The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Anonymous & Lulzsec Personal Information leaked by TeaMp0isoN TeaMp0isoN claim to expose the personal details of Anonymous & Lulzsec via a tweet . They posted a pastie link  which contains the details of various Lulzsec members and Anonymous.  The file include following data : *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= *= ######## ######## ### ## ## ######## ##### #### ###### ####### ## ## ## ## ## ## ### ### ## ## ## ## ## ## ## ## ## ### ## ## ## ## ## #### #### ## ## ## ## ## ## ## ## #### ## ## ###### ## ## ## ### ## ######## ## ## ## ###### ## ## ## ## ## ## ## ######### ## ## ##...

BPM Database leaked by p0keu for #AntiSec One more Hacker with name "p0keu" leak the database of BPM http://visitbpm.co.uk for Antisec. BPM is the world’s largest event dedicated to DJing, electronic music production and club culture has had its whole database leaked via twitter. The database is leaked via a pastebin link :  http://pastebin.com/qF9nXmgH  .

Dukascopy: Forex Swiss Bank Vulnerable to SQL Injection SQL Injection Vulnerability found in Dukascopy by  zSecure Team. Dukascopy offers direct access to the Swiss Foreign Exchange Marketplace. This market provides the largest pool of ECN spot forex liquidity available for banks, hedge funds, other institutions and professional traders. To accommodate the existing banking relationships of it’s clients, Dukascopy offers full Prime Broker capability with give up facility, by utilizing an extensive network of banking partners. Dukascopy Bank provides access to the very first Decentralized Marketplace technology (SWFX – Swiss Forex Marketplace), combining the liquidity of clients, centralized marketplaces and a number of banks. Through its marketplace solution, the Swiss Forex Bank & Marketplace proposes to every client to act as liquidity consumer and/or liquidity provider. Dukascopy Bank provides a transparent and anonymous trading environment. Proof Of Concept : ...

Italian Universities dump database Leaked by LulzStorm LulzStorm , Another Antisec supporter leaked Italian Universities dump database via a tweet on twitter. He release a torrent link and a Mediafire mirror link with a archive of 2.74 Mb. This Archive Include hacked database if 18 Italian Universities as listed : unisi.it, unisa.it, uniroma1.it, anotonianum.eu, econoca.it, uniba.it, unibocconi.it, unifg.it, unime.it, unimib.it, uniurb.it, unibo.it, unipv.it, unina2.it, unile.it, unito.it., unimo.it . The hack is in support of Operation Antisec. Message By hacker : Today is a great day for us all, and a very bad one for italian universities. Their sites are full of weaknesses. Some of them even think being secure,so they don't mind hashing their passwordz.And you, Italian people, are giving all your data to idiots like these?Is it a joke?Change your passwordz, guys.Change your concept of security, universities.We could have leaked much more.We could have de...

Roger Ebert Email ID got hacked by Rapt0r - Anonymous Operation #AntiSec Roger Joseph Ebert's Email ID answerman@gmail.com hacked by  Rapt0r for Anonymous Operation #AntiSec.  Roger Joseph Ebert  is an American film critic and screenwriter. He is the first film critic to win a Pulitzer Prize for Criticism. Hacker Get access to his email ID and Email us ( The Hacker News ) from his ID with a message as shown " I am NOT Roger Ebert the famous film critic but I AM a Hacker who got inside his E-Mail account. In fact I have downloaded all his messages, and I am writing this to you from inside his G-Mail account. For full details of this intrusion go to www.HackerLeaks.com where everything will be revealed. ". Hacker claim to download all his emails and offering to expose all data on  www.HackerLeaks.com . We check the given site, but its not working right now. We check the Facebook page of Roger Ebert to verify that is    answerman@gmail....

Hackers posts fake celebrity stories on Sony site From last three months Sony becomes favorite victim to hackers. This time A hacker post fake celebrity stories on Sony Music's Ireland site . These Fake Stories was : 1.) Scientists have proved that the X Factor TV show is for the stupid. 2.) Two members of the Irish pop band "The Script" were found dead in their backstage dressing room. 3.) Rebecca Black (the teenage singer who became an internet meme after her phenomenally bad "Friday" video became a YouTube hit) has married R Kelly in Disneyland As of 7:10 a.m. Wednesday (Manila time), visitors to Sony Music Ireland were redirected to Sony Music Ireland's Facebook page .

