The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Mikko Hypponen : Fight cybercrime, but keep the net free Mikko Hypponen is an expert on cybercrime and chief research officer at F-Secure Corporation in Helsinki, Finland. TED is a nonprofit organization dedicated to "Ideas worth spreading," which it distributes on its website . In the real world, you only have to worry about the criminals who live in your city. But in the online world, you have to worry about criminals who could be on the other side of the planet. Online crime is always international because the Internet has no borders. Today computer viruses and other malicious software are no longer written by hobbyist hackers seeking fame and glory among their peers, but by professional criminals who are making millions with their attacks. These criminals want access to your computer, your Paypal passwords and your credit card numbers. Criminal online gangs recruit people with high level computing skills but no job opportunities in the real-world economy. There is...

#DefCon 19 : Android Network Toolkit for Penetration Testing and Hacking Have an Android and wanna start pwning people, networks and machines like penetration testers do? Defcon 2011 is in full hacking swing, and Itzhak Avraham -- "Zuk" for short -- and his company Zimperium have unveiled the Android Network Toolkit for easy hacking on the go. Need to find vulnerabilities on devices using nearby networks? The app, dubbed "Anti" for short, allows you to simply push a button to do things like search a WiFi network for potential targets, or even take control of a PC trojan-style. The firm says the tool’s purpose is for people to find aged exploits and patch them so that “hacking” their network and taking control of devices connected to it isn’t as easy as putting together a 10 piece puzzle. It will allow users to do more than just “find” these exploits, though – you can actually act on them as if you had every intent to cause malintent.Commands like “ man-in-the-m...

Call for DEFCON Chennai (DC602028) 2011 meet on 14th August Welcome to DC602028 aka DEF-CON Chennai  DEFCON Chennai (DC602028) inviting all the like minded heads for the August 2011 meet In Chennai. Get Ready for Next Generation DefCon Meet.. -Where it 's taking place? Dazzle restaurant, Neelankarai Chennai. -At what time? From 4PM to 6PM. -Who will be the speaker ? There is no speaker, really. We dont have any speakers. It's going to be a Hacker meet, so we want each and everyone among us to share their little adventure. In other words "All are Speakers". -What are we going to talk about? Literally about everything on the "Hack Field". PS: We will be discussing about Exploits and Narcissism. - Will I get a Free foods, Drinks and hukka? Sorry due to recession, we are in recession. We advice you to have 300rs to 500rs ;-) - How can I contact DEF-CON Chennai? You can contact us at defchennai@gmail.com .  Please leave your name and ph...

Oracle, other companies hacked by Social Engineering attack in #DefCon 19 A weekend contest from 4th August to 7th August , at the world's largest hacking convention in Las Vegas showed one reason why big corporations seem to be such easy prey for cyber criminals : their workers are poorly trained in security. Reuters post the news about Hacking of Oracle and some more big Companies just by using Social Engineering in DefCon 19. Hackers taking part in the competition on Friday and Saturday found it ridiculously easy in some cases to trick employees at some of the largest U.S. companies to reveal information that can be used in planning cyber attacks against them. A contestant pretended to work for a company's IT department and persuaded an employee to give him information on the configuration of her PC, data that could help a hacker decide what type of malware would work best in an attack. " For me it was a scary call because she was so willing to comply ," said...

Youth Peer Education Network Of Syria Defaced by Cocain TeaM Hacker from Cocain Underground Team today deface the website of   Youth Peer Education Network Of Syria . The Youth Peer Education Network (YPEER), is a groundbreaking and comprehensive youth-to-youth initiative pioneered by UNFPA.Y-PEER Network is already in 48 countries Including (SYRIA) and still counting. Mirror of Hack is available  here . Yesterday Official site of NDRRMC was hacked by Cocain TeaM  . and just few hours before  Syrian Ministry of Defense is hacked by Anonymous Hackers.

Sulekha.com Got hacked by Mr52 An Indian Hacker " Mr52 " Hack and deface the webpage of  Sulekha.com - A leading shopping store of India. Hacker said " Sulekha.com Got hacked because they take money but never give any support ".  Defaced Page and Mirror of Hack is Available. Some days before  Songs.pk was also hacked by Mr52 Against Mumbai blasts. Update : One more Link hacked on Sulekha.com By Mr52 .

