The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Wireshark 1.4.9 & Wireshark 1.6.2 updated version released Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education. The following bugs have been fixed: configure ignores (partially) LDFLAGS. (Bug 5607) Build fails when it tries to #include , not present in Solaris 9. (Bug 5608) Unable to configure zero length SNMP Engine ID. (Bug 5731) BACnet who-is request device range values are not decoded correctly in the packet details window. (Bug 5769) H.323 RAS packets missing from packet counts in “Telephony->VoIP Calls” and the “Flow Graph” for the call. (Bug 5848) Wireshark crashes if sercosiii module isn’t installed. (Bug 6006) Editcap could create invalid pcap files when converting from JPEG. (Bug 6010) Timestamp is incorrectly decoded for ICMP Timestamp Response packets from MS Windows. (Bug 6114) Malformed Packet in decode for BGP-AD update. (Bug 6122) Wrong display of CSN_BIT in CSN.1. (...

Google Web History vulnerable to new Firesheep Addon Two researchers have shown how a modded version of the Firesheep Wi-Fi sniffing tool can be used to access most of a victim’s Google Web History, a record of everything an individual has searched for. The core weakness discovered by the proof-of-concept attack devised by Vincent Toubiana and Vincent Verdot lies with what is called a Session ID (SID) cookie, used to identify a user to each service they access while logged in to one of Google’s services. Fortunately, the latest exploit does not allow attackers to take over Google Accounts, but obviously, it can be used to expose private data. " While the direct access to users' data is subject to a strict security policy, using personalized services (which may leak this same personal information) is not, " wrote Vincent Toubiana and Vincent Verdot, the creators of the modded Firesheep. To be sure, the compromised cookies are deployed across more than 20 websites inc...

Hotmail , MSN , Office 365 , live.com sites down (now up) A number of Microsoft online services, including Hotmail, MSN, Office 365, and seemingly most if not all of *.live.com addresses are currently “experiencing an outage”. MSN and Office 365 have already tweeted about it: The downtime, which happened on Friday at about 4am in the UK — 8pm on Thursday Pacific time (PDT) — was due to a domain name service problem, according to Microsoft. But Microsoft certainly isn't alone.Google has also seen its share of downtime. Just this past Wednesday, Google Docs was offline for about 30 minutes. In May, the company's Blogger service was unavailable for the greater part of a day.

URGE (Universal Rapid Gamma Emitter) Hijacking Twitter Trends Released by Anonymous Anonymous have created something called Universal Rapid Gamma Emitter, or more simply URGE, which hijacks Twitter trending topics, allowing Anonymous members and supporters to subvert the topic with their own embedded messages. Anonymous is calling it TwitterRaiding. Members of the group say that they are tired of constantly seeing trending topics that are redundant or related to pop culture and created this tool to help create more attention for topics that may have a wider meaning or different kind of impact on other Twitter users. In a statement, members say that, “ This is not a hacking tool nor is it an exploit tool .” A press release on URGE states: To the people of the interwebz, We recently have become tired of seeing trending topics on twitter that were redundant and “pop culture” like. We have also grown tired of Twitter not trending hash tags that actually serve a cause and mean somet...

20000 patient records Breach at Stanford Hospital Last month Stanford University's hospital discovered a massive privacy breach when 20,000 emergency room records appeared online. The records included names, diagnosis codes, account numbers, dates of admission and discharge, and billing charges. Social Security numbers, birth dates, credit card accounts or other information that could potentially result in identity theft was not exposed. Even so, the hospital is offering free identity-protection services to all affected patients. The Hospital released the following statement: " An electronic file that an outside vendor’s sub-contractor created and caused to be posted to a website contained limited information about patients seen in the Emergency Department of Stanford Hospital & Clinics between March 1 and August 31, 2009. The Hospital discovered this on August 22, 2011, and immediately took action to ensure removal of the file from the website, which was done within 24...

