The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Google tells Iranians to Change their Gmail password Google is advising all its users in Iran to change their Gmail passwords, and check that their Google accounts have not been compromised.In a blog post , Google said that it was directly contacting users in Iran who may have been hit by a man-in-the-middle attack. The move follows the compromise of Dutch SSL certificate authority DigiNotar. Hackers created fake SSL certificate credentials for Google.com and many other domains. These fake Google credentials were used to run man-in-the-middle attacks against Gmail users in Iran, according to an examination of authentication look-ups logs at DigiNotar and other evidence. Specifically, Google recommends that users in Iran change their passwords; verify their account recovery options; check the Web sites and applications that are allowed to access their Google account; check Gmail settings for suspicious forwarding addresses or delegated accounts; and pay attention to warnings tha...

Norton Cybercrime Report 2011 For the first time a Norton study calculates the cost of global cybercrime: $114 billion annually.Based on the value victims surveyed placed on time lost due to their cybercrime experiences, an additional $274 billion was lost. With 431 million adult victims globally in the past year and at an annual price of $388 billion globally based on financial losses and time lost, cybercrime costs the world significantly more than the global black market in marijuana, cocaine and heroin combined ($288 billion). Read more on Norton

FBPwn : A Cross-Platform Facebook Profile Dumper tool FBPwn is an open source, cross-platform, Java based Facebook profile dumper. It can send friend requests to a list of Facebook profiles, and poll for their acceptance notification. Once the victim accepts the invitation, it dumps all their information, photos and friend list to a local folder. It supports a lot of modules that can expand its current functionalities. It has a well documented Wiki page explaining the process of building a FBPwn module. Though it has a lot of available modules prebuilt for your use. All modules work on a selected profile URL (we’ll call him Bob), using a valid authenticated account (we’ll call him Mallory). AddVictimFriends: Request to add some or all friends of Bob to increase the chance of Bob accepting any future requests, after he finds that you have common friends. ProfileCloner: A list of all Bob’s friends is displayed, you choose one of them (we’ll call him Andy). FBPwn will change Ma...

Wireshark 1.4.9 & Wireshark 1.6.2 updated version released Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education. The following bugs have been fixed: configure ignores (partially) LDFLAGS. (Bug 5607) Build fails when it tries to #include , not present in Solaris 9. (Bug 5608) Unable to configure zero length SNMP Engine ID. (Bug 5731) BACnet who-is request device range values are not decoded correctly in the packet details window. (Bug 5769) H.323 RAS packets missing from packet counts in “Telephony->VoIP Calls” and the “Flow Graph” for the call. (Bug 5848) Wireshark crashes if sercosiii module isn’t installed. (Bug 6006) Editcap could create invalid pcap files when converting from JPEG. (Bug 6010) Timestamp is incorrectly decoded for ICMP Timestamp Response packets from MS Windows. (Bug 6114) Malformed Packet in decode for BGP-AD update. (Bug 6122) Wrong display of CSN_BIT in CSN.1. (...

Google Web History vulnerable to new Firesheep Addon Two researchers have shown how a modded version of the Firesheep Wi-Fi sniffing tool can be used to access most of a victim’s Google Web History, a record of everything an individual has searched for. The core weakness discovered by the proof-of-concept attack devised by Vincent Toubiana and Vincent Verdot lies with what is called a Session ID (SID) cookie, used to identify a user to each service they access while logged in to one of Google’s services. Fortunately, the latest exploit does not allow attackers to take over Google Accounts, but obviously, it can be used to expose private data. " While the direct access to users' data is subject to a strict security policy, using personalized services (which may leak this same personal information) is not, " wrote Vincent Toubiana and Vincent Verdot, the creators of the modded Firesheep. To be sure, the compromised cookies are deployed across more than 20 websites inc...

Hotmail , MSN , Office 365 , live.com sites down (now up) A number of Microsoft online services, including Hotmail, MSN, Office 365, and seemingly most if not all of *.live.com addresses are currently “experiencing an outage”. MSN and Office 365 have already tweeted about it: The downtime, which happened on Friday at about 4am in the UK — 8pm on Thursday Pacific time (PDT) — was due to a domain name service problem, according to Microsoft. But Microsoft certainly isn't alone.Google has also seen its share of downtime. Just this past Wednesday, Google Docs was offline for about 30 minutes. In May, the company's Blogger service was unavailable for the greater part of a day.

URGE (Universal Rapid Gamma Emitter) Hijacking Twitter Trends Released by Anonymous Anonymous have created something called Universal Rapid Gamma Emitter, or more simply URGE, which hijacks Twitter trending topics, allowing Anonymous members and supporters to subvert the topic with their own embedded messages. Anonymous is calling it TwitterRaiding. Members of the group say that they are tired of constantly seeing trending topics that are redundant or related to pop culture and created this tool to help create more attention for topics that may have a wider meaning or different kind of impact on other Twitter users. In a statement, members say that, “ This is not a hacking tool nor is it an exploit tool .” A press release on URGE states: To the people of the interwebz, We recently have become tired of seeing trending topics on twitter that were redundant and “pop culture” like. We have also grown tired of Twitter not trending hash tags that actually serve a cause and mean somet...