The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Security flaw

Impossible Google Search Queries

Impossible Google Search Queries

February 09, 2013Mohit Kumar
Anonymous user asked a question on Quora that, How and Why Google is showing p*rn results in when one type  equation -4^(1/4) into Google search query ? This is really a very strange bug on Google. Just after that  Jeremy Hoffman , Google software engineer replied him, " Hi, I'm a Google search engineer. Anon User and Anon User did some excellent analysis. As a web search query, [-4^(1/4)] is interpreted like [-4 "1 4"], as in "Find me pages which contain a 1 next to a 4, but which do not contain a 4." This should return zero results, because it is impossible to satisfy both requirements. " The bug was apparently uncovered via when user tried to use Google for solving mathematical equations, but the search engine misinterpret his queries. Because it was a combination of impossible questions Google brings back p*rn sites results, any Logic ? Some similar example Queries are: -s “s 2″ -3 “1 3″ -title “title 4″ -4 “1 4″ How -s
Security Flaws in UPnP protocol put 50 million devices at risk

Security Flaws in UPnP protocol put 50 million devices at risk

January 29, 2013Mohit Kumar
A Security Flaw in Universal Plug & Play (UPnP) are exposing more than 50 millions of computers, printers and storage drives to attack by hackers remotely. Rapid7 said Tuesday in a research paper , that problem lies in routers and other networking equipment that use a commonly employed standard known as Universal Plug and Play or UPnP. UPnP allows networked devices to discover each other and automatically establish working configurations that enable data sharing, media streaming, media playback control and other services. In one common scenario a file-sharing application running on a computer can tell a router via UPnP to open a specific port and map it to the computer's local network address in order to open its file-sharing service to Internet users. Over 80 million unique IPs were identified that responded to UPnP discovery requests from the internet and around 40-50 million network-enabled devices are at risk due to vulnerabilities found in the Universa
Facebook Privacy Flaw exposed two College Gay Students Accidentally

Facebook Privacy Flaw exposed two College Gay Students Accidentally

October 20, 2012Mohit Kumar
Facebook is continually changing its privacy settings, trying to give users more control over what they want to share and with whom. Two gay college students were outed on Facebook because of a privacy flaw in Facebook Groups. Users can be added to Facebook Groups by friends without the user’s permission or approval.  University of Texas students Taylor McCormick and Bobbi Duncan came out to the world via Facebook, but not in ways they ever intended. The Wall Street Journal examined how Facebook changed the lives of two gay college students, when a classmate added them to a public group for other gay choir singers at the school an action that was shared on the students’ news feeds.  In another case Bobbi Duncan desperately wanted her father not to know she is lesbian, but Facebook told him anyway. Soon, she learned that another choir member, Taylor McCormick, had been outed the very same way, upsetting his world as well. The two University of Texas in Austin student
HSBC hit by Anonymous denial-of-service attack

HSBC hit by Anonymous denial-of-service attack

October 19, 2012Mohit Kumar
The multinational bank HSBC has blamed a denial of service attack for the downtime of many of its websites worldwide on Thursday night and the Anonymous group has been quick to take credit. " Banks are the sole cause of our current worldwide economic problems. They deserve to get hit. RBS, Lloyds TSB and Barclays are next, " FawkesSecurity said . " This denial-of-service attack did not affect any customer data, but did prevent customers using HSBC online services, including Internet banking. We are taking appropriate action, working hard to restore service. We are pleased to say that some sites are now back up and running. We are cooperating with the relevant authorities and will cooperate with other organizations that have been similarly affected by such criminal acts. " HSBC said. The timing of the group's Twitter postings lends credence to its claims, but Twitter users claiming to be Anonymous members have falsely claimed responsibility for at
Advance Phishing Attacks using HTML5 Fullscreen API

