The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Hacker News decrypted the warm-up by 0p3nH4x ! TheHackerNews decrypted the warm-up by 0p3nH4x Dear Friend , Your email address has been submitted to us indicating your interest in our newsletter . If you no longer wish to receive our publications simply reply with a Subject: of "REMOVE" and you will immediately be removed from our mailing list . This mail is being sent in compliance with Senate bill 2116 , Title 3 ; Section 304 ! This is different than anything else you've seen . Why work for somebody else when you can become rich within 56 days ! Have you ever noticed more people than ever are surfing the web and more people than ever are surfing the web . Well, now is your chance to capitalize on this ! We will help you SELL MORE plus SELL MORE . You can begin at absolutely no cost to you ! But don't believe us ! Prof Ames who resides in Wisconsin tried us and says "My only problem now is where to park all my cars" . We assure you that we operate ...

Israel Forum Hacked by Hawk - MongoOse - TriCk - Hackers submit the Reason of this hack as following : Offical israel forum website hacked, this website was funded by the israeli government, the website was used to spread lies about Palestine portraying palestinians as "terrorist dogs" Hacked Site : http://www.israelforum.com/ Mirror : http://zone-h.org/mirror/id/13644287

Conservative.ca  vulnerable to SQL injection attack Here the vulnerable link :  http://www.conservative.ca/index.php?section_copy_id=21257'

The website of the rightist Union of Democratic Forces has been hacked. The following notice appears on it: THIS WEBSITE IS Hacked by: Unknown Bulgarian Hacker. There is also a photo reading Hacked. The word is colored in white, green and red, which are the colors of the Bulgarian national flag, and appears on a black background. The message, which is dated May 7, has been left in the section providing information about upcoming events.

Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and “fiddle” with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language. Fiddler is freeware and can debug traffic from virtually any application, including Internet Explorer, Mozilla Firefox, Opera and thousands more. This is the official change log: Add !dns [hostname] and !nslookup [hostname] to list DNS info to Log tab Add !listen PORT [CERTHOSTNAME] to QuickExec Add audio/video/font/silverlight/flash/HTTP-POST Session icons Revamp a few toolbar icons Enable +/- latency adjustments using AutoResponder Add fiddler.ui.inspectors.request.alwaysuse and fiddler.ui.inspectors.response.alwaysuse preferences Changed “Remove Un-Marked” to ignore breakpointed sessions Added fiddler.ui.CtrlX.KeepMarked and fiddler.ui.CtrlX.PromptIfMoreT...

Dar Al Salam Hajj and Umrah Services hacked by Atul (Indishell) Site : http://www.dasp.org.pk/ Mirror :  http://www.zone-h.com/mirror/id/13642004

Jaypee Hotels Website Hacked By Mohit Pande Aka Toshu ! http://www.jaypeehotels.com/ - The Jaypee Group was founded by Mr. Jaiprakash Gaur. Jaypee Group is five decade old conglomerate based in Noida , India , involved in various industries that include Engineering, construction , Cement, Power, Hospitality, Real Estate, Expressways, Highways, Education and Social Commitment. Mirror : http://legend-h.org/mirror/157430/ Submitted by mohit Pande ( Toshu )

Israel Hackers  make Gaza Hacker Team 's Sites down ! Site : http://www.gaza-hacker.net/

Gene Simmons v. Anonymous : FBI raids Gig Harbor home in search of hacker who targeted Kiss frontman The FBI has raided the Gig Harbor home of an alleged hacker suspected in a cyber attack against Kiss bassist Gene Simmons. The October attack purportedly conducted by Anonymous – the same hacker group Sony claims crashed the Playstation Network – left the 61-year-old glam rocker’s websites down for about a week after he spoke at an anti-online piracy conference. Now, an FBI cyber crime squad has traced the attack to a Gig Harbor home where agents seized computer equipment late last month. In court documents filed with the U.S. District Court in Tacoma, a Los Angeles-based FBI special agent alleged the perpetrator of the attack was “most likely” someone living at the Gig Harbor residence. Writing the court, though, the agent, a member of the Bureau cyber crime unit, stopped short of saying so with certainty. “I believe that someone with access to the computer at the subject r...

X Factor Leaked Contestants Database, Available for Download ! Some days before we got the news that Hackers steal 250,000 X Factor Details  . Just now one of them releases the whole database for download .  Torrent Download : http://thepiratebay.org/torrent/6372763 Direct Download : http://stfu.cc/xfactorreg_22_04_11.zip Message by Hackers who dump it : "We did it for the lulz" ~LulzSec Hello, good day, and how are you? Splendid! We're LulzSec, a small team of lulzy individuals who feel the drabness of the cyber community is a burden on what matters: fun. Considering fun is now restricted to Friday, where we look forward to the weekend, weekend, we have now taken it upon ourselves to spread fun, fun, fun, throughout the entire calender year. As an introduction, please find below the X-Factor 2011 contestants' contact information. Expect more to come, and if you're like us and like seeing other people get mad, check out our Twitter! Host settings:...

