The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

BlackBerry Enterprise Server vulnerable to malicious image file There are remotely and easily exploitable vulnerabilities in the BlackBerry Enterprise Server that could allow an attacker to gain access to the server by simply sending a malicious image file to a user's BlackBerry device. The vulnerabilities are in several version of BES for Exchange, Lotus Domino and Novell GroupWise, and Research in Motion said that an attacker who is able to exploit one of the bugs might also be able to move from the compromised BES server to other parts of the network. The company has issued a patch for the BES flaws and says that they are at the top of the severity scale in terms of exploitability. The vulnerability in both the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent is related to the way that the components handle PNG and TIFF image files. Exploiting the vulnerabilities can be as easy as sending a malicious PNG or TIFF file to a BlackBerry user. In some scena...

Mibbit AJAX IRC client service Hacked Mibbit AJAX IRC client service being hacked. The proof of hack is further backed up by Mibbit’s official statement. Mibbit is a web-based client for modern web browsers that supports Internet Relay Chat (IRC). Mibbit connects to IRC from anywhere on almost any device. There are Mibbit and hundreds of IRC networks for places to chat. The Anonymous sabu tweet that the Mibbit Chat network was Hacked and he had posted a Pastebin link on the tweet about the Mibbit details. On the pastebin Data there where many Personal Data and many links. The Mibbit had detected the unauthorized access to the server which runs their blog. Mibbit shut it down and began investigating . Later today at around 8pm GMT Mibbit shutdown the IRC services after it became clear that several pieces of backed up data had been accessed maliciously from another server, tools.mibbit.com. Mibbit now know the data's included The personal information of 9 Mibbit operators ...

AOL Postmaster Website hacked by HODLUM AOL’s postmaster.aol.com website was hacked Saturday afternoon by someone who goes by the name “ HodLuM .” The site was slightly defaced with a message from the hacker. “ AOL S3RV3RZ ROOT3D BY HODLUM LOLZ! ,” the message read. AOL finally discovered the hack, and fixed the page between two and four hours after evidence of the breach was posted to Reddit.com. The various forums where this hack was posted all included various jokes along the lines of, “ AOL still exists?! ” Ouch… The AOL Postermaster blog has so far not responded to the hack. The hack of AOL Postmaster comes at the end of a difficult week for AOL. While the hack of a minor AOL web property has nothing to do with the poor performance of its stock, the incident can only serve to worsen the mood at a company that’s struggling to stay upright.

DerbyCon 2011 Security Conference - Louisville, Kentucky  Welcome to a new age in security conferences, a new beginning, and a new way to share in the information security space. Our goal is to create a fun environment where the security community can come together and share ideas. Before we even released the CFP, our speaker list has filled up with of some of the industry’s best and brightest minds. That fact alone shows that DerbyCon is poised to change the face of security cons. Some of these speakers include: Dave Kennedy (ReLIK) - Founder DerbyCon, Creator Social-Engineer Toolkit, Fast-Track Adrian Crenshaw (Irongeek) - Founder, DerbyCon, Irongeek.com, Co-Host, ISD Podcast Martin Bos (PureHate) - Founder, DerbyCon, Question-Defense, BackTrack Developer HD Moore (hdm) - Founder Metasploit, CSO Rapid7 Chris Nickerson - Founder Lares Consulting, Exotic Liability Kevin Mitnick - Founder, Mitnick Security Consulting Ed Skoudis - Founder, InGuardians, SANS Instructor Br...

Joomla Canada website defaced by Group Hp-Hack Saudi Arabia Hackers with name " Group Hp-Hack " Deface the website of  Joomla Canada . In addition to this , They also hack and deface another domain " http://www.ethicalhackingcourses.com/ " - Hacker get Hacked .

zSecure - Web Security Consultancy Hacked by Mr52 ZSecure.net -  Web Security Consultancy services Provider hacked by Indian Hacker Mr52. Zsecure is the same firm who expose the Timesofmoney SQL Injection Vulnerability , Sify.com SQL Injection Vulnerability and Dukascopy.com SQL Injection Vulnerability , But there own site today got Hacked. Well, Zsecure currently take their site again back to normal homepage, But mirror of hack is available  here . Other Hacker By Mr52 can be seen here .

