Usr6

Episode 50: Standard Library: Decimal Floating Point Arithmetic Episode 49: Standard Library: Tools for Working with Lists Episode 48: Standard Library: Weak References Episode 47: Standard Library: Logging Episode 46: Multi-threading Episode 45: Standard Library: Working with Binary Data Episode 44: Standard Library: Templating Episode 43: Standard Library: Output Formatting Episode 42: More on the Standard Library Episode 41: A Brief Tour of the Standard Library Episode 40: Generator Expressions Episode 39: Generators Episode 38: Iterators Episode 37: More on Classes Episode 36: Classes Episode 35: More on Errors and Exceptions Episode 34: Errors and Exceptions Episode 33: The pickle Module Episode 32: Reading and Writing Files Episode 31: Fancier Output Formatting Episode 30: Packages, Importing * Episode 29: Packages Episode 28: Compiled Modules and the dir function Episode 27: Modules as Scripts and the Module Search Path Episode 26: Modules Episode 25: Comparing Sequences and other Types Episode 24: More on Conditions Episode 23: Looping Techniques Episode 22: Dictionaries Episode 21: Sets Episode 20: Tuples and Sequences Episode 19: The del Statement Episode 18: List Comprehensions Episode 17: Functional Programming Tools Episode 16: Using Lists as Stacks and Queues Episode 15: More on Lists Episode 14: Intermezzo: Coding Style Episode 13: Documentation Strings Episode 12: Lambda Forms Episode 11: More on Defining Functions, Unpacking Argument Lists Episode 10: More on Defining Functions, Keyword Arguments Episode 9: More on Defining Functions: Default Argument Values Episode 8: break and continue Statements, and else Clauses on Loops Episode 7: The Range Function Episode 8.5: Defining Functions Episode 6: Flow Control, if and for Statements Episode 5: First Steps Toward Programming Episode 4: Introduction to Lists Episode 3: Introduction to Strings Episode 2: Using Python as a Calculator Episode 1: Using the Python Interpreter

The binary "reverse-challenge" adopts a few anti reverse engineering (anti-debug and anti-disassembly) techniques to protect an encrypted secret. What's the decrypted secret (hint: it's part of the input you provide and it is not the output the program produces)? Download: Download reverse-challenge from Sendspace.com - send big files the easy way Challenge-ul face parte din cursul: Malicious Software and its Underground Economy: Two Sides to Every Story by Dr Lorenzo Cavallaro IDA for Linux: https://www.hex-rays.com/products/ida/support/download_demo.shtml

Windows Exploit Development Tutorial Series Part 1: Introduction to Exploit Development Part 2: Saved Return Pointer Overflows Part 3: Structured Exception Handler (SEH) Part 4: Egg Hunters Part 5: Unicode 0x00410041 Part 6: Writing W32 shellcode Part 7: Return Oriented Programming Part 8: Spraying the Heap [Chapter 1: Vanilla EIP] Part 9: Spraying the Heap [Chapter 2: Use-After-Free] Linux Exploit Development Tutorial Series Part 1: Introduction to Linux Exploit Development Part 2: Linux Format String Exploitation

Icefog indica aparitia grupurilor de mercenari cibernetici care sunt angajati pentru a derula operatiuni de tip hit&run („ataca si fugi”) Echipa de cercetare a Kaspersky Lab a publicat in cursul noptii trecute un raport de cercetare cu privire la descoperirea actiunii „Icefog”, o grupare APT ce ataca tinte din Coreea de Sud si Japonia, concentrandu-se pe lanturile de aprovizionare pentru companiile occidentale. Operatiunea a inceput in 2011 si a evoluat de-a lungul anilor trecuti. „In ultimii ani, grupurile de tip ‚APT’ au avut ca tinta aproape toate tipurile de victime si sectoare”, a spus Costin Raiu, directorul echipei globale de cercetare si analiza (GReAT) a Kaspersky Lab. „In majoritatea cazurilor, atacatorii raman conectati ani intregi la retelele corporatiilor si guvernelor, extragand informatii confidentiale. Acest tip nou de atacuri – ‚hit&run’ – ce caracterizeaza Icefog, demonstreaza ca exista o noua tendinta – grupari mai mici, care dau lovituri cu o precizie chirurgicala. Atacul dureaza, in general, cateva zile sau saptamani, iar dupa ce obtin ceea ce cautau, atacatorii fac curatenie in urma lor si dispar. Pe viitor, previzionam ca numarul de grupari de tip APT care pot fi angajate pe „contract” va creste, acestea specializandu-se in operatiuni de tip „hit&run”, fiind un fel de echipe de „mercenari cibernetici” ai lumii moderne”, a incheiat Costin Raiu. Principalele descoperiri: Tinand cont de tipul tintelor identificate, atacatorii par a fi interesati de urmatoarele domenii de activitate: militar, constructii de nave maritime si operatiuni maritime de transport, dezvoltarea de software, companii de cercetare, operatorii telecom, operatorii de comunicatii prin satelit, mass media si televiziune. Printre tintele de care au fost interesati atacatorii, conform cercetarii, se numara contractorii din industria militara cum sunt Lig Nex1 si Selectron Industrial Company, companii de constructii de nave maritime ca DSME Tech, Hanjin Heavy Industries, operatori telecom – Korea Telecom, companii media ca Fuji TV si Japan-China Economic Association. Atacatorii fura documente confidentiale si planuri ale companiilor, informatii legate de conturile de e-mail si parole de acces la diverse resurse din interiorul sau din afara retelei victimei. In timpul operatiunii, atacatorii utilizeaza setul backdoor „Icefog” (cunoscut si ca „Fucobha”). Kaspersky Lab a identificat versiuni ale Icefog atat pentru Microsoft Windows, cat si pentru Mac OS X. Desi in majoritatea altor campanii APT victimele raman infectate timp de luni sau ani de zile, in vreme ce atacatorii fura in mod constant informatii, operatorii Icefog proceseaza victimele una cate una – localizand si copiind numai informatii specifice. In majoritatea cazurilor, operatorii Icefog par sa stie foarte bine ce cauta atunci cand ataca o anumita entitate. Ei cauta nume specifice de fisiere, care sunt identificate rapid si apoi sunt transferate in centrul de comanda si control. Atacul si functionalitatea Cercetatorii Kaspersky Lab au reusit sa preia controlul asupra 13 dintre cele peste 70 de domenii utilizate de catre atacatori. Astfel, echipa de cercetare a reusit sa obtina statistici in ceea ce priveste numarul de victime la nivel mondial. In plus, serverele de comanda si control ale Icefog pastreaza arhive criptate cu informatii despre victime, alaturi de tehnicile utilizate asupra lor. Aceste arhive pot fi de folos in identificarea tintelor atacurilor si, in anumite cazuri, a victimelor. Pe langa Japonia si Coreea de Sud, au mai fost identificate conexiuni din mai multe alte tari, inclusiv Taiwan, Hong King, China, SUA, Australia, Canada, Marea Britanie, Italia, Germania, Austria, Singapore, Belarus si Malaysia. In total, Kaspersky Lab a descoperit peste 4.000 de IP-uri unice infectate si cateva sute de victime (cateva zeci de victime care rulau Windows si peste 400 de victime Mac OS X). Pe baza listei de IP-uri utilizate pentru a monitoriza si a controla infrastructura, expertii Kaspersky Lab presupun ca jucatorii din spatele acestei operatiuni actioneaza din cel putin trei tari – China, Coreea de Sud si Japonia. Produsele Kaspersky Lab detecteaza si elimina toate variantele malware-lui Icefog. Raportul complet, in care se regaseste descrierea detaliata a backdoor-urilor, a altor instrumente malware si statistici, alaturi de indicatori ai compromiterii, accesati Securelist. De asemenea, este disponibil si un document FAQ despre Icefog. Sursa: Kaspersky Lab a descoperit Icefog: o noua campanie de spionaj cibernetic securelist: The Icefog APT: A Tale of Cloak and Three Daggers - Securelist The Icefog APT: Frequently Asked Questions: The Icefog APT: Frequently Asked Questions - Securelist

