The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

GitHub hacked with Ruby on Rails public key vulnerability Github, the service that many professional programmers use to store their work and collaborate on coding, was hacked over the weekend. A young Russian developer Egor Homakov exploited a gaping vulnerability in GitHub that allowed him (or anyone else with basic hacker know-how) to gain administrator access to projects such as Ruby on Rails, Linux, and millions of others. When Github saw what happened, they suspended Homakov's account, which created a firestorm of protest. A blog post entitled, Github, You Have Let Us All Down . Github has succumbed to a public key vulnerability in Ruby on Rails allowing a user administrator access to the popular Rails Git. Homakov's actions were relatively simple - he merely uploaded his public key to the repository so Git thought he was an approved administrator of that project. This would not only entitle Homakov to commit files but he could effectively wipe the entire project and its ...

Twitter releases data to Law Enforcements   for criminal inquiry Twitter handed over subscriber information yesterday for one Twitter account indirectly tied to the Occupy Boston protest, ending a court battle fought behind closed doors as Boston law enforcement investigated hacking attacks on the Police Department and a police union. as reported by Boston . According to Twitter spokesman Matt Graves, the company provided the subscriber information for @pOisAnON, an account that is associated with the name of Guido Fawkes. "We provided information on a single user,'' Graves said in a telephone interview yesterday. Twitter ignored the Suffolk D.A.'s request for secrecy, and forwarded the subpoena to @pOiSAnOn in accordance to Twitter's Guidelines for Law Enforcement . A spokesman for the Suffolk County D.A. told The Boston Herald it was satisfied with the information received this week." We are not interested in the information of a large number of people who have used t...

GCC 4.6.3 Released with 70 bug-fixes The GNU Compiler Collection version 4.6.3 has been released. Jakub Jelinek of Red Hat announced the release this morning of GCC 4.6.3. Over GCC 4.6.2 there's over 70 bug-fixes and other work. However, all of the exciting work meanwhile is going into what will become GCC 4.7. The GNU Compiler Collection (GCC) is a compiler system produced by the GNU Project supporting various programming languages. GCC is a key component of the GNU toolchain. As well as being the official compiler of the unfinished GNU operating system, GCC has been adopted as the standard compiler by most other modern Unix-like computer operating systems, including Linux, the BSD family and Mac OS X. GCC 4.7 will offer some performance improvements, new CPU support, language enhancements, mature Intel Sandy/Ivy Bridge support, and initial Intel Haswell support. GCC 4.7 should be officially released in March or April. Read More here

BackTrack 5 R2 Released, New Kernel, New Tools Hacker are your Ready ? Backtrack 5 R2 finally released with bug fixes, upgrades, and the addition of 42 new tools. With the best custom-built 3.2.6 kernel, the best wireless support available at maximum speed. This release have included Metasploit 4.2.0 Community Edition, version 3.0 of the Social Engineer Toolkit, BeEF 0.4.3.2, and many other tool upgrades. Backtrack also added the following new tools to R2: arduino bluelog bt-audit dirb dnschef dpscan easy-creds extundelete findmyhash golismero goofile hashcat-gui hash-identifier hexorbase horst hotpatch joomscan killerbee libhijack magictree nipper-ng patator pipal pyrit reaver rebind rec-studio redfang se-toolkit sqlsus sslyze sucrack thc-ssl-dos tlssled uniscan vega watobo wcex wol-e xspy Along with this, Backtrack added Wiki about Building a Pyrit Cluster, Creating a John the Ripper Cluster, Enabling PAE in BT5 R2 and ...

#THN Monthly ( February ) News Archive,If you miss Something ! # Censorship - Global Concern, THN Magazine March Edition :  https://goo.gl/bktRz # Forget terrorists attacks here are 2012's Most Vulnerable Cities At Risk for Cyber Crime (Idiots) : https://goo.gl/4VYGf # Slum Dog India demands Real time monitoring on Indian Gmail & Yahoo Emails. Do they really have nothing better to do?   https://goo.gl/iYO5H # Iran will probably drop nuclear development cause they think they need to Develop their own security Software, No more foreign Solution, they might suggest banning the Burka too! : https://goo.gl/QVheH # Three Greek Anonymous hackers arrested for defacing Government Sites. They couldn't make the street protest! : https://goo.gl/EyMux # Facebook Hacking - Student jailed for eight months. They ought to jail Facebook for having such a stupid site : https://goo.gl/PwkHt # FAQ : DNSChanger Trojan, Impact and Solutions :   https://goo.gl/IE2Qh # How Hackers ...

Siemens and Canon 's Databases exploited by Team INTRA Recently a hacker known as " JoinSe7en " from Team INTRA claims to have hacked into subdomains of Canon and Siemens. Apparently, the hacker has found and exploited a Blind SQL Injection vulnerability in Canon's website and a Error based SQL Injection in Siemens. He published a full disclosure on both of the databases on pastebin: Siemens : https://pastebin.com/HBL966wh Canon : https://pastebin.com/fbL0s9aS These pastebin notes include the vulnerable links of respective sites and extracted database info with usernames and passwords of Siemens Users & Canon forum, sites user credentials.

