The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Wireshark 1.4.9 & Wireshark 1.6.2 updated version released Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education. The following bugs have been fixed: configure ignores (partially) LDFLAGS. (Bug 5607) Build fails when it tries to #include , not present in Solaris 9. (Bug 5608) Unable to configure zero length SNMP Engine ID. (Bug 5731) BACnet who-is request device range values are not decoded correctly in the packet details window. (Bug 5769) H.323 RAS packets missing from packet counts in "Telephony->VoIP Calls" and the "Flow Graph" for the call. (Bug 5848) Wireshark crashes if sercosiii module isn't installed. (Bug 6006) Editcap could create invalid pcap files when converting from JPEG. (Bug 6010) Timestamp is incorrectly decoded for ICMP Timestamp Response packets from MS Windows. (Bug 6114) Malformed Packet in decode for BGP-AD update. (Bug 6122) Wrong display of CSN_BIT in CSN.1. (...

Google Web History vulnerable to new Firesheep Addon Two researchers have shown how a modded version of the Firesheep Wi-Fi sniffing tool can be used to access most of a victim's Google Web History, a record of everything an individual has searched for. The core weakness discovered by the proof-of-concept attack devised by Vincent Toubiana and Vincent Verdot lies with what is called a Session ID (SID) cookie, used to identify a user to each service they access while logged in to one of Google's services. Fortunately, the latest exploit does not allow attackers to take over Google Accounts, but obviously, it can be used to expose private data. " While the direct access to users' data is subject to a strict security policy, using personalized services (which may leak this same personal information) is not, " wrote Vincent Toubiana and Vincent Verdot, the creators of the modded Firesheep. To be sure, the compromised cookies are deployed across more than 20 websites inc...

Hotmail , MSN , Office 365 , live.com sites down (now up) A number of Microsoft online services, including Hotmail, MSN, Office 365, and seemingly most if not all of *.live.com addresses are currently "experiencing an outage". MSN and Office 365 have already tweeted about it: The downtime, which happened on Friday at about 4am in the UK — 8pm on Thursday Pacific time (PDT) — was due to a domain name service problem, according to Microsoft. But Microsoft certainly isn't alone.Google has also seen its share of downtime. Just this past Wednesday, Google Docs was offline for about 30 minutes. In May, the company's Blogger service was unavailable for the greater part of a day.

Python supply chain attacks are surging in 2025. Join our webinar to learn how to secure your code, dependencies, and runtime with modern tools and strategies.

URGE (Universal Rapid Gamma Emitter) Hijacking Twitter Trends Released by Anonymous Anonymous have created something called Universal Rapid Gamma Emitter, or more simply URGE, which hijacks Twitter trending topics, allowing Anonymous members and supporters to subvert the topic with their own embedded messages. Anonymous is calling it TwitterRaiding. Members of the group say that they are tired of constantly seeing trending topics that are redundant or related to pop culture and created this tool to help create more attention for topics that may have a wider meaning or different kind of impact on other Twitter users. In a statement, members say that, " This is not a hacking tool nor is it an exploit tool ." A press release on URGE states: To the people of the interwebz, We recently have become tired of seeing trending topics on twitter that were redundant and "pop culture" like. We have also grown tired of Twitter not trending hash tags that actually serve a cause and mean somet...

20000 patient records Breach at Stanford Hospital Last month Stanford University's hospital discovered a massive privacy breach when 20,000 emergency room records appeared online. The records included names, diagnosis codes, account numbers, dates of admission and discharge, and billing charges. Social Security numbers, birth dates, credit card accounts or other information that could potentially result in identity theft was not exposed. Even so, the hospital is offering free identity-protection services to all affected patients. The Hospital released the following statement: " An electronic file that an outside vendor's sub-contractor created and caused to be posted to a website contained limited information about patients seen in the Emergency Department of Stanford Hospital & Clinics between March 1 and August 31, 2009. The Hospital discovered this on August 22, 2011, and immediately took action to ensure removal of the file from the website, which was done within 24...

Hacker Halted USA 2011 - 10 Reasons Why You Should Attend Hacker Halted is a global series of Computer and Information Security conferences presented by EC-Council. The objective of the Hacker Halted conferences is to raise international awareness towards increased education and ethics in IT Security. The event is currently in its 14th year. Also present at Hacker Halted is EC-Council's H@cker Halted | Academy, trainings and workshops led by EC-Council instructors and trainers. Hacker Halted returns to Miami for the 3rd year in a row will be held in Miami on 25th and 27th October 2011. Participate and be part of one of the world's most recognized information security conference. Gain perspective through keynote addresses on the current state of information security as well as emerging trends and threats. An information security conference with a comprehensive agenda. Choose from the various focused tracks covering critical domains of information security. Match your informati...

winAUTOPWN v2.7 – Windows Autohacking Tool This version covers almost all remote exploits up-till mid-July 2011 and a few older ones as well. This version incorporates a few new commandline parameters: -perlrevshURL (for a PERL Reverse Shell URL), – mailFROM (smtpsender) and -mailTO (smtpreceiver). These are the commandline arguments required for a few exploits which require remote connect-back using a perl shell and email server exploits requiring authentication respectively. This version also tackles various internal bugs and fixes them. A complete list of all Exploits in winAUTOPWN is available in CHANGELOG.TXT A complete list of User Interface changes is available in UI_CHANGES.txt Also, in this version : BSDAUTOPWN has been upgraded to version 1.5. In this release you will also find pre-compiled binaries for : FreeBSD x86 FreeBSD x64 DragonFly BSD x86 Download winAUTOPWN v2.7