The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

You may accept heard that the Internet ran out of IP addresses this week, a after crisis sometimes compared to all the Y2K agitation that accompanied the accession of the year 2000. Actually, this is alone the alpha of the end for the Internet as we apperceive it. And as with Y2K, alarms are actuality aloft with the ambition of acclamation the botheration far abundant in beforehand that back the end assuredly comes no one will notice. If you recall, Y2K was declared to beggarly utilities would abort and planes would abatement out of the sky if programmers bootless to basis out every instance ofcomputer application accounting with 2-digit date fields, as if the 1900s would never end. In this case, the affair is the burnout of the 4.3 billion Internet Protocol adaptation 4 addresses (IPv4), which are rapidly actuality assigned to web servers, cable modems, and acute phones. No one is admiration the end of the world, but there is assignment to be done by anybody who manages a arrangem...

3 Months Journey of ' The Hacker News ' "Journey Of 3 Beautiful and Successful Months Of ' The Hacker News '. We wanna say thanks to all Hacking Groups and Hackers who become the Part of 'The Hacker News' in any form ie. as News/Source/Admin/Support/Reader. For us you all are diamonds, We work beyond the Boundaries & Limits. We dedicate our best to update form mind 24X7. Stay Tuned to us, Fell The Truth (^_^) " Our Stats Of these 3 Months : Team : T he H acker N ews Thank You !

In April 2009 the whistle-blower website WikiLeaks appear a abstruse U.S. aggressive certificate account abstruse capabilities of the U.S. Navy's Pacific Missile Range Facility on Kauai. In an online column answer how it acquired the information, WikiLeaks adumbrated alone that it came from "a source." It was addition accomplishment for WikiLeaks and its founder, Julian Assange, who describes the extensive organization—it has no anchored domicile—as a defended agenda bead box for antagonistic insiders. He has again said WikiLeaks doesn't actively access classified abstracts but rather provides a belvedere for others who accept arcane advice to acknowledge for the attainable good. Except that WikiLeaks, according to Internet aegis aggregation Tiversa, appears to accept bolter bottomward that aggressive certificate itself. Tiversa says the accumulation may accept exploited a affection of file-sharing applications such as LimeWire and Kazaa that are generally acclimate...

If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk.  A gap in access control in Microsoft Entra's subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them.  All the guest user needs are the permissions to create subscriptions in their home tenant, and an invitation as a guest user into an external tenant. Once inside, the guest user can create subscriptions in their home tenant, transfer them into the external tenant, and retain full ownership rights. This stealthy privilege escalation tactic allows a guest user to gain a privileged foothold in an environment where they should only have limited access. Many organizations treat guest accounts as low-risk based on their temporary, limited access, but this behavior, which works as designed, opens the door to known attack paths and lateral movement within the resource t...

Federal authorities are investigating a computer advance at the aggregation that runs the Nasdaq banal exchange, the Wall Street Journal arise Friday. According to the report, which cites bearding sources, Nasdaq OMX Group computers were compromised ancient over the accomplished year, but the company's trading belvedere was unaffected. "So far, [the perpetrators] arise to accept aloof been attractive around," the Journal quotes one antecedent as saying. Nasdaq OMX Group runs a cardinal of banal exchanges, including the U.S. Nasdaq, and exchanges that barter in Copenhagen, Stockholm, Helsinki, and the Baltic region. The analysis is actuality conducted by the U.S. Federal Bureau of Analysis and the U.S. Secret Service, the address states. Nasdaq assembly could not be accomplished anon for comment. Hacking incidents like this are acceptable added common, as boundless e-mail and Web-based computer attacks abide to beat workers in corporations and in government. In som...

Creators of a affected dating armpit accept taken claimed advice from 250,000 Facebook profiles - and reproduced it after the ability of the associates of the accepted amusing networking site. Lovely-faces.com uses the names and photos of Facebook associates and again gives users the advantage to 'arrange a date' with the biting volunteers - which leads them to the aboriginal contour folio of the person. The aimless bodies accept been aggregate into adulatory categories, such as 'Smug Women' and 'Climber Men', which are advised alone by their appearance. The database can be searched by nationality, gender or by character. Users can additionally vote to adjudge what anniversary being is like and amount how 'cool' they are. The creators, Paolo Cirio and Alessandro Ludovic, accept dedicated their armpit by claiming it is an art activity and they are alone accumulative the aperture of aloofness acceptable by Facebook. 'Facebook, an endlessly ...

