The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

It’s been over a day now since Apple ’s online Dev Center went offline, and latest message can be seen in the screenshot, which explains that the current maintenance has took a lot longer than they expected. " We apologize that maintenance is taking longer than expected. If your program membership was set to expire during this period, it has been extended and your app will remain on the App Store. If you have any other concerns about your account, please contact us. Thank you for your patience. " message said. Since that time, developers have been unable to access the site and cannot visit the forums or download Mac or iOS SDKs, the iOS 7 beta, or the Mavericks beta. It was first seemed like Apple having some backend issues but according to tweets from many developers, they have received a message from Apple that an attempt was made to reset their user ID’s password . Such notices pointing that Apple’s Developer Center website may have been compromised. But if it is a sec...

Ubuntuforums.org , The popular Ubuntu Forums site, has posted a message on its index page, informing its near 2 million users that it has suffered a serious security breach. “ There has been a security breach on the Ubuntu Forums, ” reads the page. The site was defaced by hacker with Twitter handle " Sputn1k_ " and Unfortunately the attacker have gotten every user's local username, encrypted password, and email address from the Ubuntu Forums database. “ The Canonical IS team is working hard as we speak to restore normal operations .” page said. Canonical advises users who have used their same forum password on other sites to change it immediately. " Ubuntu One, Launchpad and other Ubuntu/Canonical services are not affected by the breach, " company stated.

Last week we explained a critical vulnerability in Facebook that discloses the primary email address of facebook user. Later the bug was patched by Facebook Security Team. Today another similar interesting Facebook hack disclosed by another bug hunter, Roy Castillo. On his blog he explained a new facebook hack method that allows anyone to grab primary emails addresses of billions of Facebook users easily. Facebook Provides a App Dashboard for creating and managing your Facebook apps, with a range of tools to help you configure, build and debug your Facebook apps. The flaw exists in App settings, where application admin can add developer's profile also, but if the user is not a verified user, a error messages on page will disclose his primary email address. Using following mentioned steps, one was able to grab email addresses of all facebook users: Collect profile links of all facebook users from Facebook People Directory i.e http://www.facebook.com/directo...

Syrian Electronic Army (SEA), hacking group known for cyber attacks against the anti-Syrian websites, has claimed that it has hacked the website of messaging application, Tango (tango.me), that includes hundreds of millions of electronic and voice data over the Internet. Hacker group tweeted a message on Twitter. " Sorry @TangoMe, We needed your database too, thank you for it! http://tango.me #SEA #SyrianElectronicArmy ”. In a post on their website , hackers mentioned ," The databases content a of millions of the app user's phone numbers, contacts and their emails. More than 1.5 TB of the daily-backups of the servers network has been downloaded successfully " Screenshot of the backups folder of the servers network of Tango App as shown below: Screenshot of the Tango App log : The outdated version of wordpress CMS allowed them to gain unauthorized access to the database server. At the time of reporting, administrators redirect the website t...

The secret Foreign Intelligence Surveillance Court (FISA) gave the green light to the Obama administration by r enewing the government's authority Friday to continue the collection of millions of Americans' telephone records. The order by the Foreign Intelligence Surveillance Court has been in place for years but must be renewed every three months and this month it was  expired on July 19.  The Obama administration maintains Congress shouldn't be surprised by the programs. NSA surveillance programs were  exposed in the month of June,  by former National Security Agency contractor Edward Snowden .  He has been charged with espionage and remains in diplomatic limbo at the Moscow airport after seeking temporary asylum. President Barack Obama says the government is not listening in on calls, and  Intelligence officials say they have helped disrupt dozens of terrorist attacks, and target only foreign suspects outside the United Stat...

A cookie is a piece of data that is issued by a server in an HTTP response and stored for future use by the HTTP client. Quite simply, a cookie is a small text file that is stored by a browser on the user’s machine. Cookies are plain text; they contain no executable code. The client then re-supplies the cookie value in subsequent requests to the same server. This mechanism allows the server to store user preferences and identity individual users. One of the biggest issues in cookie mechanism is how to handle them. In short, the server had no way of knowing if two requests came from the same browser, called Cookie Handling vulnerability. ' Piero Tedeschi ' reported a similar issue in ' Telecom Italia ' ( http://www.telecomitalia.it/ ), the largest Italian telecommunications company, also active in the media and manufacturing industries. This vulnerability allow a malicious user to hijack multiples accounts, just by exporting and importing the cookies from...