Categories
Tips

Orkut Viewing Locked Scrapbook Hack is Back!

Important Update: This hack is rectified by orkut. SO IT WILL NOT WORK ANYMORE. If I find a new hack I will definitely post it here!

You may subscribe to my RSS feed or email alert to receive automatic updates regarding this and other hacks in future! (Jan 3, 2008)

Yep! For those who missed old orkut hack to view locked scrapbook, a new hack to do the same is here!

orkut-unlock-scrapbook

#Steps to use this hack…

  • Navigate to the profile with locked scrapbook or locked scrapbook itself.
  • Now You will see Profile ID in address / navigation bar. Ex. In http://www.orkut.com/Profile.aspx?uid=10226448830416481862 , 10226448830416481862 is Profile ID. Note down this Profile ID.
  • Now replace Profiled in following URL with Profile ID you have noted above.
  • http://x13.110mb.com/scraps.php?uid=ProfileID
ADVERTISEMENT

Finally paste new link in address bar. Hit ENTER and you will get scraps.

ADVERTISEMENT

#Alternate way… (Javascript)

  • Navigate to the profile with locked scrapbook or locked scrapbook itself.
  • Paste Following javascript in address bar and hit ENTER.

javascript:var dw = document.location.href; dw = dw.split('=');document.location='http://x13.110mb.com/scraps.php?uid='+dw[1];

#Alternate way… (For Firefox Only)

You can drag-n-drop following bookmarklet on your browsers bookmark toolbar. That will create a bookmark named “UNLOCK SCRAPBOOK”. Just click on it whenever you encounter any locked scrapbook and you will be redirected to unlocked scrapbook automatically…

Unlock Scrapbook

Looks like a bad start for orkut in 2008. Thanks Gaurav!

Important Update: This hack is rectified by orkut. SO IT WILL NOT WORK ANYMORE. If I find a new hack I will definitely post it here!

You may subscribe to my RSS feed or email alert to receive automatic updates regarding this and other hacks in future! (Jan 3, 2008)

Categories
Editorial

[Summary] Devils Workshop in 2007

This should have been last post in 2007 but instead this is going to be first post of 2008. Anyway here is summary of 2007…

The biggest thing we have done is moved to WordPress from blogger(blogspot) in June 2007. Because of few mistakes it took some time to catch up with this new domain. Still with all your support we are happy with progress of Devils Workshop!

#Stats:

  • Unique Hits ~ 159000
  • Page Views ~ 405400
  • Posts ~ 155
  • Comments ~ 1100
ADVERTISEMENT

#Earning (Annual):

  • Google Adsense – 4 Digit Fig (in USD)
  • Other Source – 3 Digit Fig (in USD)

 

Now lets turn to best posts. We are picking up 2 sets of  top 10 posts. First set is for Orkut only and other set for rest.

ADVERTISEMENT

#Top 10 Post (Orkut)

  1. Continuously Updating list of proxies for Orkut, Myspace, Facebook, etc
  2. New Orkut Scripts – Scrap All Friends with Single Click! Send Images, Flash, Audio, Video & More!
  3. Simplest Orkut Scrapbook Flooder
  4. Orkut Album Hack : View Photos From Locked Orkut Album!
  5. Orkut Dating Tricks – How to find girls in your city!
  6. Orkut Added Scrapbook Privacy Feature! Safeguard your scrapbook against strangers!
  7. Orkut Scrap Deleter Script! Delete All Scraps without a click! (Anti-Flooding)
  8. Orkut: Subscribe to RSS feed of any Scrapbook & Community with just one-click!
  9. Orkut Pending Friend Requests Deleter Script!
  10. Top Orkut Hacks, Tools & Scripts Collection for NEW LOOKS!

