The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Giveaway: Win a Backtrack or iPhone book After the huge success of our earlier giveaway we have again teamed up with Packt Publishing and we are organizing a giveaway where Three lucky winners stand a chance to win a copy of their choice between two great selling books i.e iPhone Applications Tune-Up or BackTrack 4: Assuring Security by Penetration Testing.  Keep reading to find out how you can be one of the Lucky Winner.  The contest will close on 05/FEB/2012. Overview of the first book: iPhone Applications Tune-Up Tune up every aspect of your iOS application for greater levels of stability and performance. Read more about this book and download free Sample Chapter here Overview of the second book: BackTrack 4: Assuring Security by Penetration Testing • Learn the black-art of penetration testing with in-depth coverage of BackTrack Linux distribution. Read more about this book and download free Sample Chapter here How to Enter? 1) Tweet this article – you can use the tweet but

Multiple Cross Site Scripting ( #XSS ) Vulnerabilities in Forbes Ucha Gobejishvili ( longrifle0x ) , A Georgian Security Researcher Discover two Cross Site Scripting ( XSS ) Vulnerabilities on the Official website of Forbes , an American publishing and media company. Cross-Site Scripting occurs when an attacker can send a malicious script to a different user by relaying the script from an otherwise trusted or innocuous server. These flaws are extensive on the Web and allow an attacker to place malicious code that can execute attacks against other users in the security context of the web servers of the trusted host. 1.) First Vulnerable Link : Click Here 2.) Second Vulnerable Link : Click Here Cross-Site Scripting typically involves executing commands in a user's browser to display unintended content, or with the intent of stealing the user's login credentials or other personal information. This information can then be used by the attacker to access web sites and services

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

WOL-E : Wake on LAN - Explorer WOL-E is a suite of tools for the Wake on LAN feature of network attached computers, this is now enabled by default on many Apple computers. These tools include: Bruteforcing the MAC address to wake up clients Sniffing WOL attempts on the network and saving them to disk Sniffing WOL passwords on the network and saving them to disk Waking up single clients (post sniffing attack) Scanning for Apple devices on the network for WOL enabling Sending bulk WOL requests to all detected Apple clients. Download

SOPA in US and Censorship in India : A cocktail to destroy Internet Freedom ! As US senators mull over the SOPA(Stopping Online Piracy Act) and PIPA(Protecting Intellectual Property Act) bills, the world stands witness to a historic moment. Almost all big IT companies like Google, Wikipedia, Facebook, Mozilla, Godaddy, etc are speaking in one unanimous voice against SOPA and Internet Censorship. The draconian provisions of SOPA/PIPA are bound to create the deathbed of internet freedom and free speech, and if a careful reading of the proposed legislation is done, one realizes that it is likely to have the same impact on India. In the disguise of protecting copyrights and stopping piracy its completely clear that the US government is trying to assert its control over the free flow of information on internet which is some time uncomfortable to them. Giving power to Attorney General to direct search engines like Google to filter particular search results, or asking an ISP to manipulat

Microsoft Windows 8 with Resilient File System (ReFS) Microsoft is switching to the Resilient File System for Windows 8, but only the server edition will support the new and more robust file system. While Windows 8 client machines will continue to use the NTFS filesystem. ReFS is meant to maintain compatibility with the most frequently-used features of NTFS, including Bitlocker encryption compatibility, Access Control Lists (ACLs) to control permissions, change notifications, symbolic links, and others, while shedding legacy features and picking up new ones to make it more useful and versatile on today's drives. Also, in its current state ReFS cannot be used for removable media, or for any partition used to boot Windows – it is purely a file system solution for data storage right now. Windows 8 clients will be able to access and read ReFS partitions from launch though. According to a blog post from the Windows engineering team, the key goals of ReFS are: 'a high degree' of c

Book Review: BackTrack 4: Assuring Security by Penetration Testing This review is for the BackTrack 4: Assuring Security by Penetration Testing book published by Packtpub written by Wes Boudville. The authors tackle a persistent danger to many websites and networks that hang off the Internet, where often the complexity of the operating systems and applications and the interactions between these can open doors to attackers. So the basic idea of penetration testing is to preemptively probe ('attack') your system. Find the weaknesses first, before others do so. In part, the text offers a good overview of the field, separate from the usages of BackTrack. So you get a summary of several common security testing methodologies. Including the Open Source Security Testing Methodology Manual. If you have a background in science experiments, you'll see clear parallels in how this OSSTMM approach investigates an unknown system. As far as BackTrack is concerned, its capabilities are