Lulzsec Releases Final Message to the friends around the globe Anonymous Tweet  Video message as " Lulzsec Last Message ". In 10minutes the Video get 200 Likes and 7000 Views. Every message of Anonymous/ Lulzsec is spreading like Fire. The Video Message is here : Lulzsec Message is : Friends around the globe, We are Lulz Security, and this is our final release, as today marks something meaningful to us. 50 days ago, we set sail with our humble ship on an uneasy and brutal ocean: the Internet. The hate machine, the love machine, the machine powered by many machines. We are all part of it, helping it grow, and helping it grow on us. For the past 50 days we've been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could. All to selflessly entertain others - vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love....

Anonymous leaks Nimbuzz data for collusion with pro-censorship governments Anonymous Hackers leaks Nimbuzz data via the twitter account  of AnonymousIRC which included a link to their latest leak from Nimbuzz  http://pastebin.com/TvSxycCf . About thirty minutes later, that twitter account posted a link for download named " antibuzz " along with an invitation for everyone to join Anonymous IRC . Nimbuzz is a Dutch company that provides services similar to Skype, Including text and video communication.The pastebin release claims that Nimbuzz is " capable and self-admittingly willing to co-operate with governments to help censor the public's use of the very services they offer. " Anonymous Says " People should not be afraid of their governments. Governments should be afraidof their people. ".

PayPal UK Twitter account hijacked by angry customer Second high-profile hack of the week against Twitter accounts, Yesterday  FOX News Twitter Account was Hacked by 5CR1PT K1DD3S & then sent false tweets saying that U.S. President Barack Obama had been shot dead. Today an  angry customer of Paypal hijack the Twitter account of PayPal UK. In PayPal's Hacking case, the attackers sent out messages promoting paypalsucks.com , a site devoted to what it says is " exposing the nightmare of doing business 'the PayPal way' ". Another tweet sent from the hacked account read, “ PayPal can freeze your funds for no reason, do not use PayPal!! ” The account’s photo and description was changed before being taken down by Twitter. The Tweets were removed within a few hours of the hijacking. " Sorry, the profile you are trying to view has been suspended ," Twitter said on its page for the PayPalUK feed. A spokesman for PayPal UK said that the company is...

Video Demonstration : Vsftpd backdoor discovered by Mathias Kresin 2.3.4 of vsftpd's downloadable source code was compromised and a backdoor added to the code. Evans, the author of vsftpd . This module exploits a malicious backdoor that was added to the VSFTPD download archive. This backdoor was present in the vsftpd-2.3.4.tar.gz archive sometime before July 3rd 2011. The bad tarball included a backdoor in the code which would respond to a user logging in with a user name ":)" by listening on port 6200 for a connection and launching a shell when someone connects. Read more here Affected versions : vsftpd-2.3.4 from 2011-06-30 Metasploit demo : use exploit/unix/ftp/vsftpd_234_backdoor set RHOST localhost set PAYLOAD cmd/unix/interact exploit id uname -a Video Demonstration :

NATO Server Hacked by 1337day Inj3ct0r and Backup Leaked ! Team Inj3ct0r ( 1337day ) claim to hack Apache Tomcat Version 5.5.9 of NATO .  The North Atlantic Treaty Organization or NATO also called the (North) Atlantic Alliance, is an inter governmental military alliance based on the North Atlantic Treaty. They Leak a Backup of Random 2,646 files from Server as Proof of Hack . The archive uploaded by hackers is available at  http://www.mediafire.com/?s2chp1v2jqsf52z  . We talk to Team Inj3ct0r about this hack They said : 1.) The Reason of Hacking is "Nuclear weapons. its development and financing" 2.) They hack Tomcat 5.5 Server using 1337day privat exploit (0day) . 3.) They get the root privilege to the Server. 4.) They are able to Deface the website of NATO also, but they will not do this. They have just take the backup of server and trying to distribute that on Internet. This archive contains various configurations XML/Batch/...

