The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Idea Cellular Web Portal Hacked, Customers Info may be exposed ! Again a critical SQL Injection Vulnerability has been discovered by zSecure Team in a high profile web portal. This time it's Ideacellular web portal which compromises the entire site database. Any malicious smart black hats can create much more devastating attacks using this critical flaw such as: complete access to various database's as shown in screen-shots under proof of vulnerability which can later be misused to access various confidential information; complete database dump; possibility of uploading shell (not fully certain) and much more. Target Website :  https://www.ideacellular.com Attack Type : Hidden SQL Injection Vulnerability Database Type :   MySql 5.0.27 Alert Level : Critical Threats : Database Access, Database Dump Credit : zSecure Team     Previous Vulnerability Discolsures:  Dukascopy, Sify, TimesofMoney, Sharekhan Proof of Vulnerability : About the Company Ide...

25 Year old UK Student hacker penetrated Facebook‎ A 25 year old Brit allegedly used "considerable technical expertise" to hack into Facebook's servers. The student, from York, faces five charges, including that he "made, adapted, supplied or offered to supply" a computer program to hack into a Facebook server, Westminster magistrates' court heard. Mangham, a resident of York, was arrested by the e-Crime Unit of the Metropolitan Police in June this year; and has been charged with five offences under the Computer Misuse Act. Mangham is currently on bail, and like all accused hackers has been prohibited from accessing anything even resembling a computer. " The court feels it will be safer if there was no access to the internet which will reduce the temptation for your son to go on to Facebook ," said Judge Evans. As per Facebook, no personal information had been compromised during the hacks attempted by Mangham. The social network also added that it had been ...

PDD - Packet Dump Decode Released PDD is an open-source program created by Srivats.Packet Dump Decode (pdd) is a simple convenient GUI wrapper around the Wireshark/Ethereal tools to convert packet hexdumps into well formatted xml containing the decoded protocols and protocol contents.You need to have Wireshark installed, because PDD is only a wrapper around Wireshark. Convert hexdumps to - Tree-View (within application) Pcap file and open with Wireshark/Ethereal Text description of packet contents XML description of packet contents Download

Cross Site Scripting Vulnerability at Google Appspot The Google Appspot " ClickDesk " login page is vulnerable to Cross Site Scripting attack. Cross Site scripting attack is a critical issue in web application. When an attacker gets a user's browser to execute his/her XSS code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read (keylogging), modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. The vulnerability can easily be amplified by publicly available tools like Cross Site Scripting framework (XSSF), Cross Site Scripting harvest perl (XSS-Harvest) and so on. Proof of concept: The following proof-of concept sample will do a HTTP POST to trigger the XSS vuln...

Korean HSBC bank hacked TurkGuvenligi (TG) TurkGuvenligi (TG) Hacker Hack and deface the  Korean HSBC bank website. Mirror of Hack is also available here . Same hacker deface the Websites of Free Gary McKinnon Campaign last week.

Biggest ISP in Kuwait Qualitynet Side-Server Database Leaked AnonKuwait claim to hack the Biggest ISP in Kuwait " Qualitynet " and leaked  14MB of data in sql format  server-side database. Penetration of one of Qualitynet servers working for Ministry of Education having a database containing high school graduating students information. The server is moe.qualitynet.net . Hacker have hacked the whole server and extracted an SQL dump. Qualitynet is the biggest internet service provider in Kuwait. It owns a very big network connected to other countries in Middle East. Qualitynet shocked us all in InfoConnect exhibition when it increased the pricing of their services by 70% and it shocked us again by applying the unfair downstream cap policy. Qualitynet is one of the major factors in setting the decision of cap policy which angered people of Kuwait toward these unlawful unacceptable decisions. Qualitynet does not provide the perfect security so we encourage differen...

THC-ipv6 Toolkit – Attacking the IPV6 Protocol A complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library. Please note to get full access to all the available tools you need to develop IPV6 tools yourself or submit patches, tools and feedback to the thc-ipv6 project. Tools Included : parasite6: icmp neighbor solitication/advertisement spoofer, puts you as man-in-the-middle, same as ARP mitm (and parasite) alive6: an effective alive scanng, which will detect all systems listening to this address dnsdict6: parallized dns ipv6 dictionary bruteforcer fake_router6: announce yourself as a router on the network, with the highest priority redir6: redirect traffic to you intelligently (man-in-the-middle) with a clever icmp6 redirect spoofer toobig6: mtu decreaser with the same intelligence as redir6 detect-new-ip6: detect new ip6 devices which join the network, you can run a script to automatically scan t...

