i-padri-f… white hat, hahttps://www.redhotcyber.com/post/vulnerabilita-cve-2024-21893-ivanti-colpito-da-hacker-cin


Un Hacker di 19 anni scopre le chiavi API di OpenAI oltre a 66.000 Vulnerabilità sul web

Il 19enne Bill Demirkapi ricercatore indipendente e hacker white hat, ha sviluppato un metodo per identificare le vulnerabilità su larga scala su Internet utilizzando fonti di dati non standard.

I risultati del lavoro sono stati presentati alla conferenza Def con di Las Vegas. Tra gli almeno 15.000 segreti rinvenuti (per “segreti” si intendono dati sensibili come password, chiavi API , token di autenticazione, ecc ..) c’erano centinaia di account associati alla Corte Suprema del Nebraska e ai suoi sistemi IT, nonché dati di accesso ai canali Slack dell’università di Stanford .

Di particolare interesse sono state le oltre mille chiavi API appartenenti ai clienti OpenAI. Tra le organizzazioni che hanno inavvertitamente esposto dati sensibili figurano un importante produttore di smartphone, clienti fintech e una società multimiliardaria di sicurezza informatica.

Demirkapi ha anche creato un sistema automatizzato che revoca i dati compromessi, rendendoli privi di valore per i potenziali aggressori.

La seconda area di ricerca riguardava le vulnerabilità dei siti web. L’hacker ha scoperto 66.000 siti con vulnerabilità in sottodomini non utilizzati (“dangling”). Tra le persone colpite figurano alcune delle proprietà web più grandi del mondo, compreso un dominio di prova di proprietà del New York Times.

Per dimostrare i pericoli dei sottodomini vulnerabili, Demirkapi ha condotto un esperimento. Ha pubblicato temporaneamente un articolo satirico sul dominio di prova del New York Times con il titolo provocatorio “Gli Stati Uniti dichiarano guerra alla Russia mentre le tensioni aumentano, inviando onde d’urto attraverso la comunità internazionale”. L’articolo è rimasto disponibile per circa una settimana. Questo esperimento ha mostrato chiaramente come le vulnerabilità possano essere sfruttate per diffondere disinformazione o effettuare attacchi di phishing.

Per trovare le chiavi segrete, il ricercatore si è rivolto a VirusTotal, un servizio di proprietà di Google che viene generalmente utilizzato per scansionare i file alla ricerca di malware. Utilizzando le regole Retrohunt e YARA, ha analizzato oltre 1,5 milioni di campioni alla ricerca di dati sensibili.

Per garantire che le chiavi e i segreti trovati fossero aggiornati, Demirkapi ha eseguito le richieste API. Ciò gli ha permesso di confermare che le informazioni scoperte erano ancora attive e potevano essere utilizzate dagli aggressori.

Per identificare i siti Web vulnerabili, l’esperto ha utilizzato i dati di replica DNS passiva. Di conseguenza, sono stati scoperti più di 78.000 servizi cloud non protetti associati a 66.000 domini di primo livello.

Alon Schindel, vicepresidente della ricerca sulle minacce informatiche presso Wiz, osserva che esiste un’enorme varietà di dati sensibili che gli sviluppatori possono inavvertitamente lasciare nel codice o rivelare durante il processo di creazione del software. Questi includono password, chiavi di crittografia, token di accesso API, segreti del provider cloud e certificati TLS. Schindel sottolinea che il pericolo principale è che la loro divulgazione possa fornire agli aggressori un accesso non autorizzato a basi di codice, database e altre infrastrutture digitali riservate.

Secondo Demirkapi, individuare i problemi è solo metà dell’opera. Ha anche adottato misure critiche per correggere i problemi riscontrati. Ad esempio, OpenAI ha segnalato più di 1.000 chiavi API esposte, dopodiché l’azienda ha fornito una chiave API pubblica per revocare automaticamente i dati compromessi.

Tuttavia, non tutte le aziende erano pronte a collaborare. GitHub e Amazon Web Services hanno negato l’accesso agli strumenti di reporting esistenti. Ciò ha costretto Demirkapi a trovare soluzioni alternative, incluso l’utilizzo di GitHub per caricare automaticamente i segreti per abilitare il sistema di scansione dei dati sensibili della piattaforma .

Daiping Liu, responsabile della ricerca senior presso Palo Alto Networks, afferma che il problema dei domini è diffuso. In ogni momento, decine di migliaia di documenti sono a rischio, ha affermato. Liu aggiunge che i domini più grandi potrebbero essere particolarmente vulnerabili a questo problema perché sono più difficili da gestire e sono più soggetti a errori umani. Questo spiega perché anche giganti come il New York Times potrebbero essere in pericolo.

L'articolo Un Hacker di 19 anni scopre le chiavi API di OpenAI oltre a 66.000 Vulnerabilità sul web proviene da il blog della sicurezza informatica.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

Hydrogen Generation with Seawater, Aluminum, and… Coffee?
poliverso.org/display/0477a01e…
Hydrogen Generation with Seawater, Aluminum, and… Coffee? A team at MIT led by [Professor Douglas Hart] has discovered a new, potentially revelatory method cell.com/cell-reports-physical… for the generation of hydrogen. Using seawater, pure aluminum, and components from coffee grounds, the team was able to generate


Hydrogen Generation with Seawater, Aluminum, and… Coffee?

