The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

20 Famous websites vulnerable to Cross Site Scripting (XSS) Attack Most of the biggest and Famous sites are found to be Vulnerable to XSS attack . Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Recently, vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. Cross-site scripting was originally referred to as CSS, although this usage has been largely discontinued. Hacker with code name " Invectus " list some such famous sites with XSS vulnerability as listed below : 1.) http://video.state.gov/en/search/img-srchttp-i55tinypiccom-witu7dpng-height650-width1000/Ij48aW1nIHNyYz0iaHR0cD...

Games.com XSS Vulnerability by Cyber4rt One of the Biggest site for Hasbro Games, Video Games & Online Games - Games.com having XSS Vulnerability as shown in screenshot and Discovered by " Acizninja DeadcOde " at  Cyber4rt .

ComodoHacker  responsible for DigiNotar Attack The hacker warns the Internet community that he has access to 4 other high-profile CAs, among them being GlobalSign, a certification authority from the U.S. He threatens that he will use his power over the companies to issue false certificates, which will later become the weapon of his revenge against countries who deserve it.In his own words, he said “ I won't talk so many detail for now, just I wanted to let the world know that ANYTHING you do will have consequences, ANYTHING your country did in past, you have to pay for it... ”. Complete Message here . An Iranian hacker posting a message on a Pastebin account boasting of his exploits and claiming to have access to more CAs. As a proof to show that he really did infiltrate DigiNotar, he shares the domain administrator password of the CA network:Pr0d@dm1n . Around 300.000 unique requesting IPs to google.com have been identified," Fox-IT said in the report. On Aug. 4 the ...

DDOs Tracer - 1.0 Released by MaxPainCode At most any time of the day, there's a distributed denial-of-service (DDOS) attack underway somewhere on the Internet. Yes, it's still true, despite reports that some ISPs have experienced fewer DDOS attacks overall during the last six months. It's a matter of quality, not quantity: " When DDOSes do occur, they are done with much greater purpose than they used to be ," says Rodney Joffe, senior vice president and senior technologist for Neustar, a directory services and clearinghouse provider for Internet industry. " They are usually to obscure what's [really] happening in the background ." So if you want to be safe and trace someone like a pro here is the tool that is being used by tracing the ms per second and then if the site goes down or just get lot of traffic it will report the time that the attacker started his web attack, that is really good as you can report the attack and give to police more inf...

Uronimo - Mobile platform website Hacked by Team Inj3ct0r Uronimo - Mobile platform Hacked by  Team Inj3ct0r today. They leak the database of site on Pastebin , including Username, Hash Password, emails and Phone Numbers of 1000 users.

Department of Homeland Security warns Anonymous Hackers The Department of Homeland Security is beginning to take Anonymous and other non-professional cyber-attackers more seriously as it issues a warning about potential attacks. The 2 September security bulletin from the DHS National Cyber-Security and Communications Integration Centre warned financial services companies to be on the lookout for attackers operating under the Anonymous umbrella to “solicit ideologically dissatisfied, sympathetic employees” to the cause. The unclassified DHS communique is addressed broadly to those in charge of cybersecurity and critical infrastructure protection and also warns about new tools that Anonymous has said it plans to use in launching future attacks. One of the attack tools highlighted in the alert is dubbed #RefRef, which is said to be capable of using a server's resources and processing power to conduct a denial of service attack against itself. " Anonymous has stated publi...

United Nations Sub-Domain of Swaziland hacked by Cocain Team Hackers Swaziland sub domain of United Nations website Got defaced by Cocain Team Hackers. Mirror of hack also posted on Zone-H. Last hacks By Cocain Team Hackers are : Official site of NDRRMC hacked by Cocain TeaM Egyptian Consulate in United Kingdom Defaced Cocain hackers NERC - National Syrian energy research center Defaced by Cocain Team Youth Peer Education Network (YPEER) Of Syria Defaced by Cocain TeaM

Theregister.co.uk , Vodafone, Telegraph, Acer, National Geographic got hacked by Turkguvenligi The Register  One of the Biggest British technology news and opinion website got hacked by Turkguvenligi . Not only this Vodafone , Telegraph , Acer , National Geographic , Ups.com  , betfair.com  also got hacked by him.  Turkguvenligi is also know with name " TG Hacker '. These hacks are done by DNS Hijacking  method. But still theregister.co.uk and other sites are accessible via the original IP address ( 68.68.20.116 ) from several places around the world. Nameserver lookup of the register has the following nameservers now: theregister.co.uk. 86129 IN NS ns4.yumurtakabugu.com. theregister.co.uk. 86129 IN NS ns2.yumurtakabugu.com. theregister.co.uk. 86129 IN NS ns1.yumurtakabugu.com. theregister.co.uk. 86129 IN NS ns3.yumurtakabugu.com. But, It should probably look something like: theregister.co.uk nameserver = ns1.theregister.co.uk theregister....

