The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Facebook distributing White Hat Debit Card to Bug Bounty Winners Polish IT security portal Niebezpiecznik.pl, which recently published an image of a bug bounty card given to Szymon Gruszecki, a Polish security researcher and penetration tester. Neal Poole, a junior at Brown University, has reported close to a dozen flaws to Facebook, and also recently received a White Hat card. Poole has earned cash reporting flaws to Google and Mozilla. Charlie Miller, Announced - Best White Hat Hacker of Year at  The Hacker News Awards  2011 and a Researcher & former hacker who has become an information security consultant now working with the Department of Defense (DOD) and helping out with cyber security, better known for finding holes in iOS 5 and Safari than Facebook, also has received a White Hat card. " Facebook whitehat card not as prestigious as the SVC card, but very cool ;) Fun way to implement no more free bugs ," he tweeted. Security researchers are getting a c...

The Hacker News Hacking Awards : Best of Year 2011 2011 has been labeled the " Year of the Hack " or " Epic #Fail 2011 ". Hacking has become much easier over the years, which is why 2011 had a lot of hacking for good and for bad. Hackers are coming up with tools as well as finding new methods for hacking faster then companies can increase their security.  Every year there are always forward advancements in the tools and programs that can be used by the hackers. At the end of year 2011 we decided to give " The Hacker News Awards 2011 ". The Hacker News Awards will be an annual awards ceremony celebrating the achievements and failures of security researchers and the Hacking community. The THN Award is judged by a panel of respected security researchers and Editors at The Hacker News. Year 2011 came to an end following Operation Payback and Antisec, which targeted companies refusing to accept payments to WikiLeak's, such as, Visa and Amazon. Those attacks were carrie...

Environmental activism site Care2 hacked Yesterday Care2, one of the biggest Environmental activism website issue a alert email to all there customers that Care2.com's website was hacked revealing usernames and passwords for the sites nearly 18 million users. Care2 said " To protect Care2 members we are resetting access to all Care2 accounts. The next time you login to Care2, you will be automatically emailed a new password, which will enable you to access your Care2 account as usual. To secure your privacy, we highly recommend you immediately change your password for any accounts that share the password you previously used on Care2. " According to a FAQ posted by Care2, What can I do to recover my password? Visit here Enter your user name or email address in the green box titled " Forgot your password or log-in name? " Your password will be emailed to you. Yet its unknown that who was the hackers,but Care2 have IP Address that used in the attack was from Russia...

Print of one malicious document can expose your whole LAN This year at Chaos Communications Congress (28C3) Ang Cui presents Print Me If You Dare , in which he explained how he reverse-engineered the firmware-update process for HPs hundreds of millions of printers and In Andrei Costin's presentation " Hacking MFPs " he covered the history of printer and copier hacks from the 1960s to today. Cui discovered that he could load arbitrary software into any printer by embedding it in a malicious document or by connecting to the printer online. As part of his presentation, he performed two demonstrations: in the first, he sent a document to a printer that contained a malicious version of the OS that caused it to copy the documents it printed and post them to an IP address on the Internet; in the second, he took over a remote printer with a malicious document, caused that printer to scan the LAN for vulnerable PCs, compromise a PC, and turn it into a proxy that gave him access thro...

Anonymous Hackers post spy firms email addresses Company that was attacked earlier this week  by Anonymous Hackers, again yesterday by leaking 75,000 names, credit cards, addresses and passwords of every customer of STRATFOR 's and about 860,000 usernames, emails and passwords for anyone that has ever registered on STRATFOR's website. The pastebin containing the leaks, also stated that there will be noise demonstrations in front of jails and prisons on New Year's Eve in support of ' Project Mayhem '. It hints to there being some attacks on multiple law enforcement agencies on this date. The document was titled " antisec teaser " AntiSec is a joint effort between Anonymous and the now-defunct LulzSec that targets governments with which they disagree.Anonymous said 50,000 of the email addresses were .mil and .gov. Anonymous said the attack was in retaliation for the government's prosecution of Bradley Manning, who is accused of leaking confidential government document...

World 1st Hacker exploit communication technology for lulz in  1903 New Scientist publish about the first hacker revealing security holes in wireless communication technology in 1903. Nevil Maskelyne was first in a long line of hackers who have exposed and exploited security flaws in communication technology from Morse code to the Internet. The crowd was somewhat amused as the physicist John Ambrose Fleming was adjusting arcane apparatus as he prepared to demonstrate the long-range wireless communication system developed by his boss, the Italian radio pioneer Guglielmo Marconi. Marconi was 300 miles away in Cornwall trying to send the message. Before the demonstration could begin, the apparatus in the lecture theatre began to tap out a message.It was a poem which accused Marconi of "diddling the public". Arthur Blok, Fleming's assistant, worked out that beaming powerful wireless pulses into the theatre were going to be strong enough to interfere with the projector...