Syrian Ministry of Defense hacked by Anonymous Hackers The official website of  Syrian Ministry of Defense has been hacked by Anonymous Hackers and defaced. The Anonymous Logo and a note can be seen on homepage. The Original words of Note is : To the Syrian people: The world stands with you against the brutal regime of Bashar Al-Assad. Know that time and history are on your side - tyrants use violence because they have nothing else, and the more violent they are, the more fragile they become. We salute your determination to be non-violent in the face of the regime's brutality, and admire your willingness to pursue justice, not mere revenge. All tyrants will fall, and thanks to your bravery Bashar Al-Assad is next. To the Syrian military: You are responsible for protecting the Syrian people, and anyone who orders you to kill women, children, and the elderly deserves to be tried for treason. No outside enemy could do as much damage to Syria as Bashar Al-Assad has done. Defend yo...

Moshi Moshi : VoIP bot written in Python Moshi Moshi is a VoIP Bot written in Python that uses SIP as VoIP Protocol, Text-to-speech engines for Output, and DTMF Tones for Input. It is part of a talk (" Sounds Like Botnet ") given at DEF CON 19 and BSidesLV 2011 on VoIP Botnets by Itzik Kotler and Iftach (Ian) Amit. Download Moshi Moshi Extras: - Python 2.7+ - SIP SIMPLE Client - catdoc - Text-to-speech engine such as , Mac OS X 'say' and etc. More Instructions and Details can be found here .

10 year old girl hacker CyFi reveal her first zero-day in Game at #DefCon 19 Another awesome day at DefCon 19 . Today a 10 year old Girl hacker - pseudonym CyFi revealed her zero-day exploit in games on iOS and Android devices that independent researchers have confirmed as a new class of vulnerability. The 10-year-old girl from California first discovered the flaw around January 2011 because she " started to get bored " with the pace of farm-style games. About CyFi : She is cofounder of DEFCON Kids. CyFi is a ten-year-old hacker, artist and athlete living in California. She has spoken publicly numerous times, usually at art galleries as a member of “The American Show,” an underground art collective based in San Francisco. CyFi’s first gallery showing was when she was four. Last year she performed at the SF MOMA Museum in San Francisco. DEFCON Kids will be her first public vulnerability disclosure. CyFi’s has had her identity stolen twice. She really likes coffee, but h...

Official site of NDRRMC hacked by Cocain TeaM The official website of the National Disaster Risk Reduction and Management Council (NDRRMC) was hacked and defaced on Sunday morning By Cocain TeaM . Visitors of the website were greeted with a black page with what appeared to be a map of the Persian Gulf and a message that read " P E R S I A N G U L F 4 E V E R. " According to NDRRMC Executive Director Benito Ramos, this is the third time that their website was hacked in the middle of disseminating information to local governments.

LulzSec's Leader Sabu can be at DefCon Security conference LulzSec's Leader Sabu can be at DefCon Security conference in Las Vegas these days. According to a Article on PCMag , Author note some Tweet chat Between "Sabu" and "th3j35t3r". The LulzSec leader Sabu claimed to have been available in DefCon via a tweet . " #DEFCON Come find me in the middle of the vendor room, directly opposite No Starch Press. Mention ANTISEC and get a free sticker. #fuckfeds ". On this  thejester (th3j35t3r) , claimed to be at DefCon as well and challenged Sabu to meet with him in public. Sabu Replied via tweeting : " @th3j35t3r Again, you're still trying to set me up with #feds. How about you MAN UP and meet me privately. I'm not going to jail for you. ". It's unconfirmed as yet whether Sabu was truly in attendance at DefCon. In one tweet , Sabu does refer to " two feds that came to the booth, " presumably the No Starch Press bo...

Lulzsec  Brazil  Leaks the Federal Police 8 GB of Data Lulzsec Hackers from Brazil Today leaks the huge 8Gb of Documents data of Federal Police on their website . The Data includes the various Documents and photographs related to Federal Office. This is another mass leak after ,  10GB data of law enforcement agencies leaked by #AntiSec Hackers yesterday.