RedHack deface 1000 sites for Turkey #AntiSec RedHack Hackers Group deface more than 1000 websites today. The complete list of hacked sites are here  . The hack is done in support of Anonymous and Operation Antisec. The hackers also release a press Release as below with Reason of this hack.  Press Release By Redhack : Our people from all nationalities and Revolutionary, Democrat, Patriotic and Opposition Comrades, Since 1997 our objective is, to be the “common voice” of revolutionaries in digital arena and have carried out our actions according to this strategy. On the anniversary of Sivas Massacre which took place on 2nd July 1993 and resulted in death of thirty-five intellectuals, singer, authors and poets; we have hacked hundreds of websites belongs to Adnan Oktar also known as Harun Yahya bigot and collaborating fascist websites in order to announce that we have not forgotten this massacre and will not let it be forgotten.  We have also taken opportunity to ...

FOX News Twitter Account Hacked by 5CR1PT K1DD3S Fox News Politics Twitter account @foxnewspolitics  hacked last night.  The account's icon had been changed from the Fox News Politics logo and featured the following new description: " H4CK3D BY TH3 5CR1PT K1DD3S. " Hacker's Personal account was  @TheScriptKiddie on twitter, but After hack, Twitter has suspended his account. Then hacker made another announcement via  Fox News Politics Twitter account  that " twitter has suspended TheScriptKiddie please follow @ScriptKiddi3 for future releases. we have confirmed Fox News is aware of the attack. " THN talk with " The Script Kiddies " Group. They Reply : " We are a new group called The Script Kiddies. As i have stated in past interviews we do have connections to anonymous, however this does not represent them in anyway. personally I have been part of many hacks leading back to HBgary and #operationPyaback with anonymous . we will not ...

Microsoft.com.br (Brasil) hacked by TG hacker Microsoft Brasil http://microsoft.com.br/ Got defaced by Hacker named " TG ". Hacker redirect  server address microsoft.com.br  to the page of Microsoft Brazil. Instead of being sent to the developer page of Windows, the Internet user that accesses the address is faced with a message published by hackers as  " Ms Brazil 0wn3d by TG " .  The forwarding service is hosted on an external server.

Oracle website vulnerable to SQL injection vulnerability Oracle database website itself vulnerable to SQL injection attack. The website having a loophole by which any attacker can easily hack into it. The vulnerability is found and submitted by Hacker " m@m@ ". Oracle provides the world's most complete, open, and integrated business software and hardware systems to more than 370,000 customers including 100 of the Fortune 100 that represent a variety of sizes and industries in more than 145 countries around the globe. The combination of Oracle and Sun means that customers can benefit from fully integrated systems the entire stack, from applications to disk that are faster, more reliable, and lower cost. But the website now itself compromised with SQL injection attack. I am providing the link and a screen sort show that you can easily sort out the vulnerability.  Here is the link:  http://labs.oracle.com/dmp/patents.php?uid=mherlihy'%20and%201=0%20union%20sele...

Iframe Injection & Blind SQL Injection vulnerability on Apple.com exposed by Idahc(lebanese hacker) After Sony hacks, Idahc(lebanese hacker) is back to strike Apple.com . He found two vulnerability on  https://consultants.apple.com/  as listed below. Iframe Injection : Click here Blind SQL INjection: C lick Here Examples of the injections: Example One Example two Two days before Another sub-domain of Apple's database was hacked with SQL injection by Anonymous : Read Here Hacker Expose the Database ,extracted using Blind Sql injection on a pastebin link .  According to Hacker " I am Idahc(lebanese hacker) I found a Blind SQLI and Iframe Injection on AppleI am not one of Anonymous or Lulzsecand I am against The ANTISEC OPERATIONBUt this is a poc with not confidential informationI didn't dump users,emails,passwords........ ".

Stuxnet Source Code Released Online - Download Now Stuxnet is a Microsoft Windows computer worm discovered in July 2010 that targets industrial software and equipment. While it is not the first time that crackers have targeted industrial systems,it is the first discovered malware that spies on and subverts industrial systems,and the first to include a programmable logic controller (PLC) rootkit. Stuxnet is designed to programmatically alter Programmable Logic Controllers (PLCs) used in those facilities. In an ICS environment, the PLCs automate industrial type tasks such as regulating flow rate to maintain pressure and temperature controls. Source Code Download Another Video Presentation on Stuxnet by Hungry Beast .

