The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

THN Review : Ghost in the Wires - Kevin Mitnick First of all Thanks to Mr. Kevin Mitnick for sending Review Copy of his latest book & Auto-Biography " Ghost in the Wires - My Adventures As The World's Most Wanted Hacker ". I take about a week to read this amazing book and Finally  The Hacker News Review for this Book : Some call him a saint, some a criminal, others adore him. Industry may loathe him but we here at hacker news say “ Get Reading ” loyal subscribers and laugh, get mad, feel revenge, and pure educational enjoyment reading Kevin Mitnick’s new book “ Ghost in the Wires ” .  Yeah, we consider him pretty cool and the father of Social Engineering which is just ours and yours level of interest.   If a guy that can stay one step ahead of big business, catching them with their pants down and their hands in the Cookie jar, then this is the book for you.  If you admire a person who can squeeze blood from a turnip, you have the rig...

LulzSec Member Topiary arrested in the Shetland Islands Police arrest 18-year-old man in Shetland Islands who is alleged to be involved in hacker attacks on law enforcement agencies.Officers from the Metropolitan Police Service's Police Central e-Crime Unit (PCeU) arrested the man as part of an international investigation into the activities of the Anonymous and LulzSec hacktivist groups.The man, who was arrested at a residential address in Shetland, is said to have used the online nickname " Topiary " and acted as a spokesperson for the groups via forums such as Twitter. He was arrested at a residential address in the Shetland Islands and is currently being transported to a police station in central London. A search is ongoing at the address. It was carried out with the assistance of the Scottish Crime and Drug Enforcement Agency (SCDEA) and Lincolnshire Constabulary. The arrest of Topiary is the third made in the UK in the search for members of the group, followi...

DOD Launches New Cyber Strategy Website The Department of Defense today launched a new website to highlight DoD’s first unified strategy for cyberspace announced on July 14. The website is a tool to help explain and consolidate DoD’s cybersecurity accomplishments and new way forward for military, intelligence and business operations in cyberspace. The new website is designed to help users explore the five pillars of DoD’s cyber strategy: treating cyberspace as an operational domain; employing new defense operating concepts; partnering with the public and private sector; building international partnerships; and leveraging talent and innovation. Additional content includes links to cybersecurity jobs in government, key news items, press releases, and video of discussions on cybersecurity. Source

Smiasm - Reverse engineering framework What is Miasm? Miasm is a a free and open source (GPLv2) reverse engineering framework. Miasm aims at analyzing/modifying/generating binary programs. Here is a non exhausting list of features: opening/modifying/generating PE/ELF 32/64 le/be using Elfesteem Assembling/Disassembling ia32/ppc/arm Representing assembly semantic using intermediate language Emulating using jit (dynamic code analysis, unpacking, ...) Expression simplification for automatic de-obfuscation Graphic disassembler using Grandalf How does it work? Miasm embed its own disassembler, intermediate language and instruction semantic. It is written in Python. To emulate code, it uses libtcc to jit C code generate from intermediate representation. It can emulate shellcodes, parts of binaries. Python callback can be executed to emulate library functions. Read Documentation & Download Here

#OpPayPal - Anonymous calls for boycott of PayPal for blocking Wikileaks The Latest Operation could be a major departure into legal direct action for Anonymous, LulzSec and AntiSec. If so, this is one to watch with great interest. The campaign marks something of a departure for LulzSec and Anonymous, which are both known for stealing and releasing private information from websites with poor security.The groups are at pains to emphasis that their current protest is being waged through legal means.During Operation Payback, Anonymous had called for a boycott, but little was gained due to the distributed nature of Anonymous and relatively low media profile. What is Operation Paypal ( #OpPayPal ) ? IRC: http://bit.ly/pDIZbY According to Anonymous and Lulzsec " Paypal is a corrupt corporation who voluntarily disabled donations to wikileaks with no legal base or reasoning whatsoever.  They are actively working with the FBI to arrest and imprison the only peop...

