The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Student Arrested for hacking Thailand Prime Minister Accounts Prime Minister Yingluck Shinawatra's personal Twitter account was hacked on October 2nd, 2011 in what officials said was possibly part of a conspiracy to embarrass the government. Police in Thailand have arrested a university student who is said to have admitted hacking into the Prime Minister's Twitter account and posting messages accusing her of incompetence. 22-year-old Aekawit Thongdeeworakul, a fourth year architecture student at Chulalongkorn University, could face up to two years in prison if found guilty of illegally accessing computer systems without authorization.

HashCodeCracker v1.2 Video Tutorials Available Hash Code Cracker V 1.2 was Released last week by BreakTheSecurity. This software will crack the MD5, SHA1,NTLM(Windows Password) hash codes. No need to install. Supports All platforms(windows XP/7,Linux,..). How to Run Hash Code Cracker Jar using Command Prompt~Password Cracking How to start Hash Code Cracker Jar with double Click~Password Cracking How to Crack the Password using Online Cracker Hash Code Cracker v1.2? Download  here  or from  here

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

WebCookiesSniffer - New cookies sniffer/viewer utility WebCookiesSniffer is a new packet sniffer utility that captures all web site cookies sent between the web browser and the web server and displays them in a simple cookies table. The upper pane of WebCookiesSniffer displays the cookie string and the web site/host name that sent or received this cookie. When selecting a cookie string in the upper pane, WebCookiesSniffer parses the cookie string and displays the cookies as name-value format in the lower pane. Except of a capture driver needed for capturing network packets, WebCookiesSniffer doesn't require any installation process or additional dll files. In order to start using it, simply run the executable file - WebCookiesSniffer.exe After running WebCookiesSniffer in the first time, the 'Capture Options' window appears on the screen, and you're asked to choose the capture method and the desired network adapter. The next time you use WebCookiesSniffer, it'

BlackBerry Security Guide by Incident Response Team ( BBSIRT ) On September 30th, we reported that a Russian security company Elcomsoft , has upgraded a phone-password cracking suite with the ability to figure out the master device password for Research in Motion's BlackBerry devices. In response to this, BlackBerry Security Incident Response Team (BBSIRT) released a small Security guide for Blackberry users: The Elcomsoft tool uses a brute-force attack to guess the smartphone password by attempting to decrypt the contents of a media card that has been removed from the smartphone. For this tool to do what Elcomsoft claims, an IT administrator or the smartphone user must have chosen to encrypt the contents of the media card with the smartphone password only. Furthermore, an attacker must have access to the media card from the smartphone, and the tool would have to successfully guess the password. To then use the password to unlock the smartphone, that attacker would also have to

NSS Labs offers Bounties for exploits ExploitHub, which operates a penetration-testing site and is run by NSS Labs, announced a bug-bounty program for researchers to develop exploits for 12 high-value vulnerabilities in Microsoft and Adobe products. The company, which has set aside $4,400 in reward money, plans to give $100 to $500 to the first people to submit a working exploit for the vulnerabilities. Ten of the vulnerabilities concern Microsoft's Internet Explorer browser and two were found in Adobe's Flash multimedia program. " Client-side exploits are the weapons of choice for modern attacks, including spear-phishing and so-called APTs [advanced persistent threats]. Security professionals need to catch up ," said Rick Moy, NSS Labs CEO. " This program is designed to accelerate the development of testing tools as well as help researchers do well by doing good ." There is no time limit on entering a winning exploit; the first person who submits a working exploit receiv

GPU cracks 6 character password in 4 seconds An nVidia GeForce GT220 graphics card, which costs about £30, is capable of cracking strong passwords in a matter of hours. Security experts were able to crack a  6 character password in 4 seconds, a 7 character password in less than 5 minutes, and 8 character password in four hours. " People have worked out that the processing power of graphics cards, due to the architecture of the chips, is more powerful than a normal processor for doing certain tasks ," said Neil Lathwood, IT director at UKFast.

Facebook content restrictions bypass Vulnerability Blackhat Academy claims to have found a way to bypass content restrictions on links, as posted on their site and posts put on a user's public wall. Even Security Analysts claim that Facebook was notified of these vulnerabilities on July 31st, 2011. To date (October 4, 2011), Facebook has yet to do anything about this. Facebook has only recently purchased Websense to attempt to push this vulnerability under the rug, however the exploit still works.To access Facebook's FQL API, Facebook was even so kind as to give a reference of tables and columns in the documentation for FQL. FQL does not allow the use of JOINS, however it is not needed as everything is thoroughly documented. Attackers can misuse this during the creation of a malicious Facebook application or directly on the FQL development api page for information gathering. : <?php # User agent checking methods $fb_string = '/facebookexternal/i';            

Exploit Pack - An open source security framework Exploit Pack is an open source security framework developed by Juan Sacco. It combines the benefits of a Java GUI, Python as Engine and well-known exploits on the wild. It has an IDE to make the task of developing new exploits easier, instant search features and XML-based modules. A GPL license for the entire project helps to ensure the code will remain free. It also features a ranking system for contributors, tutorials for everyone who wants to learn how to create new exploits and a community to call for help. Why use Exploit Pack? It has a module editor that allows you to create your own custom exploits. There is an instant search feature built-in on the GUI for easier access to modules. Modules use XML DOM, so they are really easy to modify. It uses Python as its Engine because the language is more widely used on security related programming. A tutorial is also provided. If you want to earn money, they will pay you for eac

Derbycon 2011 Videos Talks The idea behind DerbyCon was developed by Dave Kennedy (ReL1K), Martin Bos (PureHate), and Adrian Crenshaw (Irongeek). Their motivation stemmed from a desire to see more of the old-style talks and events of the conventions of the past. DerbyCon was hosted by some specialized two-day training courses from 30th Sep-2nd Oct 2011 in Louisville, Kentucky. DerbyCon isn't just another security conference. They have taken the best elements from all of the conferences. DerbyCon is a place you can call home, where you can meet each other, party, and learn. Their goal is to create a fun environment where the security community can come together to share ideas and concepts. Whether you know Linux, how to program, are established in security, or a hobbyist, the ideal of DerbyCon is to promote learning and strengthen the community. Day 1 Adrian, Dave, Martin: Welcome to DerbyCon 2011 – Intro to the con and events KEYNOTE ~ HD MOORE – Acoustic Intrusions Johnny Long

Hash Code Cracker V 1.2 Released ~ Password Cracking from BreakTheSecurity BreakTheSecurity is proud to release the Hash Code Cracker Version 1.2. Our latest release supports Online Cracking function. Description: This password cracker is developed for PenTesters and Ethical hackers. Please Use this software for legal purposes(Testing the Password Strength). Features: This software will crack the MD5, SHA1,NTLM(Windows Password) hash codes. No need to install. Supports All platforms(windows XP/7,Linux,..). V1.2 Changelog : Included Online cracking Support Minimum Requirements: Java Runtime Environment: JRE 1.6 should be installed.(you can get it from oracle.com) How to Run the Application? Download the .zip file and extract. Extract the zip file. Open the Terminal or command prompt. Navigate to the path of Extracted zip file (i mean HashCodeCracker Folder) in Terminal/CMD. Type this command "java -jar HashCodeCracker.jar". Now the application will run. Pro