For more than two weeks, the PlayStation Network has been offline. PlayStation 3 and PSP owners have been unable to connect to the Internet, play games online or download new titles. Sony's working on a fix, user data has been compromised, and everyone has something to say on the matter. However, it's important to understand how we got here. Below is the timeline of the PSN outage. This chronicles what led to this problem and what has happened since it occurred. 2 April: Anonymous, the online activist collective, begins Operation: Sony, a series of denial of service attacks on Sony websites that it says are in defence of free speech. 11 April: Sony announces the case has been settled out of court and that George Hotz has agreed to take down his website. 13 April: Anonymous says it will intensify its attacks and calls for a day of protest on 16 April. “In the eyes of the law, the case is closed, for Anonymous it is just beginning… prepare for the biggest att...

Security Alert : Skype for Mac Has Unpatched Security Flaw  Mac users may want to be extra careful when using Skype, thanks to a nasty zero-day vulnerability in the Mac OS X version of the client. Security researcher Gordon Maddern from the firm Pure Hacking discovered a flaw in Skype that allows a skilled individual to gain remote access to another’s machine simply by sending a Skype message. Maddern says the discovered the hole by accident but put together a proof of concept showing how potentially dangerous it could be. By simply sending a message, Maddern was able to take control of a user’s computer and execute a shell instance. Scary stuff. The researcher contacted Skype more than a month ago, but despite assurances from Skype that a fix was on the way, the program has remained unpatched. In fact, it appears that it was only after Maddern blogged about the issue — and others like ZDNet UK championed the cause — that Skype felt the need to see the issue as a major pro...

cPanel Tutorials website (cpanel123.com) Defaced by Ahmdosa HaCker Hacked Website: http://cpanel123.com/ or Mirror : http://www.zone-h.org/mirror/id/13634720

Paktribune.com compromised, 800+ emails/passwords Exposed ! Hacked Site :- http://paktribune.com Hack Proof :- http://pastebin.com/jkzEz1b9 Hacked by mohit Pande ( Toshu )

IndoCoder.or.id Hacked By Shadow008 (PakCyberArmy) Sites Hacked: Forum: http://www.indocoder.or.id/community/ Blog: http://www.indocoder.or.id/journal/ Mirror: Forum: http://www.k0-ka.in/attack/?id=1498 Blog: http://zone-h.com/mirror/id/13632754

Sony Corp. (6758) Chairman Howard Stringer apologized and offered U.S. customers of PlayStation Network and Qriocity online entertainment services a year of free identity- theft protection after the system was crippled by hackers. Japan’s biggest consumer-electronics exporter will offer a $1 million insurance policy per user, covering legal expenses, identity-restoration costs and lost wages that occur after data is stolen, Sony said in a blog post. Austin, Texas-based Debix Inc. was hired to provide the monitoring service and similar programs for users in other countries are also being considered, it said. The announcement follows last month’s hacking of Sony’s online entertainment and games platforms when the Tokyo-based company was criticized by U.S. lawmakers for not informing users of the breach quick enough. The shares fell to their lowest in a week in Tokyo today after Sony increased the total number of accounts that were comprised to 101.6 million. “This is an unprecedent...

DragonBall Browser v1.0.0 ~ Browser For Hackers ! Hey everyone, this is Harsh Daftary presenting new browser made for hacker’s.. Browser purely made in vb, small yet fast browser. This includes hacking and programming zone’s and some hacking tools.. Features: Windows Mail Online Media Player Hacking News Zone (The Hacker News) Programming Zone Hacking Zone Exploit Zone Google dork list port scanner File Information: Report date: 2011-05-04 14:19:13 (GMT 1) File name: dragonbrowser-setup-exe File size: 858kb Space required: 738kb MD5 hash: ea0ee74a33f7ee522b2e434a1a15d617 SHA1 hash: 22b5592f6bf909a3484add59660da5fc0c5486b0 NoVirusThanks: http://vscan.novirusthanks.org/analysis/ea0ee74a33f7ee522b2e434a1a15d617/ZHJhZ29uYnJvd3Nlci1zZXR1cC1leGU=/ Download Link :  http://www.multiupload.com/UK3Q0TLFCQ Download Runtimes : http://download.microsoft.com/download/vb60pro/install/6/win98me/en-us/vbrun60.exe Note: Browser tested on vista and windows 7, not su...

