The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cross site scripting (XSS) vulnerability in Rebook.com Found By Zero Cool Vulnerable Link :   http://www.reebok.com/IN/ search?t=%3E%22%3E%3CMARQUEE% 3EHACKED%20BY%20ZERO%20COOL% 3C/MARQUEE%3E%3Ciframe+src+% 3D%22http://www.thehackernews. com%22+width%3D%22100%25%22+ height%3D%22100%25%22%3E%3C% 2Fiframe%3E&Submit=Go

PacketManipulator 0.3 released - including Windows Installer ! PacketManipulator is a network scanning frontend. PacketManipulator is developed in the Python programming language, and its interface is built with the GTK Toolkit. The project goal is to develop a frontend that is really useful for advanced users and easy to be used by newbies. With PacketManipulator, network admin can forge custom packets and send them over the wire to analyze the network, sniff on a selected interface or simply edit a pcap file for further replay. Download  PacketManipulator-0.3-installer-winxp.exe  ( 11.9 MB) For Installation Guide and Further Read : Click Here

Dslreports.com hacked , Over 9000 accounts compromised ! DSL Reports - the information and review site on high speed Internet services which operates over 200 forums - has been hit with a blind SQL injection attack, which resulted in the compromise of at least 9000 accounts. Founder Justin Beech posted a notification about the intrusion on the forum dedicated to the site, in which he specified that no login names, zip codes and private posts were compromised. The attack went on for four hours on Wednesday and it was blocked before it had completed more than 8% of its work. All the same, the attackers managed to obtain a large number of email/password pairs. "The ones they obtained were basically random. So they cover the entire 10 year history of the membership but sprinkled randomly. Some are very old accounts, some are new accounts, some inactive or deleted," says Beech. "I identified the newest accounts, those that were obtained and have logged in over the ...

US Congress wants answers from Sony on PlayStation hack ! A U.S. congressional committee has asked Sony Computer Entertainment to explain several issues surrounding the massive potential leak of information on customers of its PlayStation Network. The network, which serves as an e-commerce and online gaming platform for the PlayStation 3, has been offline for more than a week after Sony discovered an intruder broke through its cyberdefenses and into the network. The service remains unavailable and Sony has warned its 77 million subscribers that their personal information may have been leaked, including, potentially, credit card numbers. A subcommittee of the House of Representatives' Committee on Energy and Commerce sent a letter to Sony on Friday that seeks answers to many of the same questions that Sony's users have about the attack and the company's response. Chief among those is Sony's apparent slowness in taking the network offline and informing customers....

' The Hackers Paradise ' hacked by KhantastiC ! Hacked Link : http://www.thehackersparadise.com/khan.html

Hindustan  College Of Science And Technology  - Database Hacked By  Mohit Pande Aka Toshu Hacked Site : www.hcst.edu.in/ Hacked Database : http://pastebin.com/YQ3EuGsc

Aviation Website Planespotters.net hacked By Lionaneesh Hacked Database :  http://pastebin.com/iqqaPway Hacked site Link :  http://www.planespotters.net/

Facebook is not Exclusion, XML Vulnerability ! All of you know that there are many vulnerabilities on various web-sites. But Grands websites like facebook, google, microsoft are very well secure and sometimes it's impossible to find even xss or SQLi on them. But the code, behind this web sites, is written with PEOPLE , and you can only patch human vulnerability on their Mind or DNA. :)))  What we want to say is, this isn't serious flaw or bug, vulnerability, but this is proove that even such website's contain security holes, and if you look through you can take them over. ;)  best wishes and happy Hacking. Oh yes, see NASA's report about bugs, our UNIVERSE is vulnerable too. :)))  Vulnerable Link : http://www.facebook.com/ search/opensearch_typeahead. php?format=xml&q={ blablablablabla%20what%20is% 20this?%20xss%20or%20xmls?%20: ))))} Here some more Links, You should Analyse : http://www.facebook.com/ crossdomain.xml http://vthumb.ak.fbcdn.net/ vthumb...

Sony.com2.us database Exploited by Lionaneesh Lionaneesh extract database of sony.com2 and publish on :  http://pastebin.com/mZKtrT10  .

