The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Bypass SOPA (Stop Online Piracy Act) DNS Blocking with DeSopa 1.1 A developer who calls himself T Rizk doesn't have much faith in Congress making the right decision on anti-piracy legislation, so he's built a work around for the impending censorship measures being considered  DeSOPA . The Firefox add-on is stunningly simple as the Stop Online Piracy Act (SOPA) would block specific domain names (e.g. www.thepiratebay.com ) of allegedly infringing sites. Firefox, which already boasts an outspoken stance against SOPA, and has already shown they are willing to stand by add-on developers who create circumvention extensions designed to go around measures currently employed by Homeland Security, has welcomed a new add-on, one that is designed to circumvent whatever SOPA website blacklists that are created, provided the bills become law. A new anti-SOPA add-on for Firefox, titled " DeSopa " is such a counter measure.When installed, users can click a single button to resolve a blo

Apple Crash Reports Help Hackers to create a jailbreak exploit iPhone " jailbreaking " has been a hot topic since Apple released its smartphone more than two years ago. According to the Latest report posted by BBC  that Thousands of iPhone owners have joined forces with a team of hackers to help them find new ways to jailbreak Apple's phone software & Jailbreakers use Apple crash reports to unlock iPhones. You may be wondering and hearing alot on " What Is Jailbreaking an Iphone? How do you do that? " Jailbreaking is basically modifying the iPhone's firmware so that you can get access to the internals of its operating system and install a whole slew of third-party applications on your iPhone that are not otherwise available through official channels.Jailbreaking your iPhone in and of itself doesn't normally make much difference in your operation of it, but it does allow you to install other third-party applications that are not blessed by Apple. A collective of

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

An Iranian engineer working on the captured US drone has said that Iran exploited a weakness in the craft's navigation system to hijack it. The aircraft was downed through a relatively unsophisticated cyber-attack that tricked its global positioning systems (GPS). The technique, known as " GPS spoofing " has been around for several years, and the Iranians began studying it in 2007, the engineer reportedly said. The U.S. Department of Energy notes that GPS is widely used, but insecure, although few users have taken note. GPS signals for the U.S. military are similarly insecure, and drones often rely on signals from multiple satellites. It's possible to spoof unencrypted civilian GPS systems. But military GPS receivers, such as the one likely installed on the missing drone, use the encrypted P(Y)-code to communicate with satellites. " With spoofing, an adversary provides fake GPS signals. This convinces the GPS receiver that it is located in the wrong place and/or time ," t

1.8 Million Accounts Hacked from Square Enix Japanese Game Company Square Enix stated yesterday that somebody " may have gained unauthorized access to a particular Square Enix server " and took its members service offline in both Japan and the U.S. Today, the company clarified that 1.8 million customer's accounts had been affected. The company said it noticed that unknown parties had accessed the server for its free " Square Enix Members " site on Tuesday afternoon, and decided to shut down the service the same day. Users register on the server with their email addresses and sometimes their names, addresses and phone numbers, but the server holds no credit card information, a spokesman said. The intruder breached an unknown number of servers that could hold data for the service's one million members in Japan and 800,000 members in North America, but left untouched the servers with its 300,000 European members. In May, Square Enix said it suffered hackin

Key infrastructure systems of 3 US cities Under Attack By Hackers BBC News Reported that the Federal Bureau of Investigation (FBI) announced recently that key infrastructure systems of three US cities had been accessed by hackers. Such systems commonly known as Supervisory Control and Data Acquisition (SCADA) are increasingly being targeted by hackers. At a recent cybersecurity conference, Michael Welch, deputy assistant director of the FBI's cyber division, said " hackers had accessed crucial water and power services.The hackers could theoretically have dumped sewage into a lake or shut off the power to a shopping mall ." " We just had a circumstance where we had three cities, one of them a major city within the US, where you had several hackers that had made their way into SCADA systems within the city ," Welch told delegates at the Flemings Cyber Security conference." Essentially it was an ego trip for the hacker because he had control of that city's system and h

