Xiaomi's Mi 8 flagship sells out in 1 minute and 37 seconds



Currently in china Huawei is the biggest smartphone brand but Xiaomi's new flagship Mi8 has created a storm in China. Mi 8 went on sale on 5th june and according to Xiaomi, the phone sold out in just 1 minute and 37 seconds. A lot of people are interested in this device because it is providing a lot of high-end specs in a minimal price. As a matter of fact, the Mi 8 starts off at just CNY 2,699  (approx Rs 28,000) which makes it the cheapest smartphone to come with a Snapdragon 845 SoC. This phone can really bring the competition to the OnePlus 6.

Here are the specs of MI 8



Xiaomi Mi 8 Specifications
Dimensions and weight 154.9 x 74.8 x 7.6 mm, 175g
Software MIUI 10 on top of Android 8.1 Oreo
CPU Octa-core Qualcomm Snapdragon 845 (4x 2.8GHz Kryo 385 Gold + 4x 1.8GHz Kryo 385 Silver cores)
GPU Adreno 630
RAM and storage 6GB of RAM with 64GB/128GB/256GB of storage; Mi 8 Explorer Edition: 8GB of RAM with 128GB of storage
Battery 3400mAh, Quick Charge 4.0+ (Quick Charge 3 adapter bundled in the box)
Display 6.21-inch Full HD+ (2248×1080) AMOLED, 600 nits brightness, supports HDR10, DCI-P3 gamut
Wi-Fi 802.11ac
Bluetooth Bluetooth 5.0
Ports USB Type-C port, dual nano SIM slots
Bands GSM: 850/900/1800/1900MHz
WCDMA: 850/900/1700/1900/2100MHz
FDD-LTE: Bands 1/2/3/4/5/7/8/12/17/20
TDD-LTE: Bands 34/38/39/40/41
Rear camera 12MP camera with 1.4μm pixels, f/1.8 aperture, Dual Pixel autofocus, 4-axis OIS
12MP telephoto camera with f/2.4 aperture, 2x optical zoom
Video recording up to 4K at 60FPS, Slow motion at 1080p240
Front-facing camera 20MP front-facing camera, uses pixel binning to simulate 1.8μm pixels, f/1.8 aperture


Xiaomi states that the Mi 8 is the world’s first smartphone to support dual-frequency GPS. It uses the newer, more powerful L5 band on top of the common L1 band to increase navigation accuracy by three to five times.




The Xiaomi Mi 8 will be available in three variants: 6GB of RAM with 64GB/128GB/256GB of storage. The 64GB storage variant costs CNY 2699 ($420), while the 128GB storage and 256GB storage variants will be available for CNY 2999 ($468) and CNY 3299 ($515) respectively.

What is cryptocurrency airdrop : The Complete Guide


What is airdrop


If you are into cryptocurrency I'm sure you must have heard about airdrops. And you are someone new then you might probably thing what is an airdrop. During natural disaster, war time airdrops are carried out to provide essential supplies to people trapped in those area. But in cryptocurrency airdrop have a totally different meaning and today we will see what exactly is an airdrop and how we can make money from cryptocurrency airdrops . Yes you can make a lot of money by airdrops so keep reading.

Airdrop in cryptocurrency world means distribution of cryptocurrency tokens to the wallets of some users for free. These are mostly done up new tokens.


How cryptocurrency Airdrop works ?


There are basically two types of airdrops, one where the tokens are distributed to all the wallets and one where you need to perform some task in order to get some tokens. Most of the time a company will announce their airdrop in their website and ask their users to do certain task like sharing about their project in social media, or inviting their friends to join the airdrop etc.

After you perform their task then they will give you their tokens which might be of worth $5- $10 etc. You might say that it is a very low amount but once the project grows you value too increases. For example few months back a company did an airdrop . Initially its value was low but after few days their airdrop value was more than $2000. Yes that’s the power Airdrop.


Reasons for carrying out an airdrop


There are a lot of reasons why companies does airdrops. It can be for creating hype around their new project which is very much needed if they are doing an ICO  or may be to reward their loyal customers.

