The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Fraud communities owned and exposed by Happy Ninja The  Happy Ninjas Hackers Release a Ezine " Owned and Exposed - ISSUE no 3 " on Exploit-Db . They claim to hack various German and International fraud scenes and Publish there all details online in Ezine.  They said " Operation Antisec : The original Antisec Movement was brought to life by actualhackers and targeted full disclosure and the corporate securityindustry. Publishing gigantic amounts of (corporate) data on theinternet does exactly the opposite: It provides the security industrywith the attention they need and hence new customers. " " Money is the root of allevil" as the proverb has it; and it's why fraud communities do comeback after we have owned and exposed them " He added. Most the famous fraud sites got hacked by them , such as: St0re.cc El-Basar.biz Swissfaking.net Vpn24.org Unique-Crew.net Undercover.su Secure-Host.in Hackbase.cc Zion-Network.net Most of the IP add...

Call for Articles - The Hacker News Magazine | December Edition THN Magazine is a free monthly magazine designed to spread awareness and knowledge about cyber security. Our goal is to provide the most up-to-date information on a wide variety of topics that relate to hackers and security experts worldwide. We welcome contributions from readers and hackers like YOU! Simply submit your idea or article to thehackernews@gmail.com or  admin@thehackernews.com  and your submission could be featured in our next edition. Some topics of interest include, but are not limited to: New attack and defense techniques Related to Anonymous ,Activist and Hacktivists Vulnerability discovery Small tactics and techniques; Big attacks and impact Mobile hacking Professional exploit development Security and hacking events around the world Technical book reviews Security and hacking threats Security tools Expert interviews If you enjoy our monthly publication, please spread the word...

XSS Vulnerability on AOL Energy website A non-persistent Cross Site Scripting (XSS) vulnerability discovered on AOL Energy website. The similar Vulnerability is claimed by few other guys on some forums too. No clue that who found it first, But THN got update from Vansh & Vaibhuv from India.

#OccupyLondon : The Night of Thousand Masks on 5th November Anonymous Mask = " A symbol that unites them behind one universal message " . Activists plan to protest on 5th November ,2011 at Saint Pauls Cathedral London 9:00pm - 11:00pm. This going to be " The Night of Thousand Masks ". Message By Anonymous : Good evening, London. Allow me first to apologize for this interruption. I do, like many of you, appreciate the comforts of every day routine- the security of the familiar, the tranquility of repetition. I enjoy them as much as any bloke. But in the spirit of commemoration, thereby those important events of the past usually associated with someone's death or the end of some awful bloody struggle, a celebration of a nice holiday , I thought we could mark this November the 5th, a day that is sadly no longer remembered, by taking some time out of our daily lives to sit down and have a little chat. There are of course those who do not want us to speak. I susp...

Super Cryptography : The Next Generation Encryption The next generation of encryption technologies meets this need by using Elliptic Curve Cryptography (ECC) to replace RSA and DH, and using Galois/Counter Mode (GCM) of the Advanced Encryption Standard (AES) block cipher for high-speed authenticated encryption. Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. The use of elliptic curves in cryptography was suggested independently by Neal Koblitz and Victor S. Miller in 1985. According to Cisco ," New algorithms for encryption, authentication, digital signatures, and key exchange are needed to meet escalating security and performance requirements ". A 244-bit ECC key has the equivalent strength of a 2048-bit RSA key for security; a 384-bit ECC key matches a 7680-bit RSA key. Greater strength for any given key length enables the use of shorter keys, resulting in significantly l...

The Hacker News Magazine - Anniversary Edition  - November Issue 06 In November of 2010 the team at The Hacker News finally achieved our ultimate goal of launching an online News Portal and Magazine addressing the tricky and complicated world of hackers and hacking. In our first year The Hacker News made our fair shares of mistakes, typical of first-time publishers, but our successes have been innumerable and The Hacker News has reached many of it goals in this often hectic and exciting  first year. The Hacker News was fortunate enough to have assembled a dedicated and professional team that intrinsically understood that it is not enough to hope to succeed; you have to plan to succeed. And I am grateful to each and every one of these talent people that understood this concept and helped implement it daily to help insure our success. As the mainstream media often denigrates computer hackers as nothing more than digital pranksters, we at The Hacker News believe that many...