If you are in Syria and your browser shows you this certificate warning on Facebook, it is not safe to login to Facebook. You may wish to use Tor to connect to Facebook, or use proxies outside of Syria. Yesterday we learned of reports that the Syrian Telecom Ministry had launched a man-in-the-middle attack against the HTTPS version of the Facebook site. The attack is ongoing and has been seen by users of multiple Syrian ISPs. We cannot confirm the identity of the perpetrators. The attack is not extremely sophisticated: the certificate is invalid in user's browsers, and raises a security warning. Unfortunately, because users see these warnings for many operational reasons that are not actual man-in-the-middle attacks, they have often learned to click through them reflexively. In this instance, doing so would allow the attackers access to and control of their Facebook account. The security warning is users' only line of defense. EFF is very interested in collecting TLS/SSL ...

Microsoft prepares critical Windows patch for Next Tuesday ! Microsoft will issue two bulletins for Patch Tuesday next week — a 'critical' one affecting Windows and an 'important' one for Office, the company said on Thursday. Affected software includes Windows Server 2003, Server 2008, Office XP, Office 2003, Office 2007, Office 2004 for Mac and Office 2008 for Mac, according to the advance notice. The light Patch Tuesday release follows 17 bulletins that Microsoft issued in April. Microsoft also said it is changing its Exploitability Index, the guide it uses to provide customers with information on the likelihood of a vulnerability being exploited.

Upload Vulnerability in Vikram Sarabhai Space Centre (ISRO) Website NOTE : Cant share link, bcoz of Security Reasons ;-)

XSS attack on France.com by Hitcher Link : Click Here

200 sites including three gov sites have been hacked by $(-)@(-)94 $h3rrY $!D {PCH} Hacked Sites List : http://pastebin.com/WBBba6wh

BackTrack 5 Release in 5 days, on 10th May ! For all those who haven’t heard, BackTrack 5 will be released in 5 days. So far, BT are on schedule and the whole team is excited by the release. The 10th will be a hectic day for us, so BT thought BT’d start putting out some information about BackTrack 5 ahead of time – to reduce thier load on the release day. BT know that there are probably many questions about BackTrack, to answer some of your questions here are some exciting points: BT5 release will start on May 10th (don’t bug us about the timezone), and will primarily be available for download via torrents. This is to reduce the massive load on our mirrors for the first few hours. As time progresses into the release , BT will then allow direct downloads from our mirrors. BT will have KDE (4.6) and Gnome (2.6) Desktop environment flavours 32 and 64 bit support A basic ARM BackTrack image which can be chrooted into from android enabled devices. (hopefully released May 10th) Th...

CCAvenue.com is a Commerce Service Provider, authorized as a Master Merchant, by Indian financial institutions, to appoint Sub Merchants, to accept and validate Internet payments via Credit Card, and Net banking facilities from the end-customers in real-time. Its one of the leading payment gateway of South East Asia. Today, CCAvenue.com got hacked by a hacker with code name d3hydr8 by exploiting SQL injection vulnerability in the website. The database was identified as MSSQL. Storing passwords in plain text in the database was a bad strategy followed by CCAvenue. Vishwas Patel, CEO of CCAvenue, replied on the incident calling it a mischievous slander against their name in an interview to Medianama. The hacker had disclosed the Apache version of the server of the site to be Apache/2.2.14 in his disclosure on seclist. Where as Patel adds that that server version was updated from 2.2.14 to 2.2.17 5 months back. A netcraft screen shot below indicates that the upgrade to Apache 2.2.17 ...

' The Hacker News ' Magazine - Social Engineering Edition - Issue 02 - May,2011 Released ! We are happy to Announce that 'The Hacker News' [THN] Magazine Issue 02 (May 2011) is Out . This time we cover "Social Engineering Edition" . The Index of Content is as Given Below : Social Engineering  Opsony By Anonymous Anna Hazare - The Revolution in India Message By Pattie Galle Hacking News of Month Hackers Toolkit updates & Downloads Defacement News Security and Hacking Events of Month Cyber Crime News Linux News Security Updates Vulnerability Exposure Download THN Magazine - Social Engineering Edition : Click Here Note : You can Download all Other ISSUES of THN MAGAZINE from Here

Updated : 3rd Plan to Hit Sony , Another Sony Information Leak ! Update :  [THN] The Hacker News Exclusive Report on Sony 3rd Attack Issue  ! An Anonymous Email provide 'THE HACKER NEWS' some Links from sony FTP, that may lead to another big HIT to sony's Network. That mail shows that some more hackers are planning to give 3RD big HIT to sony soon.... How knows how much it worth, But keep eyes open ;-) Update -- Have a Look to these links : http://products.sel.sony.com/ cgi-bin/semi/get_datasheet.cgi http://products.sel.sony.com/ cgi-bin/wishlist http://products.sel.sony.com/ shared/santa/dbs/sweepstake. xls Alternate links :  http://pastebin.com/pdBgSBBD http://pastebin.com/H9XRfQbD http://pastebin.com/6BG4k1vk Note : Sony Have Remove all above links/Files after our post, so check Alternate links. UPDATE : Downlaod 'The Hacker News' Magazine (May 2011)

A press release from Anonymous regarding PSN !

