The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The non-profit organization behind TOR – the largest online anonymity network that allows people to hide their real identity online – will soon be launching a " Bug Bounty Program " for researchers who find loopholes in Tor apps. The bounty program was announced during the recurring ' State of the Onion' talk by Tor Project at Chaos Communication Congress held in Hamburg, Germany. Bug bounty programs are cash rewards gave by companies or organizations to white hat hackers and researchers who hunt for serious security vulnerabilities in their website or products and then responsibly disclose them. Bug bounties are designed to encourage security researchers and hackers to responsibly report the vulnerabilities they discovered, rather than exploiting it. Here's what one of the founders of the Tor Project, Nick Mathewson , said about the bug bounty program as reported by Motherboard: "We are grateful to the people who have looked at ou...

North Korea has its own homegrown computer operating system that looks remarkably just like Apple's OS X, which not only prevents potential foreign hacking attempts but also provides extensive surveillance capabilities. Two German researchers have just conducted an in-depth analysis of the secretive state's operating system and found that the OS does more than what is known about it. Dubbed Red Star OS , the operating system based on a Linux 2009 version called Fedora 11 limits its users to a government-approved view of the world and has the tendency to ' watermark ' files on USB sticks to track user's shuttling contraband material. Red Star OS Tracks User's Every Move In short, whenever a user inserts a USB storage device containing photos, videos or other documents, into a computer running Red Star, the OS takes the current hard disk's serial number, encrypts that number, and writes that encrypted serial into the file, marking it. The p...

Washington State Department of Corrections (DoC) is facing an investigation after it early released around 3,200 prisoners over the course of 13 years , since 2002, when a bug was introduced in the software used to calculate time credits for inmates' good behavior. The software glitch led to a miscalculation of sentence reductions that US prisoners were receiving for their good behaviour. Over the next 13 years, the median number of days of those released early from prison was 49 days before their correct release date. "This problem was allowed to continue for 13 years is deeply disappointing to me, totally unacceptable and, frankly, maddening," Washington State Governor Jay Inslee said in a statement . "I've [many] questions about how and why this happened, and I understand that members of the public will have those same queries." What's the Bug and How did it Remain Undetected for 13 Years? The issue lies in DoC software that is...

A former employee of Russian search engine Yandex allegedly stole the source code and key algorithms for its search engine site and then attempted to sell them on the black market to fund his own startup. Russian publication Kommersant reports that Dmitry Korobov downloaded a type of software nicknamed " Arcadia " from Yandex's servers, which contained highly critical information, including the source code and some of the "key algorithms," of its search engine. Korobov then tried to sell the stolen codes to an electronics retailer called NIX, where a friend of his allegedly worked, and on the dark underground market in search of potential buyers. But What's the Punchline? The funniest part is that Korobov requested only $25,000 and 250,000 rubles (a total of almost $29,000) for Yandex's source code and algorithms, which actually cost "Billions of Rubles," or somewhere near $15 Million USD . However, Korobov was arrest...

Have you recently purchased a Windows computer? Congratulations! As your new Windows computer has inbuilt disk encryption feature that is turned on by default in order to protect your data in case your device is lost or stolen. Moreover, In case you lost your encryption keys then don't worry, Microsoft has a copy of your Recovery Key. But Wait! If Microsoft already has your Disk Encryption Keys then what's the use of using disk encryption feature? Doesn't Encryption mean Only you can unlock your disk ? Microsoft Probably Holds your Encryption Keys Since the launch of Windows 8.1, Microsoft is offering disk encryption as a built-in feature for Windows laptops, Windows phones and other devices. However, there is a little-known fact, highlighted by The Intercept, that if you have logged into Windows 10 using your Microsoft account, your system had automatically uploaded a copy of your recovery key to Microsoft's servers secretly, and you can't pre...

The Adobe Flash Player just said goodbye to the year with another bunch of vulnerability patches. Adobe released an out-of-band security update on Monday to address Nineteen ( 19 ) vulnerabilities in its Flash Player, including one ( CVE-2015-8651 ) that is being exploited in the wild. All the programming loopholes could be abused to execute malicious code (here malicious Flash file on a web page) on victims' computers in order to hijack an unpatched PC or Mac entirely. So, if you are running the Flash Player plugin on Windows, Mac OS X, Linux, or Chrome OS, it is time for you to upgrade your system as soon as possible before criminals start taking advantage of the bugs. Here're the details of the Flash's 19 security vulnerabilities patched in the emergency APSB16-01 update posted Monday afternoon: A Type Confusion Vulnerability that could lead to arbitrary code execution ( CVE-2015-8644 ) An Integer Overflow Vulnerability that also leads to code e...