Pakistani Matrimonial Website ' PakRishta ' defaced by Cyb3r R3b3li@nZ Pakistani Matrimonial Website ' PakRishta.com ' defaced by Hacker name " Cyb3r R3b3li@nZ " . Hacker said " This site is just hacked to inform the admin to remove the file uploading vulnerabilities in the profile picture uploading. This vulnerability allow the attacker to upload any malicious file on the server. " Mirror of hack :  http://zone-h.org/mirror/id/14581926 Submitted By: F@si Wolf

Italian Police website  SAPPE   defaced by #Antisec Hackers Anonymous Hackers deface the website of Italian Police ,  SAPPE - Independent Police Trade Union Prison  for Operation Antisec. Hackers dedicate there Hacks to Operation #FreeTopiary also. Hack is possibly Perform by  @LulzSecITALY  &  @anonitaly  . Hacker Leave a Pastebin Url on deface page , which contains a message by hackers. Complete message is :

10GB data of law enforcement agencies leaked by #AntiSec AntiSec , Lulzsec and Anonymous Hackers once again leak a huge data of 10GB at  https://vv7pabmmyr2vnflf.tor2web.org/  , hacked from 70 law enforcement agencies. The leak contain hundreds of compromising email spools, personal information about officers, police training videos, and the contents of insecure anonymous tip systems. Also Over 300 mail accounts from 56 law enforcement domains. Missouri Sheriff account dump (mosheriffs.com)7000+ usernames, passwords, home addresses, phones and SSNs. Online Police Training Academy filesPDFs, videos, HTML . Plesk plaintext server passwords (ftp/ssh, email, cpanel, protected dirs).files. "Report a Crime" snitch list compilation (60+ entries).  Stolen Credit Card information from mosheriffs.com online store also leaked on Pastebin . The Data is leaked on twitter via account @ioerror . Update : Video from Newsy . Multisource political news, world news, and en...

Pentagon launches " Cyber Fast Track " program to fund hacker innovation Peiter Zatko, a hacker known as Mudge who is now at the Defense Advanced Research Projects Agency, said he joined the Pentagon's research arm to try and build bridges between the government's cybersecurity needs and hackers working on innovative projects. DARPA has launched the "Cyber Fast Track" program, intended to cut red tape for hackers to apply for funding for projects that would help the Defense Department secure computer networks. The Defense Advanced Research Projects Agency (DARPA) is an agency of the United States Department of Defense responsible for the development of new technology for use by the military. DARPA has been responsible for funding the development of many technologies which have had a major effect on the world, including computer networking, as well as NLS, which was both the first hypertext system, and an important precursor to the contemporary ubiquitou...

SIG Sauer - Security Intelligence Group Hacked by LulzaMac Nothing is Secure on Internet Now.  SIGARMS Academy website Hacked by hacker " LulzaMac ". SIGARMS Academy is committed to providing safe, responsible and accurate firearms training and courses which are nationally and internationally recognized for law enforcement, military, and the private security industry.  Hacker Expose the Usernames, Password and Email of Users and Admin via Pastebin link as shown below. Hacker Promise to leak huge database from  http://www.freeappaday.com/  soon.

Forbes.com Vulnerable to XSS injection One of the Leading News Company Forbes is Vulnerable. Hacker with name " B1uB3rry " expose that Forbes.com is vulnerable to possible SQL injection but confirmed to be vulnerable to Cross Site Script Injection (XSS) & HTML Injection. According to hacker " One can easily deface the website as other vulnerabilities exist. "  Live Example of XSS injection on Forbes  . Hacker is Admin of  B1uB3rry Security Team (San Antonio, TX). Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables attackers to inject client-side script into web pages viewed by other users. UPDATE: Another XSS on Subdomain of Forbes . This Vulnerability also exposed by a hacker on Twitter .

