The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

0p3nH4x #1 2011 has began - Ezine Out !

50 sites Hacked by Error boy ! Hacked sites list : https://pastebin.com/AbxTBhuE

Chambers of Milton Commerce Canada, Nribahrain online forum & YQWORLD Education Portal hacked by lionaneesh Hack Proof + Database : https://pastebin.com/fSftCzPq

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

SWFRETools 1.1.0 - Adobe Flash SWF file reverse engineering ! SWFRETools package contains three different tools. The most advanced tool is called Flash Dissector. It is a Java-based GUI tool you can use to inspect the binary content of SWF files. The second tool is a Java-based command-line tool called Minimizer. This tool is useful for vulnerability researchers that have a SWF file that crashes Flash Player and now they want to get rid of all parts of the SWF file that are not related to the crash. The third tool is a primitive Python-based debugger that can be used to hook and trace the Flash Player executable. Download :  version 1.1.0 of the SWFRETools on GitHub

Lahore High court to Consider Permanent Ban on Facebook ! In Pakistan, blanket bans and censorship have been a regular feature. Since 2006, there have been instances where YouTube has been blocked, and more recently, Facebook. While the pretext is national security, the protection of Islam or the interest of the greater good, political motives have almost always been behind these acts. There were many critics of those lobbying against the ban on Facebook ban in May 2010, the constant criticism being: It's just a ban on Facebook, get over it. But actually, it wasn't "just a ban." It was about how we react to blasphemy, it was about the prevalent tendency to lynch others for what they say without hearing them out properly, without verifying, without giving second chances. It was about political appeasement, the use of religion for political purposes, and it was about the unconstitutional overstepping of authority by state institutions and departments. So it was not just about Faceboo...

The Internet Systems Consortium released an advisory ( https://www.isc.org/CVE-2011-1907 ) today informing BIND users that certain types of queries to name servers can cause the servers to crash and create a denial-of-service condition. This remotely exploitable bug only affects BIND users with the Response Policy Zones (RPZ) feature configured for RRset replacement, and has a high severity rating. The RPZ feature was initially built into 9.8.0 as a mechanism for modifying DNS responses from recursive servers according to local rules or those imported from a reputation provider. RPZ is generally used for forcing NXDOMAIN responses from untrusted names or RRset replacement. When RPZ is in use, queries from RRSIG for names configured for RRset replacements will trigger assertion failures and cause the name server process to exit. There is no active exploit here, but certain DNSSEC validators are known to send RRSIG queries, which then trigger the failure. A work-around for this issu...

Anonymous IRC networks - irc.anonops.net & irc.anonops.ru Hacked ! Message By Anonymous : Dear Users of the AnonOps Network, We regret to inform you today that our network has been compromised by a former IRC-operator and fellow helper named "Ryan".  He decided that he didn't like the leaderless command structure that AnonOps Network Admins use. So he organised a coup d'etat, with his "friends" at skidsr.us . Using the networks service bot "Zalgo" he scavenged the IP's  and passwords  of all the network servers (including the hub) and then systematically aimed denial of service attacks at them (which is why the network has been unstable for the past week). Unfortunately he has control of the domain names AnonOps.ru (and possibly AnonOps.net, we don't know at this stage) so we are unable to continue using them. We however still have control  o ver   AnonOps.in, and will continue to publish news there. We would  STRONGLY ADVISE  ...

OpenID Warns of Serious Bugs in Some Implementations Amidst the fallout of the latest bungled password service kerfuffle at LastPass, comes a warning from the  OpenID  foundation of a critically serious flaw in certain deployments of the product to suffer a certain level of inter-process data poisoning. More, below… via the Kaspersky Lab Threatpost blogs' Dennis Fisher: " OpenID Warns of Serious Bugs in Some Implementations " "The OpenID Foundation is warning users about a weakness in the software that could enable an attacker to change some of the data that's exchanged between parties that use OpenID. The group is telling sites that implement OpenID to update to a new version in order to fix the problem. The  bug in OpenID  lies in the way that the system's Attribute Exchange, an extension to the OpenID system that gives sites the ability to exchange identity information between endpoints. OpenID, and open source project that e...

India's leading IT companies TCS (Tata Consultancy Services) & Tech Mahindra is also not Secure !  Here are some proofs submitted to THN : The Hacker News by a Indian hacker - THE_DREAM_BOY , as shown below , which can easily prove that , YES ! India's leading IT companies TCS (Tata Consultancy Services) & Tech Mahindra is also not Secure ! Have a look :- 1.) XSS Attack on Tech Mahindra 's Website :  https://www.techmahindra.com/ 2.)  TCS (Tata Consultancy Services) :    Information Disclosure of Server private IP Address and oracle DB info :  https://www.tcs.com/

[THN] The Hacker News Exclusive   Report on  Sony 3rd Attack Issue ! On May 5th 2011 THN received an email that Hackers once again attacked Sony for the 3rd Time. The Hacker News is a responsible an online Hacker News Organisation. We propagate news specifically related to security threats.  Also, hacking threads and security issues from all over the world.  We are NOT associated with any HACKING GROUP like ANONYMOUS or Others . Lets talk about the " 3rd Sony Hack Issue ". As I said, on 5th May we got the mail from a hacker  that they got some new Information from Sony's Site. Here the Email Screenshot : We check the links, that contains some waste list of user names , Even there is not a single email ID in whole excel sheet that can be used against some spam/hack. Then why Sony so Scared ?? Now WHAT? !!  Is  it our responsibility as The Hacker News , that we inform Sony and Other Cyber Security Experts that hackers can attack again...

Sites get hacked every day. The bad guys often install a toolkit to control remote servers effectively. Here is one called EgY SpIdEr ShElL : When logging in, you get a quick overview of the machine with what services are running, as well as some hardware specs.: The toolkit provides you with templates to hack various software programs: Brute force attacks: HTTP form cracks: Encoding: Database queries: SQL injection tool: The origin of this toolkit seems to point to Arabic countries. It is just one of many similar hack shells that criminals use. A future blog post about other tools might be necessary

Bahrain calling Freedom and Democracy ! THN  received an Email last night, The mail was from one of the Citizens of Bahrain .. Here is the email we received is as following : You say you are helping people good, people of bahrain need your help All what we want is attacking government websites  By Anonymous group or any one To expose their crimes,and to expose Revealed lists of intelligence and mercenary of them, revealing lists of arrests two months ago Specifically February 14, at least 70% of the population of this country are demonstrating to demand democracy,but Were brutally suppressed by the local army and occupation forces from Saudi Arabia and United Arab Emirates,The called GCC Killed 30 citizens By a live bullets, 4 of them died in the prison Because of torture Political figures were arrested in addition to at least 2000 detainees from citizens,Arrested at least 100 women,Arrest medical staff of doctors, par...