The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

SPINN - Secure Personal Information Notification Network Hacked By Inj3ct0r Official website of  SPINN - Secure Personal Information Notification Network has been hacked and Defaced by Team Inj3ct0r. Screenshot is as shown above.

War Texting : Hackers Unlock Car Doors Via SMS Don Bailey and Mathew Solnik, Two hackers have found a way to unlock cars that use remote control and telemetry systems like BMW Assist, GM OnStar, Ford Sync, and Hyundai Blue Link. These systems communicate with the automaker’s remote servers via standard standard mobile networks like GSM and CDMA — and with a clever bit of reverse engineering, the hackers were able to pose as these servers and communicate directly with a car’s on-board computer via “ war texting ” — a riff on “war driving,” the act of finding open wireless networks. Don Bailey and Mathew Solnik, both employees of iSEC Partners, will deliver their findings at next week’s Black Hat USA conference in Las Vegas in a briefing entitled “ War Texting: Identifying and Interacting with Devices on the Telephone Network. ” The exact details of the attack won’t be disclosed until the affected manufacturers have had a chance to fix their systems, and the hackers are not expected ...

Iframe Injection Vulnerability on FileHippo - Popular software download site One of the most Popular Freeware Software download website "FileHippo" is Vulnerable to Iframe Injection. This Vulnerability is Found and submitted by  n3t phir3 . Here is the  Vulnerable Link  and Screenshot as shown above.

Apache Log Extractor tool Apache Log Extractor is a quick script to export URL information from Apache access logs. The thought behind this script was to provide a list of known URL’s on a remote server by analysing the logs. This list could then be used as the input for further testing tools e.g Burp Suite – Intruder . The script accepts an Apache access file as the input and creates an output file containing one URL per line. The list is unique and should only contain the URL without parameters (incomplete directory names are not extracted). It also takes these URLs and creates a wordlist output of all valid directoy names for use with brute-forcing tools. This fingerprinting tool can reduse the realm of password cracking. How to use ./apache_log_extractor.py access.log.1 Output [ ] Extracting URLs from logfile : access.log.1 [ ] Extracted URL : / [ ] Extracted URL : /Signed_Update.jar [ ] Extracted URL : /ajax/bottomnavinfo.ashx [ ] Extracted URL : /MetaAdServ...

THN Review : Ghost in the Wires - Kevin Mitnick First of all Thanks to Mr. Kevin Mitnick for sending Review Copy of his latest book & Auto-Biography " Ghost in the Wires - My Adventures As The World's Most Wanted Hacker ". I take about a week to read this amazing book and Finally  The Hacker News Review for this Book : Some call him a saint, some a criminal, others adore him. Industry may loathe him but we here at hacker news say “ Get Reading ” loyal subscribers and laugh, get mad, feel revenge, and pure educational enjoyment reading Kevin Mitnick’s new book “ Ghost in the Wires ” .  Yeah, we consider him pretty cool and the father of Social Engineering which is just ours and yours level of interest.   If a guy that can stay one step ahead of big business, catching them with their pants down and their hands in the Cookie jar, then this is the book for you.  If you admire a person who can squeeze blood from a turnip, you have the rig...

LulzSec Member Topiary arrested in the Shetland Islands Police arrest 18-year-old man in Shetland Islands who is alleged to be involved in hacker attacks on law enforcement agencies.Officers from the Metropolitan Police Service's Police Central e-Crime Unit (PCeU) arrested the man as part of an international investigation into the activities of the Anonymous and LulzSec hacktivist groups.The man, who was arrested at a residential address in Shetland, is said to have used the online nickname " Topiary " and acted as a spokesperson for the groups via forums such as Twitter. He was arrested at a residential address in the Shetland Islands and is currently being transported to a police station in central London. A search is ongoing at the address. It was carried out with the assistance of the Scottish Crime and Drug Enforcement Agency (SCDEA) and Lincolnshire Constabulary. The arrest of Topiary is the third made in the UK in the search for members of the group, followi...

DOD Launches New Cyber Strategy Website The Department of Defense today launched a new website to highlight DoD’s first unified strategy for cyberspace announced on July 14. The website is a tool to help explain and consolidate DoD’s cybersecurity accomplishments and new way forward for military, intelligence and business operations in cyberspace. The new website is designed to help users explore the five pillars of DoD’s cyber strategy: treating cyberspace as an operational domain; employing new defense operating concepts; partnering with the public and private sector; building international partnerships; and leveraging talent and innovation. Additional content includes links to cybersecurity jobs in government, key news items, press releases, and video of discussions on cybersecurity. Source

Smiasm - Reverse engineering framework What is Miasm? Miasm is a a free and open source (GPLv2) reverse engineering framework. Miasm aims at analyzing/modifying/generating binary programs. Here is a non exhausting list of features: opening/modifying/generating PE/ELF 32/64 le/be using Elfesteem Assembling/Disassembling ia32/ppc/arm Representing assembly semantic using intermediate language Emulating using jit (dynamic code analysis, unpacking, ...) Expression simplification for automatic de-obfuscation Graphic disassembler using Grandalf How does it work? Miasm embed its own disassembler, intermediate language and instruction semantic. It is written in Python. To emulate code, it uses libtcc to jit C code generate from intermediate representation. It can emulate shellcodes, parts of binaries. Python callback can be executed to emulate library functions. Read Documentation & Download Here

#OpPayPal - Anonymous calls for boycott of PayPal for blocking Wikileaks The Latest Operation could be a major departure into legal direct action for Anonymous, LulzSec and AntiSec. If so, this is one to watch with great interest. The campaign marks something of a departure for LulzSec and Anonymous, which are both known for stealing and releasing private information from websites with poor security.The groups are at pains to emphasis that their current protest is being waged through legal means.During Operation Payback, Anonymous had called for a boycott, but little was gained due to the distributed nature of Anonymous and relatively low media profile. What is Operation Paypal ( #OpPayPal ) ? IRC: http://bit.ly/pDIZbY According to Anonymous and Lulzsec " Paypal is a corrupt corporation who voluntarily disabled donations to wikileaks with no legal base or reasoning whatsoever.  They are actively working with the FBI to arrest and imprison the only peop...

Metasploit Pro 4.0 released - Enterprise Integration, Cloud Deployment & Automation Rapid7 launched Metasploit Pro 4.0, a penetration testing solution that provides security professionals with a better view of their threat landscape by integrating with more than a dozen vulnerability management and Web application scanners, and by providing data to security information and event management (SIEM) systems through a documented interface. This enables defenders to identify vulnerabilities that could lead to a data breach and prioritize their remediation more effectively. Security teams increase their productivity by spending less time fixing unimportant vulnerabilities and have an effective way to verify that remediation was successful. The new capabilities in Metasploit Pro 4.0 now enable defenders to: Integrate security risk intelligence Integrate Metasploit Pro with your security information and event management (SIEM) system to improve your dashboard information Import ...