Archive for January, 2008

Redirecting Using Google’s I’m Feeling Lucky

When it comes to internet phishing or spamming, much success relies upon tricking the user into clicking a link. Often times one can tell how legit a link is simply by looking at it. For example, if you’re telling me that you’re paypal but I don’t see paypal.com in the URL, I’m going to know it’s fake.

Recently though, some people (including myself) have stumbled upon a way to redirect people to a website using an innocent looking Google link. The trick revolves around the “I’m feeling Lucky” feature of Google.

By simply appending http://thehistoryhacker.com/2013/08/12/a-proposal-to-officially-legalize-the-secession-of-states-from-the-union/?replytocom=935 &btnI=3564 to a Google search query, the user is taken to the first result for that query.

In order to use this trick, you’ll need to find a search term that your website comes up first for. Since it can be any term though, it’s quite easy to make up a random string and include it on your page. Here’s an example:

If I wanted to “Rick Roll” you (trick you into viewing a Rick Astley video) I could link to the youtube video, but you might not click. If I used this trick though, I could send you the following URL:

http://www.google.com/search?q=eBGIQ7ZuuiU&btnI=3564

In this URL, q= is the search term, and then the btnI=3564 tells Google to use the “I’m Feeling Lucky” feature. Clicking it, you’ll be taken straight to the YouTube page.

Ok, neat trick but where’s the security vulnerability?

I used Rick Astley here, but I could have easily used 2 girls 1 cup. Even worse, what if I had used a fake page made to look like Google instead? You might not notice that the URL at the top is different, and you may even type in your username and password to log in. It may not work on the sophisticated internet users, but using the trusted Google.com domain will certainly bypass any anti phishing software that works with email programs.

Note: The same can be done with any type of proxy site on the internet. GoDaddy recently told me I had to move Unblockd off of my server there for this reason.

1 comment January 31st, 2008

It’s 1994 again. MySpace Is The New AOL

I remember the early days of the internet, when you had to have a service like prodigy or AOL or compuserve to get online. For me, those didn’t last long. As soon as I could get my own dial up, I did. Hell, I remember friends stopping by to use my super fast 28.8 modem to download stuff. Ahh.. those were the days.

Anyway, I also remember the revolution. The day when we discovered ICQ and AIM and ditched email for instant messaging. IM made a lot more sense – we didn’t have to wait for a response, and we were able to have a conversation with people when THEY felt like talking.

It was also great because IM didn’t come with chain letters or annoying spam (at least, not until AOHell and FateX came out.)

Today though, it looks like teens are taking another step. When I was in Dallas I noticed that my 16 year old cousin and her friends spent all day in the living room on their laptops. I also noticed that they didn’t use any email or instant messaging programs – only MySpace and Facebook.

When I asked about it, they told me that there’s no need for email or IM since all their friends are on MySpace anyway. If they’re online, they’re logged in and chat through there.

Are IM programs about to be obsolete? I doubt it, but it’s an intriguing trend among today’s teens. Personally I think it’s a step backwords, but what do I know? Knowing what ICQ and IRC are make me an internet geezer.

1 comment January 31st, 2008

A Year Ago Today

Do you remember what you were doing on 1-31-07? It’s the day that the Boston police, anti-terror unit, bomb squad, and mass media went totally insane when Cartoon network put up some lite-brite style ads around the city.

It’s the day they arrested artists for placing advertisements. It’s the day the terrorists officially won again.

Of course, it’s not the first time Boston has over-reacted. They DID blow up a traffic monitoring device that the city placed when they confused it for a bomb.

In talking with Jim the other day, he brought up the old Franklin quote: “He who sacrifices freedom for security deserves neither.”

Then, I reminded him of 2 more of my favorites:

Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well armed lamb contesting the vote. – Also Franklin

And

Sacrificing privacy for security is like taking the walls off your house to build a fence around it. – no clue who said this.

1-31-07 is just one more reminder of the sad path that this country is heading down.

January 31st, 2008

Encoding Text

Earlier today I had a need to encode some text into various forms, like MD5, Sha-1, etc.

I couldn’t find an easy way to do it without writing a script, so I made a simple little website.

I know only like 3 out of 100 people will find this useful, but check it out anyway:

It’s called Text Encrypt (www.textencrypt.com)

And yes I know, most of those methods are encoding, not encrypting – but tons of people search for encrypt, and all the good encode names were taken.

January 30th, 2008

My GoDaddy & Google Accounts Hacked

When I got back from vacation, one of the many emails I had to go through was a Godaddy one saying that my password had been reset. I thought nothing of it, and clicked the spam button in gmail – thinking it was a phishing attack.

Today, that email suddenly jumped back into my head as I was about to register some new domain names and couldn’t login to GoDaddy.