Apple database hacked with SQL injection by Anonymous Anonymous hackers announce on twitter that Apple can be there next target. They expose one SQL vulnerability on Apple domain with One table "Users" data. Vulnerable Link :   http://abs.apple.com:8080/ssurvey/survey?id= Exposure Link :   http://pastebin.com/tkmZDG9m These all hacks now consider under Operation Antisec by Anonymous and Lulzsec Members.

4 big business sites database backup leaked by Serious BLack  ! One of the Indian hacker "Serious BLack " found the SQL database backup on the 4 big business sites. These SQL dumps are hosted by Site admins on FTP that has been leaked. Sites are:  http://www.assembla.com/   =>  http://pastebin.com/YpdfGsQN http://www.nganhoa.co.cc/hoa.sql http://www.seoguru.co.uk/seogurl.sql http://www.33photo.com/backup.sql

WebSurgery v0.5 - Web app testing tool Released WebSurgery is a suite of tools for security testing of web applications. Itwas designed for security auditors to help them with the web applicationplanning and exploitation. Currently, it uses an efficient, fast and stableWeb Crawler, File/Dir Bruteforcer and Fuzzer for advanced exploitation ofknown and unusual vulnerabilities such as SQL Injections, Cross sitescripting (XSS), brute-force for login forms, identification offirewall-filtered rules etc. Download Setup Download Portable Documentation

Pepper (Dating site) hacked by Anonymous #Antisec One of the Biggest Online dating website Pepper  http://www.pepper.nl/  hacked by Anonymous Hackers for Operation Antisec. Huge Data breached, 52000 users/passwords of users leaked by Anonymous on twitter on  http://privatepaste.com/af59e5a969

TriNity (Indian Girl Hacker) Strikes again to server with 690 websites Indian hacker girl, TriNity Strikes After along time. This time she  hack a windows server with 690+ Sites at 66.113.131.74 . Site attacked : http://www.coin.info/ http://catapult.coop/ Mirror of some sites on the same server : http://mirror.sec-t.net/defacements/?id=49702 http://mirror.sec-t.net/defacements/?id=49698 Complete List of Site : http://pastebin.com/4sF7ZQAB

UP Rajarshi Tandon Open University Allahabad Website Hacked Website of UP Rajarshi Tandon Open University Allahabad Hacked last night. Link  http://www.uprtou.ac.in/ Hacker wrote message on the site " SECURE YOUR WEBSITE.. OR ELSE GET HACKED BY SOMEONE...The Education system in India sucks.. Till when we would be learning all the bullshit physics, chem, history and commerce.. We need some real knowledge.. Baccha, kabil bano.. kamyaabi jhak marke peeche aayegi.. lol. .sorry admin.. just resotre your site..Don't worry.. nothing has been deleted... " Legend H mirror : http://legend-h.org/mirror/187224/uprtou.ac.in

Nmap 5.59 BETA1 - 40 new NSE scripts & improved IPv6 Official Change Log: o [NSE] Added 40 scripts, bringing the total to 217!  You can learn  more about any of them at http://nmap.org/nsedoc/. Here are the new  ones (authors listed in brackets):  + afp-ls: Lists files and their attributes from Apple Filing    Protocol (AFP) volumes. [Patrik Karlsson]  + backorifice-brute: Performs brute force password auditing against    the BackOrifice remote administration (trojan) service. [Gorjan    Petrovski]  + backorifice-info: Connects to a BackOrifice service and gathers    information about the host and the BackOrifice service    itself. [Gorjan Petrovski]  + broadcast-avahi-dos: Attempts to discover hosts in the local    network using the DNS Service Discovery protocol, then tests    whether each host is vulnerable to the Avahi NULL UDP packet    denial...

Official Website of Amy Winehouse - Songer/Songwriter Defaced Amy Jade Winehouse official website  http://www.amywinehouse.com/   defaced by Anonymous hackers for Antisec . Amy Jade Winehouse  (born 14 September 1983) is an English singer-songwriter, known for her powerful contralto vocals and her eclectic mix of various musical genres including R&B, soul, and jazz. She has received publicity over her substance abuse and mental health issues. Related hack => Meggit - US Military and Law Enforcement equipment supplier hacked for #Antisec - Read here