SSO (special source operations site) connected to internet router sees the “QUANTUM tasked” packet to a legitimate server, forwards it to TAO’s FOXACID server
Then, FOXACID injects a URL into the packet and sends back to computer, often beating the legitimate packet reply back. The server checks if the target browser is exploitable, and if yes, it sends exploit back to target.
QUANTUM affects linkedin, youtube, facebook, twitter, and basically everything else. Oh and the NSA also has partners in other countries, so they cover other national services too.
First stage:
The lesson: many security threats start in the network, such as this one, where a legitimate reply was spoofed
Combination of:
Systems are made by people, so they’re not perfect. Some apps work as designed but contain vulnerabilities.
Security error: made by human Security bug: consequence of error (also “vulnerability”), can be “exploited”, compromising the security of the system
Determining the security of the system, wrt:
Started with phone phreaking and “Captain Crunch” (John Draper), who used the whistle that comes in boxes of Capn Crunch to authorise long-distance calls.
The Morris worm:
fingerd, bug in sendmail program allowing commands to be executed