Archive | June, 2013

PRISM, Edward Snowden, Big Brother & More Stuff We Already Knew

Use Netsparker


So there’s been 100s of articles posted about PRISM, which also now has a lengthy Wikipedia article – PRISM (surveillance program). Apparently PRISM (2007-present) is the program that replaces the previous (2001-2007) NSA warrantless surveillance program.

So the US government has been watching everyone, no shit (Nineteen Eighty-Four?).

PRISM is a clandestine national security electronic surveillance program operated by the United States National Security Agency (NSA) since 2007. PRISM is a government codename for a data collection effort known officially as US-984XN. It is operated under the supervision of the United States Foreign Intelligence Surveillance Court pursuant to the Foreign Intelligence Surveillance Act (FISA).

The existence of the program was leaked by NSA contractor Edward Snowden and published by The Guardian and The Washington Post on June 6, 2013. A document included in the leak indicated that the PRISM SIGAD was “the number one source of raw intelligence used for NSA analytic reports.”The President’s Daily Brief, an all-source intelligence product, cited PRISM data as a source in 1,477 items in 2012. The leaked information came to light one day after the revelation that the United States Foreign Intelligence Surveillance Court had been requiring the telecommunications company Verizon to turn over to the NSA logs tracking all of its customers’ telephone calls on an ongoing daily basis.

It’s a revelation for a lot of people however, who are unaware of how easy it is to capture data online (that isn’t encrypted) – like e-mail for example. I’ve always told people don’t write anything in an e-mail that you wouldn’t write on a post-card – because reading them both is at about the same difficulty level.

Most people think because they are logged onto Gmail/Hotmail etc using https, that their transmissions are secure. But unfortunately the majority of the e-mail infrastructure is using zero encryption – so all your messages are floating around in plain text, unless of course you are using PGP/GPG – they you are pretty safe. But how many people do that, and it requires both sender and receiver to using the same system.


There are of course specialist e-mail services for the paranoid like Hushmail Tormail.

It’s a big kick in the face for the US Government though with their hyperbole about freedom, now it turns out they are invading the whole World’s privacy and ignoring human rights.

There have been statements from Microsoft, Yahoo!, Google, Facebook, Apple & Dropbox stating they do not take part in PRISM and that they do not give any direct server access to any agencies.

The guy that kicked this whole thing off was Edward Snowden, who intentionally revealed his identity and is ready to deal with the consequences. More here – Edward Snowden: the whistleblower behind the NSA surveillance revelations.

He was basically a sys admin for a government contractor called Booz Allen Hamilton, parked under the NSA in Hawaii. As we all known, sys admins typically have full access to EVERYTHING, ever server, every system – as they need it to do their job.

Very few companies implement silos, or transparent encyrption to protect themselves from sys admins. More on that discussion here – Prism doesn’t have CIOs in a panic — yet .

Either way, it’s a pretty interesting story and it’s getting spectacular global press coverage – there’s plenty more to read if you’re interested.

Posted in: Legal Issues, Privacy

Topic: Legal Issues, Privacy


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


OWASP Bricks – Modular Deliberately Vulnerable Web Application

Use Netsparker


Bricks, a deliberately vulnerable web application built on PHP & MySQL focuses on variations of commonly seen application security vulnerabilities & exploits, which can be exploited using tools (Mantra & ZAP). The mission is to ‘break the bricks’.

Road Map

  1. Demonstrate maximum variations of most common vulnerabilities
  2. Help people to learn the need of secure codding practices and SSDLC
  3. Attract people to design more bricks
  4. Become a test bed for analyzing the performance of web application security scanners.
  5. Help people learn the manual method of testing the applications
  6. Demonstrate the possibilities of various security tools and techniques
  7. Become a platform to teach web application security in a class room/lab environment.

It’s a great way to learn the basics of web security, both from a developers perspective and from someone interesting in learning pen testing for web apps, if you want to check out more projects similar to Bricks, there a whole bunch here:

Vulnerable Web Application

You can download Bricks here:

OWASP Bricks – Torsa.zip

Or read more here.

Posted in: Exploits/Vulnerabilities, Web Hacking

Topic: Exploits/Vulnerabilities, Web Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.