Former NSA Officials Detail Failures of Agency Programs in Letter to Obama

In the weeks and months leading up to 9/11, the National Security Agency had been working on a new information-gathering and analysis system known as THINTHREAD, a system that was built in-house and was meant to replace the uncountable number of stand-alone collection systems and attendant...

Indian Intelligence Agencies going to deploy Internet Surveillance project NETRA

Think twice before using some words like ‘Bomb’, ‘Attack’, ‘Blast’ or ‘kill’ in your Facebook status update, tweets or emails, because this may flag you as a potential terrorist under a surveillance project of Indian Security agencies. This Indian Internet surveillance project named as NETRA...

NSA Metadata Program Likely Not Cost-Effective, Researchers Say

While much of the coverage of the surveillance programs revealed by Edward Snowden have focused on the legality and constitutionality of the collection of metadata and Internet traffic in the name of counter-terrorism and national security, the question of whether these programs are actually cost...

NSA Bulk Telephony Metadata Collection Program Legal

A federal court today shot down a challenge by the American Civil Liberties Union ACLU to the National Security Agency’s bulk phone metadata collection program, determining that the spy agency’s actions are legal. The ruling by U.S. District Court judge William Pauley contradicts a Dec. 16 D.C...

[Hook Analyser 3.0] A Freeware Malware Analysis and Cyber Threat Intelligence Software

In terms of improvements, a new module has been added - Cyber Threat Intelligence. Threat Intel module is being created to gather and analyse information related to Cyber Threats and vulnerabilities. The module can be run using HookAnalyser.exe via Option 6 , or can be run directly. The module...

UN Adopts Resolution Protecting Privacy Online

On the same day that a panel of experts delivered a report to the United States president recommending sweeping changes to the way that the National Security Agency collects, handles and stores intelligence, the United Nations unanimously adopted a resolution calling for the protection of users’...

NSA Officials Say Snowden Used Legitimate Access to Steal Data

It’s taken more than six months, but top officials at the National Security Agency are finally discussing some of the details of how former agency contractor Edward Snowden got access to all of the documents he stole and what kind of damage they believe the publication of the information they...

The Evolution of Cyber Threat; Interview with IntelCrawler's Researchers

Today I desire to propose an interview with Andrey Komarov, CEO of IntelCrawler and Dan Clements, President of IntelCrawler. IntelCrawler is a multi-tier intelligence aggregator, which gathers information and cyber prints from a starting big data pool of over 3, 000, 000, 000 IPv4 and over 200,...

NSA Director to Retain Cyber Command Role

Since its inception in 2009, the U.S. Cyber Command has been run by the director of the National Security Agency. The two organizations are intertwined and even share the same space in Maryland. The continuous leaks of NSA documents this year has led some politicians and critics to argue that the...

NSA Monitors Google PREF Cookie to Spy

The National Security Agency is monitoring a certain type of cookie – deployed by the search giant Google – as yet another tool in their increasingly public surveillance apparatus. This, according to slides from an April 2013 NSA presentation acquired by the Washington Post, is the latest...

Privacy, Human Rights Groups Form New Anti-Surveillance Coalition

A large group of privacy and digital rights organizations has put together a new effort to urge politicians to curtail the mass surveillance operations that have been exposed in the last few months. The new coalition has developed a set of 13 principles for governments to follow in their...

[OMENS v1.17] The framework for distributing Actionable Intelligence

OMENS Object Monitor for Enhanced Network Security was born out of the intrusion and intrusion attempts analysis that I have been doing over many years. I consistently run into intrusion attempts that existing IDS systems have difficulty detecting. OMENS is my attempt to better detect and...

CVE-2013-4034

IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related ...

CVE-2013-3030

The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote attackers to cause a denial of service temporary gateway outage via crafted HTTP requests...

Code injection

The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote attackers to cause a denial of service temporary gateway outage via crafted HTTP requests...

Xxe

IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related ...

CVE-2013-4034

IBM Cognos BI is vulnerable to an XML External Entity (XXE) issue (CVE-2013-4034). Affected: IBM Cognos BI 8.4.1 before IF3; 10.1.0 before IF4; 10.1.1 before IF4; 10.2.0 before IF4; 10.2.1 before IF2; 10.2.1.1 before IF1. Description: remote authenticated users can read arbitrary files via an XML...

CVE-2013-3030

The CVE-2013-3030 entry affects IBM Cognos Business Intelligence (BI) and Cognos Analytics platforms. Affected is the servlet gateway in IBM Cognos BI 10.2.1 and earlier (including 8.4.1 before IF3, 10.1.x before various IFs, and 10.2.1.x before IF1/IF2/IF4 as listed). The vulnerability allows re...

CVE-2013-3030

The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote attackers to cause a denial of service temporary gateway outage via crafted HTTP requests...

Surveillance Transparency Act Would Limit NSA Spying

There have been countless hearings in both the House and Senate since the Snowden leaks began in June, and there seems to be no end in sight. The latest committee to get in on the action was the Senate Committee on the Judiciary’s Subcommittee on Privacy, Technology and the Law, which held a...