#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Technology News | Breaking Cybersecurity News | The Hacker News

Illiterate Ethiopian kids hack Motorola Xoom

Illiterate Ethiopian kids hack Motorola Xoom

Nov 05, 2012
About five months ago, OLPC Project started a little experiment . They chose a village in Ethiopia where the literacy rate was nearly 0% and decided to drop off a bunch of Motorola Xooms there. The One Laptop Per Child project started as a way of delivering technology and resources to schools in countries with little or no education infrastructure, using inexpensive computers to improve traditional curricula. On the tablets, there was custom software that was meant to teach kids how to read. This experiment began earlier this year. Timeline of Experiment: 1st Four Minutes - One kid had opened the box and had figured out how to turn on the Xoom. In 1st Five Days -  The kids were using nearly 50 applications each every day. In Two Weeks - The kids were singing their ABC's in English. Now its 5th Month - They hacked the Motorola Xooms so they could enable the camera, which had been disabled by OLPC. OLPC founder Nicholas Negroponte at MIT Technology Review's EmTech conference last
FBI ordered to disclose “Going Dark” surveillance program

FBI ordered to disclose "Going Dark" surveillance program

Nov 03, 2012
A federal judge ordered the FBI to disclose more information about its " Going Dark "  surveillance program, an initiative to extend its ability to wiretap virtually all forms of electronic communications. Why shocking ? because a federal judge just ruled that police can place surveillance cameras on private property without a search warrant and another federal judge quickly overturned a previous decision blocking the indefinite detention provisions of the National Defense Authorization Act (NDAA) for Fiscal Year 2012. The EFF ( Electronic Frontier Foundation)   has filed filed two freedom of information requests, in response to which they received damned little. Judge Richard Seeborg says the feds need to go back and try again. FBI's wiretapping system is robust and advanced, so request sought documents concerning limitations that hamper the DOJ's ability to conduct surveillance on communication networks including encrypted services like BlackBerry, social-networking sites like
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Julian Assange's Book 'Cypherpunks' - Freedom and the Future of the Internet

Julian Assange's Book 'Cypherpunks' - Freedom and the Future of the Internet

Oct 27, 2012
Julian Assange publish a book based on his interview " Cypherpunks " on " The World Tomorrow ", his controversial talk show, with the people he believes know the solution to the problems of privacy and freedom. The book called ' Cypherpunks: Freedom and the Future of the Internet ,' was written by Assange with three co-authors: Jacob Appelbaum, Jeremie Zimmermann and Andy Muller-Maguhn. Description of this 192 pages book describes, " Cypherpunks are activists who advocate the widespread use of strong cryptography (writing in code) as a route to progressive change. Julian Assange, the editor-in-chief of and visionary behind WikiLeaks, has been a leading voice in the cypherpunk movement since its inception in the 1980s ." Assange said, " In March 2012 I gathered together three of today's leading cypherpunks to discuss the resistance ,  Two of them, besides myself, have been targeted by law enforcement agencies as a result of their work to safeguard priva
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Worst password of 2012, Have you ever used one of these ?

Worst password of 2012, Have you ever used one of these ?

Oct 24, 2012
This year we have seen some big Security breaches that expose millions of passwords like Yahoo! , LinkedIn , eHarmony and Last.fm , among others , SplashData Reveals Its Annual " 25 Worst Passwords of the Year " List. The three worst passwords haven't changed since 2011; they're password, 123456 and 12345678. The new worst passwords added to this year's list include welcome, jesus, ninja, mustang and password1. Have you ever used one of the most popular passwords of 2012 for your own personal accounts? SplashData CEO Morgan Slain stated " At this time of year, people enjoy focusing on scary costumes, movies and decorations, but those who have been through it can tell you how terrifying it is to have your identity stolen because of a hacked password ." " We're hoping that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different p
German Police eavesdropping Facebook, Gmail, Skype Conversations

German Police eavesdropping Facebook, Gmail, Skype Conversations

Oct 11, 2012
An eavesdropping tool allegedly used by the German government to intercept Skype calls is full of security problems and may violate a ruling by the country's constitutional court, according to a European hacker club. The information was released as part of a move towards financial transparency. The government released figures of expenses incurred by the Federal Ministry of the Interior following a parliamentary inquiry. This raises a whole lot of ethical and privacy questions. It has long been rumored that the German government was interested in developing an application to intercept Skype. Three years ago, documents released by WikiLeaks purported to show a proposal by a Bavarian company, DigiTask, offering to develop such a tool. The Chaos Computer Club obtained several versions of a program that has allegedly been used by German law enforcement in possibly hundreds of investigations to intercept Skype calls, said Frank Rieger, a member of the club. On page 34 and pa
"Warning Zombies Ahead!" - Road sign board Hacked

