The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Wi-Fi Challenge by Security Tube ! 1. Objective: This series of challenges is aimed at testing your skills as a Wireless Hacker! We will posting challenges ranging from - Basic, Intermediate, Advanced, Expert and Insane levels! Our first challenge remain uncracked which we categorized as "Basic" :) Challenge 1: http://www.securitytube.net/video/1856 Challenge 1 Solution: http://www.securitytube.net/video/1859 Just posted Challenge 2 : http://www.securitytube.net/video/1862 Which still remains uncracked! 2. Prizes: All Expert and above challenges will have prizes which will be announced in the challenge video. Any level below that qualifies for a prize automatically if unsolved for 24 hours. Challenge 2 is currently unsolved for 21 hours! :) Prize will be an Alfa Networks Wireless card if this remains unsolved for 3 more! So hurry up and participate to win! 3. Joining the Competition: Just go to the Challenge 2 URL above, download the trace file on the p...

PlayStation 3 update 3.61 available Now, PSN begins today ! Today good news for all the PS3 lovers, your PS3 Now will be able to connect to PlayStation Network, today Sony has solved its PSN outage and updated its System to (v3.61) but notes that the update will prompt you to change your PlayStation Network password. This is what the PlayStation blog has updated and you need to read about the new update: We have been working on a new PS3 system software update that requires all PSN users to change their password once PlayStation Network is restored. The update (v3.61) is mandatory and is available now. If using a PS3, your password can only be changed on your own PS3 (or a PS3 on which your PSN account was activated), as an added layer of security. If you have never downloaded any content using your account on the system, an email will be sent to the registered sign-in ID (email address) associated with your account when you first attempt to sign-in to PSN. This e-mail will cont...

Hackers Got Hacked, HackingTips.in Hacked By Shadow008 ! Sites Hacked : http://www.hackingtips.in/ Mirror : http://www.zone-h.com/mirror/id/13877058

417 U.K websites Got hacked by SeeKeR , Server compromised ! Hacked sites List :  http://pastebin.com/J45HhJfs

Crimepack 3.1.3 Exploit kit Leaked, available for Download ! Part 1 : Java Exploit As stated above, I focus on a malware that exploits a recent JRE vulnerability: CVE-2010-0840 to execute malicious files on a victim system. This malware comes inside a jar file, which contains the following two classes: Crimepack.class and KAVS.class. Part 1.1 : Crimepack.class This class is the engine of the malware, it is obfuscated, but you can quickly strip off the obfuscation (my python beta tool is great…), once you get rid of the obfuscation you can see the following code: As always, we have an Applet that access to the data parameter, generates a random name for the exe payload that will be dropped in the system temp directory and then executed. So at this point as you can see we have nothing new, the above is a common Java downloader… but let’s scroll down: Above, we can see that the malware is creating a new instance of the KAVS class (description follows), in order to trigge...

Qualys and Malware Analyser - Online malware scanning engine ! Qualys and Malware Analyser ( Author : Beenu Arora ), recently came into an agreement which will allow Qualys to use Malware Analyser tool on its online malware scanning engine. This would enable the users to perform more comprehensive scans on malicious executables. According to sources, the author shared the tool's source code only after signing NDA with the firm. Qualys® ( www.qualys.com ) headquartered in Redwood Shores is the leading provider of on demand IT security risk and compliance management solutions — delivered as a service. Malware analyser is a freeware tool for analysing malwares written in Python. The tool was initially open-source tool way back in 2009 but recently in 2010-11 the author has made some significant improvement in its core engine which has made it one of best static analysis tool. The tool can perform static and dynamic analysis and author has intentions to include the process a...

Anonymous announce #OpIran on 15th May 2011  Anonymous will strike back again on Iran Govt. on 15th may-2011.University students from 19 universities throughout Iran join students from Tehran University and Medical Sciences in their call for holding a protest and strike on May 15. A statement issued by students from 19 national universities says: “ At a time when the wind of Spring is blowing throughout the Middle East, Iran has not been exempted from the fragrance of this wind and once again, the universities, the bastion of steadfastness and resistance, stood up from under attack of the anti-freedom despots and gave new hopes to those eager for freedom that: yes, universities are alive… ” “ For this reason, and following the call by students from Tehran University and Medical Sciences for holding a strike and general protests on May 15, we invite all students to actively and widely participate in holding the gatherings in all universities. Because when despotism is on the...

Super Saturday :  The Hacker News Featured Articles, If you miss Something ! Let's Re-collect all the Featured Recent Interesting Articles of THN, in this post. Hope you Guys will like every news By us. Please share the Links on your Facebook/ Re-tweet on Twitter and everywhere to spread the Cyber Awareness :) The Anonymous : Need of  21st century ! 26 Underground Hacking Exploit Kits available for Download ! [THN] The Hacker News Exclusive Report on Sony 3rd Attack Issue ! Finally Source code of ZeuS Botnet Version: 2.0.8.9 available for Download ! Crimepack 3.1.3 Exploit kit Leaked, available for Download ! You got owned, Exposure about privacy on facebook ! Script that gives hackers access to user accounts floods Facebook Hacker getting WordPress Database Dump with Google Query ! Pakistan Cyber Army got hacked by Indian Cyber Army (Indishell) Facebook Security Update, Protection from Untrustworthy Websites With Web Of Trust (WOT) New Facebook worm propagat...

