Dangers of prism

•Download as PPTX, PDF•

0 likes•508 views

This document provides an overview of PRISM and how it allows the NSA to collect data from major tech companies. It explains that PRISM functions like a prism, splitting internet traffic between the intended web server destination and the NSA's data center. While encryption protects some data as it transfers, unencrypted information like email is accessible to NSA collection. The document warns that the NSA has massive storage capacity and collects data indefinitely, even for non-Americans, through programs like PRISM. It concludes that individuals have little power to protect their data from these government surveillance programs.

Technology

Some background
Little intro to the internet

This is your internet connection
Client Web Server

For anonymity and privacy you need to
secure all 3:
 Secure your Client
 Secure your connection
 Secure your Web server

Client
 If someone manages to install spyware on your machine they can see
everything you do on your client
 So it’s your job to make sure there’s no spyware on your client
 You are responsible to secure this, and you can--because you own it
Client Web Server

Connection
 Someone performing a wire-tap can see everything you do online
 If you want to remain secure you can encrypt the data flow
 SSL connection to the Web Server or VPN would resolve this
Client Web Server

Web Server
Client Web Server
• Your Web server in most cases stores a huge amount of data on you
• But you don’t own it and can’t control the security of it
• However, Google and Facebook have better security than you

If I secure them all…am I safe?
 Even if you secure them all…
Client Web Server

The NSA has figured out…
 The internet is Public
 And the NSA has tapped the Public Internet just before the likes of Google,
Facebook, Microsoft…
 While most of the data is encrypted, some of it isn’t.

So what did they do?
Client Web Server
Your email exiting
Gmail is not
encrypted… so they
tapped it.

And they stored it…
Prism
NSA datacenter

And there’s more
 Email
 Photos
 Chats
 File transfers
 Login activity
 Social media Profiles

All stored here
 And stored for eternity
 Could include encrypted data (for decryption when future computing
power allows it)
 Unfortunately, we don’t know anything for sure.
 They have HUGE storage capacity and no qualms about storing data for
non-Americans…i.e. 80% of the users of these services

Why is it called PRISM
Because a PRISM splits light

Why is it called PRISM?
Client Web Server
• Your internet connection is Fibre-Optic
• Which means the signal is light
• To split light…you use a PRISM

Why is it called PRISM?
Client Web Server
Prism
• Light split between the webserver you want to access and;
• The NSA Datacenter

Why is it called Prism?
Prism
NSA datacenter
Prism

Does TOR protect you?
Client Web Server
NO! TOR doesn’t help

Does VPN protect you?
Client Web Server
VPN doesn’t help
either

Thanks to
Steve Gibson for his AMAZING Analysis on Twit Security
https://www.youtube.com/watch?v=fX8CSMPiTs4
https://www.grc.com/

What's hot

TIP: Make sure you scroll to the last slide to view the video recording On April 26th, 2017 at 11am PST, Caleb Lane - Firewall Analyst, presented this webinar. Attention spans are getting shorter, and search engines are favoring websites with faster loading times and lower bounce rates. By optimizing your website performance, you can rank higher in search results, increase and retain your traffic and create an optimal user experience. This webinar covered basic principles of website performance and teaches website owners: - What two main metrics you should be focused on when optimizing your website. - Which steps you can take to effectively optimize your website performance. - How to utilize the recommended tools and solutions to accomplish these tasks.

Sucuri Webinar: How to Optimize Your Website for Best Performance

Sucuri

Protecting Children on the Internet

smherma

RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE

Acodez IT Solutions

Wifi Password Recovery - Recover Lost or Forgotten Wi-Fi Password

Charles James

Whenever a form of technology is developed, there’s a new opportunity cybercriminals to use hacker tricks take advantage of their users. Everyday, millions of devious cybercriminals look for different methods for exploiting security vulnerabilities in a business network so they can steal data, extort money from victims, send spam, and promote their view point. Here’s an overview of hacker tricks used to access your network and devices. Learn more here: http://bit.ly/1CeKjHO

Hacker Tricks: How You Can Protect Yourself

SwiftTech Solutions, Inc.

