The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

WAFP : Web Application Finger Printer Tool WAFP is a Web Application Finger Printer written in ruby using a SQLite3 DB. WAFP fetches the files given by the Finger Prints from a webserver andchecks if the checksums of those files are matching to the given checksums from theFinger Prints. This way it is able to detect the detailed version andeven the build number of a Web Application. Sample Scan Result:    wafp.rb --verbose -p phpmyadmin https://phpmyadmin.example.de    VERBOSE: loading the fingerprint database to the ram...    Collecting the files we need to fetch ...    Fetching needed files (#432), calculating checksums and storing the results to the database:    ............................................................................................    VERBOSE: request for "/themes/darkblue_orange/img/b_info.png" produced "Connection refused - connect(2)" for 1 times - retrying...    .............

Cotton Candy USB with Dual-Core Computer can turns Any Screen Into an Android Station Norwegian company FXI Technologies has been showing a USB stick-sized portable computer prototype, featuring with a dual-core 1.2-GHz CPU, 802.11n Wi-Fi, Bluetooth, HDMI-out and a microSD card slot for memory. Codenamed Cotton Candy because its 21 gram weight is the same as a bag of the confection, the tiny PC enables what its inventor calls "Any Screen Computing," the ability to turn any TV, laptop, phone, tablet, or set-top box into a dumb terminal for its Android operating system. The Cotton Candy has a USB 2.0 connector on one end and an HDMI jack on the other. When connected to an HDTV, it uses the HDMI port for video, the USB for power, and Bluetooth to connect to a keyboard, mouse, or tablet for controlling the operating system. The device can output up to 1080p so even a full HD screen can display the Candy's preloaded Android 2.3 operating system at its native resolution. The dual core CP...

Is it hard to crack full Disk Encryption For Law Enforcement ? If you'd rather keep your data private, take heart: disk encryption is a lot harder to break than techno-thriller movies and TV shows make it out to be, to the chagrin of some branches of law enforcement. MrSeb writes with word of a paper titled " The growing impact of full disk encryption on digital forensics " that illustrates just how difficult it is. According to the paper, co-authored by a member of US-CERT. Abstract of Paper is available here , and Short Info written below: The increasing use of full disk encryption (FDE) can significantly hamper digital investigations, potentially preventing access to all digital evidence in a case. The practice of shutting down an evidential computer is not an acceptable technique when dealing with FDE or even volume encryption because it may result in all data on the device being rendered inaccessible for forensic examination. To address this challenge, there is ...

PHP Vulnerability Hunter v.1.1.4.6 - Automated fuzz testing tool This is the application that detected almost all of the web application vulnerabilities listed on the advisories page. PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool capable of triggering a wide range of exploitable faults in PHP web applications. Minimal configuration is necessary to begin a scan; PHP Vulnerability Hunter doesn't even need a user specified starting URI. At the core of the PHP Vulnerability Hunter scan algorithm is dynamic program analysis. Unlike many vulnerability scanners and fuzz tools that rely on static analysis, PHP Vulnerability Hunter analyzes the program as it's running to get a clear view of all input vectors. That means better code coverage and as a result greater confidence in code security. ChangeLog: Added code coverage report Updated GUI validation Several instrumentation fixes Fixed lingering connection issue Fixed GUI and report viewer crashes related...

Maharashtra Highway Police website hacked Not only International Law Enforcement and Police Under Hacker's attack, Even our Local Police websites and Database also become of Victim of breaches mostly once a day. A hacker With name " powerin10 " take responsibility to hack  Maharashtra Highway Police website . A mirror of this hack is available here .  Hacker is member of Bangladesh Cyber Army.

Wikileaks Founder, Julian Assange Hires Pirate Bay Lawyer Wikileaks Founder Julian Assange has fired his lawyer in favour of one with experience in batting for The Pirate Bay, according to a Swedish news report. Julian Assange has ditched his Swedish legal counsel and lined up a new defence team in readiness for a likely return to the country to face allegations of sexual molestation and rape against two women. Assange has filed a petition with the Stockholm District Court, says the newspaper, and communicated his desire to change his representation to attorneys Per Samuelson and Thomas Olsson. Olsson is reviewing the case already, but has little to say on the motives behind Assange's decision. " He'll have to explain his motivation behind changing defenders ," he told The Local. Samuelson previously represented financier Carl Lundström, one of the four defendants in the 2009 Pirate Bay trial, all of whom were found guilty.

