Due documentaristi kenioti sono stati posti sotto sorveglianza dai servizi di sicurezza per il loro lavoro su un film sulle proteste giovanili. I ricercatori di informatica forense affermano che i loro telefoni sono stati infettati dallo spyware FlexiSPY mentre erano sotto custodia della polizia.

Brian Adagala e Nicholas Wambugu sono stati arrestati il 2 maggio con l’accusa di aver diffuso false informazioni, ma sono stati rilasciati il giorno successivo. Tuttavia, i loro dispositivi mobili sono rimasti in possesso delle autorità e sono stati restituiti solo il 10 luglio. Secondo l’avvocato Jan Mutiso, è stato durante questo periodo che il programma di sorveglianza è stato installato sui dispositivi.

L’analisi è stata condotta dagli specialisti di Citizen Lab, che hanno confermato l’infezione. Si sottolinea che FlexiSPY è disponibile sul mercato commerciale ed è più facile da rilevare rispetto ai costosi strumenti utilizzati dagli stati. Tuttavia, il programma è paragonabile in termini di capacità: può intercettare chiamate, tracciare la posizione, attivare un microfono per intercettazioni, copiare foto, e-mail e corrispondenza.

Gli sviluppatori di FlexiSPY lo pubblicizzano come uno strumento che consente a genitori e datori di lavoro di “sapere tutto” sulle attività del proprietario di un dispositivo. Tuttavia, lo stesso prodotto è già stato oggetto di importanti indagini. In particolare, è stato tramite FlexiSPY che il narcotrafficante messicano Joaquin Guzman, noto come El Chapo, ha spiato le sue fidanzate, e la corrispondenza tramite l’app ha successivamente aiutato l’FBI a costruire un caso contro di lui.

Adagala e Wambugu non sono mai stati accusati di alcun reato, ma avvocati e attivisti per i diritti umani considerano il loro arresto e la successiva interferenza con i loro dispositivi personali come una pressione sulla libertà di parola. Il loro film, “The People Shall”, racconta la lotta dei giovani kenioti per un cambiamento democratico, che chiaramente non è piaciuta alle autorità, in un contesto di crescente controllo sull’opposizione e sulle proteste.

L’ambasciata keniota ha rifiutato di commentare immediatamente le conclusioni degli esperti. Nel frattempo, gli stessi registi definiscono assurdo quanto sta accadendo: lo Stato, affermano, sta utilizzando strumenti che in precedenza erano usati dai boss criminali, solo che ora li sta usando contro giornalisti e registi.

L'articolo Allarme FlexiSPY: l’app spia facile da usare può intercettare tutto, anche El Chapo proviene da il blog della sicurezza informatica.

Although computers are overwhelmingly digital today, there’s a good point to be made that analog computers are the more efficient approach for specific applications. The authors behind a recent paper in Nature are arguing that inference – essential for LLMs – can be done significantly more efficiently using an analog optical computer (AOC).

As the authors describe it, the function of this AOC is to perform a fixed-point search using only optical and analog electronic components. The optics handle the matrix-vector multiplications, while the analog components handle the non-linear operations, subtractions and annealing. This is performed in 20 ns cycles until noise has been reduced to an acceptable level, considering the analog nature of the computer. A big advantage here is that no analog-digital conversions are required as with other (digital) hybrid systems.

So far a small-scale AOC has been constructed for tasks like image classification and non-linear regression tasks, with the authors claiming the AOC being over a hundred times more efficient than current GPU-derived vector processors.

hackaday.com/2025/09/11/analog…

The legendary 6502 microprocessor recently turned 50 years old, and to celebrate this venerable chip which brought affordable computing and video gaming to the masses [AndersBNielsen] decided to put one to work doing something well outside its comfort zone. Called the PhaseLoom, this project uses a few other components to bring the world of software-defined radio (SDR) to this antique platform.

