The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

'EC-Council Academy'  server compromised ! EC-Council Academy , Here a image show above that  http://www.eccouncilacademy.org  got rooted by a hacker. The image clear expose the shell on the server and via putty the hacker is login as root on their server :P Update : I wanna clarify that ' EC-Council  Academy' is not a part of 'EC-Council Organisation' , Actually in above image we have just shown that Academy's  web hosting server had been compromised, it  was not actually defaced by hacker. " I wish to clarify to our partners, clients and friends that the EC-Council Academy Sdn. Bhd. is neither a subsidiary, associate nor a sister concern of the International Council of Electronic Commerce Consultants (EC-Council). EC-Council Academy is purely one of the 450 training locations EC-Council has in over 80 countries. However, it is officially sanctioned to use the EC-Council name as it is a licensee of EC-Council's trai...

#Anonymous : An Open Letter To Broadcast Music, Inc. Anonymous Hackers just Release a new open letter for Broadcast Music , as shown Below : To: Broadcast Music, Incorporated Greetings from Anonymous, As you have no doubt gathered from various media outlets and our own information disseminated across the internet, we are an internet activist group independent of any and all national, political, or religious affiliations. Despite our differences, we are united in the preservation of intellectual freedom and fair copyright laws. Too long have the music and cinema industries, among others, abused copyright for their own gain. Legislation serves to protect artists not the companies managing them and should never attempt to prevent the spread of creativity to the general public. We have seen BMI consistently copyright legislation and consequently have decided to take action against it to show that the people will not stand for its crimes against the public. As of the time of the writ...

Summary The Facebook Translations tool’s search feature was vulnerable to a simple reflected XSS attack. How did it work? The  Translations tool  allows users to perform phrase searches within translations. In this case, when a search query returned 0 results, the script displayed a message (“Your search for “YOUR PHRASE HERE” did not match any results.”) which contained unsanitized user input (the search query). Why is this important? The XSS vulnerability was on Facebook.com. An attacker could have used it to access or change information on people’s accounts. Despite Facebook’s claims that they’ve  eliminated   XSS vulnerabilities , it’s clear that some portions of the site are better protected than others (ie: Translations was probably not using XHP). Lesser used portions of the site, like the Translations tool, are often the most vulnerable since they’re not updated as often or tested as frequently. More Information I want to thank Facebook for responding to ...

ClubHack : CHMag Issue 14th, March 2011 Download ! Description: 14th issue of ClubHACK magazine is out. Contents of this issue: Tech Gyan - Remote Thread Execution in System Process Tool Gyan - JS Recon: Java Script Network Reconnaissance Tool Mom's Guide - Choosing Right Secure Mobile Legal Gyan - Law Related Unauthorized Access Command Line Gyan - Backup & Bulk Copy Maruix Vibhag - Introduction Part 1 PDF download link: http://chmag.in/issue/mar2011.pdf News Source :  Abhijeet Patil URL: http://chmag.in

Tuesday, Google announced a few changes to Chrome, its engineered-for-speed web browser. The super-fast beta version that was announced a few weeks ago has already been updated to a stable version. For the Googlers working on Chrome, speed entails not only faster code (the latest version of Chrome boasts a 66% improvement in JavaScript performance) but also easier-to-navigate interfaces. With that in mind, the company is rolling out a new Settings interface for all Chrome users. One major change is that Settings are now presented in a Chrome tab rather than a dialog box — a change that will seem familiar to those using Google’s Cr-48 notebooks, which run Chrome OS and present absolutely everything in a browser tab. Settings are also searchable, which many users will likely find extremely helpful. Here’s a brief demo video showing Chrome’s new Settings pages in action: Google has also extended its sandboxing features to Chrome’s Flash player. Interested parties can download...

Security vulnerability testing is getting a boost this week with the release of Metasploit 3.6. Metasploit Pro, the commercial version of the product, now includes new PCI compliance reporting capabilities. There is also a new Project Activity Report, which helps organization manage and track penetration testing activities. While there have been improvements to the commercial tool, open source users also benefit from some of the work done on Metasploit Pro 3.6 "The work behind the Pro Console actually resulted in major usability improvements to the standard Metasploit Framework console," said HD Moore, chief security officer at Rapid7 and Metasploit's chief architect. "All 64 of the new modules (including 15 exploits) are available in the open source version as well as the commercial products."