Hackers steal 250,000 X Factor Details ! The FBI is reportedly investigating after hackers broke into Simon Cowell's computer network. Details of more than 250,000 X Factor entrants are said to have been stolen and Simon and bosses at American TV network Fox, are said to be scared that the thieves will use the details to make money. An official investigation has been launched and an email, which was seen by the Daily Star, was sent to all contestants to warn them about the security breach. It read: 'This week, we learned that computer hackers illegally accessed information you and others submitted to us to receive information about The X Factor auditions. 'It is possible that the information you did provide to us, which included your name, email address, zip code, phone number (which was optional), date of birth, and gender, may have been accessed. 'We are taking this matter very seriously and are working with federal law enforcement authorities to investigate t...

Anonymous Response to Sony : We didn't do it as we will never hurt the innocents ! Press Release as shown :  Last month, an unknown party managed to break into Sony's servers and acquired millions of customer records including credit card numbers. Insomuch as that this incident occurred in the midst of Anonymous' OpSony, by which participants engaged in several of our standard information war procedures against the corporation and its executives, Sony and other parties have come to blame Anonymous for the heist. Today, in a letter directed to members of Congress involved in an inquiry into the situation, Sony claimed to have discovered a file on its servers, presumably left by the thieves in question, entitled "Anonymous" and containing a fragment of our slogan, "We are Legion." In response, we would like to raise the following points: 1. Anonymous has never been known to have engaged in credit card theft. 2. Many of our corporate and governmental ad...

LastPass, one of the most popular cloud-based password management services, is forcing users to change their master passwords as a precaution after it discovered an unauthorized data transfer out of its network. In a post on its blog the company explains, in sufficient detail, what prompted this measure, why it was the best course of action and what it means for users. On May 3, the company detected larger than normal outbound traffic and immediately launched an internal audit to determine the source. Such transfers have been detected before, but each time the origin was determined to be an employee or an automated script. "In this case, we couldn't find that root cause. After delving into the anomaly we found a similar but smaller matching traffic anomaly from one of our databases in the opposite direction. "Because we can't account for this anomaly either, we're going to be paranoid and assume the worst: that the data we stored in the database was some...

BackTrack 4  : Assuring Security by Penetration Testing Written as an interactive tutorial, this book covers the core of BackTrack with real-world examples and step-by-step instructions to provide professional guidelines and recommendations to you. The book is designed in a simple and intuitive manner, which allows you to explore the whole BackTrack testing process or study parts of it individually. If you are an IT security professional or network administrator who has a basic knowledge of Unix/Linux operating systems including awareness of information security factors, and you want to use BackTrack for penetration testing, then this book is for you.  Download :  http://shrta.com/files/0ZYSOJBV/BackTrack-4-Assuring-Security-by-Penetration-Testing.zip Or http://www.multiupload.com/ZCV9Q3WO4X

Gloriousindia.com database hacked by DrGr4vity , 1000 users data compromised Compromised User Data Leaked at https://docs.google.com/document/d/1NwQNGeFTb3z3QcFwT4vHNvPUv3uLyro8zQ556Oq_wRY/edit?hl=en

Banglarmela.org Hacked By EvilSoul Hacked Site : Banglarmela.org

Datefinder.co.nz - Free Dating Site Pwnd by Fr0664/FCA Fr0664/FCA hack Datefinder.co.nz and Expose 252 emails/passwords @  http://pastebin.com/W2TDnGUR

Metasploit Framework 3.7.0 Released ! The Metasploit team has spent the last two months focused on one of the least-visible, but most important pieces of the Metasploit Framework; the session backend. Metasploit 3.7 represents a complete overhaul of how sessions are tracked within the framework and associated with the backend database. This release also significantly improves the staging process for the reverse_tcp stager and Meterpreter session initialization. Shell sessions now hold their output in a ring buffer, which allows us to easily view session history -- even if you don't have a database. This overhaul increases performance in the presence of many sessions and allows for a larger number of concurrent incoming sessions in a more reliable manner. The Metasploit Console can now comfortably handle hundreds of sessions, an especially important consideration when running large-scale social engineering engagements. Several areas of database performance have seen significant i...