The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Google today released Chrome version 23 to the Stable Channel. 23.0.1271.64 for Windows, Mac, Linux, and Chrome Frame. Update includes patch for 12 vulnerabilities in the Windows version and two vulnerabilities in Mac OS X version. Chrome 23 is the support of the Do Not Track (DNT) protocol, number of new features including GPU accelerated video decoding on Windows and easier website permissions. " We recently enabled GPU-accelerated video decoding for Chrome on Windows. Dedicated graphics chips draw far less power than a computer's CPU, so using GPU-accelerated video decoding while watching videos can increase battery life significantly ." Out of  14 vulnerabilities , 6 vulnerabilities rated as high and rest are of either medium or low severity. CVE number of all bugs are - CVE-2012-5128, CVE-2012-5126, CVE-2012-5125, CVE-2012-5124, CVE-2012-5123, CVE-2012-5115, CVE-2012-5127, CVE-2012-5120, CVE-2012-5116, CVE-2012-5118, CVE-2012-5121, CVE-2012-5117,CVE-2012-5119, ...

The United Kingdom Ministry of Defence website (www.qhm.mod.uk) hacked by two Null Hacking Crew members  @OfficialNull  and @Timoxeline  and They extracted data published online . The data dump include 3400 email addresses and passwords from Ministry of Defence portal. Hackers trying to trend  #FuckTheSystem hashtag on twitter and related it to all their hacks against UK government. Hacker wrote on note : " Your webmaster made a terrible mistake... You may criticize us on the simplicity of the vulnerability. But if you can get so much useful data so easily, why wouldn't you? " "We hope that all governments and organizations realize that #FuckTheSystem is definitely not a joke. We hope that you have the decency to grasp the concept of it. But hey... You're the government right... Just some butthurt little fags. This security just proves how much of a joke our governments are. " note continue. Hackers mention that, they hack the website ...

Adobe release updates for Flash Player on Windows, Mac, and Linux to address 7 recently identified critical security vulnerabilities. Updated version is now 11.5.502.110 for Windows or Mac OS X users or to 11.2.202.251 for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. A recent Q3 2012 Threat repor t from Kaspersky Lab showed that nearly 30% of the exploits circulating online are targeting Adobe products. Java vulnerabilities were exploited in more than 50% of all attacks. According to Oracle, different versions of this virtual machine are installed on more than 1.1 billion computers. CVE number of 7 critical Adobe Flash Player Vulnerabilities are CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5278, CVE-2012-5279, CVE-2012-5280. Adobe’s advisory about this update is available here .

Security firm Trend Micro recent analyses the Russian crimeware markets and has found that malware tools and services range from one-time packages which cost just pennies to sophisticated packages and services which cost purchasers thousands of dollars per month. If you want to buy a botnet it will cost you somewhere in the region of $700. If you just want to hire someone else’s botnet for an hour, though, it can cost as little as $2. There are at least 20 different types of services offered in Russian-speaking forums for just about anyone who wants to make a buck off of cybercrime, everything from crime-friendly VPN and security software-checking services to plain old off-the-shelf exploits. " As the Russian underground community continuously modifies targets and improves technologies, security companies and users must constantly face the challenge of effectively protecting their money and the information they store in their computers and other devices ," the ...

About five months ago, OLPC Project started a little experiment . They chose a village in Ethiopia where the literacy rate was nearly 0% and decided to drop off a bunch of Motorola Xooms there. The One Laptop Per Child project started as a way of delivering technology and resources to schools in countries with little or no education infrastructure, using inexpensive computers to improve traditional curricula. On the tablets, there was custom software that was meant to teach kids how to read. This experiment began earlier this year. Timeline of Experiment: 1st Four Minutes - One kid had opened the box and had figured out how to turn on the Xoom. In 1st Five Days -  The kids were using nearly 50 applications each every day. In Two Weeks - The kids were singing their ABC’s in English. Now its 5th Month - They hacked the Motorola Xooms so they could enable the camera, which had been disabled by OLPC. OLPC founder Nicholas Negroponte at MIT Technology Review's EmTech confer...

A group of researchers has developed a side-channel attack targeting virtual machines that could pose a threat to cloud computing environments. Side-channel attacks against cryptography keys have, until now, been limited to physical machines, this attack is the first such attack demonstrated on a symmetric multiprocessing system virtualized using a modern VMM (Xen). A side channel is a form of information leakage that arises as a byproduct of resource exposure, such as the sharing of memory caches. A side-channel attack exploits such leakage to steal secrets, such as cryptographic keys. " In this attack, the researchers were able to extract a private ElGamal decryption key from the target VM’s libgcrypt library; the target was running Gnu Privacy Guard. Over the course of a few hours of observations, they were able to reconstruct a 457-bit exponent accompanying a 4096-bit modulus with high accuracy. So high that the attacker was then left to search fewer than 10,000 possible...

According to the report from Bloomberg, In 2009, the FBI told Coca-Cola executives that hackers had broken into their computer systems, when a malicious link was emailed to a senior executive, but never revealed the incident. Hackers were able to spend a month operating undetected, logging commercially sensitive information. " Hackers had broken into the company’s computer systems and were pilfering sensitive files about its attempted $2.4 billion acquisition of China Huiyuan Juice Group (1886), according to three people familiar with the situation and an internal company document detailing the cyber intrusion. " Bloomberg said . Coca-Cola, the world’s largest soft-drink maker, has never publicly disclosed the loss of the Huiyuan information, despite its potential effect on the deal. Although the report claimed state-sponsored actors were involved, experts interviewed by the news wire said the attack had all the hallmarks of Comment a prolific Chinese hacking group. Re...