#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

programming | Breaking Cybersecurity News | The Hacker News

Category — programming
A Typo in Zerocoin's Source Code helped Hackers Steal ZCoins worth $585,000

A Typo in Zerocoin's Source Code helped Hackers Steal ZCoins worth $585,000

Feb 18, 2017
Are you a programmer? If yes, then you would know the actual pain of... "forgetting a semicolon," the hide and seek champion since 1958. Typos annoy everyone. Remember how a hacker's typo stopped the biggest bank heist in the history, saved $1 billion of Bangladesh bank from getting stolen. But this time a typo in the Zerocoin source code costs the company more than $585,000 in losses. Zerocoin cryptocurrency protocol is designed to add true cryptographic anonymity to Zcoin transactions that take full advantage of "Zero-Knowledge proofs" to ensure the complete financial privacy of users. Zcoin announced Friday that " a typographical error on a single additional character " in the Zerocoin source code helped an attacker to steal 370,000 Zerocoin, which is over $585,000 at today's price. "We estimate the attacker has created about 370,000 Zcoins which has been almost completely sold except for about 20,000+ Zcoin and absorbed on
Critical glibc Flaw Puts Linux Machines and Apps at Risk (Patch Immediately)

Critical glibc Flaw Puts Linux Machines and Apps at Risk (Patch Immediately)

Feb 17, 2016
A highly critical vulnerability has been uncovered in the GNU C Library (glibc) , a key component of most Linux distributions, that leaves nearly all Linux machines, thousands of apps and electronic devices vulnerable to hackers that can take full control over them. Just clicking on a link or connecting to a server can result in remote code execution (RCE), allowing hackers to steal credentials, spy on users, seize control of computers, and many more. The vulnerability is similar to the last year's  GHOST vulnerability (CVE-2015-0235) that left countless machines vulnerable to remote code execution (RCE) attacks , representing a major Internet threat. GNU C Library (glibc) is a collection of open source code that powers thousands of standalone apps and most Linux distributions, including those distributed to routers and other types of hardware. The recent flaw, which is indexed as CVE-2015-7547 , is a stack-based buffer overflow vulnerability in glibc's D
The Secret Weakness Execs Are Overlooking: Non-Human Identities

The Secret Weakness Execs Are Overlooking: Non-Human Identities

Oct 03, 2024Enterprise Security / Cloud Security
For years, securing a company's systems was synonymous with securing its "perimeter." There was what was safe "inside" and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem installations and controlled networks. Data and applications now reside in distributed cloud environments and data centers, accessed by users and devices connecting from anywhere on the planet. The walls have crumbled, and the perimeter has dissolved, opening the door to a new battlefield: identity . Identity is at the center of what the industry has praised as the new gold standard of enterprise security: "zero trust." In this paradigm, explicit trust becomes mandatory for any interactions between systems, and no implicit trust shall subsist. Every access request, regardless of its origin,
Next Hacker to Organize Biggest Java Programming Competition In Germany

Next Hacker to Organize Biggest Java Programming Competition In Germany

Jan 16, 2016
Great news for Hackers and Bug-hunters who enjoy Programming and playing around with Software. A worldwide group of like-minded computer programmers is hosting The Next Hacker IPPC event on the 26th and 27th of February in Berlin, Germany, where participants can meet hackers and programmers from around the world while getting an opportunity to participate in one of the major hacking-related events in history. Yes, The Next Hacker is inviting Java programmers to participate in its International Programming Player Competition (IPPC) , which is going to be held on the second day of the event, i.e., 27th of February. The first day of 2016 IPPC event will offer technical sessions on programming, an open panel discussion with renowned hackers and programmers, as well as an opportunity for the world's top programmers to meet leading high-tech companies worldwide. The Next Hacker is an outstanding programming event with more than 5,000 attendees – no less than 3,000 c
cyber security

The State of SaaS Security 2024 Report

websiteAppOmniSaaS Security / Data Security
Learn the latest SaaS security trends and discover how to boost your cyber resilience. Get your free…
Raspberry Pi Zero — The $5 Tiny Computer is Here

