HWN - Hacking World News

Latest Hotmail Avril 2012's critical vulnerability

2012-04-17T19:47:00.002-07:00

We haven’t reported a whole lot about Hotmail over the years, probably because since Gmail took over – Hotmail has mostly taken a backseat.

The latest news is there has been a nasty bug in Hotmail for a while that has been actively exploited allowing the attacker to change the victim's password.

All we we'll need is to install Tamper Data which is a Firefox Extension which gives you the power to view, record and even modify outgoing HTTP requests.

Download from here

N.B : Hotmail has found temporarily solution, so you'll get this error " Un problème temporaire avec ce service s'est produit. Réessayez. Si ce message continue de s'afficher, réessayez plus tard."

N.B : we will not take responsibility for misuse or misinterpretation of information provided on our site. Advice, statements, comments or opinions should not necessarily be relied upon.

Correction of a vulnerability in Minify PHP Library

2012-03-24T08:55:00.004-07:00

A young Moroccan white hat allows the correction of a vulnerability in the library Minify.

His name is Ayoub Aboukir, he is 18 years old. He discovered a critical flaw in the library Minify.

A widely used bookstore and even integrated into projects and open source frameworks such as renowned Wordpress, Zend, Symfony, Moodle, Yii.

The vulnerability is a DOM-based XSS (after the 3rd kind and reflected XSS, persistent XSS) Which allow attackers to attack users' accounts by recovering their session cookie.

The young White Hat has opted for a "Responsible disclosure" with the developers of the library, thereby protecting the users and give developers time to fix this security problem.

Anonymous Takedown several Vatican Websites

2012-03-10T09:27:00.002-08:00

The Italian Anonymous Hackers took down the Vatican's website (Vatican.va) on Wednesday in retaliation for the "corruption" of the Roman Catholic Church. On an Italian-language website Anonymous accused the Catholic Church of being responsible for various misdeeds throughout history including the burning of heretics during the inquisition. In their statement the group noted:

“Anonymous decided today to besiege your site in response to the doctrine, to the liturgies, to the absurd and anachronistic concepts that your for-profit organisation spreads around the world.” “This attack is not against the Christian religion or the faithful around the world but against the corrupt Roman Apostolic Church.”

Meanwhile, late on Tuesday hackers associated with LulzSec took down and defaced more than 25 websites belonging to Panda Security, claiming the security firm had been "earning money working with Law Enforcement to lurk and snitch on anonymous activists."

The feds charged Ryan Ackroyd (aka kayla), Jake Davis (aka topiary or atopiary), Darren Martyn (aka pwnsauce, raepsauce, or networkkitten), and Donncha O'Cearrbhail (aka palladium) in Manhattan Federal Court with computer hacking conspiracy for the hacks of Fox, Sony Pictures, and PBS.

Anonymous Hacks FBI and Records Conference Call

2012-02-04T10:02:00.001-08:00

Earlier today, Anonymous released a confidential conference call between the FBI and law enforcement officers in the UK. The 16-minute call discusses ongoing investigations into hackers associated with Anonymous, AntiSec, and LulzSec.

From all appearances, Anonymous retrieved the sensitive access code information and a list of attendees from an FBI email account. The group released a roughly 15-minute-long recording of what appears to be a Jan. 17 conference call devoted to tracking and prosecuting members of the loose-knit hacking group.

The email, titled “Anon-Lulz International Coordination Call”, was published on pastebin earlier today: http://pastebin.com/8G4jLha8 . The email with details for accessing the call was sent to law enforcement officials in Britain, France, the Netherlands and others but the only people who identify themselves on the call are from the FBI and Scotland Yard.In a message on Twitter, Anonymous posted links to the audio recording and said the FBI "might be curious how we're able to continuously read their internal comms for some time now."

NASA and Pentagon Hacker - TinKode Arrested in Romania

2012-02-02T06:55:00.000-08:00

Romanian police have arrested a man believed to be TinKode, the notorious hacker responsible for several daring, high-profile cyberattacks, including last year's breach of NASA's servers, Royal Navy, The European Space Agency and MySQL.com. The 20-year-old man, named as Razvan Manole Cernaianu, allegedly attacked Pentagon and NASA computer systems, revealed security holes, and published information about SQL injection vulnerabilities he had discovered, the Romanian Directorate for Investigating Organized Crime and Terrorist (DIICOT) said in a press release.

He also posted a video on his blog demonstrating an attack he carried out against the U.S. government, and created and offered for sale a computer program used to hack Web sites. Through his exploits, Cernaianu blocked access to systems and seriously disabled their proper functioning, authorities said.

Currently, Cernăianu is being taken to Bucharest for questioning and he is charged with breaching a computing system without authorization, unauthorized transfer of data from a computing system, and the disruption of a computing system. Romanian authorities said the FBI and NASA took part in the investigation.