List of Hacking Exploit Kits : Unknow Tor Target-Exploit Smart pack RDS My poly sploit multisploit mypack-009 mypack-091 mypack-086 mypack-081 Mpack Infector Ice-pack-1 Ice-pack-2 Ice-pack-3 G-pack Fire pack -1 Fire Pack -2 Fiesta -1 Fiesta -2 Cry 217 Armitage Adpack -1 Adpack -2 0x88 Download : [Link expired]

CHMag Issue 16th, May 2011 Download ! Here we are again with the latest issue of ClubHack Magazine. This time also the issue is dedicated to Browser security. Contents of this Issue:- Tech Gyan - First ever public disclosure of Password secrets of "Apple Safari". Tool Gyan - BeEF (Browser Exploitation Framework) Mom's Guide - User Agent on my Header. Legal Gyan - New Rules under Information Technology Act. Matriux Vibhag - Forensics with Matriux Part - 1 Poster of the month - How safe you are while surfing? Direct Download: http://chmag.in/issue/may2011.pdf Hope you'll enjoy the magazine. Keep sending the bouquets and brickbats!

Understanding The Concept of Bypassing Antivirus ,by Internet Security Team Anti-Virus manufacturers nowadays implements more and more complex functions and algorithms in order to detect the latest and newest viruses along with their variants. There is however simple methods that can be used to by-pass most of these, especially those that doesn’t use heuristics and similar techniques at all. Download guide :  http://www.multiupload.com/P8YWVINAIQ Rar file password : thn

Devil shell v1.2  - Php shell with DDoS feature !   Features : 1. Design 2. Permission Change of file / Folders 3. Improved DDoS 4. Create Folder 5. Multi uploading 6. Encrypted Title so hard to find by Google.  Download Link http://www.filefactory.com/file/cb4d35e/n/ugdevil.php Username : ugdevil Password : 1234567 For further Query mail me at : ugdevil@gmail.com

PlayStation Network hack launched from Amazon EC2 ! The hackers who breached the security of Sony's PlayStation network and gained access to sensitive data for 77 million subscribers used Amazon's web services cloud to launch the attack, Bloomberg News reported. The attackers rented a sever from Amazon's EC2 service and penetrated the popular network from there, the news outlet said, citing an unnamed person with knowledge of the matter. The hackers supplied fake information to Amazon. The account has now been closed. Neither Sony nor Amazon commented on the claims. Bloomberg doesn't say how Amazon's cloud service was used to mount the attack. If the report is correct, it wouldn't be the first time it's been used by hackers. Read More

China plugging holes in its Great Firewall by disrupting VPN traffic ! Chinese internet users suspect that their government is interfering with the method they have been using to tunnel under the "Great Firewall" to prevent them connecting with the outside world. Sites such as search engine Google and news site MSN have become difficult to access, they say. And a number of universities and businesses have begun warning their users not to try to evade the firewall. Since 6 May, a number of users says that internet connections via China Telecom, the largest telephone company, and China Unicom have become "unstable", with intermittent access when trying to access sites in foreign countries using a "virtual private network" (VPN) – a preferred method of evading the blocks put up by China's censors to external sites. Even Apple's app store has been put off-limits by the new blocks, according to reports. The disruption has mainly affected corpor...

LUMS University Database Hacked By Hitcher Vulnerable link :   http://www.lums.edu.pk/event_detail.php?id='300 Databases links for student info :   http://pastebin.com/TAYcwPd3 Faculty info : http://pastebin.com/1RpBitHf

Pakistan Telecommunication Company (PTCL)  Hacked by lionaneesh , users data compromised Hacked site :  http://www.ptcl.com.pk/ Hack Proof by Hacker :  http://pastebin.com/eBTR5d5H

13th Friday, Everything Down : Twitter ,You tube & Blogger ! Twitter is down and fail whales abound. Some users have experienced problems loading the service since about 1:30 ET. Twitter announced that it is aware of the situation on its status log: “ We are currently experiencing site stability issues. There may be intermittent issues loading twitter.com. We’re working to fix it as soon as possible ,” the post says. We’ll continue to update you with more information, as it becomes available. Today Blogger.com was also down from last 48 hours, But Finally, Blogger.com is back !

Critical Flash Player Update to fix 11 Security Holes Adobe  has released another batch of security updates for its ubiquitous  Flash Player software. This “critical” patch fixes at least 11 vulnerabilities, including one that reports suggest is being exploited in targeted email attacks. In  the advisory  that accompanies this update, Adobe said “there are reports of malware attempting to exploit one of the vulnerabilities, CVE-2011-0627, in the wild via a Flash (.swf) file embedded in a Microsoft Word  (.doc) or  Microsoft Excel  (.xls) file delivered as an email attachment targeting the  Windows  platform. However, to date, Adobe has not obtained a sample that successfully completes an attack.” The vulnerabilities exist in Flash  versions 10.2.159.1  and earlier for Windows,  Mac ,  Linux and  Solaris . To learn which version of Flash you have, visit  this link . The new version for most platforms is 10...

