Cybersecurity & cyberwarfare

2024-08-23 11:00:14

The Famous Computer Cafe Has Now Been Archived Online

You might think that TV stations or production houses would be great at archiving, but it’s not always the case. Particularly from the public access perspective. However, if you’re a fan of The Famous Computer Cafe, you’re in luck! The beloved series has now been preserved on The Internet Archive!

If you’re not familiar with the show, it was a radio program broadcast from 1983 to 1986. It was pumped out of a variety of radio stations in southern and central California in the period. The creators making sure to keep a copy of each episode in reel-to-reel tape format. For years, these tapes were tragically lost, until archivist [Kay Savetz] was able to recover some of them from a recent property sale. From there, a GoFundMe paid for digitization, and the show has been placed on The Internet Archive with the blessings of the original creators.

This is quite the cultural victory, particularly when you observe the list of guests on the show. Timothy Leary, Bill Gates, Jack Tramiel, and even Douglas Adams made appearances in the recovered recordings. Sadly, though, not all the tapes have been recovered. Episodes with Gene Roddenberry, Robert Moog, and Ray Bradbury are still lost to time.

If you fancy a listen, 53 episodes presently exist on the archive. Take a trip back in time and hear from some technological visionaries—and futurists—speaking their minds at the very beginning of the microcomputer era! If you find any particularly salient gems, don’t hesitate to drop them on the tip line.

Cybersecurity & cyberwarfare

2024-08-23 14:00:17

This Week in Security: Crash your iPhone, Hack Your Site, and Bluetooth Woes

There have been some hilarious issues on mobile devices over the years. The HTC Dream had a hidden shell that was discovered when a phone rebooted after sending a text containing just the word “reboot”. iOS has gotten in on the fun from time to time, and this time it’s ""::. Type the double quotes, a colon, and any other character, and Apple’s Springboard service crashes.

Another hacker dug in a bit, and realized that Springboard is trying to jump execution to a null pointer, leading to a crash. It’s very odd that user input breaks the query parser badly enough to jump to null like that. There are a couple interesting questions that we have to ask. Given that the crash trigger is quite flexible, "anything goes":x, is it possible to manipulate that function pointer to be something other than null? And perhaps more importantly, why is the code crashing, instead of an invalid address error as one would expect from a Pointer Authentication Code (PAC) violation? Regardless, the bug seems to be fixed in the latest iOS 18 builds.

Typing “”:: in various search bars (e.g. in Settings .app) on iOS, will cause a crash! t.co/P4Ax0z9W9F (by: @)

….let's dig into why

— Patrick Wardle (@patrickwardle) August 21, 2024

OpenBMC

OpenBMC is something of a reference Baseboard Management Controller, and as such it’s the upstream for other implementations. And it has a fairly serious issue, in the slpd-lite service, which just happens to be installed and enabled by default. SLP is the Service Location Protocol, a service discovery protocol, which is something of a predecessor to Zeroconf. Slpd-lite has a pair of issues that result in trivial heap reads and writes, beyond the intended buffer.

The slpd-lite project patched the issues about a week after disclosure, back in May. In June, the patch and an advisory was applied to OpenBMC itself. Nice and speedy action. Now to get all the downstream vendors to apply it, too.

WordPress LightSpeed Falls to Weak Hash

The LightSpeed Cache plugin for WordPress does something really clever, but in a way that managed to allow admin authentication bypasses. To cache pages that a logged-in user would see, the plugin’s crawler simulates each user loading the site, and caches that. To protect that cache, a random string is generated. The problem is that this random generation is seeded using the current time, only the microsecond portion of the time. So one of only a million possible values. And while a million is a lot when talking about physical objects, it’s not nearly enough when talking about cryptography.

To log in as a user using this weak hash, an attacker only has to guess te proper user ID (usually 1 is an admin) and then hit the right hash value. Lightspeed hash released a fix, but this is a severe issue, and we should expect to see exploitation attempts — And that didn’t take long. This one could be nasty, as something like 3.5 million sites are still running the vulnerable version of the plugin. Wordfence has already blocked 48,500 in the first 24 hours of this attack being publicly known.

Insulin, Privacy, and Firewalls

[Remy] fron Greynoise Labs is on a bit of a crusade against insecure Bluetooth. And make no mistake, Bluetooth can be a problem. Case in point, the FDA has issued a recall on a particular insulin pump, because the iOS app could enter a crash loop, and the continual Bluetooth re-connections drained the device’s batteries. Battery drain may seem like a mild inconvenience, but apparently over 200 people have reported injuries as a result.

So in this push for more secure use of Bluetooth, [Remy] mined a collection of Android applications for Bluetooth UUIDs. Those are unique identifiers of what kind of device is advertising Bluetooth. With this new treasure trove of identifiers, it was only natural to write a Bluetooth UUID scanner. And this is where a bit of a bizarre coincidence took place. At the some moment [Remy] fired up this scanner, his local Internet access dropped. As a result, his Firewalla firewall started advertising a Bluetooth Low Energy interface. The database returned a hit, and [Remy] had the Android APK to look at.

The Firewalla scheme for authenticating that BLE interface was lacking, with a handful of possible issues, like only checking the first 8 characters of a UUID key. And once past that initial hurdle, further administration tasks are secured using a JSON Web Token. That token’s signing key was global for all Firewally devices, and trivially derived from either firmware or the Android APK. And that’s not even all, since there were also command injection issues over the same Bluetooth link. Firewalla has released version 1.979 to address these issues.

Moar Bluetooth

If that wasn’t enough Bluetooth, the Zero Day Initiative has us covered, with coverage of a pair of flaws in the Autel Maxicharger vehicle charging station. The first was a simple buffer overflow in the Bluetooth data handling, leading to possible Remote Code Execution (RCE). The second issue was the presence of “Backup credentials” in the firmware’s WiFi handling.

Bits and Bytes

“Insufficient sanitization” is not a feature you want in your microservices. Spring’s Cloud Dataflow is a tool to plug data flows in to various other applications. Before a recent patch fixed it, Dataflow was doing some basic checks on file uploads, like looking for nulls or empty files. The problem was some very simple path traversal attacks. Name a package name with ../../../poc, and while the service may throw an error, it still creates the files as requested. 2.11.3 has shipped with the fix, so time to update!

And speaking of bypasses, ingress-nginx has a validation bypass, allowing unauthorized access to Kubernetes clusters using that controller. Kubernetes supports annotations as a sort of metadata system, and ingress-nginx was failing to properly validate those annotations, which could then be used for command injection.

And finally, I think I’ve played this video game. Except this time, someone actually tried to hack himself out of existence. The FBI discovered that a criminal had not only used stolen social security numbers to commit fraud, he had gone so far as to register his own death in a Government system, using stolen credentials. It didn’t turn out so well, as he was discovered alive, and sentenced to jail time for the effort.

Cybersecurity & cyberwarfare

2024-08-23 10:16:13

Normativa e Gestione di un Data Breach

@Informatica (Italy e non Italy 😁)
Il 26 luglio 2024 l’Agenzia per la Cybersicurezza Nazionale (ACN) ha pubblicato la “Guida alla notifica degli incidenti al CSIRT Italia”. Si tratta di un documento di 56 pagine che […]
L'articolo Normativa e Gestione di un Data Breach proviene da Edoardo Limone.

L'articolo proviene dal blog dell'esperto di #Cybersecurity

Cybersecurity & cyberwarfare

2024-08-23 07:32:31

Xiaomi pronta a lanciare la funzione di rilevamento delle telecamere nascoste

Secondo i media, Xiaomi potrebbe presto introdurre nei suoi telefoni una funzione di rilevamento delle telecamere nascoste. L’azienda si sta ora preparando a lanciare HyperOS 2.0 e la funzionalità potrebbe diventarne parte.

Secondo XiaomiTime, HyperOS 2.0 conterrà probabilmente una funzionalità che consentirà ai dispositivi supportati di rilevare telecamere nascoste utilizzando segnali di rete locale wireless (WLAN). Questa funzionalità, ad esempio, può essere utile per i viaggiatori che spesso si fermano in luoghi sconosciuti.

Sembra che con questa funzione gli utenti dei telefoni Xiaomi saranno in grado di identificare i dispositivi sospetti connessi alla rete Wi-Fi locale. A giudicare dagli screenshot presentati, puoi cercare dispositivi nascosti con un solo tocco.

Si ritiene che la nuova funzionalità sia ispirata da Ingram, un programma Python che sembra rilevare le telecamere vulnerabili.

L'articolo Xiaomi pronta a lanciare la funzione di rilevamento delle telecamere nascoste proviene da il blog della sicurezza informatica.

Cybersecurity & cyberwarfare

2024-08-23 08:00:39

A Simple Guide to RF PCB Design

[Hans Rosenberg] knows a thing or two about RF PCB design and has provided a three-part video demonstration of some solid rules of thumb. We will cover the first part here, and leave the other two for the more interested readers!

The design process begins with a schematic diagram, assuming ideal conductors. Advanced software tools can extract the resistive, inductive, and capacitive elements of the physical wiring to create a parasitic model that can be compared to the desired schematic. The RF designer’s task is to optimize the layout to minimize differences and achieve the best performance to meet the design goals. However, what do you do when you don’t have access to such software?

[Hans] explains that at low frequencies, return current flows through all paths, with the lowest resistance path taking most of the current. At higher frequencies, the lowest inductance path carries all the current. In real designs, a ground plane is used instead of an explicit return trace for the lowest possible impedance.
You really wouldn’t design an RF circuit like this.
[Hans] shows the effect of interrupting the signal return path on a physical test PCB. The result is pretty bad, with the current forced to detour around the hole in the ground plane. A nanoVNA shows a -20 dB drop at 4 GHz, where the ground plane has effectively become an antenna. Energy will be radiated out, causing signal loss, but worse, it will create an EMC hazard with an unintended transmission.

Additionally, this creates an EMC susceptibility, making the situation worse. Placing a solder blob to bridge the gap directly under the signal trace is all that’s required to make it a continuous straight path again, and the performance is restored.

Floating planes are also an issue in RF designs, causing signal resonance and losses. One solution is to pull back the planes near the signal or stitch them to the ground plane with vias placed closely on either side of the signal trace. However, such stitching may slightly affect transmission line impedance and require tweaking the design a little. The next two parts of the series expand on this, hammering home the importance of good ground plane design. These are definitely worth a watch!

PCB design is as much art as science, and we’ve discussed this subject a lot. Here’s our simple guide to rocking RF PCB designs. There’s also a lot of devil in that detail, for example when understanding edge-launch SMA connectors.

youtube.com/embed/EEb_0dja8tE?…

youtube.com/embed/xhuHAhIKWoM?…

youtube.com/embed/nsDzvE8TeQo?…

Cybersecurity & cyberwarfare

2024-08-23 07:03:44

5 milioni di siti WordPress a rischio a causa del Plugin LiteSpeed ​​Cache

Gli specialisti di PatchStack hanno scoperto una vulnerabilità critica nel plugin LiteSpeed ​​Cache per WordPress, che consente di ottenere i diritti di amministratore sul sito.

