Thursday, May 13, 2010

The all new Facebook XSS scammers

Am surprised that I have not heard about it on any of the tech blogs. Every other day I get a mail from facebook from one of my friends to see this amazing picture or solve a riddle. Since the mail is coming directly from your friends its difficult to ignore it as spam. It is the perfect example of social engineering to get information from users and spread it further.

The scam starts with an email from your friend with the link to a facebook page (Do not open it before you've read the whole post and understand the consequences). When you open the page you see the wizard with the following steps.

Step #1: Press and HOLD CTRL AND press the letter C

The step is nice and animated so that you know what you are doing. When you have clicked it takes you to step 2. Which shows that you have "Successfully Copied Code To Your Clipboard!". It does not tell you what code but just that some code has been copied.

Step #2: Press and HOLD ALT AND press the letter D

Even in this step as you press the keys you see an animated effect which gives you feedback about what you are doing. And it highlights the address bar. It even animates the fact by displaying "Successfully Selected Your Address Bar!". And takes you to step 3.

Step #3: Press and HOLD CTRL AND press the letter V Finally, press ENTER to reveal!

Since most users will blindly follow the instructions they end up pasting the javascript code in the address bar that enables the scammers to get into your facebook account and send out an email to all your friends that you like that page and recommend it to them. Most of your friends who trust you will blindly follow the same instructions thinking that you suggested that page.

Since its a network effect more and more people keep on getting scammed. To most people it might seem like nothing more than spamming. But in reality it can be a lot more harmful than you think. Since the spammer can get you cookies all your private information is out to them. All your private photos, notes, videos and private information is no longer private. Send chat messages to all your friends who are logged in.

The scammer has the same privileges as you have. They can do everything that you can do. All you personal information is no longer personal as the scammer can log into your facebook account with your cookies.

If you think you have been scammed log out of facebook and log in again. Goto http://www.facebook.com/editapps.php and make sure there is no application there which you have not authorized to post information. Also if you still really paranoid make sure you change your password.

If you look at that facebook page it will take you to the wall and show you how many people have been duped. In time when someone at facebook finally disables it you will be redirected to the homepage. Its easy to see that new users are added every second. With every new user that likes that page that user has been duped and a mail is sent to everyone on his list.

Monday, May 10, 2010

Force shoutcast server to send audio stream

This is something I had read about some 7 years back but had completely forgotten about it. Basically I was trying to get the audio stream from the shoutcast server in the browser.

If you open the shoutcast url in the browser you will get a html page and not the audio stream. To force the audio stream use http://example.com:8032/;stream.mp3 the ;stream.mp3 in the end forces the server to send the audio stream. You don't even have to write ;stream.mp3 you just need to add a ; (semicolon) in the end.

Hopefully next time around I am looking for it. I can read it here. I was looking for this info an year back but wasted quite a bit of time but could not figure it out.

Saturday, May 08, 2010

Deleting a file with a . (period) in the end

This one had me baffled for a complete day. I was downloading this file and the filename was myfile.mp4.. Since the file was not completely downloaded I tried deleting it but I got the error.

Cannot delete file: Cannot read from the source file or disk.
I tried renaming it and I got an even weirder error.

The system cannot find the specified file
I figured it would be easier to remove it from the command line so I tried del "myfile.mp4." but to my surprise even that did not work out. After almost giving up I tried Google and it came up with these solutions on support.microsoft.com. Even that did not help out.

After spending a few more minutes searching online I realized that the problem was in the way windows treats filenames. Since each file has two names one the 8.3 format and the other name which we normally use.

To see a list of files in 8.3 use the command on the command line. dir/x Try this in the directory and see the 8.3 name for that file. Now try and delete it using the 8.3 and hopefully you will be able to remove the file. In my case it was del MYFILE~1 that did the trick. Since I wasted so much time this problem certainly deserved a post.