The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

RawCap sniffer for Windows released We are today proude to announce the release of RawCap, which is a free raw sockets sniffer for Windows. Here are some highlights of why RawCap is a great tool to have in your toolset: Can sniff any interface that has got an IP address, including 127.0.0.1 (localhost/loopback) RawCap.exe is just 17 kB No external libraries or DLL's needed No installation required, just download RawCap.exe and sniff Can sniff most interface types, including WiFi and PPP interfaces Minimal memory and CPU load Reliable and simple to use Usage RawCap takes two arguments; the first argument is the IP address or interface number to sniff from, the second is the path/file to write the captured packets to. C:\Tools>RawCap.exe 192.168.0.23 dumpfile.pcap You can also start RawCap without any arguments, which will leave you with an interactive dialog where you can select NIC and filename: C:\Tools>RawCap.exe Network interfaces: 0. 192.168.0.23 ...

WiFite The WEP/WPA Cracker version r68 released ! Designed for Backtrack4 RC1 distribution of Ubuntu. Linux only; no windows or osx support. Purpose : to attack multiple WEP and WPA encrypted networks at the same time. this tool is customizable to be automated with only a few arguments. wifite can be trusted to run without supervision. Feature : this project is available in French: all thanks goto Matt² for his excellent translation! sorts targets by power (in dB); cracks closest access points first automatically deauths clients of hidden networks to decloak SSIDs numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc) customizable settings (timeouts, packets/sec, channel, change mac address, ignore fake-auth, etc) “anonymous” feature; changes MAC to a random address before attacking, then changes back when attacks are complete all WPA handshakes are backed up to wifite.py’s current directory smart WPA deauthentic...

Anonymous Plans Sony Boycott on April 16 Say you're a hacker trying to cripple a major electronics company for suing its own users: how do you launch a cyberattack without harming the people you're trying to protect? In the case of hactivist group 'Anonymous,' which has spent the week targeting Sony to retaliate against Sony's ongoing lawsuits against PlayStation 3 modifiers, you take it offline. Anonymous is staging a 24-hour, in-store boycott at Sony stores around world on Saturday, April 16. So far over 1,000 people have RSVP'd through Facebook. On Monday, Anonymous launched a DDoS attack on Sony that rendered the PlayStation Network (PSN) inaccessible for most of the day (while an Anonymous offshoot calling itself "SonyRecon" targeted individual Sony employees). But after consumers complained that the takedown was doing more harm than good to gamers, Anonymous reversed the hack and took down the Sony Careers page instead. Sony has remained...

PenTBox 1.4 – Penetration Testing Security Suite Download PenTBox, a security framework written in Ruby and multiplatform (actually working even on iOS and Android!). Tools & Features (Updated) Technical features - GNU/GPLv3 License. Free in freedom and in price. - Multi-platform (Ruby: GNU/Linux, Windows, Mac OS, *BSD, iOS, Android, …). - Compatible with Ruby and JRuby. - Multithreading (native threads in Ruby >= 1.9 and JRuby). - Doesn’t require additional libraries (non standard are included). - Modular (easy to expand and customize). Tools (SVN Version) - Cryptography tools Base64 Encoder & Decoder Multi-Digest (MD5, SHA1, SHA256, SHA384, SHA512, RIPEMD-160) Hash Password Cracker (MD5, SHA1, SHA256, SHA384, SHA512, RIPEMD-160) Secure Password Generator - Network tools Net DoS Tester TCP port scanner Honeypot Fuzzer DNS and host gathering - Web HTTP directory bruteforce HTTP common files bruteforce A moderate number of people are using it...

