The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: Whitehat Hacker

Hack the Pentagon: Hackers find over 100 Bugs in U.S. Defense Systems

Hack the Pentagon: Hackers find over 100 Bugs in U.S. Defense Systems

June 14, 2016Mohit Kumar
The " Hack the Pentagon " bug bounty program by the United States Department of Defense (DoD) has been successful with more than 100 vulnerabilities uncovered by white hat hackers in Pentagon infrastructure. In March, the Defense Department launched what it calls " the first cyber Bug Bounty Program in the history of the federal government, " inviting hackers to take up the challenge of finding bugs in its networks and public faced websites that are registered under DoD. Around 1,400 whitehat (ethical) hackers participated in the Hack the Pentagon program and were awarded up to $15,000 for disclosures of the most destructive vulnerabilities in DoDs networks, Defense Secretary Ashton Carter said at a technology forum on Friday. "They are helping us to be more secure at a fraction of the cost," Carter said . "And in a way that enlists the brilliance of the white hatters, rather than waits to learn the lessons of the black hatters."
Facebook hacking accounts using another OAuth vulnerability

Facebook hacking accounts using another OAuth vulnerability

March 13, 2013Mohit Kumar
Remember the last OAuth Flaw in Facebook , that allow an attacker to hijack any account without victim's interaction with any Facebook Application, was reported by white hat Hacker ' Nir Goldshlager '. After that Facebook security team fixed that issue using some minor changes. Yesterday Goldshlager once again pwn Facebook OAuth mechanism by bypassing all those minor changes done by Facebook Team. He explains the complete Saga of hunting Facebook  bug in a blog post. As explained in last report on The hacker News , OAuth URL contains two parameters i.e.  redirect_uri &   next , and using Regex Protection (%23xxx!,%23/xxx,/) Facebook team tried to secure that after last patch. In recent discovered technique hacker found that next parameter allow  facebook.facebook.com domain as a valid option and multiple hash signs is now enough to bypass Regex Protection. He use facebook.com/l.php file (used by Facebook to redirect users to external links) to redirect victims to
Think Like a Hacker for Better Security

Think Like a Hacker for Better Security

October 15, 2012Mohit Kumar
Computer hacking is truly an epidemic. It's not enough to apply the latest patches to your servers and workstations or otherwise defend yourself reactively. If you're in charge of your network's security, you must understand how hackers minds work and what tools they're using for their attacks.  Also one of the best ways to protect yourself is to think like a hacker. Evil hackers aren't just a threat to national security. They're a threat to your privacy and even your livelihood. Your personal information? Nothing more than a commodity in their billion-dollar black-market enterprise. There's no product that can prevent hackers from plastering passwords and usernames on the Web. But some white hat hackers are not only chasing these cybercriminals but also thwarting the attacks before they can be launched. Vulnerabilities appear in your environment every day. For example, everyone wants to use their tablet or smart phone to conduct business. A
Harvard Carr Center for Human Rights Policy Hacked, Password was "DOG" ?

Harvard Carr Center for Human Rights Policy Hacked, Password was "DOG" ?

October 08, 2012Mohit Kumar
Harvard's Carr Center for Human Rights Policy website ( www.hks.harvard.edu/cchrp/ ) was hacked last week  and then silently fixed by the administrator without giving Reply/Credit to the Whitehat Hacker who reported the vulnerability. The Hack incident was performed in 3 Phases as described below: Phase 1: A Hacker , with nickname " FastFive" posted a few sql injection vulnerable Educational sites on a famous Hacking Forum last week which included the SQLi vulnerable link for the Harvard Carr Center for Human Rights Policy website, as you can see in the list in the above screenshot taken by me. Phase 2 : Almost 100's of Hackers have seen the post from " FastFive " and they got some juicy information for their next targets. One of them named, " Vansh " successfully exploit the Harvard's site and  extracted the database onto his computer. He Found the username and Password from the table and tried to login on the Admin access panel location
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.