30 April 2013

US Will Pursue Foreign Hackers

A few days ago, the US House Intelligence Committee has passed a document to remove legal barriers which have stopped the authorities and private companies from protecting their computer networks against foreign hackers.

According to the top Democrat on the committee, the modified law had a better chance of winning support in the Senate in 2013 after privacy concerns destroyed similar bill in 2012. He pointed out that only a year after the bill failed, politicians realized that cyber war was becoming more serious. He also told industry executives during a cyber conference hosted by the Space Foundation that according to the US authorities’ estimations, the local businesses had lost over $400 billion in intellectual property to cyber spies.

The co-founder of the Congressional Cybersecurity Caucus said the new legislation included measures to ensure private data wasn’t unwittingly exposed during any data-sharing between industry and government. For example, the document encourages the private sector to “anonymize” or “minimize” the data it voluntarily shared with the authorities. In addition, the bill authorizes and encourages the government to create procedures to protect privacy, and puts in place restrictions on the use, retention, and searching of any information that the private sector has voluntarily shared with the authorities. The legislation will also permit people to sue the federal government for any disclosures of such kind.

At the moment, the bill has the backing of large tech firms, including Intel, Oracle and IBM. However, the US Civil Liberties Union, the Center for Democracy and Technology, and an association of smaller tech firms and grass-roots activists called “Fight for the Future” formed the opposition and have already launched a digital campaign against it. A few days ago, the Reddit co-founder Alexis Ohanian has published a video and Internet petition calling for the online giants, including Facebook, Google and Twitter, to oppose the legislation.

Microsoft Started Open War against Google

Microsoft has finally started a nasty marketing war directly against the search giant and ended any pretence of niceness between the companies. Microsoft has released a series of attack ads in the United States that have upped the ante considerably in its trade war against Google which commenced 5 months ago.

google_b_10_04_2013.jpg
The advertisements that have emerged on the Internet, on TV and in print demonstrate that Google is more interested in increasing profits than protecting its users’ privacy. This ad campaign was developed by a former political operative Mark Penn, a corporate strategist. He is known as a former pollster for President Bill Clinton and campaign strategist for Hillary Clinton’s unsuccessful bid for president 5 years ago.
In the advertisements, Microsoft vilifies Google for sharing personal data collected about people purchasing Android applications. That’s a step up from earlier adverts that skewered Google’s long-running practice of electronically scanning the contents of everyone’s Gmail accounts in order to help sell adverts.
Microsoft points out that the company had a better alternative which doesn’t do such kind of nefarious things. Negative advertising isn’t widely seen in Europe and it’s just the underdog who needs to use it. However, it also stresses how the search engine has evolved from an endearing Internet start-up to a scary entity that takes a too close look at personal information. The software giant can get away with its adverts since Google has already been caught a few times and copped regulatory fines and other settlements across the world.
Ironically enough, it’s now Google who is facing complaints about its practices being anti-competitive. At the same time, Microsoft is depicted as fighting for a freer market. A few days ago, a group of companies led by the software giant explained that it has asked European authorities to investigate whether Google is acting unfairly by giving away its OS to mobile device manufacturers on the condition that its own apps like YouTube and Google Maps are installed and prominently displayed. The most interesting part that it’s exactly what Microsoft was accused of in its browser anti-trust cases earlier.
Thus far, the search giant processes about 2/3 of search requests in the United States and handles an even larger percentage of queries in Europe. In the meanwhile, Google’s market value has rocketed from almost $25 billion at the time of its IPO to $255 billion.