Hackers destroyed a pump used by a US water utility Hackers destroyed a pump used by a US water utility after gaining unauthorized access to the industrial control system it used to operate its machinery. Five computer screenshots posted early Friday purport to show the user interface used to monitor and control equipment at the Water and Sewer Department for the City of South Houston, Texas. '' This is arguably the first case where we have had a hack of critical infrastructure from outside the United States that caused damage ,'' a managing partner at Applied Control Solutions, Joseph Weiss, said. The network breach was exposed after cyber intruders burned out a pump. '' No one realised the hackers were in there until they started turning on and off the pump ,'' he said. It said hackers apparently broke into a software company's database and retrieved usernames and passwords of various control systems that run water plant computer equipment.U...

International Association of Chiefs of Police Investigators Owned by Anonymous Hackers The Antisec wing of Anonymous has come out with another document release in its ongoing assault on law enforcement. A Special Agent Supervisor of the CA Department of Justice is the latest victim of Anonymous who claims that their operations against the FBI succeeded once again after managing to hack two of his Gmail accounts. Anonymous hackers broke into two of Bacalagan's gmail accounts, his text message logs and his Google Voice voicemails, then dumped the whole thing on to a website and The Pirate Bay . Baclagan was a special agent supervisor at the Department of Justice specializing in cybercrime, and his emails contain thousands of correspondences from the private listserv of the International Association of Computer Investigative Specialists, spanning 2005 to 2011. So, any black hat hackers looking for tips on how to avoid being busted might want to scour the archive, which provides es...

US military's offensive operations in cyberspace to shoot Hackers The US military is now legally in the clear to launch offensive operations in cyberspace, the commander of the US Strategic Command has said. The Pentagon has just sent a report to Congress where it says that it has the right to retaliate with military force against a cyber attack. Air Force General Robert Kehler said in the latest sign of quickening U.S. military preparations for possible cyber warfare that "I do not believe that we need new explicit authorities to conduct offensive operations of any kind". US Strategic Command is in charge of a number of areas for the US military, including space operations (like military satellites), cyberspace concerns, 'strategic deterrence' and combating WMDs. " When warranted, we will respond to hostile acts in cyberspace as we would to any other threat to our country ," the DoD said in the report. " All states possess an inherent right to...

Patches Released for BIND Denial-of-service Vulnerability There's a new vulnerability in the popular BIND name server software that is causing various versions of the application to crash unexpectedly after logging a certain kind of error. The Internet Systems Consortium (ISC), an organization that maintains several software products critical for Internet infrastructure, has released a patch for an actively exploited denial-of-service vulnerability in the widely used BIND DNS server. The internet Systems Consortium (ISC) have described the problem as follows: An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure... Affected servers crashed after logging an error in query.c with the following message: "INSIST(! dns_rdataset_isassociated(sigrdataset)) More details are available in their advisory . As of this posting, ISC had not revealed the underlying problem,...

Worlds first windows 8 Bootkit to be released at MalCon It is amazing how fast security measures are bypassed by hackers. it seems Windows 8 is now Malconed! Peter Kleissner has created the world's first Windows 8 Bootkit which is planned to be released in India at the International Malware Conference MalCon. An independent programmer and security analyst, peter was working for an anti-virus company from 2008 to 2009 and was speaker at the Black Hat and Hacking at Random technical security conferences. While his main operating fields are Windows security and analysis of new malware, his recent Important projects include the development of the Stoned Bootkit, a research project to subvert the Windows security model. A bootkit is built upon the following broad parts: Infector Bootkit Drivers Plugins (the payload) And as put by peter, those parts are easy to split up in a criminal organization: Teams A-D are writing on the different parts. If you are doing it right, Team D (th...

Acunetix Web Vulnerability Scanner 8 BETA Released The next stage in the evolution of Acunetix Web Vulnerability Scanner has arrived — WVS 8 BETA! Many of you have been biting their nails in anticipation of this Beta, so sit tight and read on for the next most important stage in the evolution of Acunetix WVS. Version 8 of Web Vulnerability Scanner has been optimized to make life easier at every stage of a security scan. WVS is easier to use for web admins and security analysts alike: enhanced automation, ability to save scan settings as a template to avoid reconfiguration, and multiple instance support for simultaneous scans of several websites. WVS 8 also ushers in a new exciting co-operation between Acunetix and Imperva: developers of the industry's leading Web Application Firewall. Download Acunetix WVS Version 8 BETA