Il bug colpisce potenzialmente più di 5 milioni di siti che utilizzano questo plugin. Anche Wordfence si è unito al rapporto di PatchStack e ha emesso il proprio avviso sulla vulnerabilità.

LiteSpeed ​​​​Cache è un popolare plug-in di memorizzazione nella cache per WordPress con oltre 5 milioni di installazioni attive.

L’errore riguarda tutte le versioni del plugin fino alla versione 6.4 inclusa, il cui aggiornamento è stato rilasciato il 13 agosto. Si consiglia vivamente agli utenti di aggiornare il plug-in all’ultima versione (6.4.1) il prima possibile per evitare potenziali attacchi.

La vulnerabilità relativa all’elevazione dei privilegi CVE-2024-28000 (punteggio CVSS: 9,8) consente a un utente malintenzionato non autenticato di ottenere l’accesso a livello di amministratore, il che rende possibile scaricare e installare plug-in dannosi. Un criminale informatico può falsificare un ID utente e accedere come amministratore utilizzando l’API REST /wp-json/wp/v2/users. Tali azioni portano al pieno controllo del sito vulnerabile.

Il problema è che la funzione di simulazione utente nel plugin utilizza un hash debole. Questo hash viene generato in base a un numero casuale, facile da prevedere poiché dipende dal tempo con una precisione di un microsecondo. Di conseguenza, ci sono solo un milione di possibili valori hash. Inoltre, il generatore di numeri casuali non è crittograficamente sicuro e l’hash non è protetto da misure aggiuntive come il salting o il collegamento a una richiesta o a un utente specifico.

Vale la pena notare che la vulnerabilità non può essere sfruttata sui siti WordPress che funzionano sulla piattaforma Windows, poiché la funzione di generazione dell’hash dipende dal metodo PHP sys_getloadavg(), che non è implementato su Windows.

L'articolo 5 milioni di siti WordPress a rischio a causa del Plugin LiteSpeed ​​Cache proviene da il blog della sicurezza informatica.

Cybersecurity & cyberwarfare

2024-08-23 07:25:15

IntelBroker assume la guida di BreachForums: Un nuovo capitolo per la gestione del cybercrime

La recente acquisizione di BreachForums da parte di IntelBroker segna un cambiamento significativo nell’ambito del cybercrime. Questa transizione di potere avviene in un momento cruciale per il forum, che ha recentemente attraversato un periodo di stagnazione e inefficienza sotto la precedente amministrazione. L’arrivo di IntelBroker come nuovo proprietario promette di rinnovare e rafforzare la piattaforma, portando con sé una gestione più attiva e coinvolta.

Intelbroker è un individuo (o un gruppo di hacker criminali) operante nel dark web, tra le risorse underground quali xss, Breachforums, Exposed. Si tratta di un attore di minacce operante nel gruppo di hacker “Cyberniggers“, ed è attivo sia nelle categorie di hacktivismo che nella criminalità informatica, soprattutto come Inital Access Broker (IaB).

Come accennato in precedenza, in prima linea tra CyberNiggers è un membro di lunga esperienza nell’orchestrazione di attacchi informatici di alto profilo. Operando come Initial Access Broker (IaB), IntelBroker è specializzato nell’identificazione e nella vendita dell’accesso ai sistemi compromessi, aprendo la strada a varie attività dannose.

Nonostante l’identità collettiva dei CyberNiggers, IntelBroker si distingue come attore di minacce individuali. Questa distinzione solleva interrogativi sulla portata delle loro capacità e sulle motivazioni che guidano i loro sforzi individuali.

Stato di BreachForums sotto la precedente amministrazione

BreachForums, storicamente riconosciuto come uno dei principali punti di riferimento per la comunità del cybercrime, ha subito un progressivo declino a causa della gestione inefficace del precedente proprietario. Le principali criticità riscontrate includevano:

• Assenza di leadership: Il precedente amministratore era spesso assente, provocando ritardi significativi nella risoluzione di controversie tra utenti e nella gestione delle richieste tecniche e operative del sito.
• Mancanza di intervento tempestivo: La scarsa presenza amministrativa ha portato a un accumulo di problemi non risolti, che hanno minato la fiducia degli utenti e compromesso l’efficacia operativa del forum.
• Stagnazione della comunità: A causa della gestione inefficace, il forum ha registrato un calo nell’attività e nell’afflusso di nuovi membri, portando a una perdita di slancio all’interno della comunità.

L’avvento di IntelBroker: Una leadership rinnovata

L’ingresso di IntelBroker come nuovo proprietario e amministratore rappresenta un punto di svolta per BreachForums. Le caratteristiche distintive della sua leadership includono:

• Coinvolgimento attivo: IntelBroker è noto per il suo approccio diretto e partecipativo nella gestione della comunità. La sua presenza costante e il suo impegno attivo sono stati accolti positivamente dagli utenti, che vedono in lui una figura capace di riportare ordine e disciplina al forum.
• Reputazione consolidata: IntelBroker gode di un alto livello di rispetto e fiducia all’interno della comunità. Questo elemento è cruciale per garantire un ambiente sicuro e stabile, soprattutto in un contesto come quello del cybercrime, dove la credibilità del leader è fondamentale.
• Focus sulla sicurezza e sull’integrità: La gestione di IntelBroker si preannuncia orientata a mantenere elevati standard di sicurezza e integrità del forum, elementi essenziali per il successo e la longevità della piattaforma.

---

Prospettive future per BreachForums

Con IntelBroker al timone, BreachForums si prepara a entrare in una nuova fase di sviluppo. Le aspettative per il futuro includono:

• Rinnovata crescita della comunità: Si prevede un aumento delle attività e dell’afflusso di nuovi membri, grazie alla ritrovata fiducia nella gestione del forum.
• Miglioramento della governance: Con una leadership più attiva e responsabile, il forum dovrebbe vedere un miglioramento nella gestione delle controversie e delle operazioni quotidiane, portando a una maggiore soddisfazione degli utenti.
• Rafforzamento della posizione nel cyber underground: La nuova amministrazione potrebbe consolidare la posizione di BreachForums come piattaforma leader per il cybercrime, attirando un numero crescente di utenti e risorse.

Conclusione

L’acquisizione di BreachForums da parte di IntelBroker rappresenta un’opportunità di rinascita per la piattaforma. Con una gestione più dinamica e attenta, il forum è destinato a recuperare la vitalità perduta e a consolidare il suo ruolo nel panorama del cybercrime.

La comunità osserva con interesse i primi passi di IntelBroker nella sua nuova veste di leader, consapevole che da questa transizione dipenderà il futuro del forum.

L'articolo IntelBroker assume la guida di BreachForums: Un nuovo capitolo per la gestione del cybercrime proviene da il blog della sicurezza informatica.

Cybersecurity & cyberwarfare

2024-08-23 05:30:32

Elon Musk’s Brat Summer

Charli XCX’s new album has made waves worldwide with its ravey beats and bold lyrics. And who better than Elon Musk to embody the fearless “brat” attitude?

---

euractiv.com/section/digital/p…

Cybersecurity & cyberwarfare

2024-08-23 05:00:03

Portable PS4 Is Easier To Move Than A Regular One

The PlayStation 4 was a popular enough console, but it was a home console. If you wanted to play at a friend’s house, you had to unplug all your cables and haul the whole lot over there. Unless, that is, you built something along the lines of [Rudd van Falier]’s Portable GameStation.

It’s not a super-complicated build, but it is a well-executed one. It combines laser cut acrylic with 3D-printed brackets to produce a housing that looks clean, sharp, and of almost commercial quality. That’s the benefit of laser-cutting—it avoids all the ugly problems of layer lines. From there, [Rudd] simply set about stuffing the PS4 motherboard inside, along with placing the relevant ports and vents in the housing where needed. A screen with inbuilt speakers was then attached to complete the build. The one thing it’s missing is a set of batteries for playing it on the bus. This thing needs mains power to run.

We’d love to see [Rudd] take another stab at the concept, making it fully independent from cables. It’s definitely possible. Who wouldn’t want to play some Persona 5 Royal on the train, anyway? Video after the break.

youtube.com/embed/5GN1kxtK0ps?…

Cybersecurity & cyberwarfare

2024-08-23 02:00:00

Wardriving Tools In The Modern Era

When WiFi first came out, it was a super exciting time. The technology was new, and quite a bit less secure back then—particularly if not configured properly. That gave rise to the practice of wardriving—driving around with a computer, looking for unsecured networks, often just for the fun of it. [Simon] has been examining this classic practice from a modern perspective.

He’s been at the game for a long time—from back in the days when you might head out with a thick old laptop, a bunch of PCMCIA cards, and dangly antennas. It’s much more advanced these days, given we’ve got WiFi on all different bands and Bluetooth devices to consider to boot. Heck, even Zigbee, if you’re hunting down a rogue house full of Internet of Things gadgets.

Today, when he’s out researching the wireless landscape, he uses devices like the Flipper Zero, the Raspberry Pi, and a Google Pixel 5 running the WiGLE WiFi Wardriving app. [Simon] notes that the latter is the easiest way to get started if you’ve got an Android phone. Beyond that, there’s software and hardware out there these days that can do amazing things compared to the simple rigs of yesteryear.

If you’re out looking for free internet these days, wardriving might be a bit pointless given it’s available in practically every public building you visit. But if you’re a wireless security researcher, or just curious about what your own home setup is putting out, it might be worth looking at these tools! Happy hunting.

Cybersecurity & cyberwarfare

2024-08-22 23:00:00

Second Human Neuralink Brain Implant Recipient Uses It For CAD and Videogaming

As Neuralink works towards getting its brain-computer interface technology approved for general use, it now has two human patients who have received the experimental implant. The second patient, [Alex], received the implant in July of 2024 and is said to be doing well, being able to play games like Counter Strike 2 without using his old mouth-operated controller. He’s also creating designs in Fusion 360 to have them 3D printed.

This positive news comes after the first patient ([Noland Arbaugh]) suffered major issues with his implant, with only 10-15% of the electrodes still working after receiving the implant in January. The issue of electrode threads retracting was apparently a known issue years prior already.

We analyzed Neuralink’s claims back in 2019, when its founder – [Elon Musk] – was painting lofty goals for the implant, including reading and writing of brains, integration with AIs and much more. Since that time Neuralink has been mostly in the news for the many test animals which it euthanized during its test campaign prior to embarking on its first human test subjects.

There also appears a continuing issue with transmitting the noisy data from the electrodes, as it is far more data than can be transmitted wirelessly. To solve this seemingly impossible problem, Neuralink has now turned to the public with its Neuralink Compression Challenge to have someone make a miraculous lossless compression algorithm for it.

