The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Main Advertising vulnerable to SQLI by lionaneesh ! One of the best advertising companies in the world which is even used by megaupload is vulnerable to SQLi.   What I can do [Power]:- Loinaneesh found a database in which the hits to a particular link was entered (this is most probably used for counting the revenue). I can change and increase or decrease the ad revenue of a particular site. Target: http://click1.mainadv.com/ad.asp?id=%Inject_Here%609 DATABASE :  MSSQL 2005 Method: GET DATABASE : portals DATABASE : PDATAortals Table Name Columns Formats domain_new Categories domains bannersImp1 sampleAPP bannersImp change articleGroups t_jiaozhu specialTables TablesLinks tabella1 Gestionale contents Luckypot ...

ESET NOD32 releases Antivirus for Linux 4 ! ESET announced the availability of ESET NOD32 Antivirus 4 Business Edition for Linux Desktop and ESET NOD32 Antivirus 4 for Linux. ESET NOD32 Antivirus 4 for Linux offers protection against cross-platform and emerging threats, enhancing the security of Linux platforms. The scanning engine automatically detects and cleans malicious code, including threats designed for Windows and Mac based systems. ESET NOD32 Antivirus 4 Business Edition for Linux Desktop includes ESET Remote Administrator, which provides IT administrators with a management console to control an entire network from a single screen — supporting tens or thousands of heterogeneous computers. Key benefits and features: Detection and proactive cross-platform protection  – Advanced heuristics technology delivers real-time, proactive protection from malware, hacker attacks and exploits. Product protects against Linux, Windows and Mac malware Small system footprint ...

Malaysiakini - Malaysia's Most Popular News Website Shutdown's after cyber attack ! It has been reported that Malaysia's most popular news website Malaysiakini ( http://www.malaysiakini.com ) has been hit by cyber attack from 11 AM afternoon shutting the website down. The attack created a stir when the website stopped working just before the Sarawak election, making the website inaccessible to the readers. The attack has been diagnosed as Denial-of-service attack which is considered to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Denial-of-service attacks are considered violations of the IAB's Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. They also commonly constitute violations of the laws of individual nations. According to the technical team, the cyber attack has resulted in  swarming the Malaysiakini servers...

A French hacker who boasted on TV about hacking into the network of an important defense contractor was arrested and charged with unauthorized access to a computer system, data theft and organized fraud. The hacker appeared on the France 2 television programme "Complément d'enquête" (Further investigation) where he claimed to have hacked into computers belonging to the French Army and Thales Group, an IT contractor for the aerospace, defense and security industries. After the programme aired, the company filed a complaint, claiming the hacker stole confidential information from its internal network. The man, identified in only as Carl, was arrested on April 7 in Paris. When inspecting his computer, police found the details of hundreds of credit cards and bank accounts. The hacker admitted selling the information on underground websites, as well as using them to make fraudulent purchases for himself and others. This led to additional charges of organized fraud bei...

In the past few days offensive-security have been toying with some Motorola hardware, and have managed to get a basic build of BackTrack 5 (+ toolchain) on a Motorola Xoom. The possibilities look exciting as offensive-security are slowly building several experimental arm packages. offensive-security team does not have much experience with the Android OS nor ARM hardware, but so far – so good. offensive-security will not promise an ARM release on May 10th, as this new “experiment” was not planned in any way – but we’ll do our best. As of now, offensive-security have got a modified version of an Ubuntu 10.04 ARM image, chrooted on a Motorola Xoom. The tablet is running a modified, overclockable kernel (from 1.0 to 1.5 GHz). The chrooted BackTrack environment is running a VNC server, from which you can connect from the tablet itself. When run locally from the Xoom tablet, the VNC session does not lag, and the touch keyboard and touchscreen are very workable. As expected from a chr...

