The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The George Washington Institue for Sustainability hacked by Cocain TeaM The George Washington Institue for Sustainability website got hacked and defaced by Cocain TeaM hackers. Mirror of hack available on Zone-H . The George Washington University is located four blocks from the White House and was created by an Act of Congress in 1821. Today, GW is the largest institution of higher education in the nation's capital.

Rootkit Hunter - Rootkit scanning tool Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like: - MD5 hash compare - Look for default files used by rootkits - Wrong file permissions for binaries - Look for suspected strings in LKM and KLD modules - Look for hidden files - Optional scan within plaintext and binary files Download Rootkit Hunter

14 Years in Jail for mass credit card theft A 21 year old man received a 14 year prison sentenced on Friday for running an online business that sold counterfeit credit cards encoded with stolen account information with losses estimated at more than $3 million. Tony Perez III, of Hammond, Indiana, pleaded guilty to the charges on April 4. In his plea, Perez said he sold counterfeit credit cards encoded with stolen account information. Perez found customers through criminal "carding forums," Internet discussion groups set up to aid in the buying and selling of stolen financial account information and related services. When the US Secret Service raided his apartment in June 2010, they found data for 21,000 stolen credit cards and equipment needed to encode them onto blank cards. Credit card companies said losses from the card numbers in Perez's possession topped more than $3 million. In addition to the prison term, Judge Liam O'Grady of U.S. District Court for th...

NBC News Twitter account hacked & post fake news of 9/11 Hackers have broken into the Twitter account of NBC News and posted messages claiming that there has been a terrorist attack at Ground Zero in New York. Coming two days before the tenth anniversary of the 9/11 attacks, the prank by a group calling themselves the ' script kiddies ' was greeted with widespread opprobrium from other twitter users. " Breaking News! Ground Zero has just been attacked. Flight 5736 has crashed into the site, suspected hijacking. More as the story develops ," was the first tweet this afternoon. It was followed by two others, including one that started " This is not a joke ." The fourth tweet said " NBCNEWS hacked by The Script Kiddies. " Luke Russert, who covers politics for NBC News, also tweeted: " Please ignore NOT TRUE tweets coming from @NBCNews . We got hacked by tasteless despicable attention seeking criminals. " Some experts suspect that sc...

Google tells Iranians to Change their Gmail password Google is advising all its users in Iran to change their Gmail passwords, and check that their Google accounts have not been compromised.In a blog post , Google said that it was directly contacting users in Iran who may have been hit by a man-in-the-middle attack. The move follows the compromise of Dutch SSL certificate authority DigiNotar. Hackers created fake SSL certificate credentials for Google.com and many other domains. These fake Google credentials were used to run man-in-the-middle attacks against Gmail users in Iran, according to an examination of authentication look-ups logs at DigiNotar and other evidence. Specifically, Google recommends that users in Iran change their passwords; verify their account recovery options; check the Web sites and applications that are allowed to access their Google account; check Gmail settings for suspicious forwarding addresses or delegated accounts; and pay attention to warnings tha...

Norton Cybercrime Report 2011 For the first time a Norton study calculates the cost of global cybercrime: $114 billion annually.Based on the value victims surveyed placed on time lost due to their cybercrime experiences, an additional $274 billion was lost. With 431 million adult victims globally in the past year and at an annual price of $388 billion globally based on financial losses and time lost, cybercrime costs the world significantly more than the global black market in marijuana, cocaine and heroin combined ($288 billion). Read more on Norton

FBPwn : A Cross-Platform Facebook Profile Dumper tool FBPwn is an open source, cross-platform, Java based Facebook profile dumper. It can send friend requests to a list of Facebook profiles, and poll for their acceptance notification. Once the victim accepts the invitation, it dumps all their information, photos and friend list to a local folder. It supports a lot of modules that can expand its current functionalities. It has a well documented Wiki page explaining the process of building a FBPwn module. Though it has a lot of available modules prebuilt for your use. All modules work on a selected profile URL (we'll call him Bob), using a valid authenticated account (we'll call him Mallory). AddVictimFriends: Request to add some or all friends of Bob to increase the chance of Bob accepting any future requests, after he finds that you have common friends. ProfileCloner: A list of all Bob's friends is displayed, you choose one of them (we'll call him Andy). FBPwn will change Ma...

Wireshark 1.4.9 & Wireshark 1.6.2 updated version released Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education. The following bugs have been fixed: configure ignores (partially) LDFLAGS. (Bug 5607) Build fails when it tries to #include , not present in Solaris 9. (Bug 5608) Unable to configure zero length SNMP Engine ID. (Bug 5731) BACnet who-is request device range values are not decoded correctly in the packet details window. (Bug 5769) H.323 RAS packets missing from packet counts in "Telephony->VoIP Calls" and the "Flow Graph" for the call. (Bug 5848) Wireshark crashes if sercosiii module isn't installed. (Bug 6006) Editcap could create invalid pcap files when converting from JPEG. (Bug 6010) Timestamp is incorrectly decoded for ICMP Timestamp Response packets from MS Windows. (Bug 6114) Malformed Packet in decode for BGP-AD update. (Bug 6122) Wrong display of CSN_BIT in CSN.1. (...