"Warning Zombies Ahead!" - Road sign board Hacked

Oct 11, 2012
Drivers may have gotten a chuckle out of an electronic message board in Maine warning of zombies, but city officials were not amused. A Portland, Maine road sign is changed to a zombie warning on Wednesday, Oct. 10, 2012. It originally read " Night work 8 pm-6 am. Expect delays. " An electronic message board that typically warns motorists about impending roadwork instead read: " Warning Zombies Ahead! " as shown. City spokeswoman Nicole Clegg says the signs are a safety precaution and changing it could have led to driver distraction. She tells The Portland Press Herald tampering with a safety device is a misdemeanor punishable by up to a year in jail and a $1,000 fine. Subscribe  to our  Daily News-letter via email  - Be First to know about Security and Hackers.
Four million hotel locks vulnerable to 'Dry erase marker'

Four million hotel locks vulnerable to 'Dry erase marker'

Oct 05, 2012
At Black Hat security conference this year Cody Brocious demonstrated that How a simple Dry erase marker allows him to open an Onity hotel room door lock with an Arduino, which is totally James Bond. This is just kind of scary on multiple levels, the least being that dry erase markers are one of the most ordinary, non-suspicious objects we can think of. Watch the video below and be afraid – be very afraid. It has been refined to such a state where there are no dangling bits that come out of the marker, with a tip that looks totally normal sans any wires. All you need to do is touch the tip of the market to the door port, and you would have gained entry without mentioning a secret password. The story didn't stop there with Onity, the electronic door specialist in question, stepping in to introduce several measures to secure the doors. Brocious created a proof-of-concept device to show to security experts and press, but it was a bit crude. In order to build and test all of this yoursel
Beacon : A new advance payload for Cobalt Strike

Beacon : A new advance payload for Cobalt Strike

Sep 30, 2012
Raphael Mudge (Creator of Cobalt Strike ) announced Another Advance Payload for Cobalt Strike called " Beacon ". In a conversation with The Hacker News  Raphael said " A big gap in the penetration tester's toolbox are covert command and control options, especially for long engagements. Beacon is a new feature in Cobalt Strike to remedy this problem ." Cobalt Strikes's graphical user interface offers direct control of the 700+ exploits and advanced features in the open source Metasploit Framework. Beacon is a Cobalt Strike payload for long-term asynchronous command and control of compromised hosts. It works like other Metasploit Framework payloads. You may embed it into an executable, add it to a document, or deliver it with a client-side exploit. Beacon downloads tasks using HTTP requests. You may configure Beacon to connect to multiple domains. For extra stealth, Beacon may use DNS requests to check if a task is available. This limits the comm
The FixMeStick : My Parents Need This

The FixMeStick : My Parents Need This

Sep 20, 2012
The founders over at FixMeStick sent us a pair of their latest devices to check out. The FixMeStick is, in short, a malware removal device for dummies . The FixMeStick is a bootable USB device running Lubuntu and integrates three separate anti-virus scanners from Kaspersky Labs, Sophos, and GFI. While our readers will probably never need it for themselves, we may all wish we had something like this for our non-technical friends and family, or the 9 million PCs infected with ZeroAccess botnet . The FixMeStick does a lot of things that nobody else does on a bootable USB, and let's be real, removing rootkits is never pleasant or easy. Why I Want it For My Parents Linux: the FixMeStick is a Linux-based device that runs before Windows boots enabling it to remove infections without the infection getting stealthy or playing war with my parent's anti-virus software. N-Scanner architecture: contains an integrated multi-scanner composed of three engines: Kaspersky Labs, Sophos, and GFI's VI
Electromagnetic Pulse Attacks : Are we prepared ?

Electromagnetic Pulse Attacks : Are we prepared ?

