The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

UniOFuzz  0.1.2-beta  - Universal fuzzing tool Released UniOFuzz version 0.1.2-beta - the universal fuzzing tool for browsers, web services, files, programs and network services/ports released by  nullsecurity team . Video Demonstration:  pigtail23, Developer of UniOFuzz demonstrated the tool in above Video. Download UniOFuzz

Book Review: IPhone Applications Tune-up Packt recently published a new book- IPhone Applications Tune-up . The book is of course about programming for the iPhone. But there is one chapter on maintainability that is far broader applicability than just the iPhone. This review was written by Wes Boudville . Read more about the book or download a free Sample Chapter here: Sample Chapter Moses explains several general aspects of programming that can and should be adhered to by most participants. Experienced programmers already know this. But if you are starting professional coding, you should pay serious heed. Specifically Moses says you should comment your source code. However, it is "likely a developer's least exercised skill". Learn to regularly put into the source code intelligent comments that explain the context of the source lines they are next to. Especially if the source is intricate. Moses disposes of the objection that some say, that the time taken to write comm...

100 Kenya government websites breached by Indonesian hacker An Indonesian hacker on Tuesday attacked and defaced more than 100 Kenya government websites Among the ministries affected include the Ministries of Local Government, Livestock, Environment, Fisheries, Housing, and Industrialisation in a major cyber security breach. A Kenyan expert aware of the incident said an Indonesian hacker known as direxer was responsible for the hacking. The hacker, referred to as Direxer , broke into the sites and defaced them to show that he had managed to access them. Others hacked sites are ministries of Finance, Education, Public Health, Youth Affairs, National Heritage and Roads; as well as sensitive departments such as Administration Police, Immigration, Prisons and various city, municipal and county councils. Check List here . A Cyber Incidence Response Team (CIRT) based at the Communications Commission of Kenya (CCK) has moved into action and was making efforts to restore the affected ...

The Undead  "Corporations" by Patti Galle  The Hacker News Editor " Patti Galle " share her views about Corporations in THN Magazine December Edition . We would like to share same article with our blog Readers. Enjoy the interesting read : Corporations are soulless entities possessing privileges and the rights of citizenship that actual people have; all the while not having to shoulder any of the natural responsibilities. Undead Corporations have concentrated the essence of avarice, rage and fury to form their corporate structure. And as these covetous Corporations have accumulated immeasurable wealth they have methodically utilized this wealth and power to procure, infiltrate, and seize control of the influential and powerful American government and many governments across the world vigorously fusing them into a globe-encompassing non-living aberration, now rightfully called or labeled as Corporatocracy. At present, on an ever escalating level, world governments ar...

SP Toolkit - Open Source Phishing Education Toolkit A new open source toolkit makes it ridiculously simple to set up phishing Web sites and lures. The software was designed to help companies test the phishing awareness of their employees, but as with most security tools, this one could be abused by miscreants to launch malicious attacks. The spt project is an open source phishing education toolkit that aims to help in securing the mind as opposed to securing computers. Organizations spend billions of dollars annually in an effort to safeguard information systems, but spend little to nothing on the under trained and susceptible minds that operate these systems, thus rendering most technical protections instantly ineffective. A simple, targeted link is all it takes to bypass the most advanced security protections. The link is clicked, the deed is done.spt was developed from the ground up to provide a simple and easy to use framework to identify your weakest links so that you can patc...

Indian BJP Politician 's bank accounts hacked A local News paper today reported that ,The four axis bank accounts belonging to city's Ganesh Shipping firm were hacked by unknown persons and Rs 4, 00,100 was transferred to a different account of Moradabad and Sind Bank. Following a complaint by Shetty, Bunder North Police Inspector Vinay Goankar ensured that the Moradabad account was frozen by informing bank authorities there. Investigation in Process.

The Cloud Security Rules Book - Technology is your friends & Enemy Well-known security experts decipher the most challenging aspect of cloud computing-security.  The Cloud Security Rules book is available on Amazon.com and selected book stores from October 2011. According to Description available on official site " This book targets decision makers in organizations worldwide. Whether you run a small company, is the president of a global NGO, or the CISO of a well-known brand - this book brings you relevant knowledge about security in the Cloud.This book helps you to understand the differences and the similarities between cloud computing and traditional networking - which in essence is the same, yet different. If you are considering moving to the cloud, or are looking for a higher level of security for your existing appliance, The Cloud Security Rules help you to choose the right level of security - based on your needs and understanding ." As the most current and comp...

