The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Duqu Analysis and Detection Tool by NSS Labs NSS Labs has built a new, free tool that detects known and newly created Duqu drivers that have infiltrated systems, thus allowing security experts to further analyze the " functionality, capabilities and ultimate purpose of DuQu. ". The Tool is available free. Duqu is notorious worm that exploit Windows Zero-day Vulnerability. Microsoft released temporary fix yesterday for this vulnerability . According to the test, NSS tool Success rate is 100%, zero false positivies. Developers said it is using advanced pattern recognition techniques, it is also capable of detecting new drivers as they are discovered.Two new drivers were discovered after the tool was completed, and both were detected by the NSS tool with no updates required. It seems that Duqu contains similar code and utilizes similar techniques to Stuxnet. More precisely, it seems to make use of digital certificates that appear as legitimate, but it's far too early to descri...

CapitalOne Bank taken down by Anonymous hackers Anonymous Hackers claim to taken down the official website of CapitalOne Bank . Currently Site is showing message on Homepage that " Site under maintenance ". In a pastebin release Anonymous Hacker wrote " ya know.. every guy Fawkes day companies go hire the best white hat hackers to protect them against attackers like us lol.. so dont beat your self's up if nothen was defaced or taken down by ddos.. we still doxed a bunch of people lol! congratulate your self's! Anonymous dident fail we succeeded and we will never fail.. " Hacker also claim to do DDOS attack on CapitalOne website for taken it down. There is another statement by same hacker " Many ddos attacks were taken place today and we all hoped to see at least fox going down ". Its not clear that that either the site is really under  maintenance  after attack by Anonymous Hackers or its any regular  maintenance for backup only. Hackers al...

Mobile Security and Lack thereof Nidhi Rastogi ,A Security Consultant with Logic Technology Inc, New York share her Views about the Mobile Security and Lack thereof . The Article is taken from our September Month Magazine Edition  .Here we go.. Mobile technology, particularly smartphones, has come of age and is increasingly replacing PCs for internet surfing, emails, gaming and social networking. As per a recent survey by Neilson Media Research, smartphones now comprise over 38% of the U.S. Cellphone Market and will become the majority by end of the year. To meet this growing demand, cellphone companies are fast churning out new models with killer features, latest and greatest in technology. With this growth it has also come to attention that security of these devices cannot be left behind. Every day a new data breach is making headlines suggesting hackers have gone into overdrive. However, what is of particular interest is that a bulk of them is being attributed to cellph...

We had an Interesting Article by " Paul F Renda " in our The Hacker News Magazine 's November Edition. We would Like to share this article with our website readers also. You can Download November Issue Here . This is a theoretical prima to bring out a discussion about whether an Internet doomsday worm can be created that is so intractable that it cannot be eradicated. This worm could also have the ability to carry multiple weaponized payloads. Can a doomsday worm shut down the Internet? I don't think anyone could shut down the Internet but I believe a worm can definitely create access problems. An intractable type of malware agent is not an abstract concept or science fiction. A doomsday like virus has been plaguing the U.S.Drone fleet. They keep trying to disinfect their hard drives but it keeps coming back. The Pentagon has been plagued by the worm agent.btz; they are still trying to remove it after 3 years. Some analyst think agent.btz was created by China....

Persistent XSS Vulnerability in White House Website Alexander Fuchs , A German Security Researcher Discover Persistent XSS Vulnerability in Official website of White House . He said " The petition system is vulnerable. Every Petition i start or join will execute my code. I could join all petitions and my code will be executed on all users who visit the petition system. " The XSS Demo is here: https://wwws.whitehouse.gov/petitions/!/petition/security/WxgwM7DS Advisory: https://vulnerability-lab.com/get_content.php?id=308

Fraud communities owned and exposed by Happy Ninja The  Happy Ninjas Hackers Release a Ezine " Owned and Exposed - ISSUE no 3 " on Exploit-Db . They claim to hack various German and International fraud scenes and Publish there all details online in Ezine.  They said " Operation Antisec : The original Antisec Movement was brought to life by actualhackers and targeted full disclosure and the corporate securityindustry. Publishing gigantic amounts of (corporate) data on theinternet does exactly the opposite: It provides the security industrywith the attention they need and hence new customers. " " Money is the root of allevil" as the proverb has it; and it's why fraud communities do comeback after we have owned and exposed them " He added. Most the famous fraud sites got hacked by them , such as: St0re.cc El-Basar.biz Swissfaking.net Vpn24.org Unique-Crew.net Undercover.su Secure-Host.in Hackbase.cc Zion-Network.net Most of the IP add...