Raspberry Pi Zero — The $5 Tiny Computer is Here

Nov 26, 2015
Get ready for a ThanksGiving celebration from the Raspberry Pi Foundation. Raspberry Pi, the charitable foundation behind the United Kingdom's best-selling computer, has just unveiled its latest wonder – the Raspberry Pi Zero . Raspberry Pi Zero is a programmable computer that costs just $5 (or £4), may rank as the world's cheapest computer. Raspberry Pi Zero: Just $5 Computer Yes, Pi Zero is the smallest Raspberry Pi yet for just $5, but might be the biggest when looking at its specifications: Broadcom BCM2835 application processor (same as Pi 1) 1GHz ARM11 core (40 percent faster than Raspberry Pi 1) 512MB of LPDDR2 SDRAM Micro-SD card slot MiniHDMI socket for 1080p60 video output Micro-USB for data Micro-USB for power Unpopulated 40-pin GPIO connector Identical pinout to Model A+/B+/2B Unpopulated composite video connector Smallest ever form factor (i.e. 65mm x 30mm x 5mm) Get Your Raspberry Pi Zero Now! The Raspberry Pi is respon
Micro:bit — A Pocket-sized Programmable Computer

Micro:bit — A Pocket-sized Programmable Computer

Jul 09, 2015
The BBC has unveiled the final design of the Micro:bit — a pocket-sized computer board designed to lure U.K. school children to embedded electronics. The Micro:bit is essentially a codeable computer that lets kids get creative with technology. It measures 5cm by 4cm and will be available in different colors. The idea behind the Micro:bit is to encourage young children to learn how computers work, and to get kids into programming and engineering at the young age. What does this tiny little computer contain? The Micro:bit, made in collaboration with ARM, Barclays, element14, Freescale, Lancaster University, Microsoft, Nordic Semiconductor, Samsung and the Wellcome Trust, contains: A 32-bit ARM Cortex M0 CPU Programmable Array of 25 red LEDs Micro USB port through which it can be powered Three input-output (I/O) Ring Connectors to hook it up to other kits and sensors Bluetooth for connectivity A 3V output connector to power external devices A 20-pin edge
Internet Explorer Developer Channel - Early Access to Next-Generation Features For Developers

Internet Explorer Developer Channel - Early Access to Next-Generation Features For Developers

Jun 16, 2014
In an effort to create more open and accessible atmosphere between the Internet Explorer team and the Web development community, Microsoft today announced the launch of The Developer Channel for Internet Explorer . Internet Explorer Developer Channel is a fully-functioning browser designed to provide Web programmers and early adopters an advance and better understanding of the features the team is currently working on and let them offer feedback before it reaches the broader public. " Today we're excited to announce the release of the Internet Explorer Developer Channel, a fully functioning browser designed to give Web developers and early adopters a sneak peek at the Web platform features we're working on, " Microsoft said in a blog post . Thankfully, Internet Explorer Developer Channel runs independently of the user's copy of IE and allows Web programmers to test newest Web technology and browser features without disrupting their current browser set
Billions of Smartphone Users affected by Heartbleed Vulnerability

Billions of Smartphone Users affected by Heartbleed Vulnerability

Apr 13, 2014
Heartbleed has left a worst impression worldwide affecting millions of websites and is also supposed to put millions of Smartphones and tablets users at a great risk. Heartbleed is a critical bug ( CVE-2014-0160 ) in the popular OpenSSL cryptographic software library, that actually resides in the OpenSSL's implementation of the TLS/DTLS heartbeat extension, which allows attackers to read portions of the affected server's memory, potentially revealing users data such as usernames, passwords, and credit card numbers, that the server did not intend to reveal. OpenSSL is a widely-used cryptographic library which implements the SSL and TLS protocol and protects communications on the Internet, and mostly every websites use either SSL or TLS, even the Apache web server that powers almost half of the websites over internet utilizes OpenSSL. But to assume that the users using desktop browsers to visit websites are vulnerable to the Heartbleed bug, will be wrong. Despite 40
NSA denies Report that Agency knew and exploited Heartbleed Vulnerability

NSA denies Report that Agency knew and exploited Heartbleed Vulnerability

Apr 12, 2014
The Bloomberg claimed that the U.S. National Security Agency (NSA) knew about the most critical Heartbleed flaw and has been using it on a regular basis to gather " critical intelligence " and sensitive information for at least past two years and decided to keep the bug secret, citing two sources ' familiar with the matter '. In response to the above report, NSA has issued a ' 94 character' statement today denying the claims that it has known about the Heartbleed bug since two years and that it has been using it silently for the purpose of surveillance. " NSA was not aware of the recently identified Heartbleed vulnerability until it was made public ," the U.S. intelligence agency said on its Twitter feed . Heartbleed is one of the biggest Internet vulnerabilities in recent history that left large number of cryptographic keys and private data such as usernames, passwords, and credit card numbers, from the most important sites and services on the Int
German Developer responsible for HeartBleed Bug in OpenSSL

