The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Norton Cybercrime Report 2011 For the first time a Norton study calculates the cost of global cybercrime: $114 billion annually.Based on the value victims surveyed placed on time lost due to their cybercrime experiences, an additional $274 billion was lost. With 431 million adult victims globally in the past year and at an annual price of $388 billion globally based on financial losses and time lost, cybercrime costs the world significantly more than the global black market in marijuana, cocaine and heroin combined ($288 billion). Read more on Norton

FBPwn : A Cross-Platform Facebook Profile Dumper tool FBPwn is an open source, cross-platform, Java based Facebook profile dumper. It can send friend requests to a list of Facebook profiles, and poll for their acceptance notification. Once the victim accepts the invitation, it dumps all their information, photos and friend list to a local folder. It supports a lot of modules that can expand its current functionalities. It has a well documented Wiki page explaining the process of building a FBPwn module. Though it has a lot of available modules prebuilt for your use. All modules work on a selected profile URL (we’ll call him Bob), using a valid authenticated account (we’ll call him Mallory). AddVictimFriends: Request to add some or all friends of Bob to increase the chance of Bob accepting any future requests, after he finds that you have common friends. ProfileCloner: A list of all Bob’s friends is displayed, you choose one of them (we’ll call him Andy). FBPwn will change Ma...

Wireshark 1.4.9 & Wireshark 1.6.2 updated version released Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education. The following bugs have been fixed: configure ignores (partially) LDFLAGS. (Bug 5607) Build fails when it tries to #include , not present in Solaris 9. (Bug 5608) Unable to configure zero length SNMP Engine ID. (Bug 5731) BACnet who-is request device range values are not decoded correctly in the packet details window. (Bug 5769) H.323 RAS packets missing from packet counts in “Telephony->VoIP Calls” and the “Flow Graph” for the call. (Bug 5848) Wireshark crashes if sercosiii module isn’t installed. (Bug 6006) Editcap could create invalid pcap files when converting from JPEG. (Bug 6010) Timestamp is incorrectly decoded for ICMP Timestamp Response packets from MS Windows. (Bug 6114) Malformed Packet in decode for BGP-AD update. (Bug 6122) Wrong display of CSN_BIT in CSN.1. (...

Google Web History vulnerable to new Firesheep Addon Two researchers have shown how a modded version of the Firesheep Wi-Fi sniffing tool can be used to access most of a victim’s Google Web History, a record of everything an individual has searched for. The core weakness discovered by the proof-of-concept attack devised by Vincent Toubiana and Vincent Verdot lies with what is called a Session ID (SID) cookie, used to identify a user to each service they access while logged in to one of Google’s services. Fortunately, the latest exploit does not allow attackers to take over Google Accounts, but obviously, it can be used to expose private data. " While the direct access to users' data is subject to a strict security policy, using personalized services (which may leak this same personal information) is not, " wrote Vincent Toubiana and Vincent Verdot, the creators of the modded Firesheep. To be sure, the compromised cookies are deployed across more than 20 websites inc...

Hotmail , MSN , Office 365 , live.com sites down (now up) A number of Microsoft online services, including Hotmail, MSN, Office 365, and seemingly most if not all of *.live.com addresses are currently “experiencing an outage”. MSN and Office 365 have already tweeted about it: The downtime, which happened on Friday at about 4am in the UK — 8pm on Thursday Pacific time (PDT) — was due to a domain name service problem, according to Microsoft. But Microsoft certainly isn't alone.Google has also seen its share of downtime. Just this past Wednesday, Google Docs was offline for about 30 minutes. In May, the company's Blogger service was unavailable for the greater part of a day.