The PhaseLoom is built around an Si5351 clock generator chip, which is configurable over I2C. This chip is what creates the phase-locked loop (PLL) for the radio. The rest of the components, including antenna connectors and various filters, are in an Arduino-compatible form factor that let it work as a shield or hat for the 65uino platform, an Arduino-form-factor 6502 board. The current version [Anders] has been working on is dialed in to the 40-meter ham band, with some buttons on the PCB that allow the user to tune around within that band. He reports that it’s a little bit rough around the edges and somewhat noisy, but the fact that the 6502 is working as an SDR at all is impressive on its own.

For those looking to build their own, all of the schematics and code are available on the project’s GitHub page. [Anders] has some future improvements in the pipe for this project as well, noting that with slightly better filters and improved software even more SDR goodness can be squeezed out of this microprocessor. If you’re looking to experiment with SDR using something a little bit more modern, though, this 10-band multi-mode SDR based on the Teensy microcontroller gets a lot done without breaking the bank.

hackaday.com/2025/09/11/6502-p…

One of the biggest downsides of installing solar panels on a rooftop is that maintenance of the actual roof structure becomes much more difficult with solar panels in the way. But for many people who don’t have huge tracts of land, a roof is wasted space where something useful could otherwise go. [Mihai] had the idea of simply eliminating traditional roofing materials altogether and made half of this roof out of solar panels directly, with the other half being put to use as a garden.

Normally solar panels are installed on top of a roof, whether it’s metal or asphalt shingles or some other material, allowing the roof to perform its normal job of keeping weather out of the house while the solar panels can focus on energy generation. In this roof [Mihai] skips this step, having the solar panels pull double duty as roof material and energy generation. In a way this simplifies things; there’s less to maintain and presumably any problems with the roof can be solved by swapping out panels. But we would also presume that waterproofing it might be marginally more difficult.

On the antisolar side of the roof, however, [Mihai] foregoes the solar panels in favor of a system that can hold soil for small garden plants. Putting solar panels on this side of the roof wouldn’t generate as much energy but the area can still be useful as a garden. Of course we’d advise caution when working on a garden at height, but at least for the solar panels you can save some trips up a ladder for maintenance by using something like this robotic solar panel scrubber.

youtube.com/embed/yZRalp4EQG4?…

hackaday.com/2025/09/11/multi-…

Over the years we’ve been entertained by an array of musical projects from [Look Mum No Computer], and his latest is no exception. It’s a tape delay, loop generator, and synth all in one. Confused? That’s what you get if you position a load of tape heads around a rotating disk with magnetic tape on its perimeter.

Taking a circular piece of inch-thick Perspex, he wraps a length of one inch tape round its perimeter. This is placed as though it were a turntable on a stepper motor with variable speed, and the tape heads are positioned around its edge. Each read head feeds its own preamp which in turn drives a mixer array, and there’s also a record head and an erase head. If you’ve ever played with tape loops you’ll immediately understand the potential for feedback and sequence generation to make interesting sounds. There’s a lot of nuance to the build, in designing the mount for the motor to stop the enclosure flexing, in using a gearbox for increased torque, and in balancing the disk.

The result is as much an effect as it is an instrument in its own right, particularly in its prototype phase when the read head was movable. We’re treated to a demo/performance, and we look forward to perhaps seeing this in person at some point. There’s a future video promised in which a fix should come for a click caused by the erase circuitry, and he’ll male a more compact enclosure for it.

youtube.com/embed/0QbylUT7fos?…

hackaday.com/2025/09/11/round-…

The International Space Station has been in orbit around the Earth, at least in some form, since November of 1998 — but not without help. In the vacuum of space, an object in orbit can generally be counted on to remain zipping around more or less forever, but the Station is low enough to experience a bit of atmospheric drag. It isn’t much, but it saps enough velocity from the Station that without regular “reboosts” to speed it back up , the orbiting complex would eventually come crashing down.

