The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A cookie is a piece of data that is issued by a server in an HTTP response and stored for future use by the HTTP client. Quite simply, a cookie is a small text file that is stored by a browser on the user's machine. Cookies are plain text; they contain no executable code. The client then re-supplies the cookie value in subsequent requests to the same server. This mechanism allows the server to store user preferences and identity individual users. One of the biggest issues in cookie mechanism is how to handle them. In short, the server had no way of knowing if two requests came from the same browser, called Cookie Handling vulnerability. ' Piero Tedeschi ' reported a similar issue in ' Telecom Italia ' ( https://www.telecomitalia.it/ ), the largest Italian telecommunications company, also active in the media and manufacturing industries. This vulnerability allow a malicious user to hijack multiples accounts, just by exporting and importing the cookies from...

Anonymous claimed it had stolen and leaked over 2,000 usernames and passwords for Hill staffers in an anti- PRISM protest, calling the move a pivotal moment for Congress. The Twitter handle @OpLastResort which claims to be affiliated with the famous hacktivist group posted the data and also tweeted: " We mean it. This is a pivotal moment for America, and we will not tolerate failure ." Congress actually fosters decent password best practices, requiring a special character, an uppercase letter, a lowercase letter, and a number to make up a code between 6-10 characters. What is perhaps most interesting about the hacked passwords is that they exemplify, in many cases they are just dictionary words with numbers tacked on to the end, the names of the staffers' bosses, or their favorite sports team, so the claimed hack and leaked database was probably outdated or fake. But the security advisory that was sent out to staffers said, "Early today, hackers disclo...

Google being one of the top web based service provider, has huge number of Internet users availing the free and paid services for their day-to-day personal and/or professional needs. Many of them have configured their mobile phone number for their account password recovery options. Certainly, when comes the mobility, many of these users prefer Google's android based smart phones and tablets to access these services anytime, anywhere. In case of issues in accessing GMAIL services, user is been provided with the option to reset the account password by simply asking Google to send a verification code on the pre-registered mobile number. On the other hand, Android (mobile operating system from Google) based devices are bundled with security features to keep the privacy of user data/information intact. The user can opt to set the security level from none to Password (High), this ensures that, to access the mobile device and information within it, the user needs to pass through ...

Privacy protection in the services we use on a daily basis has been a big topic of conversation following accusations that Google, Microsoft, Apple and other large tech companies were working with government agencies to provide user data. According to a new report by CNet , Google may introduce encryption for users' data generated on their Google Drive to protect its customers' privacy against attempts by the U.S. government to access the data. Why Encryption ?  Secure encryption of users' private files means that Google would not be able to divulge the contents of stored communications even if NSA submitted a legal order under the Foreign Intelligence Surveillance Act or if police obtained a search warrant for domestic law enforcement purposes. "Mechanisms like this could give people more confidence and allow them to start backing up potentially their whole device, " said Seth Schoen, Electronic Frontier Foundation. Many companies use SSL and HTTPS to ...

Anonymous hackers claimed yesterday that they have broken into a server used by the Federal Emergency Management Agency (FEMA) and leaked the database  ( password : fema ) includes - names, addresses and other information of FEMA contractors, private defense contractors, federal agents and local authorities. Hack was performed in response to Homeland Security training exercises that centered on a fictional version of the hacker collective.FEMA, under the Department of Homeland Security, conducts an National Level Exercise (NLE) each year. " This is a message from some of us, to FEMA, to various world governments and to their complicit corporate lackeys who dwell in the shadows as well as to the 2.5 billion regular people who use the internet and have found that their right to privacy has been utterly destroyed. " hackers said. The dump contains a table of user IDs and MD5 hashes of corresponding passwords and leaked mailing addresses connected to some of the ...