The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

OpenDNSSEC 1.2.1 latest version Released ! Version 1.2.1 of OpenDNSSEC has now been released. ldns 1.6.9 is required for bugfixes. dnsruby-1.52 required for bugfixes. Bugfixes: Auditor: ‘make check’ now works when srcdir != builddir. Auditor: Include the ‘make check’ files in the tarball. Enforcer: Fix the migration script for SQLite. Enforcer: Increase size of keypairs(id) field in MySQL to allow more than 32767 keys; see MIGRATION for details. Enforcer: Minor change to NOT_READY_KEY error message. libhsm: Increase the maximum number of attached HSM:s from 10 to 100. ods-ksmutil: Send trivial MySQL messages to stdout when exporting zonelist etc. Otherwise the resulting XML needs to be edited by hand. ods-control: Fix for Bourne shell. Signer Engine: Prevent race condition when setting up the workers and the command handler. Signer Engine: Check if the signature exists before recycling it. Signer Engine: Quit when there are errors in the configuration. Sign...

Update : The PHP Group has confirmed the compromise of their server ! : The Hacker News ~ http://www.thehackernews.com/2011/03/php-group-has-confirmed-compromise-of.html Php.net was compromised and php source backdoored ! The picture show that some php.net site was compromised,and hacker backdoored php source.

Just now Top security firm RSA Security revealed by extremely sophisticated hack, Read complete Story here - http://www.thehackernews.com/2011/03/top-security-firm-rsa-security-revealed.html Now, RSA Release Open Letter to RSA Customers , as given below : Like any large company, EMC experiences and successfully repels multiple cyber attacks on its IT infrastructure every day. Recently, our security systems identified an extremely sophisticated cyber attack in progress being mounted against RSA. We took a variety of aggressive measures against the threat to protect our business and our customers, including further hardening of our IT infrastructure. We also immediately began an extensive investigation of the attack and are working closely with the appropriate authorities. Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extra...

Roboo uses advanced non-interactive HTTP challenge/response mechanisms to detect and subsequently mitigate HTTP robots, by verifying the existence of HTTP, HTML, DOM, Javascript and Flash stacks at the client side. Such deep level of verification weeds out the larger percentage of HTTP robots which do not use real browsers or implement full browser stacks, resulting in the mitigation of various web threats: HTTP Denial of Service tools - e.g. Low Orbit Ion Cannon Vulnerability Scanning - e.g. Acunetix Web Vulnerability Scanner, Metasploit Pro, Nessus Web exploits Automatic comment posters/comment spam as a replacement of conventional CAPTCHA methods Spiders, Crawlers and other robotic evil You can find the first public version  here

S ecurity E vent : Hack In Paris (16-17 June, 2011) Hack  In  Paris   is an international and corporate security event that will take place in Disneyland  Paris ® from June  16th to 17th of  2011 . Please refer to the homepage to get up-to-date information about the event. Topics The following list contains major topics the conference will cover. Please consider submitting even if the subject of your research is not listed here. Advances in reverse engineering Vulnerability research and exploitation Penetration testing and security assessment Malware analysis and new trends in malicous codes Forensics, IT crime & law enforcement Privacy issues: LOPPSI, HADOPI, … Low-level hacking (console security & mobile devices) Risk management and ISO 27001 Dates January 20: CFP announced March 30: Submission deadline April 15: Notification sent to authors April 17: Program announcement June   16-17 :  Hack  In  Paris June ...

Immunity Debugger v1.82 latest version download ! “ Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry’s first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility. “ This is the change log: Better handling of breakpoints. Fix thread suspend issues while handling breakpoints. Reintroduced the python shell. Updated Python to 2.7.1 Fixed python tracebacks to work again. Download the Immunity Debugger v1.82

A Microsoft lawsuit, unsealed earlier today, is responsible for causing government raids last Wednesday that lead to the downfall of the world’s biggest spam network, Rustock. Microsoft’s Digital Crimes Unit used information gained in its 2010 takedown of the Waledac botnet to work with the U.S. Marshals Service in locating and obtaining evidence from five hosting companies in seven U.S. cities. “DCU researchers watched a single Rustock-infected computer send 7,500 spam emails in just 45 minutes – a rate of 240,000 spam mails per day,” said Richard Boscovich, Senior Attorney at the Microsoft Digital Crimes Unit, in a blog post. With approximately one million computers worldwide infected by Rustock, the botnet was able to send 240 billion spam messages in a single day. Symantec revealed in August last year that botnets were responsible for 95% of the Internet’s spam, and that 41% of botnet spam came from the Rustock botnet. This means the dismantling of the Rustock ...

