The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

SportGFX.COM - World's Largest Sport GFX Community Hacked by PirateAL Hacked Site :  SportGFX.C OM Proof: http://www.youtube.com/watch?v=dWV4lUNsWxA Zone-h mirror : http://zone-h.org/mirror/id/13608314

According to Armorize, soccer news site Goal.com was recently found to be serving malware. "In an analysis of the attack, Armorize researcher Wayne Huang suggests that a hacker specifically targeted and compromised Goal.com through a back-door that allowed the attacker to manipulate the site’s content at will," writes threatpost's Brian Donohue. "According to the report, Goal.com was detected on April 27 and 28, 2011 serving up an iframe attack that forwarded visitors to a rogue domain in the .cc top level domain (TLD)," Donohue writes. "That redirect was the first in a chain of events that resulted in the delivery of a known exploit pack, g01pack that targets attacks at the specific operating system and browser version the Goal.com visitor is using. After exploiting the user's browser, further malware, including a Trojan horse program were downloaded to the victim's computer."

On Tuesday, April 26 Sony shared that some information that was compromised in connection with an illegal and unauthorized intrusion into our network. Once again, Sony’d like to apologize to the many users who were inconvenienced and worried about this situation. Sony want to state this again given the increase in speculation about credit card information being used fraudulently. One report indicated that a group tried to sell millions of credit card numbers back to Sony. To my knowledge there is no truth to this report of a list, or that Sony was offered an opportunity to purchase the list. One other point to clarify is from  this weekend’s press conference . While the passwords that were stored were not “encrypted,” they were transformed using a cryptographic hash function. There is a difference between these two types of security measures which is why Sony said the passwords had not been encrypted. But I want to be very clear that the passwords were not stored in our databa...

One more Hacker Website Ub3rHakerz.NET Hacked By Shadow008 (PakCyberArmy) Sites Hacked :  http://ub3rhakerz.net/ Mirror : http://zone-h.com/mirror/id/13604712

Source Code of Osama FaceBook worm Leaked ! Source Code :  http://www.reddit.com/tb/h3mdu

PacketFence is a free and open source network access control (NAC) system. It can be used to effectively secure networks - from small to very large heterogeneous networks. PacketFence has been deployed in production environments where thousands of users are involved - on wired and wireless networks. PacketFence provides an impressive list of supported features. Among them, there are: Registration of network components through a captive portal Automatic isolation, if desired, of unwanted devices such as Apple iPod, Sony PlayStation, wireless access points and more Instant stopping of computer worms or virus propagation Blocking of attacks on your servers or other network components Compliance for computers present on your network (software installed, particular configurations, etc.) PacketFence is an unobtrusive solution that works with equipment from many vendors (wired or wireless) such as Cisco, Nortel, Hewlett-Packard, Enterasys, Accton/Edge-corE, 3Com, D-Link, Intel, Dell...

Bhutan Government 's hacked with Blind Sqli Injection Hacked Site : bhutan.gov.bt

Bryantx.gov - City of Bryan Hacked and 175 emails/passwords Exposed By   Fr0664/FCA Hacker Expose  175 emails/passwords at  http://pastebin.com/weSMwxAi

Tor 0.2.2.25-alpha released - To Toggle, or not to Toggle & The End of Torbutton! Tor 0.2.2.25-alpha fixes many bugs: hidden service clients are more robust, routers no longer overreport their bandwidth, Win7 should crash a little less, and NEWNYM (as used by Vidalia's "new identity" button)now prevents hidden service-related activity from being linkable. It provides more information to Vidalia so you can see if your bridge is working. Also, 0.2.2.25-alpha revamps the Entry/Exit/ExcludeNodes and StrictNodes configuration options to make them more reliable, more understandable, and more regularly applied. If you use those options, please see the revised documentation for them in the manual page. TorButton Modifies to " To Toggle, or not to Toggle " : Read Here Download : https://www.torproject.org/download/download

