The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Penetration Testing Oriented Browser - Sandcat Browser The fastest web browser combined with the fastest scripting language packed with features for pen-testers.  Sandcat Browser is a freeware portable pen-test oriented multi-tabbed web browser with extensions support developed by the Syhunt team, the same creators of the Sandcat web application security scanner. The Sandcat Browser is built on top of Chromium, the same engine that powers the Google Chrome browser, and uses the Lua language to provide extensions and scripting support. This first Sandcat Browser release includes the following pen-test oriented features: Live HTTP Headers Request Editor extension Fuzzer extension with multiple modes and support for filters JavaScript Executor extension -- allows you to load and run external JavaScript files Lua Executor extension -- allows you to load and run external Lua scripts Syhunt Gelo HTTP Brute Force, CGI Scanner scripts and more. Download SandCat Browser

Code 2600 : A Hacking Documentary Following the success of his debut documentary feature, Land of Confusion, award winning Pittsburgh filmmaker Jeremy Zerechak is already garnering early accolades for his newest project, CODE 2600. The film—a no-holds-barred look at the ramifications of the Information Technology era—has been selected from to have its world premiere at the 2012 CINEQUEST FILM FESTIVAL (February 28th – March 11th) in San Jose, CA. Appropriately located in the heart of silicon valley, CINEQUEST is one of the country's top film festivals—a 13-day event of 200 international films with over 600+ film artists, technologists, and professionals from 44 countries in attendance. CODE 2600 documents the rise of the Information Technology Age as told through the events and people who helped build and manipulate it. The film explores the impact this new connectivity has on our ability to remain human while maintaining our personal privacy and security. As we struggle to co...

Application Security With Apache Shiro : Java security framework Are you frustrated when you try to secure your applications? Do you feel existing Java security solutions are difficult to use and only confuse you further? Les Hazlewood is the Apache Shiro PMC Chair and co-founder and CTO of Katasoft, a start-up focusing on application security products and Apache Shiro professional support. Apache Shiro, a Java security framework that provides a simple but powerful approach to application security. Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management and can be used to secure any application - from the command line applications, mobile applications to the largest web and enterprise applications. Shiro provides the application security API to perform the following aspects : Authentication - proving user identity, often called user 'login'. Authorization - access control Cryptography ...

Honda Thailand Defaced By Spydevilz / Mr. Paparosse Honda Thailand sub domain ( https://dog.honda.co.th/images/ ) got hacked by Hacker called Spydevilz and Mr. Paparosse . The team of Hackers include  3spi0n, Mr.PaPaRoSSe, ExDeaTH, Legend Coder, x-Leader, t0wN, JiHAD Hackers. Message posted by Hackers on page that " Do not stop your voice in your home all the lights are off, they're going back more damaged than before ." The mirror of also available on  Legend-h .

Data encryption : PrivateSky Secure Information Exchange platform CertiVox today unveiled a breakthrough in information security: PrivateSky Secure Information Exchange (SIX)(TM) platform . The new service provides fast, easy-to-use protection for email, files and other information sent via the cloud, through a unique two-factor authentication process and a sophisticated, certificateless encryption platform. This encryption process is activated by a click of a button from within Outlook, a web browser or via any browser-based application on a PC, Mac, tablet or smartphone. It is a solution where both encryption and decryption are securely completed with no disruption to a user's workflow. PrivateSky SIX platform solves these legal, regulatory and ethical challenges. The platform: Uses Incognito Keys and certificateless encryption technology to provide a secure information exchange between all users. Departs from other products because the user encrypts his or her information ...