Here are some of the reasons why companies carry out cryptocurrency airdrops

1. As a Reward for Loyal Customers
2. To Generate Lead Database
3. To Create Awareness About a New Cryptocurrency
4. Promotion in the Community

How to take part in airdrops


Now here comes the important part. How to exactly take part in cryptocurrency airdrops ? Here is a step by step guide on how you can join airdrops and what are the things that you need to have.

1. An Ethereum Wallet: The wallet cannot be one that is on an exchange. It has to be a personal address that is ERC20 compatible because most of the tokens that are airdropped are ERC20 tokens, which are or were originally Ethereum-based ICOs. I suggest using MetaMask or MyEtherWallet to get started immediately, but in the long-term I always recommend getting a hardware wallet like the Ledger Nano S.


2. A Telegram Account : I’m sure there are amazing reasons why Telegram is the chatting tool of choice for many of these ICOs. The coins want to boost the audience count. Usually, these airdrop coins will also require you to sign up for their Telegram accounts. Until you receive the coin in your Ethereum wallet, do not leave the Telegram accounts or you risk disqualification for the airdrop.

3. A Twitter Account : Similar to the reasons behind the Telegram account, many of the airdrop coins will also require you to follow them on Twitter. Some of them will even ask you to retweet some tweet.


4. An email address :  Sometimes airdrops will ask for your email, too. If you don’t feel comfortable with giving them your real email, just create a spam one. Remember the password, though; some of them actually ask you to confirm your email.


Airdrops are a great way to make some money without much of work. You never know which token will rise and give you good returns so it is advisable to join many airdrops.

Bonus 


If you have made it till the end then i'm sure you are fully interested in airdrops and want to join one. So you might be asking how to know know which tokens are doing airdrops ? So we at TheCoinmill have created a telegram channel where we share updates related to airdrops, cryptocurrency news etc daily. Go join it. : t.me/thecoinmill





List of must have security apps for your mobile [ 2018 ]



Mobile security is increasingly important. We all keep plenty of data on our phones, and some of that data is either personal or sensitive. From the credit card info that’s attached to your Amazon app, to the login data from your banking app, there stuff that we just don’t want other people to know. Or maybe your web browsing history isn’t quite as squeaky clean as it should be. Getting the right kind of security apps for your mobile is essential, but which ones should you choose?

What We’re Looking For.


We’re looking for apps that increase the security on your phone. Useful apps. We’ve dismissed anti-virus or malware apps from this list, since there are tons of them as well as plenty of resources telling you which are the best. So we’re looking at more specialised apps. In addition, a couple of our choices aren’t marketed as security apps as such, they simply have a side effect of increasing security. But if you’re looking to make your data secure, then these are the apps you should think about downloading.

Find My Device


We’re starting out with a no brainer here. Find My Device is by far one of the most useful security apps around. Originally using the name Android Device Manager, Find My Device is a simply little app that tracks your phone. That’s useful if you’ve lost your mobile, had it stolen, or simply can’t remember where it is. You just head to the Find My Device web page on your computer and you’ll get a little blip on a map telling you where your phone is.

But that’s not the real reason we’ve chosen Find My Device. Because the app also has extra features. It allows you to remotely lock your phone, so if you happen to have left it at the office no one can pick it up and get your data. It also allows you to remotely wipe your phone, so if it has been stolen you can erase all that personal data with the press of a button and thieves will never get hold of it. Find My Device is free, and is an absolute essential if you’ve got a mobile phone.

DuckDuckGo Privacy Browser


We all know how much data websites collect about us, and if that thought bothers you, then DuckDuckGo should be one of the first apps that you download. It’s a free, super secure web browser that doesn’t track your web history. It’s sort of like constantly browsing in incognito mode. Once you exit the app, it will no longer remember anything about your last web session. It’s a basic browser and doesn’t have many features other than privacy, but it’s great at what it does. It’s also free, though there are some (non-intrusive) ads.

Haven


Haven is a very unique addition to this list, but also a very cool one. Essentially, it lets you turn a secondary device into a security phone. You download Haven onto an old mobile that you no longer use and that mobile will become your security device (you will need a SIM card for certain notifications so your best bet is looking for a low cost rolling sim only deal). It will record sound through the phone’s microphone, it detects light (if someone opens a door, or opens your luggage, for example). And if you stick that secondary phone into your suitcase or handbag it will set off an alarm when that case or bag is moved. Okay, it’s pretty specialised, but it’s also free and could be a great addition for frequent travellers.