Naturally, the United States and Russia were aware of this when they set out to assemble the Station. That’s why early core modules such as Zarya and Zvezda came equipped with thrusters that could be used to not only rotate the complex about all axes, but accelerate it to counteract the impact of drag. Eventually the thrusters on Zarya were disabled, and its propellant tanks were plumbed into Zvezda’s fuel system to provide additional capacity.
An early image of ISS, Zarya module in center and Zvezda at far right.
Visiting spacecraft attached to the Russian side of the ISS can transfer propellant into these combined tanks, and they’ve been topped off regularly over the years. In fact, the NASA paper A Review of In-Space Propellant Transfer Capabilities and Challenges for Missions Involving Propellant Resupply, notes this as one of the most significant examples of practical propellant transfer between orbital vehicles, with more than 40,000 kgs of propellants pumped into the ISS as of 2019.

But while the thrusters on Zvezda are still available for use, it turns out there’s an easier way to accelerate the Station; visiting spacecraft can literally push the orbital complex with their own maneuvering thrusters. Of course this is somewhat easier said than done, and not all vehicles have been able to accomplish the feat, but over the decades several craft have taken on the burden of lifting the ISS into a higher orbit.

Earlier this month, a specially modified SpaceX Cargo Dragon became the newest addition to the list of spacecraft that can perform a reboost. The craft will boost the Station several times over the rest of the year, which will provide valuable data for when it comes time to reverse the process and de-orbit the ISS in the future.

Reboosting the Russian Way

By far the easiest way for a visiting spacecraft to reboost the ISS is to dock with the rear of the Zvezda module. This not only places the docked spacecraft at what would be considered the “rear” of the Station given its normal flight orientation, but puts the craft as close as possible to the Station’s own thrusters. This makes it relatively easy to compute the necessary parameters for the thruster burn.
Progress 72 in 2019
Historically, reboosts from this position have been performed by the Russian Progress spacecraft. Introduced in 1978, Progress is essentially an uncrewed version of the Soyuz spacecraft, and like most of Russia’s space hardware, has received various upgrades and changes over the decades. Progress vehicles are designed specifically for serving long-duration space stations, and were used to bring food, water, propellants, and cargo to the Salyut and Mir stations long before the ISS was even on the drawing board.

Reboosts could also be performed by the Automated Transfer Vehicle (ATV). Built by the European Space Agency (ESA), the ATV was essentially the European counterpart to Progress, and flew similar resupply missions. The ATV had considerably greater cargo capacity, with the ability to bring approximately 7,500 kg of materials to the ISS compared to 2,400 kg for Progress.

Only five ATVs were flown, from 2008 to 2014. There were several proposals to build more ATVs, including modified versions that could potentially even carry crew. None of these versions ever materialized, although it should be noted that the design of the Orion spacecraft’s Service Module is based on the ATV.

American Muscle

Reboosting the ISS from the American side of the Station is possible, but involves a bit more work. For one thing, the entire Station needs to flip over, as the complex’s normal orientation would have the American docking ports facing fowards. Of course, there’s really no such thing as up or down in space, so this maneuver doesn’t impact the astronauts’ work. There are however various experiments and devices aboard the Station that are designed to point down towards Earth, so this reorientation can still be disruptive.

Depending on the spacecraft, simply flipping the Station over might not be sufficient. In the case of the Space Shuttle, which of the American vehicles performed the most reboost maneuvers by far, the entire complex had to be rotated into just the right position so that the thrusters on the spaceplane would be properly aligned with the Stations’ center of mass.

As described in the “AUTO REBOOST” section of the STS-129 Orbit Operations Checklist, the Shuttle’s computer would actually be given control of the maneuvering systems of the ISS so the entire linked structure can be rotated into the correct position. A diagram in the Checklist even shows the approximate angle the vehicle’s should be at for the Shuttle’s maneuvering thrusters to line up properly.

With the retirement of the Space Shuttle in 2011, maintaining the Station’s orbit became the sole domain of the Russians until 2018, when the Cygnus became the first commercial spacecraft to perform a reboost. The cargo spacecraft had a swiveling engine which helped get the direction of thrust aligned, but the Station did still need to rotate to get into the proper position.

After performing a second reboost in 2022, the Cygnus spacecraft was retired. It’s replacement, the upgraded Cygnus XL — is currently scheduled to launch its first mission to the ISS no earlier than September 14th.

