The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Ravi3ggsmindia.com Defaced by Fedora (Pak Hacker) Hacked site link :  https://ravi3ggsmindia.com/ News Source : Fedora (Pak Hacker)

Hackers have compromised a private e-mail list used by Linux and BSD distributors to share information on embargoed security vulnerabilities and used a backdoor to sniff e-mail traffic, according to the moderator of the list. In a note to " Vendor-Sec " members, moderator Marcus Meissner said he noticed the break-in on January 20 but warned that it might have existed for much longer. I have disabled the specific backdoor, but as I am not sure how the break-in happened it might reappear. So I recommend not mailing embargoed issues to vendor-sec@….de at this time. Immediately after Meissner's warning e-mail, the attacker re-entered the compromised machine and destroyed the installation. The "Vendor-Sec" list is used by distributors of free/open-source OS and software to discuss potential distribution element (kernel, libraries, applications) security vulnerabilities, as well as to co-ordinate the release of security updates by members. This means that a compromise and the captu...

A vulnerability that a researcher planned to use to compromise an Android cellphone at a hacking contest later this week got squashed after Google fixed the underlying bug in the Android Market. Scio Security CTO Jon Oberheide notified Google of the XSS, or cross-site scripting, bug in the application bazaar because he didn't believe the vulnerability would qualify under terms of the Pwn2Own contest that is scheduled to start on Wednesday. The "incredibly low-hanging naive persistent XSS" allowed attackers to to remotely install malicious apps on Android handsets by tricking users into clicking a link on their phones or computer browsers while logged into a Google account. Oberheide later learned that the vulnerability didn't run afoul of contest rules, allowing him to collect $15,000 and a free handset if he was successful. But he recently discovered Google closed the security hole. The $1,337 awarded to Oberheide under Google's bug bounty program, is little consolati...

In coordination with Metasploit Express and Metasploit Pro, version 3.6 of the Metasploit Framework is now available. Hot on the heels of 3.5.2, this release comes with 8 new exploits and 12 new auxiliaries. A whopping 10 of those new auxiliary modules are Chris John Riley's foray into SAP, giving you the ability to extract a range of information from servers' management consoles via the SOAP interface. This release fixes an annoying installer bug on Linux where Postgres would not automatically start on reboot. The feature I am most excited about is the new Post Exploitation support. I hinted at this new module type in the 3.5.2 release announcement and with 3.6, more than 20 new modules are available. Post modules are a new, more powerful, replacement for meterpreter scripts. Scripts were clearly tied to a single platform: meterpreter for Windows. With modules it is much easier to abstract common tasks into libraries for any platform that can expose a session. For example, f...

Tor 0.2.1.30 fixes a variety of less critical bugs. The main other change is a slight tweak to Tor's TLS handshake that makes relays and bridges that run this new version reachable from Iran again. We don't expect this tweak will win the arms race long-term, but it buys us time until we roll out a better solution. Complete Release description : Click Here Click Here to Download

After recovering from the largest Distributed Denial of Service attack in the service's history ("multiple Gigabits per second and tens of millions of packets per second") yesterday morning, blog host WordPress.com was attacked again very early this morning, finally stabilizing its service at 11:15 UTC (around 3:15 am PST). WordPress.com hosts over 30 million blogs, many of them news sites like our own, which lead some to conjecture that the attacks had come from the Middle East, a region experiencing its own Internet issues at the moment. Not so says Automattic founder Matt Mullenweg, who tells me that 98% of the attacks over the past two days originated in China with a small percentage coming from Japan and Korea. According to Mullenweg one of the targeted sites was a Chinese-language site operating on WordPress.com which also appears to be blocked on Baidu, China's major search engine. WordPress doesn't know exactly why the site was targeted and won't release the name until it ...

