The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Mibbit AJAX IRC client service Hacked Mibbit AJAX IRC client service being hacked. The proof of hack is further backed up by Mibbit’s official statement. Mibbit is a web-based client for modern web browsers that supports Internet Relay Chat (IRC). Mibbit connects to IRC from anywhere on almost any device. There are Mibbit and hundreds of IRC networks for places to chat. The Anonymous sabu tweet that the Mibbit Chat network was Hacked and he had posted a Pastebin link on the tweet about the Mibbit details. On the pastebin Data there where many Personal Data and many links. The Mibbit had detected the unauthorized access to the server which runs their blog. Mibbit shut it down and began investigating . Later today at around 8pm GMT Mibbit shutdown the IRC services after it became clear that several pieces of backed up data had been accessed maliciously from another server, tools.mibbit.com. Mibbit now know the data's included The personal information of 9 Mibbit operators ...

AOL Postmaster Website hacked by HODLUM AOL’s postmaster.aol.com website was hacked Saturday afternoon by someone who goes by the name “ HodLuM .” The site was slightly defaced with a message from the hacker. “ AOL S3RV3RZ ROOT3D BY HODLUM LOLZ! ,” the message read. AOL finally discovered the hack, and fixed the page between two and four hours after evidence of the breach was posted to Reddit.com. The various forums where this hack was posted all included various jokes along the lines of, “ AOL still exists?! ” Ouch… The AOL Postermaster blog has so far not responded to the hack. The hack of AOL Postmaster comes at the end of a difficult week for AOL. While the hack of a minor AOL web property has nothing to do with the poor performance of its stock, the incident can only serve to worsen the mood at a company that’s struggling to stay upright.

DerbyCon 2011 Security Conference - Louisville, Kentucky  Welcome to a new age in security conferences, a new beginning, and a new way to share in the information security space. Our goal is to create a fun environment where the security community can come together and share ideas. Before we even released the CFP, our speaker list has filled up with of some of the industry’s best and brightest minds. That fact alone shows that DerbyCon is poised to change the face of security cons. Some of these speakers include: Dave Kennedy (ReLIK) - Founder DerbyCon, Creator Social-Engineer Toolkit, Fast-Track Adrian Crenshaw (Irongeek) - Founder, DerbyCon, Irongeek.com, Co-Host, ISD Podcast Martin Bos (PureHate) - Founder, DerbyCon, Question-Defense, BackTrack Developer HD Moore (hdm) - Founder Metasploit, CSO Rapid7 Chris Nickerson - Founder Lares Consulting, Exotic Liability Kevin Mitnick - Founder, Mitnick Security Consulting Ed Skoudis - Founder, InGuardians, SANS Instructor Br...

Joomla Canada website defaced by Group Hp-Hack Saudi Arabia Hackers with name " Group Hp-Hack " Deface the website of  Joomla Canada . In addition to this , They also hack and deface another domain " http://www.ethicalhackingcourses.com/ " - Hacker get Hacked .

zSecure - Web Security Consultancy Hacked by Mr52 ZSecure.net -  Web Security Consultancy services Provider hacked by Indian Hacker Mr52. Zsecure is the same firm who expose the Timesofmoney SQL Injection Vulnerability , Sify.com SQL Injection Vulnerability and Dukascopy.com SQL Injection Vulnerability , But there own site today got Hacked. Well, Zsecure currently take their site again back to normal homepage, But mirror of hack is available  here . Other Hacker By Mr52 can be seen here .

Facebook Status Update With XFBML Injection i Last week Acizninja DeadcOde share Tweaking Facebook Status with HTML button . Well today he is going to share another kind of cool tricks to tweak Facebook Status Update using XFBML Injection. With this tweak, we will do an injection on Facebook URL and then share the results of the injections on our Facebook status .Here's the preview and the url code : LIVE STREAM :   https://www.facebook.com/unix.root/posts/217926581593127 [code] http://www.facebook.com/connect/prompt_feed.php?display=touch&api_key=209403259107231&link=http://t.co/q3EzkPR&attachment={%27description%27%3A%27%3Cfb:live-stream%20event_app_id=%22266225821384%22%20width=%22400%22%20height=%22500%22%20xid=%22%22%20via_url=%22http://t.co/q3EzkPR%22%20always_post_to_friends=%22false%22%3E%3C/fb:live-stream%3E+%27} [/code] TEXT AREA :  https://www.facebook.com/unix.root/posts/136123736478234 [code] http://www.facebook.com/connect/prompt_feed.php...

