Is PRISM a watchful eye or a golden treasure?
Many of us have already heard about the PRISM project from the US National Security Agency today. In short, this project collects all information about the so-called "suspected users." Encrypted emails are stored in these guys without a statute of limitations before decryption, by pressing a button, an ANB employee can access your Facebook account, all Google data (for example, your search queries), and even emails you have deleted. This situation outrages not only ours and your personal life (what the AHB employees basically do not care about), but also the privacy of US citizens (which AHB employees have to reckon with). But let's step back from the hysterics for a moment and take a look at the situation from a different angle, armed with healthy paranoia.
What is PRISM? This is a centralized information repository of the most diverse information. Emails with bank accounts, passwords, Credit Card numbers are dead cargo in the amount of hundreds of thousands, if not millions. A variety of data gigabytes per day merge there. This is the golden treasure that lies and directly asks him to dig.
We know that the guys from AHB have been working with PRISM since 2007 and have become accustomed to gather all kinds of information about everyone in a row. We also know that most likely they automatically filter the given sea of information and most likely store it in a database. What can be done with this PRISM?
1. You can massively test PRISM for SQL vulnerabilities by simply sending weakly encrypted emails with SQL / NOSQL injection code to each other.
')
2. I wonder how protected the so-called portals, which Google and others like it provide to comrades from the NSA.
The options really do not count, and I’m not a security expert at all, but knowing that some kind of IT infrastructure has been developing in peace and quiet for 5-6 years, and now I’ve been on the Internet, IMHO, it’s fair to assume that their communications are full of holes.
Actually, this article does not call anyone for wrongdoing, but offers to look at the situation from the positive side and asks us all the question: “how can we turn this mess to our advantage?”
What is PRISM? This is a centralized information repository of the most diverse information. Emails with bank accounts, passwords, Credit Card numbers are dead cargo in the amount of hundreds of thousands, if not millions. A variety of data gigabytes per day merge there. This is the golden treasure that lies and directly asks him to dig.
We know that the guys from AHB have been working with PRISM since 2007 and have become accustomed to gather all kinds of information about everyone in a row. We also know that most likely they automatically filter the given sea of information and most likely store it in a database. What can be done with this PRISM?
1. You can massively test PRISM for SQL vulnerabilities by simply sending weakly encrypted emails with SQL / NOSQL injection code to each other.
')
2. I wonder how protected the so-called portals, which Google and others like it provide to comrades from the NSA.
The options really do not count, and I’m not a security expert at all, but knowing that some kind of IT infrastructure has been developing in peace and quiet for 5-6 years, and now I’ve been on the Internet, IMHO, it’s fair to assume that their communications are full of holes.
Actually, this article does not call anyone for wrongdoing, but offers to look at the situation from the positive side and asks us all the question: “how can we turn this mess to our advantage?”
Source: https://habr.com/ru/post/184680/
All Articles