The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

iPhone can be used as spy phone to get desktop Keystrokes What if a hacker could log every key you typed on your PC by placing a cellphone nearby? US researchers have shown how this is possible using any smartphone available today. At a conference in Chicago on Thursday, a group of computer researchers from Georgia Tech will report on another potential threat. The researchers have shown that the accelerometer and orientation sensor of a phone resting on a surface can be used to eavesdrop as a password is entered using a keyboard on the same surface. They were able to capture the words typed on the keyboard with as much as 80 percent accuracy. Normally when security researchers describe spyware on smartphones, they mean malicious code that can be used to snoop on calls, or to steal the data held on mobile phones.In this case, however, researchers have described how they have put software on smartphones to spy on activity outside the phone itself - specifically to track what a use...

Adobe Flash bug allow spying Webcam hole The flaw was disclosed in 2008 and can be exploited to turn on people's webcams or microphones without their knowledge. Attack involved putting the Adobe Flash Settings Manager page into an iFrame and masking it with a game, so that when the user clicked on the buttons he would actually change the settings and turn on the webcam. Adobe is working on a fix for a Flash Player vulnerability that can be exploited via clickjacking techniques to turn on people's webcams or microphones without their knowledge.The issue was discovered by a Stanford University computer science student named Feross Aboukhadijeh who based his proof-of-concept exploit on a similar one disclosed back in 2008 by an anonymous researcher. Once it was made public, Adobe fixed the issue by adding framebusting code to the Settings Manager page. But now, Stanford University computer science student Feross Aboukhadijeh managed to bypass the framebusting JavaScript co...

Million ASP.Net  web sites affected with mass SQL injection attack Hackers are in the midst of a massively successful SQL injection attack targeting websites built on Microsoft's ASP.Net platform. About 180,000 pages have been affected so far, security researchers say. Attackers have planted malicious JavaScript on ASP.Net sites that causes the browser to load an iframe with one of two remote sites: www3.strongdefenseiz.in and www2.safetosecurity.rr.nu , according to security researchers at Armorize who discovered the attack. From there, the iframe attempts to plant malware on the visitor's PC via a number of browser drive-by exploits. A drive-by exploit will load malware without a visitor's knowledge or participation (no need to open a file or click on a link). Fortunately, the attackers are using known exploits, with patches available, so the attack can only be successful if a visitor is using an outdated, unpatched browser without the latest version of Adobe PDF ...

There's something " Human " to  Social Engineering ! At the psychological skill of Social Engineering Social engineering is the human side of breaking into corporate or personal pc's to gain information. Even companies that have an authentication process, firewalls, vpn's and network monitoring software are subject to the skill of a good social engineer. In hacking we rely on our technical skill and in social engineering it is a game of getting your subject to tell you what you want to get into their system. Social engineering has been employed since the beginning of mankind, the art of trickery or deception for the purpose of information gathering, fraud, or in modern times, computer system access. In most cases today the social engineer never comes face to face with their target. In social engineering we exploit the attributes of the human decision making process known as " cognitive biases ." That was the question asked by the Team of Social-engineer.org Gu...

Metasploit Community Edition - Advance penetration testing tool by Rapid7 Open-source penetration testing "Metasploit Framework" Rapid7 a project funded by the U.S. on October 18 (U.S. time), and penetration testing tools platform to Metasploit Framework "Metasploit Community Edition" was released. Available for free download from its Web site. According to Rapid7 Chief Security Officer and Metasploit Creator HD Moore, " The best way to tackle the increasing information security challenge is to share knowledge between practitioners, open source projects and commercial vendors. " Community Editioin is based on the Metasploit Framework, a combination of the basic user interface available in commercial versions. Using penetration testing exploit basic, GUI simple, that provides entry-level modules such as a browser. You can verify any exploitable vulnerabilities, that can streamline vulnerability management and data protection. Can also import third-par...

Indian National Congress Party  Official Website Hacked by ZHC ZHC Disastar [ZCompany Hacking Crew] Hackers from Pakistan today hack the Server of Indian National Congress Party  ,one of the two major political parties in India and deface their Official website with Message as shown in above image. Hackers Upload Shell at  https://allindiacongress.com/satyagraha.php  , From where They access the whole Server and Modify the Index.php file for defacing it. The Server is seems to be a Shared Server with Kernel " Linux harshul.anjuinfotech.com 2.6.18-238.19.1.el5 " , Which is easily exploitable. Mirror of Hack is available here .

Google Enable SSL-based searches, Will impact Google Analytic ! According to a blog post by Google, the company is taking steps towards making search more secure for its users. Users will be redirected to https:// instead of https:// when going to do a Google search. By forcing SSL on https://google.com, all keyword data will be hidden. The company is dedicated to SSL and securing search and privacy for its signed in users. But This will restricting search terms availability and also when user will sign out, One will redirect back to Unencrypted (https://) page. The company says this won't change reporting data for webmasters who use analytics tools too see how much traffic Google sends them. How will this change impact Google Analytics users? When a signed in user visits your site from an organic Google search, all web analytics services, including Google Analytics, will continue to recognize the visit as Google "organic" search, but will no longer report the query te...