The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Excuse me for typing breathlessly, faithful Naked Security reader, but I have some incredible news to share. I have just been informed that I have won three million Euros from none other than the Bill Gates Foundation! I had no idea that the Bill and Melinda Gates Foundation, which normally fights poverty around the world and promotes healthcare, even ran a lottery - let alone that I had entered. But clearly, I did and now one of their representatives has been in touch to tell me the good news. Bill and Melinda Gates are renowned around the world for their incredible generosity - they're not only planning to give millions away to me, but they're also happy to employ staff who spells the boss's surname incorrectly. It's great that Bill and Melinda are not adverse to employing people with literacy problems. Counting isn't this emailer's strong point either. He's managed to attach a grand total of 69 files to this email telling me about my windfall. Eventually...

The Korean Times reports the arrest of a pair of hackers over the weekend on DDoS charges. According to prosecutors, the pair, Lee and Park, operated a gambling website on behalf of a crime gang. In an effort to boost traffic to their own site, they used a 50,000-strong botnet to overload 109 rival sites during November and December 2010. A botnet, of course, is a collection of malware-infected computers (often called "zombies") which can remotely be instructed to initiate network-related activity. Sending spam is a common criminal task for which zombies are used; visiting targeted websites deliberately to waste their bandwidth is another. Since most web requests look alike, distinguishing the web hits of malevolent time-wasters from those of potential customers can be tricky. Sites which don't usually get a large number of simultaneous requests often aren't built to sustain heavy load. Prosecutors also allege that Lee, who runs a server rental company - ironically th...

Evidence, leaked accidentally, points to Chinese based miscreants’ knowledge, and potential exploitation, of the latest  Microsoft Corporation  (NasdaqGS:  MSFT )  Internet Explorer  zero day, via a recently released  Google Inc.’s  (NasdaqGS:  GOOG ) researcher’s( Michal Zalewski ) fuzzer application… Ooops. More, after the jump. A renowned Google researcher who this week released a new free fuzzer that so far has found around 100 vulnerabilities in all browsers says Chinese hackers appear to have gotten their hands on one of the same bugs he discovered with the tool. Google’s Michal Zalewski unleashed the so-called cross_fuzz tool on New Year’s Day and announced the fuzzer to date uncovered more than 100 vulnerabilities, many of them exploitable, in all browsers. In a bizarre twist, Zalewski says an accidental leak of the address of the fuzzer prior to its release helped reveal some unexpected intelligence, namely that “third parties in China” ...

Angel Found Venerability in Alnasir.com.pk ! Link to site :  http://alnasir.com.pk/ News Source : Angel via Email

A former University of Tennessee student convicted of hacking the e-mail account of former Alaskan Governor Sarah Palin during the 2008 presidential campaign has begun his one-year sentence in an unfenced federal prison camp in Kentucky, authorities said Thursday. According to a statement issued by spokesman for the Federal Bureau of Prisons, 23-year-old David Kernell reported at the minimum security camp in Ashland, Kentucky on January 10 to begin serving out his sentence. Kernel's imprisonment at the Kentucky prison camp came despite a recommendation by sentencing Judge Thomas Phillips that he should serve out his term at a halfway house to reflect the "unique circumstances" of the case. In his ruling made in November, Federal Judge Thomas W. Phillips had recommended that David Kernell be allowed to serve out his time at the Midway Rehabilitative Center on Magnolia Avenue in Knoxville, a half way house located near the college where Kernell took classes this summer. In...