Do you remember this ? Yes, the so called “Notifier” which for the Free Antivirus users pops up once a day (if you didn’t install the Avira Search Free Toolbar) to sell you something. I bet you do, and I bet you didn’t like it! We also never liked it. We used it because we wanted to finance the Free Antivirus so that we continue to be able to offer free good quality security to the millions of users that are counting on it. But, soon we realized that despite the fact that it paid for a small percentage of the costs, it pushed away exactly the users for which we were striving to make the updates more frequent. Starting with October 1st, you will never see it again. Until then, just as a reminder, you will see this: Sursa: We’ve listened: Goodbye Notifier Ads! | Avira – TechBlog

A newlywed will soon be parted from his bride to serve three years in prison for hacking police websites under the Anonymous banner. John Anthony Borell III, a 22-year-old man from Toledo, in the US state of Ohio, on Thursday was sentenced by a federal judge. According to The Daily Dot, Borell, better known by his handle @ItsKahuna, was convicted for his part in the #OpPiggyBank hacking of police websites by the group CabinCr3w. As Borell admitted in a signed plea deal, in early 2012, he attacked a server for Utahchiefs.org, a website for police in Syracuse, New York, the municipal website of Springfield, Mo., and a site for the Los Angeles County Police Canine Association, according to The Huffington Post. He took credit for the actions via the Twitter account, according to The Daily Dot. Twitter subsequently cooperated with investigators by supplying IP data that enabled them to track the account to Borell. Borell was arrested in March 2012. According to The Daily Dot, the hacks included defacing the Texas Police Association's website to read, in part: Dear Texas Police Dept, Paid administrative leave should be reserved for injured cops, cops with pregnant wives, and cops who declare themselves conscientious objectors to a raid. Not a kiddie porn collecting cop. It looks as if Texas PD hasn't improved since the cousin of the PD, the Texas Youth Commission was caught with rape rooms. Targets: Texas PD and Syracuse Why: Insufficient effort ... Judgment: We must troll you According to the Office of Inadequate Security, the hacker(s) dumped 787 police officers' names, usernames, plain-text passwords, agencies and addresses, some of which were reportedly home addresses. In his plea agreement, Borell admitted to jeopardizing "the security of the personal information of many people, most of whom worked in law enforcement” by gaining unauthorized access to agency computer systems and posting it online. He said this in his description of the hacks in the plea agreement: "Regarding all of these hacks, I knew what I was doing was illegal." Prosecutors said Borell's actions victimized thousands and cost some $260,000 to repair as they beefed up security following the attacks. Borell also admitted to compromising the computer systems belonging to law enforcement agencies from Los Angeles, Syracuse, the official city site for Springfield, Missouri, and a community webpage in Illinois called pendletonundergound.com. Many other officers' personal details were exposed during the course of the hacking operation. Check out RT.com's coverage for more details. US District Judge Robert J. Shelby said that the sentence handed down on Thursday would also resolve charges filed against Borell in California, Missouri and New York. The newly married Borell will be allowed to spend 10 weeks with his family before he has to turn himself in to start his sentence. Prosecutors said that he originally faced a $250,000 fine and up to a decade in prison if convicted on both counts of computer intrusion. Sursa: Anonymous hacker @ItsKahuna sentenced to 3 years for hacking police sites | Naked Security

Most programming tutorials focus on how to do the most basic programming instructions like if, then, else, and while statements. All of the focus is on how a particular language does these things. Every programming language has this functionality, they all do it in their own unique way. Very rarely do any of these tutorials explain beyond this. As a result, there are many people out there who have "learned programming" which effectively means that they can write any program so long as it consists of giving someone a prompt to type some text, doing some processing, and then finally displaying some text output to the screen. This is what virtually every book you will buy at a book store will give you the ability to do. For this reason, there are plenty of people out there who understand how to write a program, and can probably effectively read someone else's source code - but they could never go out and actually build something. What is the missing link? Libraries. These are the TOOLS you need as a programmer to actually make things. In short, libraries provide you with functions that you can call rather easily in order to actually put your programming knowledge to work. For example, nothing in the core language of C gives you the ability to draw a circle. But a graphics library might very well have a function called: drawCircle(). We will be spending a great deal of time working with these types of libraries to build real, usable programs and games. Why "C"? C is a language that serves as a fantastic bridge between high level and low level languages. Once you know C, you can very easily branch yourself to any. other. language. No matter what language you intend to learn or in what direction you plan to take your IT career, learning C will be greatly beneficial. Once you have learned C, you will have a fundamental understanding of programming as a whole. At that point, what language you use will simply be a matter of preference or job requirement. You will not be limited to only jobs that require knowledge in a specific language, but rather you will be able to have a much wider set of opportunities open to you. You will find yourself much more free and the learning curve for new technologies will be greatly decreased. C1- Start Learning How To Write Programs: 1 Unit One : Introduction to Programming and this Course This unit provides a basic introduction to programming, as well as discussing some of the specifics regarding how to begin a career as a programmer. 2 Unit Two : Binary, Learning to Count like a Computer The first step to increasing your understanding about how a computer works is to understand how a computer counts. Binary is therefore a fundamental topic that you must learn. 3 Unit Three : The Basics of Include Statements, Data, and RAM This unit introduces you to the basics regarding how to take advantage of pre-built functions available in all modern programming languages. Also, you will learn how computers see data. 4 Unit Four : About Program Flow, Functions, and Syntax This unit will prepare you to write your first program by showing you the basics regarding how programs work, as well as the unique rules that all programming languages share. 5 Unit Five : Your First Program, and beyond In this unit you will learn everything necessary to write and run your first program. Also, we will go over the details of this process as well as reviewing what your first program should look like. 6 Unit Six : Basic data types This unit will introduce you to some of the basic ways that you can work with data such as numbers, letters, and more. This is fundamental knowledge you must obtain. 7 Unit Seven : Variables and more Now we are going to proceed to variables, which enable you to give meaningful names to otherwise confusing data. 8 Unit Eight : Arrays and Pointers While sometimes difficult to grasp for beginners, arrays and pointers are among the most powerful tools for any skilled programmer. 9 Unit Nine : Pointers Continued In these lessons we will study more about pointers, focusing on more ways to use them in your programs. 10 Unit Ten : Introducing Strings and Constants In this unit I will show you the bascs regarding strings and constants, as well as some new ways to visualize memory. 11 Unit Eleven : Conditional Flow Statements A program is useless if you do not provide some logic, tests to decide what to do based on certain conditions. This unit will explain the basics regarding how to do this. 12 Unit Twelve : Loops and blocks of code In this unit we start to explore more advanced concepts that will enable you to write and understand more complex programs. 13 Unit Thirteen : Basics of Algorithm Design In this unit we start to explore more advanced concepts that will enable you to write and understand more complex programs. 14 Unit Fourteen : Multi-Dimensional Arrays In this unit we start to explore more advanced concepts that will enable you to write and understand more complex programs. 15 Unit Fourteen : Review of Pointers Before we continue to more advanced lessons, it is important to review some details concerning pointers. 16 Unit Fifteen : Pointer Offsets and Array Indexing This unit will describe to you the basics regarding how to use pointers with arrays. 17 Unit Sixteen : Memory Allocation and Data Structures This unit will introduce you to how to allocate memory, as well as exploring more details concerning data structures. This is the final lesson in this course, and will prepare you to begin the next course. C2- Writing Basic Programs (After You Finish Course #1) 1 Unit One : Preparing to write Tic-Tac-Toe In the first unit I will begin by showing you how to plan this program, as well as introducing a number of new concepts. 2 Unit Two : Casts, Pointers, and Arrays In the lessons in this unit we will begin to explore casts, pointers, and arrays in greater detail. 3 Unit Three : More on Multi-Dimensional Arrays and Functions In this unit we will explore in more detail the concept of multi-dimensional arrays, functions, as well as how to use pointers better. 4 Unit Four : More on Data Structures In this unit we will explore additional information regarding how data structures work, and how you can store data. 5 Unit Five : Programming and Math In this unit we will begin to explore some of the simple math that goes into programming, and how it is useful to a software developer. Learn Programming, Free Programming Classes Online, How to write programs, C Programming for beginners