Google Web History vulnerable to new Firesheep Addon Two researchers have shown how a modded version of the Firesheep Wi-Fi sniffing tool can be used to access most of a victim's Google Web History, a record of everything an individual has searched for. The core weakness discovered by the proof-of-concept attack devised by Vincent Toubiana and Vincent Verdot lies with what is called a Session ID (SID) cookie, used to identify a user to each service they access while logged in to one of Google's services. Fortunately, the latest exploit does not allow attackers to take over Google Accounts, but obviously, it can be used to expose private data. " While the direct access to users' data is subject to a strict security policy, using personalized services (which may leak this same personal information) is not, " wrote Vincent Toubiana and Vincent Verdot, the creators of the modded Firesheep. To be sure, the compromised cookies are deployed across more than 20 websites inc...

Hotmail , MSN , Office 365 , live.com sites down (now up) A number of Microsoft online services, including Hotmail, MSN, Office 365, and seemingly most if not all of *.live.com addresses are currently "experiencing an outage". MSN and Office 365 have already tweeted about it: The downtime, which happened on Friday at about 4am in the UK — 8pm on Thursday Pacific time (PDT) — was due to a domain name service problem, according to Microsoft. But Microsoft certainly isn't alone.Google has also seen its share of downtime. Just this past Wednesday, Google Docs was offline for about 30 minutes. In May, the company's Blogger service was unavailable for the greater part of a day.

URGE (Universal Rapid Gamma Emitter) Hijacking Twitter Trends Released by Anonymous Anonymous have created something called Universal Rapid Gamma Emitter, or more simply URGE, which hijacks Twitter trending topics, allowing Anonymous members and supporters to subvert the topic with their own embedded messages. Anonymous is calling it TwitterRaiding. Members of the group say that they are tired of constantly seeing trending topics that are redundant or related to pop culture and created this tool to help create more attention for topics that may have a wider meaning or different kind of impact on other Twitter users. In a statement, members say that, " This is not a hacking tool nor is it an exploit tool ." A press release on URGE states: To the people of the interwebz, We recently have become tired of seeing trending topics on twitter that were redundant and "pop culture" like. We have also grown tired of Twitter not trending hash tags that actually serve a cause and mean somet...

20000 patient records Breach at Stanford Hospital Last month Stanford University's hospital discovered a massive privacy breach when 20,000 emergency room records appeared online. The records included names, diagnosis codes, account numbers, dates of admission and discharge, and billing charges. Social Security numbers, birth dates, credit card accounts or other information that could potentially result in identity theft was not exposed. Even so, the hospital is offering free identity-protection services to all affected patients. The Hospital released the following statement: " An electronic file that an outside vendor's sub-contractor created and caused to be posted to a website contained limited information about patients seen in the Emergency Department of Stanford Hospital & Clinics between March 1 and August 31, 2009. The Hospital discovered this on August 22, 2011, and immediately took action to ensure removal of the file from the website, which was done within 24...

Hacker Halted USA 2011 - 10 Reasons Why You Should Attend Hacker Halted is a global series of Computer and Information Security conferences presented by EC-Council. The objective of the Hacker Halted conferences is to raise international awareness towards increased education and ethics in IT Security. The event is currently in its 14th year. Also present at Hacker Halted is EC-Council's H@cker Halted | Academy, trainings and workshops led by EC-Council instructors and trainers. Hacker Halted returns to Miami for the 3rd year in a row will be held in Miami on 25th and 27th October 2011. Participate and be part of one of the world's most recognized information security conference. Gain perspective through keynote addresses on the current state of information security as well as emerging trends and threats. An information security conference with a comprehensive agenda. Choose from the various focused tracks covering critical domains of information security. Match your informati...

winAUTOPWN v2.7 – Windows Autohacking Tool This version covers almost all remote exploits up-till mid-July 2011 and a few older ones as well. This version incorporates a few new commandline parameters: -perlrevshURL (for a PERL Reverse Shell URL), – mailFROM (smtpsender) and -mailTO (smtpreceiver). These are the commandline arguments required for a few exploits which require remote connect-back using a perl shell and email server exploits requiring authentication respectively. This version also tackles various internal bugs and fixes them. A complete list of all Exploits in winAUTOPWN is available in CHANGELOG.TXT A complete list of User Interface changes is available in UI_CHANGES.txt Also, in this version : BSDAUTOPWN has been upgraded to version 1.5. In this release you will also find pre-compiled binaries for : FreeBSD x86 FreeBSD x64 DragonFly BSD x86 Download winAUTOPWN v2.7

Sony Hires Ex- Homeland Security Official after PlayStation Hack Sony has hired a former official at the US Department of Homeland Security for the new post of chief information security officer, months after a massive hacking attack leaked information on 100 million user accounts on its games networks. Philip Reitinger, formerly the director of Homeland Security's National Cyber Security Center, will join Sony in the newly created position of chief information security officer and a senior vice president. The new hire signals a heightened seriousness by Sony in the aftermath of an intrusion into its online videogame service earlier this year. The breach compromised the personal information of more than 100 million accounts from its online networks, including the possible loss of some credit card information. Sony said there have been no reports of any credit card data theft. Sony shut down the PlayStation Network and Qriocity streaming video and music network on April 20...