European Union hacked by Inj3ct0r Team One of the Sub domain of European Union hacked and Defaced by Exploit writers at  Inj3ct0r Team . Hacker deface the web page and wrote : We are against nuclear weapons.  We are against violence in Libya.  We are against the arrest of policy Tymoshenko's in Ukraine. We are opposed to Russian influence in the territory of Ukraine!  Fuck off Russian President Medvedev, Prime Minister Putin , and Ukraine President Yanukovich !  You are idiots! You are trying to scold the Slavic peoples.  Soon your conspiracy against Ukraine will be published on WikiLeaks !  Ukraine will never be a colony of Russia ! You can arrest me, but you do not arrest the idea.  I am not alone, we are legion. *** Незалежна Україна Від розпроданих банкірів, Партії продавших, Від гнучких політиків, Голоси віддавших, Від прем’єр-міністрів, Що мови не знають, І від зеків-президентів, Що опозицію саджають... *** Hacker P...

100's of Israel Websites Hacked By Cyber-Warrior / AKINCILAR Group Cyber-Warrior / AKINCILAR Group has started an attack about the political tension between Turkey and Israel (Ahmet Davutoglu - Dr. Michael Ben-Ari), and they still keep attacking. Cyber-Warrior / AKINCILAR Group made a name for themselves by hacking thousands of websites that insults their country, religion and nation. The group is called as “ Virtual Castle of Turkey ”. Within the context of attack the website of Dr. Michael Ben-Ari who attracted attention by saying “ Turkey should be declared as enemy country ”. To show their protest in the virtual world Cyber-Warrior / AKINCILAR Group has also hacked the free hosting service called 020.com ’s all the websites. After the attack the personal website and thousands of other Israel websites’ homepages changed with the same text. The following text have put on hacked websites’ homepages: “ Israel has to apologize from Turkey and all Islamic world because of ...

BackBox Linux 2 released The BackBox team is proud to announce the release of BackBox. Linux 2.BackBox 2 features the following upstream components: Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8. BackBox is an Ubuntu-based distribution developed to perform penetration tests and security assessments. It is designed to be fast and easy to use. It provides a minimal yet complete desktop environment, thanks to its own software repositories, which are always updated to the latest stable versions of the most often used and best-known ethical hacking tools. What's new System upgrade Performance boost New look and feel Improved start menu Bug fixing Hacking tools new or updated Three new section: Vulnerabilty Assessment, Forensic Analysis and VoIP Analysis Much, much more! System requirements 32-bit or 64-bit processor 256 MB of system memory (RAM) 2 GB of disk space for installation Graphics card capable of 800×600 resolution DVD-ROM drive or USB port Download BackBox...

Mobile APP Network Forum Hacked, 15000 user accounts leaked Mobile APP Network Forum is Hacked by "Why So Serious?" hacker. He also hacked VBTeam.info and EA Game - Battlefield Heroes some days before. He leaked over 15.000 accounts of the community (Forum) on Pastebin in two parts. Part 1 Part 2

Pakistani Music site Database and Vulnerability Exposed by Maxt Breaker A hacker with name " Maxt Breaker " hack one of the Pakistani Music website and expose its  Database and Vulnerability via posting on public sites. Vulnerable Link is also shown in Image and some sample of database is also visible. Hacker claim to hack 996 User Email ID and Password from site and make them Public.

HDFC Bank Database Hacked by zSecure team using SQL injection vulnerability zSecure team is back in news again, this time they have discovered a critical SQL injection vulnerability in HDFC Bank's Web Portal. Using this critical flaw HDFC Bank's various databases can be accessed and dumped as well. This critical flaw really affects the customer realtions of HDFC Bank's and this really questions the existing security in place within bank. HDFC Bank is the leading bank in India but they lack behind the basic security that needs to be implemented. zSecure team claimed in their blog post that even after sending them complete details about the vulnerability and even after conducting the vulnerability assessment from the third party service provider they were not able to discover this critical falw which existed in their web portal. This really raises a big question on their existing security policy. What would have happened if somone else would have gained acceess to this c...

Anonymous Release Press Release for Operation Tarmageddon Early in July, Anonymous said it planned to attack oil firms and banks supporting the controversial extraction of oil from sand in Alberta, Canada. Exxon Mobil, ConocoPhillips, Canadian Oil Sands, Imperial Oil, and the Royal Bank of Scotland have been put on notice that they are likely to be targeted in Anonymous' latest operation, dubbed Project Tarmageddon. Complete Press Release : Early in July, deep below the radar of the Tar Sands Oil Industry, Anonymous and GreenSec boarded the LulzSub and began a journey of environmental justice. This journey had only one endpoint: success. With all the attention Anonymous recently had received , a sub was the sure choice to ensure maximum impact and minimum damage to the fleet. When Big Brother watches, you go under the surface. All July, we supported a protest against the Tar Sands oil industry, which ended in protesters dancing on the meeting table of the Governor of Montana...

