The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

Hack On Self: Sense Of Time
poliverso.org/display/0477a01e…
Hack On Self: Sense Of Time Every now and then, a commercial product aims to help you in your life journey, in a novel way, making your life better through its presence. Over the years, I’ve been disappointed by such products far more often than I have been reassured, seeing each one of them rendered unimaginative and purposeless sometimes even despite the creator’s best intentions. The pressures


Hack On Self: Sense Of Time

Every now and then, a commercial product aims to help you in your life journey, in a novel way, making your life better through its presence. Over the years, I’ve been disappointed by such products far more often than I have been reassured, seeing each one of them rendered unimaginative and purposeless sometimes even despite the creator’s best intentions. The pressures of a commercial market will choke you out without remorse, metal fingers firmly placed on your neck, tightening with every move that doesn’t promise profit, and letting money cloud your project’s vision. I believe that real answers can only come from within hacker communities, and as we explore, you might come to see it the same way.

This is the tip of the iceberg of a decade-long project that I hope to demonstrate in a year or two. I’d like to start talking about that project now, since it’s pretty extensive; the overall goal is about using computers to help with human condition, on a personal level. There’s a lot of talk about computers integrating into our lives – even more if you dare consult old sci-fi, much of my inspiration.

Tackling a gigantic problem often means cutting it down into smaller chunks, though, so here’s a small sub-problem I’ve been working on, for years now, on and off: Can you use computers to modify your sense of time?

The Time Question


Ever start your day thinking you will hack on a project, and in the evening, realize you’ve instead done something else entirely? Sometimes you find something cool while distracted, and sometimes, getting distracted comes to haunt you.
maybe one day I will assemble these
This has been a staple of my days as long as I remember my conscious life, and at some point, I started wondering just how much this could be modified. Do you remember one particular project we’ve seen a couple people build, a vibration-based compass build that gives you a sense of where north is? Ironically, I have made PCBs for building my own version of this project – they were designed in 2022, I finally ordered them last year in 2023, and I haven’t gotten to assemble them still.

So, you can give yourself a sense of “where’s north” – something that humans are missing, generally. Technically, humans are also missing a source of time, which is why we always supplemented it with wrist-worn watches and pocket clocks. Having compared my day plans to what actually happens on that day for two decades, I can see that I need something more than that. It’s traditionally been common for me to mis-estimate when exactly I could get something done – I would give an estimate that felt correct, then start doing part of the task and forget about the flow of time, minutes passing by me.

So, there are two problems here. One of them is that, despite having been alive for a fair bit of time, my database of “how much it takes for me to do X” is inaccurate. This makes sense: keeping such references is a conscious effort that might not extend to, and day-to-day situations are highly variable. Still, if someone is relying on me, it would be nice to be aware enough to at least notify that person, and to learn to plan ahead. Another is that it’s easy for me to get and forget about the flow of time. It sure helps me concentrate on articles, but it doesn’t help when someone is waiting on me.

At some point, this started to screw with my sense of self. Really, just how much can you rely on some aspects of your mind if it continuously fails you and people you care about, in a manner that you are expected to “just figure out already”? You have to learn to distrust certain basic aspects of your cognitive processes; again and again, something as “simple” as time planning is weighted down by all the instance of letting people down with zero intention to do so. This is a pretty uncomfortable position to be in, if being honest with yourself is a priority of yours. Unsurprisingly, it also made things pretty difficult when talking about employment or real-life obligations. Something had to be done.

Well, could you give yourself a sense of time, say, with vibromotors? Apparently, you can, but there’s nuance to it. Let me tell you about two projects I’ve built to attempt this, and some basic concepts I learned about human-computer integration.

The Not-A-Bomb Wearable


My first project in this vein grew out of a purpose-less experiment, funnily enough: a project literally called I Made This And I Don’t Know Why – a simple board I built to make use of seven-segment displays our hackerspace had a dozen of. ESP8266, dynamic indication with a shift register, and MicroPython – writing firmware for this board was a nice challenge in writing non-blocking code and finding portions of code to optimize. Soon, the board found a good few purposes – among them, a time tracker.

I decided to solve a simple problem – building a mental database on the amount of time does it take me to get from “start” to “finish” for an arbitrary task. Tracking that was tricky – say, I want to check the length of a bicycle ride from my house to a certain point. I’d need to check my phone at the exact time when I left the house, keep that time in mind, and then, once I’ve arrived to my destination, check again. Both of these require some time to execute and some memory, so, I decided to make an automatic countdown timer. Glancing at my wrist felt significantly easier, so, after some cutting, sewing, and hotglue work, I made one of the IMTAIDKW boards into an oversized watch, and used one of my universal power source designs to power it from a 18650.

There were some setbacks during – notably, this countdown timer required me to patch MicroPython’s ESP8266 port, due to an obscure bug making the time.time() function seriously imprecise; an inaccurate countdown timer wasn’t in my plan. Still, it was a nice experiment – relying on something that you build yourself is always fun, and I’ve added features like adjusting the start time. It was also automatic enough to be useful, with digits large enough and bright enough to be noticeable, still, making for an unobtrusive device, and pretty cool to wear.

The main problem was that I forgot to put it on and start the countdown. It was a purpose-built device, and I only needed it a couple times a day at its very most, so most of the time it stayed off my wrist, and I would even lose track of it sometimes. Another problem was remembering to check the time of arrival, unsurprisingly – looking at my wrist was easy enough, so most of the time I could notice the time difference and go “oh interesting”, but even then, it was easy to forget. The last, main problem, was actually keeping a mental database – turns out that when you need to remember pretty similar datapoints, it’s easy to confuse them. Does it normally take me 15 minutes to get to the city center, or was it the electronics store? This turned out to be pretty easy to mix up.

The lessons from this iteration: decreasing resistance to use is good, collecting data is good, and, you should automate the data collection process if at all possible. I wouldn’t stop here, of course – some time later, I found an even nicer wristband to hack on.

Unconventional Battery Upgrades


The TTGO (or was it Lilygo?) T-Wristband is a fun product – with an ESP32 at its heart, a good few sensors, a 160 x 80 IPS LCD, and a single capacitive button. It’s an old device by now, but when I bought it in the beginning of 2020, it was fun to hack on, and hack it I did, making it run MicroPython. I didn’t know what exactly to do with it, but soon I remembered about the “sense of time” project. At the time, I wanted to tap into my life minute-by-minute and see if I could build a device able to help me notice when I’m distracted. The minimum viable prototype idea was very simple – adding a vibromotor to the watch, then having it vibrate exactly every minute, having it be an “am I currently spending my time correctly” reminder.

The problem was, by the time I came up with that, a good few months passed where the wristband was sitting in a drawer with the battery fully discharged – hurting its capacity a bit, which, at 80 mAh, was already not great. Also, I wanted to be able to keep adding features to the code without carefully balancing sleep modes or having to charge my watch multiple times throughout the day; I just wanted to run code and charge the battery every night at most. So, it got a battery upgrade – a Samsung phone battery glued to, ahem, yet another wristband, and a devboard with vibromotor driver taped on top. After the hardware tweaks, the code itself was seriously easy to write.
despite the added bulk, it was surprisingly fun to wear. at some points, I even added features like remote PC control and a gesture interface!
Whenever I’d notice it vibrating, I’d ask myself – “am I doing the right thing right now?” And, to my surprise, it did catch some distraction moments every now and then, for sure! Oftentimes, I wasn’t doing the right thing, in one way or another, and a reminder about being supposed to do something else was quite welcome. Other times, when I was focused on something, the “am I doing the right thing” question would get a “yes” in my mind, and, it felt good to think that.

It wasn’t as comfortable in times when I wasn’t expecting me to be on top of things – while I’d be resting, the every-minute feedback of the watch would feel annoying and needlessly distracting; soon, I implemented a vibration toggle with the capacitive button, and a few other things. My guess is that the annoyance factor and generally getting used to the vibrations has made me less sensitive to the vibromotor’s signal, which in turn made the wearable less effective at its goal. Apart from that, the battery wire kept breaking every so often, taking the watch out of commission, which made it hard to start properly relying on it.

youtube.com/embed/DJtZOUD4jko?…

On the upside – it turned out that this idea has been floating in collective unconscious for a while now, to the point that it was the point of a watch worn by one of the characters in Mr. Robot, and a relatable one at that. It’s pretty good to get external independent confirmation that an idea of yours has merit! In particular, the video above reminds me a lot of my experiences – I spent less time on my phone and generally less time doing things I didn’t want to do, I was getting up and walking around more often, and, I had add a small feature that mutes the watch when I go to sleep.

It All Worked Out Despite The Plan


Lessons here? If you can hook your device’s signals into producing a thought in your brain, that helps massively – checking for “am I doing the right thing” every minute came to me naturally, and a lot quicker than I expected it to. Context sensitivity is a must for self-help devices- the wearable would’ve had been way more effective if I had some ways to detect that I’m likely to be distracted, as opposed to having it vibrate indiscriminately every minute. In general, make sure your device is not annoying to you in any bad way – it’s supposed to be helping you, so any reason you’re annoyed by it, is a problem for the device’s primary usefulness.

On the hardware side, make your device reliable – building habits takes an ongoing effort, and you want it to be consistent. At the same time, consider building your device as a playground for developing your idea further; this could require a bigger battery, or more space inside the case, or an expansion socket. Reality is to plans what pure oxygen is to paper, and getting things done is typically way more important than getting them right the first time. Last but by no means least, wires suck – I’ve been saying this, and I will repeat that as much as needed.

In the end, I have mostly solved my original problem by tweaking my personal approach to time over the years, learning to over-estimate estimates, and ultimately putting myself in less situation where I am under time pressure – it turned out that was the bigger problem. It would’ve been nice if I could’ve noticed that sooner, but, the devices I’ve built certainly have helped. Today, I still have some sense-of-time solutions I rely on, but they are new, designed with these lessons in mind, and they’re a part of a multi-faceted system that I can only tell you about in the next articles – stay tuned!


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

Benchy In A Bottle
poliverso.org/display/0477a01e…
Benchy In A Bottle Making something enjoyable often requires a clever trick. It could be a way to cut something funny or abuse some peripheral in a way it was never designed for. Especially good tricks have a funny way of coming up again and again. [DERAILED3D] put a 3d printed benchy in a bottle with one of the best tricks 3d printing has.The trick is stopping the print part way through and tweak


Benchy In A Bottle

Making something enjoyable often requires a clever trick. It could be a way to cut something funny or abuse some peripheral in a way it was never designed for. Especially good tricks have a funny way of coming up again and again. [DERAILED3D] put a 3d printed benchy in a bottle with one of the best tricks 3d printing has.

The trick is stopping the print part way through and tweaking it. You can add manual supports or throw in some PTFE beads to make a generator. The benchy isn’t the print being paused; the bottle is. The benchy is a standard print, and the bottle is clear resin. Once halfway through, they paused the print, and the benchy was left suspended in the bottle with a bit of wire. Of course, [DERAILED3D] moved quickly as they risked a layer line forming on the delicate resin after a minute or two of pausing. The difficulty and mess of tweaking a gooey half-finished resin print is likely why we haven’t seen many attempts at playing with the trick, but we look forward to more clever hacks as it gets easier.

The real magic is in the post-processing of the bottle to make it look as much like glass as possible. It’s a clever modern twist on the old ship in the bottle that we love. Video after the break.

youtube.com/embed/CanhlsV40Qw?…


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

New note by cybersecurity
poliverso.org/display/0477a01e…
@floreanaNon possiamo saperlo, ma noi italiani non è che possiamo fare tanto gli splendidi, Considerando che uno dei canali più seguiti su telegram è ultim'ora 24 che è piuttosto filorusso...@Catalin Cimpanu


@floreana
Non possiamo saperlo, ma noi italiani non è che possiamo fare tanto gli splendidi, Considerando che uno dei canali più seguiti su telegram è ultim'ora 24 che è piuttosto filorusso...

@Catalin Cimpanu


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

New note by cybersecurity
poliverso.org/display/0477a01e…
Negli ultimi due anni HotNews . ro, uno dei siti di notizie più grandi e popolari in Romania, è stato inondato da commenti troll filo-russi.Di solito, questi commenti venivano votati negativamente e automaticamente eliminati dai voti degli altri utenti, che ovviamente sapevano cosa stava succedendo.Il sito ha recentemente riprogettato il suo sistema di commenti per rimuovere la possibilità di vota

The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

Creating 1 um Features The Hacker Way
poliverso.org/display/0477a01e…
Creating 1 um Features The Hacker Way [Breaking Taps] has done some lithography experiments in the past, including some test patterns and a rudimentary camera sensor. But now, it’s time to turn it up a notch with 1µm garage semiconductor ambitions youtube.com/watch?v=RuVS7MsQk4… e-beam hackaday.com/2022/12/05/using-…


Creating 1 um Features The Hacker Way

[Breaking Taps] has done some lithography experiments in the past, including some test patterns and a rudimentary camera sensor. But now, it’s time to turn it up a notch with 1µm garage semiconductor ambitions.