BlackBuntu V0.3 Released For Blackbuntu 0.3 we are supporting both x86 and x86_64 architectures.Security and Penetration Testing tools available in Blackbuntu : Information Gathering Network Mapping Vulnerability Identification Penetration Privilege Escalation Maintaining Access Radio Network Analysis VoIP Analysis Digital Forensic Reverse Engineering Miscellanious You can download the Blackbuntu Community Edition 0.3 ISO DVD with the following link: ISO Image(Torrent) Blackbuntu Community Edition 0.3 x86 torrent Blackbuntu Community Edition 0.3 x86_64 torrent VMWARE (Torrent) Blackbuntu Community Edition 0.3 x86 torrent Blackbuntu Community Edition 0.3 x86_64 torrent Virtual Box Image(Torrent) Blackbuntu Community Edition 0.3 x86 torrent Blackbuntu Community Edition 0.3 x86_64 torrent

Customs Authority of Yemen hacked for Protest against Government  Today a Yemen Hacker " Alexploiter " Deface the Website of Customs Authority of Yemen , to show his Protest against Government. Hacker claim that" Well this week i hacked .gov.ye (Yemens govs sites) for now i am controlling the DB of the customs authority of Yemen and there is many more .gov.ye going down soon , reason is that the situation in Yemen now getting worse and worse , and we cant keep watching our bad gov killing the the people in theremore .gov.ye site is going down soon ".

#Blackhat Conference : Square Mobile Gadget allows to Hack Credit Cards Researchers at the Black Hat security conference today revealed two ways the Square payment system , which turns any iPhone, iPad or Android into a point-of-sale credit card processor, could be used for fraud.  Square a mobile gadget that enables Android, iPhone, iPad, and iPod touch users to accept credit card payments  can be hacked to steal credit card data, with very little technical hardware required. Adam Laurie and Zac Franken, directors of Aperture Labs, discovered that due to a lack of encryption in the current Square app and free dongle for swiping cards, the mobile payment system can be used to steal credit card information, without even having the physical credit card.Square works by converting credit card data into an audio file that is then transmitted to the credit card issuer for authorization. "The dongle is a skimmer. It turns any iPhone into a skimmer," Laurie said. To clone a ca...

c0c0n 2011 (Hacking and Security Conference) - Call for Papers Announcing c0c0n 2011 - Oct 7-8 Cochin , India c0c0n is an annual event conducted as part of the International Information Security Day. The Information Security Research Association along with Matriux Security Community is organizing a two day International Security and Hacking Conference titled c0c0n 2011, as part of Information Security Day 2011. Various technical, non-technical, legal and community events are organized as part of the program. c0c0n 2011 is scheduled on 07 and 08 Oct 2011.The number of digital security incidents and cyber crimes are increasing daily on a proportionate rate. The industry is demanding more and more security professionals and controls to curb this never ending threat to information systems. c0c0n is aimed at providing a platform to discuss, showcase, educate, understand and spread awareness on the latest trends in information, cyber and hi-tech crimes. It also aims to provide a hand-s...

Get Ready for Microsoft 13 updates for August Patch Tuesday Microsoft has announced that it will release 13 bulletins to address 22 vulnerabilities in Windows, Office, Internet Explorer, .NET and Visual Studio on its next Patch Tuesday. Another "critical" bulletin affects Windows server operating systems, and addresses a code-execution risk on unpatched systems. Also of note is an update restricted to newer versions of Windows (Windows 7 and Windows 2008) that tackles a potential, though difficult to exploit, code-execution risk. Scheduled for release next Tuesday 9th August. Wolfgang Kandek, CTO of Qualys, commented that the update will have patches for end-users, server administrators, office users and software developers. He said: “ Top priority should be given to a critical bulletin that affects Internet Explorer 6 through 9 on Windows 7, XP, Vista, 2003 and 2008. If left unpatched, attackers could use this vulnerability to remotely take control of victims' sys...

BackBox - Linux distribution based website Hacked BackBox is a Linux distribution based on Ubuntu Lucid 10.04 LTS developed to perform penetration tests and security assessments. Designed to be fast, easy to use and to provide a minimal yet complete desktop environment thanks to its own software repositories always been updated to the last stable version of the most known and used ethical hacking tools. Two Days back backbox linux website got hacked by Emperor Hacking Team and 3 subdomains named ' Forum.backbox.org ' & ' wiki.backbox.org ' & ' rafaelle.backbox.org ' also got defaced. mirror link1:  http://zone-h.org/mirror/id/ 14521377   www.backbox.org mirror link2:  http://zone-h.org/mirror/id/ 14521376 forum.backbox.org mirror link3:  http://zone-h.org/mirror/id/ 14521386 raffaele.backbox.org

Mini PHP Shell 27.9 V2 Released According to Developer jos_ali_joe and [ Devilzc0de ] " This is a continuation of PHP Shell Mini 27.9 V1 , Editing Shell c99 and new tools ". Features :  Encoder , Processes , FTP-Brute-Forcer , Server-Information , SQL-Manager and etc. Download :  http://www.megaupload.com/?d=DRHS3AV9 Disclaimer : Use at your own Risk, Shell may have Backdoor.

