Zero Day Vulnerability in Telegram

A zero-day vulnerability has been discovered in the desktop version for end-to-end encrypted Telegram messaging app that was being exploited in the wild in order to spread malware that mines cryptocurrencies such as Monero and ZCash.

The Telegram vulnerability was uncovered by security researcher Alexey Firsh from Kaspersky Lab last October and affects only the Windows client of Telegram messaging software.

The flaw has actively been exploited in the wild since at least March 2017 by attackers who tricked victims into downloading malicious software onto their PCs that used their CPU power to mine cryptocurrencies or serve as a backdoor for attackers to remotely control the affected machine, according to a blogpost on Securelist.

Here's How Telegram Vulnerability Works

The vulnerability resides in the way Telegram Windows client handles the RLO (right-to-left override) Unicode character (U+202E), which is used for coding languages that are written from right to left, like Arabic or Hebrew.

According to Kaspersky Lab, the malware creators used a hidden RLO Unicode character in the file name that reversed the order of the characters, thus renaming the file itself, and send it to Telegram users.
For example, when an attacker sends a file named "photo_high_re*U+202E*gnp.js" in a message to a Telegram user, the file's name rendered on the users' screen flipping the last part.

Therefore, the Telegram user will see an incoming PNG image file (as shown in the below image) instead of a JavaScript file, misleading into downloading malicious files disguised as the image.

During the analysis, Kaspersky researchers found several scenarios of zero-day exploitation in the wild by threat actors. Primarily, the flaw was actively exploited to deliver cryptocurrency mining malware, which uses the victim's PC computing power to mine different types of cryptocurrency including Monero, Zcash, Fantomcoin, and others.

While analyzing the servers of malicious actors, the researchers also found archives containing a Telegram's local cache that had been stolen from victims.

In another case, cybercriminals successfully exploited the vulnerability to install a backdoor trojan that used the Telegram API as a command and control protocol, allowing hackers to gain remote access to the victim’s computer.

"After installation, it started to operate in a silent mode, which allowed the threat actor to remain unnoticed in the network and execute different commands including the further installation of spyware tools," the firm added.

Firsh believes the zero-day vulnerability was exploited only by Russian cybercriminals, as "all the exploitation cases that [the researchers] detected occurring in Russia," and a lot of artifacts pointed towards Russian cybercriminals.

The best way to protect yourself from such attacks is not to download or open files from unknown or untrusted sources.

The security firm also recommended users to avoid sharing any sensitive personal information in messaging apps and make sure to have a good antivirus software from reliable company installed on your system

So thats it. Hope you guys like it. If yes then please .. comment down below and do not forgot to like follow and share our social media platforms.

Facebook Page:- https://www.facebook.com/theprogrammer.harshit/

Instagram:- https://www.instagram.com/computerscience321/
Google Plus:- https://plus.google.com/u/0/communiti…/117296242526461886479
Twitter :- https://twitter.com/cssolutions321

Read More

9 Unknown Facts About SpaceX Rocket Launched

Before Tuesday's test launch of SpaceX's Falcon Heavy rocket, not even the company's CEO Elon Musk knew what to expect.
"It's either going to be an exciting success or an exciting failure," he said. "One big boom! I'd say tune in, it's going to be worth your time."
Musk was right: There was a big boom when the Falcon Heavy's 27 engines fired and lifted SpaceX's largest rocket into space. The booster rockets returned to Earth, landing at the same time like a pair of synchronized divers at the Olympics. The payload, a Tesla Roadster, made it to Mars orbit and beyond.
The launch felt part scientific breakthrough, part Silicon Valley product launch. It was filled with wonder, disbelief and humor -- there's a car traveling through space with a sign saying "Don't Panic!"

The Falcon Heavy launch had a number of significant moments that were easy to miss. So I gathered all the notable instances and SpaceX Easter eggs here together.

This rocket is kind of a big deal

SpaceX has launched rockets before, but the Falcon Heavy is the company's largest one to date. Tuesday's launch was the first attempt at sending it with a payload into space.
In a press conference post-launch, Elon Musk said, "Crazy things can come true. I didn't really think this would work. When I see the rocket liftoff, I see a thousand things that could not work. And it's amazing when they do."
SpaceX has embraced the ups and downs that come with pushing rocket technology forward. Last year, the company posted this video, titled "How Not to Land an Orbital Rocket Booster," on its YouTube channel. It's basically a highlight reel of rocket booster failures -- aka lots of explosions.

