The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The Security audit of TrueCrypt disk-encryption software has been completed, with no evidence of any critical design vulnerabilities or deliberate backdoors in its code. TrueCrypt -- one of the world's most-used open source file encryption software used by Millions of privacy and security enthusiasts -- is being audited from past two years by a team of security researchers to assess if it could be easily exploited and cracked. Hopefully, it has cleared the second phase of the audit. TrueCrypt is a free, open-source and cross-platform encryption program available for Windows, OSX and Linux that can be used to encrypt individual folders or encrypt entire hard drive partitions including the system partition. NO NSA BACKDOORS Security Auditors and Cryptography Experts at NCC took an initiative to perform a public information security audit of TrueCrypt in response to the concerns that National Security Agency (NSA) may have tampered with it, according to a leaked cl

In the War against Ad injectors , Google has started removing ad-injecting extensions for its Chrome browser after it discovered as many as 200 Chrome extensions that exposed Millions of its users to malicious software and fraudulent activities. While working with a team of researchers from the University of California, Berkeley, the search engine giant found that over 5 percent of its users were infected with ' Ad Injectors ' — software that inserts ads or replace existing ads into the pages you visit while browsing the web. In last three months, Google received more than 100,000 complaints from its Chrome users about ad injection, which is far more than what the company receives for network errors, performance problems, or any other issue. Ad Injectors are sometimes more than just intrusive. A visitor to a website can be tricked into downloading an unwanted software and programs that could result in a major security risk, just what happened in the recent Sup

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

A security researcher has discovered a simple but critical vulnerability in Google-owned YouTube that could be exploited by anyone to knock down the whole business of the popular video sharing website. Kamil Hismatullin , a Russian security bod, found a simple logical vulnerability that allowed him to delete any video from YouTube in one shot . While looking for Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF) flaws in YouTube Creator Studio, Hismatullin came across a simple logical bug that could wipe up any video by just sending an identity number of any video in a post request against any session token. The bug was simple but critical as it could be exploited by an attacker to fool YouTube easily into deleting any video on its system. "I've fought the urge to [delete] Bieber's channel," Hismatullin wrote in his blog post . "Luckily no Bieber videos were harmed." Citing the consequences of the issue, Hismatullin said "this vulne

The recently disclosed FREAK (Factoring attack on RSA Export Keys) attack is an SSL/TLS vulnerability that is affecting major browsers, servers and even mobile devices.  FREAK vulnerability allows the attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to manipulate or steal sensitive data. Although most major hardware/software vendors and owners have patched this flaw, many are still susceptible to this kind of attack.  Instrumental in discovering FREAK flaw, the University of Michigan conducted scans and discovered that an estimated 36.7% of the 14 million websites offering browser-trusted certificates were vulnerable at the time of disclosure.  This includes some very high profile pages like nsa.gov, irs.gov and even the ubiquitous connect.facebook.com (the source of all Facebook "Like" buttons.) IMPACTS OF FREAK ATTACK Intercepts your sensitive,

Chinese smartphone maker OnePlus who recently announced that the company is planning to launch its latest flying drone, OnePlus DR-1 , saying it would be a " Game Changer. " There have already been some speculations about a drone from OnePlus circulating on the Internet, but now the company has confirmed during a Reddit AMA (Ask Me Almost Anything) session that OnePlus DR-1 (aka DR-ONE ) will land on its online store next month. OnePlus also posted a Vine video on Tuesday with the caption " Feeling adventurous? The DR-1 is flying to our store next month. #OneGameChanger. " The six-second short video did not give much information about the new drone, but it hints more or less that the company is working on a drone. The product page of DR-1 sectioned impressive lines such as " innovating a whole new way of thinking about drones " and telling users to " experience the next age of aviation technology with effortless transportation and

Imagine — reaching into your pocket — and pulling out a computer ! Google has made it possible to put your whole computer into your pocket by introducing a whole new kind of Chrome device — a tiny stick that plugs into HDMI port of any display. Dubbed ChromeBit , a fully featured computer-on-a-stick from Asus that Google promises to retail for less than $100 when it comes out this summer. You just need to plug a Chromebit right into your TV or any monitor in order to turn it into a full-fledged Chrome OS -based computer. Google Chromebit is portable with an impressive look and will be available in three attractive colors — silver, blue and orange. It has a smarter clinch on the business end so that a user can easily plug it into practically any HDMI port without the need of any extension cable. SPECIFICATIONS This tiny little Google ChromeBit stick packaged with: Rockchip RK3288 (with quad-core Mali 760 graphics) 2GB of RAM 16GB of solid state storage memory