Preparing for the Final Push

That brings us to the present day, and the Cargo Dragon. SpaceX had never designed the spacecraft to perform a reboost, and indeed, it would at first seem uniquely unsuited for the task as its “Draco” maneuvering thrusters are actually located on the front and sides of the capsule. When docked, the primary thrusters used for raising and lowering the Dragon’s own orbit are essentially pressed up against the structure of the ISS, and obviously can’t be activated.
Crew Dragon approaching the ISS, note four Draco thrusters around docking port.
To make reboosting with the Dragon possible, SpaceX added additional propellant tanks and a pair of rear-firing Draco thrusters within the spacecraft’s un-pressurized “trunk” module. This hollow structure is usually empty, but occasionally will hold large or bulky cargo that can’t fit inside the spacecraft itself. It’s also occasionally been used to deliver components destined to be mounted to the outside of the ISS, such as the for the outside of the ISS, such as the International Docking Adapter (IDA) and the roll-out solar panels.
Additional propellant tanks mounted in the trunk of the Cargo Dragon.
While the ability to have the Dragon raise the orbit of the International Space Station obviously has value to NASA, the implications of this experiment go a bit farther.

SpaceX has already been awarded the contract to develop and operate the “Deorbit Vehicle” which will ultimately be used to slow down the ISS and put it on a targeted reentry trajectory sometime after 2030. Now that the company has demonstrated the ability to add additional thrusters and propellant to a standard Dragon spacecraft via a module installed in the trunk, it’s likely that the Deorbit Vehicle will take a similar form.

So while the development of this new capability is exciting from an operational standpoint, especially given deteriorating relations with Russia, it’s also a reminder that the orbiting laboratory is entering its final days.

hackaday.com/2025/09/11/dragon…

[Scott Baker] is at it again and this time he has built a 4-bit single board computer based on the Intel 4004 microprocessor.

In the board design [Scott] covers the CPU (both the Intel 4004 and 4040 are supported), and its support chips: the 4201A clock-generator, its crystal, and the 4289 Standard Memory Interface. The 4289 irons out the 4-bit interface for use with 8-bit ROMs. Included is a ATF22V10 PLD for miscellaneous logic, a 74HCT138 for chip-select, and a bunch of inverters for TTL compatibility (the 4004 itself uses 15 V logic with +5 V Vss and -10 V Vdd).

[Scott] goes on to discuss the power supply, ROM and page mapper, the serial interface, the RC2014 bus interface, RAM, and the multimodule interface. Then comes the implementation, a very tidy custom PCB populated with a bunch of integrated circuits, some passive components, a handful of LEDs, and a few I/O ports. [Scott] credits Jim Loo’s Intel 4004 SBC project as the genesis of his own build.

If you’re interested in seeing this board put to work check out the video embedded below. If you’d like to know more about the 4004 be sure to check out Supersize Your Intel 4004 By Over 10 Times, The 4004 Upgrade You’ve Been Waiting For, and Calculating Pi On The 4004 CPU, Intel’s First Microprocessor.

youtube.com/embed/ylq7cijFTRA?…

hackaday.com/2025/09/11/4-bit-…

Un nuovo strumento chiamato SpamGPT è apparso sui forum underground ed è rapidamente diventato oggetto di discussione nel campo della sicurezza informatica. Il software malevolo combina le capacità dell’intelligenza artificiale generativa con un sistema completo per l’invio di email di massa e si propone come una soluzione pronta all’uso per condurre campagne di phishing.

I suoi sviluppatori chiamano apertamente il prodotto “spam-as-a-service“, sottolineando che combina tutte le funzioni di una piattaforma di marketing professionale, ma viene utilizzato per attività illegali.

L’interfaccia di SpamGPT riproduce fedelmente i servizi di email marketing legali: sono disponibili moduli per la gestione delle campagne, le impostazioni SMTP e IMAP, i controlli di recapito e le analisi. Il pannello di controllo scuro è accompagnato da un assistente KaliGPT integrato che genera il testo delle email, seleziona gli argomenti e fornisce persino consigli su come aumentare il coinvolgimento delle vittime. Il controllo automatico della consegna dei messaggi è implementato tramite il monitoraggio in tempo reale della casella di posta, che consente agli operatori di verificare immediatamente se una lettera è arrivata nella posta in arrivo o è stata filtrata.