5 websites hacked by Pak Cyber Combat Squad ! Hacked List : http://www.4lifecostarica.net/Ibrarz.html http://www.abisdentalcare.com/Ibrarz.html http://www.churchcomplements.com/Ibrarz.html http://www.lafuentedelosmariscos.com/Ibrarz.html http://www.germanruiz.com/Ibrarz.html News Source : Pak Cyber Combat Squad 

Selena Gomez  has warned fans to ignore a series of hateful messages posted on her  Twitter  and  Facebook. com pages, after her online accounts were targeted by hoaxers. The Wizards of Waverly Place star's pages on the social networking sites were taken over by hackers earlier this week. Imposters confused fans with a series of profanity-riddled messages, including, "THE KID ON 4CHAN.ORG IS A LIEN F**KER HE DIDNT HACK S**T!!!!," and, "This message is for puha, YOU SUCK B**CH!!!" The unauthorized posts have since been deleted. And Gomez has taken to her Facebook page to warn fans to ignore the mean messages, assuring them the problem is being fixed. She wrote, "Sorry everyone. My Facebook Page and Twitter account has been hacked and we are cleaning it up." News Source : Om Rathore

DarkComet-RAT (Remote Administration Tool) is software design to control in the best condition and comfort possible any kind of Microsoft Windows machine since Windows 2000. This software allow you to make hundreds of functions stealthy and remotely without any kind of authorization in the remote process. This software is a long time project, started the August 2008, DarkComet-RAT is now one of the best and one of the most stable RAT ever made and totally free. – (that’s what we like more about DarkComet RAT) This RAT provides most of the features provided by others. Download  DarkComet RAT v3.0   here News Source : Dark Commet

“DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.“ This is the change log: Lib EWF support : The LibEWF [1], developed by Joachim Metz, has been included as a connector. It provides support for Encase(R) file format (E01/S01 format). Bookmarks : It is now possible to bookmark interesting nodes and sort them by categories. The aim is to gather relevant files when performing analysis. Bookmarked nodes can then be used by other modules and also extracted. Advanced Hexadecimal viewer : Features used to resolve the DFRWS 2010 challenge [2] have been included. These features are very useful when studying unknown data structures or performing advanced files analysis. This upgraded version of the hexadecimal viewer provides three new visualization mo...

“ Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education .” This update fixes many vulnerabilities such as the one with MAC-LTE dissector and the ENTTEC dissector. The following protocols have been updated – AMQP, ASN.1 BER, ASN.1 PER, CFM, CIGI, DHCPv6, Diameter, ENTTEC, GSM A GM, IEEE 802.11, InfiniBand, LTE-PDCP, LTP, MAC-LTE, MP2T, RADIUS, SAMR, SCCP, SIP, SNMP, TCP, TLS, TN3270, UNISTIM and WPS. You can now read captures via the Endace ERF, Microsoft Network Monitor and VMS TCPtrace file formats. For a complete list of changes, please refer to the 1.4.3 release notes. Download Wireshark v1.4.3 & Wireshark v1.2.14 here . News Source : Wireshark

Everyone in the UK will already be familiar with this story with the New Labour’s plan for biometric identity cards.  That plan, which costs billions of pounds and was later shelved by the new coalition government, will now probably never happen in the UK. Now US President Barak Obama wants to increase Internet Security by creating an “identity ecosystem” for the Internet.  The US government is stressing this is not a national identity card system, though it would be hard to see how it would not be used as such by law enforcement and banks. A spokesperson said “We are not talking about a national ID card, we are not talking about a government-controlled system. What we are talking about is enhancing online security and privacy; reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities.” Many banking websites already use your existing card with a chip and pin reader to authenticate your usage....

A federal judge Tuesday sentenced a Colorado Springs man to two years in prison for trying to damage a high-security government computer system used to screen airline passengers. Judge David M. Ebel also ordered Douglas James Duchak to pay $60,587 in restitution to the U.S. Transportation Security Administration for repairs needed after he introduced a code into the system that would have disrupted the agency’s ability to compare arrest warrants against the names of air travelers. According to court records, the incident occurred on Oct. 23, 2009, while Duchak worked at the TSA’s operations center in Colorado Springs, days after he had been notified by a TSA contractor that his job was about to be terminated. Investigators said security cameras and other data showed Duchak entering the operation center after hours that night about the same time that the unauthorized code was entered. If activated, the code would have disrupted TSA’s ability to vet names against its “no fly” list t...