iPhone 8 latest Leaked Images Reveal Bezel-Less Design



The internet is full with leaks of iPhone 8. Be it in terms of designs, specs, hardware - you name it. But the device’s individual parts are now cropping up online. These arrive just at the time when mass production of the iPhone 8 has reportedly begun. The latest iPhone 8 leaks show us the front and back panel, the camera ring at the back, and even the metal frame of the upcoming Apple flagship.

 
A Reddit user going by the name Kamikasky posted the front and back panle images of the upcoming iPhone 8 . He claims to have gotten hold of these from an industry source, who got it from the Chinese manufacturers directly. The leak shows that the iPhone 8 has a glass back, with the Apple logo and the vertical dual camera setup at the back.


 
If these rumours are true then it would be confirmed that the iPhone 8  is sporting a nearly bezel-less glass front and a completely glass back instead of the usual aluminum.

Apple is expected to give iPhone 8 owners more screen  than the 5.5-inch iPhone 7 Plus without actually making its smartphone size any bigger.

Apart from this leak there are some other leaks too

1. No version is planned with a rear fingerprint scanner
2. AuthenTech’s long standing Touch ID capacitive touch module has been replaced
3. There will be Facial Detection and a Retina Scanner
4. RAM remains at 3GB like the iPhone 7 Plus
5. There’s wireless charging via a rear panel
6. It will again be “water resistant” (no word if the rating has increased)
7. There is no USB-C, Apple is sticking with Lightning

The iPhone 8 is also expected to be powered by the A11 chip, feature an OLED panel, have a 3D front camera, and sport some AR features as well. While some report of a delay in launch, some reports claim that the iPhone 8 is on schedule and will launch in September.

Popular restaurant search company Zomato Hacked, 17 Million Accounts Sold on Dark Web



From the last few years, dark web is getting popular for selling illegal stuff like  drugs, weapons, databases, fake documents etc. Recently, HackRead found out a vendor going by the online handle of “nclay” is claiming to have hacked Zomato and selling the data of its 17 million registered users on a popular Dark Web marketplace.



The database includes emails and password hashes of registered Zomato users while the price set for the whole package is USD 1,001.43 (BTC 0.5587). The vendor also shared a trove of sample data to prove that the data is legit. Here’s a screenshot of the sample data publicly shared by “nclay.”

Folks at Hackread tested the sample data on Zomato's login page and found that each and every account mentioned in the list exists on Zomato.




“The data was stolen this month and this year, May 2017,” hacker told HackRead.

Zomato do have a HackerOne page where hackers can report flaws but hackers who report vulnerabilities only receive Hall of Fame recognition or a certificate of acknowledgment. Personally speaking, I don't have a good experience reporting flaws in Zomato. I reported them a flaw last year and now its been more than 1 year but they did not reply me about it.


What can you do if you have an account in Zomato


  • If you have an account in zomato then you should change your password.
  • Also Do not use same password for online accounts, else if one of the account gets compromised hackers can get into other accounts as well.
  • Use a password manager

WannaSmile - A simple tool to protect yourself from WannaCry Ransomware



WannaCry Ransomware is spreading like wild fire. It uses vulnerability in Microsoft's SMB ( which is turned on by default ).

Here is a detailed article about the Ransomware :  How to protect yourself from WannaCry Ransomware 

On 13th may 2017 , security researcher going with the handle @malwaretech and Darien Huss found a 'kill-switch' which paused the ransomware. Basically the ransomware opens a unregistered domain and if fail to open then the system is infected. So @malwaretech registered the domain which stopped the ransomware.

Soon Cyber criminals around the world DDOSed it to take it down so that the ransomware can continue affecting.

Also the 'kill-switch' won't work if :
  • System is not connected to internet
  • If the 'kill-switch' domain is down
  • If it is blocked by the isp or firewall


The solution

WannaSmile is a simple program created by me and my friend Hrishikesh Barman.

Here is the link to the Repo : WannaSmile 

WannaSmile obtained the
100% Clean Softpedia Award



It can do the following :
  • It will disable SMB in your system ( which is enabled by default )
  • ( OnlineFix ) It will edit your host file and add google's IP to the 'kill-switch' ( which means even if the site goes down you wont be affected )
  • ( OfflineFix ) It will create a lightweight local web server and add localhost to 'Kill-switch'

Offline fix for WannaCry


Runs a local server and localhost to the wannaCry kill-switch by appending hosts file. This is done so that when the ransomware tried to connect to the website it does not fail which will eventually stop the ransomware.

Instructions

1. Install the wannaSmile service by running the setup.exe from this release. (Download the wannasmile.zip file)

2. After Installing you need to start the service once and then it will do the rest automatically

To do that

  • Open start menu
  • Search services
  • Open the Services desktop app (a gear icon)
  • Inside Services search for WannaSmile (The list is alphabatical)
  • right click on WannaSmile and click start 
The service will be running and the wanna cry IPs will be blocked along with the SMBs

    WannaSmile - OnlineFix 

    How to run


    You directly run the .exe file and it will do the magic. ( Run as Administrator ). If you don't trust our .exe file then you yourself can compile and run it.

    Tip

    •     Use the OnlineFix if you are always connected to the internet
    •     Use the OfflineFix if you are not connected to the internet.

    Note : For a permanent fix, PLEASE UPDATE YOUR WINDOWS ASAP TO PATCH (MS17-010)

    Media Coverage 

    1. The hacker news
    2. The Economic Times

    Got featured by The Economic Times newspaper in all the 24 editions

    3. Softpedia

    Link : WannaSmile Protects Windows Users Against WannaCry



    How to protect yourself from WannaCry Ransomware




    Yesterday, a massive ransomware campaign hit computer systems of hundreds of private companies and public organizations across the globe. It is believed to be the biggest ransomware attack that the cyber community have ever seen. It has already infected over 75,000 PCs in 99 countries including United States, Russia, Germany, Turkey, Italy, Philippines and Vietnam, India in less than 24 hours.

