The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

SourceForge , the popular project hosting site, has released  Allura , the software that powers its service, as  Apache 2.0  licensed open source. The project to develop Allura began in 2009 and currently an instance of the software, which has also been known as "New Forge" or "Forge 2.0" during development, runs on SourceForge's servers. Allura is a Python based application which makes use of the NoSQL database MongoDB, the Solr search server and the RabbitMQ messaging platform, to deliver the repositories, wikis, trackers and forums to users allowing them to manage their projects. The developers also use nose to provide a suite of unit tests for the application. By design, Allura is extensible in a number of ways, most notably by basing new tools on  allura.Application  which provides themes, authentication and other pluggable APIs to Allura components. Allura was actually "soft launched" in February, in anticipation of a full launch this month, and...

Blazing Star (Pakistani website) Defaced by Crash Viperr & CyberDog ! Hacked Site :   https://www.blazingstar.com.pk/ News Source : Crash Viperr & CyberDog !

The  European Network and Information Security Agency (ENISA) , Europe's Cyber security agency, issued a report focused on botnets this week titled, " Botnets: Measurement, Detection, Disinfection and Defence. " The report discusses the reliability of botnet size estimates and provides recommendations and strategies to help organizations fight against botnets. In addition, ENISA published a list of what it considers the top 10 key issues for policymakers in ' Botnets: 10 Tough Questions. ' The 154 page " Botnets: Measurement, Detection, Disinfection and Defence " report includes different types of best practices to measure, detect and defend against botnets from all angles. The countermeasures are divided into 3 main areas: neutralizing existing botnets, preventing new infections and minimizing the profitability of cybercrime using botnets. The recommendations cover legal, policy and technical aspects of the fight against botnets and give targeted recommendations ...

A total of 35,000 websites on the Chinese mainland were attacked by hackers in 2010, including 4,635 government websites, according to the Internet security report released by the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) on March 9. The report shows that the IP addresses of 5 million domestic host computers were infected with a trojan horse or corpse virus. According to the report, government websites are vulnerable to hacker attacks and websites of financial institutions have become the main targets of hackers. According to the monitoring by the CNCERT/CC, 35,000 websites on Chinese mainland were victims of hackers in 2010, a decrease of 22 percent from 2009. Of them, however, 4,635 were government websites, an increase of 68 percent from a year earlier. Around 60 percent of ministerial-level websites have potential security risks to various degrees. "Hackers use two main means to attack government websites. One means i...

CHINESE blogger and activist Michael Anti wants to know why he is less worthy of a Facebook account than company founder Mark Zuckerberg's dog. Anti, a popular online commentator whose legal name is Zhao Jing, said his Facebook account had been suddenly cancelled in January. Company officials told him by e-mail that Facebook had a strict policy against pseudonyms and that he must use the name issued on his government ID. Anti said his professional identity as Michael Anti has been established for more than a decade, with published articles and essays. Anti, a former journalist who has won fellowships at both Cambridge University and Harvard University, said he set up his Facebook account in 2007. By locking him out of his account, Facebook had cut him off from a network of more than 1,000 academic and professional contacts who knew him as Anti, he said. "I'm really, really angry. I can't function using my Chinese name. Today, I found out that Zuckerberg's...

BlackBerry OS fell during the second day of the Pwn2Own hacking competition as a result of a drive-by download attack that chained together several exploits. The trio that managed to hack RIM's mobile operating system, Vincenzo Iozzo, Willem Pinckaers and Ralf Philipp Weinmann, exploited two vulnerabilities in the open-source WebKit layout engine in order to do it. The attack was launched from a specially crafted web page that stole information like contacts and images from the device and also wrote a file to the storage system. The hackers chained together an exploit for an information disclosure bug and one for an integer overflow vulnerability, but what's most impressive is that they did it without any documentation. They didn't have access to any debugging tool, like the ones available for other systems, that could have helped them determine how the attack code interacts with the system. Instead, they had to rely on exploiting a separate bug to read the device...

