The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The secret Foreign Intelligence Surveillance Court (FISA) gave the green light to the Obama administration by r enewing the government's authority Friday to continue the collection of millions of Americans' telephone records. The order by the Foreign Intelligence Surveillance Court has been in place for years but must be renewed every three months and this month it was  expired on July 19.  The Obama administration maintains Congress shouldn't be surprised by the programs. NSA surveillance programs were  exposed in the month of June,  by former National Security Agency contractor Edward Snowden .  He has been charged with espionage and remains in diplomatic limbo at the Moscow airport after seeking temporary asylum. President Barack Obama says the government is not listening in on calls, and  Intelligence officials say they have helped disrupt dozens of terrorist attacks, and target only foreign suspects outside the United Stat...

A cookie is a piece of data that is issued by a server in an HTTP response and stored for future use by the HTTP client. Quite simply, a cookie is a small text file that is stored by a browser on the user’s machine. Cookies are plain text; they contain no executable code. The client then re-supplies the cookie value in subsequent requests to the same server. This mechanism allows the server to store user preferences and identity individual users. One of the biggest issues in cookie mechanism is how to handle them. In short, the server had no way of knowing if two requests came from the same browser, called Cookie Handling vulnerability. ' Piero Tedeschi ' reported a similar issue in ' Telecom Italia ' ( http://www.telecomitalia.it/ ), the largest Italian telecommunications company, also active in the media and manufacturing industries. This vulnerability allow a malicious user to hijack multiples accounts, just by exporting and importing the cookies from...

Anonymous claimed it had stolen and leaked over 2,000 usernames and passwords for Hill staffers in an anti- PRISM protest, calling the move a pivotal moment for Congress. The Twitter handle @OpLastResort which claims to be affiliated with the famous hacktivist group posted the data and also tweeted: " We mean it. This is a pivotal moment for America, and we will not tolerate failure ." Congress actually fosters decent password best practices, requiring a special character, an uppercase letter, a lowercase letter, and a number to make up a code between 6-10 characters. What is perhaps most interesting about the hacked passwords is that they exemplify, in many cases they are just dictionary words with numbers tacked on to the end, the names of the staffers’ bosses, or their favorite sports team, so the claimed hack and leaked database was probably outdated or fake. But the security advisory that was sent out to staffers said, “Early today, hackers disclo...

Google being one of the top web based service provider, has huge number of Internet users availing the free and paid services for their day-to-day personal and/or professional needs. Many of them have configured their mobile phone number for their account password recovery options. Certainly, when comes the mobility, many of these users prefer Google’s android based smart phones and tablets to access these services anytime, anywhere. In case of issues in accessing GMAIL services, user is been provided with the option to reset the account password by simply asking Google to send a verification code on the pre-registered mobile number. On the other hand, Android (mobile operating system from Google) based devices are bundled with security features to keep the privacy of user data/information intact. The user can opt to set the security level from none to Password (High), this ensures that, to access the mobile device and information within it, the user needs to pass through ...

Privacy protection in the services we use on a daily basis has been a big topic of conversation following accusations that Google, Microsoft, Apple and other large tech companies were working with government agencies to provide user data. According to a new report by CNet , Google may introduce encryption for users’ data generated on their Google Drive to protect its customers’ privacy against attempts by the U.S. government to access the data. Why Encryption ?  Secure encryption of users’ private files means that Google would not be able to divulge the contents of stored communications even if NSA submitted a legal order under the Foreign Intelligence Surveillance Act or if police obtained a search warrant for domestic law enforcement purposes. “Mechanisms like this could give people more confidence and allow them to start backing up potentially their whole device, ” said Seth Schoen, Electronic Frontier Foundation. Many companies use SSL and HTTPS to ...