Denial of Service Attack Vulnerability in  Windows Phone 7.5 Microsoft's range of Windows Phones suffer from a denial-of-service attack bug that allows attackers to reboot the device and disable the messaging functionality on a device. A malicious SMS sent to a Windows Phone 7.5 device will force it to reboot and lock down the messaging hub . WinRumors reader Khaled Salameh discovered the flaw and reported it to us on Monday. WinRumors said tests revealed that the flaw affected a variety of devices running different builds of the mobile operating system. A Facebook chat message and Windows Live Messenger message will also trigger the bug. Video Demonstration Both Apple and Google have suffered from SMS bugs with their iOS and Android devices. Security researcher Charlie Miller discovered a flaw in the iOS 3.0 software that allowed attackers complete control over an iPhone at the time. Android-based phones also suffered in the SMS attack, but attackers could only knock a phone

Breach confirmed in GlobalSign , SSL certificates not compromised GlobalSign said on Tuesday that the SSL certificate and key for www.globalsign.com may have been exposed after a hack on an external server in September. However, the company said that after investigating the breach it has found no evidence of rogue certificates being issued following the hack. A hacker known as " Comodohacker " compromised other certificate authorities including Comodo and DigiNotar. " I have access to their entire server, got DB backups, their linux / tar gzipped and downloaded, I even have private key of their OWN globalsign.com domain ," the hacker said in a Pastebin at the time. The investigation revealed that the compromise was limited to a peripheral Web server hosting the CA's website and did not affect the part of its network that deals with digital certificates. Companies use digital certificates as a cryptographic online trust technology. A stolen digital certificate can all

Facebook Ticker partially Removed Due To Various Bugs According to a Post on Facebook Known Issues Page , Facebook has removed the ticker apparently motivated the social network to call the phenomenon a bug that's undergoing a fix. Facebook says that " Some people are seeing their ticker disappear. We are aware of this issue and are working to resolve it. ". Comments explaining that people with less active accounts won't see the feature, Because when your friends aren't doing anything on the site, the ticker would only duplicate the news feed and not scroll, so there's no point in the feature taking up part of your screen. Not even this, Last month a Brazilian (independent) Security and Behavior Research had analyzed a privacy issue in Facebook Ticker that allows any person chasing you without your knowledge or consent .How Facebook Ticker exposing your information and behavior without your knowledge. Meanwhile, the Known Issues on Facebook page posted that some people

Web of Trust (WOT) Wins in Court, Favors freedom of speech The world's leading safe surfing tool Web of Trust (WOT) has won the lawsuit filed against it in the United States. WOT was accused of defamation, violating rights, conspiracy and manipulating algorithms. The court of justice in Florida granted the motion to dismiss with prejudice. The case was brought up by ten companies, which are all associated to a person named Mr. Ayman El-Difrawi. The companies demanded WOT to remove ratings and comments for their numerous websites. WOT's advocacy was based on the article 230 of the Communications Decency Act, legislated in 1996 for similar cases. The article protects Internet service providers clearing them from liabilities related to content created by third parties. During the eventful case, the plaintiff changed their claims several times. The last change happened only a day before the oral hearing, when the plaintiff voluntarily dismissed some defendants and half of the claims.

Government organised 12 Chinese Hacker Groups  behind all Attacks About 12 different Chinese groups largely directed by the government there, do the bulk of the China based cyber attacks stealing critical data from U.S. companies and government agencies, according to U.S. cyber security analysts and experts. US online security companies are suggesting that it should have the right to force them to stop " by any means possible ". Sketched out by analysts who have worked with U.S. companies and the government on computer intrusions, the details illuminate recent claims by American intelligence officials about the escalating cyber threat emanating from China. And the widening expanse of targets, coupled with the expensive and sensitive technologies they are losing, is putting increased pressure on the U.S. to take a much harder stand against the communist giant. The report states that many of the attacks carry tell-tale signatures of particular hacking groups being tracked b