With still many challenges ahead, it ought to be clear that it will take many more years before Neuralink’s implant is ready for prime-time, but so far at least it seems to at least make life easier for two human patients.

youtube.com/embed/X7OpjB_8sHQ?…

Cybersecurity & cyberwarfare

2024-08-22 20:00:20

You Can 3D Print Yourself Some Simple Magnetic Switches

Permanent magnets aren’t typically switchable. They’re always doing their magnet thing. However, if you align them with a bunch of other magnets in just the right way, you can create a permanent magnet that you can effectively switch on and off. [Andrew Klein] has done just that with his 3D-printed magnetic switch design.

The concept is simple enough. The design consists of a 3D-printed housing in two parts, top and bottom. When set into one orientation, the housing holds two arrays of magnets in opposite orientations. This effectively cancels out their magnetic fields and allows you to move the assembly around as if it’s pretty much not magnetic at all. However, rotate the device to its alternative orientation, and the magnets poles are aligned. This effectively combines their magnetic fields and makes the assembly act as one big large magnet.

These devices are useful if you want to create magnetic clamps or fixtures that can be attached and detached at will from ferrous surfaces. Being able to effectively “switch the magnet off” is much easier than trying to wrench a powerful magnet from a metal plate, after all.

You can do something similar with electromagnetic techniques, too! Video after the break.

youtube.com/embed/n9tZIFfM14o?…

Cybersecurity & cyberwarfare

2024-08-22 17:00:24

A Field Guide to the North American Substation

Drive along nearly any major road in the United States and it won’t be long before you see evidence of the electrical grid. Whether it’s wooden poles strung along the right of way or a line of transmission towers marching across the countryside in the distance, signs of the grid are never far from view but often go ignored, blending into the infrastructure background and becoming one with the noise of our built environment.

But there’s one part of the electrical grid that, despite being more widely distributed and often relegated to locations off the beaten path, is hard to ignore. It’s the electrical substation, more than 55,000 of which dot the landscape of the US alone. They’re part of a continent-spanning machine that operates as one to move electricity from where it’s produced to where it’s consumed, all within the same instant of time. These monuments of galvanized steel are filled with strange, humming equipment of inscrutable purpose, seemingly operating without direct human intervention. But if you look carefully, there’s a lot of fascinating engineering going on behind those chain-link fences with the forbidding signage, and the arrangement of equipment within them tells an interesting story about how the electrical grid works, and what the consequences are when it doesn’t.

From The Ground Up

The most basic function of a substation is to transform voltages, either stepping up the voltage from the point of production for efficient transmission over long distances, or stepping voltages down from transmission systems to feed regional or local distribution systems. That makes substations conceptually simple, but as is always the case in engineering, the details are where things get interesting.

While the equipment mounted above the ground is the easiest part of a substation to observe, what you don’t see is arguably far more important, at least in terms of safety. A note to frame the discussion: we’ll be concentrating on open-air substations, rather than substations that are inside a structure, which are an important and interesting part of the grid, but harder to observe casually.

Substations must have an extensive grounding system, both for worker safety and to provide the needed neutral reference. Most substations use a grid of thick copper conductors buried just below the surface, tied together at regular intervals to ground rods extending 25 feet (7 meters) or more into the soil below. Horizontal and vertical conductors are tied together with exothermically welded connections or cold-forged fittings to form low-impedance electrical connections between every element of the grid. The grounding grid spreads out under the entire area of the substation, and everything is bonded into the ground system by heavy, low-impedance braided straps.

youtube.com/embed/3Lmu31TUp0U?…

Over the grounding grid is a layer of crushed rock about 6 inches (15 cm) thick. The gravel serves several functions, including aiding water drainage and inhibiting weed growth. But the main function is worker safety in the event of a ground fault, which could cause a lethal voltage difference between the above-ground equipment and the earth. The high resistivity of the gravel (3,000 to 5,000 ohm-meters) compared to the soil makes it less likely that a worker will conduct these voltages through their body. Also, gravel reduces the possibility of lethal voltages between one foot and the other while walking, or step voltages.

Every substation also has a fence or physical barrier of some sort. Most are imposing structures of heavy-duty chain-link topped with razor wire, but in some residential areas, a more decorative option might be used to appease the neighbors. Some substations also have sound barriers, to reduce the incessant 60 Hz hum of the equipment within that could annoy nearby residents. The characteristic hum has also been known to attract bears, who apparently think they’ve found the world’s largest beehive. A sturdy barrier is critical to avoiding unpleasant consequences for the bear, or for those with a greedy eye on the multiple tons of copper most substations contain.

Rule of Threes

Of the above-ground equipment in the substation, the most visually striking structures are those that support and terminate the wires coming into and leaving the yard. These are loosely referred to as “high side” and “low side” lines based on the voltages they carry. A substation might have a 345 kV high side to receive power from a transmission line and several 25 kV lines on the low side feeding different local distribution lines. Some substations will also have multiple high-side feeds from different transmission lines, or may have multiple low-side inputs from wind or solar plants that the substation will combine into one or more high-side transmission lines.

Overview of the high side of a wind farm substation. From the right: transformer with corona caps on output bushings; 3-phase circuit breakers; PTs and VTs for monitoring; high-side lines on tower with surge arrestors on each phase. Source: Adbobestock, by [JJ Gouin]One way to tell the high-side and low-side lines apart is by the size of their insulating bushings. Bushings are used to electrically and physically separate conductors from enclosures and supports, and the longer the bushing, the higher the voltage. Bushings are made from ceramic, glass, or polymers, and generally have stacks of circular fins that reduce the possibility of electrical discharge from the line to something with a lower potential. The highest voltage bushings are often fitted with special corona caps, which are circular cages that reduce the possibility of corona discharges from the relatively sharp tip of the bushing.

Something that stands out about most substations is that there seem to be three copies of each piece of equipment. Each set of high-side lines comes into the substation in a set of three, there are often three transformers (or one transformer with three input bushings and three output bushings), and all of the gear between the input and the output seems to be in triplicate. This is thanks to the three-phase electrical system in North America. Electrical transmission and distribution systems are all three-phase power, and while residential customers rarely enjoy such service to the home, commercial and industrial installations almost universally have it.

While the high-side and low-side lines entering and leaving the substation are generally — but not always — overhead wires, inside the substation, most of the components are connected by a series of overhead busbars. Busbars are simply pieces of metal pipe, often galvanized steel or aluminum and usually in groups of three, which are attached to equipment bushings either directly or via jumper wires. Busbars have the advantage of not sagging or swaying in the wind, but do have a few disadvantages, too. When busbars get hot they expand, and since they’re rigid and supported firmly on each end they’ll either buckle or break their supports. That means busbars have to be provided with expansion joints.

Another potential failure mode for busbars is ice damage, which I witnessed back in the 1980s. During a late winter thaw, meltwater had accumulated in a busbar at a substation near my home. When the temperature dropped precipitously that night, the freezing water exerted enough pressure to burst the busbar, which caused a fault on one of the phases bad enough to trip the entire substation. This knocked out power to the entire town and resulted in the local utility asking for help from my volunteer fire company.

The substation techs used the enormous generator on our truck to power a welder so they could make an impromptu repair to the busbar and restore power. It was a long, bitterly cold night, but I got to walk around inside a substation and check things out. It was pretty cool.

Plenty of Protection

That brings up the topic of control and protection. The vast majority of the equipment inside a substation is devoted to circuit protection, in the form of circuit breakers, fuses, reactors, and capacitors, followed by the equipment needed to control and monitor the circuits. Lightning protection is also vital, since a nearby strike can induce currents that can permanently damage equipment. Protection starts at the top with static lines on the highest part of transmission towers that are designed to catch discharges and run them directly to ground. Static lines are now often hybrid cables called OPGW, or optical ground wire, which has one or more optical fiber pairs at its core. These fibers are used for control and communications between substations; some utilities even lease the extra pairs out to communications providers.

Circuit breakers play a last-ditch role in substation protection, and are capable of disconnecting the entire substation in a catastrophic fault. They’re pretty easy to spot thanks to their angled bushings, usually two per breaker with one breaker per phase, although some breakers have three bushings each. The breakers are just super-sized versions of those in your home panel and work in a similar way, albeit tripping at a much higher current — often 5,000 amps or more. They also have to switch very rapidly, a tough job when there’s enough voltage to keep an arc going between the contacts even when they’re fully separated. So circuit breakers are often filled with a dielectric gas such as sulfur hexafluoride (SF6), a liquid dielectric like mineral oil, or even evacuated completely. Air blast breakers which literally blow the arc out are also used.

Another interesting bit of control equipment in the yard is the voltage regulators, which are essentially autotransformers that can adjust the voltage on a phase within a small percentage range. These are easily recognizable as a set of three tall cylinders, each bearing a large dial on the top. The dial shows how much voltage is being boosted or bucked, and is usually angled downward for easier reading from the ground. Substation switchyards also often contain banks of high-voltage capacitors, which adjust the power factor and compensate for noise on the line. Capacitor banks are usually located on the distribution side of a substation along with neutral grounding reactors, which are large, cylindrical inductors that are connected in series between the neutral of a transformer and ground and limit current if there’s a phase-to-ground fault.

Sprinkled liberally around the substation are instrumentation transformers whose entire job is to monitor the flow of current into and out of almost every piece of equipment. Current transformers, or CTs, are just permanently installed, beefed-up versions of the clamp meter you might use for measuring current in an electrical panel and work pretty much the same way, with current in the conductor under measurement inducing a proportional current in a toroidal coil. Voltages are measured with voltage transformers (VTs), the most common of which is the capacitive voltage transformer, or CVT. These use high-voltage capacitors as a voltage divider and a transformer to isolate and further step down the voltage to a reasonable instrumentation range. The outputs of instrumentation transformers are generally piped into a supervisory control and data acquisition (SCADA) system that remotely monitors and controls everything in the substation, right down to alarm contacts on the fence gates.

The Diva Treatment

Since the primary job of the substation is changing one voltage to another, the main power transformers are the centerpiece of the switchyard. In a lot of ways, transformers are the divas of the substation — they’re expensive to procure, require a lot of maintenance, and the show won’t go on until they’re happy. The transformers are easy to spot, since they’re generally the largest pieces of equipment in the yard. In keeping with the rule of threes, there are usually three identical units, one for each phase, although some transformers have windings for all three phases in a single massive enclosure.
138 kV transformer in a wind farm substation. High-side to the left, low-side to the right, with all three phases in a single enclosure. Note the cooling radiators on each side; the tank just visible at the back is an oil conservator, which is basically a pressurized reservoir for the oil to expand and contract. Source: SpeedFreakLS1.
Almost all substation transformers are filled with mineral oil, which acts as a liquid dielectric and helps cool the transformer thanks to giant radiators and fans for forced-air cooling. A large transformer can hold thousands of gallons of oil, an environmental disaster waiting to happen if there should be a leak, which given some recent rural substation attacks is not unthinkable. That makes secondary containment a necessity, with deep pits dug around the transformer foundation pads. The pits are lined with thick plastic sheets and backfilled with gravel. They’re designed to contain the entire volume of oil if necessary, and sump pumps with oil separators keep rainwater from accumulating in the pit.