Indian Government Computers are also Corrupted like Government One of the Indian Hacker named " nomcat " claim to hack into the Indian Prime Ministers Office Computers and install R.A.T (remote administration tool ) in them. He also Expose the Vulnerability in Income Tax website and Database Information. Press Release By Hacker : Our team wanted to release this information with interests of the people and to expose out to the world how corrupt the Indian Government and this is one of the best examples ... The IT department of India is vulnerable to SQL injection it allows the "attacker" to view and edit all the databases ,tables ,columns and data stored within them since there a LOT of tables we are not yet done fully exploring them and we are letting out only the data we think is the least affecting to our country's security , But what we should learn is that this is one of the simplest hacking methods and most of the work can be done by point and click ap...

Vulnerability Master 1.0 Released By MaxPain Video Demostartion Download Vulnerability Master 1.0

VBulletin Underground Website Hacked By ' Why So Serious ' Vbteam.info is underground vBulletin Hacking website. It provides free vBulletin. This website is hacked by a new hacker named as " Why So Serious? ". He also hacked EA Game - Battlefield Heroes Accounts . He leaked 1400+ accounts of the Vbteam.info forum in pastebin .

Persistent XSS vulnerability in eBuddy Web Messenger A team member from Virtual Luminous Security , Russian Federation, has discovered a persistent XSS vulnerability in eBuddy (the biggest web IM solution in the world) by transmitting messages with embedded encoded javascript code. In-depth detail eBuddy Web Messenger suffers from an encoded-Persistent XSS vulnerability in the messaging function. (while sendingA message with embedded code to another authorized user in eBuddy WebMessenger). Exploit example Plain XSS (Not going to store, nor execute) <script>alert('eBuddy Persistent XSS');</script> Encoded text=%3Cscript%3Ealert%28'eBuddy%20Persistent%20XSS'%29%3C/script%3E [*] The attacker sends the encoded embedded code in an IM message. [*] The victim receives the message with the encoded embedded code and it executes on the victims browser.

The Hacker News Magazine September Issue - NO ONE IS SECURE Well folks, after this issue and the obvious intensity of the insecurity of the net, I have a few thoughts on the unfettered access to knowledge. It is more than apparent we all live in a time where the extensive dissemination of opinions, thoughts and ideas and information are done through a modern method of transmission. The simplicity and effectiveness by which computers and networks are used to assemble, store, search, associate, recover, and share information make computer technology especially risky to anyone who wishes to keep personal or protect information from the public sphere or out of the clutches of anyone who is perceived as a probable threat. As this issues explores, the evolving and more advanced capabilities of computer viruses, phishing, fraud schemes, spyware, and hacking activity springing up from every corner of the globe and the diversity of privacy-related issues engendered by computer technolo...

Two Suspected Anonymous/LulzSec hackers arrested by British police Officers from the Metropolitan Police Service's Central e-Crime Unit (PCeU) have today, 1 September, arrested two men for conspiring to commit offences under the Computer Misuse Act 1990. Two men, aged 20 and 24, have been arrested by British police in connection with Anonymous and LulzSec Members. The men were arrested separately at addresses in Mexborough, Doncaster, South Yorkshire and Warminster, Wiltshire. The Doncaster address was searched by police and computer equipment was removed for forensic examination. Kayla, alongside the likes of Sabu, Topiary and Tflow is considered to be one of the key figures in the LulzSec hacking gang. DI Mark Raymond from the PCeU said: " The arrests relate to our enquiries into a series of serious computer intrusions and online denial-of-service attacks recently suffered by a number of multi-national companies, public institutions and government and law enforcement ...

EA Game - Battlefield Heroes Accounts Hacked by ' Why So Serious? ' Albanian Hacker One of the most famous games over the world Battlefield Heroes which is created by EA Games is hacked by a new hacker named " Why So Serious? ". The hacker is from Albania. He made a post on Battlefield Heroes site & said: " Hello all Players and Admins. I'm Why So Serious?. Today I hacked some Battlefield Heroes accounts. I'm going to post them on this forum and on my Fan Page on Facebook: Why So Serious? . " Hacker Leaks the User Login passwords on pastebin from Battlefield Site. Hacker claim that he will hack another EA Games accounts and Jagex Games accounts and will post those accounts also today. Hacker also have a facebook page , where he publish the hack details. Hacked Website:  http://www.battlefieldheroes.com/

