The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

How Facebook Ticker  exposing your information and behavior without your knowledge Nelson Novaes Neto , a Brazilian (independent) Security and Behavior Research have  analyze  a privacy issue in Facebook  Ticker  that allows any person chasing you without your knowledge or consent . He explain that this is not a code vulnerability, but here the whole issue is related to users privacy. Nelson said on his blog " This tool - monitor others began to run when it introduced a new feature called Ticker. This new feature (Ticker) does not respect the privacy settings and it now Comments (updates), add friends, likes and can be seen by others (friend *) anyone without your permission. * You really know a friend tell me if it is real or fake profile - cloned? " Nelson Give Proof of Concept with a very creative real life scenario. Check out a live demonstration, where a "novel" explains how the issue of privacy (you can use any browser to play it). Descri...

Most advanced and dangerous malware for Apple products - Why you should be concerned ! Indian security researcher from MalCon has created an advanced and dangerous malware for Apple products which can not only compromize your privacy but also steal important data and let hackers control your device by simple text messages. If you are using any Apple product such as iPhone, iPad or iPod, then you shuuld be concerned. Indian security researcher from MalCon , Atul Alex has created an advanced malware for the Apple products which can not only intercept calls of users, steal data, but also provide a reverse VNC to see remotely all the actions of the victim. The malware can be deployed remotely over the web and is supposed to work on the latest iOS 5. Atul Alex, Technical director of MalCon said " Apple products are extremely secure by design. The malware works on jailbroken devices - something which over 90% of users have. If your device is not jailbroken, you have nothing to w...

TeaMp0isoN releases list of vulnerable police web sites TeaMp0isoN group of hackers published a list of vulnerable law enforcement authorities websites that can be hacked using MSAccess SQL injection attacks. Member from TeaMp0isoN with codename " _f0rsaken " create a pastebin note with following message for Police and People of World : I do not like the Police. You beat on innocent and peaceful protestors for no reason other than that you want to protect your friends at the banks and yourselves to make money. It's all about money and the Police aiming to keep their job. Why did I decide on not releasing the databases? I want you to see for yourself how vulnerable these people really are and for you all to get an understanding on why I didn't release. In this release I present you vulnerable websites that are open to MSAccess SQL injection. Below are official city websites that also the Police of that said area uses for their updates. Of course with all the mone...

Tor 0.2.2.34 Released with fixes of anonymity vulnerability Tor 0.2.2.34 fixes a critical anonymity vulnerability where an attacker can de-anonymize Tor users. Everybody should upgrade. Clients should upgrade so they are no longer recognizable by the TLS certs they present. Relays should upgrade so they no longer allow a remote attacker to probe them to test whether unpatched clients are currently connected to them.This release also fixes several vulnerabilities that allow an attacker to enumerate bridge relays. Some bridge enumeration attacks still remain. Download Here

Malware for xbox Kinect created by 15 years old  Indian researchers Indian researchers from MalCon have created a malware that utlizes Microsoft Kinect to secretly capture pictures and upload to a picasa account. A 15year old Indian security researcher ' Shantanu Gawde ' from MalCon Research has created a malware that utilizes the Microsoft xbox kinect controller. Kinect for Xbox 360, or simply Kinect, is a motion sensing input device by Microsoft for the Xbox 360 video game console. With over 10 million devices sold till date, the kinect holds the Guiness book for world record for the fastest selling consumer electronics device - and is exactly the reason why the malware is a concern. In recent months, there have been a number of innovative kinect hacks that make use of the kinect using both Open source drivers and the Kinect SDK. The malware, code-named 'gawde' after its creators name, works on Windows 7 to secretly capture pictures of the victim / surroundin...

Facebook EXE attachment Vulnerability can Compromise with Users Security Nathan Power from SecurityPentest has discovered new Facebook Vulnerability, that can easily attach EXE files in messages,cause possible User Credentials to be Compromised . When using the Facebook 'Messages' tab, there is a feature to attach a file. Using this feature normally, the site won't allow a user to attach an executable file. A bug was discovered to subvert this security mechanisms. Note, you do NOT have to be friends with the user to send them a message with an attachment. But Nathan Power Find the way to upload EXE . When uploading a file attachment to Facebook we captured the web browsers POST request being sent to the web server. Inside this POST request reads the line: Content-Disposition: form-data; name="attachment"; filename="cmd.exe" It was discovered the variable 'filename' was being parsed to determine if the file type is allowed or not. To s...