The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Google is on the hunt for hackers to find security vulnerabilities in popular web applications like Gmail, Blogger, and YouTube. The tech giant is offering rewards starting at $500 per bug. For vulnerabilities that are "severe or unusually clever," the payout can reach up to $3,133.70. Additionally, hackers can choose to donate their rewards to charity, with Google matching the donation at its discretion. Researchers who participate in this bug bounty program will also receive recognition on Google's security page . However, Google has set some exclusions for this program. Bugs caused by denial of service attacks and search optimization tricks are not eligible for rewards. Furthermore, technologies that Google has recently acquired are off-limits. This is not Google's first venture into incentivizing security research. In January, the company launched a bounty program for Chromium, the open-source project behind Google Chrome. This initiative followed in the footst...

Fedora 14, known as "Laughlin," officially launched on Tuesday, offering numerous new features aimed at enhancing the user experience for this open-source desktop operating system. Usability Focus In recent releases, Fedora, sponsored by Red Hat, has concentrated on improving usability. According to DistroWatch, Fedora is the second most popular Linux distribution after Ubuntu. Recent improvements have targeted networking, software management, and hardware support, focusing on bug fixes and stability in the latest release. Enhanced Desktop Environment One significant addition to Fedora 14 is "libjpegturbo," a library that dramatically improves performance for users loading and saving JPEG images. This library "practically halves processing time on most systems," claim the developers, even benefiting those on older hardware. Another notable feature is SPICE (Simple Protocol for Independent Computing Environment), a desktop virtualization framework enha...

Facebook's privacy issues are like a centipede with countless shoes dropping. There seems to be no end to them. Recently, the Wall Street Journal reporters revealed that Facebook apps have been inadvertently sharing user identities with advertisers. Companies like Rapleaf use Facebook data to create detailed personal profiles, including names, locations, politics, and religious beliefs. This morning, we found out that not only were Facebook apps inadvertently sharing user identities (UIDs), but some were also doing it deliberately, for money. App makers were selling user information to data brokers. This is like Charlie Sheen sharing his secrets with Perez Hilton—it won’t stay private for long. Facebook’s blogger Mike Vernal disclosed the news. Vernal's blogging style is rather dry and dense, which might be why he got the job. It took him six paragraphs to explain the situation: "As we examined the circumstances of inadvertent UID transfers, we discovered some inst...

With mobile phones now essentially serving as personal computers, proposed amendments to the Information Technology Act, 2006, specify that transmitting offensive or menacing text, audio, or video can result in two years of imprisonment. This punishment also applies if the content is false and intended to cause annoyance, inconvenience, danger, or insult. Furthermore, using a cellphone to impersonate and cheat someone can lead to five years of imprisonment. The need to define "communication device" in the proposed amendments arose because the current law does not specify which devices fall under this category. The amended IT Act clarifies that a cellphone or a personal digital assistant (PDA) is considered a communication device, allowing legal action accordingly. In light of various scandals over the past two years, including the arrest of a prominent portal's CEO, the government has introduced new cybercrimes under the proposed law. The amended Act, presented to the ...

Two years after fixing a security bug in the Windows version of its Safari browser, Apple apparently has decided that Mac users can go without a fix. Apple was initially unimpressed by Nitesh Dhanjani’s work developing what’s known as a “carpet bomb” attack, the security researcher said in an interview Monday. “I told Apple about it two years ago, and they responded back, saying it was more of an annoyance than anything else.” That turned out to be the wrong assessment. Soon after Dhanjani went public with the flaw in May 2008, another security researcher showed how carpet bombing could be combined with another Windows attack to run unauthorized software on a Windows PC. Apple then shipped a fix for Safari on Windows, but not for Safari on Mac OS X. Nobody has shown how to do this on the Mac OS X version of Safari, but Dhanjani still thinks Apple should fix the issue on both platforms. In a carpet bomb attack, the victim visits a malicious website,...