The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

FOCA 3.0 - Network Infrastructure Mapping Tool Free Release This new version has new fresh look and feel, and it is full of new features that you will love to discover. If you want to learn more about FOCA, and Get FOCA 3 PRO, then you can book for a seat in the next online training about FOCA. It is going to be delivered on 4th of November in English and on 8th of November in Spanish. Both of them delivered by our FOCA father Chema Alonso. In FOCA 3 PRO you will discover features focused in discovering vulnerabilities in web sites, which are completely new. If you booked for an online seminar about FOCA PRO in 2011 then you can get a seat with 50% OFF.Also, we would like to remember you that we created MetaShield Protector as a solution to filter metadata in published documents through Windows Server 2008 / 2008 R2, IIS 7.0 / 7.5 and SharePoint 2007, Windows SharePoint Services and SharePoint 2010. More info . After six months we got FOCA 3 FREE available for direct download ....

US satellites was victim by Chinese Hackers Computer hackers, possibly from the Chinese military, interfered with two U.S. government satellites four times in 2007 and 2008 through a ground station in Norway, according to a congressional commission. According to Bloomberg , the Chinese military is suspected of executing the digital intrusions which targeted satellites used for earth climate and terrain observation. Indeed, a Landsat-7 earth observation satellite system experienced 12 or more minutes of interference in October 2007 and July 2008, while hackers tapped into a Terra AM-1 earth observation satellite twice, for two minutes in June 2008 and nine minutes in October that year. Interestingly enough, the report doesn't actually accuse the Chinese government of sponsoring or executing the four attacks. 

 However, it clearly states that the breaches are "consistent" with Beijing's military doctrine which advocates disabling an enemy's space systems, and ...

Anonymous DDOS Oakland police site after violence Cyber activists associated with Anonymous have targeted the Oakland Police Department (OPD) and other law enforcement agencies that participated in a controversial crackdown against OccupyOakland protestors. A DDOS (distributed denial-of-service) attack against the department's website www.oaklandpolice.com is underway, and the website currently is unreachable. AnonyOps tweet " I'm amazed and proud of #occupyOakland protesters who stood defiant, peaceful in the face of lethal force by Oakland PD. " Police fired a number of tear gas canisters, concussion grenades, rubber bullets and non-lethal rounds at demonstrators on Tuesday night, drawing widespread condemnation for the use of heavy-handed tactics against unarmed civilians. The attack was first announced via Anonymous' AnonOps Twitter feed. " @Anon_Central : Admin/User/Password Dump of oaklandnet.com Problem Oakland authorities? F--- you! >> p...

How to Beat Evil Governments When Your Internet Turned Off ? Bruce Sutherland explain at DefCon 19 Conference that " How To Get Your Message Out When Your Government Turns Off The Internet " . Bruce Sutherland  is a network systems architect and software developer with Domex Computer Services Inc, based in Melbourne Beach, FL. How would you communicate with the world if your government turned off the Internet? Sound far-fetched? It isn't. It already happened in Egypt and Lybia and the US Congress is working on laws that would allow it to do the same. In this talk we'll explore how to get short messages out of the country via Email and Twitter in the event of a national Internet outage. Remember, data wants to be free. Bruce has worked in the industry for over 20 years and has recently been working on building and hardening web-based applications. He has been an amateur radio operator since 2003 and enjoys making contacts worldwide via amateur radio satellite ...

India's leading telecom Company  BSNL hacked by Pakistani Hacker A Pakistani hacker "KhantastiC haX0r" today hack into the official website of India's leading telecom Company Bharat Sanchar Nigam Limited (BSNL) . This is not 1st time when BSNL become victim of any cyber attack. Pakistani Hackers hit Indian Corporate and National Government Websites, Servers time by time Just for FUN or so called Cyber War b/w these two countries. This year 2011, Attack/ defacement are less than the records of previous years. Most of the hacking groups from India now become White hat hackers and working for Cyber Security Awareness and Development. We wish same for all Pakistani hackers to start working for Security and Development. Anyway, The Hacker domain is  https://bsnl.co.in/tender1/  .

The Hacker News (THN) wishes its readers a very Happy Diwali To Readers,                     On this auspicious occasion of Diwali, all of us here at THN would like to wish you a very Happy Diwali and a wonderful year ahead ! We hope the lights of the season andthe festivities bring you and your family tons of joy and good luck. A festival full of sweet childhood memories,sky full of fireworks, mouth full of sweets, house full of diyas and heart full of joy. The word Diwali means " Rows of lighted lamps " , Known as the Festival of Lights, Diwali holds significance to the Hindu, Sikh and Jain religions and is a public holiday in India.We should pledge that we will make an all-out endeavour to make Diwali 2011 a pollution-free festival. The Hacker News has evolved to work closely with and within the cyber security communities in an effort to make the internet more secure. THN is dedicated to making your learning a valu...

Latest Security Flaw in Skype Enables IP address & Location Tracking The serious breach in the widely-used, internet video chat program means that any evil computer nerd could easily hunt down users' whereabouts, according to a study co-authored by an NYU-Poly professor. The flaw in Skype could allow a skilled hacker to find out the IP address from which a user has logged in to Skype, thereby determining the location of Skype users, which is a massive breach of privacy and security. The company is trying to downplay the flaw, claiming that the ability to derive IP addresses was common with all web based communication clients. The flaw can reportedly be exploited without the user's knowledge, and can be executed on a massive scale. The reserch team demonstrated this by scheduling hourly calls to tens of thousands of Skype users. Adrian Asher, Skype's chief information security officer, said that IP addresses are easily uncovered in most web communications clients....

