Suche
Beiträge, die mit engineer getaggt sind
The “world’s worst digital dash”, a Nintendo Game Boy as a digital speedometer. Interfacing the handheld with the vehicle’s CAN bus system, this project has something to offer.
🖇️Check my Image Description’s🖇️
https://github.com/JohnSutley/Worlds-Worst-Digital-Dash
#diy #retro #gameboy #speedometer #car #canbus #system #it #engineer #artist #media #maker #tech #art #progamming #news
![Months of work have gone into decoding the Game Boy’s data bus and creating a schematic for the interface board. Tricking the Game Boy into thinking it was loading a game, while actually displaying incoming speed data. The screen’s low resolution and slow refresh rate rendered it barely readable in a moving vehicle. But [John]’s goal wasn’t practicality — it was just proving it could be done.](https://nerdculture.de/system/media_attachments/files/114/251/391/317/762/186/original/f1ea811e6cb4c4c3.jpeg "Months of work have gone into decoding the Game Boy’s data bus and creating a schematic for the interface board. Tricking the Game Boy into thinking it was loading a game, while actually displaying incoming speed data. The screen’s low resolution and slow refresh rate rendered it barely readable in a moving vehicle. But [John]’s goal wasn’t practicality — it was just proving it could be done.")
![[ImageSource: John Sutley]
Showing real-time vehicle speed on the Game Boy sounds like it should be relatively easy, but the iconic game system wasn’t exactly built for such a task. Its 2 MHz CPU and 160×144 pixel dot-matrix screen were every kid’s dream in 1989, but using it as a car dashboard is pushing it. To bridge that gap, [John] designed two custom circuit boards.
One interfaces with the Game Boy, intercepting its memory requests and feeding it data from a microcontroller. The other processes the CAN bus signals, translating speed information into a form the Game Boy can display. [John] used inexpensive tools and software to read the CAN bus data, and used GBDK-2020 to write the software in C.](https://nerdculture.de/system/media_attachments/files/114/251/392/340/955/496/original/f54a186d63357559.png "[ImageSource: John Sutley]
Showing real-time vehicle speed on the Game Boy sounds like it should be relatively easy, but the iconic game system wasn’t exactly built for such a task. Its 2 MHz CPU and 160×144 pixel dot-matrix screen were every kid’s dream in 1989, but using it as a car dashboard is pushing it. To bridge that gap, [John] designed two custom circuit boards.
One interfaces with the Game Boy, intercepting its memory requests and feeding it data from a microcontroller. The other processes the CAN bus signals, translating speed information into a form the Game Boy can display. [John] used inexpensive tools and software to read the CAN bus data, and used GBDK-2020 to write the software in C.")
GitHub - JohnSutley/Worlds-Worst-Digital-Dash
Contribute to JohnSutley/Worlds-Worst-Digital-Dash development by creating an account on GitHub.GitHub
According to LayerX Labs, who have been tracking this campaign for more than a year, the phishing attack attempts to trick Mac users into thinking that their computers have been “locked” via a fake security warning that pops up while users are browsing the web.
https://layerxsecurity.com/blog/layerx-identifies-new-phishing-campaign-targeted-at-mac-users/
#apple #macos #it #security #privacy #engineer #media #tech #news
![[ImageSource: LayerX Labs]
The webpage then appears to be frozen which, like most phishing attempts, adds a sense of urgency and fear that something is wrong with your computer. The window that appears displays a warning that the computer has been subjected to a trojan virus and asks the user to enter in their Mac username and password.
The warning message [captured in a screenshot by LayerX Labs], contains some glaring errors that show it’s not legitimate: It does not conform to any of Apple’s styling either in color or general appearance and misspells macOS as “MacOS.”
It also provides a phone number to contact “support,” however, when [Macworld] called this number they only got a message playback that said the recipient was not available and to call back between 8am and 5pm – even though they were calling during that time frame. The number is obviously fake and will likely never be answered.
<https://www.macworld.com/article/2642938/new-mac-phishing-attack-causes-fake-freezes-to-nab-your-apple-id-password.html>](https://nerdculture.de/system/media_attachments/files/114/223/204/816/717/565/original/c3108acab7427601.jpeg "[ImageSource: LayerX Labs]
The webpage then appears to be frozen which, like most phishing attempts, adds a sense of urgency and fear that something is wrong with your computer. The window that appears displays a warning that the computer has been subjected to a trojan virus and asks the user to enter in their Mac username and password.
The warning message [captured in a screenshot by LayerX Labs], contains some glaring errors that show it’s not legitimate: It does not conform to any of Apple’s styling either in color or general appearance and misspells macOS as “MacOS.”
It also provides a phone number to contact “support,” however, when [Macworld] called this number they only got a message playback that said the recipient was not available and to call back between 8am and 5pm – even though they were calling during that time frame. The number is obviously fake and will likely never be answered.
<https://www.macworld.com/article/2642938/new-mac-phishing-attack-causes-fake-freezes-to-nab-your-apple-id-password.html>")
LayerX Labs Identifies New Phishing Campaign Targeted at Mac Users - LayerX
A new phishing attack campaign, targeting Mac users and identified by LayerX Labs, shows the trials and tribulations of combating online phishing, and how attacks morph and shift in response to adaptations by security tools.Or Eshed (LayerX)
📄 Minimal Linux OS runs in a 6MB PDF Document in Chrome.A version of the Linux operating system can now be run inside a PDF opened by a Chromium-based browser. The developer [Ading2210] explains that Linux need a modified version of the TinyEMU RISC-V emulator.
https://github.com/ading2210/linuxpdf
#linux #pdf #chromium #based #browser #it #engineer #media #programming #art #tech #developer #artist #news
![If you wish to try out the LinuxPDF, it requires a Chromium-based browser to work correctly (I checked, but it didn't work in Firefox on PC).
On the topic of speed and efficiency, [Ading2210] humbly admits that performance might be the largest problem with LinuxPDF. "The Linux kernel takes about 30-60 seconds to boot up within the PDF, which [is] over 100x slower than normal," notes the developer. With Chrome's current PDF engine having its Just-in-Time (JIT) compiler disabled, [Ading2210] sees no way of speeding up the code, for now.](https://nerdculture.de/system/media_attachments/files/114/211/704/385/933/637/original/7142a6047423bdbc.jpeg "If you wish to try out the LinuxPDF, it requires a Chromium-based browser to work correctly (I checked, but it didn't work in Firefox on PC).
On the topic of speed and efficiency, [Ading2210] humbly admits that performance might be the largest problem with LinuxPDF. \"The Linux kernel takes about 30-60 seconds to boot up within the PDF, which [is] over 100x slower than normal,\" notes the developer. With Chrome's current PDF engine having its Just-in-Time (JIT) compiler disabled, [Ading2210] sees no way of speeding up the code, for now.")
![[ImageSource: Ading2210]
The TinyEMU RISC-V emulator runs in the PDF thanks to a technique where its code is compiled "using an old version of Emscripten that targets asm.js instead of WebAssembly." This is embedded and loads in the PDF, subsequently auto-running a minimal Linux kernel targeting that architecture.
In this implementation, once you agree to 'Start Emulator' in your browser, you will see the LinuxPDF UI load, and a welcome message in the Linux viewport, as you wait for the OS to boot.](https://nerdculture.de/system/media_attachments/files/114/211/705/349/712/707/original/513838969c81eb99.png "[ImageSource: Ading2210]
The TinyEMU RISC-V emulator runs in the PDF thanks to a technique where its code is compiled \"using an old version of Emscripten that targets asm.js instead of WebAssembly.\" This is embedded and loads in the PDF, subsequently auto-running a minimal Linux kernel targeting that architecture.
In this implementation, once you agree to 'Start Emulator' in your browser, you will see the LinuxPDF UI load, and a welcome message in the Linux viewport, as you wait for the OS to boot.")
![[ImageSource: Ading2210]
Below the Linux viewport in the PDF is a soft keyboard created by an array of PDF buttons. However, it is likely quicker for everyone with a decent physical keyboard to input commands into the 'type here for keyboard inputs' field to the lower right of the keyboard UI area.](https://nerdculture.de/system/media_attachments/files/114/211/706/326/556/776/original/9f7e2d1a8c32c083.png "[ImageSource: Ading2210]
Below the Linux viewport in the PDF is a soft keyboard created by an array of PDF buttons. However, it is likely quicker for everyone with a decent physical keyboard to input commands into the 'type here for keyboard inputs' field to the lower right of the keyboard UI area.")
GitHub - ading2210/linuxpdf: Linux running inside a PDF file via a RISC-V emulator
Linux running inside a PDF file via a RISC-V emulator - ading2210/linuxpdfGitHub
Nicola Wrachien with Silicon Labs created this fun handheld, porting Quake using the Arduino Nano Matter. For easy playing a custom controller shaped board was designed with joysticks and a screen.
https://next-hack.com/index.php/2024/09/22/quake-port-to-sparkfun-and-arduino-nano-matter-boards-using-only-276-kb-ram/
#quake #arduino #nano #diy #handheld #port #retro #gaming #art #maker #engineer #artist #media #programming #tech #news
![[ImageSource: Nicola Wrachien]
For a much tougher challenge, a group from Silicon Labs decided to port DOOM‘s successor, Quake, to the Arduino Nano Matter Board platform instead even though this platform has some pretty significant limitations for a game as advanced as Quake.
<https://community.silabs.com/s/share/a5UVm000000Vi1ZMAS/quake-ported-to-arduino-nano-matter-and-sparkfun-thing-plus-matter-boards?language=en_US>
To begin work on the memory problem, the group began with a port of Quake originally designed for Windows, allowing them to use a modern Windows machine to whittle down the memory usage before moving over to hardware. They do have a flash memory module available as well, but there’s a speed penalty with this type of memory. To improve speed they did what any true gamer would do with their system: overclock the processor. This got them to around 10 frames per second, which is playable, but not particularly enjoyable.