Metasploit Pro 4.0 released - Enterprise Integration, Cloud Deployment & Automation Rapid7 launched Metasploit Pro 4.0, a penetration testing solution that provides security professionals with a better view of their threat landscape by integrating with more than a dozen vulnerability management and Web application scanners, and by providing data to security information and event management (SIEM) systems through a documented interface. This enables defenders to identify vulnerabilities that could lead to a data breach and prioritize their remediation more effectively. Security teams increase their productivity by spending less time fixing unimportant vulnerabilities and have an effective way to verify that remediation was successful. The new capabilities in Metasploit Pro 4.0 now enable defenders to: Integrate security risk intelligence Integrate Metasploit Pro with your security information and event management (SIEM) system to improve your dashboard information Import ...

BSNL System Hacked by Pakistan Cyber Army - Users info at risk Pakistan Cyber Army claims to hack the BSNL (Bharat Sanchar Nigam Ltd.- India's No. 1 Telecommunications Company)10,000 User information like name, email, phone number and location & BSNL's internal working of VPN ,detail of circuits and as well as more technical details. More Screenshots: Source: Email from PCA

Operation Intifada: Anonymous Prepares For DDOS Attack On Israel Parliament The latest target of Operation Anonymous, which following the dissolution of LulzSec is the last substantial non-amorphous hacker collective left out there, could lead to some substantial geopolitical fallout. That is because the target of the just announced upcoming DDOS attack is none other than the Israeli Parliament, the Knesset, and while Israel has allegedly been happy to dispense hack attacks in the past, the onslaught on the Iranian nuclear power plant courtesy of the Stuxnet virus coming to mind, we doubt it will as happy to be seen on the receiving end of decentralized computer warfare.

OSForensics – Digital investigations faster Here there is a new utility called OSForensics, currently it is freely available that I found very useful for conducting a computer forensics. OSForensics can retrieve data about recently accessed applications, documents, media and network shares by scanning locations in the registry which store a user’s Most Recently Used (MRU) lists. The data which can be tracked by OSForensics includes files accessed in Microsoft Office applications, Microsoft Wordpad, Microsoft Paint, Microsoft Media Player, Windows Search, Connected Network Drives and the Windows Run command. Read More Here Download OSForensics 

90000 web pages infected by mass iFrame attack Security Experts Wayne Huang, Chris Hsiao, NightCola Lin discovered that more than 90000 web pages are infected by mass iFrame attack. There's been a mass scale injection ongoing recently, with the injected iframe pointing to willysy.com . Just Try a simple Google Search to find out the facts. Video Demonstration: Researchers at Armorize said the injected scripts redirect users to malicious Web domains that is launching attacks targeting known vulnerabilities in Java, Adobe's PDF, Microsoft's Internet Explorer and other common platforms, according to the report by Armorize experts Wayne Huang, Chris Hsiao and NightCola Lin. The campaign is targeting online commerce sites, the researchers found. Read more at Source .

Change.Gov Donor List 2010 leaked by #Antisec Anonymous Hackers today leak the list of 60804 Donors to Change.Gov via Twitter tweets. The list is uploaded on Mediafire Link . The data contains the Name, Employee,City, State, Zip and Donated Amount in a CSV file. Yesterday 300 Military and Government Accounts leaked by P0keu and  CNAIPIC - Italian government hacked by #Antisec , Various Confidential documents leaked.

Anonymous , LulzSec & Stuxnet nominated for Pwnie Awards 2011 for Epic 0wnage The nominees for the Pwnie Awards 2011 are finally selected today. Anonymous are nominated for hacking HBGary , LulzSec for hacking everyone & Stuxnet also nominated in  Epic 0wnage. More Details on Nominations Read Here Next week the judges will gather at an undisclosed location and vote on the winners, who will be announced during the awards ceremony on Aug 3rd in Las Vegas.