DUCAT Punjab Best Ethical Hacker  Competition Website hacked by  lionaneesh   ! DUCAT have announce Hacking Competition, Read Here  , But today " lionaneesh " an Indian Hacker hack into there site and show all security Holes. With the help of "lionaneesh" & THN , The site is now fixed :) Hack Proof :

Tell us how you did it, Pakistan court to hackers ! Hackers would be granted bail if they taught judges how to do the job, Pakistan's Supreme Court said in a lighter vein as it heard the bail plea of two teenagers who had broken into the Supreme Court website last year. The Supreme Court then granted bail to the two teenagers who are accused of hacking its official website and placing derogatory material about judiciary and the chief justice on it, Dawn reported Tuesday. The bench, comprising Justices Asif Saeed Khan Khosa and Amir Hani Muslim, was headed by Justice Javed Iqbal. The judges said the hackers had done a " brilliant job ". Their counsel Iftikhar Hussain Gilani promptly said they had not hacked the site. To which, the judges asked Gilani why he was not ready to accept praise for the hackers. They then said in a lighter vein they would grant bail on the condition that the accused taught them how to do such a job. The judges, however, observed that i...

Wireshark 1.5.1 Development Release ! Wireshark 1.5.1 has been released. Installers for Windows, OS X, and source code are now available. New and Updated Features The following features are new (or have been significantly updated) since version 1.4: Wireshark can import text dumps, similar to text2pcap. You can now view Wireshark's dissector tables (for example the TCP port to dissector mappings) from the main window. TShark can show a specific occurrence of a field when using '-T fields'. Custom columns can show a specific occurrence of a field. You can hide columns in the packet list. Wireshark can now export SMB objects. dftest and randpkt now have manual pages. TShark can now display iSCSI service response times. Dumpcap can now save files with a user-specified group id. Syntax checking is done for capture filters. You can display the compiled BPF code for capture filters in the Capture Options dialog. You can now navigate backwards and forwards through T...

CEH Trainer (Centennial Media Training) Got Hacked ! Hacked site :  http://www.cmtraining.com.au/product.php?prod_id=68

50  government  website hacked by Tn-V!Rus and The 077 Hacked sites :  http://pastebin.com/wmmRF78j

 71 websites hacked by T0$h!R0 AM!N Hacked Sites :  http://pastebin.com/b1FnnMHp

1000 website hacked by bad boy ! Hacked Site List :  http://pastebin.com/JTDgcyMV

Barracuda Networks Hacking via SQL Injection ! Barracuda Networks Inc. combines premises-based gateways and software, virtual appliances, cloud services, and sophisticated remote support to deliver comprehensive content security, data protection and application delivery solutions. The company’s expansive product portfolio includes offerings for protection against email, Web and IM threats as well as products that improve application delivery and network access, message archiving, backup and data protection. Barracuda Networks’ product portfolio includes: Barracuda Spam & Virus Firewall, Barracuda Web Filter, Barracuda IM Firewall, Barracuda Web Application Firewall, Barracuda SSL VPN, Barracuda Load Balancer, Barracuda Link Balancer, Barracuda Message  Archiver , Barracuda Backup Service, and the  BarracudaWare software portfolio. Combining its own award-winning technology with powerful open source software, Barracuda Networks solutions deliver easy to use, comprehensive...

DUCAT Punjab Best Ethical Hacker Competition  Registration :  http://www.dreamtechlabs.com/registration.php Participants are requested to carry their personal laptops with Battery backup.  A Test fees of Rs 100 has to be submitted on the spot. News By :  Vishal Sharma

OllyDbg 2.01 alpha 3 Released ! A major update with many new features. Here are the most importan t: - Support for multi-monitor configurations - Hardware breakpoints and fast command emulation now co-operate. That is, run trace rund at full speed (up to and exceeding 500000 commands per second) even if there are hardware breakpoints set - Purely conditional breakpoints during run trace are strongly accelerated - Stepping, tracing and execution till selection with hardware breakpoints instead of INT3. Controlled by option   Debugging | Use HW breakpoints for stepping - INT3 and hardware breakpoints allow to declare their location as an entry point and specify call parameters for protocolling - Scan for hidden modules. .NET environment frequently loads modules but does not report them to Debugger - Search window keeps up to 8 last searches in a separate tabs - Option to load .udd information even when path, file name or file checks...

Sqlmap v.0.9 - automatic SQL injection and database takeover tool ! sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. Change Log : * Rewritten SQL injection detection engine (Bernardo and Miroslav). * Support to directly connect to the database without passing via a SQL injection, -d switch (Bernardo and Miroslav). * Added full support for both time-based blind SQL injection and error-based SQL injection techniques (Bernardo and Miroslav). * Implemented support for SQLite 2 and 3 (Bernardo and Miroslav). * Implemented support for Firebird (Bernardo...