The further optimizations to improve the FPS required a much deeper dive which included generating lookup tables instead of relying on computation, optimizing some of the original C programming, coding some functions in assembly and only refreshing certain sections of the screen when needed.](https://nerdculture.de/system/media_attachments/files/114/206/081/241/901/037/original/72dec8d287dd1c33.png "[ImageSource: Nicola Wrachien]
For a much tougher challenge, a group from Silicon Labs decided to port DOOM‘s successor, Quake, to the Arduino Nano Matter Board platform instead even though this platform has some pretty significant limitations for a game as advanced as Quake.
<https://community.silabs.com/s/share/a5UVm000000Vi1ZMAS/quake-ported-to-arduino-nano-matter-and-sparkfun-thing-plus-matter-boards?language=en_US>
To begin work on the memory problem, the group began with a port of Quake originally designed for Windows, allowing them to use a modern Windows machine to whittle down the memory usage before moving over to hardware. They do have a flash memory module available as well, but there’s a speed penalty with this type of memory. To improve speed they did what any true gamer would do with their system: overclock the processor. This got them to around 10 frames per second, which is playable, but not particularly enjoyable.
The further optimizations to improve the FPS required a much deeper dive which included generating lookup tables instead of relying on computation, optimizing some of the original C programming, coding some functions in assembly and only refreshing certain sections of the screen when needed.")
Text messages sent between iOS & Android devices will soon benefit from end-to-end encryption, after the GSM Association published new specifications for the RCS protocol that include support for cross-platform E2EE.
https://www.gsma.com/solutions-and-impact/technologies/networks/gsma_resources/gsma-rcs-universal-profile-3-0-specifications/
#ios #android #rcs #protocol #it #security #privacy #engineer #media #tech #news
![The new GSMA specifications for RCS include E2EE based on the Messaging Layer Security [MLS] protocol via what's called the Rich Communication Services [RCS] Universal Profile 3.0.
"The new specifications define how to apply MLS within the context of RCS," Tom Van Pelt, technical director of GSMA, said. "These procedures ensure that messages and other content such as files remain confidential and secure as they travel between clients."
<https://www.gsma.com/newsroom/article/rcs-encryption-a-leap-towards-secure-and-interoperable-messaging/>
This also means that RCS will be the first "large-scale messaging service" to have support for interoperable E2EE between different client implementations from different providers in the near future.
The development comes nearly six months after the GSMA said it was working towards implementing end-to-end encryption [E2EE] to secure messages sent between the Android and iOS ecosystems. The move followed Apple's decision to roll out support for RCS in its own Messages app with iOS 18.
Google said, "We've always been committed to providing a secure messaging experience, and Google Messages users have had end-to-end encrypted [E2EE] RCS messaging for years. We're excited to have this updated specification from GSMA and work as quickly as possible with the mobile ecosystem to implement and extend this important user protection to cross-platform RCS messaging."](https://nerdculture.de/system/media_attachments/files/114/194/978/375/605/770/original/ae19ccf056d1258e.jpeg "The new GSMA specifications for RCS include E2EE based on the Messaging Layer Security [MLS] protocol via what's called the Rich Communication Services [RCS] Universal Profile 3.0.
\"The new specifications define how to apply MLS within the context of RCS,\" Tom Van Pelt, technical director of GSMA, said. \"These procedures ensure that messages and other content such as files remain confidential and secure as they travel between clients.\"
<https://www.gsma.com/newsroom/article/rcs-encryption-a-leap-towards-secure-and-interoperable-messaging/>
This also means that RCS will be the first \"large-scale messaging service\" to have support for interoperable E2EE between different client implementations from different providers in the near future.
The development comes nearly six months after the GSMA said it was working towards implementing end-to-end encryption [E2EE] to secure messages sent between the Android and iOS ecosystems. The move followed Apple's decision to roll out support for RCS in its own Messages app with iOS 18.
Google said, \"We've always been committed to providing a secure messaging experience, and Google Messages users have had end-to-end encrypted [E2EE] RCS messaging for years. We're excited to have this updated specification from GSMA and work as quickly as possible with the mobile ecosystem to implement and extend this important user protection to cross-platform RCS messaging.\"")
GitHub uncovers new Ruby-SAML Vulnerabilities allowing Account Takeover Attacks.Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language (SAML) authentication protections.
https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/
#github #ruby #saml #library #it #security #privacy #engineer #media #programming #tech #news
![[ImageSource: GitHub]
"Attackers who are in possession of a single valid signature that was created with the key used to validate SAML responses or assertions of the targeted organization can use it to construct SAML assertions themselves and are in turn able to log in as any user," GitHub Security Lab researcher Peter Stöckli said in a post.
The Microsoft-owned subsidiary also noted that the issue boils down to a "disconnect" between verification of the hash and verification of the signature, opening the door to exploitation via a parser differential.
Versions 1.12.4 and 1.18.0 also plug a remote denial-of-service (DoS) flaw when handling compressed SAML responses (CVE-2025-25293, CVSS score: 7.7).
⚠️Users are recommended to update to the latest version to safeguard against potential threats.⚠️
The findings come nearly six months after GitLab and ruby-saml moved to address another critical vulnerability (CVE-2024-45409, CVSS score: 10.0) that could also result in an authentication bypass.](https://nerdculture.de/system/media_attachments/files/114/177/947/075/555/612/original/721ecee68734690f.jpeg "[ImageSource: GitHub]
\"Attackers who are in possession of a single valid signature that was created with the key used to validate SAML responses or assertions of the targeted organization can use it to construct SAML assertions themselves and are in turn able to log in as any user,\" GitHub Security Lab researcher Peter Stöckli said in a post.
The Microsoft-owned subsidiary also noted that the issue boils down to a \"disconnect\" between verification of the hash and verification of the signature, opening the door to exploitation via a parser differential.
Versions 1.12.4 and 1.18.0 also plug a remote denial-of-service (DoS) flaw when handling compressed SAML responses (CVE-2025-25293, CVSS score: 7.7).
⚠️Users are recommended to update to the latest version to safeguard against potential threats.⚠️
The findings come nearly six months after GitLab and ruby-saml moved to address another critical vulnerability (CVE-2024-45409, CVSS score: 10.0) that could also result in an authentication bypass.")
Sign in as anyone: Bypassing SAML SSO authentication with parser differentials - The GitHub Blog
Critical authentication bypass vulnerabilities were discovered in ruby-saml up to version 1.17.0. See how they were uncovered.Peter Stöckli (The GitHub Blog)
At the Hacker Hotel conference in the Netherlands, [Orange_Murker] presented an ultrasonic parametric speaker. It projects an extremely narrow beam of sound over a significant distance, but it’s not an audio frequency speaker at all.
https://github.com/Orange-Murker/parametric_speaker
#diy #ultarsonic #parametric #speaker #maker #art #media #audio #tech #engineer #artist #news
![[ImageSource: Orange_Murker]
Those of you familiar with radio will recognize its operation; an ultrasonic carrier is modulated with the audio to be projected, and the speaker transfers that to the air. Just like the diode detector in an old AM radio, air is a nonlinear medium and it performs a demodulation of the ultrasound to produce an audio frequency that can be heard.
[Orange_Murker] spends a while going into modulation schemes, before revealing that she drove her speaker with a 40 kHz PWM via an H bridge. The speaker itself is an array of in-phase ultrasonic transducers, and she demonstrates the result on her audience.
<https://media.ccc.de/v/2025-201-build-your-own-parametric-speaker>](https://nerdculture.de/system/media_attachments/files/114/172/381/612/832/329/original/419ed72e02265621.png "[ImageSource: Orange_Murker]
Those of you familiar with radio will recognize its operation; an ultrasonic carrier is modulated with the audio to be projected, and the speaker transfers that to the air. Just like the diode detector in an old AM radio, air is a nonlinear medium and it performs a demodulation of the ultrasound to produce an audio frequency that can be heard.
[Orange_Murker] spends a while going into modulation schemes, before revealing that she drove her speaker with a 40 kHz PWM via an H bridge. The speaker itself is an array of in-phase ultrasonic transducers, and she demonstrates the result on her audience.
<https://media.ccc.de/v/2025-201-build-your-own-parametric-speaker>")
GitHub - Orange-Murker/parametric_speaker: A directional speaker with a driver based on STM32
A directional speaker with a driver based on STM32 - Orange-Murker/parametric_speakerGitHub
The feat was devised by Software Engineer Dmitri Mitropoulos, founder of Michigan Typescript and co-founder of Squiggleconf. He released a video showcasing the results of a year-long effort to get Doom running inside of Typescript's Types system.
https://youtu.be/0mCsluv5FXA
#doom #port #typescript #programming #ascii #art #engineer #media #retro #gaming #history #tech #artist #news
![[ImageSource: Dmitri Mitropoulos]
Typescript is a language built on top of Javascript, that add static typing to catch many errant mistakes before your executes, think of it as guardrails which check that functions and other variables are being used correctly. While this is commonly used in all kinds of development, it's unheard of to run a game within Typescript's Type system.
The port itself runs inside three and a half trillion lines of types, totalling a gargantuan size of 177 TB. This is run through Typescript's Type tracker, which takes 12 days to compile the first frame of Doom (0.0000009645 fps). This meant that 20 million type instantiations were running every second in order to get the output.
Mitropoulos explained in the Michigan TypeScript Discord server that this could be improved to take "1 to 12 hours", as long as someone works on it, with the developer noting that he has notes for where potential performance optimizations could be made.
<https://discord.gg/pfKUSmSY>
This was done by running the project within a custom WASM runtime, which is then processed through Typescript within an editor to display a frame.
<https://github.com/MichiganTypeScript/typescript-types-only-wasm-runtime>](https://nerdculture.de/system/media_attachments/files/114/166/740/010/112/784/original/f54d5e08b8f270ce.png "[ImageSource: Dmitri Mitropoulos]
Typescript is a language built on top of Javascript, that add static typing to catch many errant mistakes before your executes, think of it as guardrails which check that functions and other variables are being used correctly. While this is commonly used in all kinds of development, it's unheard of to run a game within Typescript's Type system.
The port itself runs inside three and a half trillion lines of types, totalling a gargantuan size of 177 TB. This is run through Typescript's Type tracker, which takes 12 days to compile the first frame of Doom (0.0000009645 fps). This meant that 20 million type instantiations were running every second in order to get the output.
