Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Monir Hossan

Pages: [1] 2 3 ... 15
Thank you sir!

Use of email / Re: Our Email address (
« on: November 05, 2018, 01:36:10 PM »
This is an important post. The e-mail address, provided from DIU domain, needs to be considered as a resource for the student from the University. The students should regularly check their student e-mail and keep in touch with updated news and information of the university as well as the country.

Thanks for the compliments!

Law / Analysing the draft Bangladesh Labour (Amendment) Act 2018
« on: September 25, 2018, 02:33:05 PM »

The draft of Bangladesh Labour (Amendment) Act, 2018 aims to make labour law worker-friendly while regulating the conduct of workers and owners in compliance with the standards of International Labour Organization (ILO). In the proposal, 2 new sections, 4 sub sections and 8 clauses have been added, 6 sub-sections have been repealed and reform in 41 sections have been proposed. After the Rana Plaza collapse, Bangladesh had to raise its standard of labour law to international standards in order to obtain the GSP plus status in the European Market. The proposed amendment attempts to fulfil these conditions by a margin.

Under this amendment, the government, after consultations with different stake-holders, has proposed to reduce the minimum support needed to form a trade union to 20 percent from 30 percent stipulated by the existing law. But the ILO Convention prescribes that even if only 10 workers want to form a trade union, they have to be granted permission. The proposed provision in this regard is not consistent with the ILO conventions. Moreover, the draft prescribes that a worker of an industry can be a member of only one trade union and in case of dual membership, the new law suggested one month imprisonment. The proposed amendment also curtails discretionary power of the Director General of the labour department in cancelling registration of a trade union. In the existing law, to form a trade union, the workers from the informal sector need identity card whereas there is no authority to provide them with one.

The proposed amendment does not bring any good news for the domestic workers who are the most neglected ones in the country. According to the proposed amendment, the government would prepare a standard operating procedure (SOP) for registration of the labour organizations. A labour organization would apply for registration in specific form and the Director General of the Labour Directorate would resolve the application within 55 days. Previously the time period was 60 days.

The draft has also incorporated tougher provisions to prohibit misconducts on the part of owners and workers. A worker or owner would get one year imprisonment or penalty of Taka 10,000 or both for any misconduct including violation of the law. The law suggested punitive actions for workers' acts that include mounting undue pressure, threat or physical assault to compel the owners to sign any agreement, disrupting power, gas or water supplies and unlawful shutdowns.

According to the proposed amendment, to organise a strike, the workers also have to notify the employers 21 days prior to the day of such event. Then the entire process of strike would require a long bureaucratic process which can definitely create a bar to legitimate strikes. In the existing law, there is provision for one year imprisonment, five thousand taka fine or both in case of participation in any illegal strike or lock-out. In the proposed amendment Act, the punishment has been decreased to 6 months imprisonment.  Under the existing law, there is a provision for a resting room. In the proposed amendment, along with a resting room, a new requirement of dining room has also been added if there are more than 25 workers in the factory.

According to proposed amendment, expectant mothers would mandatorily be entitled to get eight weeks maternity leave and other benefits within three days of submission of necessary of documents. An owner may face penalty of Taka 25,000 on charge of depriving an expectant mother from maternity leave. Under the existing law, a child can be employed for light work on condition that it would not be harmful to his health and his education would not be hampered.  The draft seeks total ban on child labour in factories. At the same time the law prohibited engagement of children and physically challenged persons in any risky job.

Source: The Daily Star (

Smartphone / The future of smartphone tech
« on: July 09, 2018, 11:44:48 AM »
It has been a mostly boring year for smartphones. For the first time in history, smartphone sales figures across the US declined last year. Things just aren't the same anymore, with flagships touting the same features and no real substantial improvement. The ones which offer anything over your previous smartphones cost a fortune. But all is not lost. There's still hope for the smartphone industry, and here are some of the trends you might see this year.

Gaming smartphones

Up till now, Smartphones only had a few market segments for covering price ranges. But with the arrival of the Razer phone, the market changed gradually. Earlier this year, we saw the Xiaomi Blackshark and ZTE Red Magic release. ASUS has already promised the release of the ROG phone in the near future, and a plethora of accessories to support the gaming-focused smartphone. All of this has been kicked off with the release of PUBG on mobile platforms for completely free. Expect to see a lot more of these gaming smartphones arrive in the coming days.