Assange says Facebook is spying tool for US intelligence ! WikiLeaks editor-in-chief Julian Assange has branded Facebook an “appalling spying machine”. According to Assange, whose WikiLeaks whistle-blowing site has propelled him into the media limelight, US intelligence services have direct access to records of Facebook users. “Facebook is the most appalling spying machine that's ever been invented,” he said in an interview with Russia Today. “Here we have the world's most comprehensive database about people, their relationships, their addresses and locations, their communications with each other - all sitting within the United States and all accessible to US intelligence.” Assange claimed that because of the costs involved each time an internet company was asked for access to specific data files, the big companies have built in back doors for officials to help themselves to whatever data they wanted. “Facebook, Google, Yahoo – all these major US organisations - hav...

0day Exploit Released : Adobe, HP, Sun, Microsoft Interix & many more Vendors FTP hackable ! Topic : Multiple Vendors libc/glob(3) resource exhaustion (+0day remote ftpd-anon) CVE : CVE-2010-2632 CWE : CWE-NOMAPPING SecurityRisk : Medium (About) Remote Exploit : Yes Local Exploit : Yes Victim interaction required : No Credit : Maksymilian Arciemowicz Affected Software (verified): - - OpenBSD 4.7 - - NetBSD 5.0.2 - - FreeBSD 7.3/8.1 - - Oracle Sun Solaris 10 - - GNU Libc (glibc) Affected Ftp Servers: - - ftp.openbsd.org (verified 02.07.2010: "connection refused" and ban) - - ftp.netbsd.org (verified 02.07.2010: "connection limit of 160 reached" and ban) - - ftp.freebsd.org - - ftp.adobe.com - - ftp.hp.com - - ftp.sun.com - - more more and more Affected Vendors (not verified): - - Apple - - Microsoft Interix - - HP - - more more more Exploit Download :  http://www.exploit-db.com/exploits/15215/

Netherlands-based Rabobank down under DDoS attack ! The internet and mobile banking services of Netherlands-based Rabobank were crippled by a distributed denial of service attack yesterday. The attack sent the banking services offline but did not affect Australian operations, according to the bank. "Currently many of our clients experienced [difficulty] when using internet banking," the bank wrote in a statement. A large range of network traffic [has] to do with an attack in the form of a DDOS." The perpetrators of the attacks were unknown, and the bank has not said if they were behind a seperate DDoS attack in Feburary. A Dutch anarchist group called the Conspiracy Cells of Fire claimed responsibility for the Feburary attacks in a communique but the Dutch domestic intelligence service AIVD said the claim was a hoax. The bank has issued an apology on its Dutch website and moved to assure customers that account information had not been compromised.

Google Hack DB Tool is a database tool with almost 8,000 entries. It allows administrators the ability to check their site for vulnerabilities based on data stored in Google. With this tool you can find out if your website has indexed vulnerabilities in google. This can lead to sensitive information disclosure. This way you can find out what google knows about you. 7974 entries (Including 4203 for SQL Injection) So be sure to scan your IP addresses frequently and eliminate all vulnerabilities. Features of the Google Hack DB Tool: Find information disclosure. Find sensitive files. Find sensitive directories. Find vulnerable software. Find personal information. Download Google Hack Database Tool v1.1 here

Hack your Sony PSP : ISO Tool v1.975 Released ! So I don’t know if you’re familiar with the latest version of Takka’s ISO Tool or not, but I just downloaded it after reading about this “Fake NP data” feature. While I’m not 100% clear, mainly because of the poor Google Translation, it seems v1.975 can patch EBOOT.BIN game files, NPDRM’ing ISOs to appear as downloaded PSN content, letting you load ‘em up … possibly without HEN or CFW? And that’s what I’m not clear on. I’ve been playing with ISO Tool v1.975 on my PSPgo… I have a few legitimately purchased games from PSN installed; however, my PSP isn’t “activated” (that’s another story) and I can’t activate it with PSN being down, thus I’m stuck with error 8010850F (“To use this content, you must activate the system.”). But here is how it works anyway: Load up ISO Tool Press [Triangle] to bring up the SYS MENU Select “Make fake_np data File.” Browse to and press [Cross] on a PSN-downloaded directory Select “Yes” to start the ...