The Social-Engineer Toolkit v2.0 Released The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed. This is the official change log: Removed un-needed assignment in core around create random string Added the Binary2Teensy option in the Teensy menu, this will allow you to create a payload and inject alphanumeric shellcode through shellcodeexec in a new technique released at BSIDESLV Changed the path of metasploit to be /opt/msf3/framework3 versus /pentest/exploits/framework3 Added the ability for multiple payloads in binary2teensy attack Added the ability to leverage the SDCard mounted Teensy device with payload generation without mounting the SDCard to the victim machine Fixed a bug where webattack_email turned on would not trigger base...

GFI SandBox - Powerful automated malware analysis GFI SandBox™ (formerly CWSandbox) is an industry leading dynamic malware analysis tool. It gives you the power to analyze virtually any Windows application or file including infected: Office documents, PDFs, malicious URLs, Flash ads and custom applications.Targeted attacks, hacked websites, malicious Office documents, infected email attachments and social engineering are all part of the Internet threat landscape today. Only GFI SandBox™ gives you a complete view of every aspect and element of a threat, from infection vector to payload execution. And GFI SandBox can quickly and intelligently identify malicious behavior using Digital Behavior Traits™ technology. Features Dynamic threat analysis Dynamic and threat analysis shows how applications execute on the desktop, what system changes were made, and the network traffic generated. When coupled with Digital Behavior Traits you get the ability to automatically identify malicious act...

Timesofmoney Database Hacked using Sql Injection Vulnerability General Information About the Vulnerability This is again a critical vulnerability discovery made by zSecure Team in TimesofMoney website. The group claims that there exist a critical SQL Inejction Vulnerability in the timesofmoney's website using which an attacker can gain access to the site's entire database which contains the huge amount of customers confidential information. Even many indian banks are availing the service of the timesofmoney. This vulnerability may prove to be very critical for the company because TimesofMoney is India's one of the leaders in e-payment system. Existence of such a critical flaw in company's web may cause huge to the existing market reputation of the company concerned. At the end of their advisory the zSecure Group left a small message which claims that they have discovered alike vulnerability in HDFC Bank's website and in coming days the group may come up with the...

Orange.es Vulnerable To SQLi - Found by Invectus People have never focused on SQL injection much, They have no clue that its the most common method which big companies are vulnerable to. Hacker with name " Invectus " , Found the SQL injection Vulnerability in  Orange.es . Vulnerability has been exposed via Social Networks.

JD-GUI - Fast Java Decompiler Download JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields. JD-GUI is free for non-commercial use. This means that JD-GUI shall not be included or embedded into commercial software products. Nevertheless, this project may be freely used for personal needs in a commercial or non-commercial environments. Download : jd-gui-0.3.3.windows.zip Size : 691.67 KB jd-gui-0.3.3.linux.i686.tar.gz Size : 973.8 KB jd-gui-0.3.3.osx.i686.dmg Size : 1.37 MB

OllyDbg 2.01 alpha 4 released Other new features in this version: - Patch manager, similar to 1.10 - Shortcut editor, supports weird things like Ctrl+Win+$ etc. Now you can customize and share your shortcuts. I haven't tested it on Win7, please report any found bugs and incompatibilities! - Instant .udd file loading. In the previous versions I've postponed analysis, respectivcely reading of the .udd file till the moment when all external links are resolved. But sometimes it took plenty of time, module started execution and was unable to break on the breakpoints placed in the DLL initialization routine - Automatic search for the SFX entry point, very raw and works only with several packers. Should be significantly more reliable than 1.10. If you tried it on some SFX and OllyDbg was unable to find real entry, please send me, if possible, the link or executable for analysis! - "Go to" dialog lists of matching names in all modules - Logging breakpoints can proto...