Sep 14, 2012
An electromagnetic pulse (EMP) attack is a threat few Americans are familiar with, yet one which could easily destroy their lives. What would you do if your electricity suddenly went out and didn't come back on for months or even years? How long would you last with the food in your pantry, the bottled water you have shelved, and your net worth reduced to the cash in your pocket? These are the factual consequences of EMP attack. A single EMP attack could disable all modern electronics in the United States, eliminating communications, food, water, transportation, medicine distribution, and our financial system. Experts from the Department of Homeland Security (DHS) and the US Department of Defense (DOD) have told a House Homeland Security subcommittee that Defense systems that depend on the commercial electric grid are vulnerable to electromagnetic pulse attacks and solar storms that could seriously damage the nation's infrastructure. U.S. power grids and other civilian infrastruc
Eject any WiFi device from network using Android

Eject any WiFi device from network using Android

Sep 13, 2012
If you want to disable any ip address which use same router to connect internet. Now you can used your android application, WifiKill use as can disable internet connection for a device on the same network. May be you ever use " NetCut " tool in your windows to eject any WiFi device from network with one click. NetCut have ability to scan the network for all connect devices with their MAC address and then with one click you can disconnect anyone from Network using ARP SPOOF attacks. This application mostly used by students to save bandwidth in colleges or in any network where they want to disconnect all other users and use complete bandwidth for better speed or by some Network admins. But NETCUT comes for Windows only. A Android application released called " WiFiKill  v1.7 " , this is alternate version of NETCUT for Android. Simply allows you to scan your wifi network for devices, see their vendor and cut network connection for specified devices. This way you can g
Chip and PIN payment card system vulnerable to Card cloning

Chip and PIN payment card system vulnerable to Card cloning

Sep 13, 2012
At a cryptography gathering in Leuven, Belgium, on Tuesday, Cambridge University researchers made it known that they do not like what they see in chip and pin systems. The chip and PIN system employed by most European and Asian banks is definitely more secure than the magnetic strip one, but it doesn't mean that it doesn't have its flaws. A flaw in the EMV protocol which lays out the rules for chip-and-PIN card transactions at ATMs and point-of-sale terminals could enable persistent attackers to carry out bogus card transactions. Five Cambridge (UK) University researchers released a paper today with the gory details. Bank cards are reportedly vulnerable to a form of cloning and researchers have pinpointed the poor implementation of cryptography methods in ATM machines as being the reason for the flaw. The chip in an EMV card is there to execute an authentication protocol, and is itself very difficult to clone. However, the authentication process also relies on the merchant
BASTARDS!!

BASTARDS!!

Sep 08, 2012
Last month, those assholes in the California State Assembly passed a resolution urging state educational institutions to more aggressively crack down on criticism of the State of Israel on campuses, which the resolution defines as "anti-Semitism." The anti-democratic resolution is the latest step in the broader campaign to stifle and suppress dissent on California's increasingly volatile campuses. Get this, it passed without public discussion. The vote on the resolution came when most students were between semesters and away from their campuses. The resolution uses the classic trick employed by defenders of Israel's Zionist regime: lumping together any criticism of the Israeli state's policies or of the US government's support for them with racist attacks on Jews. The bulk of the resolution is dedicated to defining criticism of the state of Israel as "anti-Semitism."  It lists the following as examples of "anti-Semitism": • "language or behavior [that] demonizes and delegitimizes Is
CRIME : New SSL/TLS attack for Hijacking HTTPS Sessions

CRIME : New SSL/TLS attack for Hijacking HTTPS Sessions

Sep 08, 2012
Two security researchers claim to have developed a new attack that can decrypt session cookies from HTTPS (Hypertext Transfer Protocol Secure) connections. From the security researchers who created and demonstrated the BEAST (Browser Exploit Against SSL/TLS) tool for breaking SSL/TLS encryption comes another attack that exploits a flaw in a feature in all versions of TLS. The new attack has been given the name CRIME by the researchers.The CRIME attack is based on a weak spot in a special feature in TLS 1.0, but exactly which that feature is has not been revealed by the researchers. They will say that all versions of TLS/SSL including TLS 1.2, on which the BEAST attack did not work are vulnerable. Once they had the cookie, Rizzo and Duong could return to whatever site the user was visiting and log in using her credentials. HTTPS should prevent this type of session hijacking because it encrypts session cookies while in transit or when stored in the browser. But the new attack, devis
Will everyone Please get the Facts Right - FREE ASSANGE NOW!

Will everyone Please get the Facts Right - FREE ASSANGE NOW!

Sep 08, 2012
Julian Assange's mother, Christine Assange has done an excellent job of compiling the facts surrounding the issue of Julian's extradition case. Please, everyone share this, copy it, email it and send it to your elected officials and congressional representatives. The truth is what will set Julian Assange free and he must be freed immediately. Assange Extradition Fact Sheet 1) Julian Assange is not charged with anything in Sweden or any other country. [Source: @wikileaks ] 2) Julian Assange did not flee Sweden to avoid questioning. He was given permission to leave the country on the 15th September 2010, after remaining 5 weeks in Sweden for the purpose of answering the allegations made against him. [Source: Undue delay for Julian Assange's interrogation ] 3)  The case against Julian Assange was initially dropped, and deemed so weak it could not warrant investigation. After the intervention of a Swedish politician close to American diplomats, it was revived by a different prosec
Google buys Online Malware Multi Scanner VirusTotal

