The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Facebook content restrictions bypass Vulnerability Blackhat Academy claims to have found a way to bypass content restrictions on links, as posted on their site and posts put on a user's public wall. Even Security Analysts claim that Facebook was notified of these vulnerabilities on July 31st, 2011. To date (October 4, 2011), Facebook has yet to do anything about this. Facebook has only recently purchased Websense to attempt to push this vulnerability under the rug, however the exploit still works.To access Facebook's FQL API, Facebook was even so kind as to give a reference of tables and columns in the documentation for FQL. FQL does not allow the use of JOINS, however it is not needed as everything is thoroughly documented. Attackers can misuse this during the creation of a malicious Facebook application or directly on the FQL development api page for information gathering. : <?php # User agent checking methods $fb_string = '/facebookexternal/i';         ...

Exploit Pack - An open source security framework Exploit Pack is an open source security framework developed by Juan Sacco. It combines the benefits of a Java GUI, Python as Engine and well-known exploits on the wild. It has an IDE to make the task of developing new exploits easier, instant search features and XML-based modules. A GPL license for the entire project helps to ensure the code will remain free. It also features a ranking system for contributors, tutorials for everyone who wants to learn how to create new exploits and a community to call for help. Why use Exploit Pack? It has a module editor that allows you to create your own custom exploits. There is an instant search feature built-in on the GUI for easier access to modules. Modules use XML DOM, so they are really easy to modify. It uses Python as its Engine because the language is more widely used on security related programming. A tutorial is also provided. If you want to earn money, they will pay you for eac...

Derbycon 2011 Videos Talks The idea behind DerbyCon was developed by Dave Kennedy (ReL1K), Martin Bos (PureHate), and Adrian Crenshaw (Irongeek). Their motivation stemmed from a desire to see more of the old-style talks and events of the conventions of the past. DerbyCon was hosted by some specialized two-day training courses from 30th Sep-2nd Oct 2011 in Louisville, Kentucky. DerbyCon isn't just another security conference. They have taken the best elements from all of the conferences. DerbyCon is a place you can call home, where you can meet each other, party, and learn. Their goal is to create a fun environment where the security community can come together to share ideas and concepts. Whether you know Linux, how to program, are established in security, or a hobbyist, the ideal of DerbyCon is to promote learning and strengthen the community. Day 1 Adrian, Dave, Martin: Welcome to DerbyCon 2011 – Intro to the con and events KEYNOTE ~ HD MOORE – Acoustic Intrusions Johnny Long...

Hash Code Cracker V 1.2 Released ~ Password Cracking from BreakTheSecurity BreakTheSecurity is proud to release the Hash Code Cracker Version 1.2. Our latest release supports Online Cracking function. Description: This password cracker is developed for PenTesters and Ethical hackers. Please Use this software for legal purposes(Testing the Password Strength). Features: This software will crack the MD5, SHA1,NTLM(Windows Password) hash codes. No need to install. Supports All platforms(windows XP/7,Linux,..). V1.2 Changelog : Included Online cracking Support Minimum Requirements: Java Runtime Environment: JRE 1.6 should be installed.(you can get it from oracle.com) How to Run the Application? Download the .zip file and extract. Extract the zip file. Open the Terminal or command prompt. Navigate to the path of Extracted zip file (i mean HashCodeCracker Folder) in Terminal/CMD. Type this command "java -jar HashCodeCracker.jar". Now the applica...

Linux - Means Freedom [The Hacker News Magazine] October 2011 Issue Released Dear Readers,                          We here at The Hacker News were very humbled to be given the opportunity to celebrate 10 millions hits to the website. Wow! We are so very grateful for your support and as I told you last month, I don't think Hacking is going anywhere and neither are we!! Your feedback is very important to us. Feel free to send us your thoughts and desires for Hacking news. If you want to write an editorial, let us know. We'd love to include it next month. For now, we will see you in our daily and best wishes for a great month. Content of October Edition: Linux - Means Freedom How to make my Linux Secure ? Hackathon Insider Threads Vs Hackers Linux : How to Series by Alok Srivastav Window 8 - Touch the Future The Security Model of Window 8 Server Microsoft Security Development Cycle September Cybe...

Celebrating 5th Birthday of Wikileaks  (Born : 4th Oct 2006) The wikileaks.org domain name was registered on 4 October 2006. The website was unveiled, and published its first document, in December 2006. The site claims to have been " founded by Chinese dissidents, journalists, mathematicians and start-up company technologists, from the US, Taiwan, Europe, Australia and South Africa ". The creators of WikiLeaks have not been formally identified. It has been represented in public since January 2007 by Julian Assange and others. Assange describes himself as a member of WikiLeaks' advisory board. News reports in The Australian have called Assange the " founder of WikiLeaks ". According to Wired magazine, a volunteer said that Assange described himself in a private conversation as "the heart and soul of this organisation, its founder, philosopher, spokesperson, original coder, organizer, financier, and all the rest". 2006–08 WikiLeaks posted its fi...

Contest Winners Announcement : Wireless Penetration Testing Guide book We ran a competition for the book " Backtrack 5 Wireless Penetration Testing " last week. Today, Vivek Ramachandran, the author of the book and Founder of SecurityTube.net is announcing the winners in the video below. We will be contacting the winners via email soon. Two Best Comments Selected by Author are : Scott Herbert : For me it's the "man-in-the middle" and other cutting edge wireless attacks that make it a book worth getting (even if I don't win). neutronkaos : What interests me most about this book is that it is dedicated to wireless hacking. In an age where almost everybody is rocking a wireless AP, this book could do alot in offense and defense. I have been a Backtrack fan since Backtrack 3 and I have seen several of Mr. Ramachandran's primers on security tube. I am currently deployed to Afghanistan and I am working towards a degree in Network Security. I would love to have this boo...