The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Anonymous hackers deface International Police Association https://ipa-iac.org (IPA) on Friday afternoon and  Anonymous hackers responsible left an angry message on the website's homepage, stating that they defaced the page " for the lulz " (for fun) but also warned that they might have stolen some " sensitive data. " A message posted at the top of the page reads, " oHai [hello]... International Police Association (International Admin Center) you will see we haz [had] some #LULZ at your expense maybe you will fix your security issues and of course... we always recommend you NOT store admin passwords in PLAINTEXT For a site like International Police Association... w3 [we] really expected moar [more]... #LULZ the thin... " The International Police Association is the largest organization for police officers in the world according to Wikipedia, and is not connected to Interpol https://www.interpol.int/ . The IPA was founded by English police sergeant Arth...

Panos Ipeirotis, a computer scientists working at New York University,attack on his Amazon web service using Google Spreadsheets and Panos Ipeirotis checked his Amazon Web Services bill last week - its was $1,177.76 ! He had accidentally invented a brand new type of internet attack, thanks to an idiosyncrasy in the online spreadsheets Google runs on its Google Docs service, and he had inadvertently trained this attack on himself. He calls it a Denial of Money attack, and he says others could be susceptible too. On his personal blog Ipeirotis explained that it all started when he saw that Amazon Web Services was charging him with ten times the usual amount because of large amounts of outgoing traffic. As part of an experiment in how to use crowdsourcing to generate descriptions of images, he had posted thumbnails of 25,000 pictures into a Google document, and then he invited people to describe the images. The problem was that these thumbnails linked back to original images stored on...

90% of the Internet's top 200,000 HTTPS-enabled websites are vulnerable to known types of SSL (Secure Sockets Layer) attack, according to a report released Thursday by the Trustworthy Internet Movement (TIM), a nonprofit organization dedicated to solving Internet security, privacy and reliability problems. The report is based on data from a new TIM project called SSL Pulse , which uses automated scanning technology developed by security vendor Qualys, to analyze the strength of HTTPS implementations on websites listed in the top one million published by Web analytics firm Alexa. SSL Pulse checks what protocols are supported by the HTTPS-enabled websites (SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, etc.), the key length used for securing communications (512 bits, 1024 bits, 2048 bits, etc.) and the strength of the supported ciphers (256 bits, 128 bits or lower). The BEAST attack takes advantage of a flaw in SSL 3.0, allowing the attacker to grab and decrypt HTTPS cookies on an end user'...

Hackers have for the third time in less than a year attacked the main website of the Afghan Taliban. Images of pigeons and Taliban executions of women were combined with various messages in English, Pashto, and Arabic that support the Afghan government, replacing the Taliban's usual pabulum of exaggerated battlefield claims and anti-government commentaries, by early afternoon. The Taliban has blamed western intelligence agencies amid an intensifying cyberwar with the insurgents. One of the statements posted in English read: " Any kind of violence is condemnable, especially killing of innocent people. It is the responsibility of Afghan security forces to provide security for the country after the withdrawal of foreign troops ," " It was hacked again by enemies and foreign intelligence services," Taliban spokesman Zabihullah Mujahid said. " The enemy tries to push its propaganda. The enemy is worried by what gets published in our webpage. It's confusin...

A recently reported flaw that allowed an attacker to drastically reduce the number of attempts needed to guess the WPS PIN of a wireless router isn't necessary for some Arcadyan based routers anymore. Last year it was exposed that the WiFi Protected Setup (WPS) PIN is susceptible to a brute force attack. A design flaw that exists in the WPS specification for the PIN authentication significantly reduces the time required to brute force the entire PIN because it allows an attacker to know when the first half of the 8 digit PIN is correct. The lack of a proper lock out policy after a certain number of failed attempts to guess the PIN on many wireless routers makes this brute force attack that much more feasible. Some 100,000 routers of type Speedport W921V, W504V and W723V are affected in Germany alone. What makes things worse is the fact that in order to exploit the backdoor, no button has to be pushed on the device itself and on some of the affected routers, the backdoor PIN (...

Security Expert from Coresec explains the use of a Permanent Reverse TCP Backdoor " sbd-1.36 " for IPhone and IPad developed by Michel Blomgren. sbd is a Netcat-clone, designed to be portable and offer strong encryption. It runs on Unix-like operating systems and on Microsoft Win32. sbd features AES-128-CBC + HMAC-SHA1 encryption (by Christophe Devine), program execution (-e option), choosing source port, continuous reconnection with delay, and some other nice features. Only TCP/IP communication is supported. Steps to pwn the Iphone: 1. Install packages iphone-gcc using " apt-get install iphone-gcc " & make " apt-get install make " 2. Download sbd backdoor to the device using Wget from here  & Untar - " tar -zxvf sbd-1.36.tar.gz " 3.) Sbd configuration before the compilation, See details here . 4.) Compilation process - " make darwin " 5. Configuration to RunAtLoad using LaunchDaemons (for permanent access) 6. Gaining acces...

Software development student Glenn Mangham, 26, was freed earlier this month after appeal judges halved the eight-month prison sentence he was given for infiltrating and nearly bringing down the multi-million-dollar site. Glenn Mangham, of York, England, posted a lengthy writeup on his blog and a video, saying that he accepts full responsibility for his actions and that he did not think through the potential ramifications. " Strictly speaking what I did broke the law because at the time and subsequently it was not authorised, " Mangham wrote. " I was working under the premise that sometimes it is better to seek forgiveness than to ask permission ." Initially convicted to 8 months in prison, the Court of Appeal in London decided that there weren't any ill intentions on the hacker's behalf, the judges deciding not only to release him, but also to allow him to use the Internet once again. After criticizing the CSO for attacking him while he was locked up, Mang...