Today, the New York Times reported that an algorithm for generating random numbers, which was adopted in 2006 by the National Institute of Standards and Technology (NIST), contains a backdoor for the NSA. The news followed a NYT report from last week, which indicated that the National Security Agency (NSA) had circumvented widely used (but then-unnamed) encryption schemes by placing backdoors in the standards that are used to implement the encryption. In 2007, cryptographers Niels Ferguson and Dan Shumow presented research suggesting that there could be a potential backdoor in the Dual_EC_DRBG algorithm, which NIST had included in Special Publication 800-90. If the parameters used to define the algorithm were chosen in a particular way, they would allow the NSA to predict the supposedly random numbers produced by the algorithm. It wasn't entirely clear at the time that the NSA had picked the parameters in this way; as Ars noted last week, the rationale for choosing the particular Dual_EC_DRBG parameters in SP 800-90 was never actually stated. Today, the NYT says that internal memos leaked by Edward Snowden confirm that the NSA generated the Dual_EC_DRBG algorithm. Publicly, however, the agency's role in development was significantly underbilled: “In publishing the standard, NIST acknowledged 'contributions' from NSA, but not primary authorship,” wrote the NYT. From there, the NSA pushed the International Organization for Standardization to adopt the algorithm, calling it “a challenge in finesse” to convince the organization's leadership. “Eventually, NSA became the sole editor” of the international standard, according to one classified memo seen by the NYT. The details come just as NIST released a promise to reopen the public vetting process for SP 800-90. “We want to assure the IT cybersecurity community that the transparent, public process used to rigorously vet our standards is still in place,” a memo from the Institute read. “NIST would not deliberately weaken a cryptographic standard. We will continue in our mission to work with the cryptographic community to create the strongest possible encryption standards for the US government and industry at large.” Still, NIST asserted that its purpose was to protect the federal government first: “NIST’s mandate is to develop standards and guidelines to protect federal information and information systems. Because of the high degree of confidence in NIST standards, many private industry groups also voluntarily adopt these standards.” Sursa: New York Times provides new details about NSA backdoor in crypto spec | Ars Technica

It is hard to ignore the recent news about government sponsored internet surveillance campaigns, which are alleged to involve decrypting SSL traffic. In light of these news, should you do anything differently? Does it matter to your network and how? Even if today only a small group possesses the knowledge and resources to decrypt SSL, chances are that this secret will leak like so many and the resources required to apply the techniques will only get cheaper and in turn become available to well funded advisories like organized crime. The information once decrypted may also be at risk from being compromised by anyone who compromised the organization that now holds the data. So does it matter? First of all, I don't think there is "proof" at this point that SSL in itself has been broken. SSL and the encryption algorithms it negotiates have seen many implementation issues in the past, and it is fair to assume that broken implementations, bad random number generators and sub-optimal configurations make breaking "real live" SSL a lot easier then it should be based on the strength of the underlying algorithms. Additionally, in many high profile attacks, SSL wasn't the problem. The end point or the SSL infrastructure was compromised instead and as a result, the encryption algorithm didn't matter. Endpoint Security None of the "APT" style data leaks had much to do with decrypting SSL. Instead, the end point was compromised either by exploiting a technical vulnerability in client software, or by using social engineering techniques to trick the user into installing malicious software. These techniques are old, constantly tweaked and not limited to sophisticated attacks. Each day, we see compromises ranging from the "trivial" fake UPS shipping e-mail over more clever compromised ad networks to highly targeted and well crafted "spear phishing" attacks. What is the "Endpoint"? Many systems promise "end-to-end" encryption. In my opinion, end-to-end encryption means that a message is encrypted by the sender before it is transmitted and decrypted by the *final* recipient. The definition of *final* is critical here. Many encrypted messaging systems will decrypt the message on a server, then re-encrypt it for the recipient. This scheme will expose your message to intercept at the relay point. If you do not control the relay point, then your message is at risk from being intercepted. For example Skype. Skype uses a pretty solid encryption system. But in order to support features like gateways to other phone systems, the respective gateway has to be able to decrypt the message. Whenever your secure messaging system is able to communicate with insecure endpoints, someone else has to be able to decrypt the message. Similar with webmail systems. There are some attempts to built end-to-end encrypted web mail systems that use client side JavaScript or browser plugins to encrypt and decrypt the message. But these systems are not in wide use at this point. Cloud based messaging systems are of course in particular suspect and need to be designed carefully not to allow decryption "in the cloud", which in turn breaks features like search and indexing using cloud resources. The SSL Infrastructure There are two ways to "sniff" SSL: On the one hand you can record an SSL encrypted session and decrypt it offline. Without knowledge of the private keys or master keys involved, this process is very difficult if possible at all. The much more commonly used method to intercept SSL is to use a "Man in the Middle" attack. It again concerns the "end-to-end" concept. The attacker terminates the SSL connection and then re-encrypts it for the intended recipient. SSL provides signed certificates to prevent this attack, and clients will warn the user if an invalid certificate is used. The first problem is that the user may ignore the warning, given that too many "real" SSL certificates are not configured properly and produce this warning. Secondly, a browser will consider a certificate as valid if it is signed by a trusted certificate authority. Certificate authorities have been compromised in the past. Many governments control certificate authorities and are able to generate trusted certificates to impersonate other sites. Human factors around certificate authorities and attackers being able to obtain valid certificates are a much larger threat and SSL may have been considered broken for some time as a result. Tools like sslstrip will of course prey on the human interface component to again lead to a more "elegant" man in the middle attack. So what should I do? In network security, you always got limited time and limited resources to fight unlimited worries. First, focus on your end points. You are much more likely to suffer from a compromise due to a misconfigured endpoint then a brute-force decrypted SSL session. Secondly, double check the configuration of your SSL clients and servers. Are you using the strongest possible encryption algorithm? Are you using the longest possible keys? This is a tradeoff. For example, not all systems do support anything beyond TLS 1.0. Add respective upgrades to your roadmap. Finally: Encrypt everything. Even a sophisticated adversary has to use some finite resource to decrypt traffic. Increasing the work load by encrypting all traffic, not just "important" traffic is one way to extend the life span of your information. For closed networks that do not have to communicate with the outside world, consider building your own SSL infrastructure (NOT implement your own SSL library). Setup your own CA and only trust certificates signed by your own CA. But in the end, spend your time on problems that matter. It is all too easy to get distracted by the headline of the day. Sursa: ISC Diary | SSL is broken. So what?

