The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Let's Play a Game of Cyber Security at  CSAW CTF 2011   Ready for a little game of capture the flag? What if you weren't running around a field like a crazy person trying to grab a flag out of someone's belt, but instead were navigating around a network overcoming technical challenges to find markers that you are awarded points for once submitted? Then CSAW CTF 2011 is where it's at. CSAW CTF 2011 is hosting the qualifying round from Friday September 23, 2011 to Sunday September 25, 2011. The competition will begin at 8PM that Friday night, and is used to determine who will proceed on to the finals taking place in New York November 10-11 at NYU-Poly.   The event is centered on assessing application security abilities. For the qualification round there is no limit to the number of team members you can have, but if you move on to the final round your team will be limited to four players. If you attend the event you'll have the chance to rub elbows with anyon...

Lilith: Perl script to audit web applications Lilith tool analyses webpages and looks for htmltags , which often refer to dynamic pages that might be subject to SQL injection or other flaws.Lilith basic function is to spider and analyses pages, following hyperlinks, injecting special characters that have a special meaning to any underlying platform. As most of us know web applications scanner can never perform a full 100% correct audit. A manual re-check eliminates most of the false positve. Features and changes made in lilith got rid of many many false positives (that's good) when SQL error is found, it now goes onto next var improved (i hope) scanning engine (anti) coldfusion support better cookie handling and cookie tampering omitted perl HTML::Form limitation better verbose output extensive logging detects directory indexing recursive URL dissection cleaned up this pasta code Download Lilith

Win Free Copies of BackTrack 5 Wireless Penetration Testing Guide with The Hacker News Fellow hackers would be very pleased to know that to celebrate the release of their new book- BackTrack 5 Wireless Penetration Testing Beginner's Guide , Packt Publishing is giving away 2 copies of the book to The Hacker News readers. Keep reading to find out how you can be one of the Lucky Winner. Here is a quick overview of BackTrack 5 Wireless Penetration Testing Beginner's Guide · Learn Wireless Penetration Testing with the most recent version of Backtrack · The first and only book that covers wireless testing with BackTrack · Concepts explained with step-by-step practical sessions and rich illustrations · Written by Vivek Ramachandran ¬ world renowned security research and evangelist, and discoverer of the wireless "Caffe Latte Attack" Read More How To Win Sound like something you might be interested in? All you need to do is head on over to the bo...

50000 WordPress Sites infected with spam The attack consists of contacting the domain wplinksforwork.com to get a list of links to be displayed on the compromised sites. However, that domain has been down for the last few days and all the sites compromised. These sites supposed to be compromised. Most of the hacked sites had outdated versions of WordPress installed. Infected sites have following message at Footer : Warning: file_get_contents(https://wplinksforwork.com/56132.. 47509328/p.php?host=… failed to open stream: php_network_getaddresses: getaddrinfo failed: Name or service not known in ..

Kazakhstan calls for global cyber security treaty to deter hackers at United Nations Today's security professionals - whether they are black hats, white hats or something in between - all have one thing in common: The knowledge of their craft probably did not come from a book or a classroom. Today's security skills - both good and bad - we learn online, in the unstructured jungle of the Internet. President Nursultan Nazarbayev told the debate's opening session – held at United Nations Headquarters in New York – that it was worrying that "not a single international convention or multilateral treaty governs information processes. " Is it not the reason why, in practical terms, most hacker attacks on banks, businesses, government institutions, [the] military and even nuclear facilities have been carried out with impunity? " he asked. Mr. Nazarbayev stressed the need for what he called " an international legal framework of the global information space ." He said suc...

More Android vulnerabilities exposed [Video Demonstration] It's been more than a month since researchers reported two serious security vulnerabilities in Android, but so far there's no indication when they will be purged from the Google-spawned operating system that's the world's most popular smartphone platform. Oberheide and Lanier are set to teach a two-day mobile security training course at SOURCE Barcelona this November where they will presumably refer to this and other Android vulnerabilities. Let's hope, for the sake of Android's reputation, that these things are resolved much sooner. The first vulnerability is known as a " Permission escalation vulnerability ", and allows attackers to install additional " arbitrary applications with arbitrary permissions ", without first asking the user if they want to permit such actions. This would allow attackers to access call records, texts, web browsing history and media stored on the device. The second bug...