Cyber War : Another 7000 Israel credit cards Exposed on Internet This week has began under worse auspices worse for Israel, which, despite its attention to the cyber threats posed by cyber-space, has been victim of a series of attacks that have checkmated the government of Jerusalem. Kosova Hacker's Security Group of Hackers today claim to release another Another 7000 Israel credit cards on Internet. Last week  xOmar from  "group-xp"  threatened the Israeli people by exposing millions of credit cards. After that Israel said that it will respond to cyber-attacks in the same way it responds to violent terrorist acts, by striking back with force against hackers who threaten the Jewish state.  The Dump of these 7000 Cards are posted on Tinypaste  by Kisova Hackers. Th3 Dir3ctorY, ThEtA.Nu, & X|CRIPO, three hackers from  Kosova Hacker's Security  Group posted all the credentials including full name of the card holder, CCV, card no, expiry date. More, Saudi cybe

INNA - Romanian singer 's Site Defaced by DARKDevilz Crew After Hack of Official Website ( www.innaofficial.com and www.inna.ro ) of INNA by DARKDevilz Crew Hackers., Million of her Fans Redirected to another defaced page at  https://meb.zgokalp.k12.tr/tok.html  as shown above. Below we upload a screenshot of Source code of URL :  https://www.innaofficial.com/videos/  . Here you can see the Refresh-Metatag that redirecting webpage to another site that contains a message posted by Hacker. Mirror of Hack is also available here : Mirror 1 & Mirror 2 . [ Source ]

UniOFuzz  0.1.2-beta  - Universal fuzzing tool Released UniOFuzz version 0.1.2-beta - the universal fuzzing tool for browsers, web services, files, programs and network services/ports released by  nullsecurity team . Video Demonstration:  pigtail23, Developer of UniOFuzz demonstrated the tool in above Video. Download UniOFuzz

Book Review: IPhone Applications Tune-up Packt recently published a new book- IPhone Applications Tune-up . The book is of course about programming for the iPhone. But there is one chapter on maintainability that is far broader applicability than just the iPhone. This review was written by Wes Boudville . Read more about the book or download a free Sample Chapter here: Sample Chapter Moses explains several general aspects of programming that can and should be adhered to by most participants. Experienced programmers already know this. But if you are starting professional coding, you should pay serious heed. Specifically Moses says you should comment your source code. However, it is "likely a developer's least exercised skill". Learn to regularly put into the source code intelligent comments that explain the context of the source lines they are next to. Especially if the source is intricate. Moses disposes of the objection that some say, that the time taken to write comm

100 Kenya government websites breached by Indonesian hacker An Indonesian hacker on Tuesday attacked and defaced more than 100 Kenya government websites Among the ministries affected include the Ministries of Local Government, Livestock, Environment, Fisheries, Housing, and Industrialisation in a major cyber security breach. A Kenyan expert aware of the incident said an Indonesian hacker known as direxer was responsible for the hacking. The hacker, referred to as Direxer , broke into the sites and defaced them to show that he had managed to access them. Others hacked sites are ministries of Finance, Education, Public Health, Youth Affairs, National Heritage and Roads; as well as sensitive departments such as Administration Police, Immigration, Prisons and various city, municipal and county councils. Check List here . A Cyber Incidence Response Team (CIRT) based at the Communications Commission of Kenya (CCK) has moved into action and was making efforts to restore the affected webs

The Undead  "Corporations" by Patti Galle  The Hacker News Editor " Patti Galle " share her views about Corporations in THN Magazine December Edition . We would like to share same article with our blog Readers. Enjoy the interesting read : Corporations are soulless entities possessing privileges and the rights of citizenship that actual people have; all the while not having to shoulder any of the natural responsibilities. Undead Corporations have concentrated the essence of avarice, rage and fury to form their corporate structure. And as these covetous Corporations have accumulated immeasurable wealth they have methodically utilized this wealth and power to procure, infiltrate, and seize control of the influential and powerful American government and many governments across the world vigorously fusing them into a globe-encompassing non-living aberration, now rightfully called or labeled as Corporatocracy. At present, on an ever escalating level, world governments are vi

SP Toolkit - Open Source Phishing Education Toolkit A new open source toolkit makes it ridiculously simple to set up phishing Web sites and lures. The software was designed to help companies test the phishing awareness of their employees, but as with most security tools, this one could be abused by miscreants to launch malicious attacks. The spt project is an open source phishing education toolkit that aims to help in securing the mind as opposed to securing computers. Organizations spend billions of dollars annually in an effort to safeguard information systems, but spend little to nothing on the under trained and susceptible minds that operate these systems, thus rendering most technical protections instantly ineffective. A simple, targeted link is all it takes to bypass the most advanced security protections. The link is clicked, the deed is done.spt was developed from the ground up to provide a simple and easy to use framework to identify your weakest links so that you can patc

Indian BJP Politician 's bank accounts hacked A local News paper today reported that ,The four axis bank accounts belonging to city's Ganesh Shipping firm were hacked by unknown persons and Rs 4, 00,100 was transferred to a different account of Moradabad and Sind Bank. Following a complaint by Shetty, Bunder North Police Inspector Vinay Goankar ensured that the Moradabad account was frozen by informing bank authorities there. Investigation in Process.

