03 September 2013

Facebook Refused to Award a Hacker


597230_1376942540.6806.jpg


Facebook team was humiliated by a hacker after it was trying spin out the news the software was flawed. It is known that the largest social network in the world has a policy that it is ready to pay at least $500 for any security flaw a hacker can find.




Khalil, a systems information expert from Palestine, discovered a flaw which allowed anyone to post to someone else’s timeline even if they are not friends. Khalil reported the flaw to Facebook security team twice, but with no result. He warned Facebook that he could post to Mark Zuckerberg’s wall, but the security experts claimed it wasn’t a bug at all. After this, Khalil posted an Enrique Iglesias video to the wall of Zuckerberg’s schoolmate. However, Facebook team still insisted that since one couldn’t see that post unless they are a friend of a user, it was all right.

Khalil said ok and posted onto Zuckerberg’s wall details of the security flaw. It should be noted that the hacker was very nice about it and apologized for violating Mark’s privacy. In a few seconds Khalil’s Facebook account was suspended and Facebook engineer contacted him to request all the details of the vulnerability. This time they explained that he hadn’t provided enough technical details for them to take action on it. In addition, they claimed that even by proving to them the hack existed, the company couldn’t pay him for the security hole because his actions broke Facebook’s Terms of Service.

It is unknown why the security team hasn’t said from the very beginning that they could see what the hacker talking about but lacked technical details. As you can see, Khalil tried to contact Facebook at least twice and both times they refused to act. So, it turned out that the hacker who found the exploit lost out by forcing someone at Facebook to understand it was a security hole. Frankly speaking, Khalil was punished for his good faith, while he could have sold it on to a 3rd party and make more cash that way.

Google Outage Cut Internet Traffic Twice

Over 40% of the Internet traffic throughout the globe disappeared after Google suffered an outage last week. Although the downtime only lasted a few minutes, depending on the user’s location, all of the Google services, including YouTube, went down.

wideareanetwork.jpg

Although the search giant hasn’t revealed the reasons for the outage, according to online analytics firm GoSquared, global online traffic fell almost twice during the downtime. Apparently, this figure can reflect Google’s control of the worldwide web. It is clear that for many users, the reliance on the tech giant is huge – just seconds after the outage, page views spiked shortly afterwards while users managed to get to their destination.

According to a message on the Google Apps Dashboard, all of its services were affected. Google admitted that it was aware of a problem with Gmail affecting a significant subset of users. While people managed to access Gmail service, they were only seeing error messages or other unexpected behavior. In addition, Google itself only believes that 50% to 70% of requests to its services received errors – in other words, if the outage had really been total the figure could have been much worse.

Apparently, Google has a vested interest in preventing this happen again – in the 4 minutes of downtime it would have lost $500,000 in advertising. The experts claim that to face a problem that size there would have had to be a physical infrastructure problem. However, Google provided no comments on the issue, so it can be just a guess

How NSA Spied on Americans

Recent media reports released a few top secret documents about how the US National Security Agency illegally spied on its citizens, thousands of times per year. It turned out that most of the May 2012 audit was a catalogue of cock-ups where the agency collected information by accident, blaming analyst and programming errors. However, in one situation the phone records of over 3,000 American citizens were collected despite the fact that the agency had been ordered to erase them by a surveillance court.
nsa-prism1.jpg

Overall, the audit reported 2,776 cases where the National Security Agency violated its own privacy rules. In one case, the spooks confused the US area code (202) with the international dialing code for Egypt and snooped on domestic US phone calls. In another situation, the agency mixed domestic and foreign emails collected from tapping into a fibre-optic cable passing through the country. The NSA wanted to store the emails and claimed to the Foreign Intelligence Surveillance Court that they simply couldn’t filter out which emails belonged to the US citizens. In response, the court ruled that the email collection effort must stop, because it was “deficient on statutory and constitutional grounds”.

The audit in question appears to have been provided to the mass media several months ago by famous Edward Snowden and was initially supposed to be seen by the NSA’s top brass and no politicians ever saw it. Although Snowden made promises to not reveal any secrets while he is staying in Russia, more information of what he had passed to the media earlier is expected to be released soon. It is known that Glenn Greenwald, the Guardian reporter who has published the most NSA secrets based on Edward’s leaks, keeps working on a pile of them. According to his tweets, he will be releasing more data soon.

Book about Hacking Collectives Released

The security forces all over the globe have been desperately trying to reveal the identities of LulzSec and Anonymous hackers, while journalist Parmy Olson obtained extraordinary access to the hacking groups and wrote a book.

march-coming-hacks-anonymous.n-300x224.jpg


Everyone remembers how in 2010 a new global superpower emerged, which was acting in unorthodox ways, was unaccountable and yet of the people – nameless, faceless and Anonymous. The group was created online and acted most decisively and effectively when it saw threats to the Internet itself. For example, its most successful operations were carried out after infamous WikiLeaks released the embassy cables and lots all sources of funding because major payment systems refused to take donations on its behalf under the pressure of the government.

You can learn from Parmy Olson, a reporter with Forbes and the author of “We Are Anonymous”, that it was WikiLeaks attacks that turned Anonymous political. Olson managed to create a clear, coherent narrative from lots of confusing detail, tracing Anonymous’ origins to the 4Chan site. Her book details the chronology of the group’s evolution, although everyone, including the media, police and even the hackers themselves, had their own opinions of what it really was.