The e-beam lithography he’s done in the past can achieve some impressive resolutions, but they aren’t very fast; a single beam of electrons needs to scan over the entire exposure area, somewhat like a tiny crayon. That’s not very scalable; he needed a better solution to make 1µm semiconductors.
Test patterns from the first attempt
In his quest, he starts by trying to do maskless photolithography, using a literal projector to shine light on the target area all at once. After hacking a projector devkit apart, replacing blue with ultraviolet and adding custom optics, it’s time for a test. The process works for the most part but can’t produce fine details the way [Breaking Taps] needs. Unfortunately, fixing that would mean tearing the whole set-up apart for the umpteenth time.

The photomask used in the reduction machine
In either a genius move, or the typical hacker tangent energy, he decides not to completely re-build the maskless lithography machine, but instead uses it to create masks for use in a 10:1 reduction machine, also known as the more traditional mask photolithography. In the end, this works out well for him, reaching just about 2µm effective minimum feature size in this two-step process.

We haven’t even remotely covered everything and there are, of course, always things to improve. And who knows? Maybe we’ll see 1µm semiconductors from [Breaking Taps] in the future.

youtube.com/embed/RuVS7MsQk4Y?…


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

CPDP LatAm 2024: What is Top of Mind in Latin American Data Protection and Privacy? From data sovereignty, to PETs
fpf.org/blog/cpdp-latam-2024-w…
@privacy
On July 17-18, the fourth edition of the Computers, Privacy, and Data Protection Conference Latin America (CPDP LatAm) was held in Rio de Janeiro, Brazil. This year’s theme was on “Data Governance: From Latin America to the G20,”

The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

Show your love for #FreeSoftware! We have restocked our merchandising!

Get yours before we run out of all sizes once again!

🛒 fsfe.org/order/index.en.html

And if you don't want to order online - we'll be at #FrOSCon on the 17th and 18th of August!

reshared this

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

New note by cybersecurity
poliverso.org/display/0477a01e…
Direttiva NIS2, entrata in vigore anticipata. Il Governo vuole fare presto sulla cyber key4biz.it/direttiva-nis2-entr… (Italy e non Italy 😁)Il Governo ha tempo di recepire la Direttiva NIS2 entro il 17 ottobre 2024, ma sembra voglia fare presto nell’approvarla. Il via potrebbe arrivare dopodomani in Con


Direttiva NIS2, entrata in vigore anticipata. Il Governo vuole fare presto sulla cyber


@Informatica (Italy e non Italy 😁)
Il Governo ha tempo di recepire la Direttiva NIS2 entro il 17 ottobre 2024, ma sembra voglia fare presto nell’approvarla. Il via potrebbe arrivare dopodomani in Consiglio dei ministri con l’approvazione del relativo decreto legislativo con cui


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

OpenAI sitting on tool to watermark AI-generated content
poliverso.org/display/0477a01e…
OpenAI sitting on tool to watermark AI-generated contentOpenAI, the creator of ChatGPT, has developed a text watermarking tool that could help it comply with the Artificial Intelligence (AI) Act, but the company has yet to release it, reportedly because it fears losing users.euractiv.com/section/artificia…

The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

A Look Inside the Space Shuttle’s First Printer
poliverso.org/display/0477a01e…
A Look Inside the Space Shuttle’s First Printer There was even a day not too long ago when printers appeared to be going the way of the dodo; remember the “paperless office” craze? But then, printer manufacturers invented printers so cheap they could give them away while charging $12,000 a gallon for the ink, and the paperless office suddenly suffered an extinction-level event of


A Look Inside the Space Shuttle’s First Printer

There was even a day not too long ago when printers appeared to be going the way of the dodo; remember the “paperless office” craze? But then, printer manufacturers invented printers so cheap they could give them away while charging $12,000 a gallon for the ink, and the paperless office suddenly suffered an extinction-level event of its own. You’d think space would be the one place where computer users would be spared the travails of printing, but as [Ken Shirriff] outlines, there were printers aboard the Space Shuttle, and the story behind them is fascinating.

The push for printers in space came from the combined forces of NASA’s love for checklists and the need for astronauts in the early programs to tediously copy them to paper; Apollo 13, anyone? According to [Ken], NASA had always planned for the ability to print on the Shuttle, but when their fancy fax machine wasn’t ready in time, they kludged together an interim solution from a US military teleprinter, the AN/UG-74C. [Ken] got a hold of one of these beasts for a look inside, and it holds some wonders. Based on a Motorola MC6800, the teleprinter sported both a keyboard, a current loop digital interface, and even a rudimentary word processor, none of which were of much use aboard the Shuttle. All that stuff was stripped out, leaving mostly just the spinning 80-character-wide print drum and the array of 80 solenoid-powered hammers, to bang out complete lines of text at a time. To make the printer Shuttle-worthy, a 600-baud frequency-shift keying (FSK) interface was added, which patched into the spaceplane’s comms system.

[Ken] does his usual meticulous analysis of the engineering of this wonderful bit of retro space gear, which you can read all about in the linked article. We hope this portends a video by his merry band of Apollo-centric collaborators, for a look at some delicious 1970s space hardware.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

Gli Stati Uniti Sviluppano un’Intelligenza Artificiale per Prevedere gli Attacchi dei Talebani
poliverso.org/display/0477a01e…
Gli Stati Uniti Sviluppano un’Intelligenza Artificiale per Prevedere gli Attacchi dei Talebani Negli ultimi anni, gli Stati Uniti hanno intrapreso un progetto ambizioso per migliorare la sicurezza in Afghanistan attraverso l’uso redhotcyber.com/post/che-cose-…


Gli Stati Uniti Sviluppano un’Intelligenza Artificiale per Prevedere gli Attacchi dei Talebani

Negli ultimi anni, gli Stati Uniti hanno intrapreso un progetto ambizioso per migliorare la sicurezza in Afghanistan attraverso l’uso dell’intelligenza artificiale (IA). Il sistema, noto come Raven Sentry, è stato progettato per prevedere gli attacchi dei talebani, fornendo avvertimenti tempestivi e mirati alle forze di sicurezza locali e alle autorità governative.

Come Funziona Raven Sentry


Il progetto Raven Sentry è nato da una collaborazione tra ingegneri della Silicon Valley e analisti militari in Afghanistan. All’inizio, la curazione dei dati è stata effettuata manualmente, con riunioni regolari tra il team analitico in Afghanistan e gli stakeholder a Washington e al Comando Centrale degli Stati Uniti. La standardizzazione dei dati è stata un passo cruciale per assicurare l’accuratezza del sistema.

Raven Sentry è stato addestrato utilizzando tre database di attacchi storici non classificati e monitorava 17 fonti di dati geospaziali commerciali, rapporti di intelligence open source (OSINT) e set di dati GIS (sistemi di informazione geografica). Il sistema è stato progettato per rilevare anomalie nelle attività che potrebbero indicare un imminente attacco, come movimenti lungo le rotte storiche di infiltrazione degli insorti o attività della popolazione locale.

Successi del Sistema


Raven Sentry ha raggiunto notevoli successi nel campo della sicurezza predittiva in Afghanistan. Tra i principali successi si possono elencare:

Apprendimento Continuo: Raven Sentry è stato progettato per apprendere e migliorare continuamente dalle esperienze reali. Gli analisti hanno migliorato l’IA identificando input chiave di avvertimento di aggressione insurrezionale e evidenziandoli per il sistema, simile a come un ascoltatore “gradisce” una canzone su una piattaforma musicale, ricevendo suggerimenti di brani simili. Questo processo di miglioramento continuo ha reso il sistema sempre più accurato e reattivo alle minacce emergenti.

Previsione Accurata degli Attacchi: Nel 2020, Raven Sentry ha dimostrato di poter prevedere con una precisione del 70% le finestre temporali in cui specifici centri governativi erano a maggior rischio di attacco. Ad esempio, ha previsto con successo un attacco al centro provinciale di Jalalabad tra il 1º e il 12 luglio, stimando anche il numero di vittime con una certa precisione basata su attacchi storici simili​.

Identificazione delle Zone a Rischio: Il sistema ha identificato regioni a rischio di attacco e ha aiutato gli operatori a focalizzare le risorse di raccolta e le piattaforme di attacco. Questo ha permesso di concentrare gli sforzi di prevenzione e di risposta in aree specifiche, aumentando l’efficacia delle operazioni di sicurezza​.

Avvertimenti Tempestivi: Durante i test, Raven Sentry ha fornito avvertimenti con più di 48 ore di anticipo per oltre 41 eventi di aggressione insurrezionale in cinque province storicamente violente. Questo ha permesso alle forze di sicurezza di prepararsi adeguatamente e di prevenire o mitigare gli effetti degli attacchi​.

Miglioramenti Continui


Raven Sentry è stato progettato per apprendere e migliorare continuamente dalle esperienze reali. Gli analisti hanno migliorato l’IA identificando input chiave di avvertimento di aggressione insurrezionale e evidenziandoli per il sistema, simile a come un ascoltatore “gradisce” una canzone su una piattaforma musicale, ricevendo suggerimenti di brani simili. Questo processo di miglioramento continuo ha reso il sistema sempre più accurato e reattivo alle minacce emergenti​.

Uno degli aspetti più innovativi di Raven Sentry è la sua capacità di “apprendere” dalle situazioni sul campo. Quando il sistema rileva un’anomalia e questa viene verificata come minaccia reale, l’algoritmo si adatta e migliora la sua capacità di rilevare eventi simili in futuro. Questa capacità di apprendimento continuo consente al sistema di diventare sempre più preciso e affidabile con il passare del tempo.

Il Contesto di Sicurezza in Afghanistan

Sicurezza Fisica


L’Afghanistan continua a essere un paese altamente instabile dal punto di vista della sicurezza. Dopo il ritiro delle forze statunitensi e della NATO nell’agosto 2021, i talebani hanno rapidamente preso il controllo del paese. Questo ha creato un vuoto di potere che ha permesso a vari gruppi terroristici di operare con maggiore libertà. Al-Qaida, per esempio, ha visto una ripresa sotto il regime talebano, mantenendo legami storici con i nuovi governanti afghani. Nel frattempo, ISIS-Khorasan (ISIS-K) ha ampliato la sua presenza, sfruttando le tensioni locali e regionali per rafforzare la propria base operativa​.

Cybersicurezza


Oltre alla minaccia fisica, l’Afghanistan deve affrontare sfide significative nel campo della cybersicurezza. Con l’aumento delle tecnologie digitali, le infrastrutture critiche del paese sono diventate bersagli per attacchi cibernetici da parte di attori statali e non statali. I talebani stessi hanno utilizzato piattaforme di social media e altre tecnologie digitali per diffondere la loro propaganda e coordinare operazioni. Questo crea una duplice minaccia: da un lato, l’uso delle tecnologie digitali da parte dei gruppi terroristici, e dall’altro, la vulnerabilità delle infrastrutture critiche afghane agli attacchi cibernetici​.

Cooperazione Internazionale


La comunità internazionale ha un ruolo cruciale nel supportare l’Afghanistan nella gestione delle sue sfide di sicurezza. Gli Stati Uniti e altri paesi occidentali continuano a monitorare la situazione e a fornire assistenza attraverso programmi di formazione e supporto tecnico. La collaborazione con le agenzie di intelligence locali e internazionali è essenziale per prevenire attacchi terroristici e migliorare la sicurezza cibernetica del paese.

Interpretazione dei Possibili Risvolti
Risvolti Positivi


  1. Miglioramento della Sicurezza: Raven Sentry ha il potenziale di aumentare significativamente la sicurezza in Afghanistan, fornendo avvertimenti tempestivi che possono prevenire attacchi terroristici e salvare vite umane.
  2. Ottimizzazione delle Risorse: La capacità di identificare zone a rischio e fornire avvertimenti specifici consente alle forze di sicurezza di allocare le risorse in modo più efficiente, migliorando l’efficacia delle operazioni di prevenzione e risposta.
  3. Apprendimento Continuo: La tecnologia di apprendimento automatico di Raven Sentry permette al sistema di migliorare continuamente, diventando sempre più preciso e reattivo alle minacce emergenti.


Risvolti Negativi


  1. Dipendenza dalla Tecnologia: L’eccessiva dipendenza da sistemi di IA come Raven Sentry potrebbe portare a una riduzione delle capacità di analisi e decision-making umane, con potenziali rischi in caso di malfunzionamenti del sistema.
  2. Questioni Etiche: L’uso di tecnologie avanzate per la sorveglianza e la previsione degli attacchi solleva questioni etiche riguardo alla privacy e ai diritti umani, specialmente se i dati vengono utilizzati in modo improprio.
  3. Vulnerabilità Cibernetiche: L’integrazione di tecnologie digitali avanzate comporta anche il rischio di attacchi cibernetici mirati a compromettere il sistema, mettendo a rischio le informazioni sensibili e la sicurezza nazionale.


Conclusioni


L’esperienza del progetto Raven Sentry dimostra il potenziale delle tecnologie avanzate come l’intelligenza artificiale per migliorare la sicurezza e la prevenzione degli attacchi terroristici. Nonostante le sfide e le interruzioni, le lezioni apprese da questa iniziativa stanno già contribuendo a nuove soluzioni analitiche che potrebbero avere un impatto significativo sulla sicurezza globale. Raven Sentry rappresenta un esempio innovativo di come la tecnologia possa essere utilizzata per affrontare le minacce alla sicurezza in un contesto moderno e complesso.