BackTrack 5 R1 Released - Penetration Testing Distribution BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. Regardless if you're making BackTrack your primary operating system, booting from a LiveDVD, or using your favorite thumbdrive, BackTrack has been customized down to every package, kernel configuration, script and patch solely for the purpose of the penetration tester. Official BackTrack 5 R1 change log: This release contains over 120 bug fixes, 30 new tools and 70 tool updates. The kernel was updated to 2.6.39.4 and includes the relevant injection patches. According to the guys at OffSec, This release is their best one yet! Some pesky issues such as rfkill in VMWare with rtl8187 issues have been fixed, which provides for a much more solid experience with BackTrack.We've have Gnome and KDE ISO images for 32 and 64 bit (no arm this release),...

78000 Indian Blogs Hacked by ZHC Each and every blog hosted on  Blog.co.in  has been hacked by ZCOMPANY HACKING CREW. There are around 78000 blogs hosted on this service , Represent Indian blogs Service.  Reason of Hacking By hackers : ZCompany Hacking Crew Observes Black Day with the people of Indian occupied Kashmir on 15th August.  Free Kashmir .. Freedom is our goal..// End the Occupation. . . . List of all the websites that were hacked: https://www.2shared.com/document/pneC3OHn/blogcoin.html Mirror of Hacks available here :  https://mirror.sec-t.net/hacker/?s=1&user=ZCompanyHackingCrew

#OpBart : BART Police database hacked by Anonymous A database belonging to the BART Police Officers Association appears to have been hacked by Anonymous Hackers and the names, postal and email addresses of officers posted online HERE . Some say it was Anonymous, some say it was a n00b mademoiselle wielding a +1 SQL injection. This is the second attack was launched on the San Francisco Bay Area Rapid Transit (BART) yesterday that led to the personal details of 102 police officers being leaked. Anonymous appeared to remove itself from the blame, saying on one of its Twitter feeds that ' no one claimed responsibility for the hack ' and that 'some random Joe joined a channel and released the data to the press'. It said: " The leak today of BART officer data could be the work sanctioned by those who truly support Anonymous, or agent provocateurs.   People who are against Anonymous know they can do things under the name 'Anonymous' and never be questioned. This is Anonym...

Vanguard Defense Industries (VDI) Hacked for #Antisec Operation AntiSec is targeting defense contractors again. Continuing their beef with law enforcement, and organizations that offer them support, they have targeted Richard Garcia, the Senior Vice President of Vanguard Defense Industries (VDI) . AntiSec plans to release nearly 4,713 emails and thousands of documents taken during the breach. AntiSec targeted VDI's website due to their relationship with several law enforcement agencies from Texas and other parts of the U.S., as well as their relationship with the FBI, the DHS, and U.S. Marshals Service. Moreover, with this hack Antisec (in)directly targeted FBI since Richard Garcia is the former Assistant Director in Charge of the FBI's field office in Los Angeles. To those supporting AntiSec, this alone is reason enough to target VDI and release Garcia's corporate email to the public. " Any private corporation supporting US military or law enforcement operations are legitimate...

Samsung hires Android hacker Cyanogen Steve 'Cyanogen' Kondik is best known as the creator of the CyanogenMod for Android, an after market customised firmware bringing new features and functionality to the Android platform. There's no information yet on whether Samsung is interested in CyanogenMod, or more in Kondik himself, but the programmer and hacker has said the move will allow him to use his talents in " the real world ," while development of CyanogenMod continues as usual. The Cyanogen firmware caters to more than 40 different Android devices and brings such functionality as native theming, Free Lossless Audio Codec (FLAC), an OpenVPN client, USB tethering, and claims increased performance and reliability over official firmware releases. Kondik has on occasion received input from Google on the development of the platform and as of mid-July it had been downloaded and installed on more than half a million devices. [ source ]

#OpSPCAwake : Operation SPCAwake leaks large number of users data of Spcala.com Anonymous Hackers with name FutureSec hack Spcala.com and mass release of spcala Customer/Supporter/Members Names, Emails, Phone Numbers. Hackers have plan to Mass E-mail/Call as many of supporters as possible. According to FutureSec " They support a sick and twisted agency that only cares about the profit and not true Animal Rights. You are to be as discreet as possible for obvious reasons, use the phone blocking code *67 if calling and use an anonymous e-mail address setup by proxy.So if you've ever had an Animal of ANY kind you truly loved, this mission if for you. ". FutureSec Leak complete database here .

