Forwarded from BlackBox (Security) Archiv
A Quick and Dirty Guide to Cell Phone Surveillance at Protests
As uprisings over police brutality and institutionalized racism have swept over the country, many people are facing the full might of law enforcement weaponry and surveillance for the first time. Whenever protesters, cell phones, and police are in the same place, protesters should worry about cell phone surveillance.
Often, security practitioners or other protesters respond to that worry with advice about the use of cell-site simulators (also known as a CSS, IMSI catcher, Stingray, Dirtbox, Hailstorm, fake base station, or Crossbow) by local law enforcement. But often this advice is misguided or rooted in a fundamental lack of understanding of what a cell-site simulator is, what it does, and how often they are used.
The bottom line is this:
there is very little concrete evidence of cell site simulators being used against protesters in the U.S. The threat of cell site simulators should not stop activists from voicing their dissent or using their phones. On the other hand, given that more than 85 local, state, and federal law enforcement agencies around the country have some type of CSS (some of which are used hundreds of times per year), itβs not unreasonable to include cell site simulators in your security plan if you are going to a protest and take some simple steps to protect yourself.
π‘ Surveillance Self-Defense - Your Security Plan:
https://ssd.eff.org/en/module/your-security-plan
ππΌ Read more:
https://www.eff.org/deeplinks/2020/06/quick-and-dirty-guide-cell-phone-surveillance-protests
#surveillance #police #usa #defence #phone #CSS #SecurityPlan
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
As uprisings over police brutality and institutionalized racism have swept over the country, many people are facing the full might of law enforcement weaponry and surveillance for the first time. Whenever protesters, cell phones, and police are in the same place, protesters should worry about cell phone surveillance.
Often, security practitioners or other protesters respond to that worry with advice about the use of cell-site simulators (also known as a CSS, IMSI catcher, Stingray, Dirtbox, Hailstorm, fake base station, or Crossbow) by local law enforcement. But often this advice is misguided or rooted in a fundamental lack of understanding of what a cell-site simulator is, what it does, and how often they are used.
The bottom line is this:
there is very little concrete evidence of cell site simulators being used against protesters in the U.S. The threat of cell site simulators should not stop activists from voicing their dissent or using their phones. On the other hand, given that more than 85 local, state, and federal law enforcement agencies around the country have some type of CSS (some of which are used hundreds of times per year), itβs not unreasonable to include cell site simulators in your security plan if you are going to a protest and take some simple steps to protect yourself.
π‘ Surveillance Self-Defense - Your Security Plan:
https://ssd.eff.org/en/module/your-security-plan
ππΌ Read more:
https://www.eff.org/deeplinks/2020/06/quick-and-dirty-guide-cell-phone-surveillance-protests
#surveillance #police #usa #defence #phone #CSS #SecurityPlan
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
Surveillance Self-Defense
Your Security Plan
Trying to protect all your data from everyone all the time is impractical and exhausting. But, have no fear! Security is a process, and through thoughtful planning, you can put together a plan thatβs
Forwarded from BlackBox (Security) Archiv
Stealing Data With CSS: Attack and Defense
Summary: A method is detailed - dubbed CSS Exfil - which can be used to steal targeted data using Cascading Style Sheets (CSS) as an attack vector. Due to the modern web's heavy reliance on CSS, a wide variety of data is potentially at risk, including: usernames, passwords, and sensitive data such as date of birth, social security numbers, and credit card numbers. The technique can also be used to de-anonymize users on dark nets like Tor. Defense methods are discussed for both website operators as well as web users, and a pair of browser extensions are offered which guard against this class of attack.
π ππΌ Want to check if you are vulnerable?
https://www.mike-gualtieri.com/css-exfil-vulnerability-tester
π‘ ππΌ Want to protect yourself?
ππΌ Install the Chrome plugin:
https://chrome.google.com/webstore/detail/css-exfil-protection/ibeemfhcbbikonfajhamlkdgedmekifo
ππΌ Install the Firefox plugin:
https://addons.mozilla.org/en-US/firefox/addon/css-exfil-protection
π ππΌ Methods of Exploitation and Proof of Concept
https://www.mike-gualtieri.com/posts/stealing-data-with-css-attack-and-defense
#css #attack #defense #exploitation #vulnerability
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Summary: A method is detailed - dubbed CSS Exfil - which can be used to steal targeted data using Cascading Style Sheets (CSS) as an attack vector. Due to the modern web's heavy reliance on CSS, a wide variety of data is potentially at risk, including: usernames, passwords, and sensitive data such as date of birth, social security numbers, and credit card numbers. The technique can also be used to de-anonymize users on dark nets like Tor. Defense methods are discussed for both website operators as well as web users, and a pair of browser extensions are offered which guard against this class of attack.
π ππΌ Want to check if you are vulnerable?
https://www.mike-gualtieri.com/css-exfil-vulnerability-tester
π‘ ππΌ Want to protect yourself?
ππΌ Install the Chrome plugin:
https://chrome.google.com/webstore/detail/css-exfil-protection/ibeemfhcbbikonfajhamlkdgedmekifo
ππΌ Install the Firefox plugin:
https://addons.mozilla.org/en-US/firefox/addon/css-exfil-protection
π ππΌ Methods of Exploitation and Proof of Concept
https://www.mike-gualtieri.com/posts/stealing-data-with-css-attack-and-defense
#css #attack #defense #exploitation #vulnerability
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Mike Gualtieri :: Home
CSS Exfil Vulnerability Tester
This page tests to see if your browser is vulnerable to Cascading Style Sheets (CSS) data leakage. If you are vulnerable, one way to protect yourself is to install the CSS Exfil Protection plugin for your browser.