The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A short post for  Ravan  this time. It is a JavaScript based Distributed Computing system that can perform brute force attacks on salted hashes by distributing the task across several browsers. Salted and plain versions of the following hashing algorithms are currently supported: MD5 SHA1 SHA256 SHA512 How to use ? Using Ravan is very simple, just follow these steps: Go to  https://www.andlabs.org/tools/ravan.html Enter the value of the hash that must be cracked Enter the value of the salt, if it is not a salted hash then leave it blank Enter the charset. Only these characters will be use in the brute force attack Select the hashing algorithm (MD5, SHA1, SHA256, SHA512) Select the position of the salt. (clear-text+salt or salt+clear-text) Hit ' Submit Hash '. If hash is successfully submitted it would return a URL. Send this URL to all the workers and get them to click 'start' on that page. Keep the main page open without reloading till the hash is cracked. That is all!

HTTPS Everywhere  is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites. The EFF launched a new version of HTTPS Everywhere, a security tool that offers enhanced protection for Firefox browser users against Firesheep and other exploits of webpage security flaws. HTTPS secures web browsing by encrypting both requests from your browser to websites and the resulting pages that are displayed. Without HTTPS, your online reading habits and activities are vulnerable to eavesdropping, and your accounts are vulnerable to hijacking. Unfortunately, while many sites on the web offer some limited support for HTTPS, it is often difficult to use. Websites may default to using the unencrypted, and therefore vulnerable, HTTP protocol or may fill HTTPS pages with insecure HTTP references. EFF's HTTPS Everywhere tool uses carefully crafted rules to switch sites from HTTP to HTTPS.

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

25 websites hacked by $g$ n00ber Links : https://www.xschaoyue.com/n00ber.htm https://www.xiangchengtex.com/n00ber.htm https://www.51edd.com/n00ber.htm https://www.stonemessage.com/n00ber.htm https://www.danszx.com/n00ber.htm https://www.dmc100szx.com/n00ber.htm https://www.kchong.net/n00ber.htm https://www.stscw.com/n00ber.htm https://www.stonebab.com/n00ber.htm https://www.hxty88.com/n00ber.htm https://bbs.kchong.net/n00ber.htm https://www.ewu-2.com/n00 https://www.yjwz.com/n00ber.htm https://www.weiyucn.com/n00ber.htm https://www.shenqid.com/n00ber.htm https://ybmach.com/n00ber.htm https://xsmsqy.com/n00ber.htm https://xschaoyue.com/n00ber.htm https://xiangchengtex.com/n00ber.htm https://mingchencn.com/n00ber.htm https://hzqscn.com/n00ber.htm https://hzmlsy.com/n00ber.htm https://ladwyy.com/n00ber.htm https://mail.weiyucn.com/n00ber.htm https://jxc.xschaoyue.com/n00ber.htm

Wikileaks suffered with distributed denial of service (DDoS) attack ! Wikileaks suffered another distributed denial of service (DDoS) attack Tuesday morning, reports Fast Company.  This attack was much more intense than Sunday's but still did not come close to actually shutting down the site. A computer hacker known as " The Jester ," shocked officials when he claimed to be behind the cyber attack that disabled the WikiLeaks website Sunday morning, just before it released hundreds of thousands of classified U.S. embassy cables to the public. The Jester, an ex-soldier justified his hacking by accusing the website of " attempting to endanger the lives of our troops, 'other assets' & foreign relations. " The self-proclaimed " hacktivist for good " looked to the Web to continue combating terrorism and organizations that appear to back Islamic extremism after ending his military service. Cyber security expert Mikko Hypponen of F-Secure told CNN he believe

A hacker who posed as a university graduate to gain access to the e-mails of hundreds of unsuspecting students has been given a suspended prison sentence and ordered to pay more than £20,000 in costs and compensation. Daniel Woo, a 23-year-old Bulgarian national, was sentenced for offences under the Misuse of Computers Act on 25 November. Woo was arrested in November 2006 at the University of London's School of Oriental and African Studies after being spotted by IT staff investigating anomalies in the running of the computer network. He used various hacking techniques to break a number of students' passwords, thereby gaining access to their accounts. Woo then placed computer software known as 'Cain and Able' on a number of machines, which enabled him to collect further student passwords and gather traffic passing through the university's computer network. It was subsequently established that fraud had taken place on a number of the compromised pa

6 Indian websites Hacked By PAK COBRA'S Websites : https://theindianstylist.com/ https://nsskunnathoor.org/ https://luvkid.co.in/index.php https://cryptel.co.in/ https://adjacen.com/ https://actsinfo.biz/

