The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

US Chamber Of Commerce Hit by Chinese Hackers A group of hackers in China breached the computer defenses of America's top business-lobbying group and gained access to everything stored on its systems, including information about its three million members. The hackers may have broken into the Chamber's network more than a year before they were discovered. It is not confirm when the initial break-in occurred but security officials from the Chamber quietly shut the breech down in May of 2010. " What was unusual about it was that this was clearly somebody very sophisticated, who knew exactly who we are and who targeted specific people and used sophisticated tools to try to gather intelligence, " the Chamber's chief operating officer David Chavern told the Journal in an interview published today. It isn't clear how much of the compromised data was viewed by the hackers.Chamber officials said the hackers had focused on four Chamber employees who worked on Asia poli...

Windows 7 64 bit Memory Corruption Vulnerability A person known by the alias of " w3bd3vil " on twitter released an HTML snippet that will cause the 64 bit version of Windows 7 to blue screen if viewed under Safari. The underlying vulnerability is however not a flaw in Safari but rather a flaw in the Windows kernel mode device driver, win32k.sys. " A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large "height" attribute viewed using the Apple Safari browser. Successful exploitation may allow execution of arbitrary code with kernel-mode privileges ," the Secunia advisory said. The possibility that the vulnerability can be exploited by using means other than Safari cannot be ruled out....

Bypass SOPA (Stop Online Piracy Act) DNS Blocking with DeSopa 1.1 A developer who calls himself T Rizk doesn't have much faith in Congress making the right decision on anti-piracy legislation, so he's built a work around for the impending censorship measures being considered  DeSOPA . The Firefox add-on is stunningly simple as the Stop Online Piracy Act (SOPA) would block specific domain names (e.g. www.thepiratebay.com ) of allegedly infringing sites. Firefox, which already boasts an outspoken stance against SOPA, and has already shown they are willing to stand by add-on developers who create circumvention extensions designed to go around measures currently employed by Homeland Security, has welcomed a new add-on, one that is designed to circumvent whatever SOPA website blacklists that are created, provided the bills become law. A new anti-SOPA add-on for Firefox, titled " DeSopa " is such a counter measure.When installed, users can click a single button to resolve a blo...

Apple Crash Reports Help Hackers to create a jailbreak exploit iPhone " jailbreaking " has been a hot topic since Apple released its smartphone more than two years ago. According to the Latest report posted by BBC  that Thousands of iPhone owners have joined forces with a team of hackers to help them find new ways to jailbreak Apple's phone software & Jailbreakers use Apple crash reports to unlock iPhones. You may be wondering and hearing alot on " What Is Jailbreaking an Iphone? How do you do that? " Jailbreaking is basically modifying the iPhone's firmware so that you can get access to the internals of its operating system and install a whole slew of third-party applications on your iPhone that are not otherwise available through official channels.Jailbreaking your iPhone in and of itself doesn't normally make much difference in your operation of it, but it does allow you to install other third-party applications that are not blessed by Apple. A collective of ...

An Iranian engineer working on the captured US drone has said that Iran exploited a weakness in the craft's navigation system to hijack it. The aircraft was downed through a relatively unsophisticated cyber-attack that tricked its global positioning systems (GPS). The technique, known as " GPS spoofing " has been around for several years, and the Iranians began studying it in 2007, the engineer reportedly said. The U.S. Department of Energy notes that GPS is widely used, but insecure, although few users have taken note. GPS signals for the U.S. military are similarly insecure, and drones often rely on signals from multiple satellites. It's possible to spoof unencrypted civilian GPS systems. But military GPS receivers, such as the one likely installed on the missing drone, use the encrypted P(Y)-code to communicate with satellites. " With spoofing, an adversary provides fake GPS signals. This convinces the GPS receiver that it is located in the wrong place and/or ...

1.8 Million Accounts Hacked from Square Enix Japanese Game Company Square Enix stated yesterday that somebody " may have gained unauthorized access to a particular Square Enix server " and took its members service offline in both Japan and the U.S. Today, the company clarified that 1.8 million customer's accounts had been affected. The company said it noticed that unknown parties had accessed the server for its free " Square Enix Members " site on Tuesday afternoon, and decided to shut down the service the same day. Users register on the server with their email addresses and sometimes their names, addresses and phone numbers, but the server holds no credit card information, a spokesman said. The intruder breached an unknown number of servers that could hold data for the service's one million members in Japan and 800,000 members in North America, but left untouched the servers with its 300,000 European members. In May, Square Enix said it suffered hackin...

Key infrastructure systems of 3 US cities Under Attack By Hackers BBC News Reported that the Federal Bureau of Investigation (FBI) announced recently that key infrastructure systems of three US cities had been accessed by hackers. Such systems commonly known as Supervisory Control and Data Acquisition (SCADA) are increasingly being targeted by hackers. At a recent cybersecurity conference, Michael Welch, deputy assistant director of the FBI's cyber division, said " hackers had accessed crucial water and power services.The hackers could theoretically have dumped sewage into a lake or shut off the power to a shopping mall ." " We just had a circumstance where we had three cities, one of them a major city within the US, where you had several hackers that had made their way into SCADA systems within the city ," Welch told delegates at the Flemings Cyber Security conference." Essentially it was an ego trip for the hacker because he had control of that city's system and h...