Mitropoulos explained in the Michigan TypeScript Discord server that this could be improved to take \"1 to 12 hours\", as long as someone works on it, with the developer noting that he has notes for where potential performance optimizations could be made.
<https://discord.gg/pfKUSmSY>
This was done by running the project within a custom WASM runtime, which is then processed through Typescript within an editor to display a frame.
<https://github.com/MichiganTypeScript/typescript-types-only-wasm-runtime>")
![Dmitri Mitropoulos further explained that each value within the Typescript Types system equates to a line of pixels [totalling 128,000 lines of pixels in total], resulting in a "resolution" of 320x200, displayed in ASCII.
To do this, the developer needed to remove limitations within the Typescript compiler itself, highlighting just how large the project got, with the Type tracker runtime consuming over 90 GB of RAM while it was running.
This huge overhead meant that common tools within Typescript could not be used, which meant that the herculean task of encoding every element of Doom in types. This required learning to develop elements like an L1 CPU cache, within Typescript Types itself. Due to Typescript requiring iteration on a single string from the left-hand side, binary algorithms had to be input in reverse.
"Oh, and AI can't help" Dmitri Mitropoulos added, describing that the work was so low level that AI couldn't possibly assist with any of the tasks. Too bad, Grok 3.
Mitropoulos said that he undertook the challenge after completing "every other" Types challenge, and wanted to understand why Doom wouldn't be able to run within Types. However, he managed to find "ridiculous" workarounds to make it all work, despite his own disbelief in the project.](https://nerdculture.de/system/media_attachments/files/114/166/742/069/675/680/original/110e43577d22fe1d.jpeg "Dmitri Mitropoulos further explained that each value within the Typescript Types system equates to a line of pixels [totalling 128,000 lines of pixels in total], resulting in a \"resolution\" of 320x200, displayed in ASCII.
To do this, the developer needed to remove limitations within the Typescript compiler itself, highlighting just how large the project got, with the Type tracker runtime consuming over 90 GB of RAM while it was running.
This huge overhead meant that common tools within Typescript could not be used, which meant that the herculean task of encoding every element of Doom in types. This required learning to develop elements like an L1 CPU cache, within Typescript Types itself. Due to Typescript requiring iteration on a single string from the left-hand side, binary algorithms had to be input in reverse.
\"Oh, and AI can't help\" Dmitri Mitropoulos added, describing that the work was so low level that AI couldn't possibly assist with any of the tasks. Too bad, Grok 3.
Mitropoulos said that he undertook the challenge after completing \"every other\" Types challenge, and wanted to understand why Doom wouldn't be able to run within Types. However, he managed to find \"ridiculous\" workarounds to make it all work, despite his own disbelief in the project.")
240 Million Windows 10 Users are vulnerable to six different Exploits.⚠️Protect yourself Now!!!⚠️
If you’re running a Windows 10 PC, make sure you download the latest update right now. Microsoft patched 57 vulnerabilities affecting its foundational systems and core products, including six actively exploited zero-day vulnerabilities.
https://msrc.microsoft.com/update-guide/releaseNote/2025-Mar
#microsoft #windows #update #it #security #privacy #engineer #media #tech #news
![[ImageSource: Shutterstock]
However, these are the actively exploited vulnerabilities to worry about right now:
• CVE-2025-24993: This is a common buffer overflow exploit. In simple terms, criminals take advantage of a coding error and overload your system memory with more, which overwrites your current system memory.
• CVE-2025-24991: If an unsuspecting user mounts a nefarious virtual hard disk (VHD), this bug allows a hacker to read all of your data (even all the out-of-bounds stuff).
• CVE-2025-24984: This exploit allows an attacker to record all sensitive information into a log file for them to take. While it’s a concerning one, it does require the malicious actor to physically access your computer.
• CVE-2025-26633: A simple (but risky) bypass flaw in the Microsoft Management Console.
• CVE-2025-24985: This one also requires the attacker to convince a user to mount a VHD of their own volition. But once done, there is a privilege escalation flaw that can be exploited to take over the victim’s entire computer.
• CVE-2025-24983: This is a system-level exploit where a malicious actor can run a specially crafted program that exploits the Kernel Subsystem of Windows to give an attacker top privileges to your system.](https://nerdculture.de/system/media_attachments/files/114/161/162/797/465/639/original/baa978608da5f225.png "[ImageSource: Shutterstock]
However, these are the actively exploited vulnerabilities to worry about right now:
• CVE-2025-24993: This is a common buffer overflow exploit. In simple terms, criminals take advantage of a coding error and overload your system memory with more, which overwrites your current system memory.
• CVE-2025-24991: If an unsuspecting user mounts a nefarious virtual hard disk (VHD), this bug allows a hacker to read all of your data (even all the out-of-bounds stuff).
• CVE-2025-24984: This exploit allows an attacker to record all sensitive information into a log file for them to take. While it’s a concerning one, it does require the malicious actor to physically access your computer.
• CVE-2025-26633: A simple (but risky) bypass flaw in the Microsoft Management Console.
• CVE-2025-24985: This one also requires the attacker to convince a user to mount a VHD of their own volition. But once done, there is a privilege escalation flaw that can be exploited to take over the victim’s entire computer.
• CVE-2025-24983: This is a system-level exploit where a malicious actor can run a specially crafted program that exploits the Kernel Subsystem of Windows to give an attacker top privileges to your system.")
Apple releases Emergency Security Patch for WebKit Zero-Day Vulnerability.The vulnerability is tracked as CVE-2025-24201 and was found in the WebKit cross-platform browser engine used by Apple's Safari and many other apps.
⚠️Install the Update immediately!!!⚠️
[For your device security, it’s a good practice to install updates within 36 hours of becoming available.]
https://support.apple.com/en-us/100100
#apple #ios #macos #update #it #security #privacy #engineer #media #tech #news
Apple security releases - Apple Support
This document lists security updates and Rapid Security Responses for Apple software.Apple Support
Strap in, get ready for more Rust Drivers in Linux Kernel.Rust is alive and well in the Linux kernel and is expected to translate into noticeable benefits shortly, though its integration with the largely C-oriented codebase still looks uneasy. [The Linux and Rust communities still have some issues to work out.]
https://rust-for-linux.com/rust-kernel-policy
#linux #kernel #memory #safety #rust #drivers #it #security #privacy #engineer #media #programming #tech #news
"Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed," c/side researcher Himanshu Anand said in a analysis last week.
https://cside.dev/blog/thousands-of-websites-hit-by-four-backdoors-in-3rd-party-javascript-attack
#wordpress #javascript #backdoors #it #security #privacy #engineer #media #tech #news
Thousands of websites hit by four backdoors in 3rd party JavaScript attack
While analyzing threats targeting WordPress frameworks, we found an attack where a single 3rd party JavaScript file was used to inject four separate backdoors into 1,000 compromised websites using cdn.csyndication[.]com/.c/side
Amazon's Kindle e-readers just got a bit less useful, but help is at hand, from jailbreaking to making one of the devices into a monitor. The latest change to the copy-protection measures in the Kindle range, which Amazon made on February 26, has fans of electronic books concerned.
[🖇️Check my Image Description🖇️]
https://kindlemodding.org/jailbreaking/WinterBreak/
#kindle #modding #winterbreak #electronic #books #media #it #engineer #tech #news
IT-Security researchers have uncovered a widespread phishing campaign that uses fake CAPTCHA images shared via PDF documents hosted on Webflow's content delivery network (CDN) to deliver the Lumma stealer malware.
https://www.netskope.com/blog/fake-captchas-malicious-pdfs-seo-traps-leveraged-for-user-manual-searches
#fake #captcha #pdf #phishing #campaign #it #security #privacy #engineer #media #tech #news
Fake CAPTCHAs, Malicious PDFs, SEO Traps Leveraged for User Manual Searches - Netskope
Summary On February 12, 2025, Netskope Threat Labs reported a widespread phishing campaign using fake CAPTCHA images via Webflow CDN to trick victimsJan Michael Alcantara (Netskope)
HIBP founder Troy Hunt says he found 284,132,969 compromised accounts while analyzing 1.5TB of stealer logs likely collected from numerous sources and shared on a Telegram channel known as “ALIEN TXTBASE.”
https://haveibeenpwned.com/PwnedWebsites#AlienStealerLogs
#hibp #alienstealer #data #breach #it #security #privacy #engineer #media #tech #news
![[ImageSource: HIBP]
In addition to expanding the database, HIBP has introduced new APIs to enhance data accessibility for organizations. These APIs allow querying of stealer logs by email and website domain, enabling assessments of workforce exposure and identifying compromised customer credentials.
These tools are available through a Pwned 5 subscription, which includes an API for email search and a free web UI for email log viewing. A new “IsStealerLog” flag is added for differentiated handling of stealer log data.
“This means that anyone programmatically dealing with data in HIBP can now easily elect to handle stealer logs differently than other breaches,” Troy Hunt.](https://nerdculture.de/system/media_attachments/files/114/104/070/837/274/043/original/b5802048a1ebc475.png "[ImageSource: HIBP]
In addition to expanding the database, HIBP has introduced new APIs to enhance data accessibility for organizations. These APIs allow querying of stealer logs by email and website domain, enabling assessments of workforce exposure and identifying compromised customer credentials.
These tools are available through a Pwned 5 subscription, which includes an API for email search and a free web UI for email log viewing. A new “IsStealerLog” flag is added for differentiated handling of stealer log data.
“This means that anyone programmatically dealing with data in HIBP can now easily elect to handle stealer logs differently than other breaches,” Troy Hunt.")