German Developer responsible for HeartBleed Bug in OpenSSL

Apr 12, 2014
We have already read so many articles on Heartbleed, one of the biggest iNternet threat that recently came across by a team of security engineers at Codenomicon , while improving the SafeGuard feature in Codenomicon's Defensics security testing tools.  The story has taken every media attention across the World, as the bug opened doors for the cyber criminals to extract sensitive data from the server's memory and almost every major site have been affected by it. UNINTENTIONAL  BIRTH OF HEARTBLEED More than two years ago, German programmer Robin Seggelmann introduced a new feature called " Heartbeat " in the most secured open source encryption protocol, OpenSSL , which is used by several social networks, search engines, banks and other websites to enable secure connections while transmitting data. But introducing heartbeat feature cost him dearly, as here the most critical bug resides. Dr. Seggelmann allegedly was just trying to improve OpenSSL and wo
Learn How DuckDuckGo Search Engine helps you to be a Good Programmer

Learn How DuckDuckGo Search Engine helps you to be a Good Programmer

Feb 21, 2014
So you want to be a Programmer? Want to learn - How to code, Debug, and Program? The Web is full of free resources that can turn you into a programmer in no time, but never knew Where to start or How to troubleshoot your programs . Learning How to be a good programmer begins with learning logic concepts and language syntax and Google is a superb search engine, used by the majority of users online for finding information. But most of the time we don't get helping hands ' easily & quickly ' to debug our programs using Google or other Search engines. Learning to program is hard enough, but debugging is a critical skill, actually - it's frustrating ! DuckDuckGo , a private Search Engine that claims it gives complete anonymity to its users, has ' Programming Goodies ' for you and Software Engineers, i.e. provides a large number of programming tips and solutions from the a number of references, for various programming languages. Following are the
Web Application Security : PHP SuperGlobal Variables are vulnerable to Hackers

Web Application Security : PHP SuperGlobal Variables are vulnerable to Hackers

Sep 09, 2013
Hackers are focusing on vulnerabilities in the PHP web application development platform threatening 80% websites in the world, including many big website i.e. Facebook and Wikipedia. PHP has several predefined variables that are called SuperGlobals i.e. POST, GET, COOKIES, FILES etc. Imperva Releases Hacker Intelligence Initiative Report , particularly concerned about two vulnerabilities that can be used to execute code on servers running PHP and fail to stop PHP SuperGlobal parameter variables being modified by external sources. Dubbed as  CVE-2011-2505 , describes a vulnerability in the authentication feature in PhpMyAdmin (PMA) that enables attackers to modify the  _SESSION  SuperGlobal variable. CVE-2010-3065 describes a problem in the PHP's session serialization mechanism. By injecting malicious value into an internal variable using PHP's Superglobal mechanism, the attacker is able to change the application flow and execute arbitrary commands to take control over
Warm up your keyboard for Facebook Hacker Cup 2013

Warm up your keyboard for Facebook Hacker Cup 2013

Jan 09, 2013
Dear Hackers, Warm up your keyboards! Because Facebook open Registration for third Hacker Cup 2013, an annual worldwide programming competition where hackers compete against each other for fame, fortune, glory and a shot at the title of world champion, with $5,000 top prize. The qualification round begins on January 25th. So Participate and enhance your programming competency. The dates have been set for Facebook Hacker Cup 2013 Jan 7 — Jan 27 — Registration Jan 25 — Jan 27 — Online Qualification Round Feb 2 — Online Elimination Round 1 Feb 9 — Online Elimination Round 2 Feb 16 — Online Elimination Round 3 March 22 -23 — Onsite Finals at Facebook Registrations Page -  https://www.facebook.com/hackercup/register This is your chance to compete against the world's best programmers for awesome prizes and the title of World Champion.
Facebook Launches Global Hacker Cup Programming Contest

Facebook Launches Global Hacker Cup Programming Contest

Dec 10, 2010
Hacking is a core aspect of Facebook's culture. Whether we are developing the next big product at one of our hackathons or creating a smarter search algorithm, we constantly hack to find better solutions. We are launching the Hacker Cup to unite engineers worldwide in a multi-round programming competition. Participants must solve algorithmic problem statements to advance, being ranked by accuracy and speed. What: An annual algorithmic programming contest open to hackers globally. Where: Three online rounds with finals at Facebook's headquarters in California. When: Registration opens on December 20th. The three online rounds will occur throughout January 2011, followed by the world finals. Finals: We will cover the travel and accommodation expenses for the top 25 hackers from the 3rd online round to our campus. Prizes: The top hacker will win $5,000 and the title of world champion. The second place will receive $2,000, third place $1,000, and fourth to twenty-fifth place
Expert Insights / Articles Videos
Cybersecurity Resources