The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The NSA surveillance program PRISM story was started with four leaked slides from the Washington Post weeks before and today they has revealed four more annotated slides about the NSA operation, along with detailing the various levels of scrutiny from the FBI and NSA that happen before, during and after approved wiretaps take place. According to new slides, The NSA can track real-time events such as email logins or the sending of email, and the logging in or out of a user to a chat service. For live communications, this data goes straight to the NSA's PRINTAURA filtering system, while both the FBI and NSA scan pre-recorded data independently. Two of the new slides detail the data collection process, from the initial input of an agency analyst, to data analysis under several previously-reported analysis tools such as Marina (internet data), Mainway (call records), Nucleon (voice data), and Pinwale (video data). There were 117,675 active surveillance target...

E-HACK is an Information Security Workshop, organized by infySEC . The workshop aims at creating awareness about INFORMATION SECURITY by showing in what all ways information or data can be stolen. Meddle in cyber-warfare, battle with our machine master mind who will throw challenges on web application security, network security, algorithms, reverse engineering and decryption.  The team which cracks the final level will attain the glory of being Winner at our E-HACK Guinness record attempt with tons of prizes waiting. Be simple but not simpler is quote by Einstein, that's secret of success for E-HACK. Be there to witness the epic battle of brains. It's planned to be done in a more fun way, through a game called CTF (Capture the Flag) . The only way to know how to protect our information is by knowing the ways in which it can be stolen. So, we'll be having wide range of discussions on what all ways a HACKER can get his hands on your information and in what all ways you can thwart...

For years the National Security Agency has successfully shielded its surveillance programs from any real public scrutiny. There have been a lot of news stories about NSA surveillance programs following the leaks of secret documents by Edward Snowden . We have learned that the NSA is collecting millions of Americans' phone records on a daily basis, that it operates a program called PRISM involving the surveillance of Internet communications, including Email, Facebook posts, and instant messages. The NSA is allowed to record the conversations of non-Americans without a specific warrant for each person monitored, if at least one end of the conversation is outside of the U.S. It is also allowed to record the communications of Americans if they are outside the U.S. and the NSA first gets a warrant for each case. Because Facebook is using outdated Web encryption, which cryptographers say the NSA could penetrate reasonably quickly after intercepting the communicatio...

According to secret documents obtained by the Guardian , Obama administration permitted the National Security Agency to surveillance the Emails and  Internet metadata  of all Americans. This secret warrant less surveillance program, collectively known by the NSA code name Stellar Wind , was launched in the end of 2001, to handover the data to the United States government.  Program was officially authorized after the September 11, 2001 terrorist attacks by President George W. Bush and continued under President Barack Obama through 2011. A federal judge at the Fisa court approved this bulk collection order for internet metadata, in every 90 days.  Documents also exposed that all communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States, was recorded by surveillance program . Metadata also details the internet protocol addresses (IP) used by people insi...

On June 19, Browser maker Opera admitted that, it discovered an attack on its internal network infrastructure and windows users may have been tricked into installing a Trojan signed with a stolen Opera certificate. " On June 19th we uncovered, halted and contained a targeted attack on our internal network infrastructure. Our systems have been cleaned and there is no evidence of any user data being compromised." "We are working with the relevant authorities to investigate its source and any potential further extent. We will let you know if there are any developments ." said in a post on the Opera Security Blog. Code signing certificates are used to cryptographically verify that a piece of software comes from its purported publisher. It is possible that a few thousand Windows users, who were using Opera between 01.00 and 01.36 UTC on June 19th, may automatically have received and installed the malicious software. Opera plans to roll out a new version of its ...

Can you ever imagine that a single text message is enough to hack any Facebook account without user interaction or without using any other malicious stuff like Trojans, phishing , keylogger etc. ? Today we are going to explain you that how a UK based Security Researcher, " fin1te " is able to hack any Facebook account within a minute by doing one SMS. Because 90% of us are Facebook user too, so we know that there is an option of linking your mobile number with your account, which allows you to receive Facebook account updates via SMS directly to your mobile and also you can login into your account using that linked number rather than your email address or username. According to hacker , the loophole was in phone number linking process, or in technical terms, at file  /ajax/settings/mobile/confirm_phone.php This particular webpage works in background when user submit his phone number and verification code, sent by Facebook to mobile. That submission form h...

