Twitter Down reported hours after Google Talk crash

Hours into a global Google Talk outage that left users unable to use the instant messaging client, it appears Twitter has gone down as well.


In a message to users, the company said: "Howdy folks, looks like we're experiencing a small interruption of Twitter.com and some mobile clients."


It is not yet known what caused the fault. Users that could access the service reported that shortened URL links included in tweets were not working properly.

The micro-blogging site appears to be experiencing a service disruption, with users in both Europe, Asia and the US saying they were unable to load the site.

Crowd-powered web service monitoring site Down Right Now has said there is “likely a service disruption,” based on user feedback.

Affected users are unable access the site at all - even the site’s iconic Fail Whale image is not loading for some Tweeters.

“Users may be experiencing issues accessing Twitter. Our engineers are currently working to resolve the issue,” Twitter has written on its Status page. No details beyond that have been revealed.

Microsoft Names Two Zeus Botnet Operators

Three months after initially disrupting the Zeus botnet, Microsoft officials have named two of the people who they think are behind the malware network, a pair of Ukrainians who already are sitting in jail in the UK.
From the beginning of the anti-Zeus operation, which became public in March, Microsoft officials and lawyers from other organizations, including NACHA, have been trying to identify the dozens of John Does named in the initial legal complaint. Those efforts hadn’t met with any success, until last week when Microsoft named Yevhen Kulibaba and Yuriy Konovalenko as two of the John Does behind the Zeus botnet. The company has told both the FBI and the authorities in the UK of their findings, and also included the men’s names in the amended legal complaint.

“In an amended complaint, filed last week, Microsoft named Yevhen Kulibaba and Yuriy Konovalenko as defendants. Microsoft has learned that these particular defendants were already serving jail time in the United Kingdom for other Zeus malware related charges. Microsoft has advised the U.K. government of the criminal referral to the FBI. By referring this case to the FBI, as we did in September 2011 with our case against the operators of the Rustock botnet, we are affirming our commitment to coordinating our efforts with law enforcement. Our goal is always to work in ways that are complementary to law enforcement. Our hope is that the evidence we provided to the FBI in this case will lead to a criminal investigation that brings the perpetrators to justice,” Richard Boscovich, a senior attorney in Microsoft’s Digital Crimes Unit, said in an analysis of the operation.
The anti-Zeus operation is the latest in a line of botnet takedowns and anti-cybercrime actions undertaken by the Microsoft DCU, a relatively new gorup inside the company that’s devoted to investigating and helping stem cybercrime. The DCU also was involved in the takedown of the Rustock botnet, as well as operations against the Kelihos and Waledac botnets.The Zeus takedown hs been unique for a couple of reasons, chief among them the use of the civil section of the RICO anti-racketeering statute to aid in the investigation.
“In criminal court cases, the RICO Act is often associated with cases against organized crime; the same is true in applying the civil section of the law to this case against what we believe is an organization of people behind the Zeus family of botnets. By incorporating the use of the RICO Act, we were able to pursue a consolidated civil case against everyone associated with the Zeus criminal operation, even if those involved in the ‘organization’ were not necessarily part of the core enterprise,” Boscovich said at the time of the initial Zeus takedown.
Microsoft is working with ISPs to help them identify Zeus-infected machines and alert the users about the infection.

Facebook offer Bug bounty To hackers, who find flaws in its systems

Several companies already reward 'white hat' hackers who responsibly report flaws in their web services, but Facebook is apparently going a step further with payments to those who find vulnerabilities in their internal systems

Facebook and Google have for some time offered bounties to hackers who find vulnerabilities in their public-facing systems, but now the social network has gone a step further by offering to reward hackers who find and report flaws in Facebook's corporate network.

According to a Bloomberg report on Thursday morning, the move will be announced at the DefCon hacking conference. "If there's a million-dollar bug, we will pay it out," Facebook security response chief Ryan McGeehan was quoted as saying.

The idea of a company paying so-called 'white hat' hackers to probe their sites and report flaws — rather than exploiting them — is rare, but far from new. Google and Facebook do it, as do Mozilla, HP and, as of last month, PayPal.

However, rewarding people for breaking into internal systems is an even riskier proposition. According to the Bloomberg piece, Facebook was moved to introduce the new bounty scheme after an external researcher informed the company of a flaw that meant outsiders could listen in to their internal conversations.

Facebook's bug bounty page says the company will pay a minimum of $500 for each responsible disclosure, as long as the bug could "compromise the integrity of Facebook user data, circumvent the privacy protections of Facebook user data, or enable access to a system within Facebook's infrastructure".

The only kinds of bugs that Facebook won't pay out for are those in third-party apps or websites, denial-of-service vulnerabilities, and spam or social engineering techniques, none of which Facebook has any control over.

Anonymous could be criminals hiding in plain sight

'Anonymous could be criminals hiding in plain sight' - security expert

Hostile governmenns could be posing as Anonymous - expert

Users could give data to criminals under hacktivism guise

Time for people to go "old school" to make a difference

Anonymous hack it again: steals ISP user data from AAPT

THE people claiming to be from Anonymous could be wolves in sheeps clothing - but not in the way you think, an Australian internet security expert has warned.

Phil Kernick, Chief Technology Officer of CQR Consulting, told news.com.au that cyber criminals and hostile governments could be using the publicly acceptable alias of the hacktivist group to trick people into handing over their data.

“Imagine that Anonymous encouraged users to help bring down the Australian Government by downloading software and told them on to press a button on a specific date, bombard a website and take it offline, but instead of getting a real version of the software you are pointed to a website which has an embedded banking Trojan (virus),” he said.

“This kind of behaviour is perfect for people who want to attack you.

“Attacking the government is just a side effect. It may not even work but it doesn’t matter. It’s not what they’re trying to achieve.“

Mr Kernick said this kind of behaviour was called “hiding in plain sight” - a classic misdirection technique practised by magicians since time immemorial.

Because Anonymous are a group of loosely affiliated activists and hackers, almost anyone can claim to belong to the group – including hostile governments.

He emphasised that he did not think the recent attacks on Australian government websites and ISPs were the work of cyber criminals or nation states but the group’s popularity was making the possibility of this easier.

He said that the recent hack on Syrian President Bashar al-Assad’s email account was a perfect example: “The question is who benefits from this. Yes, it could be random teen hacktivists getting bored but I would have thought the email of the Syrian President would be a bit above the skill set of your average spotty hacker, but maybe not past the level nation states could get past.

“So why not embarrass them publicly and expose details, to the benefit of your own nation state and blame it on Anonymous?”

Perpetrating cyber fraud under the guise of activism is the future of the internet, Mr Kernick said.

“We’ve moved past attacking systems and websites to attacking people to gain their credentials,” he said.

“If you're a nation state it's about attacking people because they have access to stuff and they can get people to do things for them.

“It’s much easier than attacking people.”

So what is the solution? Going old school.

Mr Kernick said education campaigns have failed largely because people live in denial that they could ever be the subject of cyber criminals or nation states and that security companies need to stop trying the same old awareness campaign expecting a different result.

“I would suggest if you want to protest, go write a placard, get manual, get real world about it,” he said.

“Write a letter to your MP, write a letter to News Ltd, get it published the paper.

“I’m not a fan of this ‘anonymous’ sniping.”

However the cyber security expert acknowledged that it’s unlikely people would take this route because it’s always easier to click on a link than pen a letter they might have to put some thought into.