Hacker Halted USA 2011 - 10 Reasons Why You Should Attend Hacker Halted is a global series of Computer and Information Security conferences presented by EC-Council. The objective of the Hacker Halted conferences is to raise international awareness towards increased education and ethics in IT Security. The event is currently in its 14th year. Also present at Hacker Halted is EC-Council's H@cker Halted | Academy, trainings and workshops led by EC-Council instructors and trainers. Hacker Halted returns to Miami for the 3rd year in a row will be held in Miami on 25th and 27th October 2011. Participate and be part of one of the world’s most recognized information security conference. Gain perspective through keynote addresses on the current state of information security as well as emerging trends and threats. An information security conference with a comprehensive agenda. Choose from the various focused tracks covering critical domains of information security. Match your informati...

winAUTOPWN v2.7 – Windows Autohacking Tool This version covers almost all remote exploits up-till mid-July 2011 and a few older ones as well. This version incorporates a few new commandline parameters: -perlrevshURL (for a PERL Reverse Shell URL), – mailFROM (smtpsender) and -mailTO (smtpreceiver). These are the commandline arguments required for a few exploits which require remote connect-back using a perl shell and email server exploits requiring authentication respectively. This version also tackles various internal bugs and fixes them. A complete list of all Exploits in winAUTOPWN is available in CHANGELOG.TXT A complete list of User Interface changes is available in UI_CHANGES.txt Also, in this version : BSDAUTOPWN has been upgraded to version 1.5. In this release you will also find pre-compiled binaries for : FreeBSD x86 FreeBSD x64 DragonFly BSD x86 Download winAUTOPWN v2.7

Sony Hires Ex- Homeland Security Official after PlayStation Hack Sony has hired a former official at the US Department of Homeland Security for the new post of chief information security officer, months after a massive hacking attack leaked information on 100 million user accounts on its games networks. Philip Reitinger, formerly the director of Homeland Security's National Cyber Security Center, will join Sony in the newly created position of chief information security officer and a senior vice president. The new hire signals a heightened seriousness by Sony in the aftermath of an intrusion into its online videogame service earlier this year. The breach compromised the personal information of more than 100 million accounts from its online networks, including the possible loss of some credit card information. Sony said there have been no reports of any credit card data theft. Sony shut down the PlayStation Network and Qriocity streaming video and music network on April 20...

12 Pakistan Government departments websites & Benazir Bhutto  Hacked by Mr52 An Indian Hacker " Mr52 " strike back to Pakistan Government departments. He hack and deface about 12 Government departments websites including Pakistan Navy, Maritime Security Agency, NATIONAL EDUCATION ASSESSMENT SYSTEM, Benazir Bhutto, Ministry of Foreign Affairs websites are hacked. List of defaced sites are : http://www.paknavy.gov.pk/securite/default.html http://www.paknavy.gov.pk/default.html http://www.msa.org.pk/default.html http://www.neas.gov.pk/default.html http://www.nfdc.gov.pk/default.html http://www.niopk.gov.pk/default.html http://www.szab.pk/default.html http://www.benazir.pk/default.html http://www.mopw.gov.pk/default.html http://www.dfp.gov.pk/default.html http://www.erapixels.com/default.html http://www.mofa.gov.pk/default.html

Offline Windows Analysis and Data Extraction (OWADE) - Forensics tool to expose all your online activity Researchers " Elie Bursztein " from Stanford University in California have managed to bypass the encryption on a PC's hard drive to find out what websites a user has visited and whether they have any data stored in the cloud. " Commercial forensic software concentrates on extracting files from a disc, but that's not super-helpful in understanding online activity ," says Elie Bursztein, whose team developed the software. " We've built a tool that can reconstruct where the user has been online, and what identity they used. " The open-source software, Offline Windows Analysis and Data Extraction (OWADE), was launched at the Black Hat 2011 security conference and works with PCs running on the Windows operating system. OWADE is in alpha version and is only available by checking out the code directly as we update it very frequently. Note th...

Court grants bail to Anonymous and LulzSec suspects Four alleged UK hackers suspected of being linked to attacks by hacking groups Anonymous and Lulz Security (LulzSec) have been released on bail after a hearing at Westminster magistrates court on the condition that they did not use specific online nicknames on the internet or IRC. 20-year-old Christopher Jan Weatherhead, from Northampton, cannot use the internet nickname ' Nerdo ', Ashley Rhodes, 26, from London, is banned from calling himself ' NikonElite ' online. Two other men, aged 24 and 20, have been released on bail following their arrest last week as part of the Metropolitan police investigation into Anonymous and LulzSec. They are due to return to a London police station in November.The two men were arrested separately in South Yorkshire and Wiltshire . They are charged with conspiring to commit offences under the Computer Misuse Act 1990.