 

#Top 10 Post (Firefox, Adsense, SEO, YouTube, Blogger, etc)

  1. SEO: Get higher Google pagerank by naming files and/or blog post titles optimally!
  2. Multiple Firefox Profiles at the same time – Firefox Command-line arguments trick!
  3. Firefox Tweak : Sharing (Synchronize) Firefox Profiles Bookmarks, Extension, etc between Window XP and Windows Vista!
  4. Google Adsense Hack: Automated Section Targeting for bloggers!
  5. Keepvid Hack – Download Videos from YouTube, MySpace, Google and virtually every video sharing sites!
  6. FireTorrent : Firefox Extension for Downloading Torrents Without any external torrent client!
  7. New Google Search Feature – Live & Recent Cricket Scores are just One-Click Away!
  8. Shortest Tutorial for Firefox Extension/Toolbar Development!
  9. Blogger + Adsense Hack: Show ads after each post to earn more from your blogger beta blog!
  10. Firefox Tweaks: Address bar as Search BOX – Let Google make you feel Lucky!

 

Finally let us know if anything is missing from above lists which you think should be part of it!

Thank you all for a wonderful year… 🙂

 

Our Sincere Request: Spare a minute to let us know about your favorite post of the year 2007 and what are you expecting from this Devils workshop! Thanks in advance for your time 🙂

Categories
Editorial

[Event] New Year Party in Pune!

[Note: This is a year old post and meant for party on Dec 31, 2007. So please ignore this.]


NewYear2008

Hey Guys, We got a nice offer for all our Devils Workshops’ members!

If you are looking for new year party in Pune then we have a nice party in town whose details are here!

 

Now MOST IMPORTANT THING:

The party is for couples only but for our members few stag (single) entries will be entertained.

Also we will be getting flat 10% discount on all passes!

[edited by Admin]

Categories
News

Now You Can Have Your Orkut Profile in Google Search!

Yep. Soon Google crawlers will be indexing orkut profiles and everyone on orkut will be googlable. In simple terms you can use google search to find your friends’ orkut profile and your friends can do same to find you!

Although there is no official post regarding this on any Google or Orkut official blog, a new privacy setting – "orkut in google search results", indicates just this.

Orkut_in_google_search_results

By default this setting is configured to show your orkut information in search results! That’s why you don’t need to do anything to appear in google search.

Those who are concern about privacy can choose "hide information" option. There is no fine grained control like facebook provides. So better opt for hiding if you have doubt on how this feature will be used (or abused).

Three months back facebook opened their user database for search engines and considering facebooks that move this should not surprise anyone.

Also can orkut do this as sensibly as facebook did?

Related: Read how facebook did that!

Categories
Tips

Orkut Scrapbook XSS Bug is Still Active!

After two days we posted about scrapbook bug and demonstration of its destructiveness  by Rodrigo Lacerda (Portuguese link) and Gaurav, it looks like orkut team haven’t got enough of it!

So on request of some of the members and also to force orkut to take this more seriously we are partially revealing the bug…

The bug is in embed tag’s src attribute! Orkut doesn’t validate if src is pointing to valid flash media file URL and thus any URL submitted as value of src attribute just get executed when user opens scrapbook! This is different than most infection where user have to generate some event like clicking on a particular region, link,  etc.

Proof of Concept 1:

ADVERTISEMENT

Here is harmless but highly annoying code which you can put in your friends orkut scrapbook. This is the reason why some people were getting logged out of orkut just by visiting their scrapbook!

Code:

 

ADVERTISEMENT

Proof of Concept 2:

More serious but harmless exploitation is a worm created by Rodrigo Lacerda (Portuguese link) which is performing following routine.

  • You read the scrap with code (infact just open the scrapbook with code)
  • Code injects javascript in your browser
  • Javascript code makes you join the community
  • Then code collect your list of friends
  • Send the scrap with the code for them!

The community which is being joined is Infectados pelo Vírus do Orkut! Just check out the community page and reload it. Look how fast the number of members increases. 🙂

 

ADVERTISEMENT

Solution:

Solution is in the form of flash block extension we talked about in earlier posts!

 

What should orkut do:

  • They should first activate CAPTCHA (i.e. image verification) for all URLs including their own. That way worm will stop spreading itself!
  • For future they should validate user input properly. XSS is most of the time result of improper validation of input. Like here they haven’t checked URL for filetype!