Face recognition
Face recognition tech has been around for years, and it was expected to hit the mass market with the release of the iPhone X. We might have seen the implementation of it on the OPPO F7 and the One Plus 5T, but none of these were nearly as secure. Another patent from Samsung suggests their work on a biometric camera which uses both the iris scanner and 3D face recognition tech.

AR and VR
The current state of AR and VR is in a questionable state, yet the tech is getting cheaper day-by-day. Apple showed off its AR capability on its newest iOS update, and some other Android smartphone manufacturers have followed suit. Hopefully, we'll see a lot more AR applications throughout the next few years as AR gets more accurate and sees wider usage.

Malleable displays
The concept first started a long time ago, back in 2013 when Samsung revealed a foldable AMOLED Panel which functioned amazingly even after 100,000 bends. The project eventually took form as Samsung Galaxy X, and now it's closer than ever. And Samsung isn't the only one running this race, last year Microsoft patented a foldable display, presumably for its Surface phone. LG even patented a flexible display with a smartpen, hinting towards its attempts at catching up with the world.

New flagships around the corner
Qualcomm's newest flagships are around the corner, as just a few days ago a Japanese media site leaked an unknown Sony device getting benchmarked on Geekbench with the score being 30% higher than Qualcomm's current flagship, Snapdragon 845. Obviously, other than performance boosts, Qualcomm is expected to implement dedicated computing units for AI.

The future of connectivity
Up til now, the details about Qualcomm's upcoming flagship SoC, Snapdragon 855, has been scarce. We know that it's supposedly a 7nm chip and possibly manufactured by TSMC. It's a smaller chip than the 845, so we can expect some power efficiency from this brand-new chipset. Qualcomm is more interested in pushing its X50 modem supposedly bundled with the 855. In late 2017, Qualcomm announced a successful trial of their X50 modem supposedly running 5G connections. This hints that future flagships might feature 5G modem, and Qualcomm might be powering the first batch.

Mobile payment
Mobile payment sees a wider application with Android Pay and Samsung Pay getting used across the world. It's hard to say which one's faster to win the race, but Samsung Pay's winning for now with its Magnetic Secure Transmission tech, supposedly supported by around 90% of all US retailers. As NFC becomes the norm, mobile payment is sure to get more secure. Who knows, maybe Google might decide to buy one of our own mobile banking giants.

Wireless charging will be widespread
A few days ago, famous Youtuber LinusTech Tips featured a wireless charging module which charges out of thin air in a selected area. This device also should charge smartphones relatively faster- which is surprising. Probably not far off before you see this device in a Starbucks store as manufacturers start racing to support this tech.

The bezels are dead
2017 was the year of the notch, and that trend has watered down to mid-level smartphones in 2018. Needless to say, it was time to innovate. As so, Smartphone giants OPPO and Vivo decided to release their own take on the bezel-less competition. Samsung and Apple failed to be the first one to remove bezels completely, however, as Vivo Apex was the first phone with seemingly no bezel. This is a sign of things to come, as with the death of bezels, virtual buttons are slowly becoming the norm.

Under display fingerprint scanner
We've already seen this tech pouring in, but it'll be even faster. First seen in the X20 from Vivo, major players such as HTC, Apple, Samsung or Xiaomi are yet to introduce the feature in their phones. But we presume that under-display fingerprint reading is the future, as it's getting faster day-by-day. And it's a change we all want because fingerprint scanners on the back or front do play a role in the aesthetics of the device.

Link for more:
Source: The Daily Star

Creativity and innovation have become crucial part in teaching and learning now a days. The more the teachers and students become creative and innovative the more they will be able to keep pace with the competitive and ever changing world. Thanks for sharing the resource.

Please put appropriate link.

Thanks for your complements!

IOT (Internet of Things) / The IoT's Perplexing Security Problems
« on: July 03, 2018, 02:51:22 PM »

Worldwide spending on the Internet of Things will total nearly US$773 billion this year, IDC has predicted.

The IoT will sustain a compound annual growth rate of 14.4 percent, and spending will hit $1.1 trillion by 2021, according to the firm's forecast late last year.

Consumer IoT spending will total $62 billion this year, making it the fourth largest industry segment, after manufacturing, transportation and utilities. The leading consumer use cases will be related to the smart home, including home automation, security and smart appliances, IDC said.

Cross-industry IoT spending, which encompasses connected vehicles and smart buildings, will gobble up $92 billion this year, and will be among the top areas of spending for the next three years.