Pakistan Air Force Vulnerable to SQLi By Lionaneesh Vulnerable Link :  http://www.joinpaf.gov.pk/ page.php?pageid='149 Hacked Database :  http://pastebin.com/yNZ4UrNH

70 Indian Websites Hacked By Shadow008 (PakCyberArmy) Hacked Sites :  http://pastebin.com/8weEL5Bx

The Underground Cyber Hacking Challenge ! ~~~ Menu of the day ~~~  0x00 - 0p3nH4x #1 2011 - Ezine #1  0x01 - The structure of 0p3nH4x #1 2011  0x02 - About the targets  0x03 - Goals  0x04 - Points system  0x05 - Reporting and Documentation  0x06 - Prizes, biatchez  0x07 - Rules  0x08 - Registrations and information  0x09 - About the idea and final words [ 0x00 - 0p3nH4x #1 2011 - Ezine #1 ] 0p3nH4x is the first of its kind "underground cyber hacking challenge". A challenge by hackers for hackers to test real skills in the field.  We are challenging all hackers no matter if you are black or white "hatted". It's time to prove that your preferred community is not so skid. Through 0p3nH4x we are trying to wake up the scene(or what's left of it) and get it to a new improved "skin" but with the same original concept in the background. Through these ezines we will be "reporting" main events and progress around 0p3nH4...

Gta-SanAndreas & 1342 New WebSites HAckeD By The 077 ( Hamdi HAcker )  Hacked Sites List : http://www.gta-sanandreas.com/downloads/pafiledb.php & http://www.zone-h.org/archive/notifier=The%20077

We are happy to announce that Offensive Security will be sponsoring DerbyCon. DerbyCon is a new hacker conference located in Louisville Kentucky. Our goal is to bring back an old style, community driven hacker con chocked full of amazing talks, live events and all around fun. The idea for DerbyCon was created by Dave Kennedy (ReL1K), Martin Bos (PureHate), and Adrian Crenshaw (Irongeek). The goal came from a desire to see more of the old style talks and events of the cons of the past. We spoke to some in the community and our speaker list is already stacked with some of the industry’s leading minds and this is even before the call for papers has been issued. We are also happy to announce that DerbyCon’s call for papers is going live today, be sure to submit your talk if you have something cutting edge and high-speed. For information on how to submit go to http://www.DerbyCon.com/call-for-papers In addition to some amazing talks there are a number of events scheduled including a ver...

Indian Revolution : Lets know about Anna Hazare ! " The dream of India as a strong nation will not be realised without self-reliant, self-sufficient villages, this can be achieved only through social commitment & involvement of the common man. " - Anna Hazare 1. Who is Anna Hazare? Started his career as a driver in the Army and turned into a social activist. 2. What's so special about him? He built a village Ralegaon Siddhi in Ahamad Nagar district, Maharashtra 3. So what? This village is a self-sustained model village. Energy is produced in the village itself from solar power, biofuel and wind mills. In 1975, it used to be a poverty clad village. Now it is one of the richest village in India. It has become a model for self-sustained, eco-friendly & harmonic village. 4. Ok,...? This guy, Anna Hazare was awarded Padma Bhushan and is a known figure for his social activities. 5. Really, what is he fighting for? He is supporting a cause, the amend...

116 Websites Hacked Hacked Site List :  http://pastebin.com/k7RUYJen

Amul's site is vulnerable to sql injection ! Angel 4k4 4d0r4b13  Found vulnerability on Amul's Websites, whole database is hackable ! Server Info: Host IP:             59.163.170.113 Web Server:       Apache/2.2.11 (Fedora) Powered-by:       PHP/5.2.13 DB Server:          MySQL >=5 Tables of vidya_new: Dummy_maharani Dummy_school School_mst School_mst_0506 School_mst_0708 bldgrp_mst depot_address depot_dist_map depot_mst depot_mst_14072010 depot_mst_29072010 depot_mst_new hoard_image parlour_mst phplist_admin phplist_admin_attribute phplist_admin_task phplist_adminattribute phplist_attachment phplist_attribute phplist_bounce phplist_bounceregex phplist_bounceregex_bounce Hacked Site :  http://www.amul.com/