Are You Safe From Hackers

Michele Butcher-Jones

XCS - Watchguard

INSPIRIT BRASIL

$C:\fakepath\wg xcs emailsecurity 170 370 570$ $C:\fakepath\wg xcs emailsecurity 170 370 570$

C:\fakepath\wg xcs emailsecurity 170 370 570

Yustinus Simon

Introduction To Wordpress By Keng

Akarawuth Tamrareang

Why are you on the VPN bandwagon

Bill Periman

Wifi hotspot instructions

STCC Library

Bezoekers Trekken met de Nieuwste Trends

vaneldijk

What's hot (12)

Sucuri Webinar: How to Optimize Your Website for Best Performance

Protecting Children on the Internet

RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE

Wifi Password Recovery - Recover Lost or Forgotten Wi-Fi Password

Hacker Tricks: How You Can Protect Yourself

Are You Safe From Hackers

XCS - Watchguard

$C:\fakepath\wg xcs emailsecurity 170 370 570$ $C:\fakepath\wg xcs emailsecurity 170 370 570$

C:\fakepath\wg xcs emailsecurity 170 370 570

Introduction To Wordpress By Keng

Why are you on the VPN bandwagon

Wifi hotspot instructions

Bezoekers Trekken met de Nieuwste Trends

Similar to Dangers of prism

Cloud computing disadvantages

Muhammad Zubair

How To Secure Online Activities

- Mark - Fullbright

Presentation for PyDataDC 2016 You've got data. Lots of it. You might not realize it, but people want to get their hands on that data. You probably don't want that, so let's go over a few things you can do to dissuade attackers from getting their grubby mitts on your hard processed datastore. We'll cover the obvious things (spoiler alert: encryption) and then move on to some advances techniques for keeping your data secure while still keeping it usable (that is to say, analyzable).

Eat Your Vegetables - Data Security for Data Scientists

William Voorhees

Introduction to cloud computing

Digital Shende

Secure sockets layer, ssl presentation

Amjad Bhutto

Carpe Diem Strategic Services (CDSS), a veteran owned service-disabled business that offers education and training which addresses threats to digital communications and online privacy. Their mission is to assist individuals, families, and small businesses to understand, identify, and reduce threats and vulnerabilities that expose their business, financial, intellectual property, and sensitive personal data to potential exploitation and risk. (Presentation, slides, and content created by AEGILITY)

Protecting Your Privacy: Cyberspace Security, Real World Safety

AEGILITY

How Cloud Computing Works

Jason Robinson

Network Security R U Secure???

trendy updates

Vishwadeep Presentation On NSA PRISM Spying

Vishwadeep Badgujar

Stackfield Cloud Security 101

Stackfield

Security - ch5.ppt

HabtamuHaileMichael2

What is valuable about a single identity, why is that something people want and how achievable is it? As people work across multiple systems they encounter an equal number of barriers where they must authenticate or otherwise prove their identity in order to gain access. Ideally we always want to be showing the same information about ourselves regardless of where someone searches or how we are found. In this session we’ll discuss the issues behind both creating a single identity and simplifying authentication. We’ll also review the risks you need to be aware of, the technologies available to you and the importance of good and current personal information. This is an updated presentation that includes some speaker notes for clarity

Benefits and Risks of a Single Identity - IBM Connect 2017

Gabriella Davis

Online privacy & security

Priyab Satoshi

Confidentiality in a Digital World

David Whelan

From data that analyzed millions of resources across hundreds of customers, we’ve learned that human configuration errors that might expose your AWS resources have become increasingly common. The potential impact to security can be significant, and it’s critical for everyone to play their part in managing the risks. However, it’s important to first understand what risks need managing. In this session, we describe the five most common errors that we have distilled from our experience with customers, and we share how to best avoid these errors and their potential impact.

Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...

Amazon Web Services

According to data collected from an analysis of millions of resources across hundreds of customers, human configuration errors that may expose cloud resources are increasingly common. The potential impact can be significant. Everyone needs to play their part in managing the risks, but first, you need to understand what risks need to be managed. We’ve distilled our customer experiences into the five most commonly made errors. In this session, we explain how to best avoid these errors and discuss what their potential impacts are.

Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit

Amazon Web Services

Encryption 101 for Nonprofits

Community IT Innovators

PGP.ppt

ssuserec53e73

Session slides from Future Insights Live, Vegas 2015: https://futureinsightslive.com/las-vegas-2015/ So many network intrusions, so many email spools made public. Remember HBGary, Stratfor, 'The Fappening', Sony Pictures hacks? How about the Snowden Files? The potential liabilities of communicating in plain text has become too expensive to continue to do so. Zero-Knowledge systems can be made useful, elegant even. The problem with putting privacy first in our communications tools is that most of the existing privacy applications were created by crypto-nerds, most of whom have never overlapped with the world of UX. In this talk, Privacy will be put at the core of application design by way of new metaphors for arcane cryptography jargon (that few endusers understand). Using frameworks and services created for this new 'privacy first' era, your application can be built in a way that removes liability, is regulatory-compliant and elegant.

Privacy is a UX problem (David Dahl)

Future Insights

Vendors are lured by visions of long-term residual subscription income, while customers dream of IT services and software without significant upfront costs. Sounds like techno Shangri-La, but what of security? Pessimists warn us away from the Cloud on the grounds that we should maintain control over the security of our property. Those bullish on the Cloud argue often delusionaly that your data is safer in the Cloud than on your own hard drives. Make no mistake: the Internet is the lion's den, and the Cloud sits squarely in it. This session will discuss the security realities of traditional IT software and infrastructure, and contrast them with those of Cloud-based resources.

Cloud Security - Idealware

Idealware

Similar to Dangers of prism (20)

Cloud computing disadvantages

How To Secure Online Activities

Eat Your Vegetables - Data Security for Data Scientists

Introduction to cloud computing

Secure sockets layer, ssl presentation

Protecting Your Privacy: Cyberspace Security, Real World Safety

How Cloud Computing Works

Network Security R U Secure???

Vishwadeep Presentation On NSA PRISM Spying

Stackfield Cloud Security 101

Security - ch5.ppt

Benefits and Risks of a Single Identity - IBM Connect 2017

Online privacy & security

Confidentiality in a Digital World

Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...

Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit

Encryption 101 for Nonprofits

PGP.ppt

Privacy is a UX problem (David Dahl)

Cloud Security - Idealware

Recently uploaded

Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf

FIDO Alliance

The Metaverse: Are We There Yet?

Mark Billinghurst

ScyllaDB has the potential to deliver impressive performance and scalability. The better you understand how it works, the more you can squeeze out of it. But before you squeeze, make sure you know what to monitor! Watch our experienced Postgres developer work through monitoring and performance strategies that help him understand what mistakes he’s made moving to NoSQL. And learn with him as our database performance expert offers friendly guidance on how to use monitoring and performance tuning to get his sample Rust application on the right track. This webinar focuses on using monitoring and performance tuning to discover and correct mistakes that commonly occur when developers move from SQL to NoSQL. For example: - Common issues getting up and running with the monitoring stack - Using the CQL optimizations dashboard - Common issues causing high latency in a node - Common issues causing replica imbalance - What a healthy system looks like in terms of memory - Key metrics to keep an eye on This isn’t “Death-by-Powerpoint.” We’ll walk through problems encountered while migrating a real application from Postgres to ScyllaDB – and try to fix them live as well.

Optimizing NoSQL Performance Through Observability

ScyllaDB

Unlock the mysteries of successful Salesforce interviews in this insightful session hosted by Hugo Rosario (Salesforce Customer), a seasoned hiring manager that leads the Salesforce Department of multinational company with over 100 interviews under their belt. Step into the manager's chair and gain exclusive behind-the-scenes insights into what makes a Salesforce consultant stand out during the interview process. From deciphering the unspoken cues to mastering key strategies, we'll explore the intricacies of the interview process and provide practical tips for consultants looking to not only pass interviews but also thrive in their roles. Whether you're a seasoned professional or just starting your Salesforce journey, this session is your backstage pass to the secrets that hiring managers wish you knew.

Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...