Lady Gaga 's Twitter Account Hacked ! Oh snap! Lady Gaga's Twitter account was hacked on Wednesday and as a result, the Mother Monster has threatened to involve the authorities in the matter. Don't fuck with Gaga's digital rights. And come to think of it…to hack the Twitter account of the world's most famous womam is probably dumb, since you're more likely to get caught and to be made an example of. A hacker gained access to Gaga's account and began posting a number of spam messages, all written in Spanish. Gaga's deleted the tweets and posted the following warning: "Whoever is hacking my Twitter must answer to 10 million monsters and Twitter police." Do not mess with Gaga or her Monsters. Do you follow Lady Gaga on Twitter?

Famous Israeli company websites Hacked by OldChildz (Turkish Hackers) Hacked Sites and Mirrors : http://be10.co.il http://www.zero-h.com/mirror/id/66321 http://gagotreafim.com (An Israeli Construction Company) http://www.zero-h.com/mirror/id/66320 http://kasafot.com (A manufacturing company in the Israeli case) http://www.zero-h.com/mirror/id/66319 http://nadlan-plus.com (Nadlan-Plus Jerusalem Real Estate Israel is a leading firm, offering luxury properties) http://www.zero-h.com/mirror/id/66318 http://sick-sensors.co.il (SICK is a technology and market leader in Factory Automation and Logistics, as well as the Process Automation.) http://www.zero-h.com/mirror/id/66317 http://meholelim.org http://www.zero-h.com/mirror/id/66315 http://lama-wordpress.com http://www.zero-h.com/mirror/id/66313 http://backpackingisrael.com (Travel Forums and Tips) http://www.zero-h.com/mirror/id/66311

Live Hacking DVD v1.3 Beta - Download ! Live Hacking DVD is a new Linux distribution packed with tools and utilities for ethical hacking, penetration testing and countermeasure verification. Based on Ubuntu this ‘Live CD” runs directly from the DVD and doesn’t require installation on your hard-drive. Once booted you can use the included tools to test, check, ethically hack and perform penetration tests on your own network to make sure that it is secure from outside intruders. As well as the standard Linux networking tools like ping, wget, curl, telnet and ssh, the Live Hacking DVD has tools for DNS enumeration and reconnaissance as well as utilities for foot-printing, password cracking and network sniffing. It also has programs for spoofing and a set of wireless networking utilities. The Live Hacking DVD is designed for ethical computer hacking, meaning that it contains the tools and utilities you need to test and hack your own network but using the tools and techniques that mor...

Ubuntu 11.04 Released ! For those of you watching Ubuntu's website recently, you may have noticed a new version of the popular and easy to use variant of Linux has been surfaced - Natty Narwal. It can be downloaded from the previously linked site free of charge. Among the various new features, the Unity interface is set as the default UI, and includes the launcher (an OS X like dock), the dash (a popup menu with user defined shortcuts), and workspaces (a virtual desktop manager). According to the Ubuntu website, the OS can boot in as little as 7 seconds (following POST). Driving all of this eye candy is Gnome 2.32.1 (according to Ubuntu Vibes). If your current equipment is not capable of Unity, the classic desktop experience will kick in as to keep you moving along with minimal lag. Those of you wanting to experiment with Gnome 3, it cannot be installed via the Ubuntu repositories, and there have been reports of system instabilities post installation, though there is a workaroun...

Buddie.me (Social Networking) Hacked by Fr0664/FCA , 15809 Users emails/passwords exposed ! A social Networking Site, Buddie.me hacked By some hacker, and about 15809 emails/passwords they have exposed on internet at : http://pastebin.com/4C91WVLN

Ncrack 0.4 Alpha - New Version download ! Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts. Ncrack’s features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap’s and many more. This is the change log for the current release: Added the VNC module to Ncrack’s arsenal. Thanks to rhh of rycon.hu for implementing the module and discussing about it for further improvement. Wrote...

Google's Chrome web browser is now at version 11, and its release is marked by a record payout for security fixes as well as a speech translation feature. A total of 27 security vulnerabilities are fixed in the latest stable release for Windows, Mac, Linux and Chrome Frame. Individual rewards were from $500 up to $3,000 for a particularly nasty looking bug that allowed a possible URL bar spoof leading to navigation errors and interrupted page loads. Among the researchers Google gave thanks to was Braden Thomas of Apple Product Security. This is most likely because Chrome's underlying open source browser engine Webkit is the same one that runs Safari. Chrome users will now also be able to play around with speech translation, thanks to a new speech input through HTML feature. Using the Google Translate application, you can speak after clicking a microphone at the bottom right of the input box. You'll be able to read and listen to the translated result. This isn't ne...

