The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Lilith: Perl script to audit web applications Lilith tool analyses webpages and looks for htmltags , which often refer to dynamic pages that might be subject to SQL injection or other flaws.Lilith basic function is to spider and analyses pages, following hyperlinks, injecting special characters that have a special meaning to any underlying platform. As most of us know web applications scanner can never perform a full 100% correct audit. A manual re-check eliminates most of the false positve. Features and changes made in lilith got rid of many many false positives (that's good) when SQL error is found, it now goes onto next var improved (i hope) scanning engine (anti) coldfusion support better cookie handling and cookie tampering omitted perl HTML::Form limitation better verbose output extensive logging detects directory indexing recursive URL dissection cleaned up this pasta code Download Lilith

Win Free Copies of BackTrack 5 Wireless Penetration Testing Guide with The Hacker News Fellow hackers would be very pleased to know that to celebrate the release of their new book- BackTrack 5 Wireless Penetration Testing Beginner's Guide , Packt Publishing is giving away 2 copies of the book to The Hacker News readers. Keep reading to find out how you can be one of the Lucky Winner. Here is a quick overview of BackTrack 5 Wireless Penetration Testing Beginner's Guide · Learn Wireless Penetration Testing with the most recent version of Backtrack · The first and only book that covers wireless testing with BackTrack · Concepts explained with step-by-step practical sessions and rich illustrations · Written by Vivek Ramachandran ¬ world renowned security research and evangelist, and discoverer of the wireless "Caffe Latte Attack" Read More How To Win Sound like something you might be interested in? All you need to do is head on over to the bo...

50000 WordPress Sites infected with spam The attack consists of contacting the domain wplinksforwork.com to get a list of links to be displayed on the compromised sites. However, that domain has been down for the last few days and all the sites compromised. These sites supposed to be compromised. Most of the hacked sites had outdated versions of WordPress installed. Infected sites have following message at Footer : Warning: file_get_contents(https://wplinksforwork.com/56132.. 47509328/p.php?host=… failed to open stream: php_network_getaddresses: getaddrinfo failed: Name or service not known in ..

Kazakhstan calls for global cyber security treaty to deter hackers at United Nations Today's security professionals - whether they are black hats, white hats or something in between - all have one thing in common: The knowledge of their craft probably did not come from a book or a classroom. Today's security skills - both good and bad - we learn online, in the unstructured jungle of the Internet. President Nursultan Nazarbayev told the debate's opening session – held at United Nations Headquarters in New York – that it was worrying that "not a single international convention or multilateral treaty governs information processes. " Is it not the reason why, in practical terms, most hacker attacks on banks, businesses, government institutions, [the] military and even nuclear facilities have been carried out with impunity? " he asked. Mr. Nazarbayev stressed the need for what he called " an international legal framework of the global information space ." He said suc...

More Android vulnerabilities exposed [Video Demonstration] It's been more than a month since researchers reported two serious security vulnerabilities in Android, but so far there's no indication when they will be purged from the Google-spawned operating system that's the world's most popular smartphone platform. Oberheide and Lanier are set to teach a two-day mobile security training course at SOURCE Barcelona this November where they will presumably refer to this and other Android vulnerabilities. Let's hope, for the sake of Android's reputation, that these things are resolved much sooner. The first vulnerability is known as a " Permission escalation vulnerability ", and allows attackers to install additional " arbitrary applications with arbitrary permissions ", without first asking the user if they want to permit such actions. This would allow attackers to access call records, texts, web browsing history and media stored on the device. The second bug...

Visual DuxDebugger Debugger - Disassembler for Windows 64-bit Main features Fully support 64-bit native processes Fully support 64-bit .NET processes Full code analysis Full memory analysis Code edition Memory edition Module export formats (EXE/DLL/CSV) Debug multiple processes Debug multiple child processes Minimum Requirements O.S: Windows 7 64-bit / Windows Server 2008 R2 Processor: Pentium 4 3.0 GHz Recommended Requirements O.S: Windows 7 64-bit / Windows Server 2008 R2 Processor: Dual Core 2.5 GHz Display: 1920 x 1080 Download

Vulnerability in its Identity Services Engine of Cisco Cisco is warning users of a critical vulnerability ( CVE-2011-3290 ) in its Identity Services Engine (ISE). In its security advisory, the company says that the underlying database used by ISE, its identity and access control policy platform, contains three sets of default credentials that could be exploited by a remote attacker without any end-user interaction. Using these credentials, an attacker could modify the configuration and settings, or even gain complete administrative control of a device. All hardware appliance and software-only versions of Cisco ISE prior to 1.0.4.MR2 are affected.The company says that it will release a free update to the software to address the vulnerability on 30 September 2011; no temporary workaround is available. Once released, the updates will be available to download from the Cisco Software Center. [ Source ]