12 Pakistan Government departments websites & Benazir Bhutto  Hacked by Mr52 An Indian Hacker " Mr52 " strike back to Pakistan Government departments. He hack and deface about 12 Government departments websites including Pakistan Navy, Maritime Security Agency, NATIONAL EDUCATION ASSESSMENT SYSTEM, Benazir Bhutto, Ministry of Foreign Affairs websites are hacked. List of defaced sites are : https://www.paknavy.gov.pk/securite/default.html https://www.paknavy.gov.pk/default.html https://www.msa.org.pk/default.html https://www.neas.gov.pk/default.html https://www.nfdc.gov.pk/default.html https://www.niopk.gov.pk/default.html https://www.szab.pk/default.html https://www.benazir.pk/default.html https://www.mopw.gov.pk/default.html https://www.dfp.gov.pk/default.html https://www.erapixels.com/default.html https://www.mofa.gov.pk/default.html

Offline Windows Analysis and Data Extraction (OWADE) - Forensics tool to expose all your online activity Researchers " Elie Bursztein " from Stanford University in California have managed to bypass the encryption on a PC's hard drive to find out what websites a user has visited and whether they have any data stored in the cloud. " Commercial forensic software concentrates on extracting files from a disc, but that's not super-helpful in understanding online activity ," says Elie Bursztein, whose team developed the software. " We've built a tool that can reconstruct where the user has been online, and what identity they used. " The open-source software, Offline Windows Analysis and Data Extraction (OWADE), was launched at the Black Hat 2011 security conference and works with PCs running on the Windows operating system. OWADE is in alpha version and is only available by checking out the code directly as we update it very frequently. Note th...

Court grants bail to Anonymous and LulzSec suspects Four alleged UK hackers suspected of being linked to attacks by hacking groups Anonymous and Lulz Security (LulzSec) have been released on bail after a hearing at Westminster magistrates court on the condition that they did not use specific online nicknames on the internet or IRC. 20-year-old Christopher Jan Weatherhead, from Northampton, cannot use the internet nickname ' Nerdo ', Ashley Rhodes, 26, from London, is banned from calling himself ' NikonElite ' online. Two other men, aged 24 and 20, have been released on bail following their arrest last week as part of the Metropolitan police investigation into Anonymous and LulzSec. They are due to return to a London police station in November.The two men were arrested separately in South Yorkshire and Wiltshire . They are charged with conspiring to commit offences under the Computer Misuse Act 1990.

Cyberwar between Israel  and Turkish  Hacker Turkish hacker " TurkGuvenligi " hijacked some 350 Israeli websites on Sunday evening, launching a Domain Name System (DNS) attack on at least seven high-profile websites including The Telegraph, Acer, National Geographic, UPS and Vodafone as well. Visitors to some of the sites were diverted to a page declaring it was " World Hackers Day. " Hackers calling themselves the " TurkGuvenligi group " calimd the cyber-attack. "TurkGuvenligi translates as " Turkish security. " " The hack represents a 10%-15% spike compared to the average number of daily hacks of Israeli websites ," Shai Blitzblau, head of Maglan-Computer Warfare and Network Intelligence Labs, explained. Israel's military and security establishment has invested significantly in cyber-warfare programs in recent years and is considered one of the most advanced cyber-warfare forces in the world, both in attack and defense modes.T...

Malcon 2011 - Call for Papers Malcon is the worlds first platform bringing together Malware and Information Security Researchers from across the globe to share key research insights into building and containment of the next generation malwares . Call for Papers: Malcon 2011 are looking for new techniques, tool releases,unique research and about anything that's breath-taking, related to Malwares. The papers and research work could be under any of the broad categories mentioned below : Hacking Tools: Phishing Kits, code that aids any malware or malicious activity is welcome. Malwares: Rootkit, Trojan, Botnet, Bootkit, Virus, Keylogger, Virtual Machine based Malware, Mobile OS Based Malware (Android, Symbian, IPhone etc.) Malware creation tools: Toolkits to create any kind of malware Web based malwares: Web-Shells, Browser Runtime Malwares (Javascript, Flash) Malware Infection and propagation methodologies: Emerging Infection techniques, Intelligent target enumeration te...