The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Zero Day Reflected Cross Site Scripting vulnerability in wordpress 3.3 Two Indian Security Experts : Aditya Modha & Samir Shah from from Net-Square Solutions reveals Zero Day Reflected Cross Site Scripting vulnerability in latest version of wordpress 3.3 ! Vulnerability exploit the comment feature of Wordpress Blog. Following two Steps mentioned in Exploit . Step 1: Post a comment to the target website. Step 2: Replace the value of author tag, email tag, comment tag with the exact value of what has been post in the last comment. Change the value of comment_post_ID to the value of post (which can be known by opening that post and checking the value of p parameter in the url). For example the if the url is https://192.168.1.102/wordpress/?p=6 then the value of comment_post_ID is 6. Get Complete Exploit  Here

Wait ! It's not just Stuxnet or DuQu , Kaspersky reveals 5 more cousins Russian computer security outfit Kaspersky Lab said that the Stuxnet virus that damaged Iran's nuclear programme was likely to be one of at least five cyber weapons developed on a single platform. The viruses have never been seen 'in the wild' - and it's unclear whether they, like Stuxnet, would be built to cause failures at nuclear plants, or engineered for another purpose. Both Stuxnet and Duqu appear to have been created back in late 2007 or early 2008, and other pieces of malware with similar capabilities were built on the same platform, Gostev said.  Gostev examined two key drivers and variants that were used in both Stuxnet and Duqu, as well as two previously unknown drivers that were similar to the ones used. Not only did the same group of people develop Stuxnet and Duqu, but they likely worked simultaneously on multiple variants, Gostev said. The other pieces may be in the wild an...

Hackers launching own satellites in orbit to beat Censorship Worried about Internet censorship by SOPA and PIPA ? Wait !! This News is for you , Hackers plan to take the internet beyond the reach of censors by putting their own communication satellites into orbit. Good guy hackers plan to launch satellites to fight the Stop Online Piracy Act and create a censorship-free Internet. According to BBC News Technology Reporter David Meyer, the plan, which was detailed this week during the Chaos Communication Congress (CCC) in Berlin, is in response to proposed legislation such as the Stop Online Piracy Act (SOPA), which would allow the U.S. government to block websites believed to violate intellectual property law. " The first goal is an uncensorable internet in space ," hacking activity Nick Farr, who initially began soliciting financial support for what has been dubbed the Hackerspace Global Grid , in August, told Meyer on Friday. " Let's take the internet out of the control of te...

Facebook Scam : Selena Gomez Caught On Leaked Tape Another Facebook Scam is circulating with the headline " Selena Gomez Caught On Leaked Tape " and Message " you will lost your all respect for Selena Gomez after watching this ". By Clicking the wall post link takes you to the following page designed to look like Facebook. Facebook already declared as " Most Spamy Social Network of the Year " by The Hacker News Awards 2011. Clicking the play button loads a " share " box allowing you to spread the scam message to your friends. The following survey scam also loads another Scam as shown below. Scams like this often use multiple domains, so you may see a variation in the landing pages and scam messages. These scams contain click-jacking and like-jacking components and ends in a survey scam. One of the most common types of Facebook spam is a Wall post that encourages you to install a Facebook application. The application will require that you to agree to a...

One million pages infected by Lilupophilupop SQL injection ISC (Internet Storm Center) reported that   lilupophilupop.com SQL injection attacks. There were about 80 pages infected according to Google searches few weeks back and now it raise to over 1 million . sites being injected with string : "></title><script src="https://lilupop******.com/**.php"></script>          Recommended Read :  The Hacker News Hacking Awards : Best of Year 2011            Infections are shows on .com, .de, & .uk as the most affected regions. ISC posted stats just to give you a rough idea of where the pages are: UK - 56,300 NL - 123,000 DE - 49,700 FR - 68,100 DK - 31,000 CN - 505 CA - 16,600 COM - 30,500 RU - 32,000 JP - 23,200 ORG - 2,690 If you want to find out if you have a problem just search for " <script src="https://lilupophi*****p.com/ " in google and use the site: parameter to hone in on yo...

Chinese Government taking strong step against Cyber Crime The Chinese government is working with domestic Internet search engines like Baidu Inc and Sohu.com and financial institutions to prevent phishing attacks on unsuspecting Chinese web users. The Chinese government has announced that it will work together with 10 Chinese search engines. The user IDs, passwords and email addresses of more than 6 million accounts registered on CSDN, a site for programmers were leaked as we reported last week . The popular social-networking site Tianya was also hit by hackers last week. The Ministry of Industry and Information Technology said on Wednesday it would investigate the hacking incidents. In the U.S. data theft and hacking have become very common over the last few years. Recently, hacker group Anonymous hacked into the servers of security firm Stratfor and stole credit card and other personal details on thousands of users of the site and its services. The U.S. isn't alone in f...