The Federal Bureau of Investigation (FBI) is reportedly investigating a hacker ring that is targeting phones and computers of celebrities and stealing nude photos and other personal items. The probe stems from nude photos of Vanessa Hudgens that were recently leaked online, reports the New York Daily News.  According to TMZ.com, the federal investigators met Hudgens Wednesday to discuss her latest nude photo scandal and believe she might be the latest victim of a notorious hacker crew that has targeted scores of celebrities, including Scarlett Johansson, Ali Larter, Busy Philipps and Miley Cyrus. A source told the website that one ringleader had fingerprints on every job and the primary motivation appeared to be the thrill and challenge - not money. The new round of Hudgens' photos surfaced on the Internet Monday after similar full-frontal nudes appeared online in 2007 and 2009. Hudgens, 22, is seen kissing 'Zoey 101' actress Alexa Nikolas in one of the new photos. ...

Top security firm RSA Security revealed on Thursday that it’s been the victim of an “extremely sophisticated” hack. The company said in a note posted on its website that the intruders succeeded in stealing information related to the company’s SecurID two-factor authentication products. SecurID adds an extra layer of protection to a login process by requiring users to enter a secret code number displayed on a keyfob, or in software, in addition to their password. The number is cryptographically generated and changes every 30 seconds. “While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers,” RSA wrote on its blog, “this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen thei...

The PHP developers have  released  PHP 5.3.6, a maintenance update to the PHP interpreter. Among over 60 bug fixes are a number of fixes for security related problems. A format string vulnerability in the phar extension of PHP 5.3.5,  CVE-2011-1153 , may allow attackers to view memory, cause a denial of service or execute arbitrary code. There was also an integer overflow in the shmop_read() function which allowed for denial-of-service ( CVE-2011-1092 ). Other flaws included crashes with crafted tags in exif metadata and ziparchive with empty archives. Security has also been enhanced in the protocol parsing done by the fastcgi process manager (FPM SAPI). Some of the flaws reportedly affect all versions of PHP 5.3.x and earlier. The release also sees SQLite3 upgraded to version 3.7.4 and PCRE updated to version 8.11. The ability to connect to HTTPS sites through a proxy was also added as was options for debugging backtrace functions. A full list of changes is available in...

Index Twitter HaCkeD By The 077 ( Hamdi HaCker ) Tunisian HaCker Hacked Site :  http://www.indextwitter.com/077.html

Research in Motion has found a security flaw and recommended that user disable JavaScript in browsers on certain phones, threatening the BlackBerry maker's iron-clad reputation for security. "The issue could result in remote code execution on affected BlackBerry smartphones," the Waterloo, Ontario-based company said. "Successful exploitation of the vulnerability requires the user to browse to a website that the attacker has maliciously designed." The flaw is in the WebKit browser that RIM includes in version 6 of its BlackBerry OS. RIM said hackers can steal data from users' memory cards on some BlackBerry devices. They can also install malware by exploiting the hole, but the company said that even if attacked, the phone's emails and contacts would be safe. The publicity is particularly bad for the company who stakes its reputation on the security and privacy of its service. RIM, which has been forced to use more third-party software to compete w...

2 Bangladesh Government Hacked By Mr-ADeL ! Hacked Sites : http://plandiv.gov.bd/ http://sfcdp.gov.bd/ News Source : Kai Farmer

Twitter is offering users better protection from hackers with a new option to always use an encrypted connection to access its microblogging service. The measure is particulary designed to defend those who access Twitter via unsecured public Wi-Fi networks, which can make it easy for hackers to steal their passwords. If activated, the new option in users' account settings means that whenever a they log on, their browser will connect to Twitter's servers via HTTPS, an encrypted version of the basic web protocol. Virtually anyone trying to spy on the traffic will see only packets of completely unintelligible data. "This will improve the security of your account and better protect your information if you’re using Twitter over an unsecured Internet connection, like a public WiFi network, where someone may be able to eavesdrop on your site activity," said Twitter spokeswoman Carolyn Penner. "In the future, we hope to make HTTPS the default setting," she adde...

Chinese Site Hacked by Cyber king (TEAM NUTS) Hacked Site :  http://www.bjname.com/NUTS.HTML

3 websites hacked by Team-Greyhat ! Hacked Sites : http://demoshop2.pentaconweb.dk/ http://suphamyenbai.edu.vn/index.htm http://impalamultiplex.com/index.html News Source :  Napster

Yahoo! India R&D will be hosting ‘HACK U’– the University Hack Day event for IIT Kharagpur students on campus between 17 and 20 March. Close to 250 students are expected to participate in this four day event of learning, hacking and fun, which is part of Yahoo!’s on-going commitment to nurture talent and innovation among today's student bodies. Conceptualized along the lines of Open Hack Day, Hack U provides a platform for the student community to develop and build applications using Yahoo!'s Open APIs (Application Programming Interface) like YQL and YAP, or even to create a new product concept itself. This novel concept provides students with the opportunity to work on product ideas, develop working prototypes in a 24 hour ‘Hackathon’ and eventually stand the chance to win cool prizes. The event will kick off with a series of hack-related presentations and tech talks by Yahoo! engineers followed by a non-stop 24-hour hacking session by the students. Praveen Ramachandr...