Censorship - Global Concern : THN Magazine March Edition It is March Madness at The Hacker News as we release the latest edition of our magazine which gives internet security a thorough look and and a fascinating read. Pierluigi Paganini gives a great interview on the woes of internet security and Mourad Ben Lakhousa provides you with a comprehensive guide on what tools are available to keep your web activity private. Check out Lee Ives opinion piece on the plethora of DDOS attacks and stand firm with our Editor, Patti Galle as we tell the world we won't stand for internet piracy. Laugh with us as we take a hilarious look at recent internet security news and we promise you won't be disappointed in all the articles touching on matters important to us all. Enjoy! RAR Format  |  PDF Format

Sandcat Browser 2.0 Released,  Penetration Testing Oriented Browser Sandcat Browser version 2.0 includes several user interface and experience improvements, an improved extension system, RudraScript support and new extensions. What is Sandcat Browser? The fastest web browser combined with the fastest scripting language packed with features for pen-testers. Sandcat Browser is a freeware portable pen-test oriented multi-tabbed web browser with extensions support developed by the Syhunt team, the same creators of the Sandcat web application security scanner. The Sandcat Browser is built on top of Chromium, the same engine that powers the Google Chrome browser, and uses the Lua language to provide extensions and scripting support. This first Sandcat Browser release includes the following pen-test oriented features: Live HTTP Headers Request Editor extension Fuzzer extension with multiple modes and support for filters JavaScript Executor extension -- allows you to load and r...

Cyber Criminals took over billion dollar of Brazilian companies PricewaterhouseCoopers has revealed in a report that cyber criminals are now shifting their attacks towards emerging markets, especially those engaging with carbon emission trades which promote low carbon technologies but whose security measures have not yet grown to combat online attacks. In Brazil, 8% of the companies under attack of Cyber Criminals and had losses above $ 1 billion of Brazilian companies. A recent survey by PricewaterhouseCoopers (PwC) finding that over one third of Brazilian companies (32%) was the victim of cybercrime last year. The world average is lower, 23% of companies have been targets of cyber attacks in 2011. More than half of Brazilian executives (51%) explained that one of the biggest problems related to awareness and combat electronic crime is the fact that management of their companies adopted only informally or on an ad hoc solutions and security processes. Cyber criminal...

The Killswitch : They can remotely modify your Window 8 Last year,a Finnish software developer, was cruising Google's Android Market for smartphone apps last year when he noticed something strange. Dozens of best-selling applications suddenly listed the same wrong publisher. Google uses a little known kill switch, to forcibly removing the malicious code from more than 250,000 infected Android smartphones. It's a powerful way to stop threats that spread quickly, but it's also a privacy and security land mine. With the rollout of the Windows 8 operating system expected later this year, millions of desktop and laptop PCs will get kill switches for the first time. Microsoft has confirmed that they have remote kill switch installed in to Windows 8 apps. using this access, they can disable and even remove an app entirely from a user's device. This piece of information was released along with other details of the upcoming Windows Store for Windows 8. Anyone worried about Microso...

Interpol  #TangoDown , Suspected 25 Anonymous arrested Interpol's Web site (www.interpol.int) went down Tuesday just hours after the international police agency announced the arrest of 25 suspected members of the hacking collective Anonymous in Argentina, Chile, Colombia and Spain. The authorities in Argentina, Chile, Colombia and Spain carried out the arrests and seized 250 items of IT equipment and mobile phones, Interpol says.Those arrested are aged between 17 and 40. A National Police statement said two servers used by the group in Bulgaria and the Czech Republic had been blocked.It said the four included the alleged manager of Anonymous' computer operations in Spain and Latin America, who was identified only by his initials and the aliases " Thunder " and " Pacotron ". Authorities in Europe, North America and elsewhere have made dozens of arrests, and Anonymous has increasingly attacked law enforcement, military and intelligence-linked targets in retal...

$60000 for Exploiting Google Chrome, Hackers at Pwnium  work... Google has offered prizes, totalling $1 million, to those who successfully hack the Google Chrome browser at the Pwn2Own hacker contest taking place next week i.e 7 March 2012. Chrome is the only browser in the contest's six year history to not be exploited like at all.  Therefore Google will hand out prizes of $60,000, $40,000, and $20,000 for contestants able to remotely commandeer a fully-patched browser running on Windows 7. Finding a "Full Chrome Exploit," obtaining user account persistence using only bugs in the browser itself will net the $60k prize. Using webkits, flash, or a driver-based exploit can only earn the lesser amounts. Prizes will be awarded on a first-come-first-serve basis, until the entire $1 million has been claimed. " While we're proud of Chrome's leading track record in past competitions, the fact is that not receiving exploits means that it's harder to learn and imp...