$30 Child Toy is enough to hack FBI Radios The portable radios used by many federal law enforcement agents have major security flaws that allowed researchers to intercept hundreds of hours of sensitive traffic sent without encryption over the past two years, according to a new study being released today. A new report on the findings has been released by team leader and computer science professor Matt Blaze from the University of Pennsylvania. That details how a child’s toy, the $30 IM Me can be used to jam radios used by the FBI and Homeland Security. “ We monitored sensitive transmissions about operations by agents in every Federal law enforcement agency in the Department of Justice and the Department of Homeland Security, ” wrote the researchers, who were led by computer science professor Matt Blaze and plan to reveal their findings Wednesday in a paper at the Usenix Security Symposium in San Francisco. Members of the research group say they have contacted the Department of Ju...

German Hacker Cracks GSM Call Encryption Code A German computer boffin has worked out a way to crack code used to encrypt most of the world's mobile Internet traffic. Karsten Nohl is going to publish a guide to prompt global operators to improve their safeguards. Karsten Nohl and his team of 24 hackers began working on the security algorithm for GSM (Global System for Mobiles) in August.Developed in 1988, the system prevents the interception of calls by forcing phones and base stations to change frequencies constantly. Most of the UK's mobile phones use the GSM system and the breach represents a potential threat to the security of mobile phone communication. The discovery of a way to eavesdrop so-called General Packet Radio Service (GPRS) technology allows a user to read emails and observe the Internet use of a person whose phone is hacked, said Karsten Nohl, head of Security Research Labs." With our technology we can capture GPRS data communications in a radius of 5...

Emperor Hacking Team : iM4n account exposed Just a few days back, the Backbox Linux distribution based website got hacked by the Emperor Hacking Team. A few hours later, Backbox maintainers managed to reconstruct the attack step by step and found infos that proved "iM4n" as the attacker. He owns an account on www.server4you.de, a webhosting company specialized in virtually dedicated servers. His account has been hacked. Brief technical report:  http://raffaele.backbox.org/content/im4n-account-exposed Backbox Team : " Backbox is just a Linux distribution. Such an attack was absolutely unexpected. The 'dreaded' eMP3R0r_TEAM turned out to be a group of iranian activists who carry out random attacks on potential vulnerable websites by targeting mostly European ones. During our investigation and analysis we were able to obtain complete details of the man who personally performed the attack (nick iM4n) and we collected a variety of tests that confirmed his identity....

MySpace goes down because of Internal Errors, Not Hacked ! MySpace website was presented with a curious message that left many users believing that the service had been hacked. That apparently was not the case. Visitors to the social network were greeted by a largely blank page topped with the browser title bar that read "All is wrong :(" where the MySpace name would normally appear. In the upper left of the normally vibrant page was the message: "We messed up our code so bad that even puppies and kittens may be in danger. Please turn back ...now." It was followed up with the message, "* Have your pet spayed or neutered" in the lower right. Rumours spread quickly around the Twittersphere and in early media reports that MySpace had been hacked after an Anonymous-affiliated Twitter account referred to the hack. Members of the hactivist group recently vowed to take down the social-networking giant Facebook in November, but there is some suggestion that th...

Welt.de hacked - Credit Card info of 30264 users Compromised  Welt.de hacked using an SQL Injection ( http://boot24.welt.de/index_welt..php?ac =*** ). The Hacker was deeply penetrate into the infrastructure of the Website and copy number information from the database of MySQL. He has published the links to the excerpts. He did this by his own admission, to protest against the sale of user data to a third party operator. So far, only censored excerpts from the database of all 30 264 users of Welt.de were published. However, all data should be made public operators. [ Source ]

Operation Satiagraha - Brazil Corruption Scandal exposed , #Antisec provide 5GB of evidence Once Again Pandora’s box is open. In a joint move between LulzSec and Anonymous, as part of Operation Antisec, were released documents, photos, audio files and videos, exposing that wich was one of the greatest corruption scandals in the recent history of Brazil. In 2008, after four years of investigations, the Operation Satiagraha resulted in the arrest of several bankers, CFOs and investors, accused of corruption, misuse of public money, as well as money laundering. Antisec Hackers released a cache of evidence revealing government cover up of a corruption investigation involving the CIA, theBrazilian telecom industry, and multiple US corporations. The fact is that exposing so many powerful people, in both political and financial areas, Operation Satiagraha was eventually manipulated. Those who conducted the investigations were removed and habeas corpus were granted to the accu...

