The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Google's Chrome web browser is now at version 11, and its release is marked by a record payout for security fixes as well as a speech translation feature. A total of 27 security vulnerabilities are fixed in the latest stable release for Windows, Mac, Linux and Chrome Frame. Individual rewards were from $500 up to $3,000 for a particularly nasty looking bug that allowed a possible URL bar spoof leading to navigation errors and interrupted page loads. Among the researchers Google gave thanks to was Braden Thomas of Apple Product Security. This is most likely because Chrome's underlying open source browser engine Webkit is the same one that runs Safari. Chrome users will now also be able to play around with speech translation, thanks to a new speech input through HTML feature. Using the Google Translate application, you can speak after clicking a microphone at the bottom right of the input box. You'll be able to read and listen to the translated result. This isn't ne...

Election commission & Society of aircraft engineers of pakistan Hacked By Imm0rt4l5 Hacked Url : http://www.ecp.gov.pk/viewpressreleasenotific.aspx?id=1374&typeid=2 Mirror : http://i51.tinypic.com/1zgt9vc.jpg Hacked Url : http://saep.org.pk/documents/immortal.php Mirror : http://turk-h.org/defacement/view/383370/saep.org.pk/documents/

Nikon Image Authentication System Compromised ! ElcomSoft Co. Ltd. researched Nikon’s Image Authentication System, a secure suite validating if an image has been altered since capture, and discovered a major flaw. The flaw allows anyone producing forged pictures that will successfully pass validation with Nikon’s Image Authentication Software. The weakness lies in the manner the secure image signing key is being handled in Nikon digital cameras. The existence of the weakness allowed ElcomSoft to actually extract the original signing key from a Nikon camera. This, in turn, made it possible to produce manipulated images signed with a fully valid authentication signature. Complete Story :   http://blog.crackpassword.com/2011/04/nikon-image-authentication-system-compromised/

John the Ripper 1.7.7 new version Released ! “John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes.” This is the change log for JtR version 1.7.7: Added Intel AVX and AMD XOP instruction sets support for bitslice DES (with C compiler intrinsics). New make targets: linux-x86-64-avx, linux-x86-64-xop, linux-x86-avx, and linux-x86-xop (these require recent versions of GCC and GNU binutils). A “dummy” “format” is now supported (plaintext passwords encoded in hexadecimal and prefixed with “$dummy$”) – for faster testing and tuning of custom wordlists, rule sets, .chr files, and external modes on already known or artificial passwords, as well as for testing of future and modified versions of John itself. Apache “$apr1$” MD5-based password hashes are now ...

Microsoft Windows Malicious Software Removal Tool - Download ! The Microsoft Windows Malicious Software Removal Tool checks Windows Vista, WIndows 7, Windows XP, Windows 2000, and Windows Server 2003 computers for and helps remove infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed. The tool creates a log file named mrt.log in the %WINDIR%\debug folder. To download the x64 version of Malicious Software Removal Tool, click here . This tool is not a replacement for an anti-virus product. To help protect your computer, you should use an anti-virus product. Microsoft will release an updated version of this tool on the second Tuesday of each month. New versions will be made available through this web page, Windows Update, and the Malicious Software Removal Tool Web site on...

FBI vs Coreflood botnet The FBI’s unprecedented effort to behead the Coreflood botnet—comprised of millions of hacked Windows machines—appears to be working, at least for now. The bureau has tracked a dramatic decline in the number of pings from the botnet since the takedown operation began earlier this month, according to court documents filed by the Justice Department on Monday. The number of pings from infected US systems plummeted from nearly 800,000 to less than 100,000 in about a week after authorities began sending out “stop” commands to those machines—a drop of nearly 90 percent. Pings from infected computers outside the US have also dropped about 75 percent, likely as a result of a parallel outreach effort to foreign ISPs. The government’s efforts have “temporarily stopped Coreflood from running on infected computers in the United States,” writes the government in its filing, “and have stopped Coreflood from updating itself, thereby enabling anti-virus software vendors...