Facebook distributing White Hat Debit Card to Bug Bounty Winners Polish IT security portal Niebezpiecznik.pl, which recently published an image of a bug bounty card given to Szymon Gruszecki, a Polish security researcher and penetration tester. Neal Poole, a junior at Brown University, has reported close to a dozen flaws to Facebook, and also recently received a White Hat card. Poole has earned cash reporting flaws to Google and Mozilla. Charlie Miller, Announced - Best White Hat Hacker of Year at  The Hacker News Awards  2011 and a Researcher & former hacker who has become an information security consultant now working with the Department of Defense (DOD) and helping out with cyber security, better known for finding holes in iOS 5 and Safari than Facebook, also has received a White Hat card. " Facebook whitehat card not as prestigious as the SVC card, but very cool ;) Fun way to implement no more free bugs ," he tweeted. Security researchers are getting a c...

The Hacker News Hacking Awards : Best of Year 2011 2011 has been labeled the " Year of the Hack " or " Epic #Fail 2011 ". Hacking has become much easier over the years, which is why 2011 had a lot of hacking for good and for bad. Hackers are coming up with tools as well as finding new methods for hacking faster then companies can increase their security.  Every year there are always forward advancements in the tools and programs that can be used by the hackers. At the end of year 2011 we decided to give " The Hacker News Awards 2011 ". The Hacker News Awards will be an annual awards ceremony celebrating the achievements and failures of security researchers and the Hacking community. The THN Award is judged by a panel of respected security researchers and Editors at The Hacker News. Year 2011 came to an end following Operation Payback and Antisec, which targeted companies refusing to accept payments to WikiLeak's, such as, Visa and Amazon. Those attacks were carrie...

Environmental activism site Care2 hacked Yesterday Care2, one of the biggest Environmental activism website issue a alert email to all there customers that Care2.com's website was hacked revealing usernames and passwords for the sites nearly 18 million users. Care2 said " To protect Care2 members we are resetting access to all Care2 accounts. The next time you login to Care2, you will be automatically emailed a new password, which will enable you to access your Care2 account as usual. To secure your privacy, we highly recommend you immediately change your password for any accounts that share the password you previously used on Care2. " According to a FAQ posted by Care2, What can I do to recover my password? Visit here Enter your user name or email address in the green box titled " Forgot your password or log-in name? " Your password will be emailed to you. Yet its unknown that who was the hackers,but Care2 have IP Address that used in the attack was from Russia...

Print of one malicious document can expose your whole LAN This year at Chaos Communications Congress (28C3) Ang Cui presents Print Me If You Dare , in which he explained how he reverse-engineered the firmware-update process for HPs hundreds of millions of printers and In Andrei Costin's presentation " Hacking MFPs " he covered the history of printer and copier hacks from the 1960s to today. Cui discovered that he could load arbitrary software into any printer by embedding it in a malicious document or by connecting to the printer online. As part of his presentation, he performed two demonstrations: in the first, he sent a document to a printer that contained a malicious version of the OS that caused it to copy the documents it printed and post them to an IP address on the Internet; in the second, he took over a remote printer with a malicious document, caused that printer to scan the LAN for vulnerable PCs, compromise a PC, and turn it into a proxy that gave him access thro...

Anonymous Hackers post spy firms email addresses Company that was attacked earlier this week  by Anonymous Hackers, again yesterday by leaking 75,000 names, credit cards, addresses and passwords of every customer of STRATFOR 's and about 860,000 usernames, emails and passwords for anyone that has ever registered on STRATFOR's website. The pastebin containing the leaks, also stated that there will be noise demonstrations in front of jails and prisons on New Year's Eve in support of ' Project Mayhem '. It hints to there being some attacks on multiple law enforcement agencies on this date. The document was titled " antisec teaser " AntiSec is a joint effort between Anonymous and the now-defunct LulzSec that targets governments with which they disagree.Anonymous said 50,000 of the email addresses were .mil and .gov. Anonymous said the attack was in retaliation for the government's prosecution of Bradley Manning, who is accused of leaking confidential government document...

World 1st Hacker exploit communication technology for lulz in  1903 New Scientist publish about the first hacker revealing security holes in wireless communication technology in 1903. Nevil Maskelyne was first in a long line of hackers who have exposed and exploited security flaws in communication technology from Morse code to the Internet. The crowd was somewhat amused as the physicist John Ambrose Fleming was adjusting arcane apparatus as he prepared to demonstrate the long-range wireless communication system developed by his boss, the Italian radio pioneer Guglielmo Marconi. Marconi was 300 miles away in Cornwall trying to send the message. Before the demonstration could begin, the apparatus in the lecture theatre began to tap out a message.It was a poem which accused Marconi of "diddling the public". Arthur Blok, Fleming's assistant, worked out that beaming powerful wireless pulses into the theatre were going to be strong enough to interfere with the projector...

Train-switching system can be vulnerable to DDoS attack Hackers who have shut down websites by overwhelming them with web traffic could use the same approach to shut down the computers that control train switching systems, a security expert said at a hacking conference in Berlin. Prof. Stefan Katzenbeisser, the man behind this shocking claim made the revelation during his speech at the Chaos Communication Congress hosted by the Berlin. Prof. Katzenbeisser explained that all hell will break lose in case the encryption keys are compromised in the system, used for switching trains from one line to another. " Trains could not crash, but service could be disrupted for quite some time ," Katzenbeisser told Reuters on the sidelines of the convention. " Denial of service " campaigns are one of the simplest forms of cyber attack: hackers recruit large numbers of computers to overwhelm the targeted system with Internet traffic. Katzenbeisser said GSM-R, a mobile technolo...