The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Andhra Pradesh witnessed three cyber crimes a week on average in 2010 and a majority of them were Nigerian frauds, according to the state crime investigation department. Briefing media on the latest case, Additional SP (cyber crimes) U Ramamohan said this was the 54th case this year registered at the Cyber Crime Police Station here, and that the total number of such cases across the state was over 150. He said this was at least 20 per cent more than such cases last year. In the latest case of Nigerian fraud, a resident of Bhimavaram in West Godavari district was lured into paying Rs 15.88 lakh to claim prize money of 700,000 pounds from a non-existent ‘Microsoft lottery.’ He was asked on phone to deposit money in two accounts in ICICI Bank and Axis Bank, towards ‘RBI clearance’, ‘anti-terrorism clearance’, etc and was even given ‘receipts’ for the deposits. “These cyber criminals have email IDs of lakhs of people, to which they keep sending mails in batches. Even a very small perce...

A new zero-day attack against Windows, capable of bypassing the User Access Control protections introduced in Windows Vista and designed to prevent malware from gaining administrative access without user authorisation, has been discovered in the wild. The proof-of-concept implementation of the infection technique, known as Troj/EUDPoC-A, was posted to a Chinese educational forum before being discovered by anti-virus researchers from various security firms. Chester Weisniewski, of anti-virus vendor Sophos, warns that the technique used by the Trojan ' enables an attacker to impersonate the system account, which has nearly unlimited access to all components of the Windows system, ' and does so without triggering the User Access Control protections introduced by Microsoft to prevent exactly that occurring. The flaw targeted by the code is thought to exist in all versions of Windows from Windows XP onwards - including Windows 2008 R2 and fully-patched Windows 7 systems, and t...

On Monday, Mozilla, the developer of popular open source applications like Firefox and Thunderbird, announced that a database containing usernames and password hashes belonging to users of addons.mozilla.org had been posted publicly by accident. If you registered for an account on addons.mozilla.org and you are one of the 44,000 users who might have been affected by this accidental disclosure, you already should have received an email notification from the Mozilla security team. Is this simply another story of data leakage in a sea of lost usernames and passwords? Not exactly. Mozilla stored passwords set before April 9th, 2009 as MD5 hashes. MD5 has cryptographic weaknesses that permit creation of the same hash from multiple strings. This permits security experts to compute all the possible hashes and determine either your password or another string that will work even if it is not your password. Mozilla did not store passwords in plain text. The good news? Mozilla audited their logs ...

Over the last few weeks we have been contacted by a number of members of the  our  Facebook page , concerned by a message they saw on Facebook, warning them that their account protection was " very low ". With fake anti-virus (also known as scareware) attacks becoming an ever-growing problem (they attempt to trick you into believing your computer has a security problem when it doesn't), some security-conscious Facebook users might worry that this is a similarly-styled assault, designed to scare you into taking perhaps unwise actions. Certainly the warning message gives you the impression that there's something seriously wrong with how you have defended your Facebook account. I must admit I was surprised to see the message appear on my own Facebook account as I have been quite fastidious in my security settings on the social network. So, I was curious to find out just  why  Facebook believed that my account protection status was "very low", and what they t...

The Pune police commissionerate conducted ‘Cyber Safe Pune 2010’ initiative from December 16 to 22 in the city. The initiative was aimed at creating awareness among people regarding cyber safety. The cyber crime cell conducted lectures at housing societies, schools, banks and colleges last week. Under the initiative, the cyber cell experts informed people about cyber crime. Deputy commissioner of police (cyber) Rajendra Dhale said, “The initiative was conducted to create awareness among the people. We received several queries about social networking sites, mobile thefts, lottery SMSes and credit card frauds.’’ “We are urging girls not to upload their photographs on social networking sites. We are also urging them not to share personal information while chatting with unknown people. However, people can register mobile theft cases at the police station,’’ he added. “We are requesting people not to fall prey to greedy messages concerning lottery prizes. Each police station has a cyber squ...