BREAKING: A misconfigured database has resulted in the exposure of around 191 Million voter records including voters' full names, their home addresses, unique voter IDs, date of births and phone numbers. The database was discovered on December 20th by Chris Vickery , a white hat hacker, who was able to access over 191 Million Americans' personal identifying information (PII) that are just sitting in the public to be found by anyone looking for it. Vickery is the same security researcher who uncovered personal details of 13 Million MacKeeper users two weeks ago, which included names, email addresses, usernames, password hashes, IP addresses, phone numbers, and system information. However, the recent discovery made him shocked when he saw his own information in the database, according to DataBreaches.net, whom the researcher contacted and provided all the details about his finding. 300GB Trove of Voters' Information Leaked Vickery has his hands on all ...

Some of Bitcoin's Core developers have left the Bitcoin project and started building their separate cryptocurrency called DECRED . Decred aims to prevent the issues Bitcoin is currently facing regarding project governance and development funding. CEO of ' Company 0 ', Mr. Jacob Yocom-Piatt , who has funded Bitcoin development since early 2013, said the actual development of the Bitcoin cryptocurrency is funded by external entities that forms a conflict of interests between the groups and the project's core developers. According to Bitcoin's developers, these group puts limitations on input in Bitcoin's governance, selecting options that are favorable to their own interests only, and generally ignoring the developers' and project's best interests. "The Bitcoin software is controlled by a small group of people who decide exclusively what can and cannot be changed," Jacob says in a press release . "This is in part due to a la...

If you rely on encrypted services to keep your data private and, unfortunately, you are in China, then you are about to be worried. As of now Chinese government could snoop into the operations of technology companies as well as circumvent privacy protections in everyday gadgets. China So-called Anti-Terrorism Law Despite months of objections from major technology firms and concerns over human rights… China passed its controversial new anti-terrorism law on Sunday that requires tech companies to help decrypt information or hand over encryption keys to officials when they want to spy on someone's communication in order to counter terror operations. However, the officials swear that the law wouldn't require technology firms to install " backdoors " in their products, but it doesn't make any difference when the government mandate companies operating in China to provide encryption keys and passwords when requested. Just like recent propo...

The Raspberry Pi is now gaining attention from malware distributors who want the popular mini-computers to deliver with pre-install malware. The Raspberry Pi Foundation has made a shocking revelation that the charitable foundation has been offered money to install malware onto the Raspberry Pi machines before they were shipped out to users. The Raspberry Pi is an extremely simple computer that looks and feels very basic, but could be built into many geeky projects. Due to the low-cost appeal of the Raspberry Pi, the Foundation has sold over 4 million units. Just Last month, Raspberry Pi unveiled its latest wonder: The Raspberry Pi Zero – a programmable computer that costs just $5 (or £4), may rank as the world's cheapest computer. Last Wednesday, the Foundation tweeted a screenshot of an email in which " business officer"  Linda effectively asked Foundation's director of communications Liz Uptonto to install a suspicious executable file onto Ras...

Raise your hands if you want Free Video Calling feature in WhatsApp. I am in, and I think most of you people. And the good news is that it looks like WhatsApp's much-awaited Free Video Calling feature is on its way, according to the recently leaked screenshots. Free Video Calling Feature in WhatsApp German technology blog Macerkopf.de has posted what it claims are screenshots from an unreleased version of the popular messaging client WhatsApp for iOS. The screenshots are from an unreleased version of the software ( version 2.12.16.2 ), which is currently being tested internally, but at present it is not clear whether or not those screenshots are legitimate. But, if the leaked screenshots are real, and WhatsApp adds the Free Video Calling feature , then the company could take an enormous bite out of some of its top rival. WhatsApp Video Calling feature will allow you to make video calls to your friends and family anywhere in the world for free as l...

Facebook's Free Internet access to India has hit a hurdle: The Telecom Regulatory Authority of India ( TRAI ) has ordered the mobile carrier to temporary suspend the Facebook's Free Basics Internet program. Facebook's Free Basics is an app that allows users to access certain Internet websites, including Facebook, for free. However, India's independent regulatory body has asked Reliance Communications – the only mobile carrier that provides Free Basics in India – to disable the free internet service temporarily while the regulator investigates whether the service violates net neutrality . Facebook's Free Basics – Free Internet for ALL Facebook introduced Free Basics ( then known as Internet.org ) app to India in February this year, offering people access to more than three dozen Web services for free. Users of Facebook's Free Basics app must have a Reliance mobile network and are limited to a range of portals including Wikipedia, BBC New...