The Russian government has warned hackers not to set foot outside its borders, as they risk being kidnapped by US authorities and taken to the US to face legal proceedings. The Russian Foreign Ministry last week advised citizens, especially those suspected of committing crimes by the United States, not to leave Russia for countries with extradition treaties with the US, Wired reports. "Practice shows that the trials of those who were actually kidnapped and taken to the United States are biased, based on shaky evidence" and are biased against Russians, warns the notice. Recently, several suspected Russian hackers have been seized by US authorties while traveling overseas. In June, Alexander Panin, suspected of a $5 million online banking scam, was arrested in the Dominican Republic and extradited to the US to face charges. Another Russian national, Maxim Chuhareva, was arrested in Costa Rica earlier this year on suspicion of being involved in running an online payment system used for illicit transactions. Russian Vladimir Drinkman, one of the alleged hackers most wanted by the US, was arrested during a trip to the Netherlands on a US warrant dating to 2009. He is suspected of the theft of 160 million credit card numbers from payment processors and US retailers like T.J. Maxx, in the biggest cyber fraud in US history. Albert Gonzalez, who was convicted of his role in the fraud in the US, was given a 20-year prison sentence in 2010. Two other Russian suspects in the case remain at large. The crimes are believed to have resulted in losses totalling $300m from targeted companies. For about two decades, Russia has been a safe haven for hackers and cyber fraudsters targeting the UK. Hackers offer their services on dedicated Russian language forums, and clients can commission anything from a cyber attack on a rival's website to a Trojan program to steal private information. It is believed that Russian authorities are willing to turn a blind eye to hacking that is targeted abroad, and enlist hackers for their own cyber espionage programmes. "They have been doing this in Russia for many years now," Misha Glenny, an expert and author on cybercrime told Wired. "Russian law enforcement and the FSB (Federal Security Service) in particular have a very good idea of what is going on and they are monitoring it but as long as the fraud is restricted to other parts of the world they don't care." In the absence of an extradition treaty with Moscow, American authorities have had to go to extra lengths to apprehend Russia-based cyber criminals. In 2000 they set up a fake company, Invita, in Seattle and invited two Russian hackers for interviews. FBI agents posed as managers, and when the interview ended, arrested the pair. Earlier this year, Russia offered former US intelligence contractor Edward Snowden asylum after he revealed details of a mass covert web surveillance operation undertaken by the US National Security Agency, making the prospect of legal co-operation between the countries even more unlikely. Sursa: 'Don't Travel Abroad' Russia warns Hackers - IBTimes UK

geographical location of the attacking hosts The malware sample we retrieved from Usenet has an unusually large size (almost 15MB) The core code base composes a very simple Tor-enabled IRC bot which incorporates DDoS and a few other capabilities. A large part of the binary appears to be junk data, possibly to better disguise it as a legitimate download. It also empowers several obfuscation routines to twist detection. The malware comes along with 4 additional embedded resources: A ZeuS bot. The Tor client for Windows. The CGMiner bitcoin mining tool. A copy of OpenCL.dll, used by CGMiner for CPU and GPU hash cracking Analiza: https://community.rapid7.com/community/infosec/blog/2012/12/06/skynet-a-tor-powered-botnet-straight-from-reddit Sample:Download Coldplay-Live_2012-2012-BriBerY.rar from Sendspace.com - send big files the easy way (descarcati doar pentru analiza, la nevoie mai am cateva sampleuri) Parola: rst