LastPass


If you’re serious about security, then a password manager is a must, and LastPass is the grand-daddy of them all. It stores your individual passwords, so you don’t have to remember all of them (thus encouraging you to use different passwords for different sites, as well as longer, more complicated and therefore more secure passwords). It will also generate super secure passwords for you. It syncs across platforms, so it’ll work on your computer too. And it’s free. There’s a pro version available, but the free version should do everything that the average user needs. Having a password isn’t enough to ensure security. Having a password manager is.

ProtonVPN


A VPN isn’t just an excuse to be able to watch US Netflix from the UK, or to hide your illegal streaming activity. A good VPN will hide everything you do, from inputting a password into a site, to your web browser history. And ProtonVPN, despite being pretty new, is an excellent choice. It’s free, and has full encryption, so anything you do on your mobile whilst the VPN is switched on will be scrambled. The disadvantage here is that speeds on your phone will be a little slower with a VPN switched on, but that’s a small price to pay for complete privacy.

Resilio Sync


Resilio Sync is another fairly unique app. In basic terms, it allows you to create your own cloud storage system. Let’s say that someone sends you a sensitive document on your phone. You want to be able to back up that document, but you don’t want to send such sensitive info to your DropBox or G Drive account. Resilio Sync creates a cloud of storage on your home computer. So you can back up that document from your phone straight to your own PC without it going through the cloud first. Now that’s security. Resilio Sync is free.

Signal Private Messenger


Finally, if you want to send text messages in absolute privacy you actually have a few options. But with the drama surrounding Facebook, WhatsApp (owned by FB) might not be your first choice anymore. And that’s where Signal Private Messenger comes in. Complete end to end encryption of your messages, group messaging, the ability to have messages disappear after a certain amount of time, and absolutely zero data storing in the app, this is the king of private messaging. It’s free, and the only real downside is that you’ll have to persuade all your friends to download the app too.

PoC Code published for instant Blue Screen of Death [ Flaw unfixed ]



If you are a windows user than I'm sure you are familiar with blue screen of death. A Romanian hardware expert has published a proof-of-concept code that crashes most of the Windows computer within seconds. , even if the computer is in a lock state.

This interesting code exploits a vulnerability in Microsoft's handling of NTFS filesystem images and was discovered by Marius Tivadar, a security researcher with Bitdefender.

Affected Systems


1. Windows 7 Enterprise
2. Windows 10 Pro
3. Windows 10 Enterprise

The researcher only tested on the above mentioned system so there is a high chance that other systems too are affected by it.

What exactly is the flaw ?


The  PoC contains a malformed NTFS image that users can take and place it on a USB thumb drive. Inserting this USB thumb drive in a Windows computer crashes the system within seconds, resulting in a Blue Screen of Death (BSOD).

"Auto-play is activated by default," Tivadar wrote in a PDF document detailing the bug and its impact.

"Even with auto-play [is] disabled, [the] system will crash when the file is accessed. This can be done for [example,] when Windows Defender scans the USB stick, or any other tool opening it."

Microsoft declined to fix !


Yes you read it right, Microsoft declined to fix the flaw stating that it requires physical access / social engineering. Tivadar contacted Microsoft about the issue in July 2017, but published the PoC code today after the OS maker declined to classify the issue as a security bug. What makes it more dangerous is that it works even when the PC is locked. So imagine the situation when you lock your system and so somewhere hoping no one can access or cause any damage to your PC, someone can come and plug their pendrive and crash your system completely.

"I strongly believe that this behavior should be changed, [and] no USB stick/volume should be mounted when the system is locked," the researcher said. "Generally speaking, no driver should be loaded, no code should get executed when the system is locked and external peripherals are inserted into the machine."