DRIL : Domain Reverse IP Lookup Tool Download DRIL ( Domain Reverse IP Lookup ) Tool is a Reverse Domain Tool that will really useful for penetration testers to find out the domain names which are listed in the the target host, DRIL is a GUI, JAVA based application which use the Bing API key.DRIL has a simple user friendly which will be helpfull for penetration tester to do there work fast without a mess .this is only tested on linux still , been java it should work on windows to. There are online tools available, But many times due to slow internet connectivity we intend to get frustrated while audits. this tool is small and handy will not consume harddisk space So, its simply an good and fast altenative. How to run DRIL java -jar example java -jar “/home/treasure/DomainReverseIPLookup.jar” and it should open the application Download DRIL

The Social-Engineer Toolkit v1.3.2 , New version Download ! The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed. This is the change log: Added a new feature to the SET interactive shell, grabsystem. Will allow you to elevate permissions on victi machine. Does not work on XP SP2 and below. Fixed a bug where if grabsystem was called on with UAC bypass, the UAC-Safe shell would hang Added better error handling of sockets and addresses in the socket handlers in the interactive shell Updated the code base in the shell.binary to add the new grabsystem and add better error handling Added default handling if listener port was nothing, defaults to port 443 now Fixed a bug in how third party handlers responded to certain character sets Slo...

Cain & Abel 4.9.40 released , Download now ! Cain & Abel is a password recovery tool for Microsoft operating systems.It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using dictionary and brute force attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. Changes in this version: Added Proxy support for Cain's Certificate Collector. Added the ability to specify custom proxy authentication credentials for Certificate Collector. Added ProxyHTTPS Man-in-the-Middle Sniffer (TCP port 8080). HTTP, APR-HTTPS and APR-ProxyHTTPS sniffer filters are now separated. Added progress bar indicator in the off-line capture file function. Bug fixed in ProxyHTTPS Man-in-the-Middle Sniffer parsing "Connection Established" string. Bug fixed in VoIP Sniffer creating MP3 Mono files. Bug fixed in RTP Sniffer processing off-line capture files. Wi...

A new exploit for IE9 bypasses all security measures in even the latest fully patched version of Windows 7, according to a French security company Vupen. The exploit uses an unpatched zero-day vulnerability in Internet Explorer 9 and bypasses all the extra security measures of Windows 7. The latest version of Microsoft's operating system, fully up-to-date with service pack 1 (SP1), is vulnerable. The security hole was reported by the French security company Vupen, that previously discovered an IE8 vulnerability in December of last year. Vupen classifies the exploit for IE9 as reliable, which means it's an effective way for cyber attackers to run malicious code of their choosing on Windows 7 PCs. The exploit manages to break through Windows' additional security layers, such as ASLR, DEP and the sandbox (Protected Mode) in IE9. "The exploit uses two distinct vulnerabilities. The first one allows execution of arbitrary code within the IE9 sandbox. The second one allo...

Google Fixing the little things ! Ever since I joined the Gmail team, my friends have been eager to tell me, " I love Gmail ! Except for this one thing... " And every day, Gmail users share their "one thing" that would make Gmail better for them through our  suggestions page . While we enjoy creating new solutions to old problems with features like  Priority Inbox , those little annoyances and missing pieces are important, too. Recently, we've rolled out several small tweaks to Gmail to show it a little extra love.   Here’s a rundown: Auto-save contacts setting : Most people like that Gmail automatically saves every email address you send messages to; it can help recover forgotten addresses of former teachers, bosses, and people you contacted once but never thought you'd need to contact again. For some people, though, this feature can cause too much  contacts clutter . Today, we're rolling out a new setting to let you turn off the auto-save option. Yo...