acelasi subiect, mai pe larg in limba romana, acu are logica: " Prefer symmetric cryptography over public-key cryptography" NSA poate descifra sistemele criptate de pe Internet NSA este capabil? s? decodeze principalele sisteme de criptare pe Internet, fie c? e vorba de e-mail sau tranzac?ii bancare, conform dezv?luirilor f?cute joi de pres? care risc? s? aduc? noi critici fa?? de metodele de supraveghere ale agen?iei de informa?ii americane. Al?turi de agen?ia britanic? GCHQ, Agen?ia na?ional? de securitate (NSA) "a compromis în mare parte garan?iile date de companiile de Internet clien?ilor lor cu privire la securitatea comunica?ilor", afirm? The Guardian, aflat la originea acestor dezv?luiri al?turi de New York Times ?i ProPublica. Cele trei jurnale se bazeaz? pe documente furnizate de Edward Snowden, fostul consultant al NSA ale c?rui dezv?luiri din luna iunie au provocat o polemic? puternic? în Statele Unite ?i în întreaga lume cu privire la impactul asupra libert??ilor publice ?i vie?ii private. În pofida promisiunilor de transparen?? ale pre?edintelui Barack Obama cu privire la aceste programe, multiplicarea dezv?luirilor, inclusiv cele de joi, deseneaz? conturul unei organiza?ii foarte puternice cu capacit??i de intruziune care par nelimitate. Comunica?iile pe Internet sunt supuse cript?rii informatice automate, fie c? este vorba de e-mailuri, mesaje instant, tranzac?ii bancare online sau transfer de date medicale. În cadrul unui program ultra-secret numit Bullrun, agen?ia de informa?ii american? poate "sparge" aceste sisteme de criptare (VPN, SSL) ?i descifra ceea ce se transfer?, afirm? New York Times, Guardian ?i ProPublica, o organiza?ie non-profit specializat? în jurnalismul de investiga?ie. Conform acestor documente al c?ror con?inut nu este divulgat, NSA ?i GCHQ au reu?it s? ob?in? "cheile" pentru diferite sisteme de criptare datorit? supercalculatoarelor ?i cooper?rii unor companii de Internet, ob?inut? uneori prin intermediul ordinelor judec?tore?ti. Dezv?luirile precedente ale lui Edward Snowden au permis deja aducerea la lumin? a unor programe ale agen?iei americane, precum cel de adunare a milioane de metadate telefonice (num?rul de telefon, durata apelului) ?i de supraveghere a Internetului (Prism). Îns? "spargerea codurilor" este misiunea principal? a agen?iei, fondat? în 1952, care se ocup? de intercept?rile electronice. Aceasta este o prioritate, conform unui document din 2007, citat de Times "În viitor, superputerile vor fi recunoscute pe baza puterii programelor lor de analiz? criptologic?". "Este pre?ul ce trebuie pl?tit pentru ca Statele Unite s? p?streze un acces ?i o utilizare neîngr?dit? a spa?iului virtual", continu? documentul. New York Times ?i ProPublica raporteaz? c? responsabili americani de informa?ii le-au cerut s? nu publice aceste date, temându-se c? aceste dezv?luiri vor determina anumite ?inte ale programului s? î?i schimbe metodele de criptare sau modul de comunicare. "Presa nu au men?ionat anumite aspecte îns? au decis s? publice articolul din cauza importan?ei unei dezbateri publice asupra ac?iunilor administra?iei, care sl?besc mijloacele cele mai puternice ce trebuie s? protejeze via?a privat? a americanilor ?i a tuturor", afirm? New York Times. Solicitat? de AFP, direc?ia na?ional? de informa?ii (ODNI) american? nu a f?cut niciun comentariu. Dac? aceast? capacitate de a descifra comunica?iile securizate poate ajuta la prevenirea atentatelor, aceasta risc? s? aib? ?i "consecin?e neprev?zute sl?bind securitatea comunica?iilor", mai noteaz? cotidianul. "Riscul atunci când se creeaz? o poart? de acces în sisteme este de a nu fi singurii care o exploateaz?", explic? Matthew Green, un cercet?tor în criptografie citat de New York Times. "Chiar dac? NSA dispune de mai mult? putere pentru a înc?lca via?a noastr? privat? în numele securit??ii cibernetice, ea face Internetul mai pu?in sigur ?i ne expune hackerilor, spionajului str?in ?i unei supravegheri ilegale", a denun?at într-un comunicat asocia?ia de ap?rare a drepturilor civile ACLU. #

How to remain secure against NSA surveillance by Bruce Schneier, link-ul articolului a fost postat de nytro may sus ... 1) Hide in the network. Implement hidden services. Use Tor to anonymize yourself. Yes, the NSA targets Tor users, but it's work for them. The less obvious you are, the safer you are. 2) Encrypt your communications. Use TLS. Use IPsec. Again, while it's true that the NSA targets encrypted connections – and it may have explicit exploits against these protocols – you're much better protected than if you communicate in the clear. 3) Assume that while your computer can be compromised, it would take work and risk on the part of the NSA – so it probably isn't. If you have something really important, use an air gap. Since I started working with the Snowden documents, I bought a new computer that has never been connected to the internet. If I want to transfer a file, I encrypt the file on the secure computer and walk it over to my internet computer, using a USB stick. To decrypt something, I reverse the process. This might not be bulletproof, but it's pretty good. 4) Be suspicious of commercial encryption software, especially from large vendors. My guess is that most encryption products from large US companies have NSA-friendly back doors, and many foreign ones probably do as well. It's prudent to assume that foreign products also have foreign-installed backdoors. Closed-source software is easier for the NSA to backdoor than open-source software. Systems relying on master secrets are vulnerable to the NSA, through either legal or more clandestine means. 5) Try to use public-domain encryption that has to be compatible with other implementations. For example, it's harder for the NSA to backdoor TLS than BitLocker, because any vendor's TLS has to be compatible with every other vendor's TLS, while BitLocker only has to be compatible with itself, giving the NSA a lot more freedom to make changes. And because BitLocker is proprietary, it's far less likely those changes will be discovered. Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can. ...

Creator: Zachary Zebrowski License: Creative Commons: Attribution, Share-Alike Lab Requirements: Access to the internet, a web browser. Author written tools available at http://zak.freeshell.org/course/lab.html Recommended Class Duration: 1 day Creator Available to Teach In-Person Classes: Yes Author Comments: This course looks at web users from a few different perspectives. First, we look at identifying techniques to determine web user identities from a server perspective. Second, we will look at obfuscating techniques from a user whom seeks to be anonymous. Finally, we look at forensic techniques, which, when given a hard drive or similar media, we identify users who accessed that server. All Materials (.zip of pptx(126 slides)) Part 1 (4:16, 37 MB) - Introduction Part 2 (10:02, 92 MB) - Characteristics of Internet Connections Part 3 (17:49, 156 MB) - Offensive - IP Geolocation Part 4 (31:20, 254 MB) - Offensive - Browser Identification Part 5 (5:51, 52 MB) - Defensive - Borrowing Wifi Connections Part 6 (19:39, 146 MB) - Defensive - Shell & Cloud Accounts Part 7 (24:07, 177 MB) - Defensive - Anonymizers Part 8 (5:16, 46 MB) - Defensive - Web Browser Privacy Modes Part 9 (11:54, 101 MB) - Defensive - Email Origin Obfuscation Part 10 (16:13,129 MB) - Offensive/Defensive - Other Web Browser Attacks/Defenses Part 11 (33:24, 257 MB) - Forensic: Database Analysis Part 12 (15:01, 107 MB) - Forensic: Log Analysis HD Videos on Youtube: Sursa: http://opensecuritytraining.info/WebIdentity.html

Nivel 0: https://cs50.harvard.edu/weeks - Asm & Api: Limbaj de Asamblare (Assembler) Intel 8086 Windows Assembly Language Megaprimer Iczelion's Win32 Assembly Silences Programming Tour with MASM32 Intel Pentium Instruction Set Reference Functii Api - MSDN Library Undocumented Functions Reverse engineering: TiGa's Video Tutorial Series on IDA Pro Lenas Reversing for Newbies IDA Pro Binary Auditing Training R4ndom’s Beginning Reverse Engineering Ricardo Narvaja Tutorials [introduction to cracking with Olly from zero] https://drive.google.com/drive/folders/0B13TW0I0f8O2ckd2T0lsbXRoYmc Reversing with IDA PRO from scratch Kani Cracking tutorials https://rstforums.com/forum/topic/106449-nsa-capstone-course-reverse-engineering/ NSA Capstone Course - Reverse Engineering Analiza malware: Dr. Fu's Malware Analysis Tutorials F-Secure Malware Analysis Course Reversing & Malware Analysis Training, Advanced Malware Analysis Training https://github.com/RPISEC/Malware Malware Analysis at Rensselaer Polytechnic Institute Exploits/shellcode: Corelan Exploit writing tutorial Neox Training Center Exploit Research Megaprimer Fuzzy security - Exploit Development Tutorial Shellcode Tutorials Memory forensics: Introduction to Volatility Scripting: Google's Python Class Open Security Training Training -un site ce isi merita propria categorie Tools: RCE tool library Diverse: Goppit PE file format Cheat sheets: quickly code, quick reference Online automated malware analysis: Malwr (Windows executable, PDF) https://www.hybrid-analysis.com/ https://any.run/ ThreatExpert (Windows executable) CWSandbox (Windows executable) JSUNPACK (PDF, pcap, HTML, or JavaScript) malware tracker (Shellcode Analysis, PDF, Doc ) Document Analyzer (.pdf, .doc, .ppt, .xls, .docx, .pptx, .xlsx, .rtf) Mobile Sandbox (APK Analysis) https://detux.org/index.php (Linux Sandbox x86, x86-64, ARM, MIPS and MIPSEL) SandDroid (APK Analysis Sandbox) https://linux.huntingmalware.com/#