Social networking sites and search engines  are expected   to be hit hard by cybercriminals this holiday season, but the FBI is warning consumers about two other threats they may encounter – so called "smishing" and "vishing" scams. Both threats are variations of phishing, but smishing uses SMS texts to initiate the scam, while vishing uses automated phone calls. Reports of these types of scams date back to at least 2006, but the FBI's Internet Crime Complaint Center (IC3) issued an  advisory .Friday warning consumers that they will be prevalent this holiday season. In these types of attacks, a user receives a text message or automated phone call to their cell phone stating there is a problem with their bank account, the FBI said in its advisory. The user is given a phone number to call or a website to log onto to provide account credentials to remedy the issue. "While most cyberscams target your computer, smishing and vishing scams target your mobile phone, and they're becom

Gone are the days when those BlackHat Hackers would tickle you for fun, Now they will poke you & take your diamonds without you even knowing anything about it until it's too late. Landscape in the Cyber underground has completely changed since then, making it more like well organized business controlled by global entities around the world. It is not just the script kiddies sitting out there in the dark and pulling the strings, the game is now run by skilled experts and high profile business elements making millions overnight. In this process of lucrative business framework, the dark guys have even left behind the white hats who have been struggling to catch up with the smart moves of these these skilled men behind the scenes. . In this direction, this book on "Cyber Fraud" explores all those techniques, technologies and territories owned by the Cyber crooks in an well organized manner by demonstrating the case studies, live examples from the Cyber underground. . He

Here is the another good book in the field of penetration testing. Unlike other books which aims only at the technical aspects of Penetration testing, this one explains every step involved in the making of a Professional Pentester. Rather than just teaching how to use the existing tools,  it does more splendid job of showcasing the life cycle of pentester which starts with learning,  experimenting with own lab setup, live pen-testing and finally presenting the results in informative manner. Below is the 'Table of Contents' … Part I – Setting Up Chapter 1: Introduction Chapter 2: Ethics and Hacking Chapter 3: Hacking as a Career Chapter 4: Setting up Your Lab Chapter 5: Creating and Using PenTest Targets in Your Lab Chapter 6: Methodologies Chapter 7: PenTest Metrics Chapter 8: Management of a PenTest PartII – Running a PenTest Chapter 9: Information Gathering Chapter 10: Vulnerability Identification Chapter 11: Vulnerability Verification Chapter 12: Compromi

WARNINGS have been issued this weekend about a highly destructive computer virus which has been released under the guise of a postcard greeting.  It is strongly advised that computer users should not open any message with an attachment entitled  " Postcard " or " Postcard from Hallmark ", regardless of who sent it. The virus opens a postcard image which then 'burns' the whole hard disk C of your computer. Experts say that the virus will be received from someone who has your e-mail address in his/her contact list. An American computer expert who has a senior position in Microsoft and is related to an Isle of Man resident said, "Even if you receive a mail called " postcard " and it appears to have been sent by a friend, do not open it! Shut down your computer immediately. This is the worst virus announced by CNN." The virus has been classified by Microsoft as " the most destructive virus ever ". It was discovered  by McAfee on Saturday and so far there is no r

Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework . Armitage aims to make Metasploit usable for security practitioners who understand hacking but don't use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help us. Changelog: - start msf button now kills msfrpcd session if db_connect fails - set default database options to mysql with BackTrack 4 R2 settings . - Armitage -> Exit menu now kills msfrpcd, if the "Start MSF" button was used - Added ability to set up a multi/handler from Payload launch dialog Prerequisites to install Armitage. Armitage has the following prerequisites: - Java 1.6.0+ - Metasploit 3.5+ - A database and the information to connect to it Examples ./msfrpcd -f -U msf -P test -t Basic Once you have a database, navigate to the folder containing the Armitage

The OWASP HTTP Post Tool allows you to test your web applications to ensure its stability from HTTP GET and HTTP POST attacks. This tool was programmed by the author to over come the short comings of other HTTP attack tools such as Slowloris and PyLoris . In other words this QA tool was created to allow you to test your web applications to ensure its stability from HTTP GET and HTTP POST attacks. According to the author, these tools are easier to detect and the following are the defects of the HTTP GET DDOS attack: Does not work on IIS web servers or web servers with timeout limits for HTTP headers. Easily defensible using popular load balancers, such as F5 and Cisco, reverse proxies and certain Apache modules, such as mod_antiloris . Anti-DDOS systems may use delayed binding or TCP Splicing to defend against HTTP GET attacks. So, this tool uses HTTP POST requests, instead of HTTP GET requests to attack a target.  Before we get into the facts as to why this