Free Gary McKinnon Campaign websites Hacked by TG ( TurkGuvenligi ) TG ( TurkGuvenligi ) today deface the websites of Free Gary McKinnon Campaign as shown. TG hacker is same who deface  Microsoft.com.br (Brasil)  some months before. Hacked Sites :  http://freegary.org.uk/ http://freegary.co.uk/ Mirror of Hack : http://zone-h.org/mirror/id/14649402 http://zone-h.org/mirror/id/14649399

In.com Hacked and Defaced by Mr52 One of the Leading Indian website " In.com " has been defaced by Indian Hacker Mr52 .This is the 3rd Biggest Site Hit by Mr52. He Upload shell on the Server for Defacing site. Readers can check the Linux Kernel and Username even also from Screenshot. Defaced Url :  http://mobile18.in.com/ Mirror of Hack :   http://zone-h.com/mirror/id/14643631

NERC - National Syrian energy research center Defaced by Cocain Team Cocain Hackers Team once again Hit Syrian. This time they hack and deface the website of  National Syrian energy research center . Site was defaced Yesterday and administrator again backup the site, But Readers can check hack mirror here .  Last week Official site of NDRRMC  and  Youth Peer Education Network (YPEER) Of Syria were hacked by Cocain TeaM.

SpyEye 1.3.45 Download - Loader source code A new fresh and sophisticated web-based bot named SpyEye is around in the markets and looks like to be the possible successor of the famous Zeus Trojan due to its very interesting features, with the main objective to steal bank accounts, credit cards, ftp accounts and other sensitive data from the victim’s computer. SpyEye was written in C++ and the size of the compiled binary is of 60 KB, the operating systems supported are from Windows 2000 to the recent Windows 7, it works in ring3 mode (same as Zeus Trojan). It is sold as undetected from most Antivirus Software and it is invisible from the task managers and other user-mode applications, it hides the files from the regular explorer searches and it hides also its registry keys. Snorre Fagerland, Senior Virus Analyst at Norman, briefly explains what the SpyEye online banking trojan is and what you need to be on the lookout for when banking online. SpyEye is actually sold by its au...

FireCAT 2.0 Released - Firefox Catalog of Auditing Extensions FireCAT (Firefox Catalog of Auditing exTensions) is a mindmap collection of the most efficient and useful Firefox extensions oriented application security auditing and assessment. FireCAT is not a replacement of other security utilities and software as well as fuzzers, proxies and application vulnerabilities scanners. FireCAT v2.0 - Firefox Catalog of Auditing exTensions Information Gathering Proxies & Web Utilities Editors Network Utilities Misc IT Security Related Application Auditing Download FireCAT here

University of Wisconsin-Milwaukee hacked - 75,000 social security numbers exposed University of Wisconsin-Milwaukee was the target. Malicious code was discovered on a document management database server. The university contacted law enforcement and after a month-long investigation realized that the database on the system contained over 75,000 records that included social security numbers for both students and employees. Nobody is sure how long the malware was running on the server, but it was shutdown once the breach was found. It’s suspected that the software was being used to identify cutting edge research that the school is working on, but that has yet to be confirmed. It’s also good to know that while students may have had their identity stolen, the database contained no “ academic information such as student grades ,” so at least the attackers won’t be able to identify whether students passed their criminology courses.

UNITED Security Summit 2011 , 19-20 September - San Francisco The UNITED Security Summit is focused on innovation and collaboration in the security community. Bringing together security decision makers, practitioners, commercial vendors, open source projects and academia, the Summit highlights technologies and approaches that will help organizations better cope with the increased security threats they are seeing on a daily basis.Based on the anatomy of a breach, the Summit provides educational and interactive sessions that will reflect on the fundamental security challenges from four perspectives through a common lens. Date : 19 September-20 September 2011 Location : Hyatt Fisherman's Wharf, San Francisco, USA

JonDo 00.15.004 IP changer with Bitcoin, connection manipulation protection and higher efficiency JonDos publishes a new version of the JonDo-Software, an IP changer and IP anonymization program, that you can use for anonymous surfing in the Internet with high security anonymous proxy servers. What is new? JonDo now integrates Bitcoin as additional payment method for the JonDonym Premium services: For every new payment, a new random Bitcoin address is generated. This hides against third parties for what a customer pays. Additionally, all data about the payment proccess are deleted after completion in order to fulfill even the highest privacy requirements. But of course, even if the identity of a buyer was known, neither JonDos nor the JonDonym operators could see what he/she does in the JonDonym system. Moreover, a stability protection against connection manipulations has been developed: In some countries, especially those in the middle east, HTTPS/SSL connections get manipulat...