300 Military and Government Accounts leaked by P0keu In a tweet , P0keu posted a link to PasteBin which appears to be e-mail accounts and passwords of 300 military and government accounts used the same password as their actual e-mails, then the contents of their e-mail account will also be exposed. The PasteBin dump says it contains 290 accounts. A large number of them end in .mil and .gov. Just a point of clarification, this doesn’t appear to be actual e-mail accounts and passwords, but rather, a website that uses people’s e-mail accounts as a log-in name. So the account to the website is exposed. If the password used with the e-mail is the same as the password for that actual e-mail address, then that e-mail might also be exposed along with who knows what else that is tied to that account. Amongst those accounts that are exposed, there appears to be accounts from the Department of Justice, the FBI, the Deparment of Homeland Security, the NSA, the Pentagon and several others. ...

Red Hat Enterprise Linux 5.7 Released Red Hat has updated Enterprise Linux 5.7, which now includes several features from Red Hat Enterprise Linux 6. The operating system processors supports deployments on Intel, AMD, POWER and IBM System z architectures. Highlights of Red Hat Enterprise Linux 5.7 include: Hardware enablement Support for new hardware from Red Hat partners encompassing processors, chipsets and new drivers for storage, networking, and graphics allows Red Hat Enterprise Linux 5 deployments to benefit from new hardware platforms delivered in 2011, including Intel, AMD, POWER and IBM System z. Virtualization improvements Several virtualization enhancements in Red Hat Enterprise Linux 5.7 include improved migration performance for KVM, as well as several performance and scalability improvements for the Xen hypervisor. SCAP support OpenSCAP introduces support for the Security Content Automation Protocol, including a library and set of utilities, giving a stan...

CNAIPIC  - Italian government hacked by Antisec , Various Confidential documents leaked CNAIPIC - Centro Nazionale Anticrimine Informatico per la Protezione delle Infrastrutture Critiche /National Anti-Crime Computer Centre for Critical Infrastructure Protection hacked by Anonymous Hackers for Antisec Operation. Various Documents has been leaked via a pastebin message .  Message By Hackers on Pastebin : Heynow, This is a prerelease of a series we are going to make to reveal the biggest in history of European LE cyber operation Evidence exploitation and abuse. Thing's gonna get published and twittered all over anonymous and lulzsec community. Today we were granted with the Italian law enforcement Pandora box, we really think it shall be a new era of “regreaissance” to the almighty Homeland Security Cyber Operation Unit in EU. So we decided to leak everything they got since they were established as a full scale cyber taskforce named CNAIPIC. This corrupted o...

VirtualBox 4.1 Final for Linux Released VirtualBox is a general-purpose full virtualizer for x86 hardware, targeted at server, desktop and embedded use. This version is a major update. The following major new features were added: Support for cloning of VMs (bug #5853, see the manual for more information): full clones can be created through the GUI and VBoxManage, linked clones only through VBoxManage GUI: enhanced wizard for creating new virtual disks GUI: new wizard for copying virtual disks GUI: keep the aspect ratio in scale mode (Windows and OSX hosts only; bug #7822) VMM: raised the memory limit for 64-bit hosts to 1TB Experimental support for PCI passthrough for Linux hosts, see the manual for more information Windows guests: Experimental WDDM graphics driver, supporting Windows Aero (bug #4607) and providing Direct3D support using a cleaner approach (no need to install the guest drivers in Safe Mode anymore) Guest Additions: status of modules and features can now be ...

Ani Shell v1.3 Released -- Mail Bomber (with less spam detection) & PHP Decoder Introduction Ani-Shell is a simple PHP shell with some unique features like Mass Mailer , A simple Web-Server Fuzzer , DDoser, Back Connect , Bind Shell etc etc ! This shell has immense capabilities and have been written with some coding standards in mind for better editing and customization. Customisation 1. Email Trace back is set to Off as default and emails will not be sent , If you are setting this feature on make sure you change the default email address (lionaneesh@gmail.com) to Your email address , Please Change it before using. 2. Username and Passwords are set to lionaneesh and lionaneesh respectively , Please change them for better security. 3. As a default Lock Mode is set to on! This should not be change unless you want your shell exposed. Default Login Username : lionaneesh Password : lionaneesh Features Shell Platform Independent Mass - Maile...

Mallika Sherawat official website Defaced by KFMDD Teams Hackers Bollywood Star - Mallika Sherawat official website  mallikasherawatwow.com   get defaced by an Indian hacker " KFMDD Teams " . Hacker put " Tiranga " on the deface page as shown.