No Turning Back ~ 2012 by Patti Galle Patti Galle , from The Hacker News Editorial Staff wrote an Article in THN Magazine January Edition . We would like to share this read with all of our site readers. Rebellions are most always rooted in a call for justice, decency and morality. World history is full of countless rebellions against despots and others who did not conform to the will of the people. And as inequality grows to absurd new heights around the world and institutions of power are considered fundamentally dishonest, corrupt, and leaders no longer command the respect and confidence of the people then you have societies where social upheaval is inevitable. Rebellions spring up against fraudulent power and authority, and it is grounded in real outrage against mass murder (neo-imperialism, neo-colonialism), violation of human rights (torture, war crimes), widespread lying and hypocrisy, endemic political corruption, unrestrained thirst for money and power, and unprecedented ...

Wireless Penetration Testing Series Part 2: Basic concepts of WLANs This blog post is in continuation of the Wireless Penetration Testing and Hacking series we started ( Part 1: Getting Started with Monitoring and Injection ) on the basis of the "SecurityTube Wi-Fi Security Expert" ( SWSE ) course which is based on the popular book " Backtrack 5 Wireless Penetration Testing ". In the third video, the instructor talks about some of the basic concepts of WLANs. We learn that communication over WLAN's happens over frames. There are mainly 3 types of WLAN frames which are Management frames, Control frames, and Data frames. These types of packets also have different subtypes . We learn that an SSID is a name given to an Access point or a network consisting of multiple Access points. We then learn about Beacon frames which are broadcast frames sent out periodically by Access point to broadcast their presence in the current RF (Radio frequency) vicinity. The instructor then starts wire...

Saudi hacker target Israeli stock exchange and National air carrier Saudi cyber Hacker OxOmar  struck again on Monday. This time disrupted the websites of Israel's stock exchange and National air carrier. Last week he had leaked private information about more than 400,000 Israelis. Credit card companies said around 25,000 numbers, some of them expired, had been posted . The pro-Palestinian group is referring to itself as " Nightmare ." The site of El Al crashed but officials at Israel's flag carrier would not confirm or deny the incident was the work of hackers. A person familiar with the situation at El Al Israel Airlines says the carrier took down its website Monday after the alleged Saudi hacker network behind previous attacks warned that both sites would be targeted. " There has been an attack by hackers on the access routes to the (TASE) website. The stock exchange's trading activities are operating normally ," said Orna Goren, deputy manager of the excha...

Nigerian Army Education site hacked by Nigerian Hacktivists Today the official website of Nigerian Army Education Corps ( NAEC ) got defaced by some Nigerian Hacktivists, He tweeted . The Complete message posted by Hackers as shown below:

Hacker will release full Norton Antivirus code on Tuesday A hacker with code name of ' Yama Tough ' announce via Twitter that on Tuesday he will leak the full source code for Symantec Corp's flagship Norton Antivirus software which is 1,7Gb src. Last week Yama Tough has released fragments of source code from Symantec products along with a cache of emails. The hacker says all the data was taken from Indian government servers. Yama Tough is trying to prove that Indian government was snooping on America and China. YamaTough said via Twitter " Pass it on to forensics and win the lawsuit ,".He has offered support to an American man who filed a lawsuit against Symantec Corp by publishing source code from a 2006 version of Norton Utilities, a software program at the heart of the legal dispute. It was not immediately clear how the source code might help the case. A Symantec spokesperson commented on the incident: " We are still gathering information on ...

Data Stealing Malware on Internal Computer of  Japan Space Agency Japan Aerospace Exploration Agency (JAXA) announce that their computer has been infected with a virus, leading to a possible leak of data on its H-II Transfer Vehicle (HTV) the craft popularly known as Konotori that hauls cargo for the International Space Station (ISS). JAXA still isn't sure how the virus got on the computer, or who put it there. JAXA said the infection occurred on July 6 last year, when an employee in his 30s involved in the HTV's operation at the Tsukuba Space Center opened an e-mail attachment titled "bonenkai". An identical e-mail was also sent to several coworkers, but the employee accidentally opened the attachment as the sender had the same name as one of his friends. The space agency is working to minimize the damage and prevent further incursions. JAXA is now conducting an investigation into the leak and is checking other computers for viruses, according to the press releas...

Fake Angry Birds Game  spreading Malware from Android Market From last week premium rate SMS Trojans surfaced in the Android Market. Google has pulled 22 apps that are masquerading as legitimate versions of popular games like Angry Birds and Cut the Rope. Security researchers have discovered a way to bypass an Android smartphone owner's permissions and access private data stored on their smartphone. Avast Blog explain this as - For example, if someone tried to look for "Cut the rope free", this malicious application was in the fourth place in the search results. Apps published by the developer Miriada Production may look like well known Android games (Angry birds, Need for speed, World of Goo and others) and users could be easily confused.  The fake apps include "Cut the Rope", "Need for Speed", "Assassins Creed", "Where's My Water? ","Riptide GP", "Great Little War Game", "World of Goo", "Angry Bir...

