The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Venerability in MTV website found by Nivosb ( Israel Hackers ) ! Website link :  http://www.mtv.com/ News Source : Nivosb ( Israel Hackers )

Chinese website Jpsp.cc database owned by Team Jmc H4x0rs ! Admin Panel :  Database : Members :  Website Link :  http://www.jpsp.cc/ News Source : Team Jmc H4x0rs

Facebook Instant Search : Browse the Facebook Instantly like never before !! Browse the Facebook Instantly like never before !!. Search in your friends\' posts, status, comments and much more... Visit to try it out: (No registration required, Just type and search) Link :  http://www.fbinstant.net/ News Source : Rohit Thakur

Thieves and scammers are an inventive bunch, especially when it comes to stealing you money indirectly.   And the latest discovery of a fake keyboard that is placed over an ATM's legitimate one and records the typed-in PIN - in conjunction with a fake magnetic strip reader that can be manufactured from cheap spare electronic parts - shows that this kind of crime does not require a lot of funds and can bring in quite a lot of money. According to Gizmodo, the keyboard is virtually undetectable by anyone who is not an expert, and looks exactly like the real thing. It records the PIN as you type it in and sends this information and that regarding the credit card magnetic strip to the criminals in real time, so they can immediately proceed to emptying your account. US ATM users are particularly susceptible to these type of theft, since many ATMs work on the same principle. The chip-and-PIN technology used in Europe is harder to crack, so a number of US banks have started ado...

The public release of   cross_fuzz   - a cross-document DOM binding fuzzer that is able to detect vulnerabilities in all browsers by examining how they interact with various elements while they render web pages - by the Google-employed security researcher Michal Zalewski has   unveiled   some worrying information. First, that some of the over 100 vulnerabilities found in browsers such as Internet Explorer, Firefox, Opera, and WebKit powered Chrome and Safari are still currently unpatched. Second, that at least one of the IE vulnerabilities discovered may be known to third parties apparently located in China. Stating that this was the main reason for making the fuzzing tool and that information public, he explained how he came to that conclusion. "While working on addressing cross_fuzz crashes in WebKit prior to this announcement, one of the developers accidentally leaked the address of the fuzzer in one of the uploaded crash traces. As a result, the fuzzer dire...

In 2007, when Estonia's government, financial and media computer networks were attacked by unknown Russian hackers following the government's decision of relocating a Soviet war memorial, it must have been hard to believe that something good would come from it at the end.   With that attack, Estonia became the first country ever to actually be engaged in a cyberwar, but that didn't make them despair. If anything, that incident was what spurred them to institute their own Cyber Defense League - an organization that gathers computer scientists, programmers, software engineers and cybersecurity specialists and would, in time of war, be under the direct command of the military. So far, all the members are part of the organization because they volunteered, and they spend part of their weekends carrying out simulated exercises of cyber attacks in order to keep their skills honed and ready. But, Estonia's Defense Minister Jaak Aaviksoo and the authorities are thinking about...

One-third of existing malware was created in 2010, a report has revealed. Anti-malware laboratory PandaLabs discovered the findings in its 2010 Annual Security Report which detailed a year of huge cyber-crime activity. It revealed that around 34 per cent of the 60 million existing viruses that have ever been created or distributed were produced by cyber-criminals last year. Additionally, around 40 per cent of the relatively new threat of fake antivirus software, more commonly known as rogueware, was created last year. Last year also saw an explosion in cyber-war and cyber-activism including examples such as the Stuxnet virus as well as the WikiLeaks scandal and the 'hacktivism' that followed. However, PandaLabs revealed some positive data security news, the speed at which new threats are growing fell in 2010 to 50 per cent, compared to the 100 per cent growth seen every year since 2003. An expert at SearchSecurity.com revealed that the most prevelant and dangerous da...

Police confirmed Thursday that Google, the world’s largest online search engine operator, illegally collected and stored personal data sent over unsecured Wi-Fi wireless networks here while creating the localized version of its online mapping service. Korea and 15 other countries, including the U.S., Canada, Germany, France, Britain, and Australia, have been investigating whether Google broke their privacy laws in the process of making its “Street View” service.   Korea has become the first to announce publicly that the California-based company gathered communication records, such as e-mail and instant messages, passwords and search histories.   The Cyber Terror Response Center, affiliated with the National Police Agency, said it broke codes of computer hard drives confiscated from Google’s Seoul office last August and found hundreds of thousands of e-mails, instant messages and other personal data.   “We unlocked 79 computer hard disks seized from Google Korea l...

pwnshell is a stripped down version of the c99 shell and the likes. The only difference is that it a single JSP file, embedded with jQuery with a xterm like interface. This is most useful at times when we when have an arbitrary file upload to a web-accessible directory that runs on J2EE. It could allow you to browse around the system with the privileges of the web application system user and execute arbitrary system commands. It can also show and alter session variables and help you dump JNDI entries. pwnshell is a cross platform shell that runs on any system that supports Java 1.5 upwards. It’s usage is also simple – upload it to a vulnerable web directory, point your browser to the shell and when you get the shell, just pretend that you’re looking at the xterm interface. The best of all, it is open source! Download the pwnshell here.