L'articolo Gli Stati Uniti Sviluppano un’Intelligenza Artificiale per Prevedere gli Attacchi dei Talebani proviene da il blog della sicurezza informatica.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

Gli Hacker della Corea del Nord attaccano NPM con del Malware
poliverso.org/display/0477a01e…
Gli Hacker della Corea del Nord attaccano NPM con del Malware Il 7 luglio di quest’anno un utente del repository per sviluppatori npm con il nickname “nagasiren978” ha pubblicato due pacchetti dannosi: “harthat-hash” e “harthat-api”, che contengono codice che redhotcyber.com/post/la-storia…


Gli Hacker della Corea del Nord attaccano NPM con del Malware

Il 7 luglio di quest’anno un utente del repository per sviluppatori npm con il nickname “nagasiren978” ha pubblicato due pacchetti dannosi: “harthat-hash” e “harthat-api”, che contengono codice che installa ulteriore malware dal server C2 degli aggressori. Gli obiettivi principali di questi attacchi erano i sistemi basati su Windows.

I metodi e l’infrastruttura utilizzati nei pacchetti dannosi corrispondono alle tattiche di un gruppo di hacker legato alla RPDC, che Microsoft rintraccia con il nome MOONSTONE SLEET.

All’interno dell’azienda Datadog, che per prima ha scoperto i pacchetti dannosi sopra menzionati, questo cluster di minacce si chiama “Stressed Pungsan”. Questo nome è associato a una razza di cane allevata nella Corea del Nord.

L’obiettivo degli hacker era penetrare nelle catene di fornitura del software e negli ambienti degli sviluppatori. Dopo aver ottenuto l’accesso necessario, gli aggressori rubano informazioni personali, API e chiavi di accesso ai servizi cloud e si spostano anche attraverso altri sistemi delle vittime.

Per combattere tali minacce, il team di sicurezza di Datadog ha sviluppato un’infrastruttura di scansione dei pacchetti per PyPi e npm utilizzando il software GuardDog. Durante la scansione del 7 luglio gli specialisti hanno scoperto due pacchetti dal comportamento sospetto.

I pacchetti “harthat-hash” versione 1.3.3 e “harthat-api” versione 1.3.1 utilizzavano script preinstallati per eseguire e quindi eliminare i file “.js”. Tali script contenevano collegamenti a domini sospetti e caricavano file DLL dannose lanciate utilizzando “rundll32.exe”.

Entrambi i pacchetti si sono rivelati quasi identici nel contenuto, differendo solo per il valore del parametro id nei collegamenti al server C2. Il codice dannoso ha scaricato il file “Temp.b”, lo ha rinominato “package.db” e lo ha eseguito tramite “rundll32.exe”. Dopo l’esecuzione, lo script è stato eliminato e il file “package.json” è stato sostituito con “pk.json”, rendendo difficile il rilevamento di attività dannose.

Gli aggressori hanno utilizzato il codice del popolare repository “node-config” e hanno aggiunto alcune modifiche dannose. Vale la pena notare che i pacchetti sono stati rimossi da npm molto rapidamente, non dai moderatori, ma dall’autore stesso.

L'articolo Gli Hacker della Corea del Nord attaccano NPM con del Malware proviene da il blog della sicurezza informatica.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

Digital Crime: Il Reato del Revenge Porn Spiegato dal punto di vista della Giurisprudenza
poliverso.org/display/0477a01e…
Digital Crime: Il Reato del Revenge Porn Spiegato dal punto di vista della Giurisprudenza Art. 612-ter c.p. : Salvo che il fatto costituisca più grave reato, chiunque, dopo averli realizzati o sottratti, invia, consegna, cede, pubblica o diffonde immagini o video a contenuto sessualmente esplicito, destinati a rimanere privati,


Digital Crime: Il Reato del Revenge Porn Spiegato dal punto di vista della Giurisprudenza

Art. 612-ter c.p. : Salvo che il fatto costituisca più grave reato, chiunque, dopo averli realizzati o sottratti, invia, consegna, cede, pubblica o diffonde immagini o video a contenuto sessualmente esplicito, destinati a rimanere privati, senza il consenso delle persone rappresentate, è punito con la reclusione da uno a sei anni e con la multa da euro 5.000 a euro 15.000.

La stessa pena si applica a chi, avendo ricevuto o comunque acquisito le immagini o i video di cui al primo comma, li invia,consegna, cede, pubblica o diffonde senza il consenso delle persone rappresentate al fine di recare loro nocumento.

La pena è' aumentata se i fatti sono commessi dal coniuge, anche separato o divorziato, o da persona che è o è stata legata da relazione affettiva alla persona offesa ovvero se i fatti sono commessi attraverso strumenti informatici o telematici.

La pena è aumentata da un terzo alla metà se i fatti sono commessi in danno di persona in condizione di inferiorità fisica o psichica o in danno di una donna in stato di gravidanza.

Il delitto è punito a querela della persona offesa. Il termine per la proposizione della querela è di sei mesi. La remissione della querela può essere soltanto processuale. Si procede tuttavia d'ufficio nei casi di cui al quarto comma, nonché quando il fatto è connesso con altro delitto per il quale si deve procedere d'ufficio.

Il contenuto della norma


Sempre più frequentemente le cronache riportano notizie riguardanti la pubblicazione, non autorizzata, sul web di foto o video, anche molto intimi ed espliciti, a scopo di vendetta.

Fino al 2019, non essendoci norma specifica, condotte di questo tipo venivano qualificate ai sensi dell’art.595, comma 3 ,c.p., ritenendosi integrata la diffamazione aggravata in quanto arrecata con qualsiasi altro mezzo di pubblicità.

Tale fenomeno, conosciuto con l’espressione revenge porn, trova ora riconoscimento giuridico attraverso l’art. 612 –ter, riferito, appunto alla diffusione illecita di immagini o video sessualmente espliciti.

Attraverso il primo comma si punisce, salvo che il fatto costituisca più grave reato, chiunque, dopo averli realizzati o sottratti, invia, consegna, cede, pubblica o diffonde immagini o video a contenuto sessualmente esplicito, destinati a rimanere privati, senza consenso delle persone rappresentate.

Con il secondo comma si prevede la stessa pena per chi, avendo ricevuto o comunque acquisito le immagini e i video di cui al primo comma, li invia, consegna, cede, pubblica o diffonde senza il consenso delle persone rappresentate al fine di recare loro nocumento.

Il terzo comma contempla che la pena sia aumentata se i fatti sono commessi dal coniuge, anche separato o divorziato, o da persona che è o è stata legata da relazione affettiva alla persona offesa ovvero se i fatti sono commessi attraverso strumenti informatici o telematici.

Il comma 4, invece, determina un aumento di pena se i fatti sono commessi in danno di persona in condizione di infermità fisica o psichica o in danno di una donna in stato di gravidanza.

Analogamente al reato di stalking , il termine per la proposizione della querela è di 6 mesi e la remissione di querela può essere soltanto processuale.

Cosa dice la giurisprudenza


Al momento la giurisprudenza ha deciso nel modo che segue.

Si tratta di reato istantaneo che si consuma con il primo invio dei contenuti sessualmente espliciti(Cass., Sez. V, sent. n. 14927/23).

La norma richiede il dolo specifico di recare nocumento (nel caso di specie, rappresentato dalla volontà di minarne la reputazione aggredendone la moralità con offese ed ingiurie dirette anche ai suoi figli ed al marito , informandoli, altresì, della relazione extraconiugale tra lei e l’imputato, Cass., Sez. V, sent. n. 14927/23).

Ai fini della configurabilità del reato di cui all’art. 612-ter cod. pen., la diffusione illecita di contenuti sessualmente espliciti può avere ad oggetto immagini o video che ritraggano atti sessuali ovvero organi genitali ovvero anche altre parti erogene del corpo umano, come i seni o i glutei, nudi o in condizioni e contesto tali da evocare la sessualità(Cass., Sez. V, sent. n. 14927/23).

Il reato di cui all’art. 612-ter non sussiste quando non si tratta di immagini degli attori destinati a rimanere private. Nel caso di specie il Tribunale ha assolto i due imputati che avevano filmato e divulgato l’atto sessuale di una coppia all’interno di un bagno di una discoteca (Tribunale di Reggio Emilia ,Sez.GIP/GUP, sent. n. 528 /21).

L'articolo Digital Crime: Il Reato del Revenge Porn Spiegato dal punto di vista della Giurisprudenza proviene da il blog della sicurezza informatica.


reshared this

The Privacy Post ha ricondiviso questo.

Local Digital Twins: tackling urban digitalisation gaps in Europe [Promoted content]
poliverso.org/display/0477a01e…
Local Digital Twins: tackling urban digitalisation gaps in Europe [Promoted content]Digital technologies are transforming urban governance. European cities leverage Local Digital Twins and Platforms for smart transition, but face strategic, procurement, and implementation challenges. European Commission initiatives can help bridge the digital


Local Digital Twins: tackling urban digitalisation gaps in Europe [Promoted content]


Digital technologies are transforming urban governance. European cities leverage Local Digital Twins and Platforms for smart transition, but face strategic, procurement, and implementation challenges. European Commission initiatives can help bridge the digital divide and promote inclusive and smarter urban environments.


euractiv.com/section/digital/o…


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

UK examines foreign states’ role in sowing discord leading to riots
poliverso.org/display/0477a01e…
UK examines foreign states’ role in sowing discord leading to riotsThe British government said on Monday (5 August) officials were examining the role foreign states had played in amplifying disinformation online which had helped fuel violent protests, while warning social media firms they had to do more to stop it.euractiv.com/section/disinform…


UK examines foreign states’ role in sowing discord leading to riots


The British government said on Monday (5 August) officials were examining the role foreign states had played in amplifying disinformation online which had helped fuel violent protests, while warning social media firms they had to do more to stop it.


euractiv.com/section/disinform…


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

The 555 As A MOSFET Driver
poliverso.org/display/0477a01e…
The 555 As A MOSFET Driver To drive a MOSFET requires more than merely a logic level output, there’s a requirement to charge the device’s gate which necessitates a suitable buffer amplifier. A variety of different approaches can be taken, from a bunch of logic buffers in parallel to a specialised MOSFET driver, but [Mr. T’s Design Graveyard] is here with a surprising alternative. As it turns out,


The 555 As A MOSFET Driver

To drive a MOSFET requires more than merely a logic level output, there’s a requirement to charge the device’s gate which necessitates a suitable buffer amplifier. A variety of different approaches can be taken, from a bunch of logic buffers in parallel to a specialised MOSFET driver, but [Mr. T’s Design Graveyard] is here with a surprising alternative. As it turns out, the ever-useful 555 timer chip does the job admirably.

It’s a simple enough circuit, the threshold pin is pulled high so the output goes high, and the PWM drive from an Arduino is hooked up to the reset pin. A bipolar 555 can dump a surprising amount of current, so it’s perfectly happy with a MOSFET. We’re warned that the CMOS variants don’t have this current feature, and he admits that the 555 takes a bit of current itself, but if you have the need and a 555 is in your parts bin, why not!

This will of course come as little surprise to anyone who played with robots back in the day, as a 555 or particularly the 556 dual version made a pretty good and very cheap driver for small motors. If you’ve ever wondered how these classic hips work, we recently featured an in-depth look.

youtube.com/embed/FKqkRDM0Al0?…


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

Cisco Ball is the Tumbleweed Opposite of a Disco Ball
poliverso.org/display/0477a01e…
Cisco Ball is the Tumbleweed Opposite of a Disco Ball Inspiration can strike a maker at any moment. For [Laura Kampf], it happened in the desert when she saw a tumbleweed youtube.com/watch?v=X4Amtx0RBw… roll through the western United States, hitting cars on the interstate and providing some background motion for westerns. [Kampf] found the plant’s


Cisco Ball is the Tumbleweed Opposite of a Disco Ball

A rough cut piece of wood sits on a workbench. A light and a tumbleweed are mounted on top so that the light shines through the tumbleweed. A woman in a ball cap and white tank top is crouched in the background smiling.

Inspiration can strike a maker at any moment. For [Laura Kampf], it happened in the desert when she saw a tumbleweed.

Tumbleweeds roll through the western United States, hitting cars on the interstate and providing some background motion for westerns. [Kampf] found the plant’s intricate, prickly structure mesmerizing, and decided to turn it into a piece of contemplative kinetic art.

[Kampf] attached the tumbleweed to a piece of wood using epoxy and mounted it to what appears to be a worm drive motor nestled inside an interestingly-shaped piece of wood. As the tumbleweed turns, a light shines through it to project a changing shadow on the wall to “create silence, it creates calmness, it takes away from the noise that surrounds it.” While [Kampf] has some work to do to get the sculpture to its finished state, we can get behind her mantra, “The most important thing about the phase of execution is to get started.”

Are you looking for some projects of your own to help you find calm? How about some ambient lighting, a sand drawing table, or a music player that keeps things simple?

youtube.com/embed/X4Amtx0RBwk?…


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

A Two-Stroke Engine Made From Scratch Using Basic Hardware Store Parts
poliverso.org/display/0477a01e…
A Two-Stroke Engine Made From Scratch Using Basic Hardware Store Parts hackaday.com/wp-content/upload… working DIY two-stroke in all of its glory, with the flywheel removed. (Credit: Camden Bowen)How hard could it to be to build a two-stroke internal combustion engine (ICE) from scratch? This is a


A Two-Stroke Engine Made From Scratch Using Basic Hardware Store Parts


A working DIY two-stroke in all of its glory, with the flywheel removed. (Credit: Camden Bowen)A working DIY two-stroke in all of its glory, with the flywheel removed. (Credit: Camden Bowen)
How hard could it to be to build a two-stroke internal combustion engine (ICE) from scratch? This is a challenge that [Camden Bowen] gladly set for himself, while foregoing such obvious wastes of time like first doing an in-depth literature study on the topic. That said, he did do some research and made the design in OnShape CAD before making his way over to the hardware store to make some purchases.

