The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Watch out, coffee drinkers. If you are one of those 10 million Starbucks customers, who purchases drinks and food directly from their Smartphones, this news is for you! If you use Starbucks’ official iOS app, you should know that the company is not encrypting any of your information, including your password. The app allows the Starbucks customers to check their balance, transaction history, fund transfer, and store location, etc. A Security researcher Daniel E. Wood found a vulnerability (CVE-2014-0647) in STARTBUCKS v2.6.1. iOS mobile application, that stores your credential details and GPS locations in plain text format into the file system. To extract the information from the mobile, an attacker just needs to connect the device to a computer and accessing ' session . clslog ' file from the location given below: /Library/Caches/ com . crashlytics . data/ com . starbucks . mystarbucks /session . clslog The vulnerability , however, requires that the hacker has physical...

I hope you all still remember the famous and powerful Remote Administration Tool (RAT) called ' Dark Comet ', developed by a French computer geek ' Jean-Pierre Lesueur ', also known as ' DarkCoderSc '. However, He had closed the Dark Comet project, when the Syrian government found to be using it to track down and to spy on their people. After that  DarkCoderSc  started working under a new banner ' Phrozen Software ' to develop many new security softwares and penetration testing tools. Just yesterday, Jean-Pierre and his team-mate Fabio Pinto  from French University, have released a new tool called ' Rakabulle ', a file binder with some cool features for penetration testers and malware researchers. File binder is an application that allows a user to bind multiple files together, resulting in a single executable file. When you execute that single application, all previous merged files will be extracted to a temporary location, and will be exe...

Like Bitcoin, There are numerous other cryptocurrency similar in nature, including  MasterCoin , ProtoShares, Litecoin, Peercoin, BitBar and many more. One of them is  Primecoin  (sign: Ψ; code: XPM),  a peer-to-peer open source cryptocurrency that implements a scientific computing proof-of-work system. Unlike Bitcoin or other virtual currencies, only Primecoin provides a proof of work that has intrinsic value. It generates a special form of prime number chains, known as ‘ Cunningham chains & bi-twin chains ’ and has a real world importance in mathematical research. Worldwide famous RSA Encryption basically uses two prime numbers for generating a RSA key pair. If you are able to factorize the public key and find these prime numbers, you will then be able to find the private key. Thus, the whole Security of RSA encryption is based on the length of prime numbers. So, Primecoin plays a great role for crypto researchers to get large... and a ve...

In this Internet savvy generation, we want all of our data to be secured at some place. Having backups of your data is always a good idea, whether that data is stored in the Cloud or on your computer. But everyone who is following the Edward Snowden leaks of the NSA 's PRISM program now pushed to hardening their Mobile devices and computers for security, privacy, and anonymity. There are many Free Cloud storage providers including  Google Drive ,  Dropbox, Box, RapidShare, Amazon Cloud Drive, Microsoft SkyDrive  and many more. These services have a limitation that all data is unencrypted, or even if it is encrypted, the encryption keys are still generated by the company's software, meaning the company still has an access to your data. So as an end user, we must think about the security and privacy of our data. We should first encrypt our files on the system level and then upload a copy of it on the cloud storage. For this a robust and highly user friendly tool called...

Mobile security may not be secure as you think. In September we have reported that the National Security Agency has the ability to access data on iOS, Android and even BlackBerry devices. Everyday a new revelation of NSA Surveillance Program makes Security and Privacy a major concern for all of us. Today we feel the need of highly secured Networks and Encrypted Devices to safeguard our privacy from Cyber Criminals as well as Government. Phil Zimmerman , Inventor of the email encryption tool PGP and Silent Circle's Co-founder (company specializes in mobile privacy and peer-to-peer encryption ) has announced ' BLACKPHONE ', a Smartphone that’s been designed to enable secure, encrypted communications, private browsing and secure file-sharing. The company will launch BLACKPHONE in the ' Mobile World Congress ', Spain next month, offers ‘ PrivatOS ’, an Android based operating system which will allow users to make and receive secure phone calls, exchange secure te...

More than 15.2% of the Algerian population use Internet service which is provided by around 30 Internet Service Providers and one of the largest shares is served by Algerie Telecom .  Algerie Telecom provides  TP-LINK TD-W8951ND  Router to most of their home customers who Opt-In for Internet services and each of which has ZYXEL embedded firmware installed in it. ABDELLI Nassereddine, penetration tester and Algerian Computer Science Student has reported highly critical unauthorized access and password disclosure vulnerabilities in the Routers provided by Algerie Telecom. He told ' The Hacker News ' that the vulnerabilities can be exploited by any remote hacker just by exploiting a very simple loophole in the firmware. First, he found that an unauthorized access is available to ' Firmware/Romfile Upgrade'  Section on the Router's panel that can be accessed without any login password i.e. http://IP//rpFWUpload.html This page actually allows a user to upgr...