Train-switching system can be vulnerable to DDoS attack Hackers who have shut down websites by overwhelming them with web traffic could use the same approach to shut down the computers that control train switching systems, a security expert said at a hacking conference in Berlin. Prof. Stefan Katzenbeisser, the man behind this shocking claim made the revelation during his speech at the Chaos Communication Congress hosted by the Berlin. Prof. Katzenbeisser explained that all hell will break lose in case the encryption keys are compromised in the system, used for switching trains from one line to another. " Trains could not crash, but service could be disrupted for quite some time ," Katzenbeisser told Reuters on the sidelines of the convention. " Denial of service " campaigns are one of the simplest forms of cyber attack: hackers recruit large numbers of computers to overwhelm the targeted system with Internet traffic. Katzenbeisser said GSM-R, a mobile technolo...

Reaver brute force attack Tool, Cracking WPA in 10 Hours The WiFi Protected Setup protocol is vulnerable to a brute force attack that allows an attacker to recover an access point's WPS pin, and subsequently the WPA/WPA2 passphrase, in just a matter of hours. Reaver is a WPA attack tool developed by Tactical Network Solutions that exploits a protocol design flaw in WiFi Protected Setup (WPS). This vulnerability exposes a side-channel attack against Wi-Fi Protected Access (WPA) versions 1 and 2 allowing the extraction of the Pre-Shared Key (PSK) used to secure the network. With a well-chosen PSK, the WPA and WPA2 security protocols are assumed to be secure by a majority of the 802.11 security community. Usage is simple just specify the target BSSID and the monitor mode interface to use: # reaver -i mon0 -b 00:01:02:03:04:05 Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations....

Kuwait Government will suspend Twitter accounts of Anonymous Users In Kuwait, the Ministry of Interior is in the process of enforcing a rule of their own on Twitter which prevents Kuwaiti users from using anonymous accounts. The ministry said in a press statement that such measure comes in order to preserve the rights of citizens and residents of people who were used to slander them and their families under fake names, saying that such is a crime punishable by law. The statement went on to say that the move was meant to protect the rights of citizens and residents who have found themselves the subject of slander through statements made by these anonymous accounts, a crime punishable by law in the country, as it is in the UAE. It confirmed that all public have the freedom of expression guaranteed to them by the Constitution as long as those practices are going according to the law, especially with regard to using the Twitter site. [ Source ]

Easy Router PIN Guessing with new WiFi Setup vulnerability There is a newly discovered vulnerability in the WiFi Protected Setup standard that reduces the number of attempts it would take an attacker to brute-force the PIN for a wireless router's setup process. The flaw results in too much information about the PIN being returned to an attacker and makes the PIN quite weak, affecting the security of millions of WiFi routers and access points. Security researcher Stefan Viehbock discovered the vulnerability (PDF) and reported it to US-CERT .  The problem affects a number of vendors' products, including D-Link, Netgear, Linksys and Buffalo. " I noticed a few really bad design decisions which enable an efficient brute force attack, thus effectively breaking the security of pretty much all WPS-enabled Wi-Fi routers. As all of the of the more recent router models come with WPS enabled by default, this affects millions of devices worldwide " Viehbock said. " One ...

New Zealand agencies can be next target after US host was hacked Sensitive information about the Department of Prime Minister and Cabinet and other New Zealand agencies can be the next target after US host was hacked. US intelligence firm Stratfor had its website hacked by activist group Anonymous on Monday and data including credit card details of its clients, was stolen. The hackers claim Stratfor's more than 4000 clients include the US Defence Department, Microsoft, New Zealand Police, New Zealand Fire Service and Air New Zealand. A spokesperson for the Department of Prime Minister and Cabinet, Rob Mackie, says it's confident no information's at risk,  but was looking into whether anything had been compromised.  Stratfor's website remains under maintenance since the cyber attack.  He says the bigger concern is whether Stratfor is worth subscribing to, considering they were unable to keep their own information secure.

CPLC Chief says ' Pakistan a safe heaven for cyber criminals ' The cyber crimes of multiple kinds in Pakistan have increased by five times over the past four years. Pakistan Daily Times News today reported that, Citizen Police Liaison Committee (CPLC) Chief through a letter on Saturday, apprised the Federal Law, Justice & Parliamentary Affairs Minister that in the absence of Prevention of Electronic Crime Ordinance (PECO) Law 2007, lapsed in 2010, Pakistan had become a safe heaven for cyber criminals and con artists whereas the law enforcement agencies were unable to take legal action against them. According to the Cyber Crime Unit (CCU), a branch of Pakistan's Federal Investigation Agency (FIA), 62 cases were reported to the unit in 2007, 287 cases in 2008 and the ratio dropped in 2009 but in 2010 more than 312 cases were registered in different categories of cyber crimes. " There are numerous complaints regarding fake calls deceiving citizens into receiving a ...

