The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Sega Pass customer datails hacked, LulzSec wants to Help Sega ! Sega has told gamers that some of their personal information may have been stolen following an attack on its systems. E-mail addresses and dates of birth stored on the Sega Pass database were accessed by hackers. But payment information, such as credit card numbers, remained safe as it was handled elsewhere, Sega said . The hacking group Lulz Security appeared to deny involvement, despite leading a wave of recent cyber attacks. " @Sega - contact us. We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down, " the hacking group posted on its Twitter feed . No hacker group has claimed responsibility for the attack so far. Although, a number of recent attacks on game companies and their online services are credited with LulzSec, its denial of the credit has brought in a twist of events. " We have identified that a subset of SEGA Pass members' ema...

THC-HYDRA v6.4 - Fast network logon cracker  THC-HYDRA is a very fast network logon cracker which support many different services. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD and OSX. Changelog for thc-hydra v6.4 Update SIP module to extract and use external IP addr return from server error to bypass NAT Update SIP module to use SASL lib Update email modules to check clear mode when TLS mode failed Update Oracle Listener module to work with Oracle DB 9.2 Update LDAP module to support Windows 2008 active directory simple auth Fix to the connection adaptation engine which would loose planned attempts Fix make script for CentOS, reported by ya0wei Print error when a service limits connections and few pairs have to be tested Improved Mysql module to only init/clo...

SAMHAIN v2.8.5  - intrusion detection system The samhain open source host-based intrusion detection system (HIDS) provides file integrity checking and logfile monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. It has been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone application on a single host. The official change log: For the kernel check, the configure script should now detect if /dev/kmem exists but is dysfunctional. Also, a bug in the samhain_kmem kernel module has been fixed. The LogmonMarkSeverity option has been fixed Timeserver response is cached now for one second The Unix entropy gatherer supports /opt/local/bin now A compile time option has been added to disable the expansion of $(shell command) in the configuration file. Also, the signature of a signed ...

HP computers FTP hacked by HexCoder UPDATE : We have verified that this is just a anonymous FTP user access to ftp.hp.com . There is nothing like hack. Pakistani hacker HexCoder may try this to get attention. Anyway the access is available for all with : Host : ftp.hp.com Username : anonymous Password : anonymous Just Now we ( The Hacker News ) got a mail from Pakistani hacker named " HexCoder " . He Claim to hack FTP of HP computers at ftp.hp.com .  Statement about this Hack by Hacker  HexCoder, " I have done this by getting access to FTP successfully.All this by just mere stupidity!Oh and I will not share their database because its too big (9 GB) ". About a month before , ACER hacked because of their own stupidity , and this time HP computers.

ClubHack: CHMag Issue 17th, June 2011 Download Contents of this Issue:- Tech Gyan - Pentesting your own Wireless Network Tool Gyan - Wi-Fi tools Mom's Guide - Wireless Security - Best Practices Legal Gyan - Copyrights and cyber space Matriux Vibhag - Forensics with Matriux Part - 2 Poster of the month - Can you cage a Wi-Fi signanl ? Direct Download

XSS attack on CIA (Central Itelligence Agency) Website by lionaneesh After Ddos attack on CIA (Central Itelligence Agency) website by Lulzsec, lionaneesh , an Indian hacker have found XSS Vulnerability on same site as shown. The Vulnerabile link is here  . You can join Loinaneesh on Twitter . 

LulzSec Leaks 62,000 Email/Passwords of writerspace.com LulzSec Leaks 62,000 Email/Password Combo Internet Goodie Bag. Lulz hasn't said where they got the data, Even they are not sure that, these logins are from which site. They tweet the download link as shown :  https://www.mediafire.com/?9em5xp7r0rd2yod According to  Mikko H. Hypponen ,CRO of F-secure - " The list of 62,000 emails/passwords just released by @LulzSec is probably the user database of writerspace.com. " He also give Reason that " Why writerspace.com? Well, the most common passwords include these: mystery, bookworm, reader, romance, library, booklover and..writerspace.So basically that's why I believe the latest Lulzsec password leak originates from writerspace.com. I'm guessing it's their user database "

Anonymous Hackers hit 50 Malaysian government websites Malaysia has been hit by a wave of attacks after the " Anonymous " hacker group accused the government of Internet censorship. More than 50 government websites were hit and 41 of them were closed The Malaysian Communications and Multimedia Commission (MCMC) said in a statement the attacks on websites with the .gov.my domain started shortly before midnight Wednesday and lasted several hours. Little damage was caused and these were denial of service attacks. Apparently most of the websites have already recovered. Anonymous warned on a website that it would target the government portal www.Malaysia.gov.my on Wednesday. It was still down this morning. It is interesting that it has just woken up to this problem. Malaysia's media operate under strict censorship laws. Until now websites have remained relatively free, due to an official pledge not to censor the Internet in a bit to get foreign cash into the countr...

PayPal vulnerability : Hack any Paypal account within 30 seconds UPDATE :  This has been debunked, Paypal accounts are safe.  https://thenextweb.com  have spoken in depth to Matt Langley, the person who discovered the supposed issue, and it's clear why he assumed there was a serious security breach but the issue is far less serious than initially thought. Matt Langley explains: " It seems that the 'victim' had opened an account using an email address of mine, with extra characters thrown in, which Gmail ignores and accepts as the same email address, so it was gmail which uncorrupted the email address and sent the emails to me, not Paypal. I had previously reported an account set-up with fraudulent email address to Paypal many times in the past, but only yesterday noticed that the email address was different to mine, in a way which on any other email system in the world would be a different email address. " OLD : A security vulnerability in PayPal's ...

This utility provides a Web interface for remote operation c operating system and its service / daemon. Opportunity Description / features: Authorization for cookies Server Information File manager (copy, rename, move, delete, chmod, touch, creating files and folders) View, hexview, editing, downloading, uploading files Working with zip archives (packing, unpacking) + compression tar.gz Console SQL Manager (MySql, PostgreSql) Execute PHP code Working with Strings + hash search online databases Bindport and back-Connect (Perl) Bruteforce FTP, MySQL, PgSQL Search files, search text in files Support for * nix-like and Windows systems Antipoiskovik (check User-Agent, if a search engine then returns 404 error) You can use AJAX Small size. The boxed version is 22.8 Kb Choice of encoding, which employs a shell. Changelog (v2.5.1): Remove comments from the first line . Added option to dump certain columns of tables. the size of large files are now well defin...

LulzSec take down CIA Website The hacker group Lulz Security has claimed it has brought down the public-facing website of the US Central Intelligence Agency. Infamous for a series of high-profile hacks on Sony, Nintendo, the PBS, FBI affiliates, LulzSec claimed on Wednesday its responsibility for hacking the website for the U.S. Central Intelligence Agency. " Tango Down - cia.gov - for the lulz ," the group tweeted at around 6 p.m., June 15 at  https://twitter.com/#!/LulzSec/status/81115804636155906 Over the weekend, a portion of the Senate website was hacked, and the same website was targeted again on Wednesday. LulzSec was unable to access proprietary data due to a firewall, the Senate acknowledged today. The hacker group tweeted an hour ago, "Lulz Security, where the entertainment is always at your expense, whether you realize it or not. Wrecking your infrastructures since 2011." Its Twitter followers have swelled to nearly 160,000. A CIA spokeswom...