As it turns out, you can indeed build a two-stroke engine from scratch, using little more than some metal piping and other parts from the hardware store. You also need a welder and a lathe, with [Camden] using a Vevor mini-lathe that totally puts the ‘precision’ in ‘chatter’. As building an ICE requires a number of relatively basic parts that have to move with very little friction and with tight tolerances, this posed some challenges, but nothing that some DIY spirit can’t fix.

In the case of the very flexible boring bar on the lathe, improvising with some sturdy metal stock welded to a short boring bar resolved that, and precision was achieved. Together with an angle grinder, [Camden] was then able to manufacture the crank case, the cylinder and crank shaft and all the other pieces that make up an ICE. For the carburetor he used a unit off Amazon, which turned out to have the wrong throat size at 19 mm, but a 13 mm version worked. Ultimately, the first ICE constructed this way got destroyed mostly by running it dry and having the starter fluid acting as a solvent, but a full rebuild fixed all the issues.

This second attempt actually ran just fine the first time around, with oil in the crank case so that the poor engine wasn’t running dry any more. With a 40:1 fuel/oil mixture the little engine idles and runs as well as a two-stroke can, belching blue smoke and making a ruckus. This answers the question of whether you can build a two-stroke ICE with basic machining skills and tools, but of course the question that’s now on everyone’s lips is whether a four-stroke one would be nearly as ‘easy’. We wait with bated breath.

youtube.com/embed/Us4e-nhESzc?…


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

Asteroids: Kessler Syndrome Edition
poliverso.org/display/0477a01e…
Asteroids: Kessler Syndrome Edition Asteroids, the late-70s arcade hit, was an immensely popular game. Often those with the simplest premise, while maintaining a fun, lighthearted gameplay have the most cultural impact and longest legacy. But, although it was popular, it doesn’t really meet the high bar of scientific fidelity that some gamers are looking for. That’s why [Attoparsec] built the


Asteroids: Kessler Syndrome Edition

Asteroids, the late-70s arcade hit, was an immensely popular game. Often those with the simplest premise, while maintaining a fun, lighthearted gameplay have the most cultural impact and longest legacy. But, although it was popular, it doesn’t really meet the high bar of scientific fidelity that some gamers are looking for. That’s why [Attoparsec] built the Kessler Syndrome Edition of this classic arcade game.

The Kessler Syndrome is a condition where so much man-made debris piles up in low-Earth orbit that nothing can occupy this orbit without getting damaged or destroyed by the debris, and thus turning into more debris itself in a terrible positive feedback loop. [Attoparsec] brings this idea to Asteroids by reprogramming the game so that asteroids can be shot into smaller and smaller pieces but which never disappear, quickly turning the game into a runaway Kessler Syndrome where the chance of survival is extremely limited, and even a destroyed player’s ship turns into space junk as well.

To further the scientific accuracy and improve playability, though, he’s added a repulsor beam mechanism which can push the debris a bit and prolong the player’s life, and also added mass effect reactions so that even shooting bullets repels the player’s ship a bit. The build doesn’t stop with software, either. He also built a custom 70s-style arcade cabinet from the ground to host the game.

Asteroids is still a popular platform for unique builds like this. Take a look at a light-vector game using lasers to create the graphics, or this tiny version of the game that uses a real CRT.

Thanks to [smellsofbikes] for the tip!

youtube.com/embed/O4l3y0N1yeY?…


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

X slammed with data privacy complaint over AI training
poliverso.org/display/0477a01e…
X slammed with data privacy complaint over AI trainingConsumer organisations allege X's artificial intelligence (AI) tool is in violation of the General Data Protection Regulation (GDPR) in a complaint filed with the Irish Data Protection Commission (DPC) on Monday (5 August).euractiv.com/section/data-priv…


X slammed with data privacy complaint over AI training


Consumer organisations allege X's artificial intelligence (AI) tool is in violation of the General Data Protection Regulation (GDPR) in a complaint filed with the Irish Data Protection Commission (DPC) on Monday (5 August).


euractiv.com/section/data-priv…


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

Embedded Python: MicroPython Toolkits
poliverso.org/display/0477a01e…
Embedded Python: MicroPython Toolkits Last time, I talked about how MicroPython is powerful hackaday.com/2024/07/11/embedd… and deserving of a place in your toolkit, and it made for a lively discussion. I’m glad to see that overall, MicroPython has indeed been getting the recognition it deserves – I’ve built a large number of wonderful projects with it,


Embedded Python: MicroPython Toolkits

Last time, I talked about how MicroPython is powerful and deserving of a place in your toolkit, and it made for a lively discussion. I’m glad to see that overall, MicroPython has indeed been getting the recognition it deserves – I’ve built a large number of wonderful projects with it, and so have people I’ve shown it to!

Sometimes I see newcomers dissatisfied with MicroPython, because the helper tools they initially pick don’t suit it well. For instance, they try and start out with a regular serial terminal application that doesn’t fit the MicroPython constraints, or a general IDE that requires a fair bit of clicking around every time you need to run your code. In particular, I’d make sure that you know your options no matter whether you prefer GUI or commandline – both have seriously nice tools for MicroPython use!

The main problem to be solved with MicroPython is that you have a single serial port that everything happens through – both file upload and also debugging. For ESP8266/32-based boards, it’s a physical serial port, and for chips like RP2040 and ESP32-S* where a hardware USB peripheral is available, it’s a virtual one – which makes things harder because the virtual port might get re-enumerated every now and then, possibly surprising your terminal application. If you want to upload a program of yours, you need to free up the serial port, and to see the program’s output, you will need to reopen that port immediately after – not a convenient thing to do if you’re using something like PuTTy.

So, using MicroPython-friendly software is a must for a comfortable hacking experience. What are your options?

Power Of Thonny And Friends


Whether you’re primarily a GUI user, or you’re teaching someone that is, Thonny is undoubtedly number one in MicroPython world – it’s an IDE developed with Python in mind, and it has seriously impressive MicroPython integrations. Your board’s terminal is being managed as if effortlessly in the background – just open your files in different tabs as you normally do, and press the Run button sometimes.

Expecting more? There is more – basically anything MicroPython adjacent you’d do from commandline, is present in Thonny in a comfortable way. For instance, are you working with an ESP32 board that doesn’t yet have a MicroPython image in its flash? Lucky you, there’s an esptool integration that lets you flash an image into your MCU through a dialog box. Want debugging? There’s single-step debugging that works in an intuitive user-friendly way – you’d find this pretty hard to happen from console apart from specially engineered print statements, but Thonny delivers.

youtube.com/embed/EMAye6AlHFc?…

Not looking to pick a new IDE? There are VSCode extensions. Arduino IDE more your jam? Yeah, well, remember how Arduino has a MicroPython IDE now? It’s decently usable, so if you got used to the Arduino keybindings, you might like it. More of a commandline user? You’ve got a good few options, then, and they are similarly powerful.

Mpremote And Ampy


Rather use the terminal? Maybe IDEs are too clunky for you and the terminal window’s cleanliness provides for a distraction-free environment you can only dream about, maybe it’s just the thing you’ve used your entire life, or maybe you’re even debugging a MicroPython device over an SSH connection? mpremote is the tool to save you.

mpremote is part of the MicroPython project, it’s developed alongside the project, and it’s got plenty of killer features to show for it. It includes an “inline” terminal emulator that lets you access REPL effortlessly to see your code’s results and interact with the variables afterwards, correctly managing things like Ctrl+C so you can interrupt your code if needed and still poke at its variables in the REPL. You can also explore the MicroPython filesystem Linux-style with ease, and, most importantly, you can mount your current directory up to it with mpremote mount, and mpremote will send files to your board as the on-MCU interpreter requests them.

Overall, mpremote offers a seriously comfortable environment for iterating on MicroPython code lightning quick. Without it, you would need to reopen the serial port each time you need to upload a new file – here, you can just chain a bunch of commands together and mpremote will dutifully do the serial port juggling needed to get you there.

In addition to that, you can see that mpremote is designed to help you with awkward-to-do things you didn’t know you needed to do. Need to sync your board’s RTC time with your computer’s time? That’s a mpremote rtc command away. Want to access the MicroPython package manager? That’s mpremote mip. Your board needs to switch into bootloader mode? No need to fiddle with buttons, just use mpremote bootloader. In short, mpremote is a MicroPython powerhouse for everyone who’s most comfortable in a terminal window.

youtube.com/embed/sc6ND-1QZH0?…

There is an alternative here, too: ampy, a personal choice of mine, which I use combined with screen. Ampy is a tool initially designed by Adafruit, and it’s more barebones – I like it because I have control of what’s happening when I issue a command to a software, keeping my MicroPython devices in a known state at all times. On the other hand, it does require jugging the serial port on your own, so when I need to update my code, I exit screen, run the ampy command, then re-enter screen again. I regularly work with large MicroPython files that also import static library files that don’t change for months, however, so having control of the upload process seems to save me a fair bit of time.

There are caveats, of course – the major one is, when using screen in serial terminal mode, you need to press `Ctrl+A k y` (kill window) instead of `Ctrl+A d` to detach the screen session. If you do the detach instead, as you might be used to with screen, the serial port will remain open until you unplug the device or kill the screen process, and ampy will fail mysteriously.

Summary


I hope this toolkit overview helps you make sure you’re using exactly the kind of MicroPython environment that works for you – while compiling it, I’ve learned some nuances myself! Next time, we shall talk about CircuitPython – a MicroPython fork that has grown into a contender in the educational Python space, and how it is different from MicroPython in a number of crucial ways you deserve to know about.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

Serve Your Next Website with QuickBasic
poliverso.org/display/0477a01e…
Serve Your Next Website with QuickBasic You can only imagine that when they made Star Trek back in the 1960s, they would have laughed if anyone suggested they’d still be making the show nearly six decades later. If you told [John Kemeny] at Dartmouth back in 1964 that people would be serving websites in Basic in the year 2024, he’d probably be amazed after you explained what a website was.


Serve Your Next Website with QuickBasic

You can only imagine that when they made Star Trek back in the 1960s, they would have laughed if anyone suggested they’d still be making the show nearly six decades later. If you told [John Kemeny] at Dartmouth back in 1964 that people would be serving websites in Basic in the year 2024, he’d probably be amazed after you explained what a website was. But that’s what [Jamonholmgren] is doing.

[Jamon] wrote his first Basic program when he was 12, which was a common thing to do. Recently, he decided to build and deploy a website using Basic, and so this project, qub (pronounced like cube), was born. The web server is modified from an existing source but adds features and many new features are planned.

The main program essentially creates a starter set of HTML and related files for the server. Honestly, we don’t recommend a server in Basic, but it is fun to see Basic — granted a modern version of QuickBasic — being up to the task.

It would probably be smarter to dedicate an old phone to the task. Or you could stand up an old DOS computer, but that’s probably not any better.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

KozSec rivendica un attacco informatico a Vodafone Ukraine: Un’Analisi Tecnica
poliverso.org/display/0477a01e…
KozSec rivendica un attacco informatico a Vodafone Ukraine: Un’Analisi Tecnica Vodafone Ukraine è stata recentemente vittima di un attacco cibernetico di grande portata, rivendicato da un gruppo noto come #KozSec. Questo articolo tecnico fornisce un’analisi dettagliata dell’incidente, delle tecniche utilizzate dagli aggressori e delle implicazioni


KozSec rivendica un attacco informatico a Vodafone Ukraine: Un’Analisi Tecnica

Vodafone Ukraine è stata recentemente vittima di un attacco cibernetico di grande portata, rivendicato da un gruppo noto come #KozSec. Questo articolo tecnico fornisce un’analisi dettagliata dell’incidente, delle tecniche utilizzate dagli aggressori e delle implicazioni geopolitiche ed economiche dell’attacco.

Dettagli dell’Attacco


L’attacco ha colpito Vodafone Ukraine, causando disservizi significativi. In particolare, sono stati compromessi 65.536 indirizzi IP e diversi domini sono risultati non funzionanti. Questi dati sono stati raccolti e riportati dagli specialisti, sebbene si tratti di valori approssimativi. Il gruppo responsabile ha dichiarato che l’operazione è stata un’azione dimostrativa della loro capacità di partecipare attivamente a un conflitto cibernetico. L’attacco ha mostrato una chiara competenza tecnica, coinvolgendo probabilmente un mix di tecniche avanzate di Distributed Denial of Service (DDoS) e possibili exploit di vulnerabilità nei sistemi di Vodafone Ukraine. L’azione è durata un’ora, ma il gruppo ha avvertito che il loro obiettivo finale è la totale distruzione delle infrastrutture colpite. L’attacco è stato pianificato per durare un’ora, ma il gruppo ha avvertito che future operazioni potrebbero essere più estese e devastanti. Questo primo attacco potrebbe quindi essere stato un test o una dimostrazione delle loro capacità tecniche e della loro determinazione. L’attacco ha causato disservizi significativi, interrompendo i servizi di comunicazione per numerosi utenti. La vasta compromissione degli indirizzi IP e dei domini ha avuto ripercussioni su vari settori economici, evidenziando la vulnerabilità delle infrastrutture critiche.