Call for Articles - The Hacker News Magazine | December Edition THN Magazine is a free monthly magazine designed to spread awareness and knowledge about cyber security. Our goal is to provide the most up-to-date information on a wide variety of topics that relate to hackers and security experts worldwide. We welcome contributions from readers and hackers like YOU! Simply submit your idea or article to thehackernews@gmail.com or  admin@thehackernews.com  and your submission could be featured in our next edition. Some topics of interest include, but are not limited to: New attack and defense techniques Related to Anonymous ,Activist and Hacktivists Vulnerability discovery Small tactics and techniques; Big attacks and impact Mobile hacking Professional exploit development Security and hacking events around the world Technical book reviews Security and hacking threats Security tools Expert interviews If you enjoy our monthly publication, please spread the word...

XSS Vulnerability on AOL Energy website A non-persistent Cross Site Scripting (XSS) vulnerability discovered on AOL Energy website. The similar Vulnerability is claimed by few other guys on some forums too. No clue that who found it first, But THN got update from Vansh & Vaibhuv from India.

#OccupyLondon : The Night of Thousand Masks on 5th November Anonymous Mask = " A symbol that unites them behind one universal message " . Activists plan to protest on 5th November ,2011 at Saint Pauls Cathedral London 9:00pm - 11:00pm. This going to be " The Night of Thousand Masks ". Message By Anonymous : Good evening, London. Allow me first to apologize for this interruption. I do, like many of you, appreciate the comforts of every day routine- the security of the familiar, the tranquility of repetition. I enjoy them as much as any bloke. But in the spirit of commemoration, thereby those important events of the past usually associated with someone's death or the end of some awful bloody struggle, a celebration of a nice holiday , I thought we could mark this November the 5th, a day that is sadly no longer remembered, by taking some time out of our daily lives to sit down and have a little chat. There are of course those who do not want us to speak. I susp...

Super Cryptography : The Next Generation Encryption The next generation of encryption technologies meets this need by using Elliptic Curve Cryptography (ECC) to replace RSA and DH, and using Galois/Counter Mode (GCM) of the Advanced Encryption Standard (AES) block cipher for high-speed authenticated encryption. Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. The use of elliptic curves in cryptography was suggested independently by Neal Koblitz and Victor S. Miller in 1985. According to Cisco ," New algorithms for encryption, authentication, digital signatures, and key exchange are needed to meet escalating security and performance requirements ". A 244-bit ECC key has the equivalent strength of a 2048-bit RSA key for security; a 384-bit ECC key matches a 7680-bit RSA key. Greater strength for any given key length enables the use of shorter keys, resulting in significantly l...

The Hacker News Magazine - Anniversary Edition  - November Issue 06 In November of 2010 the team at The Hacker News finally achieved our ultimate goal of launching an online News Portal and Magazine addressing the tricky and complicated world of hackers and hacking. In our first year The Hacker News made our fair shares of mistakes, typical of first-time publishers, but our successes have been innumerable and The Hacker News has reached many of it goals in this often hectic and exciting  first year. The Hacker News was fortunate enough to have assembled a dedicated and professional team that intrinsically understood that it is not enough to hope to succeed; you have to plan to succeed. And I am grateful to each and every one of these talent people that understood this concept and helped implement it daily to help insure our success. As the mainstream media often denigrates computer hackers as nothing more than digital pranksters, we at The Hacker News believe that many...

Palestine : Hackers have taken down phone and Internet services The main phone network in the West Bank and Gaza has suffered a sustained attack by computer hackers, the Palestinian Authority (PA) says. Mashour Abou Daqqa, the Palestinian telecoms minister, said the disruptions, which began Tuesday morning, came from various sources around the world, but had no detailed information. He said hackers used IP servers in Germany, China, and Slovenia to launch the attack. Hack may be linked to rising regional tensions over the Palestinian Authority's successful move to acquire membership in Unesco on Monday. It also comes against the backdrop of new cross-border clashes along the border between Israel and Gaza. One Israeli civilian and at least 10 Palestinian militants were killed in the worst violence on that front in months. The fighting followed the launch of rocket salvos against Israeli territory last week. Israel retaliated with airstrikes. Daqqa suggested its neighbour coul...