The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Internet Explorer vulnerable to Cookie-jacking A security researcher has devised an attack that remotely steals digital credentials used to access user accounts on Facebook and other websites by exploiting a flaw in Microsoft's Internet Explorer browser. Independent researcher Rosario Valotta demonstrated his “cookiejacking” proof of concept last week at the Hack in the Box security conference in Amsterdam. It exploits a flaw that's present in all current versions of IE to steal session cookies that Facebook and other websites issue once a user has entered a valid password and corresponding user name. The cookie acts as a digital credential that allows the user to access a specific account. The proof of concept code specifically targets cookies issued by Facebook, Twitter and Google Mail, but Valotta said the technique can be used on virtually any website and affects all versions of Windows. “You can steal any cookie,” he told The Register. “There is a huge customer base...

Fimap v.0.9 released - Local and Remote file inclusion auditing Tool fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. Download :  http://code.google.com/p/fimap/downloads/list

Security Alert : vBulletin 4.X  -  SQL Injection & CSRF/XSRF  Exploits available ! Two Serious Security Flaws are detected in  vBulletin 4.X Versions and also their Security SQL Injection & CSRF/XSRF Exploits are now also available. Impact of these Flaws: Lots of big Forums are on  vBulletin 4.X version and these Forums can be hacker easily using the exploits by any hacker. We would like to Request Admins to Patch their Forums as soon as possible. vBulletin 4.X Security Patch http://www.vbulletin.com/forum/showthread.php/376995-vBulletin-4.X-Security-Patch?AID=804495&PID=564936 Exploits are available at SQL Injection  :  http://www.1337day.com/exploits/16147 CSRF/XSRF     :   http://www.1337day.com/exploits/16160

Smsgwadapter Server Admin Credentials Revealed ! A Indian hacker, hack into the one of the SMS Server (Smsgwadapter) at 122.165.52.84 IP address. According to the hacker, This is the most unsecured Server got owned by a simple password guessing. In screenshot you can see the desktop of same server after login by him. This IP address actually was of http://smsgwadapter.dadp.com  which is client of  Reliance Industries Limited, That can be checked here :   . http://whois.domaintools.com/dadp.com  . The Domain looks to be down, But server at  122.165.52.84 is working and at Risk !  The Server name is "RIMSMS" and User "administrator" , Cant share password for Security Reasons. If you are a Server admin, Then the 1st rule is always that keep some special characters in your password, well in this case the password is  a very simple word. News Provied by : Saurav (  hack ersbay.in  )

Comodo Hacked - Reseller private data exposed ! Another official reseller of SSL certificate authority Comodo has suffered a security breach that allowed attackers to gain unauthorized access to data. Brazil-based ComodoBR is at least the fourth Comodo partner to be compromised this year. Customer details like organization names, addresses, telephones, domain names, type of web servers, serial numbers and more, are also included. There is also a list of what appears to be employee accounts, with @comdobr.com email addresses and hashed passwords. The password for an account called validacao@comodobr.com (validation@) is listed in plain text. Posted at  http://pastebin.com/9qwdL1pA  &  http://pastebin.com/F5nUf5kr

What is hashbot? Hashbot is a forensic web tool to acquire and validate, over time, the status of an individual web page or web document. Feature : Acquire Follow these steps to acquire a web document: Insert the document's URL (ie: http://www.evilwebpage.com/image.jpg or http://www.evilwebpage.com/page.html) in the text input. Select your favorite user agent. Click on Submit. A captcha code will be required, for security reason. Wait for acquisition service finish and click on download to save the result. Validate Validation informations are stored in the -code.txt file in "Validate Info". Insert the keycode in "CODE" field. Insert the file hash chosing between MD5 or SHA1 in the "HASH FILE" field. Select the file hash type according with the hash type filled in the previous field. Click on Submit. A captcha code will be required, for security reason and wait for server response. Tool :  https://www.hashbot.com/