Philippines Congress hacked by BashCrew for #AntiSec The Philippians Goverment has become the latest target in the #antisec operation with a hacker crew known by BashCrew , Congress.gov.ph being hacked and having some data leaked . The leak has personal information, emails, contact numbers etc via pastebin link .

Colombian Anonymous Hackers reveal personal data of Colombian police officials Colombian Anonymous Hackers announced that they had sent spam bombs to some 250 officials of Colombia's national Police ( http://colombiareports.com ) and revealed personal data of employees of the National Police inviting the public to harass the officials Here . In a statement published online, the hackers thanked the National Police " for keeping us submitted and trampled. " In the same statement, the group " Colombian Hackers " released personal information on hundreds of police officials, some with home addresses and identification numbers. Colombia Wednesday celebrated its 201st anniversary of its declaration of independence of Spain. The hackers had announced an independence offensive the day before.

English Defence League Facebook Page Deleted & Members Mobile Numbers Leaked TeaMp0isoN Hacking Crew Hack and Delete Official Facebook page of English Defence League was on  https://www.facebook.com/English.Defence.League.EDL  . Also  TeaMp0isoN Leaks the Phone numbers of Members of  English Defence League  via a pastie link . Screenshot of the Numbers are shown below :

Wireshark 1.6.1 and 1.4.8 Released Wireshark 1.6.1 and 1.4.8 have been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code are now available. In 1.6.1 Two vulnerabilities have been fixed. See the advisory for details . Many other bugs have been fixed. For a complete list of changes, please refer to the 1.6.1 release notes . In 1.4.8 Two vulnerabilities have been fixed. See the advisory for details . Many other bugs have been fixed. For a complete list of changes, please refer to the 1.4.8 release notes . Official releases download page

Android Passwords are stored in plain text on Disk A Android user complain that , All passwords are stored in plane text on Disk via a message on discussion board of Android. He said " The password for email accounts is stored into the SQLite DB which in turn stores it on the phone's file system in plain text.Encrypting or at least transforming the password would be desirable. " On this Android Support "Andy Stadler" Reply that : Hello- Thanks for the information and the feedback on this concern. First, I would like to reiterate the notes made by a couple of you, which is to remind users that if you are concerned about this issue, *please* simply click the star. Every time you respond "please fix" or "should be fixed!" it sends email to over 200 people. Second, please know that we take information security very seriously, and this is baked into the Android platform at multiple levels. Now, with respect to this particular ...

Apple MacBooks Can Be Hacked Through The Battery Security researcher Charlie Miller is quite well known for his works on Apple products. Today he has come up with a very interesting way to hack the MacBook using the battery. Laptop battery contains its own monitoring circuit which reports the status of the battery to the OS. It also ensure that the battery does not overcharge even when the laptop is turned off. Miller has discovered that on the MacBooks, the batteries are shipped with the default password set on the chips. It means that if someone knows the default password, the firmware of the battery can be controlled to do many things from simply ruining the battery to installing a malware which reinstalls whenever the OS boots. Miller said that it might even be possible to overload the battery so that it catches fire. This is what Miller said: These batteries just aren’t designed with the idea that people will mess with them. What I’m showing is that it’s possible to use...

Pakcyberarmy database hacked and Leaked by Indian Hacker - Lucky Indian Hacker - Lucky (Indishell) crack the 1500+ user's passwords from Pakcyberarmy.net database.  Pakcyberarmy.net is the hub of most of the Pakistani hackers. Indian hacker group " Indishell " leader " Lucky "  leaks all info via a excel file available for download here . " Most of the Users/Hackers used the same passwords to their emails and what ever u wanna do do it spam, play , abuse or what ever you feel like its all yours " According to Lucky. The password List is available : http://www.multiupload.com/ERWJ33UPI2 Archive password - proud_to_be_indian Format - HASH : PASSWORD