Security experts are confident that the Chinese hackers group known as Comment Crew is still operating under cover. " The Comment Crew is back again " this is the rumor within Intelligence community, researchers suspect the involvement of the group of hackers in the recent cyber dispute between U.S. and China. Let's make a step back, last February Mandiant Intelligence firm released an interesting report that revealed an enterprise-scale computer espionage campaign dubbed APT1. Mandiant linked the APT1 attacks, that compromised 141 organizations in seven years, to Chinese military unit called " 61398 ". The is very interesting is that the security firm identified a common pattern for the attacks conducted by Chinese hackers group, it was also able to define a series of key indicators for identifying ongoing APT attacks. Mandiant security firm had monitored the group during last years and report details its operations, it wasn't the only one FireEye is anoth...

Once again NSA whistleblower Edward Snowden revealed the truth, that the NSA hacks into China's mobile operators to steal millions of text messages.  Every month Washington come up with new reports  and accuse other nations, particularly China, for cyber hacking , but the biggest culprit of such crime is in fact the United States. All of this appeared to go relatively well for Washington until revelations emerged of the U.S. National Security Agency's PRISM surveillance program . According to Snowden, U.S. spies had hacked 3 major mobile phone companies in China and a core network to steal text messages of millions of Chinese citizens. Fang Binxing, a President at Beijing University who is considered the chief pioneer of China's Great Firewall Internet filtering system, has warned in the past that telecom equipment from international companies like Cisco is a threat to China's national security. As such, it could have allowed NSA operatives to ...

Serious security vulnerability was recently discovered on the Samsung flagship Galaxy S4 device, claiming that attackers can use it to silently send text messages. Qihoo 360 Technology, an antivirus company based in China, said that this particular vulnerability is related to the " cloud backup " feature of Galaxy S4, which is not properly protected and can be abused. This vulnerability was first discovered on June 17 and already reported the issue to Samsung and the company is already in the process of developing an official update to fix the vulnerability. A rogue mobile application could contain code exploiting the vulnerability to send fraudulent scam text messages ordering premium-rate services, the firm said. By exploiting the vulnerable cloud backup feature, malware could pretend to be the identity of any contact, friend, relative, or organization when faking phishing SMS messages. When these phishing SMS messages are received, users may be tricked i...

Russian President Vladimir Putin bluntly rejected U.S. pleas to extradite National Security Agency Whistleblower Edward Snowden on Tuesday, says since Snowden has not committed a crime in that country, the government will not extradite him back. Putin said, "Mr. Snowden is a free man," Snowden did not cross the Russian border, implying that he is still in the Moscow airport's transit zone, a sort of diplomatic neutral space. " He arrived as a transit passenger – he didn't need a visa, or other documents, " Putin said. After arriving Sunday on a flight from Hong Kong, Snowden booked a seat on a Havana-bound flight from Moscow on Monday en route to Venezuela and then possible asylum in Ecuador, but he didn't board the plane. " The sooner he selects his final destination point, the better both for us and for himself ," Putin said. White House Press Secretary Jay Carney on Monday urged Russia to ultimately turn him over. " We do ex...

If you don't know yet, Microsoft is offerings up to $100,000 in exchange for finding vulnerabilities and exploits in the upcoming Windows 8.1 Preview which is expected to launch on June 26, the same time as the Microsoft Build Developer Conference. Qualifying submissions with accompanying defensive ideas will also be eligible for a BlueHat Bonus worth up to $50,000. " These are super challenging to discover and they require a new technique ," says Mike Reavey, director of Microsoft's Security Response Center. Windows 8.1 is a major update to Microsoft's brand new operating system Windows 8, and given the serious bounty on offer, Microsoft clearly wants to leave nothing to chance as far as securing the operating system is concerned. " Learning about new exploitation techniques earlier helps Microsoft improve security by leaps, instead of capturing one vulnerability at a time as a traditional bug bounty alone would ," he said. Microsoft's senior s...