In keeping with the diva treatment, transformers require constant monitoring to ensure they operate at their peak. Aside from the instrumentation used to measure their electrical status, transformers need to have their oil checked regularly for chemical changes that could indicate internal problems like arcing and overheating. This can either be performed by a technician visiting the substation and taking samples of the oil, or through online dissolved gas analysis (DGA), which uses a compact gas chromatograph to automatically sample the oil and measure the amount of acetylene, ethylene, and methane dissolved within it. Continuous measurements are collected via SCADA and provide a much more accurate picture of transformer health than monthly or quarterly sampling.

And finally, to push the diva metaphor even further, transformers are often provided with pressure-relief devices to protect the system in the event of an explosion within the transformer enclosure. PRDs can be as simple as a burst disc that shatters under increased pressure, but are more commonly sensors that detect and characterize the pressure wave from an internal explosion as it propagates through the oil. If the pressure wave looks like a catastrophic internal failure has occurred, the SCADA system will disconnect the transformer, in an attempt to save it from irreparable damage.

Cybersecurity & cyberwarfare

2024-08-22 18:30:47

A Cheap DIY PLC Based on the Atmega328P

If you’re running a big factory, you’ve probably got a massively expensive contract with a major programmable logic controller (PLC) manufacturer. One shudders to think about the cost of the service subscription on that one. If you’re working on a smaller scale, though, you might consider a DIY PLC like this one from [Mr Innovative.]

PLCs are rarely cutting-edge; instead, they’re about reliability and compliance with common industry standards. To that end, this design features the ATmega328P. Few other microcontrollers are as well understood or trusted as that one. The device is compatible with RS232 and RS485 and will run off 24 VDC, both of which you would find in a typical industrial environment. It offers 24 V digital inputs and outputs, as well as analog inputs and outputs from 0 to 10 V. [Mr Innovative] demonstrates it by hooking up a DWIN human-machine interface (HMI) for, well… human interaction, and a variable frequency drive to run a motor.

If you want to run a basic industrial-lite system but can’t afford the real industrial price tag, you might enjoy tinkering around at this level first. It could be a great way to get a simple project up and running without breaking the bank. Video after the break.

youtube.com/embed/gCmLq-S2bcE?…

Cybersecurity & cyberwarfare

2024-08-22 09:14:14

Tempeste, naufragi e cyberspionaggio: gli ingredienti del complotto

Uno yacht di lusso, il Bayesian, che si inabissa il 19 agosto a poche centinaia di metri dal porto di Palermo. Fin qui non ci sarebbe nulla di eccezionale. Le cose cambiano non appena si conosce l’identità delle persone a bordo e, purtroppo, delle vittime. Tra queste, la più illustre è senz’altro il magnate britannico […]
Continua a leggere

The post Tempeste, naufragi e cyberspionaggio: gli ingredienti del complotto appeared first on InsideOver.

Cybersecurity & cyberwarfare

2024-08-22 15:30:11

Citizen Scientists Spot Super Fast Moving Object in NASA Data

When you were five, you probably spotted your best friend running at “a million miles an hour” when they beat everybody at the local athletics meet. You probably haven’t seen anything that fast snice. According to NASA, though, a group of citizen scientists spotted a celestial object doing just that!

The group of citizen scientists were involved in a NASA program called Backyard Worlds: Planet 9. They were working on images from NASA’s Wide-field Infrared Explorer mission. Scanning through stored images, Martin Kabatnik, Thomas P. Bickle, and Dan Caselden identified a curiously speedy object termed CWISE J124909.08+362116.0. There are lots of fast-moving objects out in space, but few quite as fast as this one. It’s quite literally zooming through the Milky Way at about 1 million miles per hour.

It’s unclear exactly what the object is. It appears light enough to be a low-mass star, or potentially a brown dwarf—somewhere in between the classification of gas giant and star. It also has suspiciously low iron and metallic content. The leading hypothesis is that CWISE J1249 might have been ejected from a supernova, or that it got flung around a pair of black holes.

For now, it remains a mystery. It’s a grand discovery that really highlights the value of citizen science. If you’ve been doing your own rigorous scientific work—on NASA’s data or your own—do let us know!

Cybersecurity & cyberwarfare

2024-08-22 13:42:15

McDonald’s vittima di un attacco hacker su Instagram: sottratti 700.000 $ attraverso una truffa in cripto

L’account Instagram ufficiale di McDonald’s è stato compromesso da hacker che hanno utilizzato la piattaforma per promuovere una criptovaluta, riuscendo a sottrarre oltre 700.000 dollari. Questo evento mette nuovamente in luce i pericoli delle truffe digitali nel settore delle criptovalute e la vulnerabilità anche dei marchi più noti quando si tratta di sicurezza sui social media.

Dettagli dell’attacco

Gli hacker, che si sono identificati come “India_X_Kr3w”, hanno modificato la biografia del profilo Instagram di McDonald’s, visibile ai suoi oltre 5 milioni di follower. La nuova biografia promuoveva un token fasullo chiamato “GRIMACE”, presentato come un esperimento legato alla rete blockchain Solana, nota per l’alta velocità delle sue transazioni. In meno di mezz’ora, il valore del token è balzato a 25 milioni di dollari, per poi crollare bruscamente quando gli hacker hanno liquidato i fondi accumulati.

Il messaggio inserito dai truffatori recitava: “Sorry mah n**ga, you have just been rug pulled by India_X_Kr3w, thank you for the $700,000 in Solana.”

Immagine che mostra la biografia modificata dagli attaccanti

L’attacco non si è fermato al solo account ufficiale di McDonald’s, ma ha colpito anche il profilo di Guillaume Huin, Senior Marketing Director dell’azienda.

Gli hacker hanno sfruttato i suoi account social per conferire maggiore credibilità alla truffa, pubblicando messaggi che facevano credere che McDonald’s fosse coinvolto in un presunto esperimento sulla blockchain di Solana. Questa mossa astuta ha tratto in inganno numerosi investitori, che hanno visto svanire i loro fondi nel giro di pochi minuti, convinti di partecipare a un’iniziativa legittima del colosso del fast food.

Trend Token GRIMAGRACE

Rug pull

Questo tipo di truffa, noto nel mondo delle criptovalute come “rug pull”, si basa sulla creazione e promozione di una valuta digitale fittizia. Gli autori accumulano investimenti significativi grazie a una campagna promozionale aggressiva, per poi ritirare rapidamente i fondi raccolti, lasciando gli investitori con token privi di valore. In questo caso, gli hacker sono riusciti a sottrarre 700.000 dollari, suddividendo i fondi in circa 100 portafogli diversi per complicare il tracciamento del denaro.

Le conseguenze per McDonald’s

McDonald’s ha rapidamente ripreso il controllo del suo account Instagram e ha rimosso tutti i contenuti compromessi. In una dichiarazione ufficiale, la società ha definito l’accaduto un “episodio isolato“, scusandosi con i suoi fan per eventuali offese derivanti dai messaggi pubblicati durante l’attacco. L’azienda ha inoltre ribadito il suo impegno a rafforzare le misure di sicurezza per prevenire futuri incidenti simili.

Questo attacco evidenzia i rischi crescenti associati alle criptovalute e sottolinea l’importanza della sicurezza informatica, anche per le aziende più grandi e consolidate. Con il numero di truffe in aumento nel settore delle criptovalute, è essenziale che utenti e aziende rimangano vigili e adottino misure preventive per proteggere i propri investimenti e la propria reputazione online.

L'articolo McDonald’s vittima di un attacco hacker su Instagram: sottratti 700.000 $ attraverso una truffa in cripto proviene da il blog della sicurezza informatica.

Cybersecurity & cyberwarfare

2024-08-22 14:00:29

Tech in Plain Sight: Speedometers

In a modern car, your speedometer might look analog, but it is almost certainly digital and driven by the computer that has to monitor all sorts of things anyway. But how did they work before your car was a rolling computer complex? The electronic speedometer has been around for well over a century and, when you think about it, qualifies as a technlogical marvel.

If you already know how they work, this isn’t a fair question. But if you don’t, think about this. Your dashboard has a cable running into it. The inner part of the cable spins at some rate, which is related to either the car’s transmission or a wheel sensor. How do you make a needle deflect based on the speed?

Mechanical Solutions

Early versions of the speedometer used a governor pulling against a spring. The faster it rotates, the more the two weights of the governor pull out against the spring, and the needle moves with the weights.

As an aside, this sort of centrifugal governor is also known as a fly-ball governor, and similar devices were commonly used to regulate the maximum throttle on steam engines. The arms of the governor would be fully extended once the engine reached its top speed, which lead to the term “balls-out” becoming used to describe a machine operating at its upper limits.

Another type of mechanical speedometer had an escapement like a watch. The time mechanism would move the needle back, and the rotation of the wheels would move it forward. The net result was a needle position that would increase with speed.

The Magnetic Approach

However, most cars use a magnetic type speedometer — although it doesn’t work in the way you might imagine. There’s no reed relay or Hall effect sensing the magnetic field. Instead, there is an aluminum cup attached to the speedometer needle and, nearby, a magnet that spins on a shaft moving at some ratio of the car’s speed. There’s no direct connection between the two.

Being a non-ferrous metal, aluminum is not generally something we think of being affected by magnets. Under normal circumstances that might be true, but a moving magnetic field will induce eddy currents in aluminum. This forms a field in the aluminum, too, and the spinning magnet tends to drag the cup, thereby deflecting the pointer.

A spring similar to one you might find in a mechanical clock or watch pulls back the pointer so the needle hovers at the point where the force of the magnet pulls against the spring. The pull on the spring has to account for the gear ratios and the size of the tires to accurately reflect the vehicle’s speed.

If you want to see an entertaining teardown of an old speedometer, [Tubalcain/Mr Pete] has you covered in the video below. He also shows how the odometer part worked, too.

youtube.com/embed/DssASTqXqK8?…

Modern Times

Of course, these days you are more likely to pick up a pulse using a Hall effect or some other part of the vehicle and just count the pulses in the car’s computer. In fact, the pulses might be encoded at the source and travel over something like a CAN bus to get to the computer.

It is also possible to pick up speed from other tracking information like GPS, although that might not be as accurate. But if you have, for example, a mobile phone app that shows your speed, that’s probably what it is doing. The obvious way to do that is to take position measurements periodically and then do the math. However, more sophisticated systems can actually measure Doppler shift to get a more accurate reading.

We see a lot of bicycle speedometers for some reason. Eddy currents make induction cooktops work, too. Even tiny ones.

Cybersecurity & cyberwarfare

2024-08-22 13:11:04

Civil society criticises Commissioner Breton’s approach to EU digital rulebook

Civil society groups and academics have criticised European Commissioner Thierry Breton's recent letter to Elon Musk, the owner of the social media platform X, arguing that it misinterprets the Digital Services Act and threatens free expression.