French MP Valerie Boyer 's website hacked by Turkish hackers Hackers have attacked the website ( www.valerie boyer.fr ) of French parliamentarian Valerie Boyer, the author of the bill criminalizing genocide denial that was recently adopted by the French National Assembly. The hackers posted a Turkish flag and an address to the French government and the Armenians community of the country. The message says that the bill was meant to reap votes in 2012 election.French National Assembly passed a bill criminalizing public denial of the Armenian Genocide. If passed and signed into law by the Senate, the bill would impose a 45,000 euro fine and a year in prison. Ms. Boyer said she called the police after she and her family members received death threats.On December 22, 2011, French National Assembly passed a bill criminalizing public denial of the Armenian Genocide. If passed and signed into law by the Senate, the bill would impose a 45,000 euro fine and a year in prison for anyone in Fr...

Tianya,  China's biggest online forum 40 million users data leaked Tianya.cn , China's biggest online forum confirmed on Sunday that private information for 40 million users had been leaked, three days after the country's largest programmers' website CSDN reported a similar leak . Tianya is one of the most popular sites in China; it's the nexus of China's online communications, a collection of simple forums, blogs, and groups; due to uber-popularity Tianya is the best place in China's web to find public opinion on social issues, cultural experience, and original fresh content from millions of Chinese users. Based on netizen comments, the Tianya community meets the need for personal interaction, creation and expression. In a family oriented society, Tianya is China's dinner table, where news of the day is discussed in an open, personal fashion. The user account information of several other popular websites in China such as Dodonew.com, 7K7K, Duowan.com, and 178.com ...

Ultimate Encoder - PHP Encoder with multiple compression by lionaneesh " Ultimate Encoder " - Another Online tool by lionaneesh , an Indian developer and Hacker. Its a PHP Encoder with multiple compression. A Piece of code can be encoded multiple times making it impossible for any Anti Virus to detect it. Here is comparison of are results of Antivirus Scans: Before Encoder After Encoder Try This Tool

India orders Net firms to censor themselves Some of the world's top websites will have to purge themselves of all content that is offensive to Indians by February 6. The companies must update their progress on the effort within two weeks, a court in New Delhi ordered on Saturday, the reports say. The demand is the Indian government's latest attempt to monitor and control electronic information. Facebook, Microsoft, YouTube, Google, among 21 others will have to strip their websites off any objectionable content. Given that some of the Internet scandals that have hit India recently that will include all images of women kissing men. Reports say India is pressing major Internet firms to filter out what the government considers unacceptable material, including religiously sensitive images and altered images of politicians. 21 social networking sites, including the ones mentioned above have been " issued summons " by the court, on grounds of carrying objectionable content....

Siemens multiple domains hacked by Hmei7 Indonesian hacker Hacker named " Hmei7 " previously in news for hacking Microsoft and IBM , yesterday hack and deface 6 domains of Siemens company.  Defaced websites come from different TLD which include the Ecuador, Peru, Venezuelan, Colombia and Brazil and two of the defacement's come from the Brazil zone. Ecuador |  mirror Peru |  mirror Venezulan  |  mirror Colombia |  mirror Brazil  |  mirror

Best Free Android Security Software Avast Antivirus For you who longing for free Android antivirus, this is an exciting THN news for you. Avast, one of the famous antivirus vendors, now has launched Android Antivirus you can use for free! This Antivirus mobile is named Avast Mobile Security . Avast Free Mobile Security supports a number of features that are usually available only in paid-for Android security software. These include privacy reports, call and SMS filtering, SIM-card change notifications, firewall and application management. By using Avast Mobile Security in your Android phone, your cell phone will be protected from virus, threat, hacker, even it's able to minimize your loss if your Android cell phone is stolen. The antivirus component supports real-time protection and automatic updates. Updates can be configured to only be downloaded over certain types of connections and the interface can be protected with a password. Call and SMS filtering can help device owne...

ANONdroid v. 00.00.008 : JonDonym proxy client for Android released ANONdroid is a JonDonym proxy client for Android smartphones. This nice piece of software is under ongoing development by the AN.ON project of the university Dresden. Project leader is Dr. Stefan Köpsell. ANONdroid uses the core libraries of JonDo with a smartphone compatible GUI. ANONdroid acts as a proxy for your internet applications and will forward the traffic of your internet applications encrypted to the mix cascades. It is still under development, but a first version is ready for download from the Andoid market . a secure browser configuration is important for anonymous surfing we recommend the use of Orweb browser. It is a browser for Orbot, but can be used with ANONdroid too. After installation you have to change the proxy settings of Orweb to localhost:4001. How It Works When you start the JAP client program, JAP first connects to the InfoService to check if the program version is still current. If t...

Official Android Market  host many Malware Games F-Secure researchers recently found malware in the Android Market disguised as free versions of popular games. Disguising malware as a free version of a popular game (such as Cut the Rope and Assassin's Creed) seems to be a popular tactic that the bad guys are using to scam users of Google's Android Market app store. Overnight more malware appeared in Google's official app repository. The Trojanized games have been uploaded by a company calling itself Eldar Limited . This is the second time in two weeks malware disguised as free games has been uploaded to the Android Market. Google's app police managed to detect this fraud and quickly removed it from the Android Market. While the apps are still listed on AppBrain and AndroidZoom, the links will direct users back to the official Android Market where they have already been removed. " These have now been removed by Google, but their appearance in the official Android Market in...