Contesto Geopolitico


Il gruppo #KozSec ha dichiarato di operare a favore della Russia, in un contesto di tensioni geopolitiche elevate. Questo attacco si inserisce in un quadro più ampio di cyber conflitti che vedono coinvolte diverse nazioni e organizzazioni in azioni di hacking offensive.

Il gruppo ha descritto l’attacco come un gesto simbolico di opposizione all’oppressione e di sostegno alla trasparenza e responsabilità globali. Questo messaggio suggerisce che gli attacchi futuri potrebbero essere diretti non solo a infrastrutture critiche, ma anche a entità percepite come oppressive o non trasparenti.

Conseguenze Tecniche ed Economiche


L’attacco ha causato significativi disservizi per gli utenti di Vodafone Ukraine, potenzialmente interrompendo servizi essenziali di comunicazione. La compromissione di 65.536 indirizzi IP e di diversi domini indica un attacco su larga scala, con possibili ripercussioni su molteplici settori economici.

Vodafone Ukraine dovrà intraprendere immediate azioni di recupero per ripristinare i servizi interrotti e rafforzare la sicurezza delle proprie infrastrutture. Saranno necessari interventi di aggiornamento dei sistemi di difesa cibernetica e un’analisi approfondita delle vulnerabilità sfruttate durante l’attacco.

Conclusioni


L’attacco a Vodafone Ukraine rappresenta un chiaro esempio delle attuali minacce cibernetiche legate a tensioni geopolitiche. Il gruppo #KozSec ha dimostrato capacità tecniche avanzate e una determinazione ideologica che potrebbero portare a ulteriori attacchi in futuro. È essenziale che le organizzazioni potenzialmente a rischio adottino misure preventive e rafforzino le loro difese per proteggere le infrastrutture critiche e i servizi essenziali.

Raccomandazioni


  1. Monitoraggio Continuo: Implementare sistemi di monitoraggio in tempo reale per rilevare e rispondere rapidamente a possibili attacchi.
  2. Aggiornamento della Sicurezza: Eseguire regolarmente aggiornamenti di sicurezza per mitigare le vulnerabilità conosciute.
  3. Piani di Risposta agli Incidenti: Sviluppare e testare piani di risposta agli incidenti per garantire una reazione rapida ed efficace in caso di attacco.
  4. Formazione del Personale: Formare il personale per riconoscere le minacce cibernetiche e rispondere adeguatamente.

L’importanza di un approccio proattivo alla sicurezza cibernetica non può essere sottovalutata, specialmente in un contesto di crescenti tensioni geopolitiche e di sofisticate capacità di attacco.

L'articolo KozSec rivendica un attacco informatico a Vodafone Ukraine: Un’Analisi Tecnica proviene da il blog della sicurezza informatica.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

Fuga di Dati FBI: Pubblicato il Database degli Agenti su Breached Forum
poliverso.org/display/0477a01e…
Fuga di Dati FBI: Pubblicato il Database degli Agenti su Breached Forum Una presunta fuga di dati senza precedenti ha travolto l’FBI: un massiccio data breach che ha esposto online i dati personali di oltre 22.000 agenti, mettendo a rischio la sicurezza nazionale.Un utente di Breached Forum ha pubblicato un database contenente nomi, ruoli e altre informazioni


Fuga di Dati FBI: Pubblicato il Database degli Agenti su Breached Forum

Una presunta fuga di dati senza precedenti ha travolto l’FBI: un massiccio data breach che ha esposto online i dati personali di oltre 22.000 agenti, mettendo a rischio la sicurezza nazionale.

Un utente di Breached Forum ha pubblicato un database contenente nomi, ruoli e altre informazioni sensibili degli agenti, scatenando l’allarme nella comunità dell’intelligence.

Al momento, non possiamo confermare la veridicità della notizia, poiché l’organizzazione non ha ancora rilasciato alcun comunicato stampa ufficiale sul proprio sito web riguardo l’incidente. Pertanto, questo articolo deve essere considerato come ‘fonte di intelligence’.

Dettagli del Data Breach


Il post, pubblicato dall’utente “rpk” il 3 agosto 2024 alle 03:23 AM, presenta un file contenente i dettagli di numerosi agenti dell’FBI. Il file, di 1.9MB, include presumibilmente nomi, ruoli e altre informazioni personali degli agenti.

Secondo il post, il database è descritto come un file di testo (.txt) con un totale di 22.175 righe. Il post include anche alcune informazioni generali sull’FBI, enfatizzando il ruolo dell’agenzia come principale braccio investigativo del Dipartimento di Giustizia degli Stati Uniti e membro a pieno titolo della comunità dell’intelligence statunitense.

Un aspetto rilevante di questa pubblicazione è la totale assenza di esempi di dati (sample) che dimostrino la veridicità delle informazioni contenute nel database. Inoltre, non è stato previsto alcun meccanismo di escrow, un intermediario fidato che possa garantire l’autenticità e la sicurezza della transazione dei dati. Queste assenze sollevano dubbi sulla credibilità del database e sull’intenzione dell’utente “rpk”.

Conclusione


La divulgazione di informazioni personali degli agenti dell’FBI rappresenta un rischio significativo. Gli agenti potrebbero diventare bersagli di attacchi fisici o digitali, e le loro famiglie potrebbero essere minacciate. Inoltre, la fuga di dati potrebbe compromettere operazioni investigative in corso.

Non è chiaro come l’FBI abbia risposto al data breach, è probabile che l’agenzia stia conducendo un’indagine interna per determinare come si sia verificata la fuga di dati e per prevenire ulteriori incidenti.

Questa fuga di dati sottolinea l’importanza critica della cyber security e della protezione delle informazioni sensibili. Mentre l’FBI lavora per mitigare i danni e prevenire future violazioni, questo incidente serve come promemoria della necessità di rafforzare continuamente le misure di sicurezza a tutti i livelli delle agenzie governative.

L'articolo Fuga di Dati FBI: Pubblicato il Database degli Agenti su Breached Forum proviene da il blog della sicurezza informatica.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

Radio Apocalypse: HFGCS, The Backup Plan for Doomsday
poliverso.org/display/0477a01e…
Radio Apocalypse: HFGCS, The Backup Plan for Doomsday To the extent that you have an opinion on something like high-frequency (HF) radio, you probably associate it with amateur radio operators, hunched over their gear late at night as they try to make contact with a random stranger across the globe to talk about the fact that they’re both doing the same thing at the same time.


Radio Apocalypse: HFGCS, The Backup Plan for Doomsday

To the extent that you have an opinion on something like high-frequency (HF) radio, you probably associate it with amateur radio operators, hunched over their gear late at night as they try to make contact with a random stranger across the globe to talk about the fact that they’re both doing the same thing at the same time. In a world where you can reach out to almost anyone else in an instant using flashy apps on the Internet, HF radio’s reputation as somewhat old and fuddy is well-earned.

Like the general population, modern militaries have largely switched to digital networks and satellite links, using them to coordinate and command their strategic forces on a global level. But while military nets are designed to be resilient to attack, there’s only so much damage they can absorb before becoming degraded to the point of uselessness. A backup plan makes good military sense, and the properties of radio waves between 3 MHz and 30 MHz, especially the ability to bounce off the ionosphere, make HF radio a perfect fit.

The United States Strategic Forces Command, essentially the people who “push the button” that starts a Very Bad Day™, built their backup plan around the unique properties of HF radio. Its current incarnation is called the High-Frequency Global Communications System, or HFGCS. As the hams like to say, “When all else fails, there’s radio,” and HFGCS takes advantage of that to make sure the end of the world can be conducted in an orderly fashion.

Bombs Away LeMay


The US Air Force has a long history radio, dating back to when airplanes were little more than wood and canvas contraptions. Radio, especially HF radio, played a huge role in prosecuting World War II, changing the face of warfare forever. As the Cold War years set in and strategic forces became increasingly important, HF radio systems continued to play a role. One of the biggest boosters of HF radio for coordinating strategic air forces was none other than General Curtis LeMay, who as an enthusiastic amateur radio operator well knew the power of HF radio to communicate long distances, particularly using single-sideband (SSB) modulation.

Despite this history, HFGCS itself is relatively new. It only came onto the scene in 1992, when post-Cold War military restructuring combined two earlier Air Force HF networks into the Global High-Frequency System. GHFS would undergo equipment upgrades in 2002 and get an extra letter in its rearranged acronym, becoming HFGCS. While HFGCS may have started out as the Air Force’s baby, its design is open and flexible enough that it can be used by Air Force, Army, and Navy assets anywhere in the world around the clock.

The primary fixed infrastructure of HFGCS is a network of thirteen ground stations scattered across the United States and its territories as well as allied countries around the world. The HFGCS ground stations are linked together through a combination of landlines and satellite stations to act as a unified network. Almost all of the stations on the network are “lights out” stations that are controlled remotely. The primary control point for the entire system is located at Andrews Air Force Base outside of Washington, DC, with a backup location deep in the interior of the continent at Offutt AFB in Omaha, Nebraska. Each of these two stations is manned around the clock and can control the entire network.

It’s obviously difficult to get a lot of technical detail on what sort of gear is being used at each HFGCS station, but there’s one aspect of the system that’s hard to keep from public scrutiny: the antennas. The Offutt AFB transmitter station provides a pretty good look at things, sitting as it does in the middle of a cornfield off a public road in Elkhorn, Nebraska. There sprouts a sprawling farm of directional and omnidirectional antennas, including a collection of massive AS-3482/GRC log periodic arrays. These giants have twin towers that support a rotating platform with three support booms for the radiation array. A balun at the base matches the antenna to the feedline, which is a 50-ohm hardline coax measuring a whopping 3-1/8″ (80 mm) diameter. HFGCS stations also have receive capability, of course, but given the 25,000-watt power rating on these antennas, the receivers are generally not located with the transmitters. In the case of the Offutt AFB station, the receivers are located 28 miles (45 km) away outside of Scribner, Nebraska.
Interesting crop. One of the many AS-3482/GRC log-periodic antennas at the HFGCS transmit antenna farm outside Offut AFB in Nebraska. Source: Google

Fine Business, Old Minuteman


The ability of HF radio to make contacts across the globe with no fixed infrastructure between contact points is what makes it perfect for backup communications with strategic forces. That’s not to say that it’s foolproof, of course; there certainly are ways to interfere with the ionospheric skip that it depends on, which probably plays a large part in why HFGCS is only a backup, but things have to have gone badly wrong for that to be the case.
Built to last. Blast cover for HFGCS transmit antenna silo at a Minuteman LCC. The white cone in the background is a hardened radome for the UHF satellite link. Source: Library of Congress.
Ironically, one of the ways for things to go wrong enough to bump HFGCS up from backup status is an all-out nuclear exchange, which would no doubt involve the 450-odd Minuteman III ICBMs that comprise one of the legs of the United States’ nuclear triad. The Minuteman missiles are kept at the ready in 45 missile alert facilities (MAFs) scattered across the American prairie. Each MAF is comprised of ten launch facilities, each storing one LGM-30 missile in an underground silo, and a separate launch control center, or LCC. The LCC is the underground bunker crewed by two Air Force officers who bear the responsibility of turning the keys that launch their flight of missiles, should it be so ordered.

But to perform that final official act of their careers, those officers have to get the coded order from US Strategic Command, typically over one of the primary secure networks. Should those links fail, though, each LCC is equipped with an HFGCS link. The fact that each LCC is no doubt slated to receive a nasty package on the appointed day means that standard HF antennas, which tend to be quite large, are far too exposed to survive and perform their backup duties. So the LCCs sport hidden HFGCS antennas that can be deployed on command.

On the transmit side, each squadron LCC has a 50′ (15 meter) deep reinforced concrete silo topped by an extremely sturdy blast door that’s flush to the ground, for maximum resistance to nearby blast waves. Upon command, the door opens to allow a telescopic HF antenna to extend up to 120′ (36 meters) above the ground. The reality, though, is that the need to transmit on HFGCS is far less important than being able to receive. That’s why the receiving antenna arrangement is a bit more complicated.
The Bravo-01 LCC for the 319th Missile Squadron. It’s not entirely clear if Minuteman LCCs still have the deployable antennas activated, but the silo for the receive antenna is clearly visible in the northeast corner below the freestanding red-on-white tower. The telescoping transmit antenna silo is the ominous bullseye in the southwest section of the facility. Source: Google Maps
To make sure the LCC is always ready to receive and act on an Emergency Alert Message (EAM), each facility has a hardened HFGCS receive antenna array. Like the transmitting antenna, these are housed in underground silos. Each silo has six monopole steel antennas, one of which is always deployed. The five others are kept in reserve; should the main antenna get knocked down, an explosive charge at the bottom of the antenna’s tube detonates, extending a fresh antenna above the ground.