 Zappos a division of Amazon got Hacked A notification mail from Zappos is circulating in Customers that a division of Amazon " Zappos.com " got Hacked by Unknown Hackers. Notification mail indicated that names, email addresses, mailing addresses, and the last four digits of customer's social security numbers have been compromised. Also the databases that contain sensitive billing information, such as credit card numbers, was not accessed by hackers. According to messages from Zappos CEO Tony Hsieh to employees and customers: Zappos are currently working with law enforcement for an investigation.

Security Enhanced (SE) Android Released by National Security Agency (NSA) The National Security Agency (NSA) releases the first version of Android Security Enhanced . The system is designed to minimize the impact of security holes on Android . SE Android project is enabling the use of SELinux in Android in order to limit the damage that can be done by flawed or malicious apps and in order to enforce separation guarantees between apps. However, the scope of the SE Android project is not limited to SELinux.  How can SELinux help Android? Confine privileged daemons. Protect them from misuse. Limit the damage that can be done via them. Sandbox and isolate apps. Strongly separate apps from each other and from the system. Prevent privilege escalation by apps. Provide centralized, analyzable policy. Distinctive features SE Android: Per-file security labeling support for yaffs2, Filesystem images (yaffs2 and ext4) labeled at build time, Kernel permission checks...

URL redirection Vulnerability in Google An open redirect is a vulnerability that exists when a script allows redirectionto an external site by directly calling a specific URL in an unfiltered,unmanaged fashion, which could be used to redirect victims to unintended,malicious web sites. A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. A similar vulnerability is reported in Google by " Ucha Gobejishvili ( longrifle0x ) ".  This problem may assist an attacker to conduct phishing attacks, trojan distribution, spammers. Url: https://accounts.google.com/o/oauth2/auth?redirect_uri=https://www.something.com Same vulnerability in Facebook, Discovered by  ZeRtOx from Devitel group : https://www.facebook.com/l.php?h=5AQH8ROsPAQEOTSTw7sgoW1LhviRUBr6iFCcj4C8YmUcC8A&u=www.something.com Impact of Vulnerability  : The user may be redirected to an untrusted page that contains malwar...

Microsoft launching Real Time Hosted Threat Intelligence Feed Microsoft is to offer a real-time intelligence feed of botnet and e-crime data to public and private sector subscribers, according to security company Kaspersky. Currently, Microsoft is testing a real-time feed to distribute information collected from several sources on major botnets, including Rustock, Waldec and Kelihos networks. Partners would be able to access the information using application program interfaces (APIs) that would be provided free by Microsoft. Data from networks of compromised computers will be among the information on offer to ISPs, CERTs, government agencies and private companies, Kaspersky said . Microsoft will have a lot of data in this system already as anyone who has watched the company's spectacular attacks on the Kelihos botnet last summer will attest, adding to similar campaigns against Rustock and Waledec, will vouch for. " Companies could use the data to look for opportunistic mal...

The Saudi hacker to Mossad " Don't waste your time by searching for me "! In a response to the Israeli hackers, the Saudi hacker xOmar exposed 200 Israeli credit cards and he described the Israeli hackers by idiots and he said that they published invalid credit cards. And he asked Mossad through his website not to search for him, because they won't catch him.  xOmar threatened the Israeli people by exposing 200 credit cards daily, and all of these credit cards are valid. speaking about the latest efforts to locate his place, he said '' I've heard from some idiots saying that I am from Mexico, and another said that I am in Riyadh, and last one said that I am from Dubai " and he said to mossad in a message '' don't waste your time '' The Secretary-General of the Committee on Information and awareness of banking in Saudi banks '' Tal'at hafiz '' have told the " Arabiya.Net " yesterday that Saudi banks ha...

Self-extracting archive (SFX) as Creative Virus Handler Yesterday I Found and interesting article about " Self-extracting archive (SFX) " on Unremote.org by DarkCoderSc. SFX is a little application that contains compressed files. Creating a customized WinRAR SFX archives is a very easy task, but not all people know how to do it.  It is therefore exactly the same as a .ZIP or .RAR archive. The only difference is that, when you execute it, will automatically extract the files. However, if you add some parameters, you can execute them after extraction or execute a shell command before extraction. So this feature can be used as good virus handler. Let's See how? DarkCoderSc shared his experience with us using a Video Demonstration as shown Below. Start up the WinRAR application; click 'Browse for folder' under the 'File' menu and browse to the location of the file. With the file highlighted, clicking on the 'Add' button will kickoff the archiving process and sele...