Advance Phishing Attacks using HTML5 Fullscreen API

October 12, 2012Mohit Kumar
Do your ever use YouTube Instant Search engine (a really fast way to search YouTube) ? That was developed by a 21 years old developer name - Feross Aboukhadijeh in 2012. Chad Hurley, CEO and co-founder of YouTube, was so impressed that he immediately offered him a job at YouTube. He a web developer, designer, computer security researcher. Recently he has developed an attack concept that exploits the fullscreen application programming interface in HTML5 in order to carry out advance phishing attacks. The HTML5 "Fullscreen API" allow web developers to display web contents in full-screen mode, that is, filling-up the display screen completely. Fullscreen API is perhaps known for its spoofing potential, leading to major browser vendors canvassing for the implementation of an overlay to notify users when full-screen is activated. Feross demonstrated how the Fullscreen API can aid phishing attack portals appear rather innocuous to the end users, by utilizing the A
SCADA Hacking : Exploit released to Hack Solar Energy Plants

SCADA Hacking : Exploit released to Hack Solar Energy Plants

October 12, 2012Mohit Kumar
ICS-CERT - Industrial Control Systems Cyber Emergency Response Team has released the Advisory titled ICS-ALERT-12-284-01 - Sinapsi eSolar Light Multiple Vulnerabilities . They Report about report multiple vulnerabilities with proof-of-concept (PoC) exploit code that affecting the Sinapsi eSolar Light Photovoltaic System Monitor which is a supervisory control and data acquisition (SCADA) monitoring product. The US Department of Homeland Security is warning about vulnerabilities in a common SCADA (supervisory control and data acquisition) package that is used to remotely monitor and manage solar energy-generating power plants. The eSolar Light Photovoltaic System Monitor is a SCADA product that allows solar power stations to simultaneously monitor different components of photovoltaic arrays, such as photovoltaic inverters, energy meters, gauges The disclosure was made by Roberto Paleari and Ivan Speziale, who described the vulnerable system as being the Schneider Electric
Google Ireland and Yahoo Domains Hijacked

Google Ireland and Yahoo Domains Hijacked

October 12, 2012Mohit Kumar
Irish websites Google.ie and Yahoo.ie went offline on Tuesday afternoon after their DNS servers were apparently hijacked to point to those of a third party, resulting in visitors being redirected to an 'allegedly fraudulent' address - farahatz.net. That site has now been taken offline, but it is not known whether the site could have been created with malicious intent. A short note on the homepage of the IE Domain Registry said the move followed a " security incident on Tuesday 9th October, involving two high profile .ie domains that has warranted further investigation and some precautionary actions on the part of the IEDR ." The IE Domain Registry have requested assistance from the Garda Bureau of Fraud Investigation. There was an unauthorised access to one registrar’s account [MarkMonitor] which resulted in the change to the DNS nameserver records for the two .ie domains. The IEDR worked with the registrar to ensure that the nameserver records were rese
Firefox 16 pulled just after release to address security vulnerabilities

Firefox 16 pulled just after release to address security vulnerabilities

October 11, 2012Mohit Kumar
The latest version of Mozilla's Firefox browser has been taken offline after a security vulnerability was discovered. Mozilla's Firefox 16 web browser got its regular six-weekly update yesterday but the organisation decided to pull the browser hours after the release. The outfit claimed it became aware of a security vulnerability in Firefox 16 and that updates are expected to ship at some point today. According to the Mozilla Security Blog , Firefox 16 features a security vulnerability that allows “ a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters. ” " As a precaution, users can downgrade to version 15.0.1 " - Firefox 16 offers several new features, most of which are aimed at developers. One such feature is the Developer Command Line, which provides keyboard control over the Developer Tools. Other features include CSS3 Animations, Image Values, IndexedDB, Transitions, and Transforms.
Security flaw in 3G could allow anyone to track your smartphone

Security flaw in 3G could allow anyone to track your smartphone

October 09, 2012Mohit Kumar
New privacy threats have been uncovered by security researchers that could allow every device operating on 3G networks to be tracked, according to research from the University of Birmingham with collaboration from the Technical University of Berlin. Researchers said that standard off-the-shelf equipment, such as femtocells, could be used to exploit the flaw, allowing the physical location of devices to be revealed. The 3G standard was designed to protect a user’s identity when on a given network. A device’s permanent identity, known as International Mobile Subscriber Identity (IMSI) is protected on a network by being assigned a temporary identity called a Temporary Mobile Subscriber Identity TMSI. The TMSI is updated regularly while the 3G networks are supposed to make it impossible for someone to track a device even if they are eavesdropping on the radio link. Researchers have discovered that these methods can easily be sidestepped by spoofing an IMSI paging reques
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.