The book also mentions LulzSec, a small group of talented hackers and activists, recognized as the most wanted cyber-criminals in the world, who easily hacked the CIA and the British Serious Organized Crime Agency. Good sense of humor they had – after PBS criticized WikiLeaks, LulzSec hacked into its server and published a story claiming that Tupac Shakur had been found alive and well in New Zealand. In addition, the hackers took down the Sun’s front page to replace it with another, saying that Rupert Murdoch had died in his famous topiary garden.

Everything is described in the book, which was written a year ago, as the author befriended the key members of the group before their identities were disclosed by the authorities. As you know, the FBI picked up one of the band members and turned him into an informer, and then the arrests followed. The review, posted by the Guardian, admits that “We Are Anonymous” has only one substantive flaw, which is even not the author’s fault – it is at the moment out of date because of the numerous legal issues surrounding the trials – so it contains no updates on the sentencing and nothing on the significance of the PRISM leaks by Snowden.

01 September 2013

Software Defined Networking

New Networking technology which opening up inner resource to upper Applicationsupporting software programmable control




SDN’s key features

Separation of control plane and data plane

make  SDN-based infrastructure networks more flexible, intelligent and adaptive to changes.

Network resource openness

enable infrastructure network providers to make new revenue through opening their networks to third party service providers in a win-win collaboration.

Decoupling of hardware and software

make it much easier to introduce new technologies to infrastructure networks and make network equipment more affordable to help boost the widespread  deployment of broadband networks.


 

Is this the happiest flower in the world ;~)

Is this the happiest flower in the world? Ophrys apifera is a hardy species of orchid found commonly in the Mediterranean region. Referring to that dark red monobrow it has there, 'Ophrys' derives from the Greek word 'ophrys', meaning "eyebrow", while the Latin word 'apifera' refers to the bee-shaped lip. For this reason, the flower is often called the bee orchid.
Photo: Is this the happiest flower in the world? Ophrys apifera is a hardy species of orchid found commonly in the Mediterranean region. Referring to that dark red monobrow it has there, 'Ophrys' derives from the Greek word 'ophrys', meaning "eyebrow", while the Latin word 'apifera' refers to the bee-shaped lip. For this reason, the flower is often called the bee orchid. 

Image: Hans Hillewaert; Wikimedia

26 August 2013

Oracle CEO Supported NSA Spying

Oracle Chief Executive Officer Larry Ellison was seen expressing the enthusiastic support for the NSA’s global surveillance of the worldwide web and everyone on it. Ellison claimed that some things said about the NSA were misleading – for example, information was already being collected long before the agency was seeing it. Moreover, such organizations as credit card companies had all this information long before the National Security Agency.

However, it is obvious that there is some difference between a credit card company building a file on its customer and the most powerful government of the world potentially keeping records on everyone. For instance, credit card companies normally have no power to arrest people and lock them up in solitary for a lifetime. The critics also can’t think of a single time a failed card application confiscated someone’s passport.


Larry Ellison claimed that he has never heard of data being misused by the government. Perhaps, he has never heard of the Foreign Intelligence Surveillance Court, where the Fourth Amendment protections of a US citizen were violated at least once. Via collusion with other allies, including the UK, the US can get around irritating technicalities like Amendment protections – as such, in all likelihood it was many more.
In the meanwhile, the NSA is not transparent at all, and most details about the spying programs are classified for “national security” and therefore would have never been revealed if not for Edward Snowden. Still, Larry Ellison believes that surveillance is essential, citing the need to minimize terror attacks like in Boston. He misses the fact that the blanket surveillance of citizens failed to stop that tragedy from happening, with the FBI admitting that snooping couldn’t have flagged the Boston bombers.
Although Ellison admitted he was a bit concerned about the possibility of the technology being used for political targeting rather than terrorism, he insisted that the government would never do so. Perhaps, he is so supportive of the spying program simply because Oracle is a top tech supplier for the NSA. Aside from the NSA, the company also solicits other defense contracts and recently signed a $680 million deal with the Defense Information Systems Agency, for example.

21 August 2013

জাকারবার্গের ফেইসবুক অ্যাকাউন্ট ‘হ্যাকড’




     

৪৪ মিনিটে ইন্টারনেট স্ক্যান





     Print Friendly and PDF

18 August 2013

TOR Recommended to Stay Away from Windows

TOR is warning Internet users to abandon Windows after it was revealed that American spooks were spreading malware on the popular anonymizing network exploiting Firefox zero-day vulnerability. The latter allowed the FBI to use JavaScript code in order to harvest crucial identifying data on PCs visiting some services using The Onion Router network.
onionnetwork.jpg

TOR developers suggest users to simply switch away from Windows. The matter is that the malicious Javascript which exploited zero-day vulnerability was created to target Windows PCs running Firefox 17 ESR, a version customized to view websites through TOR.

In the meantime, people using Linux and OS X remained unaffected. Although there’s nothing to stop the spooks writing a version of the code targeting Linux and OS X, it is still less likely to happen. It seems that the fake Javascript was planted on services where the attacker was interested to see who visited. It collected the hostname and MAC address of a user’s PC and sent it to a remote computer. This exploit was targeted specifically to unmask people using Tor Browser Bundle without really installing any backdoors on their host.

The TOR developers also recommended peoples to turn off Javascript by clicking the blue "S" by the green onion within the TOR browser. They explained that disabling JavaScript may reduce users’ vulnerability to other attacks similar to the last one. However, disabling JavaScript would make some online services not work like users expect. A future version of the browser will have an easier interface to allow people to configure their JavaScript settings. Although Mozilla has already patched the hole in Firefox, some users may still be using the earlier versions of the TOR Browser Bundle.