25 April 2013

Android Phone Can Hijack a Plane

\32f9android-travel.jpg

Those who believed that airport security could allow smartphone use on a plane one day might be scared of the fact that you can hijack a plane with Android phone on board. 
One of the German security consultants told the Hack in The Box Conference that it is possible to hijack a plane using Android. A researcher, who has been working in IT industry for the last 11 years and is also a trained commercial pilot, pointed out that the security of both aviation computer systems and communication protocols was very vulnerable.
According to the security expert, they managed to build an exploit framework called SIMON and an Android app called PlaneSploit which could deliver attack messages to the planes’ Flight Management System. They showed how it was possible to take complete control of a plain. The hack in question targeted the Automatic Dependent Surveillance-Broadcast, which sent data about each aircraft via an on-board transmitter to air traffic controllers in order to let a plane equipped with the technology to receive flight, traffic and weather data about other aircrafts nearby.
They also managed to hack the Aircraft Communications Addressing and Reporting System, used by the pilots to exchange messages between the plane and air traffic controllers either through a radio or satellite, and to automatically deliver data about each flight phase. The security researchers pointed out that both targeted technologies were very insecure and susceptible to a number of passive and active hacker attacks.
During the attacks, the experts showed how they could misuse the Automatic Dependent Surveillance-Broadcast to select targets, and the Aircraft Communications Addressing and Reporting System in order to collect data about the on-board PC and to exploit its vulnerabilities by delivering spoofed malicious messages affecting the “behavior” of an aircraft.
The researchers developed the SIMON framework which was deliberately created only to work in a virtual environment and can’t be used on real-life plane at the moment. They explained that it was virtually impossible to detect the framework once deployed on the Flight Management System, so there’s no need to disguise it like a rootkit.

রাষ্ট্রীয় পৃষ্ঠপোষকতায় দৌরাত্ম্য বাড়ছে হ্যাকারদের


বিভিন্ন গুরুত্বপূর্ণ শিল্পক্ষেত্র এবং প্রতিষ্ঠানের উপর বাড়ছে সাইবার আক্রমণ। আর ওইসব সাইবার আক্রমণের পেছনে মূল হোতাদের সমর্থন দিচ্ছে বিশ্বের প্রভাবশালী রাষ্ট্রগুলো। মার্কিন ব্রডব্যান্ড এবং টেলিযোগাযোগ প্রতিষ্ঠান ভেরাইজনের বার্ষিক প্রতিবেদনের উপর ভিত্তি করে এই তথ্য জানিয়েছে বার্তা সংস্থা বিবিসি।

ভেরাইজনের প্রতিবেদন অনুযায়ী, ২০১২ সালে বিভিন্ন শিল্পক্ষেত্রে সাইবার আক্রমণের ঘটনা যথেষ্ট বেড়েছে। বর্তমানে সবচেয়ে বড় সাইবার হুমকিগুলোর মধ্যে দ্বিতীয় অবস্থানে রয়েছে শিল্পক্ষেত্রে রাষ্ট্রীয় পৃষ্ঠপোষকতায় সাইবার গুপ্তচরবৃত্তি।

লন্ডনে অনুষ্ঠিত বার্ষিক নিরাপত্তা সম্মেলন ‘ইনফোসেক’-এ প্রতিবেদনটি প্রকাশ করে ভেরাইজন। ওই প্রতিবেদন অনুযায়ী, শিল্পপ্রতিষ্ঠানগুলোর উপর সাইবার আক্রমণ করে অর্থ চুরির ঘটনা ঘটছে সবচেয়ে বেশি। কম্পিউটার নেটওয়ার্কে অনুপ্রবেশ করে হ্যাকারদের চুরি করা গোপন তথ্য চিহ্নিত করতেও প্রতিষ্ঠানগুলোর অনেক ক্ষেত্রে দীর্ঘ সময় লাগছে।

ভেরাইজনের ওই প্রতিবেদনে আরও জানানো হয়েছে, ৭৫ শতাংশ ক্ষেত্রেই হ্যাকারদের মূল উদ্দেশ্য ছিল অর্থ চুরি। কিন্তু ২০ শতাংশ ক্ষেত্রে গোপন এবং স্পর্শকাতর তথ্য চুরি করাই ছিল সাইবার অপরাধীদের মূল লক্ষ্য।