I creatori affermano che la piattaforma è ottimizzata per bypassare i filtri di Gmail, Outlook, Yahoo e Microsoft 365 e utilizza anche servizi cloud come AWS e SendGrid per mascherare il traffico dannoso come legittimo. L’attenzione non è rivolta solo alla scalabilità, ma anche alla consegna garantita: lo strumento non si limita a inviare email, ma si assicura che arrivino nelle cartelle principali dei destinatari.

Il kit include un “Corso di Mastery sull’Hacking SMTP” che spiega come ottenere e generare server per la distribuzione. Agli utenti viene mostrato come prendere il controllo di host di posta elettronica scarsamente protetti o mal configurati, nonché come creare un numero illimitato di account SMTP. Il pannello di controllo supporta l’importazione in blocco di server, la verifica della loro funzionalità e il bilanciamento del carico su decine di fonti, rendendo gli attacchi sostenibili e su larga scala.

Una parte importante del kit sono gli strumenti per la sostituzione dei mittenti e la creazione di intestazioni personalizzate. Ciò consente agli aggressori di imitare domini e marchi attendibili, aggirando i meccanismi di protezione di base. Le campagne stesse vengono create tramite un sistema che ricorda un CRM: gli aggressori possono impostare modelli, pianificare gli invii, cambiare server e monitorare statistiche dettagliate su aperture e clic.

In sostanza, SpamGPT ha trasformato un processo complesso in un kit di costruzione che anche i criminali informatici meno esperti possono realizzare. Tutto ciò che prima richiedeva un team di programmatori ora viene svolto tramite un’interfaccia intuitiva da un singolo operatore che paga circa 5.000 dollari. Questo riduce drasticamente la barriera d’ingresso e rende gli attacchi di phishing di massa ancora più accessibili.

Gli esperti avvertono che per contrastare tali soluzioni, le aziende devono rafforzare la protezione dei domini di posta. È necessario configurare DMARC, SPF e DKIM , nonché implementare moderni sistemi anti-phishing basati sul machine learning, in grado di identificare segnali di testo generativo e modelli di mailing atipici.

Solo una combinazione di tecnologie, scambio di informazioni e monitoraggio collettivo ci permetterà di anticipare gli aggressori che utilizzano l’intelligenza artificiale per automatizzare gli attacchi.

L'articolo Arriva SpamGPT! il nuovo kit di phishing che combina AI, Spam e Genialità diabolica proviene da il blog della sicurezza informatica.

Last time, we built a case for a PCB that handles 100 W of USB-C power, an old project that I’ve long been aiming to revive. It went well, and I’d like to believe you that the article will give you a much-needed easy-to-grasp FreeCAD introduction, Matrix knowledge upload style, having you designing stuff in no time.

Apart from my firm belief in the power of open-source software, I also do believe in social responsibilities, and I think I have a responsibility to teach you some decent FreeCAD design practices I’ve learned along the way. Some of them are going to protect your behind from mistakes, and some of them will do that while also making your project way easier to work with, for you and others.

You might not think the last part about “others” matters, but for a start, it matters in the ideal world that we’re collectively striving towards, and also, let’s be real, things like documentation are half intended for external contributors, half for you a year later. So, here’s the first FreeCAD tip that will unquestionably protect you while helping whoever else might work with the model later.

Okay, we’re all hackers, so I’ll start with zero-th FreeCAD tip – press Ctrl+S often. That’ll help a ton. Thankfully, FreeCAD’s autorecovery system has made big leaps, and it’s pretty great in case FreeCAD does crash, but the less you have to recover, the better. Now, onto the first tip.

Name Your Bodies, Always

The button is F2. That’s it. Click on your models in the tree view and give them a name. Do it for all extrudes, cuts, and even fillets/chamfers. You don’t have to do it for sketches, since those are always contained within an extrusion. If at all possible, do it immediately, make it a habit.

