Archive | June, 2013

PRISM, Edward Snowden, Big Brother & More Stuff We Already Knew


So there’s been 100s of articles posted about PRISM, which also now has a lengthy Wikipedia article – PRISM (surveillance program). Apparently PRISM (2007-present) is the program that replaces the previous (2001-2007) NSA warrantless surveillance program.

So the US government has been watching everyone, no shit (Nineteen Eighty-Four?).

PRISM is a clandestine national security electronic surveillance program operated by the United States National Security Agency (NSA) since 2007. PRISM is a government codename for a data collection effort known officially as US-984XN. It is operated under the supervision of the United States Foreign Intelligence Surveillance Court pursuant to the Foreign Intelligence Surveillance Act (FISA).

The existence of the program was leaked by NSA contractor Edward Snowden and published by The Guardian and The Washington Post on June 6, 2013. A document included in the leak indicated that the PRISM SIGAD was “the number one source of raw intelligence used for NSA analytic reports.”The President’s Daily Brief, an all-source intelligence product, cited PRISM data as a source in 1,477 items in 2012. The leaked information came to light one day after the revelation that the United States Foreign Intelligence Surveillance Court had been requiring the telecommunications company Verizon to turn over to the NSA logs tracking all of its customers’ telephone calls on an ongoing daily basis.

It’s a revelation for a lot of people however, who are unaware of how easy it is to capture data online (that isn’t encrypted) – like e-mail for example. I’ve always told people don’t write anything in an e-mail that you wouldn’t write on a post-card – because reading them both is at about the same difficulty level.

Most people think because they are logged onto Gmail/Hotmail etc using https, that their transmissions are secure. But unfortunately the majority of the e-mail infrastructure is using zero encryption – so all your messages are floating around in plain text, unless of course you are using PGP/GPG – they you are pretty safe. But how many people do that, and it requires both sender and receiver to using the same system.


There are of course specialist e-mail services for the paranoid like Hushmail Tormail.

It’s a big kick in the face for the US Government though with their hyperbole about freedom, now it turns out they are invading the whole World’s privacy and ignoring human rights.

There have been statements from Microsoft, Yahoo!, Google, Facebook, Apple & Dropbox stating they do not take part in PRISM and that they do not give any direct server access to any agencies.

The guy that kicked this whole thing off was Edward Snowden, who intentionally revealed his identity and is ready to deal with the consequences. More here – Edward Snowden: the whistleblower behind the NSA surveillance revelations.

He was basically a sys admin for a government contractor called Booz Allen Hamilton, parked under the NSA in Hawaii. As we all known, sys admins typically have full access to EVERYTHING, ever server, every system – as they need it to do their job.

Very few companies implement silos, or transparent encyrption to protect themselves from sys admins. More on that discussion here – Prism doesn’t have CIOs in a panic — yet .

Either way, it’s a pretty interesting story and it’s getting spectacular global press coverage – there’s plenty more to read if you’re interested.

Posted in: Legal Issues, Privacy

Topic: Legal Issues, Privacy


Latest Posts:


dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).
WiFi-Dumper - Dump WiFi Profiles and Cleartext Passwords WiFi-Dumper – Dump WiFi Profiles and Cleartext Passwords
WiFi-Dumper is an open-source Python-based tool to dump WiFi profiles and cleartext passwords of the connected access points on a Windows machine.
truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.


OWASP Bricks – Modular Deliberately Vulnerable Web Application


Bricks, a deliberately vulnerable web application built on PHP & MySQL focuses on variations of commonly seen application security vulnerabilities & exploits, which can be exploited using tools (Mantra & ZAP). The mission is to ‘break the bricks’.

Road Map

  1. Demonstrate maximum variations of most common vulnerabilities
  2. Help people to learn the need of secure codding practices and SSDLC
  3. Attract people to design more bricks
  4. Become a test bed for analyzing the performance of web application security scanners.
  5. Help people learn the manual method of testing the applications
  6. Demonstrate the possibilities of various security tools and techniques
  7. Become a platform to teach web application security in a class room/lab environment.

It’s a great way to learn the basics of web security, both from a developers perspective and from someone interesting in learning pen testing for web apps, if you want to check out more projects similar to Bricks, there a whole bunch here:

Vulnerable Web Application

You can download Bricks here:

OWASP Bricks – Torsa.zip

Or read more here.

Posted in: Exploits/Vulnerabilities, Web Hacking

Topic: Exploits/Vulnerabilities, Web Hacking


Latest Posts:


dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).
WiFi-Dumper - Dump WiFi Profiles and Cleartext Passwords WiFi-Dumper – Dump WiFi Profiles and Cleartext Passwords
WiFi-Dumper is an open-source Python-based tool to dump WiFi profiles and cleartext passwords of the connected access points on a Windows machine.
truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.