The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

OpenVAS - Advanced Open Source vulnerability scanner OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.The powerful and comprehensive OpenVAS solution is available as Free Software and maintained on a daily basis. An overview of the vulnerability handling process is: The reporter reports the vulnerability privately to OpenVAS. The appropriate component's developers works privately with the reporter to resolve the vulnerability. A new release of the OpenVAS component concerned is made that includes the fix. The OpenVAS Manager is the central service that consolidates plain vulnerability scanning into a full vulnerability management solution. The Manager controls the Scanner via OTP (OpenVAS Transfer Protocol) and itself offers the XML-based, stateless OpenVAS Management Protocol (OMP). All intelligence is implemented in the Manager so that it is possible to implement variou...

Phishing Site hacked for teaching lesson to Scam Lovers Researchers at the security firm GFI Labs found an email used to lure people to a phishing site called " canal-i. " The message attempts to scare unsuspecting readers by telling them they have exceeded the storage limit on their inbox, and says, " You will not be able to send or receive new mail until you upgrade your email. Click below link and fill the form to upgrade your account. " When clicked, that link directs users to a Web page that asks for their username, email address and password. For one hacker he or she has not been identified this was not just an ordinary phishing scam, but also a chance to teach others. The white-hat hacker "white hat" refers to hackers who exploit security bugs to improve security stripped the phishing page of its malicious content and replaced it with a stern educational message about the perils lurking in the online world. Hackers have created a fake tool es...

Anonymous Hackers Take Down 40 Child Porn Websites Anonymous has taken down more than 40 darknet-based child porn websites over the last week. Details of some of the hacks have been released via pastebin #OpDarknet , including personal details 1500 users of a site named 'Lolita City,' and DDoS tools that target Hidden Wiki and Freedom Hosting — alleged to be two of the biggest darknet sites hosting child porn. News of the Anonymous campaign to actively target anyone hosting child porn sites comes from statements associated with Anonymous on Pastebin and two Anonymous YouTube video channels. AnonNews has yet to issue a press release. The AnonMessage and BecomeAnonymous YouTube channels both posted videos with statements of intent to hunt, skin and kill pedobears everywhere, starting with Freedom Hosting.

Metasploit 4.1.0 Web UI Cross Site Scripting vulnerability The Web UI in Metasploit version 4.1.0 suffers from a stored cross site scripting vulnerability discovered by " Stefan Schurtz ". Technical Details Login to Web UI -> Create New Project -> Project name -> '"</script><script>alert(document.cookie)</script>

Announcing Contest Winners for  Ghost in the Wires Book We ran a competition for the book " Ghost in the Wires by Kevin Mitnick " last week. We'd like to thank the following people for sending in the best of the best of reviews about Kevin Mitnick's new book, "Ghosts in the Wires." All the reviews we received were great and the editorial staff had a tough time narrowing it down to 3 winners. We felt the winners captured just what we were looking for about a great book and great author. Congratulations winners and enjoy your copy of Kevin's book. drknit3 "Study the past if you would define the future." I think one of the most important things our pioneers can do is pass on knowledge to those who are just getting into the field. Kevin Mitnick has obviously played a huge roll  in defining the industry. This sharing of knowledge and experience plays a huge roll in defining the future. Although Ghost in the Wires highlights just one aspect...

Occupy Wall Street : Anonymous Hackers Publish Law Enforcement Data Anonymous, the Internet “hactivist” group, today, apparently in support of the Occupy Wall Street protest movement, hacked into several different police databases and leaked sensitive personal data, among them passwords, names, addresses, phone numbers and social security numbers from the Boston Police Patrolmens’ Association (BPPA) and Birmingham, Alabama Police Department, according to several reports. Additionally, Anonymous claims to have hacked the International Association of Chiefs of Police, and offers the above image as proof. A press release by Anonymous said that the hack was timed to the IACP meeting as part of a "Day of Action Against Police Brutality." Another document appears to be about 1,000 user names and passwords belonging to the Boston Patrolmans' Association. In the video below, you can hear a hacker call the Baldwin country sheriff’s office to say “ your website has been def...

iPad 2 iOS 5 Lock Screen Bypass Vulnerability Marc Gurman at 9to5Mac has discovered a vulnerability on the iPad that allows for a limited bypass of the device’s lockscreen. Anyone with an iPad Smart Cover can gain access to the previously-open app (or the home screen if no app was open). By holding the power button to bring up the ‘Power Off’ screen, closing the smart cover, re-opening it, and clicking cancel, the attacker will be dropped into the screen that was open before the iPad was locked. If the attacker gets dropped into the home screen, then they’ll be able to see the installed apps, but won’t be able to open anything. If Safari or Mail (or any other app) was the open when the device was locked, then the attacker would have access to that app. From a locked iPad 2: 1) Lock a password protected iPad 2 2) Hold down power button until iPad 2 reaches turn off slider 3) Close Smart Cover 4) Open Smart Cover 5) Click cancel on the bottom of the screen This isn’t the f...

Stuxnet's Son " Duqu " Removal Tool released by Bitdefender Rootkit.Duqu is a new e-threat that combines the technology of the military-grade Stuxnet with an advanced keylogger and backdoor application. Due to its rootkit technology, the piece of malware can stay hidden from the user, the operating system’s defense mechanism and even from regular antivirus utilities.Just like its predecessor – the Stuxnet rootkit - Rootkit.Duqu.A is digitally signed with a stolen digital certificate that has been revoked in the meantime. This allows it to install itself on both 32- and 64-bit operating systems on Windows platforms ranging from Windows XP to Windows 7. The Duqu rootkit runs on the computer for 36 days and collects any kind of information entered via the keyboard, including passwords, e-mail or IM conversations. After the “surveillance” period ends, the rootkit gracefully removes itself from the system, along with the keylogger component. Rootkit malware is extremely diff...