Why? Because names make it clear what the extrusion/cut/fillet is for, and you’ll be thankful for it multiple times over when modifying your model or even just looking at it the next morning. Also, it makes it way easier to avoid accidentally sending the wrong 3D model to your printer.
They’re the same picture.
How to make naming easier? I’ve figured out an easy and apt naming scheme, that you’ve seen in action in the previous article. For Fusions, I do “primary object +addition” or “with addition”, mentioning just the last addition. So, “Bottom case +cutouts” is a cut that contains “Bottom case +logo” and “Cutouts”, “Bottom case +logo” is a cut that contains “Bottom case” and “Logo”, and “Bottom case” contains “Bottom floor” and “Bottom walls”.

It’s not a perfect scheme, but it avoids verbosity and you have to barely think of the names. Don’t shy away from using words like “pip” and “doohickey” if the word just doesn’t come to your mind at the moment – you’re choosing between a project that’s vaguely endearing and one that’s incomprehensible, so the choice is obvious. Naming your models lets you avoid them becoming arcane magic, which might sound fun at a glance until you realize there’s already an object of arcane magic in your house, it’s called a “3D printer”, and you’ve had enough arcane magic in your life.

Last but not least, to hack something is know learn its true name, and whatever your feature is, there’s no truth in “Cut034”. By the way, about FreeCAD and many CAD packages before it, they’ve been having a problem with true names, actually, it’s a whole thing called Topological Naming Problem.

Naming Is Hard, Topology Is Harder

How do you know where a feature really is? For instance, you take a cube, and you cut two slots into the same side. How does the CAD package ensure that the slots are on the same side? One of the most popular options for it is topological naming. So, a cube gets its faces named Face1 through Face6, and as you slowly turn that cube into, say, a Minecraft-style hand showing a middle finger, each sketch remembers the name of the side you wanted it attached to.

Now, imagine the middle finger hand requires a hole inside of it, and it has to be done at from very start, which means you might need to go back to the base cube and add that hole. All of a sudden, there will be four new faces to the internal cube that holds the finger sketches, and these new faces will need names, too. Best case, they’ll be named Face7 through Face10 – but that’s a best case and the CAD engine needs to ensure to always implement it properly, whereas real world models aren’t as welcoming. Worst case, the faces will be renumbered anew, the sketch-to-face mapping will change which faces get which names, and the model of the hand will turn into a spider. Spooky!

It’s not Halloween just yet, and most regretfully, people don’t tend to appreciate spiders in unexpected places. Even more sadly, this retrospective renaming typically just results in your sketches breaking in a “red exclamation mark” way, since it’s not just sketch-to-face mappings that get names, it’s also all the little bits of external geometry that you’ll definitely invoke if you want to avoid suffering. Every line in your sketch has an invisible name and a number, and external geometry lines will store – otherwise, they couldn’t get updated when you change the base model under their feet, as one inevitably does.
Before FreeCAD v1.0, I sometimes had to make “plug” solids instead of removing cutouts. Nowadays, I have to do that way less often.
This used to be a big problem with FreeCAD, and it still kind of is, but it’s by no means exclusive to FreeCAD. Hell, I remember dealing with something similar back when my CAD (computer-aided despair) suite of choice was SolidWorks. It’s not an easy problem to solve, because of the innumerable ways you can create and then modify a 3D object; every time you think you’ll have figured out a solution to the horrors, your users will come up with new and more intricate horrors beyond your comprehension.

FreeCAD v1.0 has clamped down on a large amount of topological naming errors. They still exist; one simple way I can trigger it is to make a cutout in a cube, make a sketch that external-geometry-exports the cut-in-half outwards-facing line of the cube, and then go back and delete the cutout. It makes sense that it happens, but oh do I wish it didn’t, and it makes for unfun sketch fixing sessions.

How To Stay Well Away

Now, I’m no stranger to problems caused by name changes, and I’m eager to share some of what I’ve learned dealing with FreeCAD’s names in particular.

