The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Remember Project: C.H.I.P. ? A $9 Linux-based, super-cheap computer that raised some $2 Million beyond a pledge goal of just $50,000 on Kickstarter will be soon in your pockets. Four months ago, Dave Rauchwerk , CEO of Next Thing Co., utilized the global crowd-funding corporation ' Kickstarter ' for backing his project C.H.I.P., a fully functioning computer that offers more than what you could expect for just $9. C.H.I.P. stands for " Computer Hardware in Products. " At first, the project was looking like a never ending project but here's something exciting — The $9 CHIP computer is shipping. Yes, Rauchwerk says that the first run of devices is beginning to be distributed to early backers within 7-9 days. Rauchwerk said, " If you backed the [CHIP] project at the Kernel Hacker Backer level on Kickstarter, you'll receive two CHIP computers — the second by mid-October. " Specifications and Capabilities: CHIP packages: 1...

Two months ago, THN reported about a similar announcement made by The American Registry for Internet Numbers (ARIN), which said that the agency is no longer able to produce IPv4 addresses in North America . Within a time frame of few months, ARIN, which handles Internet addresses in America, has announced the final exhaustion of their free pool of IPv4 addresses has reached zero... ...i.e. the availability of IPv4 (Internet Protocol version 4) addresses no more exists. Meanwhile, they are going to accept requests for IPv4, which will be approved via two ways: Wait List for Unmet IPv4 Requests - Join the waitlist for unmet requests in the hopes that a block of the desired size will be available in the future. IPv4 Transfer Market - Can be purchased from another organization that has more than it needs. So, in the future, IPv4 address space will be allocated to the approved requests on the Waiting List for Unmet Requests, if ARIN: receives any IPv4 address spac...

iOS 9.0.1 – Apple's first update to its new iOS 9 mobile operating system, came out on Wednesday, addressed several bugs in its software. However, unfortunately, it seems that the latest update iOS 9.0.1 doesn't fix the lock screen bypass vulnerability reported by iPhone user Jose Rodriguez. Yes, the serious flaw in iOS 9 that allows anyone – with physical access of your iPhone or iPad – to bypass your device's lock screen and get into your contacts and personal photographs, also Works on iOS 9.0.1 . Video Demonstration: Rodriguez published a new video detailing a step-by-step explanation on how to bypass the passcode on iOS 9 and iOS 9.0.1 device, using the benevolent nature of Apple's personal assistant Siri. The lock screen bypass vulnerability works on all iOS versions from iOS 5.1.1 to the latest released iOS 9.0.1 . Mitigation So, until Apple rolls out an update to patch this bug, the only way available to iPhone users to mitiga...

Can the Cops can make you unlock your iPhone? ... " NO " According to a recent Federal Court's ruling, it is not okay for police to force suspects to unlock their phones with a passcode. And, doing so would be a violation of your Fifth Amendment Rights in the US Constitution. The ruling came as the conclusion of a case , where Securities and Exchange Commission (SEC) accused Bonan Huang and Nan Huang for conducting illegal Insider Trading. As a result of which, the investigating agencies cannot question the suspects for giving out their smartphone passcodes or any form of encryption passwords or even their existence on the suspect's device. They are said to have used their positions as data analysts at Capital One Bank ( credit card issuing Bank) . The bank gave each of them a mobile phone, allowing them to use a passcode of their choice. Huang's left Capital One and submitted the mobile phones to the bank, the bank then gave the mobil...

Yahoo! has open-sourced Gryffin – a Web Application Security Scanner – in an aim to improve the safety of the Web for everyone. Currently in its beta, Project Gryffin has made available on Github under the BSD-style license that Yahoo! has been using for a number of its open-sourced projects. Gryffin is basically a Go & JavaScript platform that helps system administrators scan URLs for malicious web content and common security vulnerabilities, including SQL Injection and Cross-Site Scripting (XSS) . Yahoo! describes Gryffin as a large-scale Web security scanning platform, which is more than just a scanner, as it is designed to address two specific problems: Coverage Scale Scale is obviously implied for large Web, while Coverage has two dimensions – Crawl and Fuzzing . Crawl's ability is to find as much of the Web application's footprint as possible, whereas Fuzzing involves testing each part of the application's components for an applied se...

A newly discovered critical flaw in the implementation of web cookies by major browsers could open secured (HTTPS) browsing to Man-in-the-middle attacks . The US Computer Emergency Response Team (CERT) has revealed that all the main browser vendors have improperly implemented the RFC 6265 Standard, also referred to as " Browser Cookies ," allowing… …remote attackers to bypass secure HTTPS protocol and reveal confidential private session data. Cookies are small pieces of data sent from web sites to web browsers, which contains various information used to identify users, or store any information related to that particular website. HTTPS Cookie Injection Vulnerability Whenever a website ( you have visited ) wants to set a cookie in your browser, it passes a header named " Set-Cookie " with the parameter name, its value and some options, including cookie expiration time and domain name ( for which it is valid ). It is also important to note that HTTP ...