43 Indian sites hacked by KiLLerMiNd ! Hacked Site Links :  https://pastie.org/1642415

Security Event : Recon 2011 Conference ! WHAT RECON is a computer security conference held annually in Montreal, Canada. It offers a single track of presentations over the span of three days with a focus on reverse engineering and advanced exploitation techniques. The registration fee includes an access pass to the conference as well as breakfast, lunch, and coffee breaks for all three days of the conference. Provincial and federal sales taxes will be applied to all registration fees. All registration fees are payable in Canadian dollars (CAD). There will be 250 tickets sold. WHEN July 8, 9, and 10, 2011 CONFERENCE REGISTRATION Registration opens March 21. The rate is discounted for early registrations. March: $500 CAD April: $600 CAD May: $700 CAD June: $800 CAD July: $1000 CAD Student before April 30: $350 CAD Student between May and June: $450 CAD WHERE Recon will be held in downtown Montreal, Canada at the Hyatt Regency Montreal. Room rates are: $149 CAD per...

HACKERS have infiltrated Finance Ministry computers to access documents linked to France's presidency of the G20. Between December and the start of March, the ministry was subject to a "gigantic cyber attack", according to the magazine Paris Match, which broke the story on its website. Speaking on Europe 1 radio, Budget Minister François Baroin confirmed that "information has certainly been obtained" by hackers, probably from a source outside France, and that "what they were targeting was the organisation of the G20". In total, 150 computers are said to have been hacked into after spyware was introduced via attachments on emails sent from pirated email addresses. Paris Match, which cited "sources close to the affair", said "numerous documents" linked to the G20 group, which brings together major economies to discuss the world economy, had been copied. The head of national IT security agency ANSII, Patrick Pailloux, told the magazine "this is the first attack against the French...

Anonymous Internet users discovered Thursday that the United States Government plays a major role in the day-to-day operations of the most popular Internet news source used by internet activists, or "hacktivists." Anonnews.org claims to serve decentralized hacker group Anonymous as its central source of information, including targets and Anonymous press releases, which anyone can submit. A number of Internet users frequenting both the chronicle.SU and anonnews.org websites discovered that the website selectively runs articles that only fall in line with the agenda of the U.S. Government, and brought this to the attention of chronicle.SU senior executives. As perhaps only a handful of our readers know, anonnews.org, whose slogan is Everything Anonymous, actively deletes any and all content submissions originating from chronicle.SU. We have fought this for a long time, out of fairness to Anonymous and outside objectors, but we too have come to realize anonnews.org is either owned by, or...

Geohot has been causing quite a disturbance due to his ongoing legal battle with Sony. Geohot jailbroke the Sony PS3 to run unsigned code. Sony is now suing him, and Geohot is under the tech industry's spotlight more than ever. So, what does all this have to do with Windows Phone 7? Microsoft has shown interest in Geohot before, and the company even reached out to him financially for his legal fight against Sony. Geohot will know be using his hacking skills at an upcoming convention to try and jailbreak Windows Phone 7… George "Geohot" Hotz is renowned for his jailbreak exploits on the iPhone, and he has expanded his hacking interests to other platforms. Electronista reports, "At the fifth annual Pwn2Own competition next week, George Hotz (Geohot) will attempt to use his hacking skills that landed him in hot water with Sony to win prizes. This year's target platform will be Windows Phone 7, though other devices and operating systems will also take part. An attack will be judged...

CHINESE computer hackers last June gained access to secret South Korean military files on a planned spy plane purchase from the United States, a Seoul lawmaker says. The hackers accessed information in defence ministry computers on the plan to buy unmanned Global Hawk aircraft, said Shin Hak Yong, an opposition Democratic Party lawmaker and a member of parliament's defence committee. 'A government official reported the incident to me... the government has not raised the issue with China yet and is still debating how to handle it,' Shin's spokesman quoted him as saying, confirming his comments reported in Monday's Chosun Ilbo newspaper. Seoul last year earmarked 45.2 billion won (S$51.2 million) for the spy plane purchase following the North's alleged attack on a South Korean warship that left 46 sailors dead in March 2010. Cross-border tensions escalated further after Pyongyang's shelling attack on a frontier island that killed four South Koreans inc...