Election commission & Society of aircraft engineers of pakistan Hacked By Imm0rt4l5 Hacked Url : http://www.ecp.gov.pk/viewpressreleasenotific.aspx?id=1374&typeid=2 Mirror : http://i51.tinypic.com/1zgt9vc.jpg Hacked Url : http://saep.org.pk/documents/immortal.php Mirror : http://turk-h.org/defacement/view/383370/saep.org.pk/documents/

Nikon Image Authentication System Compromised ! ElcomSoft Co. Ltd. researched Nikon’s Image Authentication System, a secure suite validating if an image has been altered since capture, and discovered a major flaw. The flaw allows anyone producing forged pictures that will successfully pass validation with Nikon’s Image Authentication Software. The weakness lies in the manner the secure image signing key is being handled in Nikon digital cameras. The existence of the weakness allowed ElcomSoft to actually extract the original signing key from a Nikon camera. This, in turn, made it possible to produce manipulated images signed with a fully valid authentication signature. Complete Story :   http://blog.crackpassword.com/2011/04/nikon-image-authentication-system-compromised/

John the Ripper 1.7.7 new version Released ! “John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes.” This is the change log for JtR version 1.7.7: Added Intel AVX and AMD XOP instruction sets support for bitslice DES (with C compiler intrinsics). New make targets: linux-x86-64-avx, linux-x86-64-xop, linux-x86-avx, and linux-x86-xop (these require recent versions of GCC and GNU binutils). A “dummy” “format” is now supported (plaintext passwords encoded in hexadecimal and prefixed with “$dummy$”) – for faster testing and tuning of custom wordlists, rule sets, .chr files, and external modes on already known or artificial passwords, as well as for testing of future and modified versions of John itself. Apache “$apr1$” MD5-based password hashes are now ...

Microsoft Windows Malicious Software Removal Tool - Download ! The Microsoft Windows Malicious Software Removal Tool checks Windows Vista, WIndows 7, Windows XP, Windows 2000, and Windows Server 2003 computers for and helps remove infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed. The tool creates a log file named mrt.log in the %WINDIR%\debug folder. To download the x64 version of Malicious Software Removal Tool, click here . This tool is not a replacement for an anti-virus product. To help protect your computer, you should use an anti-virus product. Microsoft will release an updated version of this tool on the second Tuesday of each month. New versions will be made available through this web page, Windows Update, and the Malicious Software Removal Tool Web site on...

FBI vs Coreflood botnet The FBI’s unprecedented effort to behead the Coreflood botnet—comprised of millions of hacked Windows machines—appears to be working, at least for now. The bureau has tracked a dramatic decline in the number of pings from the botnet since the takedown operation began earlier this month, according to court documents filed by the Justice Department on Monday. The number of pings from infected US systems plummeted from nearly 800,000 to less than 100,000 in about a week after authorities began sending out “stop” commands to those machines—a drop of nearly 90 percent. Pings from infected computers outside the US have also dropped about 75 percent, likely as a result of a parallel outreach effort to foreign ISPs. The government’s efforts have “temporarily stopped Coreflood from running on infected computers in the United States,” writes the government in its filing, “and have stopped Coreflood from updating itself, thereby enabling anti-virus software vendors...

IRC chat of PlayStation Network hacker and How PSN hacked ! Now known that the PlayStation Network has been compromised, there are more details out. First came the log of the hacker who penetrated inside the PlayStation Network and we just had information from Sony itself that the burglary had been working over the PSN taken offline. Now we have for you a chat log between hackers who talk about security and encrypting the PlayStation Network. They say that the known credit card information easily available to hackers that they can not even enter their data via the PSN. The Credit Card encrypted data simply were not enough, so everything is easy to read. Watch the full chat was held on February 16 between hackers. [user1] xxx: I don’t think there are many people involved in circumventing PSN access in /this/ channel [ "application/x-i-5-ticket" reason=40 > PSN error 80710101 ] [user2] talk about network stuff? [user2] nice [user2] i just finished decrypting 100...