The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Latest Security Flaw in Skype Enables IP address & Location Tracking The serious breach in the widely-used, internet video chat program means that any evil computer nerd could easily hunt down users' whereabouts, according to a study co-authored by an NYU-Poly professor. The flaw in Skype could allow a skilled hacker to find out the IP address from which a user has logged in to Skype, thereby determining the location of Skype users, which is a massive breach of privacy and security. The company is trying to downplay the flaw, claiming that the ability to derive IP addresses was common with all web based communication clients. The flaw can reportedly be exploited without the user’s knowledge, and can be executed on a massive scale. The reserch team demonstrated this by scheduling hourly calls to tens of thousands of Skype users. Adrian Asher, Skype's chief information security officer, said that IP addresses are easily uncovered in most web communications clients....

Japan under Heavy Cyber Attack ! In last two days several Cyber attacks breach corporate and National Security of Japan. First, Japanese parliament hit by cyber attack from China according to Report. A server located in China was used for the attack on the Japanese Lower House. This led to an extraordinary meeting of a key subcommittee after it emerged that hackers had access to emails and documents belonging to the chamber's 480 legislators for at least one month. The personal computers and servers of Japanese lower house lawmakers have been hit by a cyber attack, and passwords and user IDs may have been stolen. Next, Information on military aircraft and nuclear power plants may have been stolen in a series of cyberattacks on Japanese defence contractor Mitsubishi Heavy. Mitsubishi Heavy said late last month that 83 computers at 11 of its facilities had been hit by cyberattacks but no leakage of information on products and technologies had been confirmed. Christo...

The Hacker’s Choice releases SSL DOS Tool German hacker group “The Hacker’s Choice” officially released a new DDoS tool. The tool exploits a weakness in SSL to kick a server off the Internet. Establishing a secure SSL connection requires 15x more processingpower on the server than on the client.THC-SSL-DOS exploits this asymmetric property by overloading theserver and knocking it off the Internet.This problem affects all SSL implementations today. The vendors are awareof this problem since 2003 and the topic has been widely discussed.This attack further exploits the SSL secure Renegotiation featureto trigger thousands of renegotiations via single TCP connection. Download: Windows binary: thc-ssl-dos-1.4-win-bin.zip Unix Source : thc-ssl-dos-1.4.tar.gz Usage: Use " ./configure; make all install " to build and Run :  ./thc-ssl-dos 127.3.133.7 443 Tips & Tricks for whitehats 1. The average server can do 300 handshakes per second. This would require 10-25% of your lapt...

Tor anonymizing network Compromised by French researchers French researchers from ESIEA , a French engineering school, have found and exploited some serious vulnerabilities in the TOR network. They performed an inventory of the network, finding 6,000 machines, many of whose IPs are accessible publicly and directly with the system’s source code. They demonstrated that it is possible to take control of the network and read all the messages that circulate. But there are also hidden nodes, the Tor Bridges, which are provided by the system that in some cases. Researchers have developed a script that, once again, to identify them. They found 181. " We now have a complete picture of the topography of Tor ," said Eric Filiol. The specific attack involves creating a virus and using it to infect such vulnerable systems in a laboratory environment, and thus decrypting traffic passing through them again via an unknown, unmentioned mechanism. Finally, traffic is redirected towards ...

Bleeding Life 2 Exploit Pack Released Black Hat Academy releases Bleeding Life 2 exploit pack. This is an exploit pack that affects Windows-based web browsers via Adobe and Java. You can read all about it, and download it for yourself. Statistics are kept based on exploit, browser, and OS version. Exploits Adobe CVE-2008-2992 CVE-2010-1297 CVE-2010-2884 CVE-2010-0188 Java CVE-2010-0842 CVE-2010-3552 Signed Applet Features Advanced Statistical Information Stylish Progress Bars Full User-Friendly Admin Panel Referer Stats Secure Panel - Login/Logout Ability To Set and Save Passwords On Panel Ability To Allow Guest Access - Guest Can Only View Stats Page, Clicking and Other Pages Disabled. Ability To Add and/or Remove Exploits Used Ability To Add Scan4You Credentials For Built-In Scanner Use Ability To Filter Browsers Ability To Filter Operating Systems Attempt To Detect and Filter HTTP Proxies Ability To Blacklist by IP/Range Ability To Import Blacklist On Pan...

Microsoft ’s official Youtube channel hacked It appears that someone has hacked into Microsoft’s account on Youtube and removed all videos. As can be seen in the picture, there are currently no videos at all anymore (see the red arrow in the screenshot) and the comment about the website is not “ Wish to Become Sponsored ? Message me ”. Also the hometown has been changed to “Hey”. In their place are short clips soliciting advertisers, not surprisingly, as the channel has some 24,000+ subscribers.As of 1:30 p.m. ET, four videos have been uploaded to the account, all time-stamped within the past two hours. A fifth video, most recently uploaded, seems to have been removed. The video, “Garry’s Mod – Escape the Box,” featured what appeared to be an animated gunman shooting at the inside of a construction box.The channel’s description reads, “ I DID NOTHING WRONG I SIMPLY SIGNED INTO MY ACCOUNT THAT I MADE IN 2006 :/. ” Neither Microsoft nor Google (which owns YouTube) have disclosed info...