Google buys Online Malware Multi Scanner VirusTotal

Sep 08, 2012
Google on Friday said it acquired online virus-scanning service, VirusTotal, a provider of a free service that detects computer viruses and other malicious software in files and websites. VirusTotal, company based in Spain with only a handful of employees, performs the free service by pooling data from scores of " antivirus engines, website scanners, file and URL analysis tools, " according to its site. Users only have to head to the online tool, select the file from their desktops, and the system is supposed to take care of the rest. The maximum file size currently supported by the service is 32MB. In a blog post on Friday, VirusTotal reps asserted that the merger is good news for consumers and bad news for malware generators for the following two reasons: The quality and power of our malware research tools will keep improving, most likely faster; and Google's infrastructure will ensure that our tools are always ready, right when you need them. "Our goal is simple:
HP Launches Beta Release Of Open WebOS

HP Launches Beta Release Of Open WebOS

Sep 01, 2012
Months after Hewlett-Packard originally announced the open-source version of WebOS , the beta version of the platform is on its way out the door. Friday's release includes two environments for developers.  The first is the desktop build, which is boasted to provide "the ideal development environment" for designing the webOS user experience with more features and integrating other open source technologies on the Ubuntu desktop. The second is the OpenEmbedded build for porting webOS to new devices. Equipped with an ARM emulator for running db8 and node.js services, HP cited that it included OpenEmbedded because of its "widespread community adoption" and cross-compiling support for embedded platforms. The news is getting announced in a blog post : " It has taken a lot of hard work, long hours and weekend sacrifices by our engineering team to deliver on our promise and we have accomplished this goal ," the developers write on the site devoid of any HP branding. T
Air Force openly Seeks Offensive Cyber Weapons

Air Force openly Seeks Offensive Cyber Weapons

Aug 31, 2012
The Air Force Life Cycle Management Center posted a broad agency announcement recently, calling on contractors to submit concept papers detailing technological demonstrations of 'cyberspace warfare operations' capabilities.  Air Force is seeking to obtain the abilities to 'destroy, deny, degrade, disrupt, deceive, corrupt, or usurp the adversaries' ability to use the cyberspace domain for his advantage' and capabilities that would allow them to intercept, identify, and locate sources of vulnerability for threat recognition, targeting, and planning, both immediately and for future operations. According to the document the issuing Program Office "is an organisation focused on the development and sustainment of Cyberspace Warfare Attack capabilites that directly support Cyberspace Warfare capabilities of the Air Force." Technologies that can map data and voice networks, provide access to the adversary's information, networks, systems or devices, manip
Saudi Aramco Oil Producer's 30,000 workstations victim of Cyber Attack

Saudi Aramco Oil Producer's 30,000 workstations victim of Cyber Attack

Aug 27, 2012
Saudi Aramco, the world's biggest oil producer, has resumed operating its main internal computer networks after a virus infected about 30,000 of its workstations in mid-August. Immediately after the Aug. 15 attack, the company announced it had cut off its electronic systems from outside access to prevent further attacks. Saudi Aramco said the virus "originated from external sources" and that its investigation into the matter was ongoing. There was no mention of whether this was related to this month's Shamoon attacks. " The disruption was suspected to be the result of a virus that had infected personal workstations without affecting the primary components of the network, " Saudi Aramco said over Facebook . " We would like to emphasize and assure our stakeholders, customers and partners that our core businesses of oil and gas exploration, production and distribution from the wellhead to the distribution network were unaffected and are functioning as reliably as ever
Frankenstein Malware turning legitimate software into invisible malware

Frankenstein Malware turning legitimate software into invisible malware

Aug 24, 2012
Many malware and viruses can be identified by detection software because of known bits of malicious code. But what if there was a virus compiled from little bits of programs you already had installed? That's just what two security researchers are looking into. Frankenstein or The Modern Prometheus is a classic story in which a doctor creates life through technology in the form of a creature assembled from the parts of dead men. While this biological idea exists only in fiction, researchers have recently used it to craft a very ingenious piece of malware. Vishwath Mohan and Kevin Hamlen at the University of Texas at Dallas are interested in how malware disguises itself in order to propagate more widely. In Windows Explorer alone, Frankenstein found nearly 90,000 gadgets in just over 40 seconds, which means that malware created by the system would have a huge number of possible variations, work quickly, and be very difficult to detect. Frankenstein follows pre-written blueprints
Cybersecurity Resources