The Britain's spy agency GCHQ is running an online eavesdropping operation that has gained secret access to more than 200 optical fiber cables carrying global Internet traffic and telephone calls. The existence of the program has been disclosed in documents shown to the Guardian by the NSA whistleblower Edward Snowden as part of his attempt to expose what he has called the largest program of suspicion less surveillance in human history. Dubbed as , Operation Tempora has been running for around 18 months and allows GCHQ to tap into and store huge volumes of data drawn from fibre-optic cables for up to 30 days. GCHQ is also sharing this sensitive personal information with its American partner, the National Security Agency (NSA). The paper said GCHQ is tapping 200 internet links in total, each with a data rate of 10Gbps, with the agency having the technical capacity to concurrently analyze 46 of these 200 streams of data at a time. That access could ...

Over the past few years, Cyber Criminals have choose the official Google Chrome Web Store to push malware. In a recent announcement by Google, like Google Play Android apps store, all new apps uploaded to the Chrome Web Store will now also be automatically scanned for malware. Also, Google warned developers that it may take a little longer than before for their app to go live in the store, and  scanning may take from just a few minutes up to an hour.  " Starting today in the Chrome Web Store, you might notice that your item is not broadly available immediately after you publish it. " It is always against the Chrome Web Store Content Policies to distribute malware, if developer still wants to upload something malicious, they should cancel the process and withdraw their program. " This new functionality does not require any action on the part of developers. When you publish an item in the store, the developer dashboard will indicate that your item is i...

The Bitcoin Foundation has received a cease-and-desist letter from the California Department of Financial Institutions, which oversees banks, credit unions, and other financial organizations operating in the state. Jon Matonis, who is a board member at the Foundation, revealed the letter on Forbes. The agency charges Bitcoin Foundation with allegedly " engaging in the business of money transmission without a license or proper authorization ." If they found to be in violation of the California Financial Code, the foundation could be fined up to $2,500 a day per violation, in addition to criminal prosecution. Convictions under the federal statute are punishable by up to 5 years in prison and a $250,000 fine. Bitcoin doesn't have any kind of central regulatory authority, and trading takes place through Mt. Gox or other exchange floors. So, California's decision to send a money transmitter warning to the Bitcoin Foundation is a Washington, D.C., nonprofit, makes no sense...

Facebook is alerting its users about a security breach due to a technical glitch, that may have inadvertently exposed the email addresses and telephone numbers of roughly 6 million users. " We recently received a report to our White Hat program regarding a bug that may have allowed some of a person's contact information (email or phone number) to be accessed by people who either had some contact information about that person or some connection to them, " Facebook said in its announcement. The problem stemmed from a tool that allows users to upload their contact lists or address books to Facebook so that the social network can serve up friend recommendations or invite people to join Facebook. " Because of the bug, some of the information used to make friend recommendations and reduce the number of invitations we send was inadvertently stored in association with people's contact information as part of their account on Facebook, " As a result, ...

Edward Snowden , The Whistleblower who revealed the existence of a secret US online surveillance program left Hong Kong and has landed at Moscow's Sheremetyevo airport with help of Wikileaks . WikiLeaks said in a statement that its legal adviser Sarah Harrison was on the plane with Mr Snowden and they would help 'secure is safety' at his 'final destination'. Snowden will go down in history as one of the most prolific whistleblowers . Snowden left Hong Kong after The White House asked the autonomous Chinese territory to extradite him. A senior administration official warned that if Hong Kong did not act quickly it would complicate relations. He had earlier been charged in the US with espionage. Snowden, who has been in hiding in Hong Kong for several weeks since he revealed information on the highly classified spy programs, has talked of seeking asylum in Iceland. He got an on SU 213 Aeroflot flight from Chep Lap Kok airport at 11.04am today (Hong K...

According to the court records released this week on web, The Justice Department used a secret search warrant to obtain the entire contents of a Gmail account used by a former WikiLeaks volunteers in Iceland. Smari McCarthy and Herbert Snorrason , are the two Icelandic freedom of information activists, who managed the secure chat rooms of WikiLeaks in 2010, and that is the reason the government demanded his records from Google. According to the documents, Google was told by the Justice Department that they were prohibited from disclosing to either Snorrason or McCarthy any information about the investigation until indicated. But later last week, US. District Court Judge issued an order allowing Google to notify Snorrason about the warrant and to provided a redacted copy of the warrant.  The search warrant was issued under seal on October 14, 2011 by the Alexandria, Virginia federal judge overseeing the WikiLeaks grand jury investigation there. Snorrason say...

