The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Google's long-rumored Android-Chrome hybrid operating system is expected to debut at the company's upcoming hardware event on October 4. The company has been working to merge the two OSes for roughly 3 years with a release planned for 2017, but an "early version" to show things off to the world in 2016. Android + Chrome = Andromeda The hybrid OS, currently nicknamed 'Andromeda,' could be come on a new Pixel laptop as well as Huawei Nexus tablet from Google by Q3 2017, if not sooner, according to new leaks from 9to5Google and Android Police . Andro id + Ch rome = Andromeda The laptop, officially codenamed " Bison " and nicknamed "Pixel 3," is a reference to the "Chromebook Pixel," but since this edition is not running Chrome operating system, one can not call it a "Chromebook" anymore. Andromeda is separate from the company's Fuchsia OS , which is focused on Internet-of-Thing (IoT) devices. Moreove...

A computer hacker who allegedly helped the terrorist organization ISIS by handing over data for 1,351 US government and military personnel has been sentenced to 20 years in a U.S. prison. Ardit Ferizi , aka Th3Dir3ctorY, from Kosovo was sentenced in federal court in Alexandria, for "providing material support to the Islamic State of Iraq and the Levant (ISIL) and accessing a protected computer without authorization and obtaining information in order to provide material support to ISIL," the Department of Justice announced  on Friday. The 21-year-old ISIS-linked hacker obtained the data by hacking into the US web hosting company's servers on June 13, 2015. Ferizi then filtered out over 1,300 US military and government employees' information from the stolen data and then handed them over to Junaid Hussain , according to court filings [ PDF ]. The stolen data contains personally identifiable information (PII), which includes names, email addresses, passwords, lo...

Can you rely on a single loudspeaker in your living room for great sound throughout your home? Nah! In the same way, you can not expect a single WiFi router to provide stable range throughout your home. To solve this issue, Google will soon power your home's wireless internet network with its own-brand new WiFi router called Google WiFi , according to a new report. Google is set to launch a lot of new gadgets at its hardware event on October 4 including the new Pixel smartphones, Google Home, the refreshed 4K-capable Chromecast rumored to be called Chromecast Ultra and the new Google WiFi router. But the Google WiFi router might be the biggest surprise of the bunch. Google WiFi is said to be designed in such a way that it can be deployed in groups to create a mesh network so that multiple units can be linked together, similar to Eero's incredible router, according to a report from Android Police. With Google WiFi, you simply need to plug one device into your ...

After the iPhone encryption battle between Apple and the FBI , Apple was inspired to work toward making an unhackable future iPhones by implementing stronger security measures even the company can't hack. Even at that point the company hired one of the key developers of Signal — one of the world's most secure, encrypted messaging apps — its core security team to achieve this goal. But it seems like Apple has taken something of a backward step. Apple deliberately weakens Backup Encryption For iOS 10 With the latest update of its iPhone operating system, it seems the company might have made a big blunder that directly affects its users' security and privacy. Apple has downgraded the hashing algorithm for iOS 10 from "PBKDF2 SHA-1 with 10,000 iterations" to "plain SHA256 with a single iteration," potentially allowing attackers to brute-force the password via a standard desktop computer processor. PBKDF2 stands for Password-Based Key Deri...

The OpenSSL Foundation has patched over a dozen vulnerabilities in its cryptographic code library, including a high severity bug that can be exploited for denial-of-service (DoS) attacks. OpenSSL is a widely used open-source cryptographic library that provides encrypted Internet connections using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) for the majority of websites, as well as other secure services. The vulnerabilities exist in OpenSSL versions 1.0.1, 1.0.2 and 1.1.0 and patched in OpenSSL versions 1.1.0a, 1.0.2i and 1.0.1u. The Critical-rated bug ( CVE-2016-6304 ) can be exploited by sending a large OCSP Status Request extension on the targeted server during connection negotiations, which causes memory exhaustion to launch DoS attacks, the OpenSSL Project said . What is OCSP Protocol? OCSP (Online Certificate Status Protocol), supported by all modern web browsers, is a protocol designed to perform verification and obtain the revocation status of a digital ...