The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

WebSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability Description : [+]Autopwn - Used From Metasploit For Scan and Exploit Target Service [+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin [+]format infector - inject reverse & bind payload into file format [+]phpmyadmin - Search Target phpmyadmin login page [+]lfi - Scan,Bypass local file inclusion Vulnerability & can be bypass some WAF [+]apache users - search server username directory (if use from apache webserver) [+]Dir Bruter - brute target directory with wordlist [+]admin finder - search admin & login page of target [+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks [+]MITM - Man In The Middle Attack [+]Java Applet Attack - Java Signed Applet Attack [+]MFOD Attack Vector - Middle Finger Of Doom Attack Vector [+]USB Infection Attack - Create Executable Backdoor For Infect USB For Windows Download WebSploit Toolkit V.1.6

Anonymous hackers deface International Police Association http://ipa-iac.org (IPA) on Friday afternoon and  Anonymous hackers responsible left an angry message on the website's homepage, stating that they defaced the page " for the lulz " (for fun) but also warned that they might have stolen some " sensitive data. " A message posted at the top of the page reads, " oHai [hello]... International Police Association (International Admin Center) you will see we haz [had] some #LULZ at your expense maybe you will fix your security issues and of course... we always recommend you NOT store admin passwords in PLAINTEXT For a site like International Police Association... w3 [we] really expected moar [more]... #LULZ the thin... " The International Police Association is the largest organization for police officers in the world according to Wikipedia, and is not connected to Interpol http://www.interpol.int/ . The IPA was founded by English police sergeant Arth...

Panos Ipeirotis, a computer scientists working at New York University,attack on his Amazon web service using Google Spreadsheets and Panos Ipeirotis checked his Amazon Web Services bill last week - its was $1,177.76 ! He had accidentally invented a brand new type of internet attack, thanks to an idiosyncrasy in the online spreadsheets Google runs on its Google Docs service, and he had inadvertently trained this attack on himself. He calls it a Denial of Money attack, and he says others could be susceptible too. On his personal blog Ipeirotis explained that it all started when he saw that Amazon Web Services was charging him with ten times the usual amount because of large amounts of outgoing traffic. As part of an experiment in how to use crowdsourcing to generate descriptions of images, he had posted thumbnails of 25,000 pictures into a Google document, and then he invited people to describe the images. The problem was that these thumbnails linked back to original images stored on...

90% of the Internet's top 200,000 HTTPS-enabled websites are vulnerable to known types of SSL (Secure Sockets Layer) attack, according to a report released Thursday by the Trustworthy Internet Movement (TIM), a nonprofit organization dedicated to solving Internet security, privacy and reliability problems. The report is based on data from a new TIM project called SSL Pulse , which uses automated scanning technology developed by security vendor Qualys, to analyze the strength of HTTPS implementations on websites listed in the top one million published by Web analytics firm Alexa. SSL Pulse checks what protocols are supported by the HTTPS-enabled websites (SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, etc.), the key length used for securing communications (512 bits, 1024 bits, 2048 bits, etc.) and the strength of the supported ciphers (256 bits, 128 bits or lower). The BEAST attack takes advantage of a flaw in SSL 3.0, allowing the attacker to grab and decrypt HTTPS cookies on an end user’...

Hackers have for the third time in less than a year attacked the main website of the Afghan Taliban. Images of pigeons and Taliban executions of women were combined with various messages in English, Pashto, and Arabic that support the Afghan government, replacing the Taliban's usual pabulum of exaggerated battlefield claims and anti-government commentaries, by early afternoon. The Taliban has blamed western intelligence agencies amid an intensifying cyberwar with the insurgents. One of the statements posted in English read: " Any kind of violence is condemnable, especially killing of innocent people. It is the responsibility of Afghan security forces to provide security for the country after the withdrawal of foreign troops ," " It was hacked again by enemies and foreign intelligence services," Taliban spokesman Zabihullah Mujahid said. " The enemy tries to push its propaganda. The enemy is worried by what gets published in our webpage. It's confusin...