Mainsail, Mainsail


Given the highly sensitive nature of the traffic on a radio network charged in part with ending the world, you’d think that messages would be digitally encrypted and completely useless to try snooping in on. And while it’s true that there are encrypted digital modes that use HFGCS, a surprising amount of traffic is just plain old voice messages transmitted in the open. While it remains true that nothing punches through like good old Morse code on continuous wave (CW), SSB voice is far more efficient. The video below shows British ham M0SZT monitoring HFGCS from an adorable shepherd’s camp somewhere in the Peak’s District, not far from the RAF Croughton HFGCS site:

youtube.com/embed/ytqLbWRBQy4?…

That’s not to say that you’d be able to understand the messages, the bulk of which is a block of 30 numbers and letters, with the former stated as the standard NATO phonetic alphabet. Unless you have the decryption code, the message will read as gibberish. In fact, you can’t even derive any useful information from the length of the message, since it’s always 30 characters long. About the only metadata you could potentially glean would be the station code names embedded in the message, but since those are randomly changed every day, there’s not much point.

Still, there’s plenty to be gained from monitoring HFGCS, especially in times of geopolitical tumult. If the balloon goes up, so to speak, then traffic on HFGCS will undoubtedly increase markedly, as it will on its Russian counterpart, colloquially known as Bear Net to the US military. It’ll make for interesting listening — at least for a few minutes.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

X slammed with data privacy complaint over AI training
euractiv.com/section/data-priv…
@privacy
Consumer organisations allege X's artificial intelligence (AI) tool is in violation of the General Data Protection Regulation (GDPR) in a complaint filed with the Irish Data Protection Commission (DPC) on Monday (5 August).

The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

TikTok Lite to permanently suspend Rewards Program in EU, closing Commission investigation over addictive effects
poliverso.org/display/0477a01e…
TikTok Lite to permanently suspend Rewards Program in EU, closing Commission investigation over addictive effectsTikTok can no longer launch rewards programmes for its EU users, following binding measures that the European Commission announced on Monday (5 August).euractiv.com/section/platforms…


TikTok Lite to permanently suspend Rewards Program in EU, closing Commission investigation over addictive effects


TikTok can no longer launch rewards programmes for its EU users, following binding measures that the European Commission announced on Monday (5 August).


euractiv.com/section/platforms…


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

New note by cybersecurity
poliverso.org/display/0477a01e…
Come prosegue il braccio di ferro tra Delta Air e CrowdStrike startmag.it/cybersecurity/come… (Italy e non Italy 😁)La società di cybersicurezza il cui software ha causato un’interruzione globale dei computer il 19 luglio che ha paralizzato settori tra cui le compagnie aeree sostiene che Delta ha rifiutato l'assistenza


Come prosegue il braccio di ferro tra Delta Air e CrowdStrike


@Informatica (Italy e non Italy 😁)
La società di cybersicurezza il cui software ha causato un’interruzione globale dei computer il 19 luglio che ha paralizzato settori tra cui le compagnie aeree sostiene che Delta ha rifiutato l'assistenza in loco e che la causa legale proposta dal vettore contribuisce a una


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

"An elegant if not joyful solution to helping children and their parents understand the fundamental concepts of the freedom of expression, creation, collaboration and individual contribution FOSS represents."
-Deborah Bryant, Board Director Emeritus @OpenSourceOrg

#AdaZangemann

The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

Proof that find + mkdir are Turing-Complete
poliverso.org/display/0477a01e…
Proof that find + mkdir are Turing-Complete Data manipulation is at the heart of computation, and a system is said to be Turing-complete if it can be configured to manipulate data in a way that makes implementing arbitrary computation possible. [Keigo Oka] shared a proof ogiekako.vercel.app/blog/find_… that find and mkdir together are Turing-complete, which is to say, a


Proof that find + mkdir are Turing-Complete

Data manipulation is at the heart of computation, and a system is said to be Turing-complete if it can be configured to manipulate data in a way that makes implementing arbitrary computation possible. [Keigo Oka] shared a proof that find and mkdir together are Turing-complete, which is to say, a system with only GNU’s find and mkdir has access to enough functionality to satisfy the requirements of Turing completeness, which ignores questions of efficiency or speed.

[Keigo Oka]’s first attempt at a proof worked to implement Rule 110, an elementary cellular automata configuration that has been shown to be Turing-complete, or ‘universal’, but has been updated to implement a tag system as it’s proof, and you can see it in action for yourself.

Seeing basic utilities leveraged in such a way illustrates how computation is all around us, and not always in expected places. We’ve also seen Turing-complete origami and computation in cellular automata.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

New note by cybersecurity
poliverso.org/display/0477a01e…
Cyber caos, CrowdStrike contro le accuse di Delta Airlines: “L’azienda ha rifiutato il nostro aiuto” key4biz.it/cyber-caos-crowdstr… (Italy e non Italy 😁)Continuano le polemiche dopo il cyber caos informatico dello scorso 19 luglio che ha provato un blackout informatico in tutto il mondo. Ier


Cyber caos, CrowdStrike contro le accuse di Delta Airlines: “L’azienda ha rifiutato il nostro aiuto”


@Informatica (Italy e non Italy 😁)
Continuano le polemiche dopo il cyber caos informatico dello scorso 19 luglio che ha provato un blackout informatico in tutto il mondo. Ieri, in una risposta a Delta Airlines, CrowdStrike ha affermato che la società di


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

LianSpy: new Android spyware targeting Russian users
poliverso.org/display/0477a01e…
LianSpy: new Android spyware targeting Russian users In March 2024, we discovered a campaign targeting individuals in Russia with previously unseen Android spyware we dubbed LianSpy. Our analysis indicates that the malware has been active since July 2021. This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious


LianSpy: new Android spyware targeting Russian users

In March 2024, we discovered a campaign targeting individuals in Russia with previously unseen Android spyware we dubbed LianSpy. Our analysis indicates that the malware has been active since July 2021. This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications. They also avoid having dedicated infrastructure, and employ a lot of other features to keep the spyware undiscovered. Some of these features suggest that LianSpy is most likely deployed through either an unknown vulnerability or direct physical access to the target phone.

Technical details


Initially, LianSpy determines if it is running as a system app, which automatically receives the permissions it needs. Otherwise, it requests permissions for screen overlay, notifications, background activity, contacts, call logs, etc. Once authorized, the spyware verifies it’s not running in a debugging environment. If the environment is free from debugger artifacts, LianSpy sets up its configuration with predefined values and stores this data as a collection of key-value pairs locally using SharedPreferences, an app data storage mechanism generally used for storing application settings. This configuration persists across device reboots and uses integer keys linked to specific spyware settings in SharedPreferences. A detailed list of configuration parameters, including descriptions and default values, is provided below.

ID (key)DescriptionDefault value
100Is first launchfalse
110Allow to run if connected to Wi-Fitrue
111Allow to run if connected to mobile networktrue
113Threat actor’s Yandex IDREDACTED
115Threat actor’s Yandex Disk OAuth tokenREDACTED
121Collect list of installed applications on target devicetrue
123Collect call logstrue
124Collect contact listtrue
128Take screenshots as root with screencap binaryfalse
136Capture screen via media projection APItrue
302Time interval between screenshots in milliseconds5000 (5s)
308Time interval between data exfiltration tasks in milliseconds1200000 (20min)
400Comma-separated list of apps (package name substrings) for screen capture via media projection API or taking screenshots with screencap binarywhatsapp, viber, skype, chrome, vkontakte, telegram, android.gm, gallery, thoughtcrime.securesms, facebook, tencent.mm, snapchat, icq, tencent.mobileqq, imoim, mailapp, instagram, kakao.talk, discord, chrome, internet, browser, dolphin, firefox, opera, safari, uc browser, maxthon, baidu, yandex
420Unused
450User ID

Once activated, the spyware hides its icon and registers a built-in broadcast receiver to receive intents from the system. This receiver triggers various malicious activities, such as screen capturing via the media projection API, taking screenshots as root, exfiltrating data, and updating its configuration.

LianSpy registers a malicious broadcast receiver
LianSpy registers a malicious broadcast receiver

To update the spyware configuration, LianSpy searches for a file matching the regular expression
"^frame_.+\\.png$" on a threat actor’s Yandex Disk every 30 seconds. If found, the file is downloaded to the application’s internal data directory. The spyware then decrypts the overlay (data written after the end of the payload) in the downloaded file with a hardcoded AES key. Finally, the configuration updater searches the decrypted payload for a set of substrings, each substring modifying LianSpy’s configuration. A comprehensive list of available options can be found below.

Substring (command name)Description
*con+Enable contact list collection
*con-Disable contact list collection
*clg+Enable call log collection
*clg-Disable call log collection
*app+Enable collection of installed app list
*app-Disable collection of installed app list
*rsr+Schedule taking screenshots
*rsr-Stop taking screenshots
*nrs+Enable screen recording
*nrs-Disable screen recording
*swlSet new app list, stored right after command string, for screen recording
*wif+Allow to run if device is connected to Wi-Fi
*wif-Prohibit from running if device is connected to Wi-Fi only
*mob+Allow to run if device is connected to mobile network
*mob-Prohibit from running if device is connected to mobile network only
*sciSet screen capture interval in milliseconds
*sbiSet interval between data exfiltration tasks in milliseconds

The collected victim’s data is stored encrypted in the SQL table
Con001, which also contains the type of record (device information, contact list, call logs, etc.) and its SHA-256 hash. The data is encrypted using the following scheme:

  • An AES key for data encryption is generated using secure pseudorandom number generator (PRNG). This approach thwarts timing-based attacks that could potentially be exploited by unauthorized parties.
  • A hardcoded public RSA key embedded within the spyware encrypts the AES key.

This robust encryption scheme ensures that only a threat actor owning the corresponding private RSA key can decrypt stolen data.

Stealth features


LianSpy employs unconventional sophisticated evasion techniques to remain undetected.

  • To blend in with legitimate applications, its variants masquerade as the Alipay app or a system service.
  • Android 12 introduced the privacy indicators feature, which displays a status bar icon if sensitive data is being accessed, for example when the screen is being recorded. However, LianSpy developers have managed to bypass this protection by appending a cast value to the Android secure setting parameter icon_blacklist, which prevents notification icons from appearing in the status bar.
  • To further conceal its activities, LianSpy hides notifications from background services it calls by leveraging the NotificationListenerService that processes status bar notifications and is able to suppress them. A list of key phrases used for removing a notification from the status bar can be found below.running in the background
    using battery
    в фоновом режиме
    использует батарею
    используют батарею
  • LianSpy can take screenshots using the screencap system command, typically employed for debugging, but accessible with root permissions. This command leaves no trace of screenshot capture, which allows attackers to stealthily capture screen content.
  • It leverages legitimate cloud and pastebin services extensively, making malicious web activity from a compromised device virtually undetectable.
  • It encrypts exfiltrated data using a robust encryption scheme. Victim identification remains impossible even if Yandex Disk credentials are compromised during APK analysis.
  • LianSpy uses su binary with a modified name to gain root access. The malware samples we analyzed attempt to locate a mu binary in the default su directories. This indicates an effort to evade root detection on the victim’s device. Acquiring superuser rights with such a strong reliance on a modified binary suggests that the spyware was likely delivered through a previously unknown exploit or physical device access.


Infrastructure


LianSpy has no private infrastructure whatsoever. Instead, the threat actor leverages Yandex Disk for both exfiltrating stolen data and storing configuration commands. Victim data is uploaded into a separate Yandex Disk folder.

Other than configuration update job, LianSpy’s communication with its command-and-control (C2) server is unidirectional, with no incoming commands. The malware autonomously conducts update checks and data exfiltration based on its current configuration.

Yandex Disk credentials can be updated from a hardcoded pastebin URL, which may vary across different malware variants. A comprehensive list of these pastebin pages is provided in the IoC section.

Victims


Given that key phrases used to filter notifications are partially in Russian, and some of the default configurations of LianSpy variants include package names for messaging apps popular in Russia, we assume that this spyware targets users in that country. Our KSN telemetry corroborates this, indicating that Russian users have been victims of LianSpy attacks.

Conclusion


The newly discovered Android spyware we dubbed LianSpy exhibits several noteworthy capabilities. Beyond standard espionage tactics like harvesting call logs and app lists, it leverages root privileges for covert screen recording and evasion. Its reliance on a renamed
su binary strongly suggests secondary infection following an initial compromise. Unlike financially motivated spyware, LianSpy’s focus on capturing instant message content indicates a targeted data-gathering operation.
By exclusively leveraging legitimate platforms like Yandex Disk and pastebin services for data exfiltration and C2 communication, the threat actor has complicated attribution. This novel Android threat exhibits no overlap with ongoing malware campaigns targeting Russian users, and we will maintain vigilant monitoring for related activities.