Kim Dotcom today said on Twitter that Megaupload user data in Europe has been irreversibly lost because it was deleted by a Dutch hosting company called LeaseWeb.  LeaseWeb is based in Germany and has subsidiaries also in the United States, the company.  LeaseWeb has 60,000 servers under its management and more than 15,000 clients worldwide. " The greatest massacre data of history ", The news is shocking if we consider the wealth of information contained in the files.  Leaseweb has informed Kim Dotcom that all 630 servers they rented have been wiped clean. This means that petabytes of data belonging to Megaupload users is now gone without any notice. LeaseWeb responds to Kim Dotcom " When Megaupload was taken offline, 60 servers owned by MegaUpload were directly confiscated by the FIOD and transported to the US. Next to that, MegaUpload still had 630 rented dedicated servers with LeaseWeb. For clarity, these servers were not owned by MegaUpload, t...

Tor has become a tool of free expression in parts of the world where citizens can not speak freely against their government. On Tuesday, a number of users have noticed that Facebook is blocking connections from the Tor network. Tor is a free tool that keeps Web browsing sessions private and anonymous . For activists and political dissidents who use the Internet to communicate with the outside world in countries where doing so is a crime , being unable to login to Facebook using TOR posed a huge problem. Later, Facebook resolves the Tor issues and said that A high volume of malicious activity across Tor exit nodes triggered Facebook's automated malware detection system, which temporarily blocked visitors who use the Tor anonymity service to access the social network . The role that Tor and Facebook played in facilitating the dissemination of information under restrictive regimes cannot be underestimated. Security researchers are also frequent users of Tor, f...

The ability to turn your iPhone into a Wi-Fi hotspot is a fantastically useful little tool in and of itself. When setting up a personal hotspot on their iPad or iPhone, users have the option of allowing iOS to automatically generate a password. According to a new study by Researchers at the University of Erlangen in Germany, iOS-generated passwords use a very specific formula one which the experienced hacker can crack in less than a minute. Using an iOS app written in Apple's own Xcode programming environment, the team set to work analyzing the words that Apple uses to generate its security keys . Apple's hotspot uses a standard WPA2 -type process, which includes the creation and passing of pre-shared keys (PSK). They found that the default passwords are made up of a combination of a short dictionary words followed by a series of random numbers and this method actually leaves them vulnerable to  brute force attack . The word list Apple uses contains approximately 52,500...

The Pirate Bay co-founder Gottfrid Svartholm Warg was sentenced to two years in jail by Nacka district court, Sweden on Thursday for hacking into computers at a company that manages data for Swedish authorities and making illegal online money transfers. In Sweden, He is also involved in another case, to have hacked the mainframe of the CSC computer company protecting Rigspolitiet's (the Danish national police) IT system, as well as other sensitive government databases. In Denmark, Svartholm Warg and another unnamed Danish co-defendant were accused of illegally accessing 4 million files, including the email passwords of 10,000 policemen, personal identification numbers (CPRs) from a driver's license database and information about wanted persons in the Schengen region. He had denied the charges, further he can be extradited to Denmark to face charges for one of the country's largest hacking attacks. Last year Gottfrid Svartholm Warg was extradited to Sweden from Camb...

The LinkedIn became inaccessible for an hour last night. Few Hours before App.net co-founder Bryan Berg posted that LinkedIn DNS was hijacked but later LinkedIn confirmed that they suffered outage due to DNS issue, not Hack. DNS Hijacking is an unauthorized modification of a DNS server or change of DNS address that directs users attempting to access a web page to a different web page that looks the same, but contains extra content such as advertisements, is a competitor page, a malware page, or third-party search page. Bryan said," all of your traffic has been sent to a network hosted by this company [confluence-networks.com]. And they don't require SSL, so if you tried to visit, your browser sent your long-lived session cookies in plaintext ." LinkedIn tweeted " Our site is now recovering for some members. We determined it was a DNS issue, we're continuing to work on it. Thanks for your patience, " but provided no further details. LinkedIn DNS hacked ...