---

euractiv.com/section/platforms…

Cybersecurity & cyberwarfare

2024-08-22 07:58:45

Un bug 0day colpisce Google Chrome e mette a rischio milioni di utenti

Google ha rilasciato aggiornamenti di sicurezza per il suo browser Chrome per risolvere una grave vulnerabilità zeroday che viene attualmente utilizzata attivamente dai criminali informatici in attacchi reali.

Il problema, identificato come CVE-2024-7971, è un bug di type confusion nel motore JavaScript V8 e WebAssembly.

Secondo il National Vulnerability Database del NIST, il problema consente a un utente malintenzionato remoto di provocare il danneggiamento della memoria tramite una pagina HTML appositamente predisposta. L’identificazione del problema e delle sue caratteristiche è stata segnalata dalla divisione Microsoft specializzata in rilevamento delle minacce informatiche il 19 agosto 2024.

Google non ha ancora rivelato dettagli sulla natura degli attacchi o sulle identità di coloro che potrebbero sfruttare questa vulnerabilità.

Questo viene fatto per garantire che la maggior parte degli utenti abbia il tempo di aggiornare il proprio browser prima che le informazioni diventino disponibili pubblicamente. Tuttavia, la dichiarazione dell’azienda conferma che la vulnerabilità viene già sfruttata attivamente.

Il CVE-2024-7971 è stata la terza vulnerabilità di Type Confusion nella versione V8 corretta da Google nel 2024, dopo il CVE-2024-4947 e il CVE-2024-5274. In totale, dall’inizio dell’anno, l’azienda ha risolto nove vulnerabilità zero-day in Chrome, alcune delle quali sono state rilevate durante la competizione di hacking Pwn2Own 2024.

Gli utenti di Chrome su Windows, Linux e macOS sono fortemente incoraggiati ad aggiornare i propri browser alla versione 128.0.6613.84 per proteggersi da potenziali minacce. Anche i proprietari di browser basati su Chromium come Microsoft Edge, Brave, Opera e Vivaldi dovrebbero installare gli aggiornamenti disponibili non appena diventano disponibili.

Di norma, gli aggiornamenti del browser vengono installati automaticamente, ma è una buona idea controllare manualmente la versione corrente del software che stai utilizzando.

Queste misure aiuteranno a ridurre al minimo i rischi associati alla vulnerabilità e a proteggersi da possibili attacchi.

L'articolo Un bug 0day colpisce Google Chrome e mette a rischio milioni di utenti proviene da il blog della sicurezza informatica.

Cybersecurity & cyberwarfare

2024-08-22 10:00:34

Memory corruption vulnerabilities in Suricata and FreeRDP

As a cybersecurity company, before we release our products, we perform penetration tests on them to make sure they are secure. Recently, new versions of KasperskyOS-based products were released, namely Kaspersky Thin Client (KTC) and Kaspersky IoT Secure Gateway (KISG). As part of the pre-release penetration testing, we analyzed two open-source components used in these products, namely Suricata and FreeRDP projects, and discovered several vulnerabilities, which we reported to the developers of the corresponding libraries, as well as sharing the fuzzing tests we used to test FreeRDP.

The community confirmed the reported issues and registered the following CVEs:

• FreeRDP: CVE-2024-32041, CVE-2024-32039, CVE-2024-32040, CVE-2024-32458, CVE-2024-32459, CVE-2024-32460
• Suricata: CVE-2024-32664

Later, using our fuzzing tests, the community found about 10 more vulnerabilities in FreeRDP. All issues were fixed in both open-source projects and in our products prior to the new version releases.

Open-source components in KasperskyOS-based products

KasperskyOS is a microkernel operating system designed to be Cyber Immune. The attack surface is minimized by the built-in security mechanisms, the small size of the microkernel and domain (component) isolation. The latter allows secure implementation of open-source components: even if a particular component contains vulnerabilities, the isolation prevents most of the damage that could be caused by their exploitation.

The KasperskyOS-based products in question are complex, support various protocols and applications and include open-source components that implement some of their functions. As its name suggests, FreeRDP is an open-source implementation of Remote Desktop Protocol. It is used in Kaspersky Thin Client, where it is responsible for remote connection capabilities.

Suricata is a network monitoring, intrusion detection and prevention system developed by the Open Information Security Foundation and the Suricata community. It is widely used and implemented by most public and private organizations. When it comes to KasperskyOS-based products, Suricata is used in KISG, where it is responsible for detecting network attacks. It receives a copy of network traffic, analyzes it according to a set of rules and issues alerts if an attack is detected.

Although component isolation in KasperskyOS ensures the security of our products even if an open-source component contains vulnerabilities, when assessing the security of our products we follow the defense-in-depth approach. The OS design minimizes the attack surface, but it can’t stop cybercriminals and high-profile actors from trying to find a way to penetrate the system. That’s why we test (and, if necessary, fix) all components of our products, including the open-source projects we use.

Penetration testing begins by describing the entire attack surface, which includes all components and all known attack vectors against them.

CVE-2024-32664: out-of-bounds write in Suricata

During our penetration testing activities we found three issues in Suricata. Two of them were considered bad practice, and one was registered as CVE-2024-32664. The vulnerability affects all Suricata versions from 6.0.0 to 6.0.18 and from 7.0.0 to 7.0.4, and is fixed in versions 6.0.19 and 7.0.5. It was initially assessed as being a medium severity issue (CVSS 5.3). However, in the tickets on the Open Information Security Foundation website, the severity was changed to high for versions 7.0.x and to critical for 6.0.x.

The vulnerability resides in Suricata’s base64 decoding function, DecodeBase64, and belongs to the out-of-bounds write type. In a situation where the buffer is full, it is possible to use specially crafted input to trick the function into thinking that there is some space left and writing three more bytes to the buffer. In base64, if the size of the unencoded data is not a multiple of three, a padding is added to the encoded output. It typically equals one or two. The decoding function accepts encoded data as input, which means that the padding is controlled by the attacker. If they provide an encoded string where the padding equals three or four, a memory corruption occurs, leading to a limited buffer overflow, which may result in remote code execution.

Vulnerable code in Suricata:
line 45 – if ‘padding’ is equal to B64_BLOCK(4) or ASCII_BLOCK(3), ‘numDecoded_blk’ will be set to 0;
line 46 – we will pass this check, as ‘dest_size’ is equal to ‘*decoded_bytes’;
line 53 – 3 bytes will be written past the end of buffer ‘dptr’;
line 72 – similar issue.

The issue was patched in Suricata versions 6.0.19 and 7.0.5. For those, who are unable to install these updates, the following recommendations to mitigate the threat were provided by the community:

• Do not load untrusted datasets
• Do not use rules with a ‘base64_decode’ keyword with a ‘bytes’ option with a value of 1, 2 or 5

For the software versions 7.0.x you can also set ‘app-layer.protocols.smtp.mime.body-md5’ to false.

FreeRDP vulnerabilities

The vulnerabilities in FreeRDP were found using a simple FreeRDP fuzzer. They affect all FreeRDP 3.x.x versions prior to 3.5.0 and all FreeRDP 2.x.x versions prior to 2.11.6, where they were fixed.

CVE-2024-32041

This vulnerability resides in the zgfx_decompress_segment function of the ZGFX decoder and is an out-of-bounds read vulnerability. The absence of a necessary check may lead to a situation where a certain number of bytes of data are accessed that shouldn’t be.

This vulnerability may be exploited by a malicious server to gain access to a portion of the client memory. It may be used to bypass address space layout randomization (ASLR) to get the address space layout for a particular process and perform an attack against that process.

Vulnerable code in the ‘zgfx_decompress_segment’ function:
line 48 – the variable ‘count’ is checked to make sure it is not greater than the size of allocated space in the output buffer;
lines 54-55 – the variable ‘count’ is not checked against the size of the decoded array. Hence the out-of-bounds read.

As a workaround for users who cannot install the fixed version of FreeRDP, the community recommends deactivating the “/gfx” connection method, which is on by default, and set “/bpp” or “/rfx” instead.

CVE-2024-32039

This is an integer overflow and out-of-bounds write vulnerability in the clear_decompress_residual_data function in the Clear codec component. The ‘runLengthFactor’ variable is read from the stream, which can be controlled by the attacker. The code performs a sanity check to make sure it is not bigger than the size of the array to be written to. This sanity check contains an error that allows the attacker to bypass it via unsigned integer overflow and write outside the allocated buffer. Exploitation of this vulnerability could lead to remote code execution on the client.

Vulnerable code in the ‘clear_decompress_residual_data’ function:
line 23 – the variable ‘runLengthFactor’ is an unsigned integer (uint32);
line 42 – the variable ‘runLengthFactor’ is read from the stream;
line 47 – due to an unsigned integer overflow, if the ‘runLengthFactor’ value is large enough, the ‘pixelIndex+runLengthFactor’ value approaches zero, and the check is passed;
lines 56-60 – the ‘for’ cycle uses the original ‘runLengthFactor’ value and is written outside ‘dstBuffer’.

As a workaround for the unpatched versions, it is recommended to use “/bpp:32” or “/rfx” instead of the “/gfx” codec that is enabled by default.

CVE-2024-32040

This integer underflow vulnerability affects FreeRDP connections that use the NSC codec responsible for bitmap compression. It resides in the nsc_rle_decode function of this component. The absence of a necessary check may lead to a situation when the size of unprocessed input data is less than 0. As it is an unsigned integer variable, it will become a large positive value in this case. This may lead to an out-of-bounds read of a large amount of data.

Vulnerable code in the nsc_rle_decode function:
lines 45-48 – the variable ‘len’ is read from the attacker-controlled stream;
line 51 – suppose ‘len’ is a large integer and it is less than ‘outSize’, thus we can pass this check;
line 57 – there is no check to ensure that ‘left’ is greater than ‘len’, which may result in an unsigned integer underflow, and the big value of the ‘left’ variable;
line 6 – the big value of the ‘left’ variable passes the check, and the next iteration starts reading outside the memory bounds.

As a workaround in a situation where installing the patched version is impossible, it is recommended not to use the codec in question.

CVE-2024-32458

This is an out-of-bounds read vulnerability in the planar_skip_plane_rle function in the Planar codec component. No checks are implemented for the planes array elements in the function code. As a result, the SrcSize variable may exceed the amount of available data, which may result in an out-of-bounds read. An attacker may attempt to bypass ASLR using this vulnerability.

Vulnerable code in the planar_skip_plane_rle function:
line 13 – no check is performed to ensure the size is no less than the offset to plane. If it is small enough, an unsigned integer underflow occurs;
line 45 – as a result, SrcSize can exceed the amount of available data;
line 52 – out-of-bounds read on this line.

