The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

In coordination with Metasploit Express and Metasploit Pro, version 3.6 of the Metasploit Framework is now available. Hot on the heels of 3.5.2, this release comes with 8 new exploits and 12 new auxiliaries. A whopping 10 of those new auxiliary modules are Chris John Riley's foray into SAP, giving you the ability to extract a range of information from servers' management consoles via the SOAP interface. This release fixes an annoying installer bug on Linux where Postgres would not automatically start on reboot. The feature I am most excited about is the new Post Exploitation support. I hinted at this new module type in the 3.5.2 release announcement and with 3.6, more than 20 new modules are available. Post modules are a new, more powerful, replacement for meterpreter scripts. Scripts were clearly tied to a single platform: meterpreter for Windows. With modules it is much easier to abstract common tasks into libraries for any platform that can expose a session. For example, f...

Tor 0.2.1.30 fixes a variety of less critical bugs. The main other change is a slight tweak to Tor's TLS handshake that makes relays and bridges that run this new version reachable from Iran again. We don't expect this tweak will win the arms race long-term, but it buys us time until we roll out a better solution. Complete Release description : Click Here Click Here to Download

After recovering from the largest Distributed Denial of Service attack in the service's history ("multiple Gigabits per second and tens of millions of packets per second") yesterday morning, blog host WordPress.com was attacked again very early this morning, finally stabilizing its service at 11:15 UTC (around 3:15 am PST). WordPress.com hosts over 30 million blogs, many of them news sites like our own, which lead some to conjecture that the attacks had come from the Middle East, a region experiencing its own Internet issues at the moment. Not so says Automattic founder Matt Mullenweg, who tells me that 98% of the attacks over the past two days originated in China with a small percentage coming from Japan and Korea. According to Mullenweg one of the targeted sites was a Chinese-language site operating on WordPress.com which also appears to be blocked on Baidu, China's major search engine. WordPress doesn't know exactly why the site was targeted and won't release the name until it ...

43 Indian sites hacked by KiLLerMiNd ! Hacked Site Links :  https://pastie.org/1642415

Security Event : Recon 2011 Conference ! WHAT RECON is a computer security conference held annually in Montreal, Canada. It offers a single track of presentations over the span of three days with a focus on reverse engineering and advanced exploitation techniques. The registration fee includes an access pass to the conference as well as breakfast, lunch, and coffee breaks for all three days of the conference. Provincial and federal sales taxes will be applied to all registration fees. All registration fees are payable in Canadian dollars (CAD). There will be 250 tickets sold. WHEN July 8, 9, and 10, 2011 CONFERENCE REGISTRATION Registration opens March 21. The rate is discounted for early registrations. March: $500 CAD April: $600 CAD May: $700 CAD June: $800 CAD July: $1000 CAD Student before April 30: $350 CAD Student between May and June: $450 CAD WHERE Recon will be held in downtown Montreal, Canada at the Hyatt Regency Montreal. Room rates are: $149 CAD per...

HACKERS have infiltrated Finance Ministry computers to access documents linked to France's presidency of the G20. Between December and the start of March, the ministry was subject to a "gigantic cyber attack", according to the magazine Paris Match, which broke the story on its website. Speaking on Europe 1 radio, Budget Minister François Baroin confirmed that "information has certainly been obtained" by hackers, probably from a source outside France, and that "what they were targeting was the organisation of the G20". In total, 150 computers are said to have been hacked into after spyware was introduced via attachments on emails sent from pirated email addresses. Paris Match, which cited "sources close to the affair", said "numerous documents" linked to the G20 group, which brings together major economies to discuss the world economy, had been copied. The head of national IT security agency ANSII, Patrick Pailloux, told the magazine "this is the first attack against the French...

Anonymous Internet users discovered Thursday that the United States Government plays a major role in the day-to-day operations of the most popular Internet news source used by internet activists, or "hacktivists." Anonnews.org claims to serve decentralized hacker group Anonymous as its central source of information, including targets and Anonymous press releases, which anyone can submit. A number of Internet users frequenting both the chronicle.SU and anonnews.org websites discovered that the website selectively runs articles that only fall in line with the agenda of the U.S. Government, and brought this to the attention of chronicle.SU senior executives. As perhaps only a handful of our readers know, anonnews.org, whose slogan is Everything Anonymous, actively deletes any and all content submissions originating from chronicle.SU. We have fought this for a long time, out of fairness to Anonymous and outside objectors, but we too have come to realize anonnews.org is either owned by, or...