cred ca o sa iasa un talmes-balmes. nu e un domeniu de sine statator ca Electronica sau Mobile phones, aici intra de la programare/scripting , reverse engineering, traficul de retea, api-uri, etc. de asta am zis a fie la un loc cu celelalte unde cine e interesat gaseste tot ce e necesar

cred ca e mai bine ca aceasta sectiune sa ramana pentru sample exchange/analysis, malware source code, discutii legate de malware/exploits/etc, tutorialele legate de analiza malware sa ramana la un loc cu celelalte https://rstforums.com/forum/tutoriale.rst

An Indian electronics and communications engineer who describes himself as a "security enthusiast with a passion for ethical hacking" has discovered a Facebook vulnerability that could have allowed for any photo on the site to be deleted without the owner's knowledge. Arul Kumar, a 21 year old from Tamil Nadu, discovered that he could delete any Facebook image within a minute, even from verified pages, all without any interaction from the user. For his efforts in reporting the vulnerability to Facebook's whitehat bug bounty program Kumar received a reward of $12,500. The vulnerability that he discovered was based around exploiting the mobile version of the social network's Support Dashboard, a portal that allows users to track the progress of any reports they make to the site, including highlighting photos that they believe should be removed. When such a request is submitted, and Facebook does not remove the photo in question, the user has the option of messaging the image owner directly with a photo removal request. Doing so causes Facebook to generate a photo removal link which is then sent to the recipient of the message (the photo owner). The owner can then opt to click on that link to remove the image. Kumar discovered that a couple of parameters within this message – 'photo_id' and 'Owners Profile_id' – could be easily modified. With this information he then sent a photo removal request for an unrelated image on another account that he controlled. By changing the two parameters in the message received by the second account, Kumar could then choose to delete any image from any user on the network. The victim of this photo removal technique would not be involved in the process in any way and wouldn't receive any messages from Facebook – indeed the first they would know of this would be when they logged in to discover their photo(s) had disappeared. Kumar explained that the exploit could be used to remove photos from any verified user, pages or groups as well as from statuses, photo albums, suggested posts and even comments. As part of the process of responsible disclosure Kumar forwarded details of the bug to the Facebook security team who, at first, could not delete any photos by following his instructions: Yeah I messed around with this for the last 40 minutes but cannot delete any victims photos. All I can do is if the victim clicks the links and chooses to remove the the [sic] photo it will be removed which is not a security vuln obviously. Kumar then explained his bug by using a demo account, as well as sending Facebook a proof of concept video in which he showed how he could have removed Mark Zuckerberg's own photos from his album. This time, Emrakul from Facebook's security team was able to see the vulnerability: Ok found the bug, fixing the bug. The fix should be live sometime early tomorrow. I will let you know when it is live so you can retest. Wanted to say your video was very good and helpful, I wish all bug reports had such a video Unlike Khalil Shreateh who, two weeks ago, became frustrated with Facebook's bug reporting process and hacked Mark Zuckerberg's own timeline, the way in which Kumar reported this bug shows just how responsible disclosure should work. By following Facebook's whitehat guidelines he was able to pick up his deserved bounty. Sursa: Facebook vulnerability that allowed any photo to be deleted earns $12,500 bounty | Naked Security

About the CEH: The Certified Ethical Hacker is a professional certification provided by the International Council of E-Commerce Consultants (EC-Council.) An ethical hacker is usually employed by an organization who trusts him or her to attempt to penetrate networks and/or computer systems, using the same methods as a hacker, for the purpose of finding and fixing computer security vulnerabilities. Unauthorized hacking (i.e., gaining access to computer systems without prior authorization from the owner) is a crime in most countries, but penetration testing done by request of the owner of the victim system(s) or network(s) is not. A Certified Ethical Hacker has obtained a certification in how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a hacker. Whats inside: Module 01: Introduction to Ethical Hacking Module 02: Footprinting and Reconnaissance Module 03: Scanning Networks Module 04: Enumeration Module 05: System Hacking Module 06: Trojans and Backdoors Module 07: Viruses and Worms Module 08: Sniffers Module 09: Social Engineering Module 10: Denial of Service Module 11: Session Hijacking Module 12: Hacking Webservers Module 13: Hacking Web Applications Module 14: SQL Injection Module 15: Hacking Wireless Networks Module 16: Hacking Mobile Platforms Module 17: Evading IDS, Firewalls, and Honeypots Module 18: Buffer Overflow Module 19: Cryptography Module 20: Penetration Testing + CEHv8 References + 18 Labs Modules Sursa & Download: http://kickass.to/ceh-v-8-course-notes-t7584714.html Tools: EC-Council: Certified Ethical Hacker CEH v8 (Tools) (download torrent) - TPB

In response to a query by a member of parliament, the German Finance Ministry has declared (Google Translate) that it accepts bitcoins as a “unit of account.” The Ministry added that bitcoins are a sort of “private money” and that mining bitcoins constitutes “private money creation.” The Ministry also clarified that if a German taxpayer holds bitcoins for more than a year, she is exempt from paying the 25 percent capital gains tax. Such a tax would ordinarily be paid after profiting from the sale of a stock, bond, or other security. However, taxpayers are now required to pay taxes on any profits made from Bitcoin transactions that happen within a year. How would the Finance Ministry even know if a taxpayer holds bitcoins? The taxpayer would be expected to declare them as part of her assets and income as part of her annual tax return. The German lawmaker, Frank Schäffler—a member of the Free Democratic Party (FDP), a pro-business, center-right party—wrote on Twitter that famed Austrian economist Friedrich Hayek would be happy with this decision. Hayek was an early 20th century scholar who argued forcefully for mostly laissez-faire economics. That view was in contrast to another economic giant of the era, John Maynard Keynes, who believed government spending could help steer a national economy in the right direction. (Their debate is best summed up in this rap.) Hayek, a “classical liberal,” had a profound impact on political and economic decisions of major conservatives politicians of the 20th century, including former US President Ronald Reagan and the late former British Prime Minister Margaret Thatcher. (In an American political context, Schäffler could be considered as a libertarian today.) Earlier this month in the US, New York state regulators subpoenaed 22 Bitcoin-related companies, and a United States Senate committee wrote a letter (PDF) to the Department of Homeland Security asking for “policies, procedures, guidance, or advisories” pertaining to Bitcoin." The letter from the Senate Homeland Security and Government Affairs Committee—dated Monday, August 12, 2013 but published on its website on Tuesday—cites an ongoing case in Texas involving Bitcoin Savings and Trust (BTCST). The BTCST was a virtual Bitcoin-based hedge fund that many suspected of being a scam. Earlier this month, a federal judge declared Bitcoin a “currency” and subject to relevant financial regulations. Sursa: Germany recognizes Bitcoin as a “private money,” subject to capital gains tax | Ars Technica Pe acelasi subiect: Germany recognizes Bitcoin as ‘private money’ — RT News Germany: Bitcoin Is "Private Money" - Slashdot Bitcoin recognized by Germany as legal tender Germany Kinda Recognizes Bitcoin - Business Insider