Finally, Blogger.com is back ! Blogger.com is back now, Official statement : http://buzz.blogger.com/2011/05/blogger-is-back.html

Hacker getting WordPress Database Dump with Google Query ! There appear to be multiple WordPress powered sites that are performing an DB->XML dumb of the articles and subsequent pages. The comments section includes originating IP address, datetime, E-Mail address, homepage, etc. These entities are traditionally not exposed to the anonymous Internet via WordPress. Since the XML dump is structured it's quite easy to harvest this data. More alarming is the volume of sites freely exposing this. I'm not certain of the root cause but perhaps it's related to an upgrade procedure. Google is happily indexing and caching these dumps as it appears they're created in the attachment system (URI ?attachment_id=\d+) with an HREF to the actual dump. A simple Google search below will return a multitude of sites. Perhaps someone on the WordPress side can comment on this behavior? Google Query - inurl:uploads ".xml_.txt" wordpress Anoth...

Final Fantasy maker Square Enix hacked, 25,000 email addresses Stolen ! Square Enix has confirmed that personal data has been compromised after hackers accessed the Eidos Montreal website. The Deus Ex website was also accessed by the attack from hackers. It’s thought that it took place on Wednesday. The publisher’s now confirmed that personal data has been compromised. “Square Enix can confirm a group of hackers gained access to parts of our Eidosmontreal.com website as well as two of our product sites. We immediately took the sites offline to assess how this had happened and what had been accessed, then took further measures to increase the security of these and all of our websites, before allowing the sites to go live again,” Square Enix said in a statement sent to VG247. However, the company insists that while personal data such as up to 25,000 email addresses and resumes for jobs at Eidos Montreal – of which 350 were accessed – no credit card data was stolen due to the webs...

Pakistan Cyber Army got hacked by Indian Cyber Army (Indishell) Hacked site :  www.pakcyberarmy.net Mirror :  http://mirror.sec-t.net/defacements/?id=24393 Note By ICA :  http://pastebin.com/ZfNH774F

Microsoft Release Security Intelligence Report ! The Security Intelligence Report (SIR) is an investigation of the current threat landscape. It analyzes exploits, vulnerabilities, and malware based on data from over 600 million systems worldwide, as well as internet services, and three Microsoft Security Centers. Volume 10 (SIR v10) is the most current edition covering 2010 and contains five sections: Key Findings provides data and analysis produced by Microsoft security teams. Reference Guide gives additional information for topics covered in the Key Findings. Featured Intelligence spotlights the latest threat topic. Global Threat Assessment provides deep dive telemetry by specific country or region. Managing Risk offers methods for protecting your organization, software, and people. Download Here

Facebook Security Update , Protection from Untrustworthy Websites With Web Of Trust (WOT) Web of Trust (WOT), the worlds leading crowd-sourced website reputation rating service, and Facebook, the Internets leading social platform, begin collaboration today to give Facebooks over 500 million users reliable protection against dubious web links. When a Facebook user clicks a link that leads to a page with a poor reputation rating given by the WOT community, Facebook shows a warning message. WOTs global community has reported five million sites for phishing, untrustworthy content, fraudulent services or various scams. Facebooks ability to protect its users from malicious links is significantly improved with the use of WOT reputation ratings. Whenever a Facebook user navigates to an untrustworthy site a warning will appear allowing the person to avoid the link, learn more about the rating or continue forward. Web users have rated more than 31 million websites with the free WOT add-on. WO...

The White House proposed Thursday reforming the Federal Information Security Management Act by formalizing the Department of Homeland Security role in managing cybersecurity for the federal government's civilian computers and networks. What the Obama administration does not propose is the establishment of an Office of Cyberspace with a Senate confirmed director in the White House, as proposed in a number of bills before Congress. In addition, the proposal would give DHS more flexibility in hiring cybersecurity professionals and permit the government and business to temporarily exchange experts, so that both can learn from each others' expertise. The comprehensive proposal, outlined in a White House blog, also calls for a federal data breach notification law and criminal penalties for cybercrimes. Besides establishing a new framework aimed at protecting individuals' privacy and civil liberties, the White House proposal also would codify practices that allows DHS to hel...

A widespread hack spread across Facebook early Thursday morning and shows no signs of abating as of yet. It comes in the form of a script that posts heavily profanity-laden wall posts continuously, instructing you that the only way to remove the posts is to click a ‘Remove This App’ link. Unfortunately the link is a hoax and allows the malicious script to access your Facebook account. Your account will then continue to spread the script in the form of similarly formatted wall posts on your friends accounts. The message uses the phrase ‘Vote for Nicole Santos’, leading some to believe that it is a high school prank related to Prom season. Here is a link  ( http://pastebin.com/u5abvXQi ) to the raw code of the script causing the problems on Facebook. If any of you commenters have any suggestions as to how this might have been injected in the first place please do let us know. Unsurprisingly many are trying to trace the source back to the ‘Nicole Santos’ that may have originat...