Have I Been Pwned: Pwned websites
Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.haveibeenpwned.com
Firefox confirms Support for Manifest V2 & V3 Extensions, contrasting Google's Chrome phase-out & disables MV2 Ad-Blockers.Mozilla has renewed its promise to continue supporting Manifest V2 extensions alongside Manifest V3, giving users the freedom to use the extensions they want in their browser.
https://blog.mozilla.org/en/products/firefox/firefox-manifest-v3-adblockers/
#firefox #manifest #v2 #extensions #support #it #security #privacy #engineer #media #tech #news
Mozilla’s approach to Manifest V3: What’s different and why it matters for extension users
While some browsers are phasing out Manifest V2 entirely, Firefox is keeping it alongside Manifest V3 — ensuring powerful privacy tools remain available to users.Kristina Bravo (The Mozilla Blog)
What if you want to control a vehicle that’s hundreds of kilometers away, or even on the other side of the planet? Cellular is an option, but is obviously limited by available infrastructure — good luck getting a cell signal in the middle of the ocean.
https://youtu.be/Fjy1hcLf2_M
#diy #remotely #controlled #science #sea #vehicles #starlink #mini #receiver #it #engineer #media #maker #programming #tech #space #news
![Modern remote control (RC) radios are capable of incredible range, but they’re still only made for line-of-sight use. But what if you could beam your commands down from space?
That’s what [Thingify] was looking to test when they put together an experimental RC boat using a Starlink Mini for communications. Physically, there was no question it would work on the boat. After all, it was small, light and power-efficient enough.
The downside? Starlink is a fairly expensive proposition; you’d need to have a pretty specific mission in mind to justify the cost. The Mini receiver currently costs $599 USD (though it occasionally goes on sale), and you’ll need at least a $50 per month plan to go with it. While this puts it out of the price range for recreational RC, [Thingify] notes that it’s not a bad deal if you’re looking to explore uncharted territory.](https://nerdculture.de/system/media_attachments/files/114/092/809/711/140/631/original/9e4cb0f46f9a54c5.jpeg "Modern remote control (RC) radios are capable of incredible range, but they’re still only made for line-of-sight use. But what if you could beam your commands down from space?
That’s what [Thingify] was looking to test when they put together an experimental RC boat using a Starlink Mini for communications. Physically, there was no question it would work on the boat. After all, it was small, light and power-efficient enough.
The downside? Starlink is a fairly expensive proposition; you’d need to have a pretty specific mission in mind to justify the cost. The Mini receiver currently costs $599 USD (though it occasionally goes on sale), and you’ll need at least a $50 per month plan to go with it. While this puts it out of the price range for recreational RC, [Thingify] notes that it’s not a bad deal if you’re looking to explore uncharted territory.")
![[ImageSource: Thingify]
But would the network connection be up to the task of controlling the vehicle in real-time?
During early ground testing, the Mini version of the Starlink receiver worked very well. Despite being roughly 1/4 the size of its predecessor, the smaller unit met or exceeded its performance during benchmarks on bandwidth, latency and signal strength. As expected, it also drew far less power: the Mini’s power consumption peaked at around 33 watts, compared to the monstrous 180 W for the larger receiver.
On the water, there was even more good news. The bandwidth was more than enough to run a high-resolution video feedback to the command center. At the same time, the boat moved autonomously between waypoints, and when [Thingify] switched over to manual control, the latency was low enough not to be a problem. “We wouldn’t recommend manually piloting a high-speed aircraft over Starlink, but for a boat that’s cruising along at 4 km/h, the lag didn’t even come into play.”](https://nerdculture.de/system/media_attachments/files/114/092/811/040/659/614/original/c92e0ce273ebda10.png "[ImageSource: Thingify]
But would the network connection be up to the task of controlling the vehicle in real-time?
During early ground testing, the Mini version of the Starlink receiver worked very well. Despite being roughly 1/4 the size of its predecessor, the smaller unit met or exceeded its performance during benchmarks on bandwidth, latency and signal strength. As expected, it also drew far less power: the Mini’s power consumption peaked at around 33 watts, compared to the monstrous 180 W for the larger receiver.
On the water, there was even more good news. The bandwidth was more than enough to run a high-resolution video feedback to the command center. At the same time, the boat moved autonomously between waypoints, and when [Thingify] switched over to manual control, the latency was low enough not to be a problem. “We wouldn’t recommend manually piloting a high-speed aircraft over Starlink, but for a boat that’s cruising along at 4 km/h, the lag didn’t even come into play.”")
Fan made Dreamcast Port of GTA 3 [Steals the Show].Thanks to [Stefanos] and his team, the genre defining Grand Theft Auto III [GTA 3], can now run on Sega’s hardware. Their combined efforts have yielded a fully playable port of the PC version of the game for Sega Dreamcast.
https://gitlab.com/skmp/dca3-game
#sega #dreamcast #gta3 #port #retrocomputing #art #console #gaming #history #engineer #media #retro #programming #artist #tech #news
![The porting effort was years in the making. It began with reverse engineering the entire source code of GTA 3 then implementing it into the homebrew SDK for the Dreamcast, KallistiOS. All the in-game graphic and sound assets are only pulled from a user provided PC copy of the game. Steps for those seeking to compile a bootable Dreamcast image of their own have been provided on the project’s website.
<https://dca3.net/setup/>
Recently one of the original developers of GTA 3 [Obbe Vermejj], divulged that the game actually began development on the Dreamcast. The project was obviously transferred onto PlayStation 2 for commercial reasons, but with this port from [Stefanos] and crew, we no longer have to dream of what could have been.](https://nerdculture.de/system/media_attachments/files/114/087/246/934/693/980/original/4b01ad863ad1aaaf.png "The porting effort was years in the making. It began with reverse engineering the entire source code of GTA 3 then implementing it into the homebrew SDK for the Dreamcast, KallistiOS. All the in-game graphic and sound assets are only pulled from a user provided PC copy of the game. Steps for those seeking to compile a bootable Dreamcast image of their own have been provided on the project’s website.
<https://dca3.net/setup/>
Recently one of the original developers of GTA 3 [Obbe Vermejj], divulged that the game actually began development on the Dreamcast. The project was obviously transferred onto PlayStation 2 for commercial reasons, but with this port from [Stefanos] and crew, we no longer have to dream of what could have been.")
![[ImageSource: Stefanos]
As it turns out, Sega’s long defunct Dreamcast console is still thinking. The company behind the machine cut support long ago due in part to the commercial pressures applied by Sony’s PlayStation 2 console, but that never stopped the most dedicated of Dreamcast fans from seeking out its true potential.
This port of GTA 3 represents what could have been a true butterfly effect moment in console gaming history. The game was a major hit in the early days of the PlayStation 2, and it has been theorized that it could have proven to be a major commercial success for Sega as well had it been pressed onto a Dreamcast GD-ROM disc.](https://nerdculture.de/system/media_attachments/files/114/087/248/031/147/040/original/9e05caf297cb79fb.png "[ImageSource: Stefanos]
As it turns out, Sega’s long defunct Dreamcast console is still thinking. The company behind the machine cut support long ago due in part to the commercial pressures applied by Sony’s PlayStation 2 console, but that never stopped the most dedicated of Dreamcast fans from seeking out its true potential.
This port of GTA 3 represents what could have been a true butterfly effect moment in console gaming history. The game was a major hit in the early days of the PlayStation 2, and it has been theorized that it could have proven to be a major commercial success for Sega as well had it been pressed onto a Dreamcast GD-ROM disc.")
Stefanos Kornilios Mitsis Poiitidis / dca3-game · GitLab
A port of librw and re3 to the Dreamcast https://dca3.netGitLab
[UPDATE
] Oh joy of joys, if you loved the 1984 game of Tetris or the 1989 game of Columns , you'll be pleased to know a brand new puzzle overhaul of Tetris 2 by František Fuka has been released for the ZX Spectrum.
https://theshich.itch.io/tetris-ce
#zxspectrum #tetris #championship #edition #update #retrocomputing #retro #gaming #programming #art #engineer #media #tech #news
![[ImageSource: theshich.itch.io]
UPDATE : I've recently been informed that Tetris Championship Edition may have been updated on itch io. Although I'm not sure if it's the same version as the one released in 2020 going by the fact they both say 1.0. The developer has noted all of the changes listed below.
• New Korobeiniki AY tune
• 50 FPS modes
• Kempston joystick support
• you can hold left or right key and piece will move continuously in that direction (you had to press these keys many times before)
• soft drop implemented
• you can now rotate pieces to the right (previously it was only to the left)
• accordingly, Redefine Keys screen has been changed
• the randomizer has been greatly improved, now the same frequency of all pieces is guaranteed
• scoring system has been changed: now it’s much more profitable to clean several lines at once, especialy 4
• the level increases when a certain amount of lines is cleared (previously it did not change at all)
• the number of levels in the classic mode has been increased: earlier, only levels 1-8 were available, now it's 0-9 by default and 10-19 with DROP key pressed
• theoretically the number of levels is not limited
• two tracks by František Fuka was replaced
• in Tetris 2 mode all levels have been redone (now there are 50 of them, but there will be more), and this mode was named Puzzle
• cheat mode for Puzzle was added
• now you can listen to music along with 48k effects
• Puzzle mode now has harder levels limited by a timer](https://nerdculture.de/system/media_attachments/files/114/053/327/643/191/138/original/8e7443fa0fee5413.png "[ImageSource: theshich.itch.io]
UPDATE : I've recently been informed that Tetris Championship Edition may have been updated on itch io. Although I'm not sure if it's the same version as the one released in 2020 going by the fact they both say 1.0. The developer has noted all of the changes listed below.
• New Korobeiniki AY tune
• 50 FPS modes
• Kempston joystick support
• you can hold left or right key and piece will move continuously in that direction (you had to press these keys many times before)
• soft drop implemented
• you can now rotate pieces to the right (previously it was only to the left)
• accordingly, Redefine Keys screen has been changed
• the randomizer has been greatly improved, now the same frequency of all pieces is guaranteed
• scoring system has been changed: now it’s much more profitable to clean several lines at once, especialy 4
• the level increases when a certain amount of lines is cleared (previously it did not change at all)
• the number of levels in the classic mode has been increased: earlier, only levels 1-8 were available, now it's 0-9 by default and 10-19 with DROP key pressed
• theoretically the number of levels is not limited
• two tracks by František Fuka was replaced
• in Tetris 2 mode all levels have been redone (now there are 50 of them, but there will be more), and this mode was named Puzzle
• cheat mode for Puzzle was added
• now you can listen to music along with 48k effects
• Puzzle mode now has harder levels limited by a timer")
Tetris Championship Edition (ZX Spectrum) by theshich
This is highly modified version of Tetris 2 from Fuxoft.itch.io
Mastodon is making a change that might have some users divided. In an update, the decentralized platform announced that it’s working to add quote posts “to help people to transition away from proprietary, billionaire-owned social media to the open social web”.
https://blog.joinmastodon.org/2025/02/bringing-quote-posts-to-mastodon/
#mastodon #quoteposts #fediverse #socialmedia #it #engineer #media #tech #news
![[ImageSource: MastodonEngineering]
But there are some technical hurdles that Mastodon will have to overcome to enable quote posts. For one, quote posts aren’t standardized, meaning there isn’t a set way to build the feature into ActivityPub, the decentralized social networking protocol used by Mastodon. The platform adds that quote posts will impact a large portion of Mastodon’s codebase, so it will “take more time to develop.”
