Myanmar websites and Bangladesh websites have been attacked by two groups of heckers from Bangladesh and some heckers from Myanmar.

Two groups of heckers of Bangladesh are Bangladesh Cyber Army and Bangladesn Black HAT Hackers. They both are DDos( Distributed Denial of Service)and other security-illed or weak websites. Bangladesh Cyber Army attacked Myanmar website, www.myanmar.gov.mm and websites of Myanmar Tourism.

Facebook pages of Bangladesh Cyber Army has told as Myanmar heckers attacked theirs and so they have to attack back.

June 18, 6PM,MST they attacked websites of Myanmar Teleport and Communication, www.mpt.net.mm.

Blink Hecker Group who attacked Bangladesh’s sites has told as they attacked only Rohinjar’s sites.Then continued to attacked bangladesh goverbment’s sites for they attacked.

In this cyber war, some of Bangladesh people helped.

Source: groundreport

Two service outages within the course of several hours rocked microblogging platform Twitter on Thursday, as users worldwide reported significant down-time and slow service across both Twitter’s website and mobile applications.

Amid speculation that Twitter had been crippled by a hacker attack, the San Francisco-based company blamed the outage – one of its most severe episodes in recent months – on a “cascading bug” in one of its infrastructure components.

“One of the characteristics of such a bug is that it can have a significant impact on all users, worldwide, which was the case today,” Mazen Rawashdeh, a Twitter vice president of engineering, wrote in a blog post on Thursday afternoon, after normal service resumed.

“We are currently conducting a comprehensive review to ensure that we can avoid this chain of events in the future,” he added.

Twitter’s statements came after UgNazi – an emerging hacker outfit that recently gained publicity for breaking into Cloudflare chief executive Matthew Prince’s personal Google email account – claimed credit for the service disruption in an email to Reuters, saying it launched a distributed denial-of-service (DDoS) attack against Twitter because of the company’s support for the Cyber Intelligence Sharing and Protection Act.

One security professional said the group probably used a DDoS-for-hire site to launch an attack against Twitter on Thursday, but downplayed the likelihood the group was solely responsible for bringing down the social media network.

“It was mere coincidence,” the security professional said. “The backend of Twitter is having issues, which is unrelated to the very small attack.”

North American traffic levels for Twitter.com sharply plummeted on two occasions between 8:30 a.m. PDT (1530 GMT) and 11:00 a.m. PDT (1800 GMT), according to data provided by network analytics company Sandvine.

The first outage lasted between 8:30 a.m. (1530 GMT) and 10:00 a.m. (1700 GMT), data showed.

Twitter acknowledged the disruption in a mid-morning blog post that was continually revised as the service resumed, only to fail for a second time before 11:00 a.m.

Thursday’s sustained outage leaves a fresh bruise on a service that had supposedly shed its unreliable reputation long ago.

As the service resumed on Thursday, its most dedicated users quickly hopped back on to crack jokes, express relief and complain about the interruption – and, indeed, the fact that during the outage they had nowhere to complain about the interruption.

Founded in 2006, Twitter was plagued in its early days by frequent outages as its servers struggled to handle the ever-rising volume of tweets generated worldwide, leaving frustrated users with its famous “fail whale” error screen.

In recent years, Twitter, which has been under great pressure to demonstrate financial viability, has also devoted considerable resources toward improving its reliability, in an attempt to project itself as a mature, polished brand.

CEO Dick Costolo said this month that Twitter now has 140 million active monthly users who send 400 million tweets daily.

The company sounded an apologetic note on Thursday, as it conceded it had failed users who rely on the platform to connect with “heroes, causes, political movements.”

“It’s imperative that we remain available around the world,” said Rawashdeh, “and today we stumbled.”

Source: http://news.terra.com/twitter-suffers-sustained-outage-amid-hacker-attack,15a1a3f0e2218310VgnVCM3000009acceb0aRCRD.html

When two computers wish to communicate, they have to acknowledge that they are ready to communicate, and this process is sort of like talking to a friend by text messages. Say you want to talk to Billy: you send Billy a text message saying you want to talk. Billy gets this message from you, which is good, because he also knows that you-to-Billy communication works — this is sort of a big deal, because you and Billy live in a world where cell phone providers aren’t very reliable.

