The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: password cracker software

Facebook Mistakenly Stored Millions of Users' Passwords in Plaintext

Facebook Mistakenly Stored Millions of Users' Passwords in Plaintext
March 21, 2019Mohit Kumar
Holy moly, Facebook is again at the center of a new privacy controversy after revealing today that its platform mistakenly kept a copy of passwords for "hundreds of millions" users in plaintext. What's more? Not just Facebook, Instagram users are also affected by the latest security incident. So, if you are one of the affected users, your Facebook or Instagram password was readable to some of the Facebook engineers who have internal access to the servers and the database. Though the social media company did not mention exactly what component or application on its website had the programmatic error that caused the issue, it did reveal that the company discovered the security blunder in January this year during a routine security check. In a blog post published today, Facebook's vice president of engineering Pedro Canahuati said an internal investigation of the incident found no evidence of any Facebook employee abusing those passwords. "To be clear, t

Password-Guessing Was Used to Hack Gentoo Linux Github Account

Password-Guessing Was Used to Hack Gentoo Linux Github Account
July 05, 2018Swati Khandelwal
Maintainers of the Gentoo Linux distribution have now revealed the impact and "root cause" of the attack that saw unknown hackers taking control of its GitHub account last week and modifying the content of its repositories and pages. The hackers not only managed to change the content in compromised repositories but also locked out Gentoo developers from their GitHub organisation. As a result of the incident, the developers were unable to use GitHub for five days. What Went Wrong? Gentoo developers have revealed that the attackers were able to gain administrative privileges for its Github account, after guessing the account password. The organisation could have been saved if it was using a two-factor authentication, which requires an additional passcode besides the password in order to gain access to the account. "The attacker gained access to a password of an organization administrator. Evidence collected suggests a password scheme where disclosure on on

WordPress Security: Brute Force Amplification Attack Targeting Thousand of Blogs

WordPress Security: Brute Force Amplification Attack Targeting Thousand of Blogs
October 09, 2015Swati Khandelwal
Most of the times, we have reported about WordPress vulnerabilities involving vulnerable plugins, but this time security researchers have discovered Brute Force Amplification attacks on the most popular CMS (content management system) platform. Researchers from security firm Sucuri have found a way to perform Brute Force amplification attacks against WordPress' built-in XML-RPC feature to crack down administrator credentials. XML-RPC is one of the simplest protocols for securely exchanging data between computers across the Internet. It uses the system.multicall method that allows an application to execute multiple commands within one HTTP request. A number of CMS including WordPress and Drupal support XML-RPC. But… The same method has been abused to amplify their Brute Force attacks many times over by attempting hundreds of passwords within just one HTTP request, without been detected. Amplified Brute-Force Attacks This means instead of trying tho

Hacker Released 'iDict' Tool That Can Hack Your iCloud Account

Hacker Released 'iDict' Tool That Can Hack Your iCloud Account
January 03, 2015Mohit Kumar
Hackers have a great start of new year 2015, giving a public threat to Apple's online iCloud service. A hacker using the handle " Pr0x13 " has released a password-hacking tool to GitHub website that assures attackers to break into any iCloud account, potentially giving them free access to victims' iOS devices. The tool, dubbed iDict , actually makes use of an exploit in Apple's iCloud security infrastructure to bypass restrictions and two-factor authentication security that prevents brute force attacks and keeps most hackers away from gaining access to users' iCloud accounts. Yes, the brute force security flaw in Apple's iCloud file storage service that was responsible for celebrity nude photos leak , including Kim Kardashian , Vanessa Hudgens , Jennifer Lawrence , Rihanna , Kristin Dunst and Kate Upton , late last year. Pr0x13 claims iDict to be a "100 percent" effective and simple to use method of cracking individual iCloud account login credentials. So, t
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.