 

Update: Orkut in a official blog post claim to fix the bug! But this embed tag’s bug is still open! They might have fixed other bug which Rodrigo used!

Link: Post by Rodrigo Lacerda (in Portuguese ) | Flash Block Solution | Gaurav post | Orkut’s official blog post

Categories
News

Bloggers Dominated Forbes 2007 List of "25 Top Web Celebrity"!

perez_saint

First if you are hearing phrase "web celebrity" for the first time, then “Web Celebrity” is a person famous primarily for creating or appearing in Internet-based content, and for being highly recognizable to a Web-based audience. That definition excludes people who were significantly famous before they hit the Web. [source: quickonlinetips]

Now coming back to the topic, Forbes released the second of its kind – list of top 25 web celebrity for year 2007. Celebrity gossip blogger Perez Hilton (real name: Mario Lavandeira) topped the list. What I like most about the list is dominance of bloggers and also name of my favorite blogger Darren Rowse on the list!

Below is filtered list of bloggers who made it to the top 25. Not all of these are full-time professional blogger but they blog and thats what makes them blogger! 😉

ADVERTISEMENT

Note: Numbers in brackets indicates their rank in the list. And bloggers with bold description are from my RSS reader!

 

You may be wondering what I have filtered as list is almost complete with 19 names out of 25! :O

This just shows how blogger are dominating the websphere! 🙂

Links: Forbes Article | List in Slideshow format

Categories
News

Organize Facebook Friends into lists (Groups)! [New Facebook Feature]

If you have too many facebook friends and have really tough time managing them then cheer up buddies! If you haven’t noticed yet then move to friends page on facebook and a small banner will welcome you as shown below….

facebook-friends-lists

Yep, its completely redesigned friends page! And "Make a New List" option is on right side…

facebook-friends-lists-make_a_list

In just two steps you can create a list!

Step 1: Click on "Make a New List" option and select a name for list..

facebook-friends-lists-make_a_list_step1

Step 2: Add friends to the list…

facebook-friends-lists-make_a_list_step2

 

Also if you want to rename the list there is edit link near list name!

ADVERTISEMENT

Considering facebook’s 5000 friends limit on a account this option will really help you to manage many task easily like…

ADVERTISEMENT
  • you can forward a new opening in you company to a list
  • you can invite all close buddies to your birthday party
  • you can ask for help to all geeks in one go…
  • …and the list goes on…
ADVERTISEMENT

I wish the list should be extended to facebook apps API so that many application can make use of it. Almost every facebook application at some time forces you to invite friends to use that application. It will be great if we can use lists there. This will surely result in less spam and will be highly convenient as for different apps you want to invite different set of people!

One last important thing… The lists are private! So you can user all imagination to speed up listing of your friends! 😉

 

Link: Facebook Friends Page

Categories
News

Windows XP Service Pack 3 RC1 is Officially Released by Microsoft!

image

Many times I was asked about Windows XP service pack 3 by other DW reader. Being Linux user I hardly ever needed any XP service pack for my machine. Anyway for those running Windows XP, new Service Pack is out there. This SP3 is release candidate and may not be stable but this means final version will be out soon (mostly early next year).

As Microsoft quoted, “Microsoft does not recommend installing this software on primary or mission critical systems”. So install at your own risk!

The goals of Windows XP SP3 are to:

ADVERTISEMENT
  • Provide a new baseline for customers still deploying Windows XP, to help them avoid the inconvenience of applying individual updates.
  • Fill gaps in the updates users might have missed by declining individual updates when using Automatic Updates, and to deliver updates not made available through Windows Update.

Windows XP Service Pack 3 (SP3) includes all previously released updates for the operating system (updates issued after release of SP2 i.e. year 2004), in addition to a small number of new features.

Most of these new features are borrowed from Windows Vista including feature called Network Access Protection (NAP) which  automatically validates a computer’s “health,” ensuring that it’s free of bugs and viruses, before allowing it access to a network. So you can expect more secure computing!

Personally I liked ease of uninstallation. Yep unlike SP1 & SP2 you can uninstall SP3 from add/remove programs wizard!

Now some very bad news… SP3 is of 336.1 MB in size!

