The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

There's a good news for app developers. On Wednesday at Twitter's first annual developer conference Flight, the company announced a new tool for developers which will allow users to log-in to mobile applications using their phone numbers rather than a traditional username and password combinations. SAY NO TO PASSWORD The service will be called Digits, aimed at application developers looking for an easier, password-free login option for their mobile applications  – in a similar way to Snapchat , WhatsApp and Viber that rely only on verified users' mobile numbers for sign-in, rather than the traditional ID and password combination. " This is an entirely new native mobile sign up service that makes mobile-first sign-up frictionless, and creates an identity relationship entirely between you and your users ," said Twitter CEO Dick Costolo, speaking at the Twitter Flight developer conference in San Francisco. DEVELOPERS DON'T TRUST TWITTER On one hand, where o

Good news for iOS 8.1 users! The Chinese jailbreaking team Pangu has released a software tool that allows users to Jailbreak their iPhones, iPads and iPods running the latest version of Apple's mobile operating system, iOS 8 and iOS 8.1 . That was really very quick, as iOS users need to wait quite long for the jailbreaks. Pangu developer team is the same group responsible for jailbreaking iOS 7 few months back. The group made its jailbreak tool available by releasing a download link for the developers edition before quickly removing it. The link for the tool on Pangu's site is currently unavailable, with the team noting on their official Twitter account that, " Current Pangu Jailbreak v1.0.0 is disabled remotely because we are fixing bug which may cause lost of your photos. Please wait … " The developer edition of the jailbreak iOS 8 tool didn't come with the Cydia app store , which would make the tool useless for an average iOS users who likes jail

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on a larger role in software development is one of the big uncertainties related to this brave new world. In an era where AI promises to revolutionize how we live and work, the conversation about its security implications cannot be sidelined. As we increasingly rely on AI for tasks ranging from mundane to mission-critical, the question is no longer just, "Can AI  boost cybersecurity ?" (sure!), but also "Can AI  be hacked? " (yes!), "Can one use AI  to hack? " (of course!), and "Will AI  produce secure software ?" (well…). This thought leadership article is about the latter. Cydrill  (a

Google is offering its users a completely new and better experience of its mailing service. And in an effort to do this, the company has launched a new email service, an alternative to Gmail, called " Inbox " on Wednesday that aims to make email more useful and preview next-generation capabilities. Inbox will not replace Gmail, the company's popular 10-year-old email product, instead it will sit next to its Gmail service and will provide users' better organize their emails with live alerts for appointments, flight bookings and package deliveries in a more user-friendly way. "Years in the making, Inbox is by the same people who brought you Gmail, but it's not Gmail: it's a completely different type of inbox, designed to focus on what really matters," wrote Sundar Pichai, Google's senior vice president of Android , Chrome and apps, in a blog post . According to the company, the Inbox service was designed to deal with the problem of ge

A recently discovered hole in the security of the Bourne-Again Shell (bash) has the majority of Unix/Linux (including OS X) admins sweating bullets. You should be, too--attackers have already developed exploits to unleash on unpatched web servers, network services and daemons that use shell scripts with environment variables ( this can include network equipment, industrial devices, etc .) Jaime Blasco , AlienVault Labs Director, gives a good explanation of the exploit in this blog post . And, the video below gives you a quick overview of how AlienVault Unified Security Management (USM)  can detect malicious traffic on your network trying to locate and exploit this vulnerability. Basically, this vulnerability allows an attacker to execute shell commands on a server due to an issue in how bash interprets environment variables (such as "cookie", "host", "referrer"). Exploiting this allows an attacker to run shell commands directly. Once they have access to run shell comm

It seems that there is no end to the Windows zero-days, as recently Microsoft patched three zero-day vulnerabilities in Windows which were actively exploited in the wild by hackers, and now a new Zero-day vulnerability has been disclosed affecting all supported releases of Windows operating system, excluding Windows Server 2003. Microsoft has issued a temporary security fix for the flaw and also confirmed that the zero-day flaw is being actively exploited by the hackers through limited, targeted attacks using malicious Microsoft PowerPoint documents sent as email attachments. According to the Microsoft Security Advisory published on Tuesday, the zero-day resides within the operating system's code that handles OLE (object linking and embedding) objects. OLE technology is most commonly used by Microsoft Office for embedding data from, for example, an Excel spreadsheet in a Word document. The vulnerability (designated as CVE-2014-6352 ) is triggered when a user is forced

Google is taking its users' privacy very serious and making every possible effort for its users just to make them feel secure when they are online. Today, the tech giant has announced its enhanced two-step verification service that is based on a physical USB key, adding yet another layer of security to protect its users from hackers and other forms of online theft. SECURITY KEY- 2 STEP VERIFICATION USING USB DRIVES The "Security Key" feature will currently work on Chrome and will be free for Google users, but the company also notes that the Security Key is supporting the open Universal 2nd Factor (U2F) protocol from the FIDO Alliance, which will allow users to log in to Google Accounts by inserting a USB device into their systems. By letting users protect their accounts using two-factor authentication based on physical USB keys, it will be no longer any compulsion for you to type in the six-digit authentication code in Google's Gmail or your Google Acco

The Search Engine giant is not going to spare the Pirated content providing sites . Google is ready to fulfill its commitment to downgrade the search rankings of ' notorious ' piracy sites globally that often rank above legal and commercial sites. Google and the Copyright holders are, to some extent, enemies for years, but in Google's ongoing anti-piracy efforts, the company will fight copyright infringement and assure rights holders that their contents will be appeared at the top of its search results and that the search made up only a small portion of pirate traffic. DOWNGRADE PIRATED SITES Google is preparing major tweaks to its search engine, which you'll be able to see this week, to ensure that the 'notorious' piracy sites that enable the downloading or streaming of pirated contents are out of search results when people search for music, movies and other copyrighted content. The announcement of the algorithm update came as Google updated " How Google Fights