Geohot has been causing quite a disturbance due to his ongoing legal battle with Sony. Geohot jailbroke the Sony PS3 to run unsigned code. Sony is now suing him, and Geohot is under the tech industry's spotlight more than ever. So, what does all this have to do with Windows Phone 7? Microsoft has shown interest in Geohot before, and the company even reached out to him financially for his legal fight against Sony. Geohot will know be using his hacking skills at an upcoming convention to try and jailbreak Windows Phone 7… George "Geohot" Hotz is renowned for his jailbreak exploits on the iPhone, and he has expanded his hacking interests to other platforms. Electronista reports, "At the fifth annual Pwn2Own competition next week, George Hotz (Geohot) will attempt to use his hacking skills that landed him in hot water with Sony to win prizes. This year's target platform will be Windows Phone 7, though other devices and operating systems will also take part. An attack will be judged...

CHINESE computer hackers last June gained access to secret South Korean military files on a planned spy plane purchase from the United States, a Seoul lawmaker says. The hackers accessed information in defence ministry computers on the plan to buy unmanned Global Hawk aircraft, said Shin Hak Yong, an opposition Democratic Party lawmaker and a member of parliament's defence committee. 'A government official reported the incident to me... the government has not raised the issue with China yet and is still debating how to handle it,' Shin's spokesman quoted him as saying, confirming his comments reported in Monday's Chosun Ilbo newspaper. Seoul last year earmarked 45.2 billion won (S$51.2 million) for the spy plane purchase following the North's alleged attack on a South Korean warship that left 46 sailors dead in March 2010. Cross-border tensions escalated further after Pyongyang's shelling attack on a frontier island that killed four South Koreans inc...

Microsoft has opted not to release any patches to its Internet Explorer 8 browser prior to this year's Pwn2Own browser exploit challenge, which is set to run from March 9 to March 11 at the CanSecWest security conference. There's been no indication as to why Microsoft's not making one last effort to plug security vulnerabilities within Internet Explorer 8. Pundits have suggested that the company might be waiting to see exactly what exploits and security flaws are uncovered by the various contestants in the annual contest, such that the company can more quickly address them post-Pwn. For the uninitiated, Pwn2Own works like this: Security researchers square off in an attempt to hack through the browser or mobile operating systems of eight different targets. Each Pwn2Own entrant or team has 30 minutes to compromise the browser or phone, and each device or web browser has—at maximum—four individuals or teams competing. The first group to successfully hack a device or browse...

Your credit card number and its code is the new currency in contemporary world where thieves skim the money right from your banking account. It is the new world where the cyberspace poses threats along with its immense impact on how we live and conduct our day-to-day business - it is the topic of a two-day seminar on cyber crime that started at Bhaikaka Hall near Law Garden on Saturday. Organized by the Institute of Engineers ( India), Gujarat State Centre in association with DST, Gujarat Electronics and Software Industries Association and CSI, the seminar will see discussion on real-life cases and legal hassles where experts from various fields will share their thoughts on the subject. "With the reach of internet, it is a high time to educate ourselves about the threats looming large and find a solution for it," said Bharat Patel, convener of the seminar. Despite significant advancement in technology, cyber terrorism is one of the greatest challenges for our society,...

Facebook new Vulnerability , Lots of Accounts misused for Spamming !  Facebook New Vulnerability, This time Facebook Groups are Vulnerable , One by one we getting more on more bugs in Facebook. Last days their was lots of bugs in Facebook page, because of that lots of big pages got hacked, Now 1000's of facebook profiles are misused to do spam on facebook groups. Total Exposure :  The current bug allows you to post as any user whose email address you know. You don't need any other user access, no password nothing. The only two things you'll need are: 1.) User's email address (from their facebook profile). 2.) A group email address of which user is a part ( on groups' homepage). Final Hack : After you have both these details send a spoofed mail from user to group email and bang it will be posted from user's profile without any need of password. Notice : We have already submit this bug to facebook authorities, Hope they will fix it ,as soon as p...