permite salvarea fisierelor in format: FLV, MP4, WebM, 3GP

Challenge your knowledge: With the launch of MysteryTwister C3 you can test your own knowledge by solving a variety of cryptographic challenges. The MysteryTwister I was started as an international cryptology competition in 2005 and ran until 2006. Different tasks (CryptoChallenges, CC) have been set of increasing difficulty, such as, for example, decrypting an encrypted message or forging a digital signature. The variety of topics covered by the collection of challenges was intended to provide a survey of modern cryptology. Cipher challenges on four levels: Level I Challenges - Pen & Paper Level I challenges are similar to crossword puzzles from newspapers and can be solved with little cryptographic background. You might not even need a computer for solving level I challenges — all you need is a bit of clever thinking and probably a pen and paper. A program like CrypTool applied to a level I challenge can help reveal the answer to a level I challenge within minutes or even seconds, if the necessary algorithms are already built in. Hence, if you are new to cryptography, but nonetheless interested in the mysterious topic of cryptanalysis, give the level I challenges a try. You will almost assuredly meet quickly with success. Level II Challenges - Programming skills required Level II challenges require some background knowledge in cryptology and usually some computational power. Additionally, you may require tools that are not available in a convenient package like CrypTool, OpenSSL or SAGE. Therefore, you must first thoroughly understand the problem and then you may need to write a computer program, which helps you. It could take hours or even days to solve a level II challenge. Hence, if you consider yourself well-armed with cryptologic knowledge (such as if you are a university student in a cryptographic course), give the level II challenges a try. Success may not come easily, but it will be a worthwhile endeavor. Level III Challenges - Extensive computing power recommended Level III challenges require a thorough background in cryptanalysis and usually significant computational power as well. The problems in this level represent current research topics that are believed to be very difficult to solve. Thus, practical solutions may not even exist and ready-to-run tools almost certainly do not. The methodology to solve some of these challenges may already be known, but it may require such a huge amount of computational power that only a large group of people working together in a distributed system could obtain the solution. Challenges in this category mark the thin line between algorithms that are still secure and those that are not. Solving them may take weeks or even several months. Hence, challenges in this level are intended for entire research groups with many experts in cryptanalysis, programming, and distributed systems. Success cannot be guaranteed, but if you are the first to successfully solve one of these challenges, it probably would catch the attention of the scientific community. Of course, it still remains up to you to publish or present any such scientific techniques and results. Level X Challenges - Unsolved ciphers Most level X challenges contain problems that have remained unsolved for a long time. The fact that they have been unsolved regardless of numerous attempts suggests these challenges being hard. However, a simple idea can probably reduce the difficulty of it to a simple level I challenge — currently it is just unknown if and how they can be solved. Of course such a challenge cannot be solved with a simple codeword, since even we (the respective author and the MTC3 team) do not know the solution (the plaintext, the original message or the approach). So if you discover a promising solution you should either contact the author or the MTC3 team. Furthermore, you can publish your findings in a scientific journal such as Cryptologia or Journal of Cryptology. Have fun: https://www.mysterytwisterc3.org/en/

Encrypt messages and hack ciphers! “Hacking Secret Ciphers with Python” teaches complete beginners how to program in the Python programming language. The reader not only learns about several classical ciphers, but also how to write programs that encrypt and hack these ciphers. The full source code is given and explained line-by-line for ciphers such as the Caesar cipher, transposition cipher, simple substitution cipher, multiplicative & affine ciphers, Vigenere cipher, and hacking programs for each of these ciphers. The final chapters cover public key cryptography and the modern RSA cipher. Cuprins: Chapter 1 - Making Paper Cryptography Tools Chapter 2 - Downloading and Installing Python Chapter 3 - The Interactive Shell Chapter 4 - Strings and Writing Programs Chapter 5 - The Reverse Cipher Chapter 6 - The Caesar Cipher Chapter 7 - Hacking the Caesar Cipher with the Brute Force Technique Chapter 8 - The Transposition Cipher, Encrypting Chapter 9 - The Transposition Cipher, Decrypting Chapter 10 - Programming a Program to Test Our Program Chapter 11 - Encrypting and Decrypting Files Chapter 12 - Detecting English Programmatically Chapter 13 - Hacking the Transposition Cipher Chapter 14 - Modular Arithmetic and the Multiplicative Cipher Chapter 15 - The Affine Cipher Chapter 16 - Hacking the Affine Cipher Chapter 17 - The Simple Substitution Cipher Chapter 18 - Hacking the Simple Substitution Cipher Chapter 19 - The Vigenère Cipher Chapter 20 - Frequency Analysis Chapter 21 - Hacking the Vigenère Cipher Chapter 22 - The One-Time Pad Cipher Chapter 23 - Finding Prime Numbers Chapter 24 - Public Key Cryptography and the RSA Cipher Online: Hacking Secret Ciphers with Python - Chapters Download: http://inventwithpython.com/hackingciphers.pdf Source Code: Hacking Secret Ciphers with Python - Source Practice Exercises: Hacking Secret Ciphers with Python - Buggy Programs Book's Blog: The “Invent with Python” Blog Donatii, contact, etc.: Hacking Secret Ciphers with Python

O instan?? din SUA a decis c? cei care folosesc Gmail nu trebuie s? se a?tepte s? aib? parte de intimitate, transmite Business Insider. Decizia a fost luat? într-un proces intentat Google de mai mul?i utilizatori ai serviciului s?u de e-mail. Avoca?ii companiei au amintit în justi?ie un precedent din 1979, în care s-a decis c? oamenii care cedeaz? de bun? voie informa?ii c?tre ter?i nu trebuie s? se a?tepte ca acele informa?ii s? r?mân? private. A?a cum expeditorul unei scrisori nu poate fi suprins de faptul c? aceasta ar putea fi deschis? de o alt? persoan? decât destinatarul, de exemplu de un asistent al acestuia, la fel se întâmpl? ?i în cazul e-mailurilor. Utilizatorii nu ar trebui s? se a?tepte la intimitate, a decis justi?ia în procesul intentat de utilizatori companiei Google. "Google a recunoscut în sfâr?it c? nu respect? intimitatea. Dac? î?i pas? de intimitatea coresponden?ei tale, nu folosi Gmail", a declarat John M. Simpson, directorul organiza?iei Consumer Watchdog. Faptul c? Google poate accesa oricând e-mailurile utilizatorilor a fost recunoscut de fostul director executiv al companiei. "Dac? ai ceva ce nu dore?ti ca lumea s? ?tie, poate c? nu ar trebui în primul rând s? vorbe?ti despre acel lucru", a declarat, în 2009, Erich Schmidt, actualmente pre?edintele executiv al Google. Sursa: Anun?ul gigantului Google: Dac? folose?ti Gmail nu ai dreptul legitim la intimitate - Gandul

