The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Internet Systems Consortium released an advisory ( http://www.isc.org/CVE-2011-1907 ) today informing BIND users that certain types of queries to name servers can cause the servers to crash and create a denial-of-service condition. This remotely exploitable bug only affects BIND users with the Response Policy Zones (RPZ) feature configured for RRset replacement, and has a high severity rating. The RPZ feature was initially built into 9.8.0 as a mechanism for modifying DNS responses from recursive servers according to local rules or those imported from a reputation provider. RPZ is generally used for forcing NXDOMAIN responses from untrusted names or RRset replacement. When RPZ is in use, queries from RRSIG for names configured for RRset replacements will trigger assertion failures and cause the name server process to exit. There is no active exploit here, but certain DNSSEC validators are known to send RRSIG queries, which then trigger the failure. A work-around for this issu...

Anonymous IRC networks - irc.anonops.net & irc.anonops.ru Hacked ! Message By Anonymous : Dear Users of the AnonOps Network, We regret to inform you today that our network has been compromised by a former IRC-operator and fellow helper named "Ryan".  He decided that he didn't like the leaderless command structure that AnonOps Network Admins use. So he organised a coup d'etat, with his "friends" at skidsr.us . Using the networks service bot "Zalgo" he scavenged the IP's  and passwords  of all the network servers (including the hub) and then systematically aimed denial of service attacks at them (which is why the network has been unstable for the past week). Unfortunately he has control of the domain names AnonOps.ru (and possibly AnonOps.net, we don't know at this stage) so we are unable to continue using them. We however still have control  o ver   AnonOps.in, and will continue to publish news there. We would  STRONGLY ADVISE  ...

OpenID Warns of Serious Bugs in Some Implementations Amidst the fallout of the latest bungled password service kerfuffle at LastPass, comes a warning from the  OpenID  foundation of a critically serious flaw in certain deployments of the product to suffer a certain level of inter-process data poisoning. More, below… via the Kaspersky Lab Threatpost blogs’ Dennis Fisher: “ OpenID Warns of Serious Bugs in Some Implementations ” “The OpenID Foundation is warning users about a weakness in the software that could enable an attacker to change some of the data that’s exchanged between parties that use OpenID. The group is telling sites that implement OpenID to update to a new version in order to fix the problem. The  bug in OpenID  lies in the way that the system’s Attribute Exchange, an extension to the OpenID system that gives sites the ability to exchange identity information between endpoints. OpenID, and open source project that e...

India's leading IT companies TCS (Tata Consultancy Services) & Tech Mahindra is also not Secure !  Here are some proofs submitted to THN : The Hacker News by a Indian hacker - THE_DREAM_BOY , as shown below , which can easily prove that , YES ! India's leading IT companies TCS (Tata Consultancy Services) & Tech Mahindra is also not Secure ! Have a look :- 1.) XSS Attack on Tech Mahindra 's Website :  http://www.techmahindra.com/ 2.)  TCS (Tata Consultancy Services) :    Information Disclosure of Server private IP Address and oracle DB info :  http://www.tcs.com/

[THN] The Hacker News Exclusive   Report on  Sony 3rd Attack Issue ! On May 5th 2011 THN received an email that Hackers once again attacked Sony for the 3rd Time. The Hacker News is a responsible an online Hacker News Organisation. We propagate news specifically related to security threats.  Also, hacking threads and security issues from all over the world.  We are NOT associated with any HACKING GROUP like ANONYMOUS or Others . Lets talk about the " 3rd Sony Hack Issue ". As I said, on 5th May we got the mail from a hacker  that they got some new Information from Sony's Site. Here the Email Screenshot : We check the links, that contains some waste list of user names , Even there is not a single email ID in whole excel sheet that can be used against some spam/hack. Then why Sony so Scared ?? Now WHAT? !!  Is  it our responsibility as The Hacker News , that we inform Sony and Other Cyber Security Experts that hackers can attack again...

Sites get hacked every day. The bad guys often install a toolkit to control remote servers effectively. Here is one called EgY SpIdEr ShElL : When logging in, you get a quick overview of the machine with what services are running, as well as some hardware specs.: The toolkit provides you with templates to hack various software programs: Brute force attacks: HTTP form cracks: Encoding: Database queries: SQL injection tool: The origin of this toolkit seems to point to Arabic countries. It is just one of many similar hack shells that criminals use. A future blog post about other tools might be necessary