Billy now has to let you know that you got his message, and that Billy-to-you communication is works, so he replies with another text message, saying “Looks like I can get your messages, and I’m attending my phone now” You get this message, and everything looks cheery, so you send him a last text message saying “I can get yours too. Let’s start talking!” where you and Billy can now carry on a friendly chat.

This is how computers communicate with each other; it’s called handshaking, and it’s used to do two things: acknowledge the desire to communicate with each other, and to make sure the lines of communication are working well. It’s harder to prove the latter, because in the example above, Billy might not have gotten your last text message, and you’d never know, so it would be reassuring if he acknowledged if he got it by sending you another confirmation, before you start wasting a ton of money through sending him a bunch of text messages that he might not even get! Of course, then you’d have to confirm that you got his confirmation, and he’d have to confirm that confirmation, and so forth. As reassuring as it is, we can’t keep doing this indefinitely, and network engineers have had to come up with a solution to this problem, known as The Two Generals’ Problem. In the end, they settled on the protocol as mentioned above.

Now, say you want to chat with Billy, so you send him a text message to see if he’s there. He confirms that he’s there, but the text message gets dropped because of a bad cell phone tower. Now both of you are stuck at a stalemate; you’re waiting for his confirmation, and he’s waiting for yours. This is a bad situation! So, in order to avoid this, Billy tries to resend his reply after a certain amount of time, after not hearing from you, because he doesn’t know whether it’s your cell phone tower that’s bad, or his. And, after he still doesn’t get a reply from you, he gives up, and determines that the cell phone towers are conspiring against your friendship.

A Denial-of-Service takes advantage of this protocol, to allow you to, well, troll Billy. How it works is as concisely explained in the comic strip — you send Billy a message saying you want to talk, and he sends you a message back saying that he’s ready to talk, but you “pretend” like you never got his message, keeping him busy for a few minutes until he gives up. Then you poke him again, saying you want to talk again, and pretending like you just can’t hear him, and he’ll always put in a full effort to try to start a conversation with you. This causes Billy a lot of aggravation, especially if you get a lot of people to do this to Billy! Eventually, he won’t be able to keep sending all these confirmations to all the people that he thinks genuinely want to talk to him, and he spends every waking minute replying to these phony text messages, leaving him no time to start conversations with people who actually want to talk to him. Thus, you’re denying anyone who wants to actually talk to Billy the service of Billy’s conversation.

Miscellaneous Facts: The “text messages” that computers send to each other are called packets. It’s exactly like what it sounds like — a small parcel of information, wrapped nicely with a stamped address, date, return address, and all the good stuff.

The initial packet in the handshaking protocol is called a SYN packet, short for synchronize. The receiving computer sends back an ACK packet, short for acknowledge, as well as another SYN packet. The original conversation-starter replies to the SYN packet with a final ACK, and then conversation can begin. The computer who sends both the SYN and the ACK at the same time sends a combined packet, usually referred to as SYN/ACK. This makes the protocol a three-packet protocol: SYN, SYN/ACK, then lastly, ACK.

Source: http://pbjbreaktime.com/2011/01/what-is-ddos-denial-of-service-attack-explained-in-laymens-terms/

http://www.reddit.com/user/ProggitExplainer

News of the recent LinkedIn security breach that compromised 6.4 million user accounts must have sent shivers down the spines of users who heavily make use of the website. While LinkedIn has since reset its systems, it could take days to complete investigations into how security was breached on the site that helps matchmake potential employers with employees.

According to a Reuters report, at least two security experts who examined the files, believed to contain the stolen LinkedIn passwords, said the company had failed to use best practices for protecting the data.

They claimed that LinkedIn used a basic method for encrypting passwords, which allows hackers to quickly unscramble all passwords after they figure out the formula by which any single password has been encrypted.

However, Mark Smith, managing director, Asia, Savvis, asserts that no system is completely foolproof. “Security breaches can happen and no system is 100 per cent secure,” he says. Savvis is a company that helps build cloud infrastructure and host IT solutions for enterprises. Mr Smith believes that effective communication to customers after a security breach still remains a challenge.