Equinix's co-location facility in San Jose, California, one of the network exchange sites likely tapped by the NSA's "one-side foreign" surveillance. In a memo issued last Friday, the National Security Agency (NSA) provided details of its ongoing network surveillance operations intended to assuage concerns about its scope, content, and oversight. As Ars' Cyrus Farivar reported, the NSA tried to set the context of its activities with a Carl Sagan-like metaphor: According to figures published by a major tech provider, the Internet carries 1,826 Petabytes of information per day. In its foreign intelligence mission, NSA touches about 1.6 percent of that. However, of the 1.6 percent of the data, only 0.025 percent is actually selected for review. The net effect is that NSA analysts look at 0.00004 percent of the world's traffic in conducting their mission—that's less than one part in a million. Put another way, if a standard basketball court represented the global communications environment, NSA's total collection would be represented by an area smaller than a dime on that basketball court. The numbers are no real surprise—we've already discussed how the laws of physics would make it impossible for the NSA to capture everything, or even a significant portion of everything, that passes over the Internet. But they're also misleading. In the world of deep packet inspection, verbs like "touch," "select," "collect," and "look at" don't begin to adequately describe what is going on or what information is extracted from traffic in the process. Considering all that's within what flows across the Internet, 1.6 percent could hold a significant portion of the metadata describing person-to-person communications. How much is 1.6 percent? The dime on the basketball court, as the NSA describes it, is still 29.21 petabytes of data a day. That means the NSA is "touching" more data than Google processes every day (a mere 20 petabytes). While 29.21 petabytes is a fraction of the overall traffic on the Internet, it is the equivalent of the traffic that passes through several major Internet exchanges each day. It amounts roughly to 2.77 terabits per second—more than the average throughput of the Equinix exchange network, the CoreSite Any2 Exchange, New York International Internet Exchange (NYIIX), and Seattle Internet Exchange (SIX) combined. In other words, the 1.6 percent of the total of Internet traffic "touched" by the NSA could easily contain much of the traffic passing through the US' core networks. It can certainly include all the traffic inbound from and outbound to other nations. Those exchanges are likely the primary targets of the NSA's Special Source Operations "one-end foreign" (1EF) network tap operations. The remaining sources are overseas taps, including "FORNSAT" satellite communications intercepts and data shared by friendly foreign governments' own network surveillance—such as Germany's foreign intelligence agency, the Bundesnachrichtendienst (BND), as detailed in a report published today by Der Spiegel. There are also covert sites set up by the NSA's Special Collections Service, likely including targeted taps of networks in even "friendly" countries. The NSA has approximately 150 XKeyscore collection points worldwide. To reach 29.21 petabytes per day, XKeyscore sites pull in around 190 terabytes a day. And to keep the three-day "buffer" XKeyscore holds of captured traffic, that would mean the sites have an average of about 600 terabytes of storage—the equivalent of a fairly manageable 150 4-TB drives. Pick a peck of packets Regardless how much data flows through the NSA's tap points, all of it is getting checked. While the NSA may "touch" only 29.21 petabytes of data a day, it runs its digital fingers through everything that flows through the tap points to do so. The NSA's XKeyscore uses packet analyzers, the hardware plugged into the network that diverted Internet data is routed down, to look at the contents of network traffic as it passes by. The packet analyzers use a set of rules to check each packet they "see" as it is read by the analyzers' software into memory. Packets that don't meet any of the rules that have been configured are sent along unmolested. In a "normal" network filtering situation, these packets would then be forwarded down the wire to their recipient, but in the NSA's case the packets are just clones of the packets that have already passed onto their intended destination. They are just sent to /dev/null—flushed away forever. Packets that match one or more of the rules get routed to processing servers for further analysis. Those rules can be very broad—"grab everything with an IP address in its header that is outside the United States," for example—or they can look for very specific patterns within packets, such as those of VPN and website log-ins, Skype and VoIP traffic, or e-mails with attachments. In some cases, a filter may capture only the initial three-part TCP handshake of a connection between two systems, or it may only look for specific patterns of Web requests from clients. The rules could also include "if-then-else" logic: "If this is a packet that is part of an e-mail message I saw going by earlier and it includes attachment data, then grab it." A single IP packet, snatched from the stream, can tell a lot. This HTTP request tells anyone who reads it where I am, what I'm looking for, where on the Web I'm coming from, and a collection of cookies that can be used to track me later. As a result, if properly tuned, the packet analyzer gear at the front-end of XKeyscore (and other deep packet inspection systems) can pick out a very small fraction of the actual packets sent over the wire while still extracting a great deal of information (or metadata) about who is sending what to whom. This leaves disk space for "full log data" on connections of particular interest. How I learned to stop worrying and love packet capture There's a lot of chaff that gets ignored by XKeyscore sites. They ignore Web server responses, DNS traffic, content distribution network traffic, and the other administrivia and overhead that is involved in making the Internet work. At least in theory, they largely ignore domestic Internet traffic that doesn't transit outside the US. Though depending on where you live in the US and where you're connecting to, a significant portion of your network traffic may pass through Canada or follow other paths that could expose you to surveillance. And, at least up until this point, all of the processing is being done without human intervention or human eyeballs being involved. The data is kept in buffer for three days and heavily indexed for search, with metadata extracted and held for a month. Still, unless the content matches a cross-referenced search like "all Excel documents e-mailed in Iraq," it will probably avoid human eyes. XKeyscore is also integrated into Marina, the NSA's phone call metadata database. That allows for the trolling of Internet traffic for phone numbers of interest and for quick searches of raw data in XKeyscore's cache by analysts. After XKeyscore's processing servers churn through the raw captured data, they forward extracted information such as metadata, attachments, and other content related to cases assigned a National Intelligence identifier over the wire to PINWALE, the NSA's in-house "big data" analysis platform for Internet intercepts (believed to be based on the Accumulo data analysis engine). This has to be done with a good deal of care not to overwhelm the NSA's private network backhaul to its data centers and reduce the performance of XKeyscore searches. So by the time the data has gone through this many levels of refinement, the NSA says that only 0.025 percent of the data "touched" by its systems each day is "selected for review" and sent back. That's 7.47 terabytes a day of connection metadata, cyber-attack targeting data and virtual private network intercepts, e-mail attachments, and instant messages. Really, that's nothing, right? The 2.66 petabytes a year of analytics that get rolled up in front of the eyeballs of analysts at NSA, in the DOD, and various other intelligence and law enforcement agencies is but a pittance. Of course, that doesn't cover the fact that the NSA is, in effect, collecting 10.411 exabytes of short-term searchable content in XKeyscore. They extract information from it that is much more valuable (and potentially more intrusive) than the raw data. Sursa: NSA “touches” more of Internet than Google | Ars Technica