You can find the fix for the vulnerability here. As a workaround for unpatched systems, it is recommended to use “/gfx” or “/rfx” connection methods. Note that the “/gfx” method is enabled by default and it is recommended to disable it to mitigate other vulnerabilities in this list.

CVE-2024-32459

This is an out-of-bounds read vulnerability in ncrush_decompress function of the ncrush codec. If the source data size is small, up to four extra bytes could be read, which could be used to bypass ASLR.

Vulnerable code in the ‘ncrush_decompress’ function:
Line 18 – Out-of-bounds read if SrcSize is less than 4.

There are no workarounds for the unpatched versions of the FreeRDP client.

CVE-2024-32460

This is an out-of-bounds read vulnerability in ExtractRunLengthLiteFgBg function in the Interleaved codec component. It affects FreeRDP clients that use the legacy “GDI” drawing path for transmitting graphics from the remote desktop. This function accepts the pointer to the first element after the allocated buffer and incorrectly handles the ‘buffer_within_range’ helper, causing it to read one byte outside the buffer.

Vulnerable code in the ExtractRunLengthLiteFgBg function:
line 11 – ‘pbEnd’ points to the first byte after the end of buffer;
line 26 – the ‘ExtractRunLength’ function is called with ‘pbEnd’ as the third parameter;
line 51 – the ‘ExtractRunLengthLiteFgBg’ function is called with ‘pbEnd’ as a second parameter;
line 77 – the ‘ExtractRunLengthLiteFgBg’ function checks that there is one byte before the end of the buffer;
line 82 – the code reads one byte outside of the allocated buffer.

You can find the fix for the vulnerability here. The workaround for unpatched systems could be to use more recent settings such as “/gfx” or “/rfx” if the server supports them. Note that some of the other vulnerabilities in this list affect FreeRDP clients that use “/gfx” as the drawing path.

We shared our fuzzing tests with the FreeRDP community, along with information about the vulnerabilities that were found. They ran them against various codecs used in the software and found 10 more vulnerabilities in the following components:

• Clear codec
• Color codec
• Interleaved codec
• NSC codec
• ZGFX codec

Most of these vulnerabilities are out-of-bounds reads that can be used to bypass the ASLR security measure. All of them were fixed in versions 3.5.1 and 2.11.7.

Disclosure timeline

• 28.03.2024 – We shared information about the vulnerabilities with the Suricata community.
• 15.04.2024 – We reported the discovered vulnerabilities to the FreeRDP community.
• 16.04.2024 – FreeRDP fixes issued.
• 20.04.2024 – Fixes issued for the vulnerabilities discovered by the community using our fuzzer.
• 23.04.2024 – Patched Suricata versions issued.

Conclusion

The concept of secure by design applies not only to system architecture, but also to the development process itself. Moreover, by testing and trying all the system components prior to release, we were able to help the community fix a range of issues in two widely used open-source projects. We would like to thank the Suricata and FreeRDP maintainers for their quick response to our reports and prompt release of the patches.

If you use this software, we encourage you to update to the latest versions as soon as possible. At the time of publication, the most up-to-date versions are:

• 6.0.20 and 7.0.6 for Suricata;
• 2.11.7 and 3.7.0 for FreeRDP.

---

securelist.com/suricata-freerd…

Cybersecurity & cyberwarfare

2024-08-22 10:30:18

Digital rights NGO files complaints against European Parliament for data breach

Following a major breach of the European Parliament's recruitment system in April 2024, when sensitive personal information was exposed, Nyob filed two legal complaints for alleged data protection law violations on Thursday (22 August), against the EU institute.

---

euractiv.com/section/cybersecu…

Cybersecurity & cyberwarfare

2024-08-22 07:18:08

L’avvelenamento dei motori di ricerca: Una minaccia sottovalutata e sempre più sofisticata

Nel vasto ecosistema digitale, i motori di ricerca fungono da porte d’accesso principali per miliardi di utenti che cercano informazioni. Tuttavia, dietro la loro apparente neutralità, si cela una minaccia crescente e sempre più sofisticata: il Search Engine Poisoning (SEP).

Questa tecnica consente agli attaccanti di manipolare i risultati dei motori di ricerca, portando contenuti dannosi, come siti di phishing o malware, ai primi posti delle ricerche, con il rischio di compromettere gravemente la sicurezza degli utenti.

Meccanismi di avvelenamento

Gli attori malintenzionati utilizzano diverse tecniche per manipolare gli algoritmi di ranking e sfruttare le tecniche di ottimizzazione dei motori di ricerca (SEO) a proprio vantaggio. Ecco i principali:

• Keyword Stuffing: Gli attaccanti inseriscono in modo eccessivo e innaturale parole chiave rilevanti all’interno di un contenuto, manipolando l’algoritmo per ottenere un miglior posizionamento. Spesso, dietro a queste parole chiave si nascondono collegamenti a siti dannosi. Nonostante le contromisure adottate dai motori di ricerca, come Google, gli attori malevoli continuano a innovare, ad esempio mascherando il keyword stuffing con testo nascosto o l’uso di sinonimi.
• Link Farming: Questa tecnica prevede la creazione di una rete di siti interconnessi, progettati esclusivamente per aumentare l’autorità percepita di un sito malevolo. Anche se i motori di ricerca hanno sviluppato algoritmi per identificare e penalizzare i link farm, gli attaccanti continuano a creare reti più complesse e sofisticate, rendendole sempre più difficili da rilevare.
• Cloaking: Una delle tecniche più insidiose, il cloaking, consiste nel presentare una versione “pulita” della pagina web agli spider dei motori di ricerca, mentre gli utenti vengono reindirizzati a una pagina malevola. Questo sfrutta la fiducia implicita nei risultati di ricerca e può essere estremamente difficile da individuare, poiché la pagina malevola è visibile solo a un segmento selezionato di utenti.
• Compromissione di siti legittimi: Gli attaccanti sfruttano vulnerabilità nei sistemi di gestione dei contenuti (CMS) o in altre infrastrutture di sicurezza per iniettare codice dannoso in siti web già ben posizionati. Questo tipo di attacco è particolarmente pericoloso, poiché sfrutta la fiducia costruita nel tempo dal sito compromesso per ingannare sia gli utenti che i motori di ricerca.

Evoluzione delle tecniche di attacco

Negli ultimi anni, gli attacchi di avvelenamento dei motori di ricerca hanno subito un’evoluzione significativa. Ad esempio, il malware BatLoader rappresenta un caso recente in cui tecniche avanzate di SEO poisoning vengono utilizzate per infiltrarsi nei sistemi aziendali.

Creando siti compromessi che appaiono tra i primi risultati di ricerca per software popolari, gli attaccanti riescono a indurre gli utenti a scaricare malware sotto mentite spoglie di programmi legittimi come Zoom o TeamViewer.

Da quando sono emersi i primi segnali di questa tecnica, i criminali hanno continuamente affinato le loro strategie, rendendo gli attacchi più efficaci e furtivi.

Le campagne del 2023 e del 2024 hanno dimostrato come questi attacchi non siano più confinati a settori specifici, ma possano colpire un’ampia gamma di industrie, evidenziando l’adattabilità e la pericolosità crescente di queste minacce.

Implicazioni per la sicurezza

Le conseguenze dell’avvelenamento dei motori di ricerca sono devastanti e includono:

• Phishing e Truffe: Gli utenti possono essere indotti a fornire informazioni sensibili su siti malevoli apparsi tra i primi risultati di ricerca.
• Diffusione di Malware: I siti compromessi possono diffondere malware, compromettendo la sicurezza dei dispositivi e dei dati sensibili degli utenti.
• Disinformazione: Il SEP può anche essere sfruttato per diffondere informazioni false, manipolando così l’opinione pubblica.
• Danno alla reputazione: Le aziende potrebbero vedere il proprio nome associato a contenuti malevoli, con gravi ripercussioni sulla loro reputazione.

Difendersi dall’avvelenamento dei motori di ricerca

Per proteggersi da queste minacce è necessario adottare una strategia preventiva:

• Educazione e Consapevolezza: È fondamentale formare gli utenti a riconoscere i segnali di un sito sospetto e a verificare sempre l’URL prima di inserire informazioni sensibili.
• Monitoraggio continuo: Le aziende devono monitorare costantemente il loro posizionamento nei motori di ricerca e reagire rapidamente a eventuali anomalie.
• Collaborazione con i motori di ricerca: Segnalare prontamente contenuti dannosi e richiedere la rimozione di risultati manipolati è essenziale per mantenere un ambiente sicuro.
• Sicurezza SEO: Implementare pratiche SEO sicure può aiutare a prevenire la compromissione del sito e a mantenere un posizionamento affidabile e sicuro.
• Software Anti-Malware: L’installazione di software anti-malware è una difesa indispensabile per prevenire l’accesso a siti malevoli.

Conclusione

L’avvelenamento dei motori di ricerca rappresenta una minaccia sempre più sofisticata che sfrutta la fiducia degli utenti nei risultati di ricerca per diffondere contenuti malevoli. Nel contesto attuale, con l’evoluzione costante delle tecniche utilizzate dagli attaccanti, è cruciale che sia le aziende che gli utenti finali adottino misure preventive per proteggersi e mantenere l’integrità del mondo digitale. Restare aggiornati sulle nuove minacce e implementare una sicurezza multilivello sono passi essenziali per difendersi efficacemente da questi attacchi insidiosi.

Il futuro della sicurezza digitale richiede una vigilanza costante e una collaborazione attiva tra utenti, aziende e provider di motori di ricerca per contrastare queste minacce sempre più pervasive.

L'articolo L’avvelenamento dei motori di ricerca: Una minaccia sottovalutata e sempre più sofisticata proviene da il blog della sicurezza informatica.

Cybersecurity & cyberwarfare

2024-08-22 11:35:13

Cisco Contraria alla Convenzione Internazionale sul Cybercrime dell’ONU

Cisco ha espresso preoccupazione per la bozza della convenzione internazionale sulla criminalità informatica delle Nazioni Unite, affermando che il documento deve essere migliorato prima di essere messo ai voti.

Il Trattato Globale sulla criminalità informatica è stato proposto dalla Russia nel 2017, il suo obiettivo principale è quello di sviluppare standard globali relativi al problema dei crimini informatici transnazionali.

Da quando sono iniziati i lavori sul trattato nel 2019, la comunità internazionale non ha raggiunto un consenso sulle sue necessità e sui suoi obiettivi. Nonostante tutti i dubbi, l’accordo è stato adottato dopo 3 anni di negoziati, conclusisi con una sessione di due settimane.

Tuttavia, organizzazioni per i diritti umani come Human Rights Watch (HRW) e Electronic Frontier Foundation ( EFF ) hanno criticato il Trattato per essere eccessivamente ampio nel linguaggio e potrebbe essere utilizzato per perseguitare i cittadini che esprimono opinioni discutibili.

Preoccupante è anche la clausola sulla privacy, che consente agli Stati di richiedere dati ai fornitori senza informare i cittadini.