CzechDreamin

WSO2CONMay2024OpenSourceConferenceDebrief.pptx

Jennifer Lim

Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf

FIDO Alliance

This talk offers actionable insights at an executive level for enhancing productivity and refining your portfolio management approach to propel your organization to greater heights. Key Points Covered: 1. Experience Transformation: - The core challenge remains consistent across organizations: converting budget into user-centric designs. - Strategies for deploying design resources effectively in both startups and large enterprises. 2. Strategic Frameworks: - Introduction to the "Ziggurat of Impact" model, detailing layers from basic system interactions to comprehensive customer experiences. - Practical insights on creating frameworks that scale with organizational complexity. 3. Organizational Impact: - Real-world examples of navigating design in large settings, focusing on the synthesis of consumer products and customer experiences. - Emphasis on the importance of designing systems that directly influence customer interactions. 4. Design Execution: - Detailed walkthrough of organizational layers affecting design execution, from touchpoints and customer activities to shared capabilities. - How to ensure design influences both the micro and macro aspects of customer interactions. 5. Measurement and Adaptation: - Techniques for measuring the impact of design decisions and adapting strategies based on data-driven insights. - The critical role of continuous improvement and feedback in refining customer experiences.

Structuring Teams and Portfolios for Success

UXDXConf

Intro in Product Management - Коротко про професію продакт менеджера

Mark Opanasiuk

The standard Salesforce Approval process can be limiting in many ways, especially in complex scenarios. What if there was a way to implement very flexible approvals where one can use Apex code to make data updates in unrelated records, dynamically generate next steps details, and compute assignees on the fly? And still use UI-based configurations to implement concrete approval processes. In this session, we will share ideas behind such a solution and show a few lines of code to get you started.

Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder

CzechDreamin

Join me in this session where I'll share our journey of building a fully serverless application that flawlessly managed check-ins for an event with a staggering 80 thousand registrations. We'll dive into three key strategies that made this possible. Firstly, by harnessing DynamoDB global tables, we ensured global service availability and data replication across regions, boosting performance and disaster recovery. Next, we'll explore how we seamlessly integrated real-time updates into the app using Appsync subscriptions, making the experience dynamic and engaging for users. Finally, I'll discuss how provisioned concurrency not only improved performance but also kept costs in check, highlighting the cost-effectiveness of serverless architectures. Through these strategies and the inherent scalability of serverless technology, our application effortlessly handled massive user loads without manual intervention. This session is a real world example to the power and efficiency of modern cloud-based solutions in enabling seamless scalability and robust performance with Serverless

How we scaled to 80K users by doing nothing!.pdf

Srushith Repakula

How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf

FIDO Alliance

Screen flow is a powerful automation tool that is commonly designed for internal and external users. However, what about the guest users? We will dive into various methods of launching screen flows and understand how to make them publicly accessible, extending their usability to a broader audience. The presentation will also cover the implementation of security layers and highlight best practices for a smooth and protected user experience. Discover the potential of screen flows beyond conventional use and learn how to leverage them effectively.

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

CzechDreamin

New customer? New industry? New cloud? New team? A lot to handle! How to ensure the success of the project? Start it well! I've created the 3 areas of focus at the beginning of the project that helped me in multiple roles (BA, PO, and Consultant). Learn from real-world experiences and discover how these insights can empower you to deliver unparalleled value to your customers right from the project's start.

Powerful Start- the Key to Project Success, Barbara Laskowska

CzechDreamin

Speed Wins: From Kafka to APIs in Minutes

confluent

How to differentiate Sales Cloud and CPQ on first glance might be tricky if you do not know where to look and what to look at. You will know :-) Managing the sales process within Salesforce is a common use case that can be managed with standart Sales Cloud. If you want to do entire quoting process you will find out Salesforce CPQ solution exists. What is then the difference if both can handle selling products? You will see comparison of 10 different features, which Sales Cloud and Salesforce CPQ handle differently. Simple question you will always remember if you should consider using Salesforce CPQ will be a cherry on top.

10 Differences between Sales Cloud and CPQ, Blanka Doktorová

CzechDreamin

Intrigued by why some of the world's largest companies (Netflix, Google, Cisco, Twitter, Uber etc) are using gRPC? In this demo based talk we delve into the world of gRPC in .Net, what it does and why we should use it. We compare the interface with both Rest and graphQL. We will show you how to implement grpc server-side in .net and in the web. Finally, I will show you how the tooling helps you deliver powerful interfaces and interact with them quickly and simply.

Demystifying gRPC in .Net by John Staveley

John Staveley

PLAI - Acceleration Program for Generative A.I. Startups

Stefano

Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...