A team at MIT led by [Professor Douglas Hart] has discovered a new, potentially revelatory method for the generation of hydrogen. Using seawater, pure aluminum, and components from coffee grounds, the team was able to generate hydrogen at a not insignificant rate, getting the vast majority of the theoretical yield of hydrogen from the seawater/aluminum mixture. Though the process does use indium and gallium, rare and expensive materials, the process is so far able to recover 90% of the indium-gallium used which can then be recycled into the next batch. Aluminum holds twice as much energy as diesel, and 40x that of Li-Ion batteries. So finding a way to harness that energy could have a huge impact on the amount of fossil fuels burned by humans!

Pure, unoxidized aluminum reacts directly with water to create hydrogen, as well as aluminum oxyhydroxide and aluminum hydroxide. However, any aluminum that has had contact with atmospheric air immediately gets a coating of hard, unreactive aluminum oxide, which does not react in the same way. Another issue is that seawater significantly slows the reaction with pure aluminum. The researchers found that the indium-gallium mix was able to not only allow the reaction to proceed by creating an interface for the water and pure aluminum to react but also coating the aluminum pellets to prevent further oxidization. This worked well, but the resulting reaction was very slow.

Apparently “on a lark” they added coffee grounds. Caffeine had already been known to act as a chelating agent for both aluminum and gallium, and the addition of coffee grounds increased the reaction rate by a huge margin, to the point where it matched the reaction rate of pure aluminum in deionized, pure water. Even with wildly varying concentrations of caffeine, the reaction rate stayed high, and the researchers wanted to find out specifically which part of the caffeine molecule was responsible. It turned out to be imidazole, which is a readily available organic compound. The issue was balancing the amount of caffeine or imidazole added versus the gallium-indium recovery rate — too much caffeine or imidazole would drastically reduce the recoverable amount of gallium-indium.

This chart shows the incredible acceleration found by adding 0.01M caffeine – from well over 20h down to 5-10m
After some experimentation, they hit a magic number: a 0.02M concentration of imidazole resulted in consistent recovery rates of ~90% of the gallium-indium, which is comparable to the recovery rate in seawater with no catalysts of any kind! This method of hydrogen generation could make marine applications of hydrogen engines much more viable. By only needing to carry aluminum, imidazole and gallium-indium, the safety issues with liquid or compressed hydrogen disappear. This could make marine vehicles cleaner and more efficient while reducing the safety issues already present in carrying diesel or other marine fuels aboard.

The study goes into much, much more detail, so if you want to learn more, be sure to check it out! Thankfully, it’s hosted in an open-access journal so the knowledge is free for all to learn from.

[Thanks to zoobab for the tip, via ScienceDaily!]

Header image CC-BY-SA 4.0


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

Globe-Shaped World Clock Is A 3D-Printed Mechanical Marvel
poliverso.org/display/0477a01e…
Globe-Shaped World Clock Is A 3D-Printed Mechanical Marvel Time zones are a complicated but necessary evil. Humans like the numbers on the clock to vaguely match up with what the sun is doing in the sky outside. To that end, different places in the world keep different time. If you want to keep track of them in a very pretty fashion, you might consider building a fancy


Globe-Shaped World Clock Is A 3D-Printed Mechanical Marvel

Time zones are a complicated but necessary evil. Humans like the numbers on the clock to vaguely match up with what the sun is doing in the sky outside. To that end, different places in the world keep different time. If you want to keep track of them in a very pretty fashion, you might consider building a fancy and beautiful World Clock like [Karikuri] did.

The design is based around a globe motif, mimicking the world itself. Only, on the surface of the globe, there are clock faces instead of individual countries. Each clock runs to its own time, directed by a complicated assemblage of 3D-printed gears. Mechanical drive is sent to the globe from a power base, which itself carries a mechanical seven-segment display. This too can display the time for different regions by using the controls below. It’s also useful for setting the clock to the correct time.

It’s a little difficult to follow the build if you don’t speak Japanese. However, quality subtitles are available in English if you choose to enable them.

We’ve seen [Karikuri’s] work before. We’ve also featured a great many world clocks over the years, including this particularly beautiful example that tracks night and day. Just don’t expect it to keep track of moon time. Video after the break.

youtube.com/embed/Fq-mOtpW9TI?…

[Thanks to MrTrick for sending this in!]


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

New note by cybersecurity
poliverso.org/display/0477a01e…
Il pericolo silenzioso del Sitting Duck Attack insicurezzadigitale.com/il-per… (Italy e non Italy 😁)Tra le minacce emergenti che stanno attirando l’attenzione degli esperti di cybersecurity c’è il cosiddetto “Sitting Duck Attack”, una forma di attacco che, pur essendo relativamente semplice, può avere conseguenze devastanti. Di recent


Il pericolo silenzioso del Sitting Duck Attack


@Informatica (Italy e non Italy 😁)
Tra le minacce emergenti che stanno attirando l’attenzione degli esperti di cybersecurity c’è il cosiddetto “Sitting Duck Attack”, una forma di attacco che, pur essendo relativamente semplice, può avere conseguenze devastanti. Di recente Neural Narrative ne ha spiegato dettagliatamente il funzionamento, che provo a


The Privacy Post reshared this.