The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Origami is a framework for PDF documents manipulation written in pure Ruby. It can be used to analyze or create malicious PDF documents. Being written in Ruby, the core engine of Origami is totally scriptable and can be used for automated tasks on large sets of documents. A GTK graphical interface is also available for manually browsing through the inner objects of a PDF document. The philosophy behind Origami is the following: Support for both reading and writing to PDF documents. Origami is able to create documents from scratch, read existing documents and modify them. Each new feature added must be compatible with reading and writing. Handling a large subset of the PDF specification. Origami focuses on features from the PDF specification which can be used to obfuscate documents or provide offensive capabilities. Being flexible and extensible. Origami can be used in many ways, even if you are new to the Ruby language. Origami supports many advanced features of the PDF spec...

R00TW0RM Linux Auto rooter for 2009 kernel Coded by CrosS Linux Server with Kernel 2009 are still vulnerable to exploit . This Exploit is Auto Rooting Exploit, with one Exploit you are able to Get root access to any Linux machine. Its a local root exploit so for that, you have to upload it on same machine before usage. See below for Download link and Usage help : Download Link: http://r00tw0rm.com/CrosS-2009.txt Usage : Just upload/fetch/wget and give sommand => perl CrosS-2009.txt Submitted By : /UnKnown/

NIIT Technologies GIS subsidiary ’s server hacked by Tigers of Indian Cyber (TIC) A server belonging to NIIT GIS Limited, an NIIT Technologies subsidiary, was compromised last week using a SQL injection attack by a hacking group calling itself the ‘Tigers of Indian Cyber’ (TIC). TIC posted the disclosure in an open security forum giving proof of concept, and a complete list of account credentials. It has since come to light that NIIT GIS’ server was compromised — not the servers at NIIT Technologies. The breach was independently verified by Omair, a security consultant with Network Intelligence India (NII). Omair said that the hack was genuine, and was verified with the link posted by TIC as proof of concept. “The executed query enumerates expected information from the database tables,” says Omair. Initial communication with NIIT Technologies revealed that the company was ignorant of the situation. After being informed by SearchSecurity.in of the particulars, the breach was detec...

Internet Explorer vulnerable to Cookie-jacking A security researcher has devised an attack that remotely steals digital credentials used to access user accounts on Facebook and other websites by exploiting a flaw in Microsoft's Internet Explorer browser. Independent researcher Rosario Valotta demonstrated his “cookiejacking” proof of concept last week at the Hack in the Box security conference in Amsterdam. It exploits a flaw that's present in all current versions of IE to steal session cookies that Facebook and other websites issue once a user has entered a valid password and corresponding user name. The cookie acts as a digital credential that allows the user to access a specific account. The proof of concept code specifically targets cookies issued by Facebook, Twitter and Google Mail, but Valotta said the technique can be used on virtually any website and affects all versions of Windows. “You can steal any cookie,” he told The Register. “There is a huge customer base...

Fimap v.0.9 released - Local and Remote file inclusion auditing Tool fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. Download :  http://code.google.com/p/fimap/downloads/list