Visual DuxDebugger Debugger - Disassembler for Windows 64-bit Main features Fully support 64-bit native processes Fully support 64-bit .NET processes Full code analysis Full memory analysis Code edition Memory edition Module export formats (EXE/DLL/CSV) Debug multiple processes Debug multiple child processes Minimum Requirements O.S: Windows 7 64-bit / Windows Server 2008 R2 Processor: Pentium 4 3.0 GHz Recommended Requirements O.S: Windows 7 64-bit / Windows Server 2008 R2 Processor: Dual Core 2.5 GHz Display: 1920 x 1080 Download

Vulnerability in its Identity Services Engine of Cisco Cisco is warning users of a critical vulnerability ( CVE-2011-3290 ) in its Identity Services Engine (ISE). In its security advisory, the company says that the underlying database used by ISE, its identity and access control policy platform, contains three sets of default credentials that could be exploited by a remote attacker without any end-user interaction. Using these credentials, an attacker could modify the configuration and settings, or even gain complete administrative control of a device. All hardware appliance and software-only versions of Cisco ISE prior to 1.0.4.MR2 are affected.The company says that it will release a free update to the software to address the vulnerability on 30 September 2011; no temporary workaround is available. Once released, the updates will be available to download from the Cisco Software Center. [ Source ]

Aldi Bot - Buy a Botnet just in 10 Euros Researchers of German security firm G Data have discovered that a bot builder dubbed " Aldi Bot " is currently being offered for that much on underground forums. The Aldi Bot Builder appears to be based on the ZeuS source code. The malware has nothing to do with the discount supermarket chain and it is not clear why its author chose to name the bot after Aldi – it is thought it may relate to the bot's discount pricing. Company says " We've encountered a bot sale, which, in case it finds followers, can cause a massive glut of malware all over. The so-called "Aldi Bot" first appeared in late August and has been sold for the initial price of €10! Parts of the bot's code oddly look like ZeuS code… " The Aldi Bot can read (saved) passwords from the Firefox web browser, Pidgin IM client and JDownloader download tool, and send them to a command and control server which is included in the €10 price tag. The Aldi Bot can als...

Bank of Melbourne Twitter Account Hacked Last week, the Twitter account of the Bank of Melbourne was hacked and used to send direct messages containing phishing links to its followers. In a tweet , the bank said that: ATTN: Unauthorised DMs sent bw 4-5pm today, do not click link. No customer/personal data compromised. Apologies for the inconvenience. A recently relaunched subsidiary of Westpac, the Australian bank engages heavily with its customers through its @BankofMelb Twitter account. However, the security of the account proved not to be up to scratch when hackers managed to gain access and used the account to send direct messages containing phishing links.The hacking of corporate Twitter accounts is nothing new, neither are phoney messages claiming to come from a bank. What makes this case rather unique - and worrying - is that the account itself is genuine, thus significantly adding to the credibility of the links. Dancho Danchev believes that this is not the act of an am...

John the Ripper 1.7.8-jumbo-7 Released Change Log : * Support for encrypted pkzip archives has been added, testing millions of candidate passwords per second. (JimF) (This is in addition to WinZip/AES archives, support for which was added in prior -jumbo updates.) * Support for Mac OS X 10.7 Lion salted SHA-512 hashes has been added (enabled when building against OpenSSL 0.9.8+ only), with optional OpenMP parallelization. (Solar) * Optional OpenMP parallelization has been added for salted SHA-1 hashes used by Mac OS X 10.4 to 10.6. (Solar) * PoC support for DES-based 10-character tripcodes has been added (does not use the bitslice DES implementation yet, hence is slow). (Solar) * The DIGEST-MD5 authentication cracker has been revised to be usable without requiring source code customizations. (magnum) * Highly experimental support for dynamically loaded plugins (adding new formats) has been added (currently only enabled on Linux). (Davi...

Nmap 5.61 TEST1 Released This Nmap 5.61TEST1 is an informal test release with all of the latest features from the SVN. Nmap ("Network Mapper") is a free and open source utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are avalable for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes a...