Linux 3.0 Kernel Released - Download A recent Google+ Post by Linus Torvalds indicates that version 3.0 of the Linux kernel will have to wait due to the discovery of a 'subtle pathname lookup bug.' Linus indicates, 'We have a patch, we understand the problem, and it looks ObviouslyCorrect(tm), but I don't think I want to release 3.0 just a couple of hours after applying it. Officially marking the introduction of Linux 3.x, Linus Torvalds this evening announced the official release of Linux 3.0. The Linux 3.0 kernel would have been released as the Linux 2.6.40 kernel, until the developers decided to end the 2.6 series and move forward with the 3.x series. This Phoronix posting details some of the Linux 3.0 features, including file-system Cleancache support, initial Intel Ivy Bridge support, better open-source kernel graphics drivers, and many other hardware driver enhancements. " So there it is. Gone are the 2.6. days, and 3.0 is out. " Now it's ...

8 Court Cases against Sarah Palin Leaked By TeaMp0isoN TeaMp0isoN Hackers leaks today the 8 Court Cases against Sarah Palin. The Documents are Leaked via MediaFire Link. The Archive contain Following Files, as shown.  There are 8 total Court cases , which are against Sarah Palin.

Jouve Group hacked by Inj3ct0r Team Against The Nato Inj3ct0r Hackers Hacked the Jouve group websites and Upload there data at Sendspace Link . Message By hackers " For the Pride of Green LibyaAnd Supporting the Libyan Nation Against The Nato GangsWe are against terrorism and violence in Libya! Nato hacked " - Source . Hacked Domains are  http://www.jouve.com/ , http://www.jouve-germany.de/ & http://www.jouve.fr/ . Mirror Links are :  http://www.zone-h.com/mirror/id/14453765 & http://www.zone-h.com/mirror/id/14453766  . The main motive of these hacks according to Inj3ct0r Hackers " We are against nuclear weapons and terrorism ". There are 883 files in archive , It contains the site backup almost , as shown.

10 Peru government sites database Dump from #antisec Peru Antisec Hackers has Dump the database of 10 Peru government based sites. The Database is leaked at Pastehtml link . These sites are: http://www.came.edu.pe/ http://www.umch.edu.pe/ http://www.unac.edu.pe/ http://www.unmsm.edu.pe/ http://www.regionsanmartin.gob.pe/ http://www.essalud.gob.pe/ http://www2.minedu.gob.pe/ http://sitr.regioncallao.gob.pe/ http://www.ugelnasca.gob.pe/ http://www.regiontacna.gob.pe/grt1/indexn.php

15 Porn sites defaced by Amin Safi (Tunisian Hacker) Today 15 Famous Porn websites got hacked and Defaced by Tunisian Hacker named " Amin Safi ". List of hacked 15 Porn sites domains are available here  .

Critical Vulnerabilities in Facebook and Picasa discovered by Microsoft Microsoft security researchers have identified critical vulnerabilities in Facebook and Google Picase which led to account compromise and arbitrary code execution. The bug in Picasa that the MVR team found could allow an attacker to gain complete control of a user's machine if he could entice the victim into downloading a malicious JPEG file. It's not the most complex exploitation scenario, and in the current age of people sharing, downloading, emailing and re-posting photos on a variety of platforms, it might not be too difficult for an attacker to accomplish. " A vulnerability exists in the way that Picasa handles certain specially crafted JPEG images. An attacker could exploit this vulnerability to cause Picasa to exit unexpectedly and execute arbitrary code. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged o...

Harvard researcher arrested on hacking charges A Harvard researcher  Aaron Swartz  has been arrested in Boston for broke into the computer networks at the Massachusetts Institute of Technology to gain access to JSTOR, a non-profit online service for distributing scholarly articles, and downloaded 4.8 million articles and other documents - nearly the entire library Swartz was something of an internet folk hero as a teenager when he helped create RSS, a computer code that allows people to receive automatic feeds of online notices and news. He has emerged as a civil liberties activist who crusades for open access to data. In 2008, Mr Swartz released a '' Guerilla Open Access Manifesto '', calling for activists to '' fight back '' against the sequestering of scholarly papers behind pay walls. '' It's time to come into the light and, in the grand tradition of civil disobedience, declare our opposition to this private theft of public culture...