The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The hacker group Anonymous claims that Maxson is the man who drove Amanda Todd to her death last week, but the Canada native says it wasn't him and that he was a friend to the teen. Alleged Amanda Todd blackmailer Kody Maxson outed a second pedophile blackmailer, known as Viper. Maxson appeared in court Monday for unrelated charges of sexual assault and sexual interference of a person under 16. Anonymous traced him to the online handle Kody1206, an active user on teen chat hub Blogtv where Todd was coerced into exposing herself and various forums dedicated to trading jailbait or sexualized images of teens. Maxson said he got some sketchy information about the blackmailer, who he says was 26, lived in New York and goes by an alias of Viper. The man said he passed this information to the RCMP and NYPD, but he couldn’t remember whom he spoke with. He said he only knew Amanda in “ a sense ,” but denied he was one of her cyber-bullies. Here’s a video statement fro...

With Web applications remaining a popular target for attackers, Web app security sometimes seems like a digital version of the " Good, the Bad and the Ugly ." Vulnerabilities in web applications are now the largest vector of enterprise security attacks. Web application security is much more challenging than infrastructure. The top Web application vulnerabilities occur and re-occur time and again. Items such as Cross Site Scripting (XSS), SQL Injection (SQLi) and file inclusion are common vulnerabilities and show up frequently. In his view, the majority of Web application security problems can be solved by applying well known security technology approaches. According to survey results, only 51 percent of organizations currently have coders conduct security testing, and only 40 percent of organizations report they test during development. Vulnerabilities like these fall often outside the traditional expertise of network security managers. To help you understa...

The multinational bank HSBC has blamed a denial of service attack for the downtime of many of its websites worldwide on Thursday night and the Anonymous group has been quick to take credit. " Banks are the sole cause of our current worldwide economic problems. They deserve to get hit. RBS, Lloyds TSB and Barclays are next, " FawkesSecurity said . " This denial-of-service attack did not affect any customer data, but did prevent customers using HSBC online services, including Internet banking. We are taking appropriate action, working hard to restore service. We are pleased to say that some sites are now back up and running. We are cooperating with the relevant authorities and will cooperate with other organizations that have been similarly affected by such criminal acts. " HSBC said. The timing of the group's Twitter postings lends credence to its claims, but Twitter users claiming to be Anonymous members have falsely claimed responsibility for at...

The most common approach to protect data during communication on the Android platform is to use the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols. Thousands of applications in the Google Play market that are using these implementations. A group of researchers including Sascha Fahl, Marian Harbach, Thomas Muders, Matthew Smith from Distributed Computing & Security Group - Leibniz University of Hannover, Hannover, Germany and Lars Baumgärtner, Bernd Freisleben from Department of Math. & Computer Science - Philipps University of Marburg, Marburg, Germany, have presented a paper that  most of these applications contain serious mistakes in the way that SSL/TLS is implemented, that leaving them vulnerable to man-in-the-middle attacks that could compromise sensitive user data such as banking credentials, credit card numbers and other information. Tests performed on 100 selected apps confirmed that 41 of them were vulnerable to known atta...

Android’s App store is currently facing a new dilemma as its security has been compromised once again. Researchers from security firm TrustGo have recently spotted on Google Play a bogus app that supposedly automatizes the updating of a batch of other apps. The malicious code was hidden within an app named, "Updates" by developer Good Byte Labs (Package name: com.updateszxt) and was designed to look like an update to the Lookout™ mobile security application. The malware detected as Trojan!FakeLookout.A  is capable of stealing SMS and MMS messages and upload them to a remote server via FTP. This virus has the potential to steal all personal business sensitive data from the users’ device. Though there are no reports of being infected by the users, it is believed that the infected users are not aware of it yet. " New approach being attempted by malware makers, " TrustGo said the site in question " contains a Trojan file that targets multiple platfo...

A French hacker has been arrested for spreading a virus through fake smartphone applications. Prosecutors say he stole tiny sums from 17,000 people, amassing about 500,000 euros (£405,000) since 2011. Working from the basement of his parents' home in Amiens, France, he created malicious software that looked like normal smartphone apps, but these programs stole money through hidden transactions. He also used programs that sent him the usernames and passwords for gambling and gaming websites. The man admitted his crimes to police after he was arrested in the northern French city of Amiens. He told officials that he was motivated by a strong interest in computers and the desire to be a software developer.