FIDO Alliance

This talk focuses on the practical aspects of integrating various telephony systems with Salesforce, drawing on examples from implementations in the Czech scene. It aims to inform attendees about the spectrum of telephony solutions available, from small to large scale, and their compatibility with Salesforce. The presentation will highlight key considerations for selecting a telephony provider that integrates smoothly with Salesforce, including important questions to support the decision-making process. It will also discuss methods for integrating existing telephony systems with Salesforce, aimed at companies contemplating or in the process of adopting this CRM platform. The discussion is designed to provide a straightforward overview of the steps and considerations involved in telephony and Salesforce integration, with an emphasis on functionality, compatibility, and the practical experiences of Czech companies.

Integrating Telephony Systems with Salesforce: Insights and Considerations, B...

CzechDreamin

WebAssembly is Key to Better LLM Performance

Samy Fodil

Recently uploaded (20)

Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf

The Metaverse: Are We There Yet?

Optimizing NoSQL Performance Through Observability

Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...

WSO2CONMay2024OpenSourceConferenceDebrief.pptx

Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf

Structuring Teams and Portfolios for Success

Intro in Product Management - Коротко про професію продакт менеджера

Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder

How we scaled to 80K users by doing nothing!.pdf

How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

Powerful Start- the Key to Project Success, Barbara Laskowska

Speed Wins: From Kafka to APIs in Minutes

10 Differences between Sales Cloud and CPQ, Blanka Doktorová

Demystifying gRPC in .Net by John Staveley

PLAI - Acceleration Program for Generative A.I. Startups

Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...

Integrating Telephony Systems with Salesforce: Insights and Considerations, B...

WebAssembly is Key to Better LLM Performance

Dangers of prism

1. PRISM What the hell is it

2. Some background Little intro to the internet

3. This is your internet connection Client Web Server

4. Client Client Web Server

5. Connection Client Web Server

6. Web Server Client Web Server

7. For anonymity and privacy you need to secure all 3:  Secure your Client  Secure your connection  Secure your Web server

8. Client  If someone manages to install spyware on your machine they can see everything you do on your client  So it’s your job to make sure there’s no spyware on your client  You are responsible to secure this, and you can--because you own it Client Web Server

9. Connection  Someone performing a wire-tap can see everything you do online  If you want to remain secure you can encrypt the data flow  SSL connection to the Web Server or VPN would resolve this Client Web Server

10. Web Server Client Web Server • Your Web server in most cases stores a huge amount of data on you • But you don’t own it and can’t control the security of it • However, Google and Facebook have better security than you

11. If I secure them all…am I safe?  Even if you secure them all… Client Web Server

12. The NSA has figured out…  The internet is Public  And the NSA has tapped the Public Internet just before the likes of Google, Facebook, Microsoft…  While most of the data is encrypted, some of it isn’t.

13. What is PRISM How it works

14. So what did they do? Client Web Server Your email exiting Gmail is not encrypted… so they tapped it.

15. And they stored it… Prism NSA datacenter

16. And there’s more  Email  Photos  Chats  File transfers  Login activity  Social media Profiles

17. All stored here  And stored for eternity  Could include encrypted data (for decryption when future computing power allows it)  Unfortunately, we don’t know anything for sure.  They have HUGE storage capacity and no qualms about storing data for non-Americans…i.e. 80% of the users of these services

18. Why is it called PRISM Because a PRISM splits light

19. Why is it called PRISM? Client Web Server • Your internet connection is Fibre-Optic • Which means the signal is light • To split light…you use a PRISM

20. Why is it called PRISM? Client Web Server Prism • Light split between the webserver you want to access and; • The NSA Datacenter

21. Why is it called Prism? Prism NSA datacenter Prism

22. Does TOR protect you? Client Web Server NO! TOR doesn’t help

23. Does VPN protect you? Client Web Server VPN doesn’t help either

24. YES! You should be worried

25. Nothing much You can do about it

26. Thanks to Steve Gibson for his AMAZING Analysis on Twit Security https://www.youtube.com/watch?v=fX8CSMPiTs4 https://www.grc.com/

27. Bye keithrozario.com

Dangers of prism

Recommended

Recommended

More Related Content

What's hot

What's hot (12)

Similar to Dangers of prism

Similar to Dangers of prism (20)

Recently uploaded

Recently uploaded (20)

Dangers of prism