Kevin Mitnick 's latest Book : Ghost in the Wires - My Adventures As The World's Most Wanted Hacker ! Kevin Mitnick, the world's most wanted computer hacker, managed to hack into some of the country's most powerful - and seemingly impenetrable - agencies and companies. By conning employees into giving him private   information and maneuvering through layers of security, he gained access to data that no one else could. The suspenseful heart of the book unfolds as Mitnick disappears on a three-year run from the FBI. He creates fake identities, finds jobs at a law firm and hospital, and keeps tabs on his myriad pursuers - all while continuing to hack into computer systems and phone company switches that were considered flawless. A modern, technology-driven adventure story, GHOST IN THE WIRES is a dramatic account of the joy of outsmarting security programs, the satisfaction of code-cracking, and the thrill of unbelievable escape.

Iran is planning to recruit hackers to combat enemies after suffering last year's coordinated and sophisticated cyberattacks that reportedly crippled its Natanz nuclear enrichment facility. Fox News quoted Brigadier General Gholamreza Jalali, who leads Iran's Passive Defence Organization, as saying that the Islamic Republic plans "to fight our enemies with abundant power in cyberspace and Internet warfare." Recruiting hackers by paying them with sufficient amount of money is reportedly a part of the organisation's plan. Meir Javedanfar, author of The Nuclear Sphinx: Mahmoud Ahmadinejad and the State of Iran, said that when it comes to projects that are important to them, "they have money." Mohsen Sazegara, a former member of the Iranian Revolutionary Guard, said that computer experts working on piecemeal projects would not be able to figure out that they were working on a government cyberattack plan. "It's a process. They write complic...

Web hosting administration company InterWorx Hacked ! Web-hosting administration outfit InterWorx has warned users to change their passwords following a deep penetrating hack attack. The assault on the firm's support desk database exposed users' login credentials because the support desk software was storing email and password data in plain text. Users were strongly advised to change their passwords on any site they accessed using the same login credentials as they used with InterWorx. The compromise – which ran between 28 February and 5 March – gave hackers admin control of websites administered through InterWorx, a facility they soon set about abusing in order to distribute malware. In a  notice  warning of the breach, InterWorx warns that a "few clients" have had their servers "modified to distribute malware javascript, as a direct result of this attack". InterWorx apologised for the breach in an email sent to users on Thursday and forwarded to E...

Adobe today released an advisory   to warn about a remote code execution vulnerability in Flash Player, which also affects Adobe Reader and Acrobat. This critical vulnerability has been assigned CVE-2011-0609. Currently seen attacks work through a malicious SWF file which is embedded inside an Excel file. The target must open a malicious XLS file for a vulnerability in Flash to be exploited. This kind of structure is a perfect setup for targeted attacks. And not surprisingly, targeted attacks have indeed been reported. During testing, the particular exploit was not able to run successfully on Windows 7. It did work on Windows XP. It's likely though a ROP-exploit would be able to exploit this vulnerability under Windows 7. Call me old-fashioned, but I don't really see the point of embedded SWFs inside Excel documents. From my point of view, this is a clear example of too much functionality in a product leading to security problems. As such, it would be great if Microsoft would ...

Times Square screens hacked using iPhone ! Hacker's Words : " The way it works is pretty simple: plug in my transmitter into the headphone minijack of an iphone 4 and play back any video clip. you can play it through the ipod feature or through the camera roll. the transmitter instantly sends the video signal to the video repeater and the video repeater overrides any video screen that it's being held next to. it doesn't matter what shape or size the hacked screen is because the hack video will simply keep its correct dimensions and the rest of the hacked space will stay black. i chose times square for my demo because it has lots of video screens to try it on. it is also one of the most monitored and secured areas in new york city and that made it that much more fun :). you can see in my video that the repeater is pretty powerful but the signal is not very stable yet. i'm working on that. i will post a new video later this week explaining how i made this pr...

BackTrack 5 “ revolution ” will Release on May 10th, 2011 As BackTrack 5 development rolls on full steam ahead, we’ve been getting numerous questions about the future release. We thought we’d publish a blog post with general information about BT5 for the impatient. The codename of this release will be “ revolution ”, for a bunch of reasons. BackTrack 5 will be based on Ubuntu Lucid (10.04 LTS) , and will (finally) support both 32 bit and 64 bit architectures. We will be officially supporting KDE 4 , Gnome and Fluxbox while providing users streamlined ISO downloads of each Desktop Environment (DE). Tool integration from our repositories will be seamless with all our supported DE’s, including the specific DE menu structure. Perhaps most importantly BackTrack 5 “revolution” will be our first release to include full source code in it’s repositories. This is a big thing for us, as it officially joins us to the open-source community and clears up any licensing issues which were pres...