There isn’t a timeframe for when we can expect quote posts to arrive on Mastodon, but it aims to create a specification that will allow other Fediverse applications to implement quote posts as well. Mastodon first considered introducing quote posts in 2023 and received a grant to work on the project.
<https://blog.joinmastodon.org/2023/05/a-new-onboarding-experience-on-mastodon/#:~:text=And%20our%20work,these%20updates%20soon.>
“We know that Quote Posts are a source of concern for some members of the community, and highly-requested by others,” Mastodon says. “We’re committed to sharing our progress, and listening to your feedback.”](https://nerdculture.de/system/media_attachments/files/114/042/019/748/078/584/original/7ff45630c1ef1dc2.png "[ImageSource: MastodonEngineering]
But there are some technical hurdles that Mastodon will have to overcome to enable quote posts. For one, quote posts aren’t standardized, meaning there isn’t a set way to build the feature into ActivityPub, the decentralized social networking protocol used by Mastodon. The platform adds that quote posts will impact a large portion of Mastodon’s codebase, so it will “take more time to develop.”
There isn’t a timeframe for when we can expect quote posts to arrive on Mastodon, but it aims to create a specification that will allow other Fediverse applications to implement quote posts as well. Mastodon first considered introducing quote posts in 2023 and received a grant to work on the project.
<https://blog.joinmastodon.org/2023/05/a-new-onboarding-experience-on-mastodon/#:~:text=And%20our%20work,these%20updates%20soon.>
“We know that Quote Posts are a source of concern for some members of the community, and highly-requested by others,” Mastodon says. “We’re committed to sharing our progress, and listening to your feedback.”")
Bringing Quote Posts to Mastodon
Sharing our thinking and progress on bringing Quote Posts to Mastodon, with a goal to create a safe and respectful space for everyone.Mastodon Blog
A new security feature for Android blocks device owners from changing sensitive settings when a phone call is in progress. The in-call anti-scammer protections include preventing users from turning on settings to install apps from unknown sources and granting accessibility access.
https://www.androidauthority.com/android-16-phone-call-protections-3526068/
#android #it #security #privacy #engineer #media #tech #news
![[ImageSource: blogger.googleusercontent.com]
The development comes after Google expanded restricted settings to cover more permission categories in order to prevent sideloaded apps from accessing sensitive data.
<https://source.android.com/docs/compatibility/15/android-15-cdd#restricted-settings>
It has also rolled out the ability to automatically block sideloading of potentially unsafe apps in markets like Brazil, Hong Kong, India, Kenya, Nigeria, Philippines, Singapore, South Africa, Thailand and Vietnam to tackle fraud.](https://nerdculture.de/system/media_attachments/files/114/036/275/791/742/088/original/4b92d4b8305a8b1c.png "[ImageSource: blogger.googleusercontent.com]
The development comes after Google expanded restricted settings to cover more permission categories in order to prevent sideloaded apps from accessing sensitive data.
<https://source.android.com/docs/compatibility/15/android-15-cdd#restricted-settings>
It has also rolled out the ability to automatically block sideloading of potentially unsafe apps in markets like Brazil, Hong Kong, India, Kenya, Nigeria, Philippines, Singapore, South Africa, Thailand and Vietnam to tackle fraud.")
Android 16 has a new tool for keeping scammers at bay - Android Authority
A new security feature in Android 16 could block you from changing certain sensitive settings during phone calls.Mishaal Rahman (Android Authority)
Scientists have discovered microplastics in the snow near some of Antarctica's deep field camps, revealing how far-reaching plastic pollution has become. While not new, it's the first time these tiny pieces of plastic have been found in remote locations.
https://linkinghub.elsevier.com/retrieve/pii/S0048969725001779
#antarctica #microplastics #pollution #nature #science #engineer #media #chemistry #tech #news
![[ImageSource: Steve Gibbs, BAS]
A view over the Ellsworth Mountains, West Antarctica.
Dr. Emily Rowlands, a marine ecologist at British Antarctic Survey (BAS) and co-author of the paper says, "With these developing techniques, we're now able to analyze microplastics of a much smaller size than before. In fact, we found microplastic abundance in these snow samples to be 100 times higher than in previous studies of Antarctic snow samples."
Dr. Clara Manno, an ocean ecologist at British Antarctic Survey, adds, "We think this means that there are local sources of plastic pollution, at least when it comes to polyamide. This could come from outdoor clothing, or the ropes and flags that are used to mark safe routes in and around the camp.
"We need to do more research to fully understand the sources of microplastic pollution in Antarctica—how much of it is local, and how much is transported over long distances so we can explore how best to reduce this plastic pollution in one of the most pristine places on Earth."
Some research suggests that microplastics could affect the snow's albedo (how much light it reflects) and how quickly it melts. It can also be transported to areas of ecological importance.](https://nerdculture.de/system/media_attachments/files/114/030/476/309/829/926/original/943bb2e3c5405732.jpeg "[ImageSource: Steve Gibbs, BAS]
A view over the Ellsworth Mountains, West Antarctica.
Dr. Emily Rowlands, a marine ecologist at British Antarctic Survey (BAS) and co-author of the paper says, \"With these developing techniques, we're now able to analyze microplastics of a much smaller size than before. In fact, we found microplastic abundance in these snow samples to be 100 times higher than in previous studies of Antarctic snow samples.\"
Dr. Clara Manno, an ocean ecologist at British Antarctic Survey, adds, \"We think this means that there are local sources of plastic pollution, at least when it comes to polyamide. This could come from outdoor clothing, or the ropes and flags that are used to mark safe routes in and around the camp.
\"We need to do more research to fully understand the sources of microplastic pollution in Antarctica—how much of it is local, and how much is transported over long distances so we can explore how best to reduce this plastic pollution in one of the most pristine places on Earth.\"
Some research suggests that microplastics could affect the snow's albedo (how much light it reflects) and how quickly it melts. It can also be transported to areas of ecological importance.")
A new audit of DeepSeek's iOS app has found glaring security issues, the foremost being that it sends sensitive data over the internet without any encryption.
[⚠️This exposes your data to interception and manipulation attacks.⚠️]
https://www.nowsecure.com/blog/2025/02/06/nowsecure-uncovers-multiple-security-and-privacy-flaws-in-deepseek-ios-mobile-app/
#deepseek #ai #llm #ios #app #it #security #privacy #engineer #media #tech #news
![[ImageSource: NowSecure]
"The DeepSeek iOS app globally disables App Transport Security (ATS) which is an iOS platform level protection that prevents sensitive data from being sent over unencrypted channels," NowSecure said. "Since this protection is disabled, the app can (and does) send unencrypted data over the internet."
The findings add to a growing list of concerns that have been raised around the artificial intelligence (AI) chatbot service, even as it skyrocketed to the top of the app store charts on both Android and iOS in several markets across the world.
The app's Chinese links, much like TikTok, have prompted U.S. lawmakers to push for a nation-wide ban on DeepSeek from government devices over risks that it could provide user information to Beijing.
<https://gottheimer.house.gov/posts/release-gottheimer-lahood-introduce-new-bipartisan-legislation-to-protect-americans-from-deepseek>
It's worth noting that several countries, including Australia, Italy, Netherlands, Taiwan, South Korea, government agencies in India and the United States (such as the Congress, NASA, Navy and Pentagon), have instituted bans on DeepSeek from government devices.](https://nerdculture.de/system/media_attachments/files/114/018/996/910/493/093/original/7e00d291d5e366a2.png "[ImageSource: NowSecure]
\"The DeepSeek iOS app globally disables App Transport Security (ATS) which is an iOS platform level protection that prevents sensitive data from being sent over unencrypted channels,\" NowSecure said. \"Since this protection is disabled, the app can (and does) send unencrypted data over the internet.\"
The findings add to a growing list of concerns that have been raised around the artificial intelligence (AI) chatbot service, even as it skyrocketed to the top of the app store charts on both Android and iOS in several markets across the world.
The app's Chinese links, much like TikTok, have prompted U.S. lawmakers to push for a nation-wide ban on DeepSeek from government devices over risks that it could provide user information to Beijing.
<https://gottheimer.house.gov/posts/release-gottheimer-lahood-introduce-new-bipartisan-legislation-to-protect-americans-from-deepseek>
It's worth noting that several countries, including Australia, Italy, Netherlands, Taiwan, South Korea, government agencies in India and the United States (such as the Congress, NASA, Navy and Pentagon), have instituted bans on DeepSeek from government devices.")
NowSecure Uncovers Multiple Security and Privacy Flaws in DeepSeek iOS Mobile App - NowSecure
A NowSecure mobile application security and privacy assessment has uncovered multiple security and privacy issues in the DeepSeek iOS mobile app that lead As the top iOS app since Jan 25, 2025, the DeepSeek iOS app has already been downloaded and use…Andrew Hoog (NowSecure, Inc.)
A developer could hack into the Apple Lightning to HDMI dongle and run Doom directly on the accessory. The Apple Lightning Digital AV Adapter features a custom Samsung SoC with a 400MHz ARM Cortex-A5 core and 256 MiB of DRAM.
https://www.macrumors.com/2025/02/04/doom-apple-lightning-hdmi-adapter/
#doom #retro #gaming #art #apple #hdmi #dongle #arm #ios #programming #engineer #media #tech #news
![[ImageSource: nyan_satan]
The adapter runs a simplified version of iOS, but since it doesn’t have persistent storage, the developer used their MacBook to load firmware with a file system. They also use the laptop's connection for controls, but aside from that, everything runs directly on the dongle.