USB Immunizer : Anti-Malware Tool Against Autorun Viruses The USB immunizer is BitDefender’s response to this growing issue. Autorun-based malware has been atop of the worldwide e-threat landscape, with notorious representatives such as Trojan.AutorunInf, the Conficker worm (Win32.Worm.Downadup) or Worm.Autorun.VHD. Have to agree on that, many of us get infected buy some silly malware simply by plugin in our friends or neighbours USB , DVD etc… Introduced back in the Windows XP era to facilitate software installations from CD-ROM media for non-technical computer users, the Autorun feature has rapidly become the infection vector of choice for cyber-criminals. The Immunize option allows you to immunize your USB storage device or SD card against infections with autorun-based malware. Even if your storage device has been plugged into an infected computer, the piece of malware will be unable to create its autorun.inf file, thus annihilating any chance of auto-launching itself. Th...

( #SOE ) Sony hit with second attack, loses 12,700 credit card numbers ! Sony loses 12,700 credit card account numbers, 24.6 million accounts compromised Following up on this morning's news that Sony Online Entertainment servers were offline across the board, Sony Online Entertainment announced that it has lost 12,700 customer credit card numbers as the result of an attack, and roughly 24.6 million accounts may have been breached. The company took SOE servers offline after learning of the attack last evening, and today detailed the unfortunate results: "approximately 12,700 non-US credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, the Netherlands, and Spain" were lost, apparently from "an outdated database from 2007." Of the 12,700 total, 4,300 are alleged to be from Japan, while the remainder come from the aforementioned four European coun...

Hackers exploit Bin Laden death on Facebook ! A tip to the newbies starting out, reads a post from a man at the Black Hat World forums, now's a good time to make some money out of Bin Laden's death. The news is awash with reports about Bin Laden shot by the US and then buried at sea. Twitter and Facebook are full of either jokes, or ghoulish approval of the death of the international terrorist. One poster says it's time to monetise the reports, "NOW!" There are four easy steps, he says. Tap into the collective hive-mind of the patriotic American by starting a fan page, "something like Osama Bin Laden Dead - Rot in Hell". Next, invite people. Watch it go viral, you'll "probably get 90% USA FB users." Then, crucially, save it so you can promote a product later on. Source : http://www.hackinthebox.org

Cyber Detective & Cyber Force Hacked By Shadow008 (PakCyberArmy) Sites Hacked : http://cyber-detective.net/ Mirror :  http://legend-h.org/mirror/155370/cyber-detective.net/ Sites Hacked : http://cyberforce.in/ Mirror :  http://zone-h.com/mirror/id/13600854

300 Sites HAcked by JUMBO ! Hacked Sites http://pastie.org/1857596 mirrors: http://pastie.org/1857705

Source Code is the New Hacker Currency ! No doubt you've been paying attention to the data breaches pile up lately... but have you noticed a trend? If you wade through the hype and hyperbole, dig into the details of the most prolific intrusions in recent history you'll notice one thing that shines like a neon sign. "Source code" is the new hotness on the hacker market. It's quite interesting to see this evolution primarily because many of us are used to defending the 'endpoints'... because that's where the data is, right? I think we may be seeing a shift here. Much like the tectonic plates that cause earthquakes, there are some though-forces that are currently colliding deep under the surface and may cause certain mayhem. "There are no borders" For many years now, much like you I've been reading articles and hearing talks about how the enterprise attack surface is fractured and splintered -causing an ever-increasing opportu...