এ ব্যাপারে ভেরাইজনের প্রতিবেদনটির মূল লেখক ওয়েড বেকার বলেন, “সাইবার আক্রমণের পরিসংখ্যানে সবচেয়ে বড় পরিবর্তনটি হয়েছে, রাষ্ট্রীয় পৃষ্ঠপোষকতায় সাইবার আক্রমণের ঘটনার নাটকীয় বৃদ্ধি।”

২০১২ সালে গুপ্তচরবৃত্তির উদ্দেশ্যে হ্যাকিংয়ের ঘটনা সবচেয়ে বেশি ঘটেছে বলেও যোগ করেন বেকার।

২০১২ সালে বিশ্বব্যাপী বিভিন্ন প্রতিষ্ঠানে সাইবার আক্রমণের ঘটনার উপর ভিত্তি করে পরিসংখ্যান প্রতিবেদনটি তৈরি করেছে ভেরাইজন।

২০১৩ সালের সাইবার আক্রমণের ঘটনাগুলোও যোগ করা হয়েছে প্রতিবেদনটিতে। ভ্যারাইজনের দেওয়া তথ্য অনুযায়ী, ২০১৩ সালেই রাষ্ট্রীয় সাইবার গুপ্তচরবৃত্তির সংখ্যা ৬২১টি।

রাসবেরি পাই দিয়ে তৈরি হল অল্পদামের পিসি


প্রযুক্তিপণ্য নির্মাতা প্রতিষ্ঠান ‘আর্দুইনো উনো’ প্রায় এক দশক ধরে তৈরি করছে নানারকম প্রযুক্তি সামগ্রী। এবার প্রতিষ্ঠানটি ‘রাসবেরি পাই’ নামের ক্রেডিট কার্ড আকৃতির কম্পিউটার ব্যবহার করে তৈরি করেছে বিশ্বের সবচেয়ে কমদামি এবং ছোট পার্সোনাল কম্পিউটার। সম্পূর্ণ অপারেটিং সিস্টেমও চলবে কম্পিউটারটিতে। সম্প্রতি সংবাদমাধ্যম সিএনএন এক প্রতিবেদনে জানিয়েছে, কম্পিউটারটির দাম পড়বে ১০০ ডলার।

নতুন এ কম্পিউটার প্রকল্পটির নাম দেওয়া হয়েছে ‘উড্ডো’। আর এর অপারেটিং সিস্টেম হিসেবে বেছে নেওয়া হয়েছে লিনাক্সকে। নির্মাতারা জানিয়েছেন, অ্যান্ড্রয়েড ব্যবহার করেও চালানো যাবে এ ‘মিনি পিসি’। প্রতিষ্ঠানটির এক উর্দ্ধতন কর্মকর্তা জানান, তারা আর্দুইনো উনো এবং রাসবেরি পাইয়ের কাজকে একটি বোর্ডে সমন্বয় করার চেষ্টা করেছেন।

পণ্যটির নির্মাতারা আরও দাবি করছেন, তাদের নতুন নির্মিত এ বোর্ডটি চারটি রাসবেরি পাইয়ের ক্ষমতা ধারণ করবে। তারা আরও জানান, ‘উড্ডো’ নামের এ মিনি পিসিটি ট্যাবলেট, টাচস্ক্রিন এবং অন্যান্য সেন্সরের সঙ্গে সংযুক্ত করা যাবে।

তারা জানিয়েছেন, পণ্যটির মাধ্যমে তৈরি করা যাবে নতুন প্রকল্প, যা পরিচিতদের সঙ্গে শেয়ার করার সুযোগও থাকবে।

23 April 2013

Microsoft Strongly Recommends XP Users to Upgrade

Since only one year of Windows XP support is left, Microsoft again asks users of this OS to upgrade to something not so ancient. One of the most stable operating systems ever developed by Microsoft has been around for ten years and is still used on 15-20% of PCs worldwide, including mine.