Indicators of Compromise


APK file hashes
084206ec8e6e5684a5acdcbd264d1a41
09088db5640381951e1b4449e930ff11
15222c61978f9133aa34b5972ce84e7e
1ccf5b723c38e30107d55040f10ce32a
22b013cfb95df6b4ba0d2d40dc4bddf4
23b9e5d4ab90506c6e9a42fa47164b84
36bc97ce040ada7142e4add4eb8cd3dd
38149658e5aba1942a6147b387f79d3f
3a4f780820043a8f855979d2c59f36f2
4c3e81bb8e972eef3c9511782f47bdea
5b16eb23a2f5a41063f3f09bc4ca47dd
69581e8113eaed791c2b90f13be0981a
707a593863d5ba9b2d87f0c8a6083f70
7de18a7dac0725d74c215330b8febd4e
842d600d5e5adb6ca425387f1616d6c4
86ea1be200219aca0dc985113747d5ea
86f7c39313500abfb12771e0a4f6d47a
8f47283f19514178ceb39e592324695a
966824d8c24f6f9d0f63b8db41f723b6
99d980a71a58c8ad631d0b229602bbe2
9f22d6bffda3e6def82bf08d0a03b880
a7142ad1b70581c8b232dc6cf934bda4
c449003de06ba5f092ee9a74a3c67e26
d46c5d134a4f9d3cd77b076eb8af28b3
d9e9655013d79c692269aeadcef35e68
da97092289b2a692789f7e322d7d5112
ec74283d40fd69c8efea8570aadd56dc
f13419565896c00f5e632346e5782be4
f37213a7ef3dc51683eec6c9a89e45af
f78eaca29e7e5b035dbcbabac29eb18d
fa3fecca077f0797e9223676d8a48391
fbc2c4226744c363e62fcfeaec1a47f1

Yandex Disk encrypted credential sources
hxxps://pastebin[.]com:443/raw/X4CuaV5L
hxxps://pastebin[.]com:443/raw/0t2c1Djz
hxxps://pastebin[.]com:443/raw/8YXyQtp9
hxxps://pastebin[.]com:443/raw/hm78BGe9
hxxps://pastebin[.]com:443/raw/R509SydV
hxxps://pastebin[.]com:443/raw/dXXcZDF7
hxxps://pastebin[.]com:443/raw/81GhQUjK
hxxps://pastebin[.]com:443/raw/2PmX7Bgd
hxxps://pastebin[.]com:443/raw/zsY6tZLb
hxxps://pastebin[.]com:443/raw/rzMhGiFp
hxxps://pastebin[.]com:443/raw/85DMiWdE
hxxps://pastebin[.]com:443/raw/nSZaB3hw
hxxps://pastebin[.]com:443/raw/Wppem8U5
hxxps://pastebin[.]com:443/raw/KRqNqNrT
hxxps://pastebin[.]com:443/raw/47uLyg6q
hxxps://pastebin[.]com:443/raw/tUQFWtVY
hxxps://pastebin[.]com:443/raw/AgBMX16r
hxxps://pastebin[.]com:443/raw/wSzsbXpg
hxxps://pastebin[.]com:443/raw/e0SqYu41
hxxps://pastebin[.]com:443/raw/ZBFe2b4z
hxxps://pastebin[.]com:443/raw/cbLWwCbR
hxxps://pastebin[.]com:443/raw/fxqART5r
hxxps://pastebin[.]com:443/raw/hiAYisG8
hxxps://pastebin[.]com:443/raw/459bbu4H
hxxps://pastebin[.]com:443/raw/7kxADNLm
hxxps://pastebin[.]com:443/raw/417svXuD
hxxps://pastebin[.]com:443/raw/w4j6jNBV
hxxps://pastebin[.]com:443/raw/9eQJ8uUd
hxxps://pastebin[.]com:443/raw/zy8BKYyg
hxxps://pastebin[.]com:443/raw/uc5Ft4z6


securelist.com/lianspy-android…


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

At Last, Chumby is Ready
poliverso.org/display/0477a01e…
At Last, Chumby is Ready It has been two years, but the slow and steady progress that [Doug Brown] has been making towards bringing a modern Linux kernel to the Chumby has approached the point that it could be called done. In his final blog post of the series, downtowndougbrown.com/2024/08/… [Doug] walks through the highs and lows of the whol


At Last, Chumby is Ready

It has been two years, but the slow and steady progress that [Doug Brown] has been making towards bringing a modern Linux kernel to the Chumby has approached the point that it could be called done. In his final blog post of the series, [Doug] walks through the highs and lows of the whole process.

Many of the changes [Doug] and others have made are already upstream in the Linux mainline. However, some will likely remain in private branches for a few reasons that [Doug] gets into. The blog post covers every commit needed to turn a Chumby or other Marvell ARMADA-powered widget into a working device. At the end of the day, what does [Doug] have to show? He can turn it on, see a boot logo, and then see an indefinite white screen. While underwhelming to most of the world, an X server is coming up, Wi-fi is online, the time syncs from an NTP server, and the touchscreen is ready to be tapped. A white screen, yes, but a white screen of potential. [Doug] has to decide what to launch after boot.

However, the future of the Chumby and other older devices is still on the chopping block of progress. Compiler writers want to drop support for platforms that nobody uses anymore, and the Chumby is ARMv5. With many changes destined to languish, [Doug] still considers it a huge success, and we do too. The whole series represents a journey with beautiful lessons about the power of the Linux device tree, making the dark and scary world of Linux kernel drivers seem a little more approachable.

We’ve covered the first post and when graphics started coming along. We salute the mighty Chumby and the idea it stood for. Of course, the idea of a handy screen displaying information is still alive and well. This handy e-paper HomeAssistant display is just one of many examples.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

DeerStealer: la MFA non è stata mai così pericolosa fingendosi Google Authenticator
poliverso.org/display/0477a01e…
DeerStealer: la MFA non è stata mai così pericolosa fingendosi Google Authenticator Google è vittima della propria piattaforma pubblicitaria, scrivono i ricercatori di Malwarebytes malwarebytes.com/blog/news/202…. Il fatto è che gli aggressori stanno creando degli


DeerStealer: la MFA non è stata mai così pericolosa fingendosi Google Authenticator

Google è vittima della propria piattaforma pubblicitaria, scrivono i ricercatori di Malwarebytes. Il fatto è che gli aggressori stanno creando degli annunci che promuovono una falsa applicazione Google Authenticator, con il pretesto di distribuire il malware DeerStealer.

Gli esperti affermano che gli aggressori sono ancora in grado di inserire annunci nei risultati delle ricerche di Google, mentre sembrano essere associati a domini legittimi, il che crea un falso senso di fiducia tra gli utenti.

Lo schema funziona così: durante la ricerca di Google Authenticator, l’utente vede un annuncio pubblicitario, presumibilmente proveniente da una fonte ufficiale.

In effetti, dietro l’annuncio si nasconde un account falso. Quando si fa clic sul collegamento, si verificano numerosi reindirizzamenti verso domini controllati dai truffatori.

Di conseguenza, l’utente finisce su un sito Web falso che imita la pagina di Google Authenticator. Lì verrà scaricato il file eseguibile.

Questo è seguito da un reindirizzamento a GitHub, dove è ospitato il payload dannoso. L’utilizzo di hosting legittimo per sviluppatori infonde fiducia negli utenti e consente di aggirare di evadere molti sistemi di sicurezza.

Il file scaricato contiene il malware DeerStealer che è progettato per rubare i dati personali dell’utente. Tutte le informazioni rubate vengono immediatamente inviate al server degli aggressori.

È interessante notare che il file dannoso ha una firma digitale valida, che inganna ulteriormente gli utenti.

Gli esperti di Malwarebytes hanno notato la particolare ironia della situazione: mentre cercano di aumentare la sicurezza utilizzando l’autenticazione a due fattori, gli utenti rischiano di diventare vittime di truffatori incappando accidentalmente in un sito di phishing simile, mascherato da ufficiale tramite reindirizzamenti multipli.

Gli esperti consigliano di non fare clic sui collegamenti pubblicitari per scaricare software. Dovresti invece visitare direttamente i siti Web ufficiali degli sviluppatori. E per evitare che la pubblicità dannosa ti confonda, sarebbe una buona idea installare un comprovato blocco degli annunci.

L'articolo DeerStealer: la MFA non è stata mai così pericolosa fingendosi Google Authenticator proviene da il blog della sicurezza informatica.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

The Ultimate Seed Vault Backup? How About the Moon
poliverso.org/display/0477a01e…
The Ultimate Seed Vault Backup? How About the Moon A safe haven to preserve samples of biodiversity from climate change, habitat loss, natural disaster, and other threats is recognized as a worthwhile endeavor. Everyone knows good backup practice involves a copy of critical elements at a remote location, leading some to ask:theguardian.com/environment/ar…


The Ultimate Seed Vault Backup? How About the Moon

A safe haven to preserve samples of biodiversity from climate change, habitat loss, natural disaster, and other threats is recognized as a worthwhile endeavor. Everyone knows good backup practice involves a copy of critical elements at a remote location, leading some to ask: why not the moon?
Not even the Svalbard global seed vault is out of the reach of climate change’s effects.
A biological sample repository already exists in the form of the Svalbard global seed vault, located in a mountain on a remote island in the Arctic circle. Even so, not even Svalbard is out of the reach of our changing Earth. In 2017, soaring temperatures in the Arctic melted permafrost in a way no one imagined would be possible, and water infiltrated the facility. Fortunately the flooding was handled by personnel and no damage was done to the vault’s contents, but it was a wake-up call.

An off-site backup that requires no staffing could provide some much-needed redundancy. Deep craters near the moon’s polar regions offer stable and ultra-cold locations that are never exposed to sunlight, and could offer staffing-free repositories if done right. The lunar biorepository proposal has the details, and is thought-provoking, at least.

The moon’s lack of an atmosphere is inconvenient for life, but otherwise pretty attractive for some applications. A backup seed vault is one, and putting a giant telescope in a lunar crater is another.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

US to propose barring Chinese software in autonomous vehicles
poliverso.org/display/0477a01e…
US to propose barring Chinese software in autonomous vehiclesThe US Commerce Department is expected to propose barring Chinese software in autonomous and connected vehicles in the coming weeks, according to sources briefed on the matter.euractiv.com/section/cybersecu…


US to propose barring Chinese software in autonomous vehicles


The US Commerce Department is expected to propose barring Chinese software in autonomous and connected vehicles in the coming weeks, according to sources briefed on the matter.


euractiv.com/section/cybersecu…


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

Sam Altman e il reddito universale. Iniziano ad uscire i primi dati dello studio
poliverso.org/display/0477a01e…
Sam Altman e il reddito universale. Iniziano ad uscire i primi dati dello studio L’esperimento di Altman si ispira alla sua convinzione dell’importanza di un reddito di base nell’era dell’intelligenza artificiale redhotcyber.com/post/che-cose-…, che secondo alcuni esperti


Sam Altman e il reddito universale. Iniziano ad uscire i primi dati dello studio

L’esperimento di Altman si ispira alla sua convinzione dell’importanza di un reddito di base nell’era dell’intelligenza artificiale, che secondo alcuni esperti potrebbe rendere obsoleti milioni di posti di lavoro. Ritiene inoltre che sia impossibile raggiungere le pari opportunità senza una qualche forma di sicurezza del reddito.

L’idea di un reddito di base universale non è nuova, ma ha guadagnato particolare popolarità grazie alla campagna presidenziale del 2016 di Andrew Yang. Da allora, molte figure di spicco del settore tecnologico, tra cui il cofondatore di Twitter Jack Dorsey e il CEO di Tesla Elon Musk, hanno espresso sostegno al concetto.

Sono emersi i risultati tanto attesi di un esperimento su larga scala sul reddito di base avviato dal CEO di OpenAI Sam Altman del quale avevamo parlato a suo tempo.

Lo studio, uno dei più grandi nel suo genere, ha fornito ai partecipanti a basso reddito pagamenti mensili di 1.000 dollari per tre anni senza vincoli. Lo scopo dell’esperimento era studiare l’impatto del reddito di base sulla vita delle persone, e i risultati sono stati davvero notevoli.

Lo studio ha rilevato che la maggior parte dei fondi aggiuntivi sono stati spesi per bisogni primari, come l’affitto, i trasporti e il cibo. È interessante notare che i partecipanti hanno iniziato a lavorare meno, ma allo stesso tempo sono rimasti partecipanti attivi nel mercato del lavoro ed erano più consapevoli della ricerca di lavoro rispetto al gruppo di controllo.

Gli autori del rapporto sottolineano che ai partecipanti allo studio è stata data maggiore libertà di prendere decisioni che meglio si adattassero alle loro vite e si preparassero per il futuro. Alcuni hanno potuto trasferirsi in altre aree o prendere in considerazione nuove opportunità di business.

Lo studio è stato condotto da OpenResearch e guidato dalla ricercatrice Elizabeth Rhodes. Tutto è iniziato nel 2019, quando sono stati arruolati nell’esperimento 3.000 residenti del Texas e dell’Illinois che vivevano in aree urbane, suburbane e rurali con redditi inferiori a 28.000 dollari. Un terzo dei partecipanti ha ricevuto 1.000 dollari al mese per tre anni, mentre il resto, il gruppo di controllo, ha ricevuto 50 dollari al mese. Tutti i partecipanti hanno mantenuto i vantaggi esistenti.

Secondo lo studio, coloro che hanno ricevuto 1.000 dollari hanno aumentato la loro spesa totale in media di 310 dollari al mese, di cui la maggior parte è destinata al cibo, all’affitto e ai trasporti. Hanno anche fornito maggiore assistenza finanziaria ai bisognosi rispetto al gruppo di controllo.

Tuttavia, i ricercatori non hanno trovato prove dirette di un migliore accesso all’assistenza sanitaria o di cambiamenti significativi nella salute fisica e mentale dei partecipanti. Il rapporto rileva che, sebbene nel primo anno si siano registrate riduzioni significative dello stress, del disagio psicologico e dell’insicurezza alimentare, questi effetti sono scomparsi nel secondo e nel terzo anno del programma. Pagamenti di 1.000 dollari al mese non possono risolvere problemi come malattie croniche, mancanza di assistenza all’infanzia o alti costi abitativi.