IoT growth will get a boost from new approaches coming from firms such as China's Tuya Smart, for example, which combines hardware access, cloud services, and app development in a process that lets manufacturers transform standard products into smart products within one day.

Shadow IoT Devices on Enterprise Networks
One third of companies in the U.S., the UK and Germany have more than 1,000 shadow IoT devices connected to their network on a typical day, according to a recent Infoblox survey of 1,000 IT directors across the U.S., the UK, Germany and the UAE.

The reported shadow IoT devices included the following:

Fitness trackers - 49 percent;
Digital assistants such as Amazon Alexa and Google Home - 47 percent;
Smart TVs - 46 percent;
Smart kitchen devices such as connected microwaves - 33 percent; and
Gaming consoles - 30 percent.
There were 1,570 identifiable Google Home assistants deployed on enterprise networks in the U.S. as of March, according to the Infoblox survey. There were 2,350 identifiable smart TVs deployed on enterprise networks in Germany, and nearly 6,000 identifiable cameras deployed on UK enterprise networks.

Shadow IoT devices are devices connected to the company network but not purchased or managed by the IT department, according to Infoblox.

"Often IoT devices are added to the network without the direct knowledge of IT," noted Bob Noel, director of strategic relationships and marketing for Plixer.

"Companies need to pay attention to the deployment of IoT devices, which are regularly put online with default passwords, legacy code riddled with known vulnerabilities, and a lack of defined policies and procedures to monitor them, leaving companies extremely vulnerable," he told the E-Commerce Times.

More than 80 percent of organizations surveyed said security was the top consideration in IoT purchase decisions, said Brent Iadarola, VP of mobile & wireless communications at Frost & Sullivan.

However, "the unfortunate reality today is that unknown assets and unmanaged networks continue to exist in enterprise networks and are often overlooked by vulnerability scanners and solutions that monitor network changes," he told the E-Commerce Times.

Still, "we have started to see some movement towards integrated IoT security solutions that offer end-to-end data collection, analysis and response in a single management and operations platform," Iadarola noted.

Security for the IoT
"IoT security is highly fragmented and many devices are vulnerable," observed Kristen Hanich, research analyst at Parks Associates.

"There are a large number of devices out there with known weaknesses that can easily be exploited by commonly available attacks," she told the E-Commerce Times.

Most of these devices won't receive protective updates, Hanich said, and "as most IoT devices are put in place for years or even decades, this will lead to hundreds of millions of vulnerable devices."

Cybercriminals have been launching newer and more creative attacks on IoT devices, either to compromise them or to leverage them in botnets.

For example, Wicked -- the latest version of the Mirai botnet malware, originally released in 2016 -- leverages at least three new exploits.

A new version of the "Hide-and-Seek" botnet, which controls more than 32,000 IoT devices, uses custom-built peer-to-peer communication and multiple anti-tampering techniques, according to BitDefender.

"We should be preparing ourselves for many years of attacks powered by IoT botnets," Sean Newman, director of product management for Corero Security, told the E-Commerce Times.

Cost is a problem with IoT security, Parks Associates' Hanich noted. "Security must be built-in from the onset, which takes time and effort. It also requires regular maintenance and updates after selling the devices, potentially for many years."

Many device makers are skipping security to keep their prices down, she pointed out, as security "does not drive unit sales of their products."

Medical Devices and IoT Security
The IoT's healthcare component includes connected medical devices and consumer wearables such as smartwatches and fitness trackers.

Medical device manufacturers increasingly have been incorporating connectivity to the Internet, but 53 percent of healthcare providers and 43 percent of medical device manufacturers don't test their medical devices for security, noted Siddharth Shah, a healthcare industry analyst at Frost & Sullivan.

Few have taken significant steps to avoid being hacked, he told the E-Commerce Times.

Network-connected medical devices "promise an entirely new level of value for patients and doctors," said Frost & Sullivan healthcare industry analyst Kamaljit Behera.

However, "they also introduce new cybersecurity vulnerabilities that could affect clinical operations and put patient care at risk," he told the E-Commerce Times.

"The perceived risk from connected medical devices within the hospital is high, but steps are now being taken to prevent attacks," said Frost's Shah. "Still, there's lots to be done."

The risk to enterprise networks of being hacked through consumer healthcare-related devices "isn't a big issue," according to Greg Caressi, global business unit leader for transformational health at Frost & Sullivan.