Denial of Service Attack Vulnerability in  Windows Phone 7.5 Microsoft's range of Windows Phones suffer from a denial-of-service attack bug that allows attackers to reboot the device and disable the messaging functionality on a device. A malicious SMS sent to a Windows Phone 7.5 device will force it to reboot and lock down the messaging hub . WinRumors reader Khaled Salameh discovered the flaw and reported it to us on Monday. WinRumors said tests revealed that the flaw affected a variety of devices running different builds of the mobile operating system. A Facebook chat message and Windows Live Messenger message will also trigger the bug. Video Demonstration Both Apple and Google have suffered from SMS bugs with their iOS and Android devices. Security researcher Charlie Miller discovered a flaw in the iOS 3.0 software that allowed attackers complete control over an iPhone at the time. Android-based phones also suffered in the SMS attack, but attackers could only knock a phone ...

Breach confirmed in GlobalSign , SSL certificates not compromised GlobalSign said on Tuesday that the SSL certificate and key for www.globalsign.com may have been exposed after a hack on an external server in September. However, the company said that after investigating the breach it has found no evidence of rogue certificates being issued following the hack. A hacker known as " Comodohacker " compromised other certificate authorities including Comodo and DigiNotar. " I have access to their entire server, got DB backups, their linux / tar gzipped and downloaded, I even have private key of their OWN globalsign.com domain ," the hacker said in a Pastebin at the time. The investigation revealed that the compromise was limited to a peripheral Web server hosting the CA's website and did not affect the part of its network that deals with digital certificates. Companies use digital certificates as a cryptographic online trust technology. A stolen digital certificate can all...

Facebook Ticker partially Removed Due To Various Bugs According to a Post on Facebook Known Issues Page , Facebook has removed the ticker apparently motivated the social network to call the phenomenon a bug that's undergoing a fix. Facebook says that " Some people are seeing their ticker disappear. We are aware of this issue and are working to resolve it. ". Comments explaining that people with less active accounts won't see the feature, Because when your friends aren't doing anything on the site, the ticker would only duplicate the news feed and not scroll, so there's no point in the feature taking up part of your screen. Not even this, Last month a Brazilian (independent) Security and Behavior Research had analyzed a privacy issue in Facebook Ticker that allows any person chasing you without your knowledge or consent .How Facebook Ticker exposing your information and behavior without your knowledge. Meanwhile, the Known Issues on Facebook page posted that som...

Web of Trust (WOT) Wins in Court, Favors freedom of speech The world's leading safe surfing tool Web of Trust (WOT) has won the lawsuit filed against it in the United States. WOT was accused of defamation, violating rights, conspiracy and manipulating algorithms. The court of justice in Florida granted the motion to dismiss with prejudice. The case was brought up by ten companies, which are all associated to a person named Mr. Ayman El-Difrawi. The companies demanded WOT to remove ratings and comments for their numerous websites. WOT's advocacy was based on the article 230 of the Communications Decency Act, legislated in 1996 for similar cases. The article protects Internet service providers clearing them from liabilities related to content created by third parties. During the eventful case, the plaintiff changed their claims several times. The last change happened only a day before the oral hearing, when the plaintiff voluntarily dismissed some defendants and half of the clai...

Government organised 12 Chinese Hacker Groups  behind all Attacks About 12 different Chinese groups largely directed by the government there, do the bulk of the China based cyber attacks stealing critical data from U.S. companies and government agencies, according to U.S. cyber security analysts and experts. US online security companies are suggesting that it should have the right to force them to stop " by any means possible ". Sketched out by analysts who have worked with U.S. companies and the government on computer intrusions, the details illuminate recent claims by American intelligence officials about the escalating cyber threat emanating from China. And the widening expanse of targets, coupled with the expensive and sensitive technologies they are losing, is putting increased pressure on the U.S. to take a much harder stand against the communist giant. The report states that many of the attacks carry tell-tale signatures of particular hacking groups b...

US ,Israel or Russia , Who is Behind Stuxnet ? Initially After Symantec did a little reverse engineering on the now infamous Stuxnet worm, many started pointing the finger at the US and Israel, especially since it was concluded that the piece of malware was designed to target a specific version of the Siemens SCADA programmable logic controls (PLC) operating in certain nuclear facilities from Iran. Ralph Langner told a conference in California that the malicious software was designed to cripple systems that could help build an Iranian bomb.Mr Langner was one of the first researchers to show how Stuxnet could take control of industrial equipment. Dr. Panayotis A. Yannakogeorgos is a cyber defense analyst with the U.S. Air Force Research Institute. He told the Diplomat that the one weak point in the theory that the US and Israel hit the Iranian nuclear problem with Stuxnet is that both sides denied it when they would not have had to. Yannakogeorgos said that the Russians...