The developer said he plans to release the software behind this Doom project as a package in the future, allowing anyone with a jailbroken iOS device to run it and try it for themselves. In the meantime, he plans to improve it further, like introducing sound output and finding a way to attach a controller to the dongle so you can play Doom without needing a Mac.](https://nerdculture.de/system/media_attachments/files/114/013/843/560/414/543/original/33d0585b6b0cd744.png "[ImageSource: nyan_satan]
The adapter runs a simplified version of iOS, but since it doesn’t have persistent storage, the developer used their MacBook to load firmware with a file system. They also use the laptop's connection for controls, but aside from that, everything runs directly on the dongle.
The developer said he plans to release the software behind this Doom project as a package in the future, allowing anyone with a jailbroken iOS device to run it and try it for themselves. In the meantime, he plans to improve it further, like introducing sound output and finding a way to attach a controller to the dongle so you can play Doom without needing a Mac.")
Check Out Doom Running on Apple's Lightning to HDMI Adapter
Installing Doom on a range of unusual hardware devices has become a fun challenge for programmers, and we've seen the game running on everything...Juli Clover (MacRumors.com)
T-Mobile’s Starlink-powered direct-to-cell satellite messaging service is now open for anyone in the US to try for free. The service will be limited to text messaging at first but the company hopes to have some apps and even limited multimedia support ready by the time it goes live this summer.
https://www.t-mobile.com/coverage/satellite-phone-service
#tmobile #starlink #direct #to #cell #messaging #it #engineer #media #tech #news
Microsoft has released a PowerShell script to help Windows users and admins update bootable media so it utilizes the new "Windows UEFI CA 2023" certificate before the mitigations of the BlackLotus UEFI bootkit are enforced later this year.
https://download.microsoft.com/download/5/7/8/57894d2a-6966-4de9-8c01-66e0db608c21/Make2023BootableMedia.ps1
#windows #media #update #bootkit #it #security #privacy #engineer #tech #news
![[ImageSource: Microsoft]
Script to apply CVE-2023-24932 mitigations to bootable Windows media.
The PowerShell script can be downloaded from Microsoft and can be used to update bootable media files for ISO CD/DVD image files, a USB flash drive, a local drive path or a network drive path.
To utilize the utility, you must first download and install the Windows ADK, which is necessary for this script to work correctly. When run, the script will update the media files to use the Windows UEFI CA 2023 certificate and install the boot managers signed by this certificate.
<https://learn.microsoft.com/windows-hardware/get-started/adk-install#winADK>
It is strongly advised that Windows admins test this process before the enforcement stage of the security updates is reached. Microsoft says this will happen by the end of 2026 and will give a six-month notice before it begins.](https://nerdculture.de/system/media_attachments/files/113/979/683/291/066/231/original/4222c1943003b213.png "[ImageSource: Microsoft]
Script to apply CVE-2023-24932 mitigations to bootable Windows media.
The PowerShell script can be downloaded from Microsoft and can be used to update bootable media files for ISO CD/DVD image files, a USB flash drive, a local drive path or a network drive path.
To utilize the utility, you must first download and install the Windows ADK, which is necessary for this script to work correctly. When run, the script will update the media files to use the Windows UEFI CA 2023 certificate and install the boot managers signed by this certificate.
<https://learn.microsoft.com/windows-hardware/get-started/adk-install#winADK>
It is strongly advised that Windows admins test this process before the enforcement stage of the security updates is reached. Microsoft says this will happen by the end of 2026 and will give a six-month notice before it begins.")
Not only the SEGA Mega Drive and Genesis get a new homebrew release called [Super Star Wars Holiday Special]. Today you can download the Commodore Amiga version, that's been ported over as the first public beta by Earok.
https://eab.abime.net/showthread.php?p=1725394#post1725394
#amiga #super #starwars #port #retro #gaming #art #retrocomputing #engineer #artist #media #tech #news
![[ImageSource: Earok]
Which is an unofficial game from the cult-classic SNES Super Star Wars series, and loosely based on the outrageous The Star Wars Holiday Special from 1978.
Requirements:
AGA, CD32 Pad | Music is CD32 only | 020/2MB Chip minimum | 030 or Fast RAM recommended but not required](https://nerdculture.de/system/media_attachments/files/113/968/278/839/403/553/original/c29c802692bb4859.png "[ImageSource: Earok]
Which is an unofficial game from the cult-classic SNES Super Star Wars series, and loosely based on the outrageous The Star Wars Holiday Special from 1978.
Requirements:
AGA, CD32 Pad | Music is CD32 only | 020/2MB Chip minimum | 030 or Fast RAM recommended but not required")
Super Star Wars - Holiday Special AGA - English Amiga Board
Super Star Wars - Holiday Special AGA project.Amiga Game Factoryeab.abime.net
Threat actors are taking advantage of the rise in popularity of DeepSeek to promote two malicious infostealer packages on the Python Package Index, where they impersonated developer tools for the AI platform.
https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/malicious-packages-deepseeek-and-deepseekai-published-in-python-package-index
#deepseek #llm #it #security #privacy #engineer #media #developer #tech #news
![[ImageSource: Positive Technologies]
The malicious packages, deepseeek 0.0.8 and deepseekai 0.0.8 were uploaded to PyPI on January 29, 2025, with only twenty minutes between them.
Positive Technologies quickly discovered and reported them to PyPI, which quarantined and blocked downloads of the packages, followed by their complete deletion from the platform.
Despite the quick detection and response, 222 developers downloaded the two packages, most from the United States (117), followed by China (36), Russia, Germany, Hong Kong and Canada. Those developers who utilized these packages should immediately rotate their API keys, authentication tokens and passwords, as they may now be compromised.](https://nerdculture.de/system/media_attachments/files/113/963/687/409/845/888/original/26ce13670f89cd53.png "[ImageSource: Positive Technologies]
The malicious packages, deepseeek 0.0.8 and deepseekai 0.0.8 were uploaded to PyPI on January 29, 2025, with only twenty minutes between them.
Positive Technologies quickly discovered and reported them to PyPI, which quarantined and blocked downloads of the packages, followed by their complete deletion from the platform.
Despite the quick detection and response, 222 developers downloaded the two packages, most from the United States (117), followed by China (36), Russia, Germany, Hong Kong and Canada. Those developers who utilized these packages should immediately rotate their API keys, authentication tokens and passwords, as they may now be compromised.")
![[ImageSource: Positive Technologies]
Malicious payload contained in both packages.
The stolen information was exfiltrated to a command and control (C2) server at eoyyiyqubj7mquj.m.pipedream[.]net using Pipedream, a legitimate automation platform. Threat actors could use this stolen information to access cloud services, databases and other protected resources utilized by the developer.
"Functions used in these packages are designed to collect user and computer data and steal environment variables", reads the Positive Technologies report. "The payload is executed when the user runs the commands deepseeek or deepseekai (depending on the package) in the command-line interface."
"Environment variables often contain sensitive data required for applications to run, for example, API keys for the S3 storage service, database credentials, and permissions to access other infrastructure resources."](https://nerdculture.de/system/media_attachments/files/113/963/688/343/436/642/original/9a479c6c50735793.png "[ImageSource: Positive Technologies]
Malicious payload contained in both packages.
The stolen information was exfiltrated to a command and control (C2) server at eoyyiyqubj7mquj.m.pipedream[.]net using Pipedream, a legitimate automation platform. Threat actors could use this stolen information to access cloud services, databases and other protected resources utilized by the developer.
\"Functions used in these packages are designed to collect user and computer data and steal environment variables\", reads the Positive Technologies report. \"The payload is executed when the user runs the commands deepseeek or deepseekai (depending on the package) in the command-line interface.\"
\"Environment variables often contain sensitive data required for applications to run, for example, API keys for the S3 storage service, database credentials, and permissions to access other infrastructure resources.\"")
Malicious packages deepseeek and deepseekai published in Python Package Index
As part of our threat research and monitoring efforts, the Supply Chain Security team of the Threat Intelligence department of the Positive Technologies Expert Security Center (PT ESC) detected and prevented a malicious campaign in the Python Package…global.ptsecurity.com
The tech giant also noted it prevented 1.3 million apps from getting excessive or unnecessary access to sensitive user data during the time period by working with third-party app developers.
https://security.googleblog.com/2025/01/how-we-kept-google-play-android-app-ecosystem-safe-2024.html
#android #apps #google #play #protect #it #security #privacy #engineer #media #app #developer #programming #tech #news
![[ImageSource: Google]
Play Protect warns of risky App’s.
Google's untrusted APK installation blocking system, stopping 36 million installation attempts of 200,000 unique apps from nesting in 10 million Android devices in 2024. As the tech giant strengthens Android protections yearly, gaps in security remain, and cybercriminals employ new, more advanced methods to bypass automated scanners.
⚠️Users must remain vigilant, only trust reputable publishers, keep the number of installed apps at the minimum necessary, scrutinize and revoke risky app permissions, and ensure Play Protect is running at all times.⚠️](https://nerdculture.de/system/media_attachments/files/113/940/023/153/096/051/original/b2d704f05b8dc33b.png "[ImageSource: Google]
Play Protect warns of risky App’s.
Google's untrusted APK installation blocking system, stopping 36 million installation attempts of 200,000 unique apps from nesting in 10 million Android devices in 2024. As the tech giant strengthens Android protections yearly, gaps in security remain, and cybercriminals employ new, more advanced methods to bypass automated scanners.
⚠️Users must remain vigilant, only trust reputable publishers, keep the number of installed apps at the minimum necessary, scrutinize and revoke risky app permissions, and ensure Play Protect is running at all times.⚠️")
In the years since 1997, the landmark release of the Nokia 6110 and its inclusion of Snake, we have seen the game is ported to countless devices. This DOS version of Snake does have one key glitch that makes it more challenging to play than your typical versions of Snake.
https://github.com/donno2048/snake
#snake #game #dos #port #programming #retro #gaming #art #it #engineer #media #tech #news
![[ImageSource: donno2048]
Screenshot of donno2048's Snake for DOS port being played within a web DOSBox session.