Anche l’organizzazione britannica per i diritti umani Article 19 teme che un linguaggio così vago possa ostacolare la ricerca legittima sulla sicurezza informatica, poiché i professionisti potrebbero temere di essere perseguiti.

Eric Wenger, direttore senior delle politiche tecnologiche di Cisco, ha fatto eco a queste preoccupazioni, affermando che la convenzione, piuttosto che concentrarsi su specifici crimini informatici, mira a frenare in modo più ampio l’uso delle reti di computer per diffondere informazioni indesiderate. Secondo Wenger ciò è contrario ai principi della libertà di parola e richiede modifiche.

Cisco non è contraria alla creazione di una convenzione internazionale sulla criminalità informatica, ma ritiene che dovrebbe proteggere i diritti umani e lo stato di diritto. Nella sua forma attuale, il documento, secondo la società, non fornisce una tutela sufficiente a tali principi.

L'articolo Cisco Contraria alla Convenzione Internazionale sul Cybercrime dell’ONU proviene da il blog della sicurezza informatica.

Cybersecurity & cyberwarfare

2024-08-22 11:00:50

Running Stock MS-DOS on a Modern ThinkPad

It might seem like the days of MS-DOS were a lifetime ago because…well, they basically were. Version 6.22 of the venerable operating system, the last standalone release, came out back in 1994. That makes even the most recent version officially 30 years old. A lot has changed in the computing world since that time, so naturally trying to run such an ancient OS on even a half-way modern machine would be a waste of time. Right?

As it turns out, getting MS-DOS 6.22 running on a modern computer isn’t nearly as hard as you’d think. In fact, it works pretty much perfectly. Assuming, that is, you pick the right machine. [Yeo Kheng Meng] recently wrote in to share his experiments with running the final DOS release on his Intel-powered ThinkPad X13 from 2020, and the results are surprising to say the least.

To be clear, we’re not talking about some patched version of DOS here. There’s no emulator at work either. Granted [Yeo] did embrace a few modern conveniences, such as using a USB floppy drive emulator to load the disk images instead of fiddling with actual floppies, and installing DOS onto an external drive so as not to clobber his actual OS on the internal NVME drive. But other than that, the installation of DOS on the ThinkPad went along just as it would have in the 1990s.

IBM’s 1984 luggable running the same OS as a modern ThinkPad
It’s impressive enough that MS-DOS can still be installed on such a modern machine. But what’s really surprising is how well it all works. [Yeo] reports that the bulk of the ThinkPad’s hardware worked as expected, although he did have to pull in some modern open source drivers such as SBEMU, which makes DOS think the laptop’s Intel HD audio chip is an old school Sound Blaster card. He was even able to get several different Thunderbolt-connected Gigabit Ethernet adapters working.

Not all of the DOS benchmark tools [Yeo] tried on the machine would actually run, but as you might imagine, the ones that did reported some fairly spectacular results. After all, a machine with specs like this would have been the stuff of science fiction when those tools were written.

So how is this all possible? [Yeo] notes that this is one of the final Lenovo laptops to support “Legacy BIOS” mode, as everything after this point is pure UEFI. This particular machine also features a “Thunderbolt BIOS Assist Mode” which makes connected devices seem like standard PCI cards.

In the end, the experiment shows that Intel and Lenovo have done an incredible job of maintaining backwards compatibility with their respective hardware. While it seems like this is the end of the road for your average consumer computer due to issues such as the UEFI switch over, don’t worry. You’ll still be able to scratch that retro itch with the right hardware.

youtube.com/embed/-mTmZqoNeFA?…

Cybersecurity & cyberwarfare

2024-08-22 07:30:27

Quilin colpisce Promises2Kids. La Noprofit a sostegno dei bambini Abusati e Abbandonati

Recentemente Promises2Kids, un’organizzazione no-profit che si occupa di sostegno ai bambini a San Diego, California, USA, è stata vittima di un attacco da parte del gruppo di hacker Qilin.

Gli hacker hanno affermato di aver ottenuto l’accesso alle informazioni riservate dell’organizzazione minacciando di renderle pubbliche a meno che non fosse stato pagato un riscatto.

Il gruppo Qilin, è noto per i suoi attacchi a varie organizzazioni, tra cui istituzioni mediche e grandi aziende. In questo caso è stata utilizzata una doppia strategia di estorsione, in cui oltre a crittografare i dati, gli hacker minacciano di pubblicare le informazioni rubate, il che aumenta notevolmente la pressione sulla vittima.

Qilin opera secondo un modello ransomware-as-a-service ( RaaS ), assumendo terze parti per distribuire malware e condividendo con loro il riscatto.

Gli aggressori probabilmente hanno utilizzato tecniche di phishing per compromettere inizialmente il sistema, quindi hanno utilizzato spyware per monitorare e controllare i dispositivi infetti.

L’attacco a Promises2Kids è particolarmente cinico dato che l’organizzazione è impegnata ad aiutare i bambini che hanno subito abusi e abbandono. Ciò provoca indignazione pubblica e mette in luce l’immoralità dei criminali informatici che prendono di mira obiettivi così vulnerabili.

La direzione di Promises2Kids ha già cercato l’assistenza di specialisti di sicurezza informatica e sta collaborando con le forze dell’ordine per indagare sull’incidente. Allo stesso tempo l’organizzazione ha cercato di minimizzare le conseguenze dell’attacco, ma non è ancora chiaro se sia riuscita a impedire una fuga di dati.

Oltre all’attacco a Promises2Kids, i rappresentanti di Qilin hanno annunciato l’attacco ad altre quattro organizzazioni. Tra loro:

• Hiesmayr Haustechnik è un’azienda austriaca di ingegneria e idraulica che fornisce soluzioni complete per la costruzione e la ristrutturazione di edifici.
• Il Central College Jounieh è un istituto scolastico in Libano che offre una vasta gamma di programmi educativi per studenti di varie età.
• ON365 Ltd è una società britannica specializzata nella fornitura di servizi IT, inclusa la gestione e il supporto delle infrastrutture dei data center.
• Il comune di Jaboatao dos Guararapes è un comune del Brasile che gestisce i servizi pubblici e amministrativi locali per i residenti della regione.

Questi attacchi indicano le azioni mirate di Qilin contro organizzazioni di vario profilo in tutto il mondo, il che conferma le loro ambizioni globali e gli attacchi indiscriminati.

L'articolo Quilin colpisce Promises2Kids. La Noprofit a sostegno dei bambini Abusati e Abbandonati proviene da il blog della sicurezza informatica.

Cybersecurity & cyberwarfare

2024-08-22 10:14:11

Alibaba presenta mPLUG-Owl3. Il modello che può analizzare 400 immagini al secondo su una sola A100

Gli ingegneri dell’azienda cinese Alibaba hanno presentato un nuovo modello di apprendimento automatico multimodale chiamato mPLUG-Owl3. Questo modello è in grado di analizzare in modo efficiente testo, immagini e video.

Gli sviluppatori prestano particolare attenzione alla velocità della rete neurale, sostenendo che bastano solo quattro secondi per elaborare un video di due ore.

mPLUG-Owl3 si basa sul modello Qwen2, che è stato notevolmente migliorato e ottimizzato. Grazie a queste modifiche, il tempo di attesa per il primo token è stato ridotto di sei volte e una singola scheda grafica A100 ora può elaborare fino a 400 immagini al secondo.

Il modello utilizza anche uno speciale blocco HATB (Hyper Attention Transformer), che integra funzionalità visive e testuali, consentendo, ad esempio, di cercare immagini visive in base a query testuali.

Il codice del progetto è aperto e pubblicato su GitHub. Inoltre, gli sviluppatori hanno fornito tutto il materiale necessario per lavorare sulle piattaforme Hugging Face e sull’analogo cinese Model Scope.

Il testo completo dello studio descrive in dettaglio lo sviluppo e il funzionamento del modello mPLUG-Owl3.

L'articolo Alibaba presenta mPLUG-Owl3. Il modello che può analizzare 400 immagini al secondo su una sola A100 proviene da il blog della sicurezza informatica.

Cybersecurity & cyberwarfare

2024-08-22 08:00:27

Happy Birthday to Dad, Retrocomputer Style

For those of us who lived through the early 8-bit computing revolution — the tail end, in our case — it’s hard to believe that there’s a second wave of retrocomputing nostalgia underway. But as this bit-banged TRS-80 birthday bonus pack shows, the first generation did a pretty good job passing the retro torch.

With his father’s 70th birthday coming up and full of “borrowed nostalgia” for the good old days, [Josh Sucher] scored a TRS-80 off eBay and experimented with what could be possible. After 50-odd years, the machine needed a bit of TLC, including a new power supply, some keyboard repairs, and the usual recapping. He also had to soup the machine up a bit, given that its original capabilities were so limited.

Chief among these mods was a rudimentary IP stack thanks to a TRS-IO card, which emulates a lot of functionality of the original TRS-80 Expansion Module and adds an ESP-32 for WiFi capability. This allowed [Josh] to get a neat “Dadbot” chatbot going on the machine, using years of his dad’s text messages to train the model. There’s also a game of Go, an RPG based on his parents’ lives, and a local news and weather app. Most impressive, though, is the bit-banged audio app that uses the TRS-80’s cassette interface to play a passable rendition of “Happy Birthday to You.” The video below has the full demo.

It’s clear that this lengthy project was a labor of love, and we approve of the results. It’s been a long, long time since we first caught wind of the TRS-80 through the Radio Shack catalog, and projects like this make us feel like scratching up one for ourselves to play with.

youtube.com/embed/6Zfq0jq078Y?…

[via Hacker News]

Cybersecurity & cyberwarfare

2024-08-22 05:00:56

Tiny ’90s Laptop Gets Modern Power

The laptop to have here in the 2020s varies depending on who you ask, perhaps a Framework, or maybe a ThinkPad. Back in the 1990s the answer might have included a now-forgotten contender, because in that decade Toshiba made a range of legendarily tough chunky grey machines. Of these the smallest was the Libretto, a paperback book sized clamshell design which was an object of desire. It’s one of these that [Robert’s Retro] has upgraded to use USB-C power instead of the original power brick.

The full video is below the break, and while it first deals with replacing a defective screen, the power part starts just before 22 minutes in. As you’d expect it involves a USP-C PD trigger board, this time at 15 volts. It’s mounted in a small 3D printed adapter to fill the space of the original jack, and requires a tiny notch be removed from the corner of its PCB to fit round the motherboard. The rest of the video deals with reassembling the machine and tending to mishaps with the ageing plastic, but the result is a Libretto with a modern charging port.