Texas law enforcement Hacked by #Antisec and  #FreeAnons  - 3GB of data leaked Texas Police Chiefs Association Website hacked by Anonymous Hackers for Antisec Operation. Hacker deface their website and post 3GB of data on it with Message " In retaliation for the arrests of dozens of alleged Anonymous suspects, weopened fire on dozens of Texas police departments and stole boatloads ofclassified police documents and police chief emails across the state. During theSan Jose courtdate we defaced and gave out live backdoor and admin access to thewebsite TexasPoliceChiefs.org while allied ships launched ddos attacks uponJustice.gov and other law enforcement websites. " Complete Message  here . All this done for #FreeAnons  Campaign. Texas law enforcement agencies (LEA), and includes the emails and personal information for 28 police chiefs posted here . The leaked messages are said to contain Internal Affairs related case details, as well as pornographic materi...

Invitation for DEF-CON Chennai (DC602028) Meet We like to invite all the  Like Minded People , who are interested in Cyber Security to attend the meet. We are DEF-CON registered Group.  Our Group ID is DC602028 [ Tickets for the Meet] We have very limited tickets for the DEF-CON Chennai(DC602028) Meet. For General Public 700 INR  For Students 500 INR To book the ticket mail to  dc602028@gmail.com [ Time of the Meet ] On 11th September 2011 From 2:30 PM to 7PM [ Venue of the Meet ] The Venue is going to be at Le Waterina Hotel, a 4 Star Resort. Le Waterina – The Boutique Hotel No 35 Kaveri Nagar (near Bella Ciao) Waterland Drive,Thiruvanmiyur Kottivakkam Beach.Chennai 600041.

Kernel.org Server Rooted and 448 users credentials compromised The main kernel.org page is currently carrying a notice that the site has suffered a security breach. " Earlier this month, a number of servers in the kernel.org infrastructure were compromised. We discovered this August 28th. While we currently believe that the source code repositories were unaffected, we are in the process of verifying this and taking steps to enhance security across the kernel.org infrastructure. " As the update mentions, there's little to be gained by tampering with the git repositories there anyway. The infection occurred no later than August 12 and wasn't detected for another 17 days. The systems were infected by an off-the-shelf, a self-injecting rootkit known as Phalanx that has attacked sensitive Linux systems before. What happened? Intruders gained root access on the server Hera. We believe they may have gained this access via a compromised user credential; how they man...

WikiLeaks.org under Cyber Attack after releasing U.S. diplomatic cables The WikiLeaks website, which contains thousands of U.S. embassy cables, has crashed in an apparent cyberattack. The anti-secrecy organization said in a Twitter message Tuesday that Wikileaks.org "is presently under attack." Wikileaks.org today released 250,000 U.S. diplomatic cables that have apparently caused grave concern in Western governments. The documents have already revealed that the U.S. has been spying on the United Nations Secretary General. State Department spokeswoman Victoria Nuland would not confirm the authenticity of the latest documents, but said " the United States strongly condemns any illegal disclosure of classified information. "

Bangladesh Police website hacked by RetnOHacK Anonymous Albanian Hacker Some Anonymous Hacker " RetnOHacK " from Albanian claim to hack Bangladesh Police website as shown in Screenshot. Hacker claim to hack this just for Fun and using Sql Injection Vulnerability on website.

Google+ Hacker  Florian Rohrweck Hired By Google for Security Austrian blogger/developer Florian Rohrweck, who discovered unreleased Google+ features by exploring the source code, was hired by Google. Rohrweck's main claim to fame was a period of snooping on the code behind Google's various web apps, during which time he uncovered pre-launch evidence of things like Google+ Games, telling the world of the impending release and somewhat taking the wind of of Google's sails. On his blog Rohrweck now has posted that he “ has gone Google ”: “Or at least I will be have gone soon. Or something like that  I will post new articles again. Not so much about leaks but more about the dark arts of mastering Google products and APIs. Or something else. Time will tell! Thanks to all of you, who supported me on my way and made my work so much fun and enjoyable! You guys are awesome! Rock on!” Few Days ago a big tech company " Apple " has plucked an outsider notorious...

Qubes OS  : An Operating System Designed For Security Qubes is an open source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers. In the future it might also run Windows apps. Key architecture features: Based on a secure bare-metal hypervisor (Xen) Networking code sand-boxed in an unprivileged VM (using IOMMU/VT-d) No networking code in the privileged domain (dom0) All user applications run in “AppVMs”, lightweight VMs based on Linux Centralized updates of all AppVMs based on the same template Qubes GUI virtualization presents applications like if they were running locally Qubes GUI provides isolation between apps sharing the same desktop Storage drivers and backends sand-boxed in an unprivileged virtual machine(*) Secure system boot based on Intel TXT(*) Download Qubes Os