HKEx - Hong Kong stock exchange Hacked Trading in Hong Kong was disrupted on Wednesday by a hacking incident on the Hong Kong Exchange website. " Our current assessment that this is a result of a malicious attack by outside hacking ," Charlies Li, chief executive of Hong Kong Exchanges & Clearing, told reporters. The seven stocks in question were all due to release sensitive results to the website that could impact the price of their stocks.Although the Hong Kong stock exchange also operates an alternative backup site for posting the results, it chose to halt trading of the affected stocks for the afternoon session.Stocks affected included HSBC, Cathay Pacific, China Power International and the Hong Kong exchange itself.It is unclear at this point whether the attack actually compromised the site, or if it was merely a denial of service attack. " It was the first time for a suspension due to such a kind of technical problem and one involving so many companies ,...

Hungry Hackers website hacked by CyberMind One of the Famous Hacking Tips and Tricks site "Hungry Hackers" -  http://www.hungry-hackers.com/  for Beginners got Hacked and Defaced by  CyberMind . The Hack shows that " Hackers are also not safe " . Update : Same site was also hacked on 2011-07-29 by Group Hp-Hack - Dr.TaiGaR and NeT DeviLSaudi Arabia Hackers . Mirror of hack can be seen here

Hackers Get Hacked at # Defcon 19 Conference There are so many ways to get hacked at the world’s largest hacker conference. A hacker could bump against your pocket with a card reader that steals your credit card information. Or a hacker might eavesdrop on your Internet traffic through an unsecured Wi-Fi network. Or a hacker might compromise your cell phone while you charge it in the hotel’s public phone-charging kiosk. More than 10,000 hackers and security experts have descended upon the Rio Hotel and Casino in Las Vegas this weekend for three days of lectures and contests. A hacker with name Coderman claim about such an incident Happens at Rao Hotel Well by early Saturday morning a weapon was deployed in DefCon. Some characteristics of Hack Attack : - full active MitM against CDMA and 4G connections from Rio to carriers. - MitM positioning for remote exploitation to ring0 on Android and PC. - fall back to userspace only or non-persistent methods when p...

#OpFacebook : Facebook will be down on November 5 by Anonymous Hackers Attack Anonymous has vowed to "destroy" Facebook on Nov. 5. Or more accurately, somebody has set up a Twitter account and YouTube channel to announce a plan dubbed "Operation Facebook." In a YouTube video, the hacking group warns, " Your medium of communication you all so dearly adore will be destroyed. " " If you are a willing hacktivist or a guy who just wants to protect the freedom of information then join the cause and kill Facebook for the sake of your own privacy. " The group said in its message that "Operation Facebook" would be begin November 5. It claimed the social network, based in Palo Alto,Calif., provides information to "government agencies" so they can "spy on people." If Operation Facebook is real, it could mark a new phase for Anonymous, which in recent weeks has joined forces with the remnants of the more tightly knit hac...

Citigroup hacked again - 92,000 customers info exposed from Japan For the second time this year, Citigroup has suffered a major breach of its credit customers’ personal information; this time the breach involved 92,400 customers at its Japanese unit. Citigroup's Japanese credit card unit said personal information for more than 92,000 of its customers was illegally sold to a third party. The information exposed included the names, account numbers addresses, phone numbers birthdates, and sex of 92,408 credit card holders, Citi Cards Japan warned in an advisory (PDF) issued Friday . The personal identification numbers and card security codes were not accessed. Citi Cards Japan did not mention how customer information was obtained as the sale of such information is currently under investigation. “ While the risk of fraud is minimal due to the absence of security information, CCJ has placed internal fraud alerts and enhanced monitoring on all accounts identified, and no unusual...

Indian Govt wants monitoring access for Twitter, Facebook,Skype and Google India's authorities are already forcing Research In Motion to grant access to the encrypted email and instant messages of its BlackBerry users, and now the government is pressuring Google and Skype too. Doesn't the government understand technology? Or, with new successes in the Indian economy, maybe the nation is feeling the need to flex a few muscles. India's communications ministry has been asked by the home ministry to monitor social networking websites such as Twitter and Facebook amid fears that the services are being used by terrorists to plan attacks. The request suggests that the Indian government is trying to broaden the scope of its online surveillance for national security. Telecommunications service providers in India provide facilities for lawful interception and monitoring of communications on their network, including communications from social networking websites such as Facebook...