If you fancy yourself a finesser, you must play this version of Snake without inputting backward inputs (as soon as you have more than three length), lest you immediately devour yourself and die. Usually, Snake doesn't make self-devouring this easy, so you have to be ultra-precise with your movements to play this DOS port of Snake adequately, which is a suitable bump in difficulty for the retro OS and hardware, even if it's a glitch.
It works perfectly fine in DOSBox and the web app, at least in terms of game speed.](https://nerdculture.de/system/media_attachments/files/113/929/007/269/175/209/original/7b3b36b7ecff5549.jpeg "[ImageSource: donno2048]
Screenshot of donno2048's Snake for DOS port being played within a web DOSBox session.
If you fancy yourself a finesser, you must play this version of Snake without inputting backward inputs (as soon as you have more than three length), lest you immediately devour yourself and die. Usually, Snake doesn't make self-devouring this easy, so you have to be ultra-precise with your movements to play this DOS port of Snake adequately, which is a suitable bump in difficulty for the retro OS and hardware, even if it's a glitch.
It works perfectly fine in DOSBox and the web app, at least in terms of game speed.")
GitHub - donno2048/snake: A minimal snake in assembly
A minimal snake in assembly . Contribute to donno2048/snake development by creating an account on GitHub.GitHub
🍷The headliner for this release is support for ARM64EC, the application binary interface (ABI) used for Arm apps in Windows 11. Also the release notes say that contains "over 6,000 individual changes" produced over "a year of development effort."
https://gitlab.winehq.org/wine/wine/-/releases/wine-10.0
#wine #stable #release #arm64 #emulation #linux #os #gaming #it #engineer #media #tech #news
Wine 10.0 · wine / wine · GitLab
The Wine team is proud to announce that the stable release Wine 10.0 is now available. This release represents a year of development effort and over...GitLab
Apple patches first exploited iOS Zero-Day of 2025.Apple has released security updates to fix this year's first zero-day vulnerability, tagged as actively exploited in attacks targeting iPhone users. The zero-day tracked as [CVE-2025-24085], is a privilege escalation security flaw in Apple's Core Media framework.
https://support.apple.com/en-us/100100
#apple #update #ios #zeroday #coremedia #it #security #privacy #engineer #media #tech #news
![[ImageSource: Shutterstock]
The updates also address five security flaws in AirPlay, all reported by Oligo Security researcher Uri Katz, that could be exploited by an attacker to cause unexpected system termination, denial-of-service (DoS), or arbitrary code execution under certain conditions.
Google's Threat Analysis Group (TAG) has been credited with discovering and reporting three vulnerabilities in the CoreAudio component (CVE-2025-24160, CVE-2025-24161 and CVE-2025-24163) that may lead to an unexpected app termination when parsing a specially crafted file.
Apple has fixed the security issues in the following devices and operating system versions.
• iOS 18.3 and iPadOS 18.3 - iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
• macOS Sequoia 15.3 - Macs running macOS Sequoia
• tvOS 18.3 - Apple TV HD and Apple TV 4K (all models)
• visionOS 2.3 - Apple Vision Pro
• watchOS 11.3 - Apple Watch Series 6 and later](https://nerdculture.de/system/media_attachments/files/113/917/894/741/773/314/original/a4502e320d7426db.png "[ImageSource: Shutterstock]
The updates also address five security flaws in AirPlay, all reported by Oligo Security researcher Uri Katz, that could be exploited by an attacker to cause unexpected system termination, denial-of-service (DoS), or arbitrary code execution under certain conditions.
Google's Threat Analysis Group (TAG) has been credited with discovering and reporting three vulnerabilities in the CoreAudio component (CVE-2025-24160, CVE-2025-24161 and CVE-2025-24163) that may lead to an unexpected app termination when parsing a specially crafted file.
Apple has fixed the security issues in the following devices and operating system versions.
• iOS 18.3 and iPadOS 18.3 - iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
• macOS Sequoia 15.3 - Macs running macOS Sequoia
• tvOS 18.3 - Apple TV HD and Apple TV 4K (all models)
• visionOS 2.3 - Apple Vision Pro
• watchOS 11.3 - Apple Watch Series 6 and later")
Apple security releases - Apple Support
This document lists security updates and Rapid Security Responses for Apple software.Apple Support
The research by web exposure management specialist Reflectiz reveals several alarming findings about the high number of website vulnerabilities organizations across many industries are needlessly exposing themselves to.
https://www.reflectiz.com/learning-hub/web-exposure-management-report/
#web #exposure #management #research #report #it #security #privacy #engineer #media #tech #news
![[ImageSource: reflectiz.com]
For the report, Reflectiz gathered its own proprietary data from the top 100 websites (according to number of site visits) in each industry, so the fact that close to half of all third-party apps in such a large sample are gathering sensitive user data when they don't need to comes as a surprise.
The realization that this practice is so widespread will cause many website owners to wonder what other surprises might be lurking in their web ecosystems and how large their web exposure footprint really is. If there's one thing that owners in any industry can take away from this report it's that they are almost guaranteed to have unexpected unresolved vulnerabilities of their own. (And the chart strongly suggests that they will….)](https://nerdculture.de/system/media_attachments/files/113/906/078/350/226/830/original/81da6f713ec57574.png "[ImageSource: reflectiz.com]
For the report, Reflectiz gathered its own proprietary data from the top 100 websites (according to number of site visits) in each industry, so the fact that close to half of all third-party apps in such a large sample are gathering sensitive user data when they don't need to comes as a surprise.
The realization that this practice is so widespread will cause many website owners to wonder what other surprises might be lurking in their web ecosystems and how large their web exposure footprint really is. If there's one thing that owners in any industry can take away from this report it's that they are almost guaranteed to have unexpected unresolved vulnerabilities of their own. (And the chart strongly suggests that they will….)")
![[ImageSource: reflectiz.com]
The chart, taken from the report, shows that there is variation between industries when it comes to apps that can access sensitive user data. With that in mind, companies working in the Entertainment and Online Retail sectors may want to pay extra attention to how many of their apps are accessing sensitive data unnecessarily and increasing their web exposure.
If you aren't familiar with the term web exposure, it was coined by Gartner to describe the range of risks that modern websites face because they connect with dozens of essential third-party apps, CDN repositories and open source tools that help with tracking and functionality tasks. Each one increases the size of the attack surface and is a potential target for malicious actors, but although website owners cannot avoid using these connected assets, they can take steps to make each one safer. Checking that the third-party apps aren't needlessly accessing user’s sensitive personal, financial and health information is a good place to start for a quick win, but the report reveals many others.](https://nerdculture.de/system/media_attachments/files/113/906/078/809/673/581/original/797ea16c23e2e758.png "[ImageSource: reflectiz.com]
The chart, taken from the report, shows that there is variation between industries when it comes to apps that can access sensitive user data. With that in mind, companies working in the Entertainment and Online Retail sectors may want to pay extra attention to how many of their apps are accessing sensitive data unnecessarily and increasing their web exposure.
If you aren't familiar with the term web exposure, it was coined by Gartner to describe the range of risks that modern websites face because they connect with dozens of essential third-party apps, CDN repositories and open source tools that help with tracking and functionality tasks. Each one increases the size of the attack surface and is a potential target for malicious actors, but although website owners cannot avoid using these connected assets, they can take steps to make each one safer. Checking that the third-party apps aren't needlessly accessing user’s sensitive personal, financial and health information is a good place to start for a quick win, but the report reveals many others.")
New Research: The State of Web Exposure 2025 – Reflectiz
A new report reveals that 45% of third-party apps access user info without proper authorization Learn how to uncover these hidden risks.Reflectiz
Dozens of Chrome extension developers have fallen victim to the attacks thus far, which aimed to lift API keys, session cookies and other authentication tokens from websites such as ChatGPT and Facebook for Business.
https://blog.sekoia.io/targeted-supply-chain-attack-against-chrome-browser-extensions/
#google #chrome #browser #extensions #development #programming #it #security #privacy #engineer #media #tech #news
Targeted supply chain attack against Chrome browser extensions
In this blog post, learn about the supply chain attack targeting Chrome browser extensions and the associated targeted phishing campaign.Quentin Bourgue and Sekoia TDR (Sekoia.io Blog)
The story of this texting typewriter is one that beautifully blends nostalgia and modern technology. [Sam], an engineering teacher, transformed a Panasonic T36 typewriter into a device that can receive SMS messages, print them out and even display the sender’s name & timestamp.
https://mrchristyengineering.wordpress.com/2024/12/09/hello-world/
#typewriter #sms #it #engineer #maker #artist #media #esp32 #programming #tech #art #news
![For enthusiasts of retro gadgets, this creation bridges the gap between analog charm and digital convenience. Beyond receiving messages, [Sam] is working on features like replying to texts directly from the typewriter. For those still familiar with the art form of typing on a typewriter.
<https://mrchristyengineering.wordpress.com/2024/12/10/the-texting-typewriter-software/>](https://nerdculture.de/system/media_attachments/files/113/894/743/468/962/671/original/36f31f3058b55bd7.jpeg "For enthusiasts of retro gadgets, this creation bridges the gap between analog charm and digital convenience. Beyond receiving messages, [Sam] is working on features like replying to texts directly from the typewriter. For those still familiar with the art form of typing on a typewriter.
<https://mrchristyengineering.wordpress.com/2024/12/10/the-texting-typewriter-software/>")
![[ImageSource: mrchristyengineering]
What makes Sam’s hack particularly exciting is its adaptability. By effectively replacing the original keyboard with an ESP32 microcontroller, he designed the setup to work with almost any electric typewriter. The project involves I2C communication, multiplexer circuits and SMS management via Twilio. The paper feed uses an “infinite” roll of typing paper — something Sam humorously notes as outlasting magnetic tape for storage longevity.](https://nerdculture.de/system/media_attachments/files/113/894/745/285/390/206/original/2562962e2cfd50d0.png "[ImageSource: mrchristyengineering]
What makes Sam’s hack particularly exciting is its adaptability. By effectively replacing the original keyboard with an ESP32 microcontroller, he designed the setup to work with almost any electric typewriter. The project involves I2C communication, multiplexer circuits and SMS management via Twilio. The paper feed uses an “infinite” roll of typing paper — something Sam humorously notes as outlasting magnetic tape for storage longevity.")
