The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Sony Engineers Met With PS3 Hacker - Geohot George Hotz aka " Geohot " first made a name for himself in the PS scene when he not only managed to hack a PlayStation 3, but then proceeded to publish a guide that shared with others how to do it as well. In an effort to improve their security measures, Sony had several of their engineers meet with the computer mastermind to better understand his methods. " We are always interested in exploring all avenues to better safeguard our systems and protect consumers ," said Jim Kennedy, the senior vice-president of strategic communications for Sony Corporation of America. In a story by The New Yorker on the hacker, details were given on the meeting between Sony and Hotz. The two got together after settling things in court, and "Geohot" spoke surprisingly very well of the Sony engineers, noting that they were very "respectful." Geohot once wrote on his blog that " Hacker is to computer as plumber is to pipes ." In the story, Hotz sa...

oclHashcat-plus v0.08 Released - fastest password Cracker oclHashcat-plus is Worlds first and only GPGPU based rule engine and Worlds fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. Features Free Multi-GPU (up to 16 gpus) Multi-Hash (up to 24 million hashes) Multi-OS (Linux & Windows native binaries) Multi-Platform (OpenCL & CUDA support) Multi-Algo (see below) Low resource utilization, you can still watch movies or play games while cracking Focuses highly iterated, modern hashes Focuses single dictionary based attacks Supports pause / resume while cracking Supports reading words from file Supports reading words from stdin Integrated thermal watchdog 20+ Algorithms implemented with performance in mind ... and much more Algorithms MD5 Joomla osCommerce, xt:Commerce SHA1 SHA-1(Base64), nsldap, Netscape LDAP SHA SSHA-1(Base64), nsldaps, Netscape LDAP SSHA Oracle 11g SMF > v1.1 OSX v10.4, v10.5, v10.6 MSSQL(2000) MSSQL(2005) MySQL ...

Yesterday we Reported  a 0-Day Vulnerability in Hotmail, which allowed hackers to reset account passwords and lock out the account's real owners. Tamper Data add-on allowed hackers to siphon off the outgoing HTTP request from the browser in real time and then modify the data.When they hit a password reset on a given email account they could fiddle the requests and input in a reset they chose. Microsoft spokesperson confirmed the existence of the security flaw and the fix, but offered no further details: " On Friday, we addressed an incident with password reset functionality; there is no action for customers, as they are protected. " Later Today another unknown hacker reported another similar vulnerabilities in Hotmail, Yahoo and AOL. Using same Tamper Data add-on attacker is able to Reset passwords of any account remotely. This is somewhat a critical  Vulnerability ever exposed, Millions of users can effected in result. Here Below Hacker Demonst...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

WebSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability Description : [+]Autopwn - Used From Metasploit For Scan and Exploit Target Service [+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin [+]format infector - inject reverse & bind payload into file format [+]phpmyadmin - Search Target phpmyadmin login page [+]lfi - Scan,Bypass local file inclusion Vulnerability & can be bypass some WAF [+]apache users - search server username directory (if use from apache webserver) [+]Dir Bruter - brute target directory with wordlist [+]admin finder - search admin & login page of target [+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks [+]MITM - Man In The Middle Attack [+]Java Applet Attack - Java Signed Applet Attack [+]MFOD Attack Vector - Middle Finger Of Doom Attack Vector [+]USB Infection Attack - Create Executable Backdoor For Infect USB For Windows Download WebSploit Toolkit V.1.6

Anonymous hackers deface International Police Association https://ipa-iac.org (IPA) on Friday afternoon and  Anonymous hackers responsible left an angry message on the website's homepage, stating that they defaced the page " for the lulz " (for fun) but also warned that they might have stolen some " sensitive data. " A message posted at the top of the page reads, " oHai [hello]... International Police Association (International Admin Center) you will see we haz [had] some #LULZ at your expense maybe you will fix your security issues and of course... we always recommend you NOT store admin passwords in PLAINTEXT For a site like International Police Association... w3 [we] really expected moar [more]... #LULZ the thin... " The International Police Association is the largest organization for police officers in the world according to Wikipedia, and is not connected to Interpol https://www.interpol.int/ . The IPA was founded by English police sergeant Arth...

Panos Ipeirotis, a computer scientists working at New York University,attack on his Amazon web service using Google Spreadsheets and Panos Ipeirotis checked his Amazon Web Services bill last week - its was $1,177.76 ! He had accidentally invented a brand new type of internet attack, thanks to an idiosyncrasy in the online spreadsheets Google runs on its Google Docs service, and he had inadvertently trained this attack on himself. He calls it a Denial of Money attack, and he says others could be susceptible too. On his personal blog Ipeirotis explained that it all started when he saw that Amazon Web Services was charging him with ten times the usual amount because of large amounts of outgoing traffic. As part of an experiment in how to use crowdsourcing to generate descriptions of images, he had posted thumbnails of 25,000 pictures into a Google document, and then he invited people to describe the images. The problem was that these thumbnails linked back to original images stored on...

90% of the Internet's top 200,000 HTTPS-enabled websites are vulnerable to known types of SSL (Secure Sockets Layer) attack, according to a report released Thursday by the Trustworthy Internet Movement (TIM), a nonprofit organization dedicated to solving Internet security, privacy and reliability problems. The report is based on data from a new TIM project called SSL Pulse , which uses automated scanning technology developed by security vendor Qualys, to analyze the strength of HTTPS implementations on websites listed in the top one million published by Web analytics firm Alexa. SSL Pulse checks what protocols are supported by the HTTPS-enabled websites (SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, etc.), the key length used for securing communications (512 bits, 1024 bits, 2048 bits, etc.) and the strength of the supported ciphers (256 bits, 128 bits or lower). The BEAST attack takes advantage of a flaw in SSL 3.0, allowing the attacker to grab and decrypt HTTPS cookies on an end user'...

Hackers have for the third time in less than a year attacked the main website of the Afghan Taliban. Images of pigeons and Taliban executions of women were combined with various messages in English, Pashto, and Arabic that support the Afghan government, replacing the Taliban's usual pabulum of exaggerated battlefield claims and anti-government commentaries, by early afternoon. The Taliban has blamed western intelligence agencies amid an intensifying cyberwar with the insurgents. One of the statements posted in English read: " Any kind of violence is condemnable, especially killing of innocent people. It is the responsibility of Afghan security forces to provide security for the country after the withdrawal of foreign troops ," " It was hacked again by enemies and foreign intelligence services," Taliban spokesman Zabihullah Mujahid said. " The enemy tries to push its propaganda. The enemy is worried by what gets published in our webpage. It's confusin...