The Cloud Security Rules Book - Technology is your friends & Enemy Well-known security experts decipher the most challenging aspect of cloud computing-security.  The Cloud Security Rules book is available on Amazon.com and selected book stores from October 2011. According to Description available on official site " This book targets decision makers in organizations worldwide. Whether you run a small company, is the president of a global NGO, or the CISO of a well-known brand - this book brings you relevant knowledge about security in the Cloud.This book helps you to understand the differences and the similarities between cloud computing and traditional networking - which in essence is the same, yet different. If you are considering moving to the cloud, or are looking for a higher level of security for your existing appliance, The Cloud Security Rules help you to choose the right level of security - based on your needs and understanding ." As the most current and comp

No Turning Back ~ 2012 by Patti Galle Patti Galle , from The Hacker News Editorial Staff wrote an Article in THN Magazine January Edition . We would like to share this read with all of our site readers. Rebellions are most always rooted in a call for justice, decency and morality. World history is full of countless rebellions against despots and others who did not conform to the will of the people. And as inequality grows to absurd new heights around the world and institutions of power are considered fundamentally dishonest, corrupt, and leaders no longer command the respect and confidence of the people then you have societies where social upheaval is inevitable. Rebellions spring up against fraudulent power and authority, and it is grounded in real outrage against mass murder (neo-imperialism, neo-colonialism), violation of human rights (torture, war crimes), widespread lying and hypocrisy, endemic political corruption, unrestrained thirst for money and power, and unprecedented

Wireless Penetration Testing Series Part 2: Basic concepts of WLANs This blog post is in continuation of the Wireless Penetration Testing and Hacking series we started ( Part 1: Getting Started with Monitoring and Injection ) on the basis of the "SecurityTube Wi-Fi Security Expert" ( SWSE ) course which is based on the popular book " Backtrack 5 Wireless Penetration Testing ". In the third video, the instructor talks about some of the basic concepts of WLANs. We learn that communication over WLAN's happens over frames. There are mainly 3 types of WLAN frames which are Management frames, Control frames, and Data frames. These types of packets also have different subtypes . We learn that an SSID is a name given to an Access point or a network consisting of multiple Access points. We then learn about Beacon frames which are broadcast frames sent out periodically by Access point to broadcast their presence in the current RF (Radio frequency) vicinity. The instructor then starts wire

Saudi hacker target Israeli stock exchange and National air carrier Saudi cyber Hacker OxOmar  struck again on Monday. This time disrupted the websites of Israel's stock exchange and National air carrier. Last week he had leaked private information about more than 400,000 Israelis. Credit card companies said around 25,000 numbers, some of them expired, had been posted . The pro-Palestinian group is referring to itself as " Nightmare ." The site of El Al crashed but officials at Israel's flag carrier would not confirm or deny the incident was the work of hackers. A person familiar with the situation at El Al Israel Airlines says the carrier took down its website Monday after the alleged Saudi hacker network behind previous attacks warned that both sites would be targeted. " There has been an attack by hackers on the access routes to the (TASE) website. The stock exchange's trading activities are operating normally ," said Orna Goren, deputy manager of the excha

Nigerian Army Education site hacked by Nigerian Hacktivists Today the official website of Nigerian Army Education Corps ( NAEC ) got defaced by some Nigerian Hacktivists, He tweeted . The Complete message posted by Hackers as shown below:

Hacker will release full Norton Antivirus code on Tuesday A hacker with code name of ' Yama Tough ' announce via Twitter that on Tuesday he will leak the full source code for Symantec Corp's flagship Norton Antivirus software which is 1,7Gb src. Last week Yama Tough has released fragments of source code from Symantec products along with a cache of emails. The hacker says all the data was taken from Indian government servers. Yama Tough is trying to prove that Indian government was snooping on America and China. YamaTough said via Twitter " Pass it on to forensics and win the lawsuit ,".He has offered support to an American man who filed a lawsuit against Symantec Corp by publishing source code from a 2006 version of Norton Utilities, a software program at the heart of the legal dispute. It was not immediately clear how the source code might help the case. A Symantec spokesperson commented on the incident: " We are still gathering information on the det