Japan under Heavy Cyber Attack ! In last two days several Cyber attacks breach corporate and National Security of Japan. First, Japanese parliament hit by cyber attack from China according to Report. A server located in China was used for the attack on the Japanese Lower House. This led to an extraordinary meeting of a key subcommittee after it emerged that hackers had access to emails and documents belonging to the chamber's 480 legislators for at least one month. The personal computers and servers of Japanese lower house lawmakers have been hit by a cyber attack, and passwords and user IDs may have been stolen. Next, Information on military aircraft and nuclear power plants may have been stolen in a series of cyberattacks on Japanese defence contractor Mitsubishi Heavy. Mitsubishi Heavy said late last month that 83 computers at 11 of its facilities had been hit by cyberattacks but no leakage of information on products and technologies had been confirmed. Christo...

The Hacker's Choice releases SSL DOS Tool German hacker group "The Hacker's Choice" officially released a new DDoS tool. The tool exploits a weakness in SSL to kick a server off the Internet. Establishing a secure SSL connection requires 15x more processingpower on the server than on the client.THC-SSL-DOS exploits this asymmetric property by overloading theserver and knocking it off the Internet.This problem affects all SSL implementations today. The vendors are awareof this problem since 2003 and the topic has been widely discussed.This attack further exploits the SSL secure Renegotiation featureto trigger thousands of renegotiations via single TCP connection. Download: Windows binary: thc-ssl-dos-1.4-win-bin.zip Unix Source : thc-ssl-dos-1.4.tar.gz Usage: Use " ./configure; make all install " to build and Run :  ./thc-ssl-dos 127.3.133.7 443 Tips & Tricks for whitehats 1. The average server can do 300 handshakes per second. This would require 10-25% of your lapt...

Tor anonymizing network Compromised by French researchers French researchers from ESIEA , a French engineering school, have found and exploited some serious vulnerabilities in the TOR network. They performed an inventory of the network, finding 6,000 machines, many of whose IPs are accessible publicly and directly with the system's source code. They demonstrated that it is possible to take control of the network and read all the messages that circulate. But there are also hidden nodes, the Tor Bridges, which are provided by the system that in some cases. Researchers have developed a script that, once again, to identify them. They found 181. " We now have a complete picture of the topography of Tor ," said Eric Filiol. The specific attack involves creating a virus and using it to infect such vulnerable systems in a laboratory environment, and thus decrypting traffic passing through them again via an unknown, unmentioned mechanism. Finally, traffic is redirected towards ...

Bleeding Life 2 Exploit Pack Released Black Hat Academy releases Bleeding Life 2 exploit pack. This is an exploit pack that affects Windows-based web browsers via Adobe and Java. You can read all about it, and download it for yourself. Statistics are kept based on exploit, browser, and OS version. Exploits Adobe CVE-2008-2992 CVE-2010-1297 CVE-2010-2884 CVE-2010-0188 Java CVE-2010-0842 CVE-2010-3552 Signed Applet Features Advanced Statistical Information Stylish Progress Bars Full User-Friendly Admin Panel Referer Stats Secure Panel - Login/Logout Ability To Set and Save Passwords On Panel Ability To Allow Guest Access - Guest Can Only View Stats Page, Clicking and Other Pages Disabled. Ability To Add and/or Remove Exploits Used Ability To Add Scan4You Credentials For Built-In Scanner Use Ability To Filter Browsers Ability To Filter Operating Systems Attempt To Detect and Filter HTTP Proxies Ability To Blacklist by IP/Range Ability To Import Blacklist On Pan...

Microsoft 's official Youtube channel hacked It appears that someone has hacked into Microsoft's account on Youtube and removed all videos. As can be seen in the picture, there are currently no videos at all anymore (see the red arrow in the screenshot) and the comment about the website is not " Wish to Become Sponsored ? Message me ". Also the hometown has been changed to "Hey". In their place are short clips soliciting advertisers, not surprisingly, as the channel has some 24,000+ subscribers.As of 1:30 p.m. ET, four videos have been uploaded to the account, all time-stamped within the past two hours. A fifth video, most recently uploaded, seems to have been removed. The video, "Garry's Mod – Escape the Box," featured what appeared to be an animated gunman shooting at the inside of a construction box.The channel's description reads, " I DID NOTHING WRONG I SIMPLY SIGNED INTO MY ACCOUNT THAT I MADE IN 2006 :/. " Neither Microsoft nor Google (which owns YouTube) have disclosed info...

XSS Vulnerability in Interactive YouTube API Demo Beta There is a Critical Cross site XSS Vulnerability in Interactive YouTube API Demo Beta, Discovered by various sources. One of the White Hat Hacker " Vansh Sharma " Inform us about this XSS Vulnerability with proof of concept. Proof Of Concept : Open  https://gdata.youtube.com/ Enter script <img src="<img src=search"/onerror=alert("xss")//"> in the keyword area. Press ADD