A quick call to friends at GoDaddy revealed that somebody had guessed my Google account password, and used my Gmail to reset my GoDaddy account. Thankfully, I caught it before they had changed any DNS settings, registered, or transferred any domains.

I also managed to change my Google account password to something even harder to guess. (I’m actually shocked that somebody had guessed a 7 letter non dictionary word in the first place – if that’s how they got it.)

I’ve read about other techniques that involve including parts of a different domain onto your webpage, then using javascript to read what the browser auto-fills in the form. This can all be done in a 1px iframe apparantley – maybe that’s how it was done. I’m not sure.

Anyway, it’s scary just how much your Google account actually has access to. I’m lucky I caught it in time.

1 comment January 30th, 2008

A Dangerous Cult

Hehe, search Google for Dangerous Cult and the first result is the homepage of Scientology. In this case, I sort of agree with the Googlebomb.

On that same search, you’ll also see a list of dangerous cult warning signs. For a fun exercise, see how many apply to your religion!

12 comments January 29th, 2008

Photos From Dallas / Fort Worth

If You’ve haven’t heard from me much lately it’s probably because I took a long weekend (Friday – Monday) to fly down to Dallas. It was a pretty fun trip. On Friday night we went to Billy Bob’s to see a Texas favorite – Robert Earl Keen. We all agreed that Merry Xmas From The Family is probably the best song ever written – which is good because I’d hate to disagree with Fake Steve.

REK must have just had eye surgery or something, as he came out wearing an eye patch on his right eye. We kept waiting for him to just go aaargh! into the microphone, but it never happened. He did make a joke though, saying he asked his wife to get him an imac, iphone, and ipod and that she instead got him an ipatch.

On Saturday we went back to Fort Worth to visit the stockyards. History Lesson: Fort Worth was where all the cowboys would congregate on the great cattle drive north to the railroad back in the early 1900’s. It also housed a lot of America’s cattle – supplying over $11 million worth of horses in the world war.

It was kind of neat, they still do daily cattle drives right down the street.


It was funny to see them lead the bulls through a parking lot. How do you explain to your insurance company that a bull scratched your new truck? Of course, it is Texas so I’m sure they’re used to it.

Downtown Forth Worth was just as cool. You’d see old style buildings, the original 1900’s bricks in the roads, and the occasional cute girl on horseback.

Just like Hollywood has stars for all the actors, Fort Worth has stars for all the great cowboys. I managed to find the star of one of my heroes, Chris Ledoux.




For those who don’t know, Chris is the only man in both the cowboy and country music hall of fame. He died of cancer a year or 2 ago, and is the subject of the “good ride cowboy” song that Garth Brooks released.

I also particularly liked this little bar called the “Love Shack.” Ok, I shouldn’t say bar – it’s more like a bunch of tables and a hot dog stand in between buildings. I wouldn’t have found it if not for hearing a heavily accented man singing Counting Crows “A Long December”



Still, it was a cool place to have a beer.

After that, we headed to downtown Dallas to check into a hotel so that we could watch my cousin Paige compete in gymnastics on Sunday morning.

Here’s a picture of the Dallas skyline as seen when coming back from Fort Worth:



Our hotel was very fancy as well.



We were supposed to party in that tower, but it’s being renovated so our party was relocated to a conference room. I remember going to the party, but sadly I don’t remember much after that.

Anyway, that was my trip to Texas. I can’t wait until the next time Robert Earl Keen is in town so that I can go back.

3 comments January 29th, 2008

Do All Dells Die When Their Warranty Expires?

I’ve had 2 Dell computers in my life. My last one, you may remember from the pictures I posted, had a rough encounter with a baseball bat after it’s motherboard fried. It seems the computer’s warranty had expired the previous month and then the motherboard fried.

So, I bought a new one. Well, it’ warranty was up about 2 months ago, and it just died. It’s been running non-stop for the last 6-8 months. When I powered it off to go on vacation, it wouldn’t power back on. Instead, I just get a blinking power light.

Maybe that’s why I bought a Mac. The problem is, I was doing most of my work stuff (including all my email and development code) on the Dell. I’d get another Mac for work if I didn’t need to use windows for work. I know there’s parallels, but then I can’t run any directx crap. I might have to use bootcamp I guess.

Has anybody else seen this problem? I’m not talking about the not powering up – I’m sure that’s a power supply issue and I had one overnighted to me so i can test it (stupid Dell and proprietary parts that my local computer stores don’t sell.)

I mean the computer having problems within 3 months of the warranty expiring. It’s happened to every Dell I’ve ever owned, as well as the 1 or 2 that my cousin has owned. My parents dell warranty is due to expire soon, so I guess I’ll see what happens to theirs.

January 29th, 2008

Why RealID Will Actually Decrease Security

When our founding fathers set up our government, they purposely chose to make 3 separate branches: Executive, Legislative, and Judicial. Even then, they further separated the divisions. For example, they gave us the house and senate.