    The ransomware, called "WannaCry," is spread by taking advantage of a Windows vulnerability that Microsoft released a security patch for in March. But computers and networks that haven't updated their systems are at risk.

    Countries infected with the ransomware


    According to a report, the ransomware attack has shut down work at 16 hospitals across the UK after doctors got blocked from accessing patient files. Another report says, 85% of computers at the Spanish telecom firm, Telefonica, has get infected with this malware.

    Once infected with the WannaCry ransomware, victims are asked to pay up to $300 in order to remove the infection from their PCs; otherwise, their PCs render unusable, and their files remain locked.

    "Affected machines have six hours to pay up and every few hours the ransom goes up," said Kurt Baumgartner, the principal security researcher at security firm Kaspersky Lab. "Most folks that have paid up appear to have paid the initial $300 in the first few hours."

    Got scared already? Don't want to be a victim of WannaCry Ransomware?



    Here are some easy steps to protect your machine and secure your files from falling hostage to online scammers.


    1. Patch you operating system


    First of all, if you haven't patched your Windows machines and servers against EternalBlue exploit (MS17-010), do it right now. Following the installation, make sure to reboot the system.

    In general, patching your system and installing regular Microsoft updates should secure an average PC user from unwanted vulnerabilities.

    2. Beware of emails


    Just as with many other ransomware, it can penetrate the system not only through a Windows vulnerability, but also through the “spray-‘n’-pray” phishing attack, which involves spamming users with emails that carry a malicious attachment. The attackers can also lure a victim to click on a URL where malware will be ready to crawl into your machine.

    3. Backup your files


    It is highly advised, in order to protect yourself from being held hostage to data thieves, to create secure backups of important data on a regular basis. Simply backing up is not enough though, as physically disconnecting the storage device is required to avoid it being infected with ransomware as well. Cloud storage is another option to use, but it makes your data vulnerable to all other kinds of attacks.

    4. Get an Anti virus


    Install an anti virus if you don't have it already. Also make sure that you run an active anti-virus security suite of tools on your system, and most importantly, always browse the Internet safely.



    Programming languages that you should learn to be a Hacker



    I often get this question. Many people ask me what are the programming languages that are needed to be a hacker. Well, to be a hacker you should know many programming languages and skills since the various applications and websites which you’ll exploit are programmed in different programming languages.

    A hacker is a person who finds the vulnerabilities in a computer program or a computer network and then exploits them by using one of these programming languages to write an exploit that addresses a particular vulnerability

    Here follow three hacking domains and the languages you must learn to master them.

    1. Web Hacking :


    Web hacking is one of the most popular domains in the hacking world. To do web hacking you need to understand the languages that are used to code a website like; JavaScript, HTML, PHP & MySQL.

    The majority of websites are built by using these languages. 

    So for this domain you’ll need to learn:

        HTML.
        JavaScript
        PHP
        SQL

    2. Operating Systems Hacking & Exploits Writing :


    An exploit is a piece of software code written to take advantage of bugs (exploiting a vulnerability); it’s an application or software.

    Exploits consist of a payload and a piece of code to inject the payload into a vulnerable application. The main purpose is to get access to the system in order to control it.

    So for this domain you’ll need to learn:

        C.
        C++.
        Python.
        Perl.
        Ruby.

    3. Reverse Engineering :-


    Reverse engineering is taking apart an object to see how it works in order to duplicate or enhance the object. The practice, taken from older industries, is now frequently used on computer hardware and software.

    Software reverse engineering (as black-hat hackers and crackers do) involves reversing a program’s machine code back into the source code that it was written in using programming language statements.

    For this domain you need to learn:
        C.
        C++.
        C#.
        VB.
        Python.
        Perl.
        Ruby.
        JavaScript.
        PHP.
        Java.
        Delphi.
        ObjectiveC.
        ErLang.
        Go Lang.
        SQL

     So these are the programming languages that are used by hackers for various purposes. If you are beginners then you should first start with Web Hacking as it is easy to start with and you get a good platform to try out your skills.

    Beware of the big Google Docs scam - How to protect yourself



    Did someone share  a google docs with you ? If yes then you may well be one of the millions of internet users who became a victim of this scam campaign.

    In the last few days a lot of people are getting emails from people they know with a regular invitation to view a Google document  which says that the person [sender] "has shared a document on Google Docs with you."  It might even appear to have been sent from one of your known friends, family members, or colleagues – lulling you into a false sense of security.



    Once you clicked the link, you will be redirected to a page which says, "Google Docs would like to read, send and delete emails, as well access to your contacts," asking your permission to "allow" access.

    Now here is the catch. It’s a fake app that is named Google Docs, but it’s actually a guy named Eugene Pupov trying to trick you. Click the blue “Google Docs” link to get more info on the app:

    Since the app will allow access to “manage your contacts” and “read, send, delete, and manage email”, it gives the attacker full access to your Inbox. It also allows the attacker to propagate the scam by sending the same email to all of your contacts.

    In short, anything linked to a compromised Gmail account is potentially at risk and even if you enabled two factor authentication, it would not prevent hackers to access your data.

    What to do if you've already fallen victim

    If you have fallen victim of this scam then you need to remove permissions given to the app. 

     

    • Go to your Gmail accounts permissions settings at https://myaccount.google.com and Sign-in.
    • Go to Security and Connected Apps.
    • Search for "Google Docs" from the list of connected apps and Remove it. It's not the real Google Docs