Ani-Shell v1.5 (Final) Released Ani-Shell is a simple PHP shell with some unique features like Mass Mailer , A simple Web-Server Fuzzer , a DDoser etc! This shell has immense capabilities and have been written with some coding standards in mind for better editing and customization Features: Shell Mass Mailer DDos Web-Server Fuzzer Uploader Design Login Mass Code Injector (Appender and Overwriter) Encoded Title Back Connect Bind Shell Lock Mode Customisable Tracebacks (email alerts) PHP Evaluate PHP MD5 Cracker Anti-Crawler Mass Deface New in This Version :- Better CSS Intelligent File Manager Auto Rooter PHP Obfuscater Google Dork Creator Zip Downloader (Download any File or Directory from the web-server) Fixed the Memory Exhausted Error in MD5 Cracker login : lionaneesh pass : lionaneesh Download Here

Embassy of Kazakhstan hacked by Anonymous Supporters The official website of Embassy of Kazakhstan in Delhi having SQL injection Vulnerability, and Hacker with codename -  Abs0luti0n has successfully Extract the database tables info and leak it on a pastebin note  including Admin's Username and Password. Hacker said," Lately we have been experimenting on some new large targets which will be unveiled soon. However today while we were cruising around in our lulzmobile,we set sights momentarily on another outdated weak vehicle and with great ease put the pedal to the metal, ran all the lights and flew straight through our accquired target ." SQL Injection is a type of web application security vulnerability in which an attacker is able to submit a database SQL command which is executed by a web application, exposing the back-end database. Attackers utilize this vulnerability by providing specially crafted input data to the SQL interpreter in such a manner that th...

FBI will Monitor Social Media using Crawl Application The Federal Bureau of Investigation is looking for a better way to spy on Facebook and Twitter users. The Bureau is asking companies to build software that can effectively scan social media online for significant words, phrases and behavior so that agents can respond.A paper posted on the FBI website asks for companies to build programs that will map sentiment and wrongdoing. " The application must be infinitely flexible and have the ability to adapt quickly to changing threats to maintain the strategic and tactical advantage ," the Request for Information said, " The purpose of this effort is to meet the outlined objectives…for the enhancement [of] FBI SOIC's overall situation awareness and improved strategic decision making. "The tool would be used in "reconnaisance and surveillance missions, National Special Security Events (NSS) planning, NSSE operations, SOIC operations, counter intelligence, terrorism, and more. Although...

Another Malware from Android Market infect Millions of Users Malware might have infected more than 5 million Android mobile devices via deliberately corrupted apps sold in the Android Marketplace, according to security firm Symantec . They reckoned Android.Counterclank, a slight variant of Android.Tonclank . Symantec explains that the malicious code appears in a package called " apperhand ", and a service under the same name can been seen running on the infected device when it's executed. According to Symantec, the Trojan has been identified in 13 different apps in the Android Marketplace. Symantec's Security Response Team Director, Kevin Haley said:" They don't appear to be real publishers. There aren't rebundled apps, as we've seen so many times before. " Symantec also noted that this slimy piece of malware has the highest distribution of any malware identified so far this year and may actually be the largest malware infection seen by Android users in the operating syst...

Universal Music Portugal database dumped by Hackers Another Latest Tip come in my Inbox today about the leak of Database of Universal Music Portugal 's website. Hacker did not mention his name,or Codename, But he enumerate the Database and Extract it by Hacking the Site. 100's of Tables from Database and Users Data has been leaked via a pastebin File . It includes the Usernames, Passwords and Emails ID's of Users of Site. Immediate after the Hack, The Universal Group taken down the site for maintenance.

Zulu - Zscaler Malware Scanning Service Zscaler has launched a new freE online service called Zulu that can assess the security risk associated with URLs by analyzing the content they point to, as well as the reputation of their corresponding domain names and IP addresses. Zulu allows security savvy users who investigate various web attacks to choose what User-Agent and Referrer headers the scanner will use when accessing a URL. " A unique benefit of this approach is that we can deliver a risk score even when the page content is no longer available ," said Michael Sutton, vice president of security research at Zscaler. " While we can't access the page, we can still assess the URL and host and when they deliver a high risk score despite a lack of page content, one can often conclude the page was indeed malicious but has since been taken down ," he explained. Depending on the type of content a URL points to, Zulu can perform an antivirus scan using the Vir...

CVE-2012-0056 Linux privilege escalation [Video Demonstration] The Linux kernel is prone to a local privilege-escalation vulnerability.Attackers can exploit this issue to gain escalated privileges and execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.Linux kernel 2.6.39 and later versions are affected. The mem_write function in Linux kernel 2.6.39 and other versions, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper . Read More Here . Video Demonstration: You Can Find Exploit Here .