Hacker posts screenshot of sex video on SPAD website ! The Land Public Transport Commission (SPAD) website was hacked yesterday and a screenshot of the controversial sex video allegedly involving a top politician was posted on its main page. Appearing on the website were two images, one depicting the alleged politician in the sex video and the other of Opposition Leader Datuk Seri Anwar Ibrahim after court proceedings, with the shots time-stamped Feb 21 and Feb 22 respectively. A check by The Star showed that the website, www.spad.gov.my was also inaccessible to users. Accompanying the images was an address link to controversial blogger PapaGomo (Powered by Papa Gomo www.papagomo.com) which featured clips of the sex video after it surfaced on online portal YouTube. It was believed that SPAD was the only government agency website to be hacked and defaced. The website was restored at about 7pm. SPAD chairman Tan Sri Syed Hamid Albar expressed surprise and regret that the ...

Bahrain says Iranian hackers hit government website Bahrain’s authorities said late Saturday that Iranian hackers hit a government website. In retaliation, the Bahrain Chamber for Commerce and Industry is urging a boycott of Iranian goods, The Associated Press reported. According to the government Bahrain News Agency, Iranian computer hackers tried to access the official website of the Housing Ministry in attempts to seek data on aid recipients. But the agency gave no further details, although the hacking could be conceivably linked to Shiite allegations that a disproportionate share of housing aid goes to Sunnis. To retaliate, the Bahrain Chamber for Commerce and Industry called for a countrywide boycott of all Iranian goods and services because of “blatant interference in Bahrain’s domestic affairs and threats to the kingdom’s national security.” The chamber also appealed for other nations in the six-member Gulf Cooperation Council to join the proposed embargo. “It will ...

#Anonymous attacks Iranian state websites The infamous Anonymous hacking group has crippled a string of Iranian state websites including those of the Office of the Supreme Leader, state police and the Islamic Revolutionary Guards in attacks launched yesterday. The coordinated Distributed Denial of Service attacks were launched at 5am GMT and targeted more than a dozen Iranian Government sites under the so-called Operation Iran. Anonymous had timed the attacks to coincide with International Workers' Day, commemorating the first nation-wide general strike in the US, which took place on May 1 in 1886. "OpIran attacks the governmental websites responsible for oppressing freedom of speech, information or ideas," the group wrote in a statement explaining the reasons for the attacks. The website of the Office of the Supreme Leader, Sayyid Ali Khamenei, was taken offline about an hour after attacks according to the groups' hit list but had been reinstated at the ti...

ArpON 2.2 released - ARP handler inspection ! ArpON (ARP handler inspection) is a portable handler daemon that make ARP secure in order to avoid the Man In The Middle (MITM) through ARP Spoofing/Poisoning attacks. It detects and blocks also derived attacks by it for more complex attacks, as: DHCP Spoofing, DNS Spoofing, WEB Spoofing, Session Hijacking and SSL/TLS Hijacking & co attacks. This is possible using three kinds of anti ARP Poisoning tecniques: the first is based on SARPI or "Static ARP Inspection" in statically configured networks without DHCP; the second on DARPI or "Dynamic ARP Inspection" in dinamically configured networks having DHCP; the third on HARPI or "Hybrid ARP Inspection" in "hybrid" networks, that is in statically and dynamically (DHCP) configured networks together. SARPI, DARPI and HARPI protects both unidirectional, bidirectional and distributed attacks: into "Unidirectional protection" is required th...