The Falcon's name

 

SpaceX's Falcon 9 and Falcon Heavy rockets are named after Han Solo's ride in Star Wars, the Millennium Falcon.

It's big

At 230 feet (70 meters) tall, the Falcon Heavy is without a doubt impressive, but it's not the largest rocket ever. That distinction goes to NASA's Saturn V rocket, which stood 330 feet (111 meters) tall.

 

Designed to be reusable

An early goal for SpaceX was the development of a system of reusable rockets. For decades one of the largest cost factors behind rockets was that they had to be built anew for each launch. Musk compared it to if airplanes had to be discarded after one flight.
SpaceX focused on how to return its rockets to Earth and make a controlled landing. Last year, SpaceX did just that when the company landed a Falcon 9 booster onto a drone ship floating in the Atlantic. The drone ship's name is "Of Course I Still Love You," in tribute to the late sci-fi author Iain M. Banks.
Including that first landing, SpaceX has landed 21 Falcon 9 boosters back on Earth.

 

Three rockets

Last year's Falcon 9 had one booster rocket, while the Falcon Heavy has three: two first-stage boosters (aka Falcon 9 rockets) and one core booster. These three rockets give the Falcon Heavy 5 million pounds (2.3 million kg) of thrust, which allows it to carry 70 tons (63.5 metric tonnes) of cargo into space.

Both of the Falcon Heavy's first stage boosters returned and landed safely in the SpaceX landing zone. SpaceX

One of the best moments from the Falcon Heavy launch was when the two first-stage boosters landed in sync back to Earth at a landing zone. It seemed unreal. The third booster, the core booster, did not land successfully and crashed at 300 mph (480 kph) into the landing drone ship in the ocean.

 

It can carry whales

The Falcon Heavy can carry a 140,700-pound (63,800-kg) payload into lower Earth orbit -- that's the equivalent of two humpback whales. For a trip to Mars, it can carry 37,000 lbs (16,800 kg) -- about the weight of 31 grand pianos.

 

The rocket car

When a new rocket is tested, the payload is usually a concrete block. Typically, Musk thought that was boring and opted for a cherry-red Tesla Roadster with a dummy astronaut named Starman (after the David Bowie song) in the driver's seat.
"It looks so ridiculous and impossible. You can tell it's real because it looks so fake. We'd have way better CGI if it was fake," said Musk. "The imagery of it is something that's going to get people excited about it around the world."

 

A brand new spacesuit

The spacesuit Starman wears is actually one Space X revealed last summer. It looks sleek and futuristic with its gray and white color scheme and was tested to double vacuum pressure.

 

Tesla Roadster Easter eggs

The car itself had a handful of Easter eggs:

• On the dashboard sits a tiny Roadster and spaceman
• The dashboard's screen displays "Don't Panic!" a reference to the cover of the guide in the novel "The Hitchhiker's Guide to the Galaxy" by Douglas Adams
• "Made on Earth by humans" is printed on the car's circuit board
• In the car is a disk with a digital copy of Isaac Asimov's Foundation series of sci-fi books
• There's a plaque in the car engraved with the names of 6,000 SpaceX employees

So thats it. Hope you guys like it. If yes then please .. comment down below and do not forgot to like follow and share our social media platforms.

Facebook Page:- https://www.facebook.com/theprogrammer.harshit/

Instagram:- https://www.instagram.com/computerscience321/
Google Plus:- https://plus.google.com/u/0/communiti…/117296242526461886479
Twitter :- https://twitter.com/cssolutions321

Read More

What are Proxy Servers and Types of Proxy Servers..?