The first solution concerns cutouts, as they specifically might become the bane of your model. If you have a ton of features planned, just delay doing the cutouts up until you’ve done all the basics of the case that you might ever want to rely on. Cutouts might and often will change, and if your board changes connector or button positions, you want to be able to remake them without ever touching the rest of the sketch. So, build up most of your model, and closer to the end, do the case cutouts, so that external geometry can rely on walls and sides that will never change.

Next, minimize the number of models you’re dealing with, so that you have less places where external geometry has to be involved. If you need to make a block with a hole all the way through, do it in one sketch instead of doing two extrudes and a cut. You’ll thank yourself, both because you’ll have less opportunity for topo naming errors, but also because you have fewer model names to think up.
In case you wondered what the “bad naming” example was about, it’s from this part. It’s a perfectly fine part because no external geometry relies on it in practice, but it’s also absolutely a good example of a part you can instead do in a single sketch-extrude and a (not shown) fillet.
The third thing is what I call the cockroach rule. If you see a cockroach in your house, you back off slowly, set the house on fire, and then you get yourself a different house, making sure you don’t bring the cockroach into the new house while at it. Same can apply here – if you remove a feature in the base model and you see the entire tree view light up with red exclamation marks, click “Close” on the document, press “Discard changes”, open the document again, and do whatever you wanted to do but in a different way.

Why reload? Because Ctrl+Z does not always help with such problems, as much as it’s supposed to. This does require that you follow the 0th rule – press Ctrl+S often, and it also requires that you don’t press Ctrl+S right after making those changes, so, change-verify-enter. Thankfully, FreeCAD will unroll objects in the model tree when one of the inner object starts to, so just look over the model tree after doing changes deep inside the model, and you’ll be fine. This is also where keeping your models in a Git repo is super helpful – that way, you can always have known-good model states to go back to.

Good Habits Create Good Models

So, to recap. Save often, give your models names, understand topo naming, create cutouts last if at all possible, keep your models simple, and when all fails, nuke it from orbit and let your good habits cushion the fall. Simple enough.

I’ll be on the lookout for further tips for you all, as I’ve got a fair few complex models going on, and the more I work with them, the more I learn. Until then, I hope you can greatly benefit from these tips, and may your models behave well through your diligent treatment.

hackaday.com/2025/09/11/freeca…

Sophos ha annunciato di aver corretto una vulnerabilità critica di bypass dell’autenticazione che interessava gli access point wireless della serie AP6. La falla permetteva a un attaccante remoto di ottenere privilegi di amministratore accedendo all’indirizzo IP di gestione del dispositivo. La scoperta è avvenuta durante test di sicurezza interni condotti dalla stessa azienda.

Il problema riguarda le versioni del firmware precedenti alla 1.7.2563 (MR7). In queste release, la vulnerabilità esponeva gli access point al rischio di compromissione completa, con la possibilità per un aggressore di controllare configurazioni e funzionalità.

Sophos ha classificato la gravità della vulnerabilità come critica, con un punteggio CVSS di 9.8. La descrizione tecnica la riconduce a una falla catalogata come CWE-620, che riporta testualmente “Quando si imposta una nuova password per un utente, il prodotto non richiede la conoscenza della password originale né l’utilizzo di un’altra forma di autenticazione.”

Per i clienti che adottano la politica di aggiornamenti predefinita non è necessaria alcuna azione, poiché le patch vengono installate automaticamente. Questo garantisce la protezione immediata dalla falla senza interventi manuali da parte degli amministratori di rete.

Diverso il discorso per coloro che hanno scelto di disattivare gli aggiornamenti automatici: in questo caso è indispensabile installare manualmente la versione firmware 1.7.2563 (MR7), rilasciata dopo l’11 agosto 2025, per ricevere la correzione e le protezioni più recenti.

Sophos invita tutti gli utenti che utilizzano firmware precedenti a effettuare l’aggiornamento quanto prima. L’azienda sottolinea che solo con la versione più recente gli access point della serie AP6 sono completamente messi in sicurezza rispetto a questa vulnerabilità.