The software giant is going to cut off support for the venerable OS on 8 April 2014, thus giving users one year to either upgrade or get ready to face more vulnerabilities and security risks. Nevertheless, XP is still incredibly popular, particularly among SMBs and home users. All of them feel it gets the job done and therefore don’t see a point in upgrading to Windows 7. But you should understand that Windows XP is older than iOS, Android, Facebook and YouTube.

In addition, the problem is that Microsoft sold millions of XP licenses for first generation nettops and netbooks based on Atom processors, this being years after XP stopped shipping on regular desktops and laptops. Apparently, upgrading these systems to Windows 7 may not be an option for most users.

In the meanwhile, the software giant insists that the only way for users to stay safe is to upgrade to a new operating system. The cutoff date is only a year from now, so time is already running out. It seems that Microsoft does not care that users of ancient XP PCs might choose to upgrade to something else, for instance Linux or even Chrome and Android. As for me, I might take it as a sign to buy myself new Macbook and switch to MacOS X.

With so many XP boxes out there, the experts predict that many users will simply ignore Microsoft’s warnings. The company’s decision to ditch XP could also lead to more opportunities for peddlers of alternative low cost systems based on free OS.

Top American Tech Firms Face Class Action

Media reports point out that the well-known names of the tech business are now facing a class action over what is called a trade cartel to control employee movements. Recently, the US judge Lucy Koh has opened the way for a class action lawsuit against such tech giants as Intel, Adobe, Apple, Google, Pixar, Lucasfilm and Intuit.

Lucy Koh pointed out that there was enough evidence of a sustained personal effort by the above mentioned companies’ own CEOs to monitor and enforce no headhunting rules on their workers. The judge named and shamed Apple chief executive Steve Jobs, Google’s Eric Schmidt, Pixar President Ed Catmull, Intuit Chairman Bill Campbell and Intel CEO Paul Otellini. Koh recommended the lawyers for the plaintiffs to restructure their case against the multinational corporations and re-file it in order to instigate a major class-action suit. Once they are done with this, the judge will hear it.

In the meanwhile, the plaintiffs’ lawyers are hoping that 100,000 employees of the defendant corporations will become their clients. However, it is not as if the tech firms aren’t aware that something is afoot – instead, they have already settled similar antitrust claims against them with the Department of Justice of the United States. This could cost them a fortune and force the defendants to start regarding their employees as people rather than objects.

In the event that the case is proved, it will mean that the corporations ran some secret agreement not to poach each other’s employees and to stop their experts defecting to other companies. Such agreement, if existed, could save the tech companies a fortune, because they didn’t have to pay extra money to keep employees who had no alternatives.

ছাত্র শিবিরের ওয়েবসাইট হ্যাক


                  ছাত্র শিবিরের ওয়েবসাইট হ্যাক

ঢাকা: ছাত্র শিবিরের ওয়েবসাইট হ্যাক করে তা শাহবাগ আন্দোলনের নামে উৎসর্গ করেছে XTOR নামের এক হ্যাকার।
শুক্রবার রাতে শিবিরের ওয়েবসাইট (www.shibir.org.bd) হ্যাক করে হোম পেইজে ইংরেজিতে লেখা হয়, “দিস হ্যাকড ইজ ডেডিকেটেড টু শাহাবাগ। মাই ওয়ার ইজ ডিক্লেয়ার এগেইনস্ট ইউ।
হ্যাকর তার পরিচয় দিয়েছেন ‘XTOR’। এছাড়া লাল অক্ষরে লেখা আছে প্রাউড টু বি এ বাংলাদেশি।
বাংলাদেশের স্বাধীনতার বিরোধীতাকারী দল জামায়াত ও শিবিরকে নিষিদ্ধ করা এবং যুদ্ধাপরাধীদের সর্বোচ্চ শাস্তির দাবিতে শাহবাগের আন্দোলনের মধ্যেই এ ওয়েবসাইট হ্যাক করা হলো।

21 April 2013

Guide on Accessing Banned File-Sharing Sites in UK

Within the past few years the United Kingdom has been doing everything it could to tackle piracy. Finally, the country’s High Court forced ISPs to block access to the most popular torrent index in the world, The Pirate Bay, and a few other file-sharing services, including Kat.Ph, H33t, and Fenopy. Although ExtraTorrent remains accessible, the situation may change, and this guide will help you in case of need. The UK residents willing to keep accessing their favourite file-sharing sites can use a number of alternatives to do so.