Proxy servers are servers that takes the request from normal machines and IP's and forward there request of the page that are requested by normal machine to the Internet and when the internet sends gives response the page that is requested by the proxy server that response is send back to the normal machines and IP's . there are varieties and types of Proxy Servers some of them are as follows:- 

  

Transparent Proxy – This type of proxy server identifies itself as a proxy server and also makes the original IP address available through the http headers. These are generally used for their ability to cache websites and do not effectively provide any anonymity to those who use them. However, the use of a transparent proxy will get you around simple IP bans. They are transparent in the terms that your IP address is exposed, not transparent in the terms that you do not know that you are using it (your system is not specifically configured to use it.) This type of proxy server does not hide your IP address.

* Anonymous Proxy – This type of proxy server identifies itself as a proxy server, but does not make the original IP address available. This type of proxy server is detectable, but provides reasonable anonymity for most users. This type of proxy server will hide your IP address.

* Distorting Proxy – This type of proxy server identifies itself as a proxy server, but make an incorrect original IP address available through the http headers. This type of proxy server will hide your IP address.

* High Anonymity Proxy – This type of proxy server does not identify itself as a proxy server and does not make available the original IP address. This type of proxy server will hide your IP address.

So thats it. Hope you guys like it. If yes then please .. comment down below and do not forgot to like follow and share our social media platforms.

Facebook Page:- https://www.facebook.com/theprogrammer.harshit/

Instagram:- https://www.instagram.com/computerscience321/
Google Plus:- https://plus.google.com/u/0/communiti…/117296242526461886479
Twitter :- https://twitter.com/cssolutions321

Read More

How Google Search Works..?

Now a days Internet has become a comman term among people and in it Google is one of the most widely used searched engine. So now some people What really a Search Engine is..?  So Search Engine is basically a program or tools by which we are able to search anything on the Internet. There are many types of search engines available like... Google search, Yahoo Search, Bing, Duck Duck Go etc.. in them the Google is mostly used.
           So now the question arises How Does a Google Search  Works..? When you search anything on Google let us suppose you typed 'techtalksgroup'.
       Basically it works in many stages, the first stage includes of   

• Crawling . Crawling is a method of fetching a web page that contains the keyword that you types to search. For example i told you that if i search techtalksgroup on google it will find everywhere on the web where the word techtalksgroup is located and it will collect it all. Now the next stage is of managing the web page in particular order.
• Indexing.  Now under Indexing stage it will arrange the pages collected in a sequence like  the most searched page will be indexed first and , the pages which exactly matches with the keyword will indexed first etc.. Now the third stage is of just serving the page what you typed.
• Serving.  Now serving comprises of showing the pages and links infront of you what you have searched for.. So there is basically an AI based algorithm know as Page rank. PageRank is the measure of the importance of a page based on the incoming links from other pages. In simple terms, each link to a page on your site from another site adds to your site's PageRank. 

thats it guys...
---------------------------------------------
I use mCent Browser to surf the net and earn points for free recharge. Install from Google Play: https://browser.mcent.com/r/IcGhMDOtSMib5Deybu2xYQ

So thats it. Hope you guys like it. If yes then please .. comment down below and do not forgot to like follow and share our social media platforms.

Facebook Page:- https://www.facebook.com/theprogrammer.harshit/

Instagram:- https://www.instagram.com/computerscience321/
Google Plus:- https://plus.google.com/u/0/communiti…/117296242526461886479
Twitter :- https://twitter.com/cssolutions321

Read More

Do you really rid of your 'Activities' while just clearing your Internet history and Cookies.?

Now a days most of the people use Internet and perform some critical activities thinking of that after deleting their history or clearing their Browsing  data they will not get caught.
   

 

       But that's not True. Some people use to say that After i am dead please delete my Browsers history. Sounds funny .. But yes it is funny . Most of the people are unaware that after deleting their browsers history and cookies their data is still traveling on the Internet . But how..? 

     Let me give you an example . Suppose you create your Profile on Facebook or search something on Google after creating profile you delete you account and after searching something on Google just delete your Internet history and cache and cookies but the data is only deleted from your side ..!!

          Yes that's true .. the data you deleted is just deleted from your side and your data which is kept safely on  the Internet used by some Government, marketing and advertisements company for their profits. Yes they sell your data . It is still illegal in some countries like in Europe but in US after during 2017 its legal. And also the ISP i.e internet service providers also has the record of what you are surfing . but it can easily tricked. if you use some methods to remain anonymous.