Microsoft Windows Picture and Fax Viewer Library  Vulnerability ! I. BACKGROUND The Windows Picture and Fax Viewer "shimgvw.dll" library is used by Windows Explorer to generate thumbnail previews for media files. II. DESCRIPTION Remote exploitation of a buffer overflow vulnerability in multiple versions of Microsoft Corp.'s Windows could allow attackers to execute arbitrary code on the targeted host. An integer overflow vulnerability exists in the "shimgvw" library. During the processing of an image within a certain function, a bitmap containing a large "biWidth" value can be used to cause an integer calculation overflow. This condition can lead to the overflow of a heap buffer and may result in the execute arbitrary code on the targeted host. III. ANALYSIS Exploitation could allow attackers to execute arbitrary code on the targeted host under the privileges of the current logged-on user. Successful exploitation would require the attacker to e...

It's pretty bold and a cunning coup; criminals have installed a trojan in the Android Market Security Tool that Google is distributing to delete the contaminated apps that recently popped up on the Android Market. As users have been told to expect to see the application running on their phones clearing up the damage the Droiddream trojan did, there's a good chance they won't be suspicious of it. According to reports though, at present, the trojan-infested version of the tool is only in circulation on an "un-regulated third-party Chinese marketplace" and appears to only affect users of a particular Chinese mobile network. According to an initial analysis by Symantec, the trojan contacts a control server and is able to send text messages if commanded to do so. According to F-Secure, BGServ (as the contaminant is called) also sends user data to the server after being installed. Apps from sources other than the Android Market cannot, however, be installed unintent...

Stephen Fewer won Pwn2Own ! The annual Pwn2Own contest at the CanSecWest conference kicked off Wednesday and one of the winners this year was Stephen Fewer, who exploited Internet Explorer 8 on Windows 7. Dennis Fisher spoke with him about the contest, the challenge of attacking IE 8 and the utility of memory protections.

Reverse Engineering of Proprietary Protocols, Tools and Techniques ! This talk is about reverse engineering a proprietary network protocol, and then creating my own implementation. The talk will cover the tools used to take binary data apart, capture the data, and techniques I use for decoding unknown formats. The protocol covered is the RTMP protocol used by Adobe flash, and this new implementation is part of the Gnash project. Download Complete Video : https://www.filesonic.com/file/125296291/reverse.xvid.avi or https://www.fileserve.com/file/jWNATyJ/reverse.xvid.avi WMV3 1024x768 | MP3 48 Kbps | 183 MB

Hacker group Anonymous takes down websites across the world for the greater good: peace, freedom of information and solidarity. Anonymous, which began as a movement in 2003 on a series of internet chat boards, has gone from targeting small time hypocrites to large multinational corporations bringing it from the background of hacker culture to the forefront of global politics. Anonymous is considered a "hackivist" movement that became globally recognized in 2010 after shutting down Mastercard, Visa, and Paypal during what they called Operation Payback. These major corporations stopped providing their services to Wikileaks, which had been using them to accept donations into the Wikileaks defense fund. This action on the part of Visa, Mastercard and PayPal offended the Anonymous community as an affront to freedom and justice. Anonymous stated on Al Jazeera that they could have taken down the infrastructure of all three websites but didn't because they wanted people to still be able to u...

EC-Council Launches Center for Advanced Security Training (CAST) to Address the Growing Need for Advanced Information Security Knowledge Mar 9, 2011, Albuquerque, NM  - According to the report, Commission on Cybersecurity for the 44 th  President, released in November 2010 by Center for Strategic and International Studies (CSIS), it is highlighted that technical proficiency is critical to the defense of IT networks and infrastructures. And there is evidently a shortage of such personnel in the current cyber defense workforce. The United States alone needs between 10,000 to 30,000 well-trained personnel who have specialized skills required to effectively guard its national assets. In essence, there is a huge shortage of highly technically skilled information security professionals. The problem is both of quantity, and quality, and this is not a problem just for the government space. Public and private companies are also in dire straits trying to fill such staffing needs. Th...