One of the most famous network logon cracker - THC-HYDRA, has been updated! We now have THC-HYDRA version 6.1 in less than a fortnight! "THC-HYDRA is a very fast network logon cracker which support many different services. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD and OSX." This is the change log: More license updates for the files for the debian guys Fix for the configure script to correctly detect postgresql Add checks for libssh v0.4 and support for ssh v1 Merge all latest crypto code in sasl files Fix SVN compilation issue on openSUSE (tested with v11.3) Download THC-HYDRA v6.1

The Google Hacking Diggity Activity is a analysis and development action committed to investigating the best recent techniques that advantage chase engines, such as Google and Bing, to bound analyze accessible systems and acute abstracts in accumulated networks. The activity folio contains downloads and links to our best recent Google Hacking analysis and chargeless aegis tools. Defensive strategies are additionally introduced, including avant-garde solutions that use Google Alerts to adviser your arrangement and systems. With the retirement of Google's SOAP Chase API on September 7, 2009, best of the aegis utilities accessible for Google Hacking cease to function, abrogation the aegis industry with a charge for fresh and avant-garde tools. GoogleDiggity is a fresh MS Windows command band account advised to advice ample that need. GoogleDiggity leverages the Google AJAX API, so it will not get you blocked by Google bot apprehension while scanning. Also, clashing added Google Hacking ...

This story was sent to us by email from Luca Fenochietto himself, in which he tries to get his side of the story out there which may well be the truth. The full story goes like this: The Last Friday 21st January, Christian Russo and his partner Luca Fenochietto discovered a vulnerability in  PlentyOfFish  exposing users details, including usernames, addresses, phone numbers, real names, email addresses, passwords in plain text, and in most of cases, paypal accounts, of more than 28,000,000 (twenty eight million users). This vulnerability was under active exploitation by hackers. Their team decided to notify Mr. Markus Frind (founder and CEO of PlentyOfFish Inc.) about these circumstances as soon as possible in order to stop any potential damage which could be done, by the exploitation of this vulnerability. The flaw was reported the same night to Annie Kanciar, his wife, who was very thankful with us, and contacted one of their developers in order to infor...

One affair about The Daily that ashamed me from the additional I aboriginal laid eyes on the iPad bi-weekly that launched bygone is that there is no one abode area you can see a simple account of every news in the issue. There is a table of contents, but it shows alone ten featured stories. Like any acceptable hack, The Daily: Indexed creates a affection that is missing from the aboriginal but is acutely needed. The Tumblr blog put calm by Andy Baio creates a complete table of capacity for The Daily. The Daily: Indexed is causing a activity because The Daily is a subscription-only advertisement meant to be apprehend on the iPad. The Daily's website is not abundant added than brochureware for the iPad app at this point, but there is a backdoor to every story. Whenever a subscriber shares a news via email, Twitter, or Facebook from their iPads—like this one about Amish raw milk smugglers—the recipients get a articulation to the news on thedaily.com. You can't acquisition these belief b...

Flickr initially said that it had assuredly deleted Mirco Wilhelm's five-year old account, but a day afterwards said that it has absolutely adequate the photo collection. It's every Flickr user's affliction nightmare: one day you login to acquisition your accumulating of bags of anxiously organized photos acquire vanished. Permanently. That's absolutely what happened this anniversary to Mirco Wilhem. When Wilhelm, a five-year affiliate of the Yahoo-owned photo-sharing website, approved to log in to his annual he was denied admission and instead prompted to actualize a fresh account. An e-mail from Flickr eventually accepted his fears: Hello, Unfortunately, I have mixed up the accounts and accidentally deleted yours. I am terribly sorry for this grave error and hope that this mistake can be reconciled. Here is what I can do from here: I can restore your account, although we will not be able to retrieve your photos. I know that there is a lot of history on your account–again, pl...

A small study by a trending company shows that Facebook addiction is one of the fastest growing searches related to addiction. It is more popular than searches for sex or cigarette addiction. While we already knew that social networks like Facebook produce drugged-up, sex-crazed teenagers, new research shows that Facebook addiction may be soon be more prevalent than offline addictions like sex. The Internet Time Machine, a company that searches for trends across the Web through its extensive cloud computing network, is reporting that Facebook may be more popular than sex. Addiction to social media, specifically Facebook, is one of the top ranked digital addictions, says the trending company. More people are searching for help with Facebook addiction than sex addiction. "The rise of social media and the fear/need to be in constant contact with status updates and tweets has created a problem for people with addictive personalities," says ITM. "The fact that accessing Facebook is so...

450 Global Training Centers Nominated, 25 Selected Worldwide, 8 in the USA, 1 in St. Louis (February 2, 2011) St.  Louis, MO – Hacker University is pleased to announce it has been asked by EC-Council, the leading international certification body in information security, to participate in the Global Launch of CEH v7 - the most advanced information security and ethical hacking training program in the world which is not yet publicly available. Only 15 students will be allowed to attend this exclusive, cutting-edge class the week of March 14, 2011 in St. Louis – becoming one of the world's first CEH v7 certified professionals. Hacker University's Global Launch instructor and co-owner, Dave Chronister, is thrilled to be a part of this revolutionary event. "I am excited at the universal recognition this event brings the city of St. Louis as well as Hacker University. CEH version 7 breaks away from its earlier releases with more emphasis on techniques and methodologies hackers use to...