 So thats it. Hope you guys like it. If yes then please .. comment down below and do not forgot to like follow and share our social media platforms.

Facebook Page:- https://www.facebook.com/theprogrammer.harshit/

Instagram:- https://www.instagram.com/computerscience321/
Google Plus:- https://plus.google.com/u/0/communiti…/117296242526461886479
Twitter :- https://twitter.com/cssolutions321

    

Read More

What is SEO ( Search Engine Optimization) ....?

Now a days using the internet is comman now a days. If you want to search for specific location or  thing instead of asking to someone you would prefer to search it on the Internet means on some websites . So what role does SEO i.e  Search Engine Optimization  plays for a websites ...?
         So, SEO stands for SEARCH ENGINE OPTIMIZATION . SEO is all about optimizing your website for search engines.SEO is a techniques which makes your websites friendly to a search engines, means if user search something on which your website is related your website should come on top 5-10 results. So before making your website search engine friendly you should know How does a Search engine works..?

How Search Engine Works..?

 A Search Engine has to perform several types of activities for selecting a write website for his top results :-

• Crawling :-  Crawling is a process of fetching all the linked webpages to a website. This process is performed by a software named Crawler or Spider and in case of Google it's Googlebot
•  Indexing  :- Process of creating index for all the fetched web pages and keeping them into a giant database from where it can later be retrieved. Essentially, the process of indexing is identifying the words and expressions that best describe the page and assigning the page to particular keywords. 
• Processing :-  When a search request comes, the search engine processes it, i.e. it compares the search string in the search request with the indexed pages in the database.
• Calculating Relevancy :-  It is likely that more than one page contains the search string, so the search engine starts calculating the relevancy of each of the pages in its index to the search string.
• Retrieving Results :-  The last step in search engine activities is retrieving the best matched results. Basically, it is  nothing more than simply displaying them in the browser.

 So thats it. Hope you guys like it. If yes then please .. comment down below and do not forgot to like follow and share our social media platforms.


Facebook Page:- https://www.facebook.com/theprogrammer.harshit/

Instagram:- https://www.instagram.com/computerscience321/
Google Plus:- https://plus.google.com/u/0/communiti…/117296242526461886479
Twitter :- https://twitter.com/cssolutions321

Read More

What is Oauth Authentication. Is it safe..?

Now a days Internet is very comman in our day to day life . We even cannot think our life a second without Internet. Our life is surrounded by many websites and mobile applications . Some time you guys have seen some websites in which you have to login but you don't have account on that particular website so either you have to create that account by clicking Register or Signup button which takes longer process as after clicking you have to enter many details like your Name, Email, Mobile no. etc. and after that sometimes the sites will give you the verification code or link to click on it to verify.
             But its a long process you must have also seen an option of Login with Facebook or Google or with you Twitter account this , other way of logging into the websites with actually registering it is know as OAUTH AUTHENTICATION.

 Is OAUTH AUTHENTICATION safe..?

Now the question arises is it safe to Login with other account like Google or Facebook this might be possible that, the particular site for that you want access might steal you data from Facebook and Gmail account. 

              But here you are wrong.

These sites i.e Google and Facebook do not provides the details to that particular site like this .
As after clicking on Login with Facebook or Login with Google a page  is opened in your browser in with you have to login to your account if you are not logged it . And after that the site Facebook or Google tell you that the particular site for that you are going to logging in will take this much Information like Your Name , Email , or your Location etc.. if you agree with it then click ALLOW ACCESS if not then click deny.
               Now after that the particular site for which you are going to logging in will send an access code to Google and Facebook asking permission for details and showing access code as a proof as , that particular site is genuine.
             And after getting the access code Google or Facebook shares information with that particular site.
       So its safe to your OAUTH Authentication methods.
 
So thats it. Hope you guys like it. If yes then please .. comment down below and do not forgot to like follow and share our social media platforms.


Facebook Page:- https://www.facebook.com/theprogrammer.harshit/

Instagram:- https://www.instagram.com/computerscience321/
Google Plus:- https://plus.google.com/u/0/communiti…/117296242526461886479
Twitter :- https://twitter.com/cssolutions321

Read More