President of Pakistan – Database Hacked By Mohit Pande Aka Toshu Hack Proof - http://pastebin.com/Vta6hVWT Hacked Site :  http://www.presidentofpakistan.gov.pk/

12 American Websites Hacked Hacked sites List :  http://pastebin.com/a0pzskam

Escuela Universitaria Diseno - Spain hacked by Fr0664/FCA , 26740 emails/passwords Dumped ! 26740 emails/passwords Preview : http://pastebin.com/AQGxDJgD Full : https://rapidshare.com/files/460080122/esne.edu.7z

Trinity Campus college 's website hacked by RdH0X Trinity Campus college's website hacked and the vulnerabilities reported to the admins and system administrators of the institute. College authority is involving me in their team so as to take adequate steps to secure the website. HACKED SITE :  http://www.trinitycampus.in/uploads/RdH0X_tnt.htm

The PSN hackers logs fresh from EFNET IRC Server ! Logs of PS Hackers :  http://173.255.232.215/logs/efnet/ps3dev/2011-02-16 Alternate Link For Logs :  http://pastebin.com/yXP7TDJ3 All Logs from EFNET IRC Server : http://173.255.232.215/logs/efnet/ps3dev/ IRC server Stats :  http://173.255.232.215/logs/efnet/ps3dev/stats

Anonymous Vs Sony : Word By Word Q/A b/w Reporters and Sony during Conference ! Q. The accuracy of approximately 10 million credit flow A. There is no firm evidence of leakage. Cannot say wether a leak or not. There is no report so far. Q. prospect of resuming services. A. We want to restart the service country/region base. Basically approx within a week schedule. (a week from today?.. previously we heard about same "a week matter..) Q. How was it the effect to the business so far? A. Cannot tell it yet, many things to handle one at the time. Q. What was the condition when you firstly sense the trouble? A. Hacking with the high skill technique was undergoing, was confirmed. But we still dont know data was stolen / taken Q. Why did you announce privacy data was stolen then? A. The possibility existed, what/when/how was it still under investigation. account numbers is between 7700000 to 7800000 accounts plus there are double accounts. Q. What was your...

About a third of the FBI agents working on cyber investigations lack the networking and counterintelligence expertise to investigate national security intrusions, the Justice Department’s inspector general concluded in a new report. The report said the FBI’s practice of rotating agents among different offices to promote a variety of work experiences hinders the ability to investigate national security cyber intrusions. The inspector general’s audit, based on interviews of 36 agents in 10 offices, emphasized the need for a strong cyber security work force in federal government “is more urgent than ever,” said Sen. Susan Collins, the top Republican on the Senate Homeland Security and Governmental Affairs Committee. The FBI has a comprehensive instructional plan in place that includes 12 core courses an agent must take along with on-the-job training. According to the inspector general’s report, many agents said training was helpful but that they did not have the time to take the req...

Mallika sherawat 's Official Website, SSM College hacked by Hackethis29 Hacked Sites : http://www.mallikasherawatwow.com/ http://www.ssmce.ac.in/

Hydra v6.3 Released with oracle & snmp-enum modules ! A very fast network logon cracker which support many different services. Have a look at the feature sets and services coverage page - including a speed comparison against ncrack and medusa! Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast. Version 6.x was tested to compile cleanly on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX. CHANGELOG for 6.3 * Added patch by Petar(dot)Kaley(at)gmail.com which adds nice icons to cygwin hydra files * Added patch by Gauillaume Rousse which fixes a warning display * New Oracle module (for databases via OCI, for TNS Listener passwd, for SID enumeration) * New SMTP user enum module (using VRFY, EXPN or RCPT command) * Memory leak fix for -x bruteforcing option ...

Department of Homeland Security Out to Get PSN Hackers ! The external intrusion into the PlayStation Network has led to undoubtedly the worst fiasco in the PlayStation universe since the ApocalyPS3 of 2010. If the readers are like us, then we’re all not only sick of the PSN being down but are also sick of all the news surrounding it with little to no positive light at the end of the tunnel. Finally, there finally appears to be some progress in the making thanks to the unveiling of some assuring details. Despite the word that SCEA is working around the clock with third-party security organizations to bring the network back up for our online gaming pleasure, users were not told what team was conducting the investigations, how large the said company was, and to what extent their resources were spanning out to. However, in a surprising turn of events, the United States Department of Homeland Security revealed that the federal division is lending their hand in assessing the damages o...

