The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

HTC Android Vulnerability - Exposes Phone numbers, Gps, SMS, Emails etc If you are running a HTC Android smartphone with the latest updates applied, chances are your personal data is freely accessible to any app you have given network access to in the form of full Internet permissions.This vulnerability isn’t a backdoor or some inherent flaw in Android, it is instead HTC failing to lock down its data sharing policies used in the Tell HTC software users have to allow or disallow on their phone. The problem being, not only is your data vulnerable when Tell HTC is turned on, it’s just as vulnerable when it is turned off. In brief, any app on affected devices that requests a single android.permission.INTERNET (which is normal for any app that connects to the web or shows ads) can get its hands on: the list of user accounts, including email addresses and sync status for each last known network and GPS locations and a limited previous history of locations phone numbers from the phon...

Once a user scans the QR code, the code redirects them to a site that will install a Trojan on their Android smart phones. Kaspersky's SecureList blog has a report of a malicious QR code on a web site which when scanned directs the user to a URL; the linked site doesn't have a file matching the name in the URL, but it does redirect the browser to another site where the file jimm.apk is downloaded.  The file is a trojanized version of the Jimm mobile ICQ client, infected with Trojan-SMS.AndroidOS.Jifake.f which sends a number of SMS messages to a $6 a message premium rate service. Once installed, the Trojan will send a number of SMS messages to premium-rate numbers, which will end up costing the victim some money, depending on how quickly she is able to find and remove the Trojan. Kaspersky’s Denis Maslennikov reports that the malware itself is a Trojanized Jimm application (mobile ICQ client) which sends several SMS messages to premium rate number 2476 (US$6.00 e...

Open Source Awards 2011 launched - "Recognizing excellence in open source" The 'Packt Open Source Awards 2011' have been announced. Formerly the Open Source CMS Award, the contest has been running since 2006 and, according to a press release sent to .net, is "regarded as one of the most established platforms for recognising excellence amongst Open Source Software". The aim of the Open Source Awards is to encourage, support and reward open source projects, in part through cash prizes, which have topped $100,000 since 2006. This year, the categories up for awards are: Open Source CMS, Open Source Mobile Toolkits and Libraries, Most Promising Open Source Project, Open Source Business Applications, Open Source JavaScript Libraries, and Open Source Multimedia Software. To identify excellence, the public votes for finalists within each category are combined with ratings from a panel of judges. Packt itself notes that it has no input nor say in the finalist...

Samsung Galaxy S II (AT&T) trusted pattern lock Security Bypassed Major security flaw found in AT&T's upcoming Samsung Galaxy S II device. Guys at BGR noticed that the information on the upcoming AT&T version of the Samsung Galaxy S II isn't so safe behind a once trusted pattern lock, and that it can quite simply be bypassed. All you have to do : Wake the device using the lock key, then let the screen time out, then wake it again with the lock key and you can access all the data. AT&T's Version of Samsung Galaxy S II is confirmed to have this security flaw, but the Sprint version or other does not suffer from this. Even I just check my own Samsung Galaxy S II (Indian Version), Yeah - ITS SAFE :) Video Demonstration [ Source ]

Nmap 5.61 TEST2 -  IPv6 OS detection Added Nmap Added IPv6 OS detection, CPE, 30 more scripts, and more features in latest release Nmap 5.61 TEST2. Change Log for Nmap 5.61TEST2 Added IPv6 OS detection system! The new system utilizes many tests similar to IPv4, and also some IPv6-specific ones that we found to be particularly effective. And it uses a machine learning approach rather than the static classifier we use for IPv4. We hope to move some of the IPv6 innovations back to our IPv4 system if they work out well. The database is still very small, so please submit anyfingerprints that Nmap gives you to the specified URL (as long asyou are certain that you know what the target system isrunning). Usage and results output are basically the same as withIPv4, but we will soon document the internal mechanisms athttp://nmap.org/book/osdetect.html, just as we have for IPv4. For anexample, try "nmap -6 -O scanme.nmap.org". [David, Luis] [NSE] Added 3 scripts, bringing the ...

Virus removal website compromised to serving malware One of the Famous Virus Removal Service website : laptopvirusrepair.co.uk  is compromised and Hacker is Serving Malware on the website. In above screenshot Avira detects the JS/Blacole.psak Java script Virus hosted on the site.  The snippet of code is located at the bottom of the index page: It is an obfuscated iframe that redirects to a site that will deliver exploits:  zdesestvareznezahodi.com/tds/go.php?sid=1 . This Site is listed in  malwareblacklist .  Detected Virus is : Kaspersky: Trojan-Downloader.JS.Agent.geo and Effected Platforms / OS: • Windows 95 • Windows 98 • Windows 98 SE • Windows NT • Windows ME • Windows 2000 • Windows XP • Windows 2003 • Windows Vista • Windows Server 2008 • Windows 7 Side effects of JS/Blacole.psak Java script Virus: • Can be used to execute malicious code • Drive-by download