Iframe Vulnerability in Google App Engine ( Appspot ) An Indian Hacker " Ethical Mohit " have found in Iframe Vulnerability in Contact Desk page of Google App Engine (Appspot). #1 Proof of Concept : Click Here #2 Proof of Concept : Click Here Google App Engine lets you run your web applications on Google's infrastructure. App Engine applications are easy to build, easy to maintain, and easy to scale as your traffic and data storage needs grow. With App Engine, there are no servers to maintain: You just upload your application, and it's ready to serve your users.Google App Engine makes it easy to build an application that runs reliably, even under heavy load and with large amounts of data.

Defence.pk Gets Hacked pr0tect0r A.K.A. mrNRG Defence.pk  (An independent defence organization committed to the research and analysis of Pakistan's security and strategic affairs) Hacked by Indian Hacker pr0tect0r A.K.A. mrNRG. Defence.PK, one of the largest and most active Pakistani forum on internet, reportedly got hacked earlier today by an independent Indian hacker.Hacker claims that he has got access to main database of defence.pk and a 2 GB file has been dumped and saved with him. He aims to release the whole dump, that contains user information of some 38,000 members, sometime later. Hacked Link was :  https://www.defence.pk/advanced.html

8 China Website Government Defaced By Bekasi0d0nk (Indonesian Hacker) Bekasi0d0nk an Indonesian Hacker deface and Hack 8 China Government websites. Hacked sites list : https://www.bzcg.gov.cn/66.html https://www.ahgjj.gov.cn/66.html https://sggl.gov.cn/66.html https://www.bzcg.gov.cn/66.html https://www.bzqx.gov.cn/66.html https://qhkj.gov.cn/66.html https://gzdjg.gov.cn/66.html https://www.hbfxb.gov.cn/66.html

Get Ready for Hacker Halted 2011 , Miami 21-27 October Hacker Halted returns to Miami for the 3rd year in a row. Following last year's success, we are expecting this year to be bigger and better. Hacker Halted will feature 4 focus tracks: 1.What's Hot – Featuring cutting-edge presentations on key topics and aspects of information security, including policies and management issues. 2.Cut the Crap, Show Me The Hack - highly technical track featuring no-nonsense technical security experts who demonstrate the latest hacks, reveal new zero-days, and showcase the most current threats and vulnerabilities. 3.Securing SCADA and Critical Infrastructures - Following the 2010 appearance of the groundbreaking Stuxnet worm, SCADA security has become an issue of growing concern. This track will feature high-level presentations from noted experts in the field. 4.Up in the Clouds – Focused on cloud computing and the security elements surrounding it. Since 2004, Hacker Halted has been held ...

Facebook : ' No more anonymous on Internet ' The sister of Facebook CEO , Randi Zuckerberg  wants to put an end to online anonymity.Fcaebook wants to force people to use their real names on Profiles. Randi Zuckerberg is Facebook's marketing director, believes users would act much more responsibly on the Internet if real names at all times were compulsory. Randi Zuckerberg was speaking during a presentation hosted on Tuesday by Marie Claire magazine on cyberbullying and social media. She said " the use of real names online could help curb bullying and harassment on the web.I think anonymity on the Internet has to go away... People behave a lot better when they have their real names down. ... I think people hide behind anonymity and they feel like they can say whatever they want behind closed doors. " She added, " There's so much more we can do...We're actively tying to work with partners like Common Sense Media and our safety advisory committee. ...

50 More Websites Hacked By PCA (BanneD™ And <=Shak=>) Pakistan Cyber Army once again target 50 more Indian websites . This Time the hacked sites include the most domains from Mumbai. List of Hacked sites and Mirrors are posted by hacker here . Visitor to these sites can see Pakistani Flag on the Homepage. The Reason of this Hack given by hacker as " Big Birthday Gift At The End Of 15 August By All Pakistani Hackerz.. " . Its all about the Cyber war B/w Indian and Pakistan we have from last few years. The Cyber war b/w both countries always suffer websites and Servers of Innocent people. Well Yesterday other Pakistani hackers also deface more than 1000+ Indian Websites. In comparison Indian hackers are Silent yet. May be - The Silence Before the Storm.

SSDownloader : 50 Free Essential Security Tools SSDownloader is an easy-to-use tool which allows you to download up to 50 major security applications in just a few clicks. If you're setting up a new PC, for instance, then normally you might visit the websites of your favourite security vendors, locate the tools you need and download each one individually. Here, though, you just click a tab - Free AntiVirus, say - and check the box next to your preferred program (free solutions from Avast!, AVG, Comodo, Avira, Panda and Microsoft are on offer). Click Download, and SSDownloader will automatically figure out the version you need (XP, Vista/ 7, 32 or 64-bit), and download the necessary setup file for you. Download Here