The reason they did this was to avoid any possibility of corruption leading to a totalitarian state. Assuming somebody managed to corrupt and control the house, they’d still have to worry about the senate and the president. If we ever reelected a corrupt president, he’d still have the house and senate to contend with. The system works, for the most part.

That’s how the current ID system works. Your state manages your drivers license, the social security administration handles your SSN, the Government handles your passport, the state handles your criminal record, and the transportation security administration does something – supposedly. Each piece of your identity has its own department.

A couple of weeks ago I blogged about the problems with RealID and why it’s a bad idea.The goal of RealID is to combine all of these into one magical ID card. One license that will serve as your license, ID, passport, and social security card, as well as storing all kinds of information about you.

Many people are in favor of this simply because it will lighten their wallets and purses – but that’s where the benefits stop.

Earlier today I read an ARS Technica article that applied Metcalfe’s law to the RealID database. If you’re not familiar with it, Metcalfe’s law simply states that the value of a network is proportional to the square of the number of users in the system. You’ve probably seen it applied to cell phone companies, the internet in general, or even websites like MySpace or Facebook. Put simply, it says that the more users you have, the more valuable you are.

In this case though we’re not talking about value in the sense of billion dollar Facebook price tags, we’re talking about value in the sense of what can be done with access to the network.

If you don’t believe me, go read the article and look at the example they give – an example that’s already happened with the old system, that would be much easier under the new one.

Think about it. It only takes 1 bad apple with access to the RealID database to cause a lot of harm. Currently, an attacker or corrupt employee would need to access multiple state and federal agencies to gather all this information about you. When RealID goes into effect, he’ll be able to get it all with one login.

This is a scary thought, especially if you think of all the people who could potentially have access to the network. We’re talking 7-11 clerks who scan your ID every time you buy alcohol and casino security who scan your ID for admittance (not to mention the super secret check for warrants program.. that’s another topic.)

We’re also potentially talking about airport security, border security, police officers, bankers, employers, insurance agents, and even car dealerships who copy your license before a test drive. All of these people would have access to your social security information, criminal record, medical record, financial record, and if you have issues with this and you need financial records, you can ask for a paystub from your employer for this purpose.

Is this what we want? Privacy and Security are NOT a zero sum game. Anybody who continues to take this approach is destined for failure. Remember Franklin’s quote “Anyone who trades liberty for security deserves neither…” I could fill up many pages about this, but that’s another topic. (If you’re interested though, check out a post I did on the demoxi blog.)

For now, I urge you to contact your state and ask them to reject RealID like Montana and Maine have already done.

January 21st, 2008

Copying DVDs in Leopard

For the last 2 days I’ve been trying to make a copy of the DVD the funeral home put together of pictures of my grandfather. My Aunt has a DVR hooked up to her TV that can burn DVDs, but that would have required watching and recording the DVD, then making copies. That seemed like a long process.

Realizing that my new iMac had a superdrive in it, I thought it had to be possible to copy DVDs on the mac. Turns out, it’s very simple.

Forget about all that software out there – It all works, but none of it is required. Here’s how you copy a DVD on Leopard:

  1. Open up the finder and go to your utilities folder (is it a folder or directory on a mac?)
  2. Now click on the Disk Utility icon
  3. Put the DVD in and wait for it to load. The DVD player will launch, close it and go back to the disk utility screen
  4. Here, you’ll see your hard drive and your DVD drive on the left hand side. Click on the DVD.
  5. Now, up at the top you’ll see a New Image icon. Use that to make a new image
  6. When the options come up, you’ll want to select a name for the DVD. Then, choose DVD/CD Master for the image format, and none for encryption.
  7. Save it somewhere. Make sure you have enough space on whatever drive you’re saving. Some DVDs can get close to 2 gigs in size
  8. After it finishes saving (this will take a while) you’ll see your image appear in the left hand side underneath all your disk drives. It should end in .cdr
  9. Click on your image, then click the Burn icon at the top and put in a blank DVD-R

That’s it! Follow the simple instructions in that dialog box and you’ve created a copy – without paying $99 for Roxio or Toast or Easy DVD Copy.

January 18th, 2008

Previous Posts


About Ryan Jones

Name: Ryan Jones
Alias: HockeyGod
Location: Michigan
Company: Team Detroit
Title: Sr. Search Strategist
AIM: TheHockeyGod
Pets: Who Dey

Twitter & Klout



My Websites

Internet Slang Dictionary
Fail Pictures
FeedButton
Translate British
TextSendr
URL Shortener
Bad Words
WoW Slang
Free Softball Stats

Buy My Book

Recent dotCULT Posts

Calendar

January 2008
M T W T F S S
 123456
78910111213
14151617181920
21222324252627
28293031  

Posts by Month

Posts by Category

Subscribe To RSS Feed

Link Me





ypblogs.com