Il reddito di base universale fornisce pagamenti diretti in contanti a tutte le persone senza vincoli. Tuttavia, politicamente questo è un compito molto difficile. Molte città e stati stanno sperimentando la garanzia di un reddito di base per alcune popolazioni a basso reddito o vulnerabili. Le prove provenienti da dozzine di programmi simili dimostrano che i trasferimenti di denaro possono aiutare a combattere i senzatetto, la disoccupazione e l’insicurezza alimentare.

All’inizio di quest’anno, Altman ha anche proposto un diverso tipo di reddito di base, che ha chiamato “informatica di base universale”. In questo scenario, le persone riceverebbero una “quota” delle risorse informatiche del grande modello linguistico GPT-7, che potrebbero utilizzare come ritengono opportuno.

Anche questi piccoli esperimenti devono affrontare ostacoli politici. I conservatori di diversi stati hanno contestato i programmi, bloccandone l’avanzamento.

I risultati della ricerca di Altman includevano sia dati quantitativi (indagini e transazioni bancarie) che dati qualitativi (interviste con i partecipanti). Si è scoperto che i destinatari del pagamento mensile di 1.000 dollari hanno aumentato i loro risparmi del 25% rispetto al gruppo di controllo. Hanno anche speso 22 dollari in più al mese per aiutare gli altri, ovvero il 26% in più rispetto al gruppo di controllo.

Non ci sono stati cambiamenti significativi nella proprietà dell’auto o della casa, ma i destinatari di 1.000 dollari avevano maggiori probabilità di cambiare residenza o pagare l’affitto rispetto al gruppo di controllo.

Nel settore sanitario, i destinatari hanno riportato lievi aumenti nella spesa per cure odontoiatriche, visite al pronto soccorso e altre spese mediche, ma non vi è stata alcuna prova diretta di un miglioramento della salute.

I destinatari erano più propensi a mettere in conto un budget e a continuare gli studi, soprattutto nel terzo anno del programma, anche se non ci sono stati cambiamenti significativi nel livello di istruzione complessivo.

Lo studio, avviato durante la pandemia di COVID-19, ha rilevato un calo dei tassi di occupazione tra i destinatari negli anni due e tre rispetto al gruppo di controllo. In media, i redditi sono aumentati in modo significativo per tutti i gruppi, ma leggermente più alti per il gruppo di controllo. I redditi dei destinatari di 1.000 dollari sono aumentati da poco meno di 30.000 a 45.710 dollari, mentre i redditi del gruppo di controllo sono aumentati da un livello simile a 50.970 dollari.

L'articolo Sam Altman e il reddito universale. Iniziano ad uscire i primi dati dello studio proviene da il blog della sicurezza informatica.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

FIN7: quando dai POS al ransomware, il passo è breve
poliverso.org/display/0477a01e…
FIN7: quando dai POS al ransomware, il passo è breve Gli esperti hanno scoperto sentinelone.com/labs/fin7-rebo… nuove prove che il famigerato gruppo di hacker FIN7 continua a migliorare i suoi metodi di attacco e ad espandere la sua influenza nell’underground criminale. Secondo una recente


FIN7: quando dai POS al ransomware, il passo è breve

Gli esperti hanno scoperto nuove prove che il famigerato gruppo di hacker FIN7 continua a migliorare i suoi metodi di attacco e ad espandere la sua influenza nell’underground criminale. Secondo una recente ricerca, gli hacker utilizzano una varietà di alias per mascherare la loro vera identità e supportare operazioni criminali nei forum clandestini.

FIN7 è operativo dal 2012. Durante questo periodo è riuscito a causare danni significativi a diversi settori dell’economia, tra cui il settore alberghiero, l’energia, la finanza, l’alta tecnologia e il commercio al dettaglio.

Inizialmente la FIN7 utilizzava malware per terminali POS a scopo di frode finanziaria. Tuttavia, dal 2020, il gruppo ha spostato la sua attenzione sulle operazioni di ransomware, unendosi a noti gruppi RaaS (ransomware as a service) come REvil e Conti, oltre a lanciare i propri programmi RaaS chiamati Darkside e BlackMatter.

Uno dei tratti distintivi di FIN7 è la creazione di false società di sicurezza informatica. Il gruppo ha così fondato le società fittizie Combi Security e Bastion Secure per frodare. Nonostante l’arresto di alcuni membri del gruppo, le attività della FIN7 continuano, segnalando cambiamenti di tattica, pause temporanee o l’emergere di sottogruppi scissionisti.

Nuovi dati mostrano che FIN7 sta vendendo attivamente i suoi strumenti nei forum criminali. Nello specifico, i ricercatori hanno trovato annunci pubblicitari che offrivano uno strumento di bypass specializzato chiamato AvNeutralizer (noto anche come AuKill).

Un’analisi dell’attività su vari forum clandestini ha rivelato diversi alias presumibilmente associati a FIN7:

  • “buonosoft”
  • “lefroggy”
  • “killerAV”
  • “Stupore”

Questi utenti hanno pubblicato annunci simili per la vendita di strumenti per aggirare i sistemi antivirus e i framework post-exploitation. L’arsenale di FIN7 comprende una serie di strumenti sofisticati, ciascuno progettato per una fase specifica dell’attacco:

  1. Powertrash è uno script PowerShell fortemente offuscato per caricare in modo riflessivo i file PE in memoria.
  2. Diceloader (noto anche come Lizar e IceBot) è una backdoor minima per stabilire un canale di comando e controllo (C2).
  3. Backdoor basato su SSH: un insieme di strumenti basati su OpenSSH e 7zip per fornire accesso permanente ai sistemi compromessi.
  4. Core Impact è uno strumento commerciale di test di penetrazione utilizzato da FIN7 per sfruttare le vulnerabilità.
  5. AvNeutralizer è uno strumento specializzato per aggirare le soluzioni di sicurezza.

Di particolare interesse è l’evoluzione dello strumento AvNeutralizer. L’ultima versione di questo malware utilizza una tecnica precedentemente sconosciuta per aggirare alcune implementazioni di processi protetti utilizzando il driver Windows integrato ProcLaunchMon.sys (TTD Monitor Driver).

FIN7 ha anche sviluppato un sistema di attacco automatizzato chiamato Checkmarks. Questa piattaforma mira principalmente a sfruttare i server pubblici Microsoft Exchange utilizzando le vulnerabilità ProxyShell (CVE-2021-34473, CVE-2021-34523 e CVE-2021-31207).

Inoltre, la piattaforma Checkmarks include un modulo Auto-SQLi per attacchi SQL injection. Se i tentativi iniziali non hanno successo, lo strumento SQLMap esegue la scansione delle destinazioni per potenziali vulnerabilità di SQL injection.

I ricercatori hanno scoperto numerose intrusioni utilizzando vulnerabilità di SQL injection che prendono di mira server pubblici attraverso lo sfruttamento automatizzato. Questi attacchi sono attribuiti a FIN7 con moderata sicurezza. La maggior parte di queste intrusioni si è verificata nel 2022, in particolare nel terzo trimestre, colpendo aziende statunitensi nei settori manifatturiero, legale e governativo.

L'articolo FIN7: quando dai POS al ransomware, il passo è breve proviene da il blog della sicurezza informatica.


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

Apollo Computer: The Forgotten Workstations
poliverso.org/display/0477a01e…
Apollo Computer: The Forgotten Workstations Ever heard of Apollo Computer, Inc.? They were one of the first graphical workstation vendors in the 1980s, and at the time were competitors to Sun Microsystems. hackaday.com/wp-content/upload… that’s enough dry historical context. Feast your eyes on this full-color, 26-page product brochure straight


Apollo Computer: The Forgotten Workstations

Ever heard of Apollo Computer, Inc.? They were one of the first graphical workstation vendors in the 1980s, and at the time were competitors to Sun Microsystems.

But that’s enough dry historical context. Feast your eyes on this full-color, 26-page product brochure straight from 1988 for the Series 10000 “Personal Supercomputer” featuring multiple processors and more! It’s loaded with information about their hardware and design architecture, giving a unique glimpse into just how Apollo was positioning their offerings, and the markets they were targeting with their products.

Apollo produced their own hardware and software, which meant much of it was proprietary. Whatever happened to Apollo? They were acquired by Hewlett-Packard in 1989 and eventually shuttered over the following decade or so. Find yourself intrigued? [Jim Rees] of The Apollo Archive should be your next stop for everything Apollo-oriented.

Vintage computing has a real charm of its own, but no hardware lasts forever. Who knows? Perhaps we might someday see an Apollo workstation brought to life in VR, like we have with the Commodore 64 or the BBC Micro (which even went so far as to sample the sound of authentic keystrokes. Now that’s dedication.)


The Privacy Post reshared this.

The Privacy Post ha ricondiviso questo.

The media in this post is not displayed to visitors. To view it, please go to the original post.

Hackaday Links: August 4, 2024
poliverso.org/display/0477a01e…
Hackaday Links: August 4, 2024 Good news, bad news for Sun watchers this week, as our star launched a solar flare even bigger than the one back in May space.com/sun-solar-flare-far-… that gave us an amazing display of aurora that dipped down into pretty low latitudes. This was a big one; where the earlier outburst was only an X8.9 class, the one on July 23 was X14. That


Hackaday Links: August 4, 2024

Hackaday Links Column Banner

Good news, bad news for Sun watchers this week, as our star launched a solar flare even bigger than the one back in May that gave us an amazing display of aurora that dipped down into pretty low latitudes. This was a big one; where the earlier outburst was only an X8.9 class, the one on July 23 was X14. That sure sounds powerful, but to put some numbers to it, the lower end of the X-class exceeds 10-4 W/m2 of soft X-rays. Numbers within the class designate a linear increase in power, so X2 is twice as powerful as X1. That means the recent X14 flare was about five times as powerful as the May flare that put on such a nice show for us. Of course, this all pales in comparison to the strongest flare of all time, a 2003 whopper that pegged the needle on satellite sensors at X17 but was later estimated at X45.

So while the X14 last week was puny by comparison, it still might have done some damage if it had been Earth-directed. As it was, the flare and its associated coronal mass ejection occurred on the far side of the Sun, sending all that plasma off into the void, since pretty much all the planets were on this side of the Sun at the time. That’s the bad news part of this story, at least for those of us who enjoy watching aurora, not to mention the potential for a little doomsday. But fear not; the sunspot region that spawned this monster flare is transiting the far side of the Sun as we speak, and might just emerge with all its destructive potential intact.

Then again, why wait for the Sun to snuff communications when you can just start your own fiber optic apocalypse? Perhaps that was the motivation when saboteurs in France broke into cabinets in several locations on the night of July 28 and 29 to cut fiber cables. These must have been proper cables, since telecomms insiders say it would have taken an axe or angle grinder to cut through them. While the saboteurs were obviously motivated and organized, they appear not to have been familiar enough with the network topology to cause a widespread outage, nor did they succeed in disrupting the Paris Olympics, the most obvious nearby target. Then again, maybe they weren’t looking for that much attention. Probing attack much?

A couple of weeks back we featured a story (third item) about a GMRS system that had a questionable interaction with Federal Communications Commission investigators, resulting in their system of linked repeaters being taken offline. It seemed pretty clear to us at the time that the FCC regulations regarding the General Mobile Radio Service allowed for repeaters, but prohibited linking them together with pretty much any kind of network. Our friend Josh (KI6NAZ) over at Ham Radio Crash Course is weighing in on the issue now, and seems to have come to the same conclusion. However, the FCC didn’t really do themselves or the GMRS community any favors with the wording of 47 CFR §95.1733, which prohibits “Messages which are both conveyed by a wireline control link and transmitted by a GMRS station.” That “wireline” bit seems to be the part GMRS operators latched onto, thinking somehow that this only meant landline telephones and that linking repeaters through the Internet was all good.

youtube.com/embed/dyikR1lZXnQ?…

A friend of ours once related his plans for the weekend, which included, “Going home, flipping on cable, and turning on CSPAN.” He knew this was pretty sad, and even had a name for it: “Loser Entertainment Television”, or LET. We’re not sure what other channels were on his LET list, but if NASA TV had been available at the time, we’re pretty sure he would have included it. Sadly, or luckily depending on your viewpoint, NASA is shutting down their cable channel in a couple of weeks. You say you had no idea that NASA had a cable channel? We didn’t either — we haven’t had cable or satellite service in at least a decade now — so don’t feel too bad. Our condolences if NASA TV was a part of your life, but you can at least take comfort that much of the same content will still be available on the NASA+ streaming service, which we also didn’t know was a thing. Are we so out of touch?

And finally, if you need something to play with during these dog days of (northern hemisphere) summer, you could do worse than React Flight Tracker, and open-source 3D visualizer for everything that flies. And we mean everything; not only does it track civil and military aviation globally, it also shows the obit of everything from satellites in LEO to dead comms birds in parking geosynchronous parking orbits. You can even zoom way out and see bits of space flotsam like boosters and fairing out about halfway to the Moon. The nice thing about it is the Google Earth-like interface, which gives you a unique perspective on flight. We always knew that the best path from Istanbul to Seattle was (almost) over the North Pole, but seeing it on a 3D globe really brings the point home. It’s also interesting to watch planes from Tokyo to Frankfurt skirting around Russian airspace. Have fun.


The Privacy Post reshared this.