Link: Windows XP Service Pack 3

Recommended Reading: Download Full Microsoft .NET Framework3.5 Setup

Categories
Tips

Beginners Guide To OpenSocial & Orkut Sandbox! [covering FAQ]

In this post, I will try to clear your doubts on orkut sandbox and opensocial API. In the end I will be listing resources that you can use and bookmark!

#What is OpenSocial?

From wikipedia,

ADVERTISEMENT

OpenSocial is a set of common application programming interfaces (APIs) for web-based social network applications, developed by Google, and released November 1, 2007. Applications implementing the OpenSocial APIs will be interoperable with any social network system that supports them, including features on sites such as MySpace and Friendster.

Except facebook almost all social networking sites are using OpenSocial. Means you can safely assume if you write application for orkut using OpenSocial API it will work on other sites (like MySpace, LinkedIn, etc) almost without change! 🙂

#What is orkut sandbox?

First lets get relevant definition of sandbox from wikipedia

ADVERTISEMENT

"The term sandbox is commonly used in the development of Web services to refer to a mirrored production environment for use by external developers. Typically, a third-party developer will develop an create an application that will use a web service from the sandbox, which is used to allow third-party team to validate their code before migrating it to the production environment"

So think of Orkut Sandbox as orkut mirror where you can write application using Open Social API. Its like creating a fake orkut account to test new orkut hack. Think of sandbox as a fake profile with some features added/removed and created by orkut itself for you to test applications!

#Cool… How to signup for orkut sandbox?

ADVERTISEMENT

By default sandbox access is disabled for a orkut account. You can request access to sandbox using orkut sandbox sign up form. The sandbox access is completely free and will require you to have orkut account beforehand.

After submitting sign-up form you get mail from Google (normally in 2-3 days) indicating status of your request.

#How to access sandbox? Where it is?

Sandbox is extension to your existing orkut account! After receiving confirmation mail from google you can just log on to http://sandbox.orkut.com to enter into sandbox. Also you can modify any orkut pages’ URL to get its view from sandbox.

ADVERTISEMENT

Example:

http://www.orkut.com/scrapbook.aspx?uid=[some_num]

will become..

http://sandbox.orkut.com/scrapbook.aspx?uid=[some_num]

This small URL change once resulted in scrapbook hack which enabled people to read locked scrapbook via sandbox!

ADVERTISEMENT

 

#Sandbox Limitation

OpenSocial API Calls will operate on sandbox whitelisted friends only. This means to test your applications you need either your friends to gain sandbox access or add people who have access to sandbox as friends. There is an orkut sandbox community where you can find people with sandbox access and add them.

This limitation is enforced for security reasons as explained by Arne Roomann-Kurrik!

Also private information like email addresses of users can not be accessed! So spammers do not think about sandbox as a way for your evil intentions 🙂

#Resources

If you are not familiar with words like sandbox, API use following wikipedia links…

Best starting point for developers…

Worth bookmarking….

Finally if you need to communicate…

Let me know if I missed anything! Happy coding… 🙂

Categories
News

New Attack on orkut! User gets logged out by just opening scrapbook!

Hackers discovered most serious bug on orkut and that’s too orkut’s most accessed area – scrapbook!

What makes it most serious is that this time user do not need to click or perform any action anywhere to trigger vulnerable codes.

Many users suffered from this. Most of them getting logged out of orkut by just visiting their own scrapbook. Worst they can not delete blank or suspicious scraps either! 🙁

The bug is not fixed yet and this can be used by malicious hackers to gain access victims orkut account so details about this bug will be posted after it gets rectified, till then lets use following solution to save yourself!

Objective: Blocking flash content [on orkut atleast]  Flashblock

# Firefox User:

Internet Explorer:

  • Go to the Tools Menu -> Internet Options
  • Click on the Security tab
  • Click on Custom Level
  • Disable Run ActiveX controls and plug-ins

image

 

Additionally delete scraps from your scrapbook if you are getting logged out of orkut on just visiting your own scrapbook!

Thanks Kee Hinckley for timely post on issue!