Palestine : Hackers have taken down phone and Internet services The main phone network in the West Bank and Gaza has suffered a sustained attack by computer hackers, the Palestinian Authority (PA) says. Mashour Abou Daqqa, the Palestinian telecoms minister, said the disruptions, which began Tuesday morning, came from various sources around the world, but had no detailed information. He said hackers used IP servers in Germany, China, and Slovenia to launch the attack. Hack may be linked to rising regional tensions over the Palestinian Authority's successful move to acquire membership in Unesco on Monday. It also comes against the backdrop of new cross-border clashes along the border between Israel and Gaza. One Israeli civilian and at least 10 Palestinian militants were killed in the worst violence on that front in months. The fighting followed the launch of rocket salvos against Israeli territory last week. Israel retaliated with airstrikes. Daqqa suggested its neighbour coul...

Blackhole Exploit Kit attack on WampServer & Wordpress sites Kimberly from  Stopmalvertising  found Blackhole Exploit Kit on Website of most popular Webserver software site WAMPSERVER . Almost at the bottom of the webpage they notice a Javascript requesting a file from jquery.googlecode.com . The URL is followed by a long string of parameters. The file  returns a 404, it's just there to fool people. Once the script decoded we obtain an iframe leading to vc-business.com/in.php .According to Analyse of Kimberly , If a vulnerable Java, Windows Media Player, Flash or Adobe Reader version is detected, the visitor will be redirected to 91.194.214.66/dng311011/c7a44076f6c722eb74725563b0a000a0/spl.php and from there to 30domaaaam.in/main.php?page=c76874df55550a3f . According to Norton Safe Web , 91.194.214.66 has been caught in distributing the ZeroAccess rootkit. Second Recent Attack by Blackhole Exploit discovered in  thousands of WordPre...

Windows Kernel Zero Day Vulnerability Found in Duqu Installer Duqu malware attack exploited a zero-day vulnerability in the Windows kernel, according to security researchers tracking the Stuxnet-like cyber-surveillance Trojan. The vulnerability has since been reported to Microsoft and Microsoft is working on a fix for the kernel vulnerability right now. Researchers at the Laboratory of Cryptography and System Security (CrySyS) in Hungary confirmed the existence of the zero-day vulnerability and exploit in a brief note posted to its web site. Our lab, the Laboratory of Cryptography and System Security (CrySyS) pursued the analysis of the Duqu malware and as a result of our investigation, we identified a dropper file with an MS 0-day kernel exploit inside. We immediately provided competent organizations with the necessary information such that they can take appropriate steps for the protection of the users. The installer file is a Microsoft Word document (.doc) that exploits...

Virtual Machine for Android Reverse Engineering (A.R.E) Released The Honeynet Project release of the Android Reverse Engineering (A.R.E.) Virtual Machine. Do you need to analyze a piece of Android malware, but dont have all your analysis tools at hand? The Android Reverse Engineering (A.R.E.) Virtual Machine, put together by Anthony Desnos from our French chapter, is here to help. A.R.E. combines the latest Android malware analysis tools in a readily accessible toolbox. Tools currently found on A.R.E. are: Androguard Android sdk/ndk APKInspector Apktool Axmlprinter Ded Dex2jar DroidBox Jad Smali/Baksmali Download A.R.E

The Hacker News (THN) 1st Anniversary Celebration It has been a wonderful "HACK" filled year as we disseminated security and hacking information around the world. We are grateful for our loyal readership and welcome new readers and contributors. Let's face it. Hacking isn't going away and growing security concerns are an issue we all need to stay on top of. Being informed about the latest and newest in security measures and the work of hackers to break into these means is a global issue with tremendous consequences. Hacking and security violations affect us all. Not only big corporations which store your information but the health and welfare of your personal PC's. The Hacker news has tracked the events of the last year and we are amazed and the talent and finesse of techy people who can break into the most complicated and sophisticated systems. You can depend on us for breaking news in the area of computer security. Keep reading and keep checking our daily web news. In c...

Facebook " Trusted friends " Security Feature Easily  Exploitable Last week Facebook announced that in one day 600,000 accounts possibly get hacked. Another possible solution for Facebook to combat security issues is to find 3 to 5 " Trusted friends ". Facebook will be adding two new security features that will allow users to regain control of their account if it gets hijacked. In Facebook's case, the keys are codes, and the user can choose from three to five " Trusted friends " who are then provided with a code. If you ever get locked out of your account (and you can't access your email to follow the link after resetting your Facebook password), you gather all the codes and use them to gain access to it again. Yet This method is used by hackers to hack most of the Facebook account using little bit of Social Engineering from last 5-6 Months according to me. Let us know, how this works... How its Exploitable: This Exploit is 90% Successful on...

Volatility 2.0 - Advanced Memory Forensics [With Video Demonstration] The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibilty into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research. The Volatility Framework demonstrates our committment to and belief in the importance of open source digital investigation tools . Volatile Systems is committed to the belief that the technical procedures used to extract digital evidence should be open to peer analysis and review. We also believe this is in the best i...