The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Tor 0.2.2.34 Released with fixes of anonymity vulnerability Tor 0.2.2.34 fixes a critical anonymity vulnerability where an attacker can de-anonymize Tor users. Everybody should upgrade. Clients should upgrade so they are no longer recognizable by the TLS certs they present. Relays should upgrade so they no longer allow a remote attacker to probe them to test whether unpatched clients are currently connected to them.This release also fixes several vulnerabilities that allow an attacker to enumerate bridge relays. Some bridge enumeration attacks still remain. Download Here

Malware for xbox Kinect created by 15 years old  Indian researchers Indian researchers from MalCon have created a malware that utlizes Microsoft Kinect to secretly capture pictures and upload to a picasa account. A 15year old Indian security researcher ' Shantanu Gawde ' from MalCon Research has created a malware that utilizes the Microsoft xbox kinect controller. Kinect for Xbox 360, or simply Kinect, is a motion sensing input device by Microsoft for the Xbox 360 video game console. With over 10 million devices sold till date, the kinect holds the Guiness book for world record for the fastest selling consumer electronics device - and is exactly the reason why the malware is a concern. In recent months, there have been a number of innovative kinect hacks that make use of the kinect using both Open source drivers and the Kinect SDK. The malware, code-named 'gawde' after its creators name, works on Windows 7 to secretly capture pictures of the victim / surroundin...

Facebook EXE attachment Vulnerability can Compromise with Users Security Nathan Power from SecurityPentest has discovered new Facebook Vulnerability, that can easily attach EXE files in messages,cause possible User Credentials to be Compromised . When using the Facebook 'Messages' tab, there is a feature to attach a file. Using this feature normally, the site won't allow a user to attach an executable file. A bug was discovered to subvert this security mechanisms. Note, you do NOT have to be friends with the user to send them a message with an attachment. But Nathan Power Find the way to upload EXE . When uploading a file attachment to Facebook we captured the web browsers POST request being sent to the web server. Inside this POST request reads the line: Content-Disposition: form-data; name="attachment"; filename="cmd.exe" It was discovered the variable 'filename' was being parsed to determine if the file type is allowed or not. To s...

FOCA 3.0 - Network Infrastructure Mapping Tool Free Release This new version has new fresh look and feel, and it is full of new features that you will love to discover. If you want to learn more about FOCA, and Get FOCA 3 PRO, then you can book for a seat in the next online training about FOCA. It is going to be delivered on 4th of November in English and on 8th of November in Spanish. Both of them delivered by our FOCA father Chema Alonso. In FOCA 3 PRO you will discover features focused in discovering vulnerabilities in web sites, which are completely new. If you booked for an online seminar about FOCA PRO in 2011 then you can get a seat with 50% OFF.Also, we would like to remember you that we created MetaShield Protector as a solution to filter metadata in published documents through Windows Server 2008 / 2008 R2, IIS 7.0 / 7.5 and SharePoint 2007, Windows SharePoint Services and SharePoint 2010. More info . After six months we got FOCA 3 FREE available for direct download ....

US satellites was victim by Chinese Hackers Computer hackers, possibly from the Chinese military, interfered with two U.S. government satellites four times in 2007 and 2008 through a ground station in Norway, according to a congressional commission. According to Bloomberg , the Chinese military is suspected of executing the digital intrusions which targeted satellites used for earth climate and terrain observation. Indeed, a Landsat-7 earth observation satellite system experienced 12 or more minutes of interference in October 2007 and July 2008, while hackers tapped into a Terra AM-1 earth observation satellite twice, for two minutes in June 2008 and nine minutes in October that year. Interestingly enough, the report doesn't actually accuse the Chinese government of sponsoring or executing the four attacks. 

 However, it clearly states that the breaches are "consistent" with Beijing's military doctrine which advocates disabling an enemy's space systems, and ...

Anonymous DDOS Oakland police site after violence Cyber activists associated with Anonymous have targeted the Oakland Police Department (OPD) and other law enforcement agencies that participated in a controversial crackdown against OccupyOakland protestors. A DDOS (distributed denial-of-service) attack against the department's website www.oaklandpolice.com is underway, and the website currently is unreachable. AnonyOps tweet " I'm amazed and proud of #occupyOakland protesters who stood defiant, peaceful in the face of lethal force by Oakland PD. " Police fired a number of tear gas canisters, concussion grenades, rubber bullets and non-lethal rounds at demonstrators on Tuesday night, drawing widespread condemnation for the use of heavy-handed tactics against unarmed civilians. The attack was first announced via Anonymous' AnonOps Twitter feed. " @Anon_Central : Admin/User/Password Dump of oaklandnet.com Problem Oakland authorities? F--- you! >> p...

How to Beat Evil Governments When Your Internet Turned Off ? Bruce Sutherland explain at DefCon 19 Conference that " How To Get Your Message Out When Your Government Turns Off The Internet " . Bruce Sutherland  is a network systems architect and software developer with Domex Computer Services Inc, based in Melbourne Beach, FL. How would you communicate with the world if your government turned off the Internet? Sound far-fetched? It isn't. It already happened in Egypt and Lybia and the US Congress is working on laws that would allow it to do the same. In this talk we'll explore how to get short messages out of the country via Email and Twitter in the event of a national Internet outage. Remember, data wants to be free. Bruce has worked in the industry for over 20 years and has recently been working on building and hardening web-based applications. He has been an amateur radio operator since 2003 and enjoys making contacts worldwide via amateur radio satellite ...