Naturally a machine with a Pentium CPU and 32 megabytes of RAM is in of limited use in modern terms, but these Librettos remain very well-designed tiny PCs to this day. It’s great to see them still being modified and upgraded, even if perhaps there’s a limit to how far you can push their computing power. We’ve encountered the Libretto before a few times, such as when one was used to retrieve data from an old Flash card.

youtube.com/embed/gvtn3RK98DY?…

Cybersecurity & cyberwarfare

2024-08-22 02:00:52

The First Mass Produced DRAM of the Soviet Union

KE565RU1A (1985) in comparison with the analogue from AMD (1980)
Although the benefits of semiconductor technology were undeniable during the second half the 20th century, there was a clear divide between the two sides of the Iron Curtain. Whilst the First World had access to top-of-the-line semiconductor foundries and engineers, the Second World was having to get by with scraps. Unable to keep up with the frantic pace of the USA’s developments in particular, the USSR saw itself reduced to copying Western designs and smuggling in machinery where possible. A good example of this is the USSR’s first mass-produced dynamic RAM (DRAM), the 565RU1, as detailed by [The CPUShack Museum].

While the West’s first commercially mass-produced DRAM began in 1970 with the Intel 1103 (1024 x 1) with its three-transistor design, the 565RU1 was developed in 1975, with engineering samples produced until the autumn of 1977. This DRAM chip featured a three-transistor design, with a 4096 x 1 layout and characteristics reminiscent of Western DRAM ICs like the Ti TMS4060. It was produced at a range of microelectronics enterprises in the USSR. These included Angstrem, Mezon (Moldova), Alpha (Latvia) and Exciton (Moscow).

Of course, by the second half of the 1970s the West had already moved on to single-transistor, more efficient DRAM designs. Although the 565RU1 was never known for being that great, it was nevertheless used throughout the USSR and Second World. One example of this is a 1985 article (page 2) by [V. Ye. Beloshevskiy], the Electronics Department Chief of the Belorussian Railroad Computer Center in which the unreliability of the 565RU1 ICs are described, and ways to add redundancy to the (YeS1035) computing systems.

Top image: 565RU1 die manufactured in 1981.

Cybersecurity & cyberwarfare

2024-08-22 05:00:04

Navigating Compliance: How innovation can thrive under the AI Act [Promoted content]

The AI Act’s entry into force ignites a conversation on its compliance costs. The Act promotes trustworthy AI adoption while tackling low uptake. Initiatives as EDIHs, TEFs, and sandboxes can help, however, a coordinated, sustainable, and future-proof strategy is needed.

---

euractiv.com/section/digital/o…

Cybersecurity & cyberwarfare

2024-08-21 23:00:44

Farewell Magnetic Stripe

For decades, the magnetic stripe has been ubiquitous on everything from credit cards to tickets to ID badges. But the BBC reports — unsurprisingly — that the mag stripe’s days are numbered. Between smartphones, QR codes, and RFID, there’s just less demand for the venerable technology.

IBM invented the stripe back in the early 1960s. The engineer responsible, [Forrest Parry], was also involved in developing the UPC code. While working on a secure ID for the CIA, his wife suggested using an iron to melt a strip of magnetic tape onto the card. The rest is history.

The new technology rapidly took over, and by 1969, in the United States, there was a standard that has remained largely unchanged. The BBC post notes that a card reader in 1970 could read a credit card out of your pocket today if it still had a magnetic stripe. Infamously, IBM’s CEO at the time was not a fan, reportedly because “Mom doesn’t like credit cards.”

So, while you’ll still find mag stripes on a few cards here and there, in a few years, they’ll probably vanish completely. Don’t worry! You can still make your own. Don’t have a reader? Grab a flatbed scanner.

Cybersecurity & cyberwarfare

2024-08-21 20:00:20

Atari Announces the Atari 7800+ Nostalgia Console

Following the trend of re-releasing every single game console as some kind of modern re-imagining or merely an ARM-SBC-with-emulator slapped into a nice looking enclosure, we now got the announcement from Atari that they will soon be releasing the Atari 7800+.

It’s now up for pre-order for a cool $130 USD or a mega bundle with wired controllers for $170 and shipping by Winter 2024. Rather than it being a cute-but-non-functional facsimile like recent miniature Nintendo and Commodore-themed releases, this particular console is 80% of the size of the original 7800 console, and accepts 2600 and 7800 cartridges, including a range of newly released cartridges.

On the outside you find the cartridge slot, an HDMI video/audio output, a USB-C port (for power) and DE-9 (incorrectly listed as DB-9) controller ports, with wireless controllers also being an option. Inside you find a (2014-vintage) Rockchip RK3128 SoC with a quad core Cortex-A7 that runs presumably some flavor of Linux with the Stella 2600 emulator and ProSystem 7800 emulator. This very likely means that compatibility with 2600 and 7800 titles is the same as for these emulators.

Bundled with the console is a new 7800 cartridge for the game Bentley Bear’s Crystal Quest, and a number of other new games are also up for pre-order at the Atari site. These games are claimed to be compatible with original Atari consoles, which might make it the biggest game release year for the 7800 since its launch, as it only had 59 official games released for it.

Given the backwards compatibility of this new system, you have to wonder how folks who purchased the 2600+ last year are feeling right about now. Then again, the iconic faux-wood trim of the earlier console might be worth the price of admission alone.

Cybersecurity & cyberwarfare

2024-08-21 20:22:00

Xeon Sender: uno strumento Cloud per SMS Bombing disponibile a tutti

Negli ultimi mesi, i ricercatori di sicurezza informatica hanno scoperto l’uso attivo di un nuovo strumento di attacco cloud chiamato Xeon Sender. Questo strumento viene utilizzato dagli aggressori per condurre campagne di phishing e spam tramite SMS, sfruttando servizi legittimi.

Secondo il ricercatore di SentinelOne Alex Delamotte, Xeon Sender consente di inviare messaggi attraverso vari servizi SaaS (software-as-a-service) utilizzando credenziali valide. Tra questi servizi ci sono Amazon SNS, Nexmo, Plivo, Twilio e altri.

Un aspetto importante è che Xeon Sender non sfrutta le vulnerabilità dei provider stessi. Gli aggressori utilizzano invece API legittime per inviare messaggi di spam in blocco. Tali strumenti sono recentemente diventati sempre più popolari tra i criminali informatici per l’invio di messaggi di phishing al fine di rubare informazioni riservate.

Xeon Sender è distribuito tramite Telegram e vari forum dedicati all’hacking del software. L’ultima versione dello strumento, disponibile per il download come archivio ZIP, si collega al canale Telegram “Orion Toolxhub“, creato nel febbraio 2023. Questo canale distribuisce attivamente anche altri malware, come strumenti per attacchi di forza bruta e scansione di siti Web.

Xeon Sender, noto anche come XeonV5 e SVG Sender, è stato scoperto per la prima volta nel 2022. Da allora, le sue funzionalità sono state costantemente ampliate e sono state utilizzate da diversi gruppi di aggressori. È interessante notare che una versione di questo strumento è ospitata su un server web con un’interfaccia grafica, che lo rende accessibile anche agli utenti con competenze tecniche minime.

Nel database, lo strumento fornisce una riga di comando per interagire con l’API dei servizi selezionati, che consente di organizzare massicci attacchi SMS. Ciò presuppone che gli aggressori dispongano già delle chiavi API necessarie per accedere ai servizi. Le richieste includono l’ID del mittente, il contenuto del messaggio e i numeri di telefono presi da un elenco impostato.

Inoltre, Xeon Sender include funzioni per la verifica delle credenziali per i servizi Nexmo e Twilio, la generazione di numeri di telefono in base ai codici paese e regione specificati e il controllo della validità dei numeri specificati.

Sebbene il codice del programma contenga molte variabili ambigue che rendono difficile il debug, i ricercatori notano che l’utilizzo di librerie specifiche per creare query crea ulteriori difficoltà nel rilevarle.

Per proteggersi da tali minacce, gli esperti raccomandano alle organizzazioni di monitorare l’attività relativa ai cambiamenti nelle impostazioni di invio degli SMS e ai cambiamenti anomali negli elenchi dei destinatari, come i caricamenti collettivi di nuovi numeri.

L'articolo Xeon Sender: uno strumento Cloud per SMS Bombing disponibile a tutti proviene da il blog della sicurezza informatica.

Cybersecurity & cyberwarfare

2024-08-21 18:30:52

FLOSS Weekly Episode 797: Coreutils — Don’t rm -r Up the Tree

This week Jonathan Bennett and Dan Lynch chat with Pádraig Brady about Coreutils! It’s been around since the 90s, and is still a healthy project under active development. You’ve almost certainly used these tools whether you realize it or not! What’s the relationship with the other coreutils implementations? And why is GNU Coreutils the most cautious of them all?

• pixelbeat.org/contact.html
• pixelbeat.org/docs/coreutils-t…
• pixelbeat.org/docs/coreutils-g…
• pixelbeat.org/programming/avoi…
• gnu.org/software/coreutils/rej…
• gnu.org/software/coreutils/quo…
• pixelbeat.org/docs/coreutils_i…

youtube.com/embed/IK4OgiFQut8?…

Did you know you can watch the live recording of the show Right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.

play.libsyn.com/embed/episode/…

Direct Download in DRM-free MP3.

If you’d rather read along, here’s the transcript for this week’s episode.

Places to follow the FLOSS Weekly Podcast:

• Spotify
• RSS

Cybersecurity & cyberwarfare

2024-08-21 19:14:41

WhatsApp sempre più simile a Telegram. Nickname e PIN in arrivo

WhatsApp continua a migliorare la sua applicazione, aggiungendo nuove funzionalità che rendono la comunicazione più comoda e sicura. Nell’ultimo aggiornamento beta per Android (versione 2.24.18.2), reso disponibile tramite il programma Beta di Google Play, l’azienda ha annunciato lo sviluppo di una funzionalità per la creazione di un nome utente univoco con supporto per codice PIN.

Il nome utente ti consentirà di scegliere un soprannome univoco per i tuoi account WhatsApp. L’utilizzo di un nickname anziché di un numero di telefono offrirà agli utenti un maggiore controllo sulla propria privacy e la possibilità di nascondere il proprio numero ai nuovi contatti.

Anche in questa build c’è la possibilità di impostare un codice PIN per un nickname. Servirà come ulteriore livello di protezione: prima di iniziare un dialogo, gli utenti non familiari dovranno inserire questo codice. Tuttavia, per i contatti con cui hai già corrispondenza, non sarà necessario utilizzare un codice PIN.

La pagina di configurazione del codice PIN verrà visualizzata dopo che l’utente ha selezionato un nickname. Il codice deve essere lungo almeno 4 cifre e non può essere uguale al codice di autenticazione a due fattori.

Vale la pena notare che le funzioni nickname e codice PIN sono ancora in fase di sviluppo e non sono disponibili per i beta tester. Non è noto quando appariranno nella versione ufficiale del messenger.

Presumibilmente WhatsApp sta lavorando anche ad un’opzione per bloccare i messaggi provenienti da contatti sconosciuti. Ma i dettagli su queste funzioni non sono ancora stati resi noti.

L'articolo WhatsApp sempre più simile a Telegram. Nickname e PIN in arrivo proviene da il blog della sicurezza informatica.