#OperationPayback , Next Target Bmi.com by Anonymous Hackers ! Operation Payback's third target since its revival is www.bmi.com We will not rest until our demands our met. We are Anonymous We are Legion We do not Forgive We do not Forget Expect Us News Source : Anonymous :P

DENIAL OF SERVICE: HACKERS BROUGHT down the International Women’s Day website yesterday. Three separate “denial-of-service” attacks were directed at the internationalwomensday.com website, the organisers said. “As the centenary of International Women’s Day struck in the Asia Pacific region, perpetrators commenced attacking the internationalwomensday.com website in an explicit attempt to prevent users from accessing the global hub for International Women’s Day,” a statement on the site said. The site expected more than 100,000 visitors yesterday and has recently had about 25,000 users a day. According to the women’s day organisers, the website was the target of “a massive five gigabytes per second” directed at the site in an attempt to prevent “legitimate users” from accessing it. Denial-of-service attacks commonly involve bombarding the target with a huge number of external requests in order to prevent the intended users gaining access. “These type of attacks have brought ...

Warner Bros. is apparently hoping to attract new fans by offering movies for viewing on Facebook. The movie studio announced this evening it would begin testing a program that would offer movies for sale or rental for a brief period through its fan pages on the social-networking giant. Beginning tomorrow, Facebook users can use Facebook Credits to rent "The Dark Knight" through the movie's official fan page on the social-networking site, Warner said in statement. The movie can be rented for 30 Facebook credits or $3, and Facebook users will have access to the movie for 48 hours through their accounts on the social network. Facebook Credits is an alternative payment option for more than 150 games and applications on the social network. It's supported by games such as FarmVille and Mafia Wars, as well as Bejeweled Blitz and Madden NFL Superstars. Most titles still allow gamers to pay with credit cards, but it's Facebook's hope that eventually, users will buy a...

Android's little green robot mascot is pretty cute. Even one of Apple's biggest fans could admit he's cooler than a slightly bitten fruit. So seeing how commonly hacked Android is, when Instructables member Tanabata decided to hack a figurine to make it responsive--the Android robot is, of course, the natural choice. Tanabata's Mechanized Android Figure moves its head, displays light patterns, reacts to sound, and can send out messages in morse code. His model is from DYZPLASTIC, but you could use this hack on and figurine you have lying around that you don't mind altering. From there. you're going to need a whole lot of supplies--think four types of LED and resistors, plastic and metal micro servos, a Piezo and power supply to name but a few. Fortunately the full instructions and shopping list (with links!) are available on Instuctables to follow. After a bit of wiring (remembering to keep things small) all the gear up, then prising open the firgurine to ad...

The average website has serious vulnerabilities more than nine months of the year, according to a new report issued yesterday. According to a study issued by researchers at WhiteHat Security, the average site is exposed about 270 days of the year. "Information Leakage" has replaced Cross-Site Scripting (XSS) as the most common website vulnerability, the report says. The report examined data from more than 3,000 websites across 400 organizations that are continually tested for vulnerabilities by WhiteHat Security's Sentinel service. The study offers a look at sites' "Window of Exposure," which measures not only the vulnerabilities found in sites, but the length of time it takes those vulnerabilities to be remediated. "It's inevitable that websites will contain some faulty code -- especially in sites that are continually updated. Window of Exposure is a useful combination of the vulnerability prevalence, the time it takes to fix vulnerabilities, and...

BREMERTON  — The partially naked photograph of a Bremerton teenager has managed to circulate to her e-mail contacts, teachers and even to colleges where she'd applied to school, according to Bremerton police reports. The girl said she'd sent a picture of herself wearing only underwear to her boyfriend about six months ago, police said. Recently, her computer has had problems and she believes it may have been hacked. She then discovered the photo, which was on the computer, had gone out to her e-mail contacts and asked police to investigate. Bremerton detectives are on the case. Anyone with information is asked to call 911.