"Personal devices are not commonly connected to private corporate networks other than healthcare IT vendors," he told the E-Commerce Times.

Google and Apple have been leading the charge of smart devices into the healthcare realm, with other companies, such as fitness device manufacturers, following suit.


A Security Manager's Guide to Vendor Risk Management is enclosed.

Over the last 5-10 years, we’ve seen a major uptick in the number of regulations across all sectors regarding cybersecurity. The following is a brief look at how cybersecurity regulations have been implemented across seven sectors and divisions.

Financial security
The financial sector has a number of cybersecurity requirements set by federal and state regulators. The most common set of requirements is found in the Federal Financial Institution Examination Council handbook, or FFIEC-IT. That body is comprised of a number of booklets that contain resources and requirements financial institutions are expected to adhere to. There are also a number of different guidances that financial regulatory bodies put out. An example is the Office of the Comptroller of Currency (OCC), which has put out guidance on third-party risk management. That guidance is issued to all organizations that fall under their oversight.

The retail sector isn’t federally regulated, but it does follow regulations from the Payment Card Industry Security Council’s Data Security Standard (or PCI DSS). This group issues security standards that any organization that processes payment cards or holds payment card data is required to follow.

The best-known standard for cybersecurity compliance healthcare is the Health Insurance Portability and Accountability Act. HIPAA establishes cybersecurity standards for healthcare organizations, insurers, and the third-party service providers medical organizations do business with.

As a condition of providing a service to the U.S. Department of Defense (DOD), businesses must meet cyber requirements set up in the Defense Federal Acquisition Regulation Supplement (DFARS) and Procedures, Guidance, and Information (PGI). DFARS outlines cybersecurity standards a third party must meet and comply with prior to doing business with the DOD in order to protect sensitive defense information.

Consumer Data
Currently, 47 out of 50 states (and the District of Columbia) have enacted cybersecurity compliance requirements for organizations to notify states about security breaches that compromise customer data. For instance, if your company holds sensitive personal information about customers—like social security numbers, account numbers, or payment card information—and you experience a breach, you’re obligated to notify those affected. The Federal Trade Commission (FTC) can also penalize organizations for failing to adequately protect consumer data.

While regulations for insurance departments and companies vary state by state, many have issued requirements to protect consumer information. Furthermore, we’ve seen increased interest in adding more regulations in this area. In October 2016, the New York State Department of Financial Services (DFS) proposed new regulation around cybersecurity for both financial organizations and insurance companies.

The Federal Energy Regulatory Commission (FERC) has the authority to establish cybersecurity regulations over a number of electric utility companies and operators. The standards are created by a nonprofit authority known as the North American Electric Reliability Corporation (NERC), and the regulations are known as the Critical Infrastructure Protection (CIP) Standards.

Something for all sectors to keep in mind...
While cybersecurity compliance with regulations is a critical goal, ongoing management of cybersecurity—both your own and your vendors’—shouldn’t be understated. Protecting critical data and information is less about the label of compliance and more about creating and adhering to a cybersecurity program.

If you need some tips on how to create a cybersecurity program for your vendors, download this ebook. It covers the questions you need to ask all of your vendors, risk vectors and configurations to keep in mind, and the impact of continuous risk monitoring software



Cyber security is increasingly recognised to be a people issue as much as a technical one. Boards now understand that their own employees may be the weak link in an organisation’s cyber defences. This article provides a self-assessment matrix to help organisations understand how effectively they are mitigating cyber insider risk and thus enable them to embark on a programme of improvement.


Cyber Insiders – a Board Issue (Cyber Security Review, Summer 2014 edition) attracted considerable interest. For many readers the distinctions between cyber insiders who could be “witting or unwitting” and “malicious or non-malicious” were novel. Many had previously been unsighted on CPNI’s excellent insider threat research2 and the evidence that indicated the existence of nine factors at organisational level that enable insider acts to take place. Most readers accepted that the proposed “10 Steps to Cyber Insider Protection” were a valuable approach to addressing the organisational level factors which enable insider acts to take place.


Internet Risk / Ten Ways Evolving Technology Affects Cybersecurity
« on: July 03, 2018, 01:30:34 PM »

The ever-evolving digital age affects cybersecurity more than most people realize. The rate of cybercrimes has grown exponentially and is consistent with the growth of technology. As technology expands and develops, so do the cybercrimes that are committed. Fortunately, as technology has advanced, so has the ability to seek out cybercrimes before they happen and protect people when they occur.