Utilities of an Ethical hacking Course



Computer hacking involves various nuances. What prompts a hacker is an intent, benign or malicious, to hack a particular application. “Ethical hacking”, a term coined by the cyber industry, describes the actions of hacking that are purely ethical means a hacker exploits a network with the permission of its owner. This distinction keeps Ethical hackers aka white hat hackers separated from black-hatted bad guys.
 Why Use Ethical Hacking?
What can you expect to get when you pay to someone to hack into your application or website? Expose of security vulnerabilities! Being a part of the cyber world, you need to think like a criminal to prevent attacks. Ethical hackers use the same methods as their counterparts to test a security system, but they do it to report problems. The Federal government practices ethical hacking since the 1970s, and most companies employ white hat teams within their information security practice to attain the highest level of security. Other slang terms for ethical hackers are “sneakers,” “red teams”, and “tiger teams”. A variety of certification authorities train and certify your skills in implementing cybersecurity practices in an organization successfully.

Today, application security revolves around penetration testing. Companies perform “Pen tests” by artificially developing the scenarios of hacking and try to mimic what a bad hacker could achieve in reality. For manual application testing, cyber experts attempt to exploit the app and report the findings. From simple information-gathering exercises to outright attacks, different tests are performed which would cause damage if happened actually. Moreover, social engineering techniques have become an integral part of core ethical hacking, for example, tricking emailing staff for revealing passwords and other account details.
Free and Open Source Ethical Hacking Tools to Use:
A wide pool of ethical hacking tools is available to choose from according to challenges and requirements you have for cybersecurity. The tools mentioned below offer just a slice of the available offerings, but they are reliable and come for free. 
Armitage
Being one of the most preferred penetration testing frameworks for networks and IT infrastructure, Armitage is designed for more user-friendly front-end version for the Metasploit framework.
 NMap
Nmap or you can say Network Mapper is an open-sourced utility which works a security auditing tool. By finding a network services out, it hosts to develop a network map, which it further analyzes.
This tool is even featured as the go-to hacking tool in many movies and TV shows.
 WireShark
Its offerings include network protocol capture and real-time analysis which make it a standard tool amongst others. Using this tool gives you a wider look into network traffic and zoom in on individual packets while providing naives a detailed intro to TCP/IP.
 Faraday
This tool has transformed the way to perform pentesting. It has scored 6th rank on the top security tools list by ToolsWatch.org.  It plays a major role in analysis, indexation, and distribution of the data.
 International standards followed by ethical hackers
Being an ethical hacker, you are expected to follow industry trends to carry out penetration testing. An important trend is Payment Card Industry Data Security Standard. With a global set of recognised policies and procedures, this trend enhances the securities of credit, debit in addition to cash card transactions, and safeguards cardholders personal information.
Apart from having large teams of employees as ethical hackers, organizations own ethical hacking labs like Trustwave Holdings Inc., heading towards comprehensive cybersecurity which includes the tracking of vulnerabilities in ATMs, POS devices along with surveillance systems.
Hacking is a passion, but it must be ethical in all aspects. It’s a good career option, but only if you have good  knowledge of advanced tools and techniques. Proceeding with an ethical hacking course will make you think of, work for, and make decisions for like a professional hacker.

Online stored based on Magento hacked to steal card data, run cryptojacking scripts



Security researchers have identified 1000+ magento sites that have been hacked by hackers and infected them with malicious scripts which can be used to steal credit card data, deliver malware or run crypto mining scripts.

"The Magento sites are being compromised through brute-force attacks using common and known default Magento credentials," Flashpoint researchers say.

How the hacking took place ?

When users install magento they get a default credentials and in most of the cases brute force attack was sued to compromise the sites. Once attackers gain access to these sites, researchers say they've observed three main patterns of malicious activities.

The most common practice is to insert malicious code in Magento core files, code that logs payment card information entered inside the checkout process. Such malware is named a card scraper, and users should expect to find one on any e-commerce store that looks to have missed a few updates.

Second, attackers also deploy cryptojacking scripts that mine Monero on the computers of store visitors, a practice that has become quite common these days, across all sites, not just Magento stores.

Last but not least, hackers also use these compromised Magento stores to redirect some of the infected sites' visitors to malicious sites that attempt to trick users into downloading and installing malware on their computers. According to cases investigated by Flashpoint researchers, the most prevalent tactic was to redirect users to sites offering phony Adobe Flash Player update packages, which would infect users with the AZORult infostealers.