Facebook Status Update With XFBML Injection i Last week Acizninja DeadcOde share Tweaking Facebook Status with HTML button . Well today he is going to share another kind of cool tricks to tweak Facebook Status Update using XFBML Injection. With this tweak, we will do an injection on Facebook URL and then share the results of the injections on our Facebook status .Here's the preview and the url code : LIVE STREAM :   https://www.facebook.com/unix.root/posts/217926581593127 [code] http://www.facebook.com/connect/prompt_feed.php?display=touch&api_key=209403259107231&link=http://t.co/q3EzkPR&attachment={%27description%27%3A%27%3Cfb:live-stream%20event_app_id=%22266225821384%22%20width=%22400%22%20height=%22500%22%20xid=%22%22%20via_url=%22http://t.co/q3EzkPR%22%20always_post_to_friends=%22false%22%3E%3C/fb:live-stream%3E+%27} [/code] TEXT AREA :  https://www.facebook.com/unix.root/posts/136123736478234 [code] http://www.facebook.com/connect/prompt_feed.php...

$30 Child Toy is enough to hack FBI Radios The portable radios used by many federal law enforcement agents have major security flaws that allowed researchers to intercept hundreds of hours of sensitive traffic sent without encryption over the past two years, according to a new study being released today. A new report on the findings has been released by team leader and computer science professor Matt Blaze from the University of Pennsylvania. That details how a child’s toy, the $30 IM Me can be used to jam radios used by the FBI and Homeland Security. “ We monitored sensitive transmissions about operations by agents in every Federal law enforcement agency in the Department of Justice and the Department of Homeland Security, ” wrote the researchers, who were led by computer science professor Matt Blaze and plan to reveal their findings Wednesday in a paper at the Usenix Security Symposium in San Francisco. Members of the research group say they have contacted the Department of Ju...

German Hacker Cracks GSM Call Encryption Code A German computer boffin has worked out a way to crack code used to encrypt most of the world's mobile Internet traffic. Karsten Nohl is going to publish a guide to prompt global operators to improve their safeguards. Karsten Nohl and his team of 24 hackers began working on the security algorithm for GSM (Global System for Mobiles) in August.Developed in 1988, the system prevents the interception of calls by forcing phones and base stations to change frequencies constantly. Most of the UK's mobile phones use the GSM system and the breach represents a potential threat to the security of mobile phone communication. The discovery of a way to eavesdrop so-called General Packet Radio Service (GPRS) technology allows a user to read emails and observe the Internet use of a person whose phone is hacked, said Karsten Nohl, head of Security Research Labs." With our technology we can capture GPRS data communications in a radius of 5...

Emperor Hacking Team : iM4n account exposed Just a few days back, the Backbox Linux distribution based website got hacked by the Emperor Hacking Team. A few hours later, Backbox maintainers managed to reconstruct the attack step by step and found infos that proved "iM4n" as the attacker. He owns an account on www.server4you.de, a webhosting company specialized in virtually dedicated servers. His account has been hacked. Brief technical report:  http://raffaele.backbox.org/content/im4n-account-exposed Backbox Team : " Backbox is just a Linux distribution. Such an attack was absolutely unexpected. The 'dreaded' eMP3R0r_TEAM turned out to be a group of iranian activists who carry out random attacks on potential vulnerable websites by targeting mostly European ones. During our investigation and analysis we were able to obtain complete details of the man who personally performed the attack (nick iM4n) and we collected a variety of tests that confirmed his identity....

MySpace goes down because of Internal Errors, Not Hacked ! MySpace website was presented with a curious message that left many users believing that the service had been hacked. That apparently was not the case. Visitors to the social network were greeted by a largely blank page topped with the browser title bar that read "All is wrong :(" where the MySpace name would normally appear. In the upper left of the normally vibrant page was the message: "We messed up our code so bad that even puppies and kittens may be in danger. Please turn back ...now." It was followed up with the message, "* Have your pet spayed or neutered" in the lower right. Rumours spread quickly around the Twittersphere and in early media reports that MySpace had been hacked after an Anonymous-affiliated Twitter account referred to the hack. Members of the hactivist group recently vowed to take down the social-networking giant Facebook in November, but there is some suggestion that th...