#DefCon 19 : Presentations from the Defcon Conference for Download Defcon 19 presentations available for download, Go check out the presentations from this year’s defcon conference here:  http://good.net/dl/k4r3lj/DEFCON19/ For folks that don't have time to click: curl -silent http://good.net/dl/k4r3lj/DEFCON19/ | grep -i 'pdf' | cut -d '"' -f 8 | cut -d '<' -f 1 | grep -v '/' > dc19pdf.txt; for i in $(cat dc19pdf.txt); do curl --location "http://THIS-DOWNLOAD-WOULD-BE-FASTER-WITH-A-PREMIUM-ACCOUNT-AT-good.net" -L "http://good.net/dl/k4r3lj/DEFCON19/$i" > $i; done

BlackBerry blog site hacked by TriCk – TeaMp0isoN against London riots Hacking crew team TriCk – TeaMp0isoN today hack and deface the blog website of BlackBerry against London riots, One of the leading Mobile Company. They post a message also on homepage, as given below . Also There were calls on Tuesday to shut down the BlackBerry Messenger service which is thought to have helped mobilise looters in the riots in London. Mirror of Hack can be seen here . Message posted by TeaMp0isoN on Blog site : This hack is a response to this statement by RIM: “We feel for those impacted by this weekend’s riots in London. We have engaged with the authorities to assist in any way we can. As in all markets around the world Where BlackBerry is available, we cooperate with local telecommunications operators, law enforcement and regulatory officials. Similar to other technology providers in the UK we comply with The Regulation of Investigatory Powers Act and co-operate fully with the Home ...

Tweaking Facebook Status with HTML button Have you thought that Facebook status updates that can be modified ? Yes we have a tweak for you :  One is a Button Tag.  One of our Hacker Friend " Acizninja DeadcOde " , admin of  http://blog.cyber4rt.com sharing such cool tweaks with The Hacker News readers : Here's the concept: 1. Log in to your Facebook account. 2. Copy and paste the url code below into the Address Bar and press the Enter key: https://www.facebook.com/dialog/feed?app_id=209403259107231&redirect_uri=https%3A%2F%2Fwww..facebook.com&message&link=http%3A%2F%2Fwww.thehackernews.com%2F&name=<center><button>Visit+:+The+Hacker+News<%2Fbutton><%2Fcenter> 3. After that just press the button SHARE, and see your Facebook profile.You can also send them to friends, Fans Page & Events. NOTE : app_id=209403259107231 ( App ID on Facebook, Keep it same ) Redirect_uri = http://www.facebook.com ( This Wil...

Official Website of Will Smith's Daughter Willow Smith Hacked Today a Hacker with name  BLaCk SPECTRE hack and Deface the  Official Website of Willow Smith .Willow is the daughter of musician-actor Will Smith and actress Jada Pinkett Smith. May be this attack is just for fun, as no message is posted on site.

Syrian Hackers Deface AnonPlus - Anonymous Social Network After the hacking gang Anonymous took credit for defacing Syria's Ministry of Defense website , a Syrian group retaliated on Monday by posting gruesome photos on Anonymous embryonic social network. The defacement of AnonPlus (http://anonplus.com/), the site Anonymous set up last month when it was booted off Google+ — did not include the name of the group responsible. The University of Toronto's Citizen Lab, however, credited the AnonPlus defacement to the ' Syrian Electronic Army ' in a message posted to Twitter. ' In response to your hacking to the website of the Syrian Ministry of Defence, the Syrian people have decided to purify the internet of [y]our pathetic website ,' the defacement read Where as Anonymous Claim that, AnonPlus is not their any Official site. Lulzsec leader Sabu tweet  " Turns out people were correct: anonplus.com was a troll domain. Belongs to "fro" aka "cnap...

EC-Council is launching " CyberLympics " - Olympic games for Cyber Security Global CyberLympics is conceptualized and organized by EC-Council. The goal of the CyberLympics is to raise awareness towards increased education and ethics in information security. The mission of the Global CyberLympics is Unifying Global Cyber Defense through the Games. EC-Council’s Global CyberLympics , the world’s first ethical hacking championship will be held this September across six continents. The Global CyberLympics is endorsed by the U.N.‘s cybersecurity executing arm. The mission behind the games is to foster better cooperation and communication on cybersecurity issues among countries. Global CyberLympics is a series of ethical hacking games comprised of both offensive and defensive security challenges that will take place starting from September across six continents. Teams will vie for regional championships, followed by a global hacking championship round to determine the world’s b...

TeaMp0isoN : NASA forum is Vulnerable SQL injection, Admin Hacked ! TeaMp0isoN Hackers crew today Reveal on twitter that the discussion forum on NASA website at  https://worldwind35.arc.nasa.gov/forum/ is Vulnerable to SQL injection. The discussion Forum script is Powered by Vbulletin. According to hacker, He use Vbulletin 4.0.x => 4.1.3 (messagegroupid) SQL injection Vulnerability Exploit for hacking the Database of Forum . Hacker also expose the Login details of Admin of website on Pastie .