No_To_Internet_Censorship_by_anticensorship-150x150.png


1. The Onion Router (TOR)

TOR is a complex system allowing you to hide your true IP address via various online layers of anonymity, and this is why it is called Onion. As far as security is concerned, you don’t need to worry, because your data will be encrypted and re-encrypted many times, plus it will be sent via a succession of TOR relays. If you want to install and try TOR, visit https://www.torproject.org/ and download the app, which works on almost any OS – Windows, Apple and Linux/UNIX. Extract the archive and open the extracted folder to start browsing by double-clicking the “Start Tor Browser” executable. After you do so, you’ll see another window (the Vidalia Control Panel), together with an Internet browser demonstrating which IP address you’re currently using. In addition, the Vidalia Control Panel offers you a lot of features, like establishing your connection through TOR and appearance. You can also install the Torbutton for easier access.

2. Virtual Private Networks (VPNs)

In short words, VPN service is a private network which enables virtual encrypted connections that are hidden from prying eyes. It works by routing all of your Internet traffic via remote servers from all over the world. Basically, it’s a proxy service, but with more hip.

3. MAFIAAFire

MAFIAAFire is a plugin for Firefox and Google Chrome, which allows users to access portals that are either blocked or seized. Basically, it is an Internet browser redirector – in case a domain name of the website is seized, the plugin will search for similar domains and redirect you to a working one.

4. TorrentProxies
This is the easiest way of circumventing the blockage – just visit http://torrentproxies.com/ and choose any of the proxies listed there.

5. Direct IP

There are two ways to access a website: you either type in your browser’s address bar the usual address, like extratorrent.com, or the domain’s IP address. But first you have to find out which is it by either looking on the Internet for such a service, or finding it yourself by going to the Command Prompt in Windows and pinging the desired address (example: ping extratorrent.com, and you will see the number between the brackets as the website’s IP address).

Emergency Services Suffer Telephone DoS Attacks

Cyber criminals seem to be tying up emergency phone lines with phone-based DoS efforts, security experts report. Actually, TDoS has become a common weapon of annoyance and to extort cash from the targeted outfits, which are normally businesses and public service agencies.

According to the security experts, telephone DoS attacks use high volumes of automated calls in order to tie up target phone systems and halt both incoming and outgoing calls. Thus far, there have been plenty of such attacks, with their targets being mostly the administrative public safety answering point lines, but fortunately not the 911 emergency line. The point is that such offices were targeted because the attackers needed functional phone lines to carry out their attacks.

In the meanwhile, statistics reveal that many telephone-based attacks have targeted different businesses and public entities – for example, the financial sector, – as well as other public emergency operations interests, like air ambulance, ambulance and hospital communications.

So, what is the purpose of the attack? It seems that the attackers want to be paid protection money by the target entities. The scam scheme is quite simple: it normally starts with the companies getting a call from some “representative” of a purported payday loan company. During the conversation, a caller, in most cases speaking in a strong accent, demands payment of around $5,000 for an outstanding debt. After the caller is refused by the company, the perpetrator starts phone-based attacks, which can last for a few hours. Such attacks may stop for a while and then resume. Normally, once an entity is attacked, it might suffer random attacks over several weeks or even months.

In our days, the phone-based DoS attacks became so widespread because free IP-PBX software like Asterisk has become available. In addition, you can find online some computer-based call-generation instruments and easy-to-access SIP services. All this stuff makes it cheaper for the criminals to get their paws on such software and launch their extortion rackets even without much in the way of technical knowhow. Hopefully, the vital emergency services will remain unaffected by such scam efforts