PIZZA HUT Sql vulnerability by Srinivas Kj Vunl Site :  http://pizzahut.co.in/

Progenic.com down with Social Engineering by Saken & Josh of TeamDX ! Method: Social Engineering via LiveChat + Phone + Support Ticket System How: They had a SSN + DOB posted on their forum, Saken & Josh of TeamDX simply played the role of the person that the identity was stolen from, their domain registar which was located in the United States then decided that enough was enough but to shut them off. Remember: Saken & Josh of TeamDX may not be able to get into your server/website, but Saken & Josh of TeamDX sure know the backdoor, your un-secure registars who are easily manipulative. Saken & Josh of TeamDX could of gotten into your box, but Saken & Josh of TeamDX decided to lul about the domain going bye bye.

GNOME 3.0 Released , Available for Download ! GNOME 3.0 is a major milestone in the history of the GNOME Project. The release introduces an exciting new desktop which has been designed for today's users and which is suited to a range of modern computing devices. GNOME's developer technologies have been substantially improved for 3.0. Modernized and streamlined, they will enable developers to provide better user experiences with less time and effort. And GNOME 3.0 comes with the same GNOME applications that users know and trust, many of which have received significant enhancements. Download Now :  http://gnome3.org/tryit.html

Hydra v6.2 with a password bruteforcing mode, xmpp and irc modules, MD5/SHA1/ Support ! A very fast network logon cracker which support many different services. Have a look at the feature sets and services coverage page - including a speed comparison against ncrack and medusa! CHANGELOG for 6.2 * Added a patch by Jan Dlabal which adds password generation bruteforcing (no more password files :-) ) * New module: XMPP with TLS negotiation and LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1 support * New module: IRC is not dead ! use to find general server password and /oper credential * Added man pages from debian maintainers * Add support for new syntax: :// [: ][/ ] * Add TLS support for SIP * Add SCRAM-SHA1 auth to IMAP module * Add module usage help (-U) * Add support for RFC 4013: Internationalized Strings in SASL ("SASLPrep") * Add SASL + TLS support for NNTP * Add su...

Hackers steal Dell 1000's customer information ! The personal information of thousands of Australians has been stolen by hackers who raided a US-based database company, in what some experts are calling the biggest data theft in US hist ory. Dell Australia says customer data was "exposed" by an unauthorised entry into the computer system of email service provider Epsilon. The information includes the names and email addresses of Dell Australia's customers. In a statement, Dell assured its customers that credit card, banking and other personally-identifiable information was not at risk and remained secure. Australian Privacy Commissioner Timothy Pilgrim says Dell has informed him of the data breach. "Dell Australia have also advised all of its customers affected by the data breach and have set up an advice service that those customers can use to obtain further information if needed," he said in a statement. Mr Pilgrim has launched an investigati...

Computer hackers embody classic Christian virtues, a Vatican publication says, and shouldn’t be perceived negatively. In their passionate commitment to creating, and their openness to sharing ideas, hackers see their online exploits as “a form of participation in the ‘work’ of God in creation,” Jesuit priest Father Antonio Spadaro wrote in the Vatican magazine Civilta Cattolica, Network World reported. Citing the “joyful application of intelligence to problem solving” they demonstrate, and their ingrained rejection of competition, profit and authority, Spadaro said hackers are aligned with the teachings of Christianity. “Under fire are control, competition, property,” Spadaro said. It’s a mindset, he said, that has “a clear theological origin.” (However, citing technology writer Eric S. Raymond, Spadaro said hackers shouldn’t be confused with “crackers”— the former builds things and the latter breaks them, Raymond wrote.) A small and ironic wrinkle in the godly hacker theory exis...

Hackers have broken into The Hartford insurance company and installed password-stealing programs on several of the company's Windows servers. In a warning letter sent last month to about 300 employees, contractors, and a handful of customers, the company said it discovered the infection in late February. Several servers were hit, including Citrix servers used by employees for remote access to IT systems. A copy of The Hartford's letter was posted earlier this week to the website of the Office of the New Hampshire Attorney General :  http://doj.nh.gov/consumer/pdf/hartford2.pdf "It was a very small incident," said Debora Raymond, a company spokeswoman. The victims were mostly company employees. Less than 10 customers were affected by the malware, the W32-Qakbot Trojan, she said. Qakbot has been around for about two years. Once installed it spreads from computer to computer in the network, taking steps to cover its tracks as it logs sensitive data and opens up back...

