The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Web App Pentesting - Pentest Magazine The significance of HTTP and the Web for Advanced Persistent Threats Web Application Security and Penetration Testing Developers are form Wenus, Application Security guys from Mars Pulling legs of Arachni XSS BeeF Metaspolit Exploitation Cross-site request forgery. In-depth analysis First the Security Gate, then the Airplane Download Magazine Here

WAFP : Web Application Finger Printer Tool WAFP is a Web Application Finger Printer written in ruby using a SQLite3 DB. WAFP fetches the files given by the Finger Prints from a webserver andchecks if the checksums of those files are matching to the given checksums from theFinger Prints. This way it is able to detect the detailed version andeven the build number of a Web Application. Sample Scan Result:    wafp.rb --verbose -p phpmyadmin https://phpmyadmin.example.de    VERBOSE: loading the fingerprint database to the ram...    Collecting the files we need to fetch ...    Fetching needed files (#432), calculating checksums and storing the results to the database:    ............................................................................................    VERBOSE: request for "/themes/darkblue_orange/img/b_info.png" produced "Connection refused - connect(2)" for 1 times - retrying...    .............

Cotton Candy USB with Dual-Core Computer can turns Any Screen Into an Android Station Norwegian company FXI Technologies has been showing a USB stick-sized portable computer prototype, featuring with a dual-core 1.2-GHz CPU, 802.11n Wi-Fi, Bluetooth, HDMI-out and a microSD card slot for memory. Codenamed Cotton Candy because its 21 gram weight is the same as a bag of the confection, the tiny PC enables what its inventor calls “Any Screen Computing,” the ability to turn any TV, laptop, phone, tablet, or set-top box into a dumb terminal for its Android operating system. The Cotton Candy has a USB 2.0 connector on one end and an HDMI jack on the other. When connected to an HDTV, it uses the HDMI port for video, the USB for power, and Bluetooth to connect to a keyboard, mouse, or tablet for controlling the operating system. The device can output up to 1080p so even a full HD screen can display the Candy’s preloaded Android 2.3 operating system at its native resolution. The dual core CP...

Is it hard to crack full Disk Encryption For Law Enforcement ? If you'd rather keep your data private, take heart: disk encryption is a lot harder to break than techno-thriller movies and TV shows make it out to be, to the chagrin of some branches of law enforcement. MrSeb writes with word of a paper titled " The growing impact of full disk encryption on digital forensics " that illustrates just how difficult it is. According to the paper, co-authored by a member of US-CERT. Abstract of Paper is available here , and Short Info written below: The increasing use of full disk encryption (FDE) can significantly hamper digital investigations, potentially preventing access to all digital evidence in a case. The practice of shutting down an evidential computer is not an acceptable technique when dealing with FDE or even volume encryption because it may result in all data on the device being rendered inaccessible for forensic examination. To address this challenge, there is ...

PHP Vulnerability Hunter v.1.1.4.6 - Automated fuzz testing tool This is the application that detected almost all of the web application vulnerabilities listed on the advisories page. PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool capable of triggering a wide range of exploitable faults in PHP web applications. Minimal configuration is necessary to begin a scan; PHP Vulnerability Hunter doesn’t even need a user specified starting URI. At the core of the PHP Vulnerability Hunter scan algorithm is dynamic program analysis. Unlike many vulnerability scanners and fuzz tools that rely on static analysis, PHP Vulnerability Hunter analyzes the program as it’s running to get a clear view of all input vectors. That means better code coverage and as a result greater confidence in code security. ChangeLog: Added code coverage report Updated GUI validation Several instrumentation fixes Fixed lingering connection issue Fixed GUI and report viewer crashes related...

Maharashtra Highway Police website hacked Not only International Law Enforcement and Police Under Hacker's attack, Even our Local Police websites and Database also become of Victim of breaches mostly once a day. A hacker With name " powerin10 " take responsibility to hack  Maharashtra Highway Police website . A mirror of this hack is available here .  Hacker is member of Bangladesh Cyber Army.

Wikileaks Founder, Julian Assange Hires Pirate Bay Lawyer Wikileaks Founder Julian Assange has fired his lawyer in favour of one with experience in batting for The Pirate Bay, according to a Swedish news report. Julian Assange has ditched his Swedish legal counsel and lined up a new defence team in readiness for a likely return to the country to face allegations of sexual molestation and rape against two women. Assange has filed a petition with the Stockholm District Court, says the newspaper, and communicated his desire to change his representation to attorneys Per Samuelson and Thomas Olsson. Olsson is reviewing the case already, but has little to say on the motives behind Assange's decision. " He'll have to explain his motivation behind changing defenders ," he told The Local. Samuelson previously represented financier Carl Lundström, one of the four defendants in the 2009 Pirate Bay trial, all of whom were found guilty.