Here are ten ways developing technology has changed cybersecurity:

1. Corporate Security Breaches
The majority of these corporate security breaches occur when hackers exploit employees through social engineering and scams. With advancements in technology, hackers are becoming more skilled at finding holes and cracks in corporate security systems and can gain access to protected files and data, posing a significant cybersecurity threat. Unfortunately, 2012 may be a record year for corporate security breaches.

2. Spear Phishing
Unlike regular phishing emails that target random people, culprits who normally lead spear phishing scams are seeking information for monetary gain; business secrets or private information. Spear phishing occurs when hackers target employees through emails that appear to be from colleagues within their own organizations, allowing cyber criminals to steal personal information. With the progressive technology available today, hackers are able to send emails to employees disguised as others within the company – making this a substantial cybersecurity risk.

Cyber criminals are increasingly using social media to engage in identity theft schemes, and entice individuals to download malicious codes or reveal passwords. Experienced hackers can easily hack into users social media accounts and later use that information to venture into your personal email account, work email account and banking information.

The average user shares a lot of information on social media sites; most reveal a person’s name, age, birthday, hometown and family members, while others can go as far as revealing addresses, phone numbers and even up to the minute location updates. Some of this information can reveal just enough for a hacker to find the opportunity and steal your identity online.

4. Social Media Security Breaches
Not only do social media sites give hackers access to personal information, some sites can also share your exact whereabouts at any point in time. And if someone knows where you are – they also know where you are not. For instance, the social media network Foursquare allows users to “check in” to the places they visit such as school, work, restaurants or even the movie theater. Any number of people can easily tell where you are, and at what time of day by logging into the social network and looking at your profile. The indicator that you are away from home base can put your valuables and safety at risk.

As mobile technology is continuously emerging, so are mobile cybersecurity threats. Currently, 45 percent of cell phone owners have smartphones, which hold more data than the older alternative models. Every new phone, tablet and mobile device serves as an additional opportunity for a cyber attacker to gain access to someone’s personal data. As many mobile devices can be plugged into computers to be charged, sharing charging ports with others can create malware issues for many different devises.

6. Data has Gone Digital
Hard copy information is increasingly less common – practically everything is digital these days. Though often protected by a password, most information is stored on a shared network. As a result, a hacker could gain access to the network and obtain valuable information that could put individuals or businesses at risk.

As more businesses shift to cloud computing and save documents and information to cloud networks poses an additional cybersecurity risk. This method is attractive option to many businesses, as cloud computing and storage is extremely efficient and cost effective. However, certain sophisticated security measures must be put into place to protect information on the cloud. While this technology is continuously emerging, it is crucial for companies to implement security precautions to combat the evolving trends.

8. Advanced Employee Training
As previously noted, with the expanding smartphone market, people are becoming more technologically savvy and need to be educated as technology develops. Proper training should be employed so that the company’s workforce understands the cybersecurity threats, and how to avoid them. Consequently, employees can use this knowledge to get information from their employers from databases, the cloud or on company-shared servers.

9. Hacktivism
In 2012 there have been a few instances of hacktivism – the act of hacking for a political or social reason. Hackers are taking the practice to the next level and attempting to reach websites with a large number of visitors accessing information in order to affect as many people as possible. Large websites and companies are at a higher online security risk for these types of acts.

10. Botnets
A botnet is a number of computers set up to forward information (like spam and viruses) to other computers. In the past, botnets were set up to take email and password credentials, which were very useful to spammers. However, with the emergence and advancements in technology, botnets are collecting more data from computers such as name, address, age, financial information, online activity and more. They will then gather your information and sell the data to others. Personal data can be bought and sold by a number of companies and businesses, which is how spammers can obtain so many email addresses. These advanced botnets pose a considerable security risk making personal information extremely vulnerable.

With the upward progression in technology, the presence of hackers and other cybersecurity threats are also on the rise. With increased awareness and knowledge of technology, from consumers and hackers alike, the risks for cyber fraud are heightened. In order for individuals and corporations to protect their information online, it is important for security precautions to be taken to protect against cybersecurity breaches. An online Master's in Cybersecurity from Utica College offers students advanced knowledge and hands-on experience in intelligence, critical infrastructures, and investigative principles as they relate to cybercrime in today’s digital age.


Pages: [1] 2 3 ... 15