The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Andhra Pradesh witnessed three cyber crimes a week on average in 2010 and a majority of them were Nigerian frauds, according to the state crime investigation department. Briefing media on the latest case, Additional SP (cyber crimes) U Ramamohan said this was the 54th case this year registered at the Cyber Crime Police Station here, and that the total number of such cases across the state was over 150. He said this was at least 20 per cent more than such cases last year. In the latest case of Nigerian fraud, a resident of Bhimavaram in West Godavari district was lured into paying Rs 15.88 lakh to claim prize money of 700,000 pounds from a non-existent ‘Microsoft lottery.’ He was asked on phone to deposit money in two accounts in ICICI Bank and Axis Bank, towards ‘RBI clearance’, ‘anti-terrorism clearance’, etc and was even given ‘receipts’ for the deposits. “These cyber criminals have email IDs of lakhs of people, to which they keep sending mails in batches. Even a very small perce...

A new zero-day attack against Windows, capable of bypassing the User Access Control protections introduced in Windows Vista and designed to prevent malware from gaining administrative access without user authorisation, has been discovered in the wild. The proof-of-concept implementation of the infection technique, known as Troj/EUDPoC-A, was posted to a Chinese educational forum before being discovered by anti-virus researchers from various security firms. Chester Weisniewski, of anti-virus vendor Sophos, warns that the technique used by the Trojan ' enables an attacker to impersonate the system account, which has nearly unlimited access to all components of the Windows system, ' and does so without triggering the User Access Control protections introduced by Microsoft to prevent exactly that occurring. The flaw targeted by the code is thought to exist in all versions of Windows from Windows XP onwards - including Windows 2008 R2 and fully-patched Windows 7 systems, and t...

On Monday, Mozilla, the developer of popular open source applications like Firefox and Thunderbird, announced that a database containing usernames and password hashes belonging to users of addons.mozilla.org had been posted publicly by accident. If you registered for an account on addons.mozilla.org and you are one of the 44,000 users who might have been affected by this accidental disclosure, you already should have received an email notification from the Mozilla security team. Is this simply another story of data leakage in a sea of lost usernames and passwords? Not exactly. Mozilla stored passwords set before April 9th, 2009 as MD5 hashes. MD5 has cryptographic weaknesses that permit creation of the same hash from multiple strings. This permits security experts to compute all the possible hashes and determine either your password or another string that will work even if it is not your password. Mozilla did not store passwords in plain text. The good news? Mozilla audited their logs ...

Over the last few weeks we have been contacted by a number of members of the  our  Facebook page , concerned by a message they saw on Facebook, warning them that their account protection was " very low ". With fake anti-virus (also known as scareware) attacks becoming an ever-growing problem (they attempt to trick you into believing your computer has a security problem when it doesn't), some security-conscious Facebook users might worry that this is a similarly-styled assault, designed to scare you into taking perhaps unwise actions. Certainly the warning message gives you the impression that there's something seriously wrong with how you have defended your Facebook account. I must admit I was surprised to see the message appear on my own Facebook account as I have been quite fastidious in my security settings on the social network. So, I was curious to find out just  why  Facebook believed that my account protection status was "very low", and what they t...

The Pune police commissionerate conducted ‘Cyber Safe Pune 2010’ initiative from December 16 to 22 in the city. The initiative was aimed at creating awareness among people regarding cyber safety. The cyber crime cell conducted lectures at housing societies, schools, banks and colleges last week. Under the initiative, the cyber cell experts informed people about cyber crime. Deputy commissioner of police (cyber) Rajendra Dhale said, “The initiative was conducted to create awareness among the people. We received several queries about social networking sites, mobile thefts, lottery SMSes and credit card frauds.’’ “We are urging girls not to upload their photographs on social networking sites. We are also urging them not to share personal information while chatting with unknown people. However, people can register mobile theft cases at the police station,’’ he added. “We are requesting people not to fall prey to greedy messages concerning lottery prizes. Each police station has a cyber squ...

It has been three weeks since the website of the Central Bureau of Investigation was hacked into by a group of suspected Pakistanis who call themselves 'Pakistani Cyber Army'. The website still remains inactive. With the state's premier investigation agency's website hacked into and remaining inactive for so long, CBI says that they are putting in place security audit measures so that such an incident won't occur again. Independent Information Technology companies had repeatedly warned the government about the vulnerability of its websites, but their advice was not heeded. "We at the National Anti-Hacking Group had been warning the government since 2003, that their websites were vulnerable. We hacked into the government hosted websites and later told them what we had done, just so that they could understand how easy it was. Since the government never took action on any of our recommendations, we dropped the campaign. Today, all our warnings have come true. ...