Ulteriori informazioni tecniche e dettagli ufficiali sono disponibili nei riferimenti pubblicati da Sophos, tra cui la scheda CVE-2025-10159 e la comunicazione sulla community dedicata agli aggiornamenti dei prodotti wireless.

L'articolo Un bug critico di bypass dell’autenticazione colpisce Sophos AP6 proviene da il blog della sicurezza informatica.

Alla conferenza di sicurezza DefCon, è stata presentata una rilevante catena di exploit da parte dei ricercatori, la quale permette a malintenzionati di acquisire l’autorizzazione di amministratore ai sistemi di intrattenimento dei veicoli attraverso Apple CarPlay.

L’attacco noto come “Pwn My Ride” prende di mira una serie di vulnerabilità presenti nei protocolli che governano il funzionamento del CarPlay wireless. Queste vulnerabilità possono essere sfruttate per eseguire codice remoto (RCE) sull’unità multimediale del veicolo, mettendo a rischio la sicurezza del sistema.

L’attacco, nella sua natura, consiste in una sequenza di debolezze insite nei protocolli che regolano il CarPlay wireless. Ciò consente l’esecuzione remota di codice sull’unità multimediale del veicolo, permettendo potenzialmente agli aggressori di assumere il controllo del sistema.

Al centro di questo exploit c’è CVE-2025-24132, un grave stack buffer overflow all’interno dell’SDK del protocollo AirPlay. Gli studiosi di Oligo Security hanno spiegato in dettaglio come questa falla possa attivarsi quando un intruso si infiltra nella rete Wi-Fi del veicolo.

La vulnerabilità colpisce un ampio spettro di dispositivi che utilizzano versioni di AirPlay Audio SDK precedenti alla 2.7.1, versioni di AirPlay Video SDK precedenti alla 3.6.0.126, nonché versioni specifiche del plug-in di comunicazione CarPlay.

Sfruttando questo stack buffer overflow, un aggressore può eseguire codice arbitrario con privilegi elevati, prendendo di fatto il controllo del sistema di infotainment. L’attacco inizia prendendo di mira la fase iniziale di connessione wireless di CarPlay, che si basa su due protocolli fondamentali: iAP2 (iPod Accessory Protocol) tramite Bluetooth e AirPlay tramite Wi-Fi.

I ricercatori hanno scoperto una falla fondamentale nel processo di autenticazione iAP2. Sebbene il protocollo imponga che l’auto autentichi il telefono, trascura l’autenticazione reciproca, consentendo al telefono di non essere verificato dal veicolo. Questa autenticazione unilaterale consente al dispositivo di un hacker di mascherarsi da iPhone legittimo.

Successivamente, l’intruso può effettuare l’associazione con il Bluetooth del veicolo, spesso senza un codice PIN a causa della prevalenza della modalità di associazione non sicura “Just Works” su molti sistemi. Una volta effettuato l’accoppiamento, l’hacker sfrutta la vulnerabilità iAP2 inviando un RequestAccessoryWiFiConfigurationInformationcomando, ingannando di fatto il sistema e inducendolo a rivelare l’SSID e la password Wi-Fi del veicolo.

Con le credenziali Wi-Fi in mano, l’aggressore ottiene l’accesso alla rete del veicolo e attiva CVE-2025-24132 per proteggere l’accesso root. L’intero processo può essere eseguito come un attacco senza clic su numerosi veicoli, senza richiedere alcuna interazione da parte del conducente.

Sebbene Apple abbia rilasciato una patch per l’SDK AirPlay vulnerabile nell’aprile 2025, i ricercatori hanno notato che, secondo il loro ultimo rapporto, nessun produttore automobilistico aveva implementato la correzione, secondo Oligo Security.

A differenza degli smartphone, che beneficiano di regolari aggiornamenti over-the-air (OTA), i cicli di aggiornamento del software dei veicoli sono notoriamente lunghi e frammentati.

L'articolo Una RCE in Apple CarPlay consente l’accesso root ai sistemi di infotainment dei veicoli proviene da il blog della sicurezza informatica.