Bug : Orkut Captcha Error on Firefox

Hey,

A few days back, when I noticed that I was not able to use scrapsTimeOut, a website that I had worked on some time ago. You can send virtual gifts to friends by pasting a FLASH codelet as a scrap. The error said that the Captcha that I was entering was wrong; there was no information about blocked code. I was worried if Orkut was blocking flash content from our site already!
Interestingly, a friend told me that it all worked great on IE, and thats when I decided to investigate.
Spending time peering over the obfuscated code, I finally hit the line of code that seemed to be causing this error. Here is what exactly happens when a Captcha is required
  1. User enters FLASH Code, submits the page
  2. Orkut responds with a captcha, on clicking the submit, the "_submitCaptcha" javascript function is called
  3. In the Javascript file, the function is reassigned to a function called tf_Z.
  4. The function checks for an AJAX request object called tf_, and if it is not null, aborts it. This is basically required to abort any pending AJAX request
  5. It then constructs a new AJAX request and sends it to the server.
The abort method in step 4 effectively stops any previous AJAX requests. The callback also clears the captcha text box. Hence, in case of firefox, the abort method is called and hence, the new AJAX request does not have the captcha text when sent to the server. In case of IE, the call back is not activated, and hence works fine.
To conclude, you cannot really paste the code by scrapsTimeout on Firefox, using IE till this bug is fixed is an option available.

Analysis of the Site that Phished AXIS bank

Hey,

A few days ago, I received a classic fraud mail, pointing me to a phished site of AXIS bank. The email read something like

Dear Valued Customer,
During our regularly scheduled account maintenance and verification
procedures, we have
detected a slight error in your Account billing information. This
might be due to either of the following reasons:
1. A recent updates in our billing server ( Due to slightly problem )
2. A recent change in your personal information ( i.e. change of address).
3. An inability to accurately verify your selected option of payment due to an internal error within our processors.

UTI is now AXIS.
If you are an account holder of UTI, please follow the link below and enter correctly the information required of you.

Please re-confirm your Internet Banking by clicking the link below:
https://www.axisbank.co.in/BankAway/SignOn.aspx?RequestId=714870

Thanks for your advance help.

Axis Bank
Customer Service.

iConnect is best used with Microsoft Internet Explorer Version 4.0 ((c) Microsoft) and higher. If you are getting the a Security Alert Message please Click here.
Copyright(c) 2007 - Axis Bank. All rights reserved.

I got a little curious, and did a little analysis on the host that had the site running. Here are the findings. The windows box was registered at goDaddy.com for
Richard Lyons
394 Notre Dame Ave
Apt 7
Manchester, New Hampshire 03102
United States
myergeau@gmail.com
A quick port scan revealed that the machine was most probably hosted on a non-professional network, mostly a home computer with services like anonymous FTP, windows RPC etc running. It seems to be a part of a wider botnet, possibly controlled using analogx. There was also SOCKS proxy running, that could be be nervous system communicating to this node.
Here is the output of nMaping the box.

Interesting ports on 206-221-179-205.fndns.net (206.221.179.205): Not shown: 1681 closed ports
PORT STATE SERVICE

1/tcp open tcpmux
21/tcp open ftp

|_ Anonymous FTP: FTP:
Anonymous login allowed

22/tcp open ssh

|_ SSH Protocol Version 1: Server supports SSHv1

25/tcp open smtp
| SMTP: Responded to EHLO command

| prague.dnstraffic.net Hello example.org [122.167.111.114]

| SIZE 52428800
| PIPELINING
| AUTH PLAIN LOGIN
| STARTTLS
| 250 HELP
| Responded to HELP command

| Commands supported:
|_ AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP 53/tcp open domain
80/tcp open http

|_ HTML title: cPanel®
110/tcp open pop3
111/tcp open rpcbind

135/tcp filtered msrpc

136/tcp filtered profile

137/tcp filtered netbios-ns

138/tcp filtered netbios-dgm

139/tcp filtered netbios-ssn

143/tcp open imap

443/tcp open https

445/tcp filtered microsoft-ds

465/tcp open smtps

631/tcp open ipp
993/tcp open imaps

995/tcp open pop3s

1022/tcp filtered unknown

1023/tcp filtered netvenuechat

1026/tcp filtered LSA-or-nterm

1080/tcp filtered socks

1485/tcp filtered lansource
1720/tcp filtered H.323/Q.931
3128/tcp filtered squid-http

3306/tcp open mysql

3456/tcp filtered vat
6588/tcp filtered analogx


Update : The phishing site has been successfully been disabled. Interestingly, the domain name now points to 74.54.176.34 as opposed to 206.221.179.205 earlier. All the malicious services are also gone now, and the node is no longer a part of the botnet. Yet another phishing site taken down !! :)

Meebo AutoLogin Script Updated

Hey,

Meebo has changed the function that logs in users. Here is the changed greasemonkey script that puts this function in to let users log in automatically. The function is now called gFrontPage.loginUser();
The only change is to invoke that function after the time. You can find all me scripts related to meebo here.

OpenID Reputation Framework Service

Hey,

A few days ago, I had written about a reputation management service, and how it could be applied to blogspot. I was peering over OASIS when I came across a presentation on Open Reputation Management System(ORMS) . The main charter of ORMS seems to prepare a framework so that reputation of users or devices and services can easily be shared across different websites. The proposal talked about using OpenID or SAML to enable reputation sharing.
The details of the OpenID reputation system talks about using OpenID as a means to share reputation. The proposal is not very detailed and talks about a url that can be used to fetch the reputation of a certain user. I found some issues and thought of posting my ideas in this blog.
http://some.reputation.service/reputation_score?xri_subject_entity
The URL returns REST data containing the reputation of a person. For privacy reasons, there could be restrictions of the people who can fetch the reputation of the subject entities. The Trusted Data exchange talks of a OpenID Provider using a reputation as a service, and hence, access management as to who sees the reputation can be implemented. Also, websites could return a JSON version of the REST response so that plugins can easily work with the reputation.
Secondly, I did not see any easy mechanism for a user to rate any person. If this was also a REST call, submission of reputations would be easier.
However, the most interesting thing that I would like to see in the proposal is the categorization and taxonomy of reputations. This is a problem many companies are trying to solve, and a standard around this would go a long way in interoperability. I am still waiting for someone to put up a reputation service so that I could trust the blogger reputation plugin that I wrote.

Thats my Mouse - Bookmarklet

Hey,

Saturday evening, and I was sure that the day was wasted. Thats why Jyothi showed me a cool website. Called http://thatsmymouse.com/, this is a site that enables people to browse a site simultaneously. A small HTML code has to be embedded inside a website and co-browsing functionality comes right in.
I just wanted this to work even if a site does not have this embedded, and a bookmarklet is a simple way to do it. All that the bookmarklet does would be to append the code into the current page. I also converted it to a greasemonkey script that people could use.
Just drag and drop this ThatsMyMouse bookmark to your bookmarks / favourites toolbar.

Alternatively, copy and paste this in the address bar when you are browsing a site to activate this functionality.





Watch this space for my investigations on the other great things that you can do with thatsmymouse.com !!