The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Session Race Conditions and Session Puzzling – Now Simplified A few months ago Shay Chen , Senior Manager at Hacktics Advanced Security Center (HASC) published a paper about Session Puzzling , a new application level attack vector of critical severity and numerous uses, but for some bizarre reasons, most of the responses I got was that the attack was too complicated to comprehend all it once. Temporal Session Race Conditions (TSRC) is yet another a new application level vulnerability (presented in September 15, 2011, in local OWASP chapter meeting) that extends the capabilities of session puzzling, enables the exploitation of race conditions without latency and provides a new purpose for application denial of service attack. The attack generally extends the lifespan of temporary session variables (session calculations and assignments with a lifespan of milliseconds) by increasing the latency of the following lines of code through the use of specific layer targeted denial of servic...

#DEFCON Chennai September 2011 meet - Another Success !  DEF-CON Chennai (DC602028) Meet held on On 11th September 2011 From 2:30 PM to 7PM was a Great Success.  List of Speakers 1) Abhinab 2) Viknesh 3) Ravi Kumar 4) Aditya Gupta 5) Rahul Tyagi 6) Sophan 7) Suman Some Awesome moments of Meet DefCon message to all Groups " DC Groups are up and running all around the world! Defcon would like to thank the founders of the groups for all of their hard work and input. We invite you to attend a DC group meeting in your area and if your city isn’t listed, START ONE! Got ideas? Share them! ". View Complete Album here

The City Of Rennes (France) Hacked against Anti-Islamic government of France TeaMp0isoN hackers take responsibly to hack official website of The City Of Rennes (France) via a tweet . Hacker publish the reason of hack on the defacement page " This defacement is a digital protest against the banning of "Islamic" prayer in public and the banning of the burqa in France, everyone should have a right to practice their religion, you allow Christian preachers to stand in the public and preach to the public but u don't allow Muslims to pray in public? You allow women to walk around half-naked but you don't allow Muslim women to cover their body? Shame on you france, Muslims are people too... ". Mirror of hack also submitted to Zone-H directory.

BIOS based Virus discovered by Chinese Security Firm A Chinese AV company 360 discovered a new Trojan, the “ BMW Virus ” (also called Mebromi), that can actually infect a computers BIOS: “ BMW 360 Security Center virus is the latest catch of a high-risk virus, the virus that infected a chain BIOS (motherboard chip program), MBR (master boot drive) and Windows system files, reinstall the system, regardless of the victim computer, format the hard disk, or replace the hard disk can not completely remove the virus. ” It uses the CBROM command-line tool to hook its extension into the BIOS. The next time the system boots, the BIOS extension adds additional code to the hard drive's master boot record (MBR) in order to infect the winlogon.exe / winnt.exe processes on Windows XP and 2003 / Windows 2000 before Windows boots. The next time Windows launches, the malicious code downloads a rootkit to prevent the drive's MBR from being cleaned by a virus scanner. But even if the drive is ...

Automated Skype calls spreading fake anti-virus warning Automated Skype calls spreading fake anti-virus warning, where an automated message (what I like to call a "Digital Dorothy") warns you in a semi-robotic voice that your computer's security is not up-to-date. "Attention: this is an automated computer system alert. Your computer protection service is not active. To activate computer protection, and repair your computer, go to [LINK]," says the robotic voice during a prerecorded message. The offered link takes the most gullible and curious ones to a page that shows the typical "Computer protection inactive. Scanning… Viruses found!" message that is meant to convince them to fork over a decent amount of money - in this case, $19.95 - in order to get the offered protection.Not content with the money, they also ask for their personal information. If you weren't aware of fake anti-virus (also known as scareware) scams like this you might well...

NeXpose 5.0 vulnerability management solution Released by Rapid7 Nexpose proactively supports the entire vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. This gives organizations immediate insight into the security posture of their IT environment by conducting over 65,000 vulnerability checks for more than 16,000 vulnerabilities. The solution leverages one of the largest vulnerabilities databases to identify vulnerabilities across networks, operating systems, databases, Web applications and virtual assets. Risk is classified based on real exploit intelligence combined with industry standard metrics such as CVSS, as well as temporal and weighted risk scoring. Nexpose provides a detailed, sequenced remediation roadmap with time estimates for each task. Nexpose is used to help organizations improve their overall risk posture and security readiness as well as to comply with mandatory regulati...