The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Summary The Facebook Translations tool’s search feature was vulnerable to a simple reflected XSS attack. How did it work? The  Translations tool  allows users to perform phrase searches within translations. In this case, when a search query returned 0 results, the script displayed a message (“Your search for “YOUR PHRASE HERE” did not match any results.”) which contained unsanitized user input (the search query). Why is this important? The XSS vulnerability was on Facebook.com. An attacker could have used it to access or change information on people’s accounts. Despite Facebook’s claims that they’ve  eliminated   XSS vulnerabilities , it’s clear that some portions of the site are better protected than others (ie: Translations was probably not using XHP). Lesser used portions of the site, like the Translations tool, are often the most vulnerable since they’re not updated as often or tested as frequently. More Information I want to thank Facebook for responding to ...

ClubHack : CHMag Issue 14th, March 2011 Download ! Description: 14th issue of ClubHACK magazine is out. Contents of this issue: Tech Gyan - Remote Thread Execution in System Process Tool Gyan - JS Recon: Java Script Network Reconnaissance Tool Mom's Guide - Choosing Right Secure Mobile Legal Gyan - Law Related Unauthorized Access Command Line Gyan - Backup & Bulk Copy Maruix Vibhag - Introduction Part 1 PDF download link: http://chmag.in/issue/mar2011.pdf News Source :  Abhijeet Patil URL: http://chmag.in

Tuesday, Google announced a few changes to Chrome, its engineered-for-speed web browser. The super-fast beta version that was announced a few weeks ago has already been updated to a stable version. For the Googlers working on Chrome, speed entails not only faster code (the latest version of Chrome boasts a 66% improvement in JavaScript performance) but also easier-to-navigate interfaces. With that in mind, the company is rolling out a new Settings interface for all Chrome users. One major change is that Settings are now presented in a Chrome tab rather than a dialog box — a change that will seem familiar to those using Google’s Cr-48 notebooks, which run Chrome OS and present absolutely everything in a browser tab. Settings are also searchable, which many users will likely find extremely helpful. Here’s a brief demo video showing Chrome’s new Settings pages in action: Google has also extended its sandboxing features to Chrome’s Flash player. Interested parties can download...

Security vulnerability testing is getting a boost this week with the release of Metasploit 3.6. Metasploit Pro, the commercial version of the product, now includes new PCI compliance reporting capabilities. There is also a new Project Activity Report, which helps organization manage and track penetration testing activities. While there have been improvements to the commercial tool, open source users also benefit from some of the work done on Metasploit Pro 3.6 "The work behind the Pro Console actually resulted in major usability improvements to the standard Metasploit Framework console," said HD Moore, chief security officer at Rapid7 and Metasploit's chief architect. "All 64 of the new modules (including 15 exploits) are available in the open source version as well as the commercial products."

#OperationPayback , Next Target Bmi.com by Anonymous Hackers ! Operation Payback's third target since its revival is www.bmi.com We will not rest until our demands our met. We are Anonymous We are Legion We do not Forgive We do not Forget Expect Us News Source : Anonymous :P