Law enforcement organization hit by hackers ! Computer hackers have stolen names, addresses, Social Security numbers and credit card information of about 2,000 retired public safety officers belonging to the Peace Officers Research Association of California, according to a email sent to them on Thursday night. PORAC informed its members that its data server was breached earlier this month. The hackers stole application files of retired associate members going back to 2008, including dates of birth, addresses and phone numbers and email addresses. "Based on our investigation, it appears that the breach was limited to (retiree) applications and we have no reason to believe that other PORAC members were affected," PORAC President Ron Cottingham said in the email. Cottingham told The Bee this morning that the association was following up with a letters that will be mailed out today. The organization started receiving reports last week that members' credit cards were ...

imm0rt4l5 Hackers Hit 3 Pakistani websites ! Defaced Site : 1.)  mcl.com.pk Muslim Constructors (Pvt.) Ltd., popularly known as MCL URL : http://www.mcl.com.pk mirror : http://www.turk-h.org/defacement/view/383420/mcl.com.pk/ 2.) novait.com.pk the Internet service provider. URL : http://novait.com.pk/index.php?page_id=2 Proof : http://i55.tinypic.com/1jrgid.png 3.) gmsons.com.pk URL :http://www.gmsons.com.pk/productsDesc.php?id=3 Proof : http://i51.tinypic.com/2hibe3k.jpg

Pangolin 3.2.3 - Automatic SQL injection penetration testing tool New Release ! Pangolin is an automatic SQL injection penetration testing (Pen-testing) tool for Website manager or IT Security analyst. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or users specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more. Test many types of databases Your web applications using Access,DB2,Informix,Microsoft SQL Server 2000,Microsoft SQL Server 2005,Microsoft SQL Server 2008,MySQL,Oracle,PostgreSQL,Sqlite3,Sybase? Pangolin supports all of them. Features: Au...

151 websites Got hacked By Albania hacker Force [AHF CREW] Hacked Site List :  http://pastebin.com/jhmxB1zt

Wfaic.gov.cn  Hacked By Anonymous Hackers #OpIran Hacked Site : http://www.wfaic.gov.cn/home.html

Trinity College Dublin Reports Data breach ! A file containing the names of students and staff of Trinity College Dublin, along with their addresses, ID numbers and email addresses, was “inadvertently” made accessible on a local network, the college said. TCD said today it had reported the incident to the Data Protection Commissioner. The college said it had been advised on March 30th that a file containing student and staff names, addresses, ID numbers and email addresses, which had been provided to the library, “was inadvertently made accessible on the local college network between August 2009 until March 2011”. It said in a statement to those affected that the information was not accessible through the internet and that it had no reason to believe their privacy had been compromised. “For your security, we encourage you to be aware of email scams that ask for personal or sensitive information.” The statement added: “In line with data protection legislation the college has ...

6 denmark websites hacked by ahmdosa ! Hacked Sites : http://aloegel.dk/ http://barndeluxe.dk/ http://drikkegel.dk/ http://julie-jensen.dk/ http://sygehusplan2010.dk/ http://timo-jensen.dk

ICANN Hires Def Con Founder Jeff Moss as Security Chief ! Jeff Moss, the hacker better known as “ The Dark Tangent ,” has been named Vice President and Chief Security Officer of ICANN, the non-profit corporation that manages the Internet's names and numbering infrastructure. He is the founder of DEF CON, the world's largest conference for hackers, as well as the Black Hat security conference. A phone phreaker in his youth, Moss has recently worked as a white hat hacker, working to secure networks from attack. “He has the in-depth insider's knowledge that can only come from fighting in the trenches of the on-going war against cyber threats,” said ICANN president Rod Beckstrom in a statement. Moss is well known for having created the game “Spot the Fed” in which a hacker who thinks he's identified an undercover federal agent in the crowd at DEF CON can point him out, make his case, and if the crowd agrees, take home a coveted “I Spotted The Fed at DEF CON” t-shirt. D...