News Taken From mumbaimirror.com, The news is as follows... Thane Crime Branch has set up an inquiry into the matter and a team to track down Sachin Loke after reading the Mumbai Mirror exposé A day after Mumbai Mirror exposed how small-time detectives and software professionals offer phone-tapping services illegally, the Thane Crime Branch set up an inquiry into the matter. Mumbai Mirror had on Friday done an exposé on how a Thane-based detective, Sachin Loke, helped us tap the phone of an Indian Police Service officer-turned-lawyer Y P Singh (see box). Two police teams have been put on the job to track down the detective whose whereabouts are still unknown. “ The day Mumbai Mirror carried the exposé, our police commissioner, S P S Yadav, directed Crime Branch officers to probe the matter thoroughly ,” said a Thane Crime Branch officer. Two teams, including officers of the Cyber Crime Cell, have been set up under the aegis of Deputy Commissioner of Police Datta Karale. “...

The past year reached a new record high for bogus e-mails that clog people's inboxes and can release damaging and costly viruses on computers. Nearly 90 percent of sent e-mail is a ruse to rip off unsuspecting Internet users, according to data released by the computer security firm Symantec. The firm projects 95 billion e-mails will be sent in 2010, an average of 400 per Internet user, according to data culled from Symantec and Internet World Stats, a marketing research firm. The number of phishing e-mails, those that hunt out passwords that can steal sensitive and financial information, increased 1.4 percent compared with 2009, according to Symantec. The news is especially troubling since e-commerce sales reached $200 billion in 2007, the latest data available from the U.S. Census Bureau. “The fact is that these spammers are getting better and better on exploiting people,” said Jim Fisher, owner of Excel Computer Services in Florence. “They keep ratcheting up their capabilities.” ...

It seems that Facebook has now extended a hand of friendship toward China. Mark Zuckerberg has announced that he is going on a vacation to China with his girlfriend. His itinerary includes meetings with some of China’s biggest high-tech executives, signaling his intention to extend the reach of his social network to the world's largest population of internet users. Industry analysts say Facebook will face tough competition from state-supported companies, as it is entering a market where 68% has been captured by sites like Ren-Ren. The competition is fierce, presenting challenges similar to those faced by companies like Google. While Facebook may not be making a formal friend request to China, Zuckerberg has been studying Mandarin daily with one-hour language lessons.

Researchers at Mocana, a security technology firm in San Francisco, recently demonstrated the ease with which they could hack into a popular Internet-ready HDTV model. They exploited a vulnerability in the software that displays websites on the TV, allowing them to control the information sent to the television. This flaw enabled them to create fake screens for sites like Amazon.com, prompting users to enter their credit card details. Additionally, they could monitor data sent from the TV to other sites. "Consumer electronics makers seem to be rushing to connect all their products to the Internet," said Adrian Turner, Mocana's CEO. "The design teams at these companies have not put enough thought into security." Mocana, along with similar firms, sells technology to protect devices and often highlights potential threats. This test underscores a warning from security experts: the rise of Internet TVs, smartphones, and other web-ready gadgets creates new opportun...

A controversial anti-Islamist group has alerted its members to be vigilant after their details were disclosed online. Hackers, claiming to be from the Mujahideen Hacking Unit, infiltrated one of the organization’s websites, releasing hundreds of names and addresses linked to the English Defense League (EDL). In a warning to members, the group expressed fears of potential retaliations, advising those affected to be particularly cautious regarding their home and personal safety. The security breach occurred last weekend when hackers accessed a clothing website associated with the organization. They obtained lists of individuals who had recently purchased items or donated money. Over the past year, the EDL has gained prominence by staging several protests against the Islamification of Britain. Although the group asserts that it is not racist, xenophobic, or anti-Muslim, opponents such as United Against Fascism accuse the group of being deliberately Islamophobic. The incident has been ...

Iran’s Intelligence Minister, Heydar Moslehi, has publicly admitted to hacking the emails of opposition members. Iranian news agencies, including ILNA, quoted Moslehi stating that emails were the primary communication tool for opposition members during last year’s postelection protests. The Intelligence Ministry was able to break into these emails and defeat “the enemy." “One of the officials, in his speech, carelessly announced that we have access to the emails. Within 24 hours, they coded and password-protected their emails," Moslehi said. "Of course, we in the Intelligence Ministry broke those passwords within 48 hours.” Moslehi mentioned that emails were exchanged between “foreigners and their elements inside Iran." Speaking at a December 25 conference on the achievements of Iranian expatriates at Tehran’s Shahid Beheshti University, he said Iran controlled “many dimensions” of the postelection protests by monitoring email. He accused the United States of ...