Hackers behind what computer security experts believe could be the biggest data theft in US history may be planning to sell the information to cyber criminals for targeted scams. And while the tens of millions of names and email addresses swiped from online marketing firm Epsilon do not appear to have been used yet for cyber crime, the experts said it may just be a matter of time. Major US banks, hotels, retail outlets and other companies have been warning customers to be wary of fraudulent emails after Epsilon acknowledged last week that hackers had gained access to the Texas-based company's email system. Epsilon, which provides email services for some 2,500 companies around the world, has said that customer data for about two per cent of its total clients was exposed in what it called an "unauthorized entry." Epsilon, which sends out over 40 billion emails a year, did not identify the firms whose customers' names and email addresses were taken but dozens of ...

Microsoft is sorry, quite sorry indeed, that so many Windows Phone 7 owners have yet to receive the NoDo update for their handset. In a weekly written update today, the Windows Phone 7 team expressed sympathy to owners frustrated over the lag in receiving the update: “You want the latest technology and you’re tired of waiting. Believe me, [we] get it.” But the company also took time to warn against using any sort of workaround or hack to get the update ahead of schedule, saying that Microsoft has yet to fully test the 3rd party methods, and that they could lead to problems stretching from minor glitches to voided warranties. The usual, in other words, for phone hacking. But Microsoft was not all frowns and apologies today, it also had promises. In the same post the company stated that Europeans on O2 and SFR were moving along in the update queue, and that users should be patient just a “bit longer” in waiting for the official update to trickle down. Comments on the story have so...

François Dupoux has released an updated version of SystemRescueCd, a Gentoo-based live CD containing a collection of utilities for disk management and data rescue tasks. What's new in version 2.1.0? "Updated standard kernels to 2.6.35.12 (long-term kernel: rescuecd + rescue64); alternative kernels re-based on linux-2.6.38.2 (most recent kernel); patched alternative kernels with loop-aes-3.6b (encrypt disks using AES); updated Testdisk to 6.11.3 (checks and undeletes partitions + PhotoRec); updated hdparm to 9.36 (utility to change hard drive parameters); updated the Xfce desktop environment to new major version 4.8; updated gDisk to 0.7.1 (the package has been renamed gptfdisk); 32-bit kernels (rescuecd + altker32) compiled for i586 instead of i686." Change log.  Updated standard kernels to 2.6.35.12 (long-term kernel: rescuecd + rescue64) Alternative kernels rebased on linux-2.6.38.2 (most recent kernel) Patched alternative kernels with loop-aes-3.6b (encrypt d...

Here’s an interesting way to get noticed for a job (or fine) by Microsoft.. A hacker known as “Predator” has been able to phish information from Xbox Live’s Director of Policy and Enforcement, Stephen Toulouse (aka “Stepto”), gaining email and address information via his personal website server and was then able to alter the Chief’s details online. This latest hacker attack on Xbox Live accounts follows a leak of info belonging to Director of Programming Larry Hryb (aka “Major Nelson”) around this time last year. On the outset no serious harm was done by the little scam, but it’s a scam “Predator” hopes will make a statement to Microsoft in regards to their security policies. He states “I’m simply letting them know I’m willing to help them secure accounts from future hackers” – an innovative method of self-promotion! In a boastful video uploaded to YouTube “Predator” claims to be “Xbox Live’s greatest account jacker” and is raking in the cash from causing trouble for Xbox online...

ZeuS Source Code Leaked, Available for Sale ! The source is C++ and supposedly contains everything. The seller is asking for 5500 WebMoney/LibertyReserve for the full source code of version 2.0.8.9. The source code has been leaked but the archive is password-protected. Now there’s a race to see who can crack the password. In addition, someone has even given out an MD5 hash of the password. Dunno if it’s legit but it’s certainly making this an interesting race indeed.