The Texting Typewriter (hardware)
Please to refer to my new blog site for this post. This is my first blog post documenting the present state of my texting typewriter (and my first blog post ever). In future posts I will document b…Mr. Christy's MVTHS Projects
Webscript security company c/side discovered during an incident response engagement for one of their clients that the malicious activity uses the wp3[.]xyz domain to exfiltrate data but have yet to determine the initial infection vector.
https://cside.dev/blog/over-5k-wordpress-sites-caught-in-wp3xyz-malware-attack
#wordpress #malicious #plugin #it #security #privacy #engineer #media #tech #news
![[ImageSource: c/side]
After compromising a target, a malicious script loaded from the wp3[.]xyz domain creates the rogue admin account wpx_admin with credentials available in the code. The script then proceeds to install a malicious plugin (plugin.php) downloaded from the same domain, and activates it on the compromised website.
[⚠️Blocking the Attacks⚠️]
c/side recommends that website owners block the ‘wp3[.]xyz’ domain using firewalls and security tools. Moreover, admins should review other privileged accounts and the list of installed plugins, to identify unauthorized activity and remove them as soon as possible.
Finally, it is recommended that CSRF protections on WordPress sites be strengthened via unique token generation, server-side validation and periodic regeneration. Tokens should have a short expiration time to limit their validity period.
Implementing multi-factor authentication also adds protection to accounts with credentials that have already been compromised.](https://nerdculture.de/system/media_attachments/files/113/883/249/146/798/681/original/62e28c105c3812a5.png "[ImageSource: c/side]
After compromising a target, a malicious script loaded from the wp3[.]xyz domain creates the rogue admin account wpx_admin with credentials available in the code. The script then proceeds to install a malicious plugin (plugin.php) downloaded from the same domain, and activates it on the compromised website.
[⚠️Blocking the Attacks⚠️]
c/side recommends that website owners block the ‘wp3[.]xyz’ domain using firewalls and security tools. Moreover, admins should review other privileged accounts and the list of installed plugins, to identify unauthorized activity and remove them as soon as possible.
Finally, it is recommended that CSRF protections on WordPress sites be strengthened via unique token generation, server-side validation and periodic regeneration. Tokens should have a short expiration time to limit their validity period.
Implementing multi-factor authentication also adds protection to accounts with credentials that have already been compromised.")
Over 5,000 WordPress sites caught in WP3[.]XYZ malware attack
We’ve uncovered a widespread malware campaign targeting WordPress websites, affecting over 5,000 sites globally. The malicious domain: "https://wp3.xyz/plugin[.]php".c/side
Thirty-five years ago, as December 1989 turned into January 1990, the then-largest ever cybercrime investigation was launched in response to the world's first known example of ransomware.
https://www.heise.de/news/Missing-Link-35-Jahre-Ransomware-am-Anfang-stand-eine-unscheinbare-Diskette-10247344.html
#ransomware #history #retrocomputing #retro #it #security #privacy #engineer #media #tech #news
![This first ransomware payload was secreted on a 5.25-inch floppy disk titled "AIDS Information — Introductory Diskette 2.0" [h/t Heise.de]. The pioneering ransomware was developed by one American biologist [Dr. Joseph Lewis Andrew Popp Jr.], and about 20.000 copies were distributed to subscribers of the magazine PC Business World, various mailing lists, and even to World Health Organization delegates during a conference on AIDS.
As one may be able to deduce by the years and names being thrown around, this attack's choice of target was highly intelligent and the method of delivery exploited people's existing fears of a terrifying new biological virus at a time when knowledge of regular computer viruses was at an all-time low — much less an all-new form of malware meant to extort its victims.
Compared to modern-day threat actor attacks, only file names [not the files themselves], were encrypted by this ransomware. Thanks to this, effective software countermeasures ("AIDSOUT" to remove it and "AIDSCLEAR" to check for hidden directories combined into "CLEARAID") were developed by John Sutcliffe and Jim Bates to rescue impacted parties.](https://nerdculture.de/system/media_attachments/files/113/878/105/389/651/002/original/8abb6e71e9174c40.jpeg "This first ransomware payload was secreted on a 5.25-inch floppy disk titled \"AIDS Information — Introductory Diskette 2.0\" [h/t Heise.de]. The pioneering ransomware was developed by one American biologist [Dr. Joseph Lewis Andrew Popp Jr.], and about 20.000 copies were distributed to subscribers of the magazine PC Business World, various mailing lists, and even to World Health Organization delegates during a conference on AIDS.
As one may be able to deduce by the years and names being thrown around, this attack's choice of target was highly intelligent and the method of delivery exploited people's existing fears of a terrifying new biological virus at a time when knowledge of regular computer viruses was at an all-time low — much less an all-new form of malware meant to extort its victims.
Compared to modern-day threat actor attacks, only file names [not the files themselves], were encrypted by this ransomware. Thanks to this, effective software countermeasures (\"AIDSOUT\" to remove it and \"AIDSCLEAR\" to check for hidden directories combined into \"CLEARAID\") were developed by John Sutcliffe and Jim Bates to rescue impacted parties.")
Missing Link: Die Ära der Ransomware beginnt mit einer 5,25"-Diskette
Vor 35 Jahren markierte eine schlichte 5,25 Zoll-Diskette mit der Aufschrift "AIDS Information" den Beginn einer der größten Geißeln der vernetzten Menschheit.Stefan Krempl (heise online)
The cat-and-mouse game between state-sponsored Russian threat actor group’s and one of the world’s biggest technology companies has continued into 2025.
https://www.microsoft.com/en-us/security/blog/2025/01/16/new-star-blizzard-spear-phishing-campaign-targets-whatsapp-accounts/
#whatsapp #phishing #campaign #it #security #privacy #engineer #media #tech #news
![It all starts with a spear-phishing email that purports to be from a U.S. government official to lend it a veneer of legitimacy and increase the likelihood that the victim would engage with them.
The message contains a quick response (QR) code that urges the recipients to join a supposed WhatsApp group on "the latest non-governmental initiatives aimed at supporting Ukraine NGOs." The code, is deliberately broken so as to trigger a response from the victim.
Should the email recipient reply, Star Blizzard sends a second message, asking them to click on a t[.]ly shortened link to join the WhatsApp group, while apologizing for the inconvenience caused. "When this link is followed, the target is redirected to a web page asking them to scan a QR code to join the group," Microsoft explained. "However, this QR code is actually used by WhatsApp to connect an account to a linked device and/or the WhatsApp Web portal."
<https://faq.whatsapp.com/1317564962315842/?cms_platform=web>
In the event the target follows the instructions on the site ("aerofluidthermo[.]org"), the approach allows the threat actor to gain unauthorized access to their WhatsApp messages and even exfiltrate the data via browser add-ons.](https://nerdculture.de/system/media_attachments/files/113/860/748/225/877/438/original/069d44f0cf010b41.jpeg "It all starts with a spear-phishing email that purports to be from a U.S. government official to lend it a veneer of legitimacy and increase the likelihood that the victim would engage with them.
The message contains a quick response (QR) code that urges the recipients to join a supposed WhatsApp group on \"the latest non-governmental initiatives aimed at supporting Ukraine NGOs.\" The code, is deliberately broken so as to trigger a response from the victim.
Should the email recipient reply, Star Blizzard sends a second message, asking them to click on a t[.]ly shortened link to join the WhatsApp group, while apologizing for the inconvenience caused. \"When this link is followed, the target is redirected to a web page asking them to scan a QR code to join the group,\" Microsoft explained. \"However, this QR code is actually used by WhatsApp to connect an account to a linked device and/or the WhatsApp Web portal.\"
<https://faq.whatsapp.com/1317564962315842/?cms_platform=web>
In the event the target follows the instructions on the site (\"aerofluidthermo[.]org\"), the approach allows the threat actor to gain unauthorized access to their WhatsApp messages and even exfiltrate the data via browser add-ons.")
New Star Blizzard spear-phishing campaign targets WhatsApp accounts | Microsoft Security Blog
In mid-November 2024, Microsoft Threat Intelligence observed the Russian threat actor we track as Star Blizzard sending their typical targets spear-phishing messages, this time offering the supposed opportunity to join a WhatsApp group.Microsoft Threat Intelligence (Microsoft Security Blog)
NESFab has some smart features developers of NES games will certainly appreciate, most notably automatic bank switching. Instead of doing this manually, but NESFab will automatically carve your code and data up into banks to be switched in and out of memory when needed.
https://pubby.games/nesfab.html
#new #nintendo #nes #8bit #game #developer #programming #language #nesfab #retro #gaming #art #it #engineer #media #tech #news
![“NESFab is a new programming language for creating NES games. Designed with 8-bit limitations in mind, the language is more ergonomic to use than C, while also producing faster assembly code. It’s easy to get started with, and has a useful set of libraries for making your first (or hundredth) NES game.”
There’s also an optional map editor, which makes it very easy to create additional levels for your game. All in all, a very cool project I hadn’t heard of, which also claims to perform better than other compilers.
[If you’ve ever considered making an NES game, NESFab might be a tool to consider.]](https://nerdculture.de/system/media_attachments/files/113/855/293/873/992/357/original/4c2531b6e99a6609.jpeg "“NESFab is a new programming language for creating NES games. Designed with 8-bit limitations in mind, the language is more ergonomic to use than C, while also producing faster assembly code. It’s easy to get started with, and has a useful set of libraries for making your first (or hundredth) NES game.”
There’s also an optional map editor, which makes it very easy to create additional levels for your game. All in all, a very cool project I hadn’t heard of, which also claims to perform better than other compilers.
[If you’ve ever considered making an NES game, NESFab might be a tool to consider.]")