He points out that putting together a formal communication process can reduce fear among the public and increase their confidence in the company and he applauded LinkedIn’s swift action in providing members with an update that answered some frequently asked questions and letting them know what they could do to protect their information.

Turning to the industry, Mr Smith observes that there is a constant and growing threat of viruses, worms, spyware, and denial-of-service attacks that can corrupt, steal, or even destroy critical corporate information. These attacks have become widespread and complex and many businesses find it challenging to prevent zero-day attacks.

Network security comes down to the tiers of security that are applied to the business. “Service providers should layer security services to protect against breaches. This means they can expand security coverage accordingly, as businesses grow,” he explains.

One of the fastest growing threats today is a Distributed Denial-of-Service (DDoS) attack. In many cases, a DDoS attack could be caused by hundreds, or thousands, of compromised computers controlled by a single perpetrator.

During an attack, the perpetrator instructs these infected computers to “flood” a business site with requests, rendering it incapable of functioning properly. This ultimately brings the site down and causes financial losses, for instance, in the case of bank websites.

A common security breach usually occurs from within the organisation, sometimes due to human error, or to malicious employees. Mr Smith notes that a wrong configuration of applications is another cause of security breaches.

Employees handling company security may be trained in general security, but are not specialised in specific aspects of security, leading to human error.

“Many companies whose core business is not deploying security end up deploying security and this increases the probability of a potential security breach,” he explains.

Malicious damage could also result in security breaches. Many companies find it difficult to control internal access.

Mr Smith says: “We regularly see news articles about service failures and anonymous taking down of websites like government services and some of the biggest brands in the world. DDoS mitigation, layering security levels, and outsourcing infrastructure to experts can help provide against such incidents.”

Source: http://business.asiaone.com/Business/SME%2BCentral/Tete-A-Tech/Story/A1Story20120618-353593.html

If modern technology is a universal language, today our world is getting schooled in innovation. Mobile devices have become an integral part of our lives. We game on them, surf on them, bank on them, and now there is the growing opportunity to buy things on them. The new era of mobile payments will likely mean that your phone never leaves your hand. Point of Sale (POS systems) set up with Near Field Communications (NFC) or the ability for a cashier to scan your phone with a QR card reader. This means that you should never hand your device over to anybody. Yet, research says that people have security fears, and these concerns are valid.

When we talk about mobile payments we usually get the same reaction from people: excitement and anxiety. We as human beings love convenience and gadgets that make everyday life easier. That said, we’re risk averse when it comes to our money.

With more sensitive data being held on smartphones, new security threats have emerged. Mobile users list remote access by hackers, interception of calls or data, device theft, or loss and the installation of malware and viruses, among their greatest concerns. Many of the threats that originated online are also moving to the mobile environment, including Distributed Denial of Service (DDoS) attacks, crimeware botnets, and “hactivist” groups such as Anonymous.

To reduce these inherent risks, organizations must look to adopt a mobility security strategy that addresses the mobile threat landscape.

Given the fact that in the near future mobile payments will enjoy rapid uptake, mobile network operators and financial institutions are challenged to provide a service that transmits payments quickly and reliably. Merchants are also looking to adopt mobile payments on a larger scale. While doing so, they are looking for industry expertise and guidance.

The PCI Security Standards Council issued a new document this month that explains its views on mobile payment security, and provides guidelines for how merchants can securely accept payments using mobile devices such as smartphones or tablets. Mobile payment security isn’t a one-size-fits-all challenge, however it is important to craft the mobility security strategy while delving deep into the world of mobile payments.

I was reading Abhi’s post on foiling the modern day Bonnie and Clyde and as he points out, the threats aren’t limited to computers. Our always-on mobile devices are ripening into a juicy opportunity for cybercriminals as we perform more transactions on the go.

Information security is not a “check the box” compliance exercise. No single solution can inoculate a network from attack, and protecting information is not solely IT’s responsibility. Instead, the new integrated security approach is predictive and organization-wide. It proactively protects while anticipating the worst. It embraces rather than bans. It focuses on trust, not paranoia.

By rethinking your information security strategy and using an integrated security approach, your organization can manage the right risks and drive value in the era of mobility.

Source: http://networkingexchangeblog.att.com/enterprise-business/mobile-payments-bring-new-opportunities-and-new-threats/