Tag: Internet Explorer

Categories
Tips

Ever wondered about “autorun.inf” file in CDs/Pen Drives!

While opening some optical drives (CDs) or pen drives you might have noticed that they contain autorun.inf file in it. Some people assume that it is some Virus/Malware which might infect their computer. But actually autorun.inf is just a script for invoking any event when some CD or Pen Drive is Inserted in PC. This feature is actually a part of shell32.dll.

You can set your own custom icon and your own custom file to start when media is inserted in computer. If you are a geek, then you can accomplish much more and impress your friends with some smart autorun scripts while burning CDs for them!

A sample of autorun.inf file looks like as shown below:
[autorun]
open=autorun.exe
icon=autorun.ico
label= My Thumb Drive(98XXXXXXXX)

Taking above examples I’ll explain functions of commands here-

  • Open – Specifies which file to start when media is Inserted.
  • Icon – Specifies the Icon to appear in Windows explorer
  • Label – The Volume of Drive to Appear in Window Explorer

If you are lazy at writing this codes you can try a free tool, Autorun.inf Maker.

You can bypass events written in autorun.inf by pressing shift key while inserting Pen Drive or CD. This is useful when you are unsure about what Pen Drive or CD might contain. However, I recommend you to use some good antivirus like AVG or Avast which takes less load on system and detects any unwanted threats. There is also an antivirus Program which is made for this purpose only which is mentioned here.

Link : Download Autorun Maker
Also Read : Special Virus Scanner for USB

Categories
Analysis

Domain hijacking menace is still on; flaws in Gmail?

Many of us are aware of the fact that the domain of a popular tech blog – makeuseof was being hacked just a couple of days ago. As per sources, the name of the domain owner ‘Aibek’, was impersonated to make a request to their domain provider (Godaddy) for transfer of the domain to another web hosting company. Also it was revealed that, the domain was being transferred by Ali Ferank to a Dubai based web hosting company. But Aibek was yet confused, whether his domain was expired and immediately purchased by some one or it was a case of hijacking.

The actual hassle began when the hacker mentioned about the domain hijacking and demanded a huge ransom. The mail that the hackers sent to Aibek reads:

Hi there,
I said it very simply and very easily !
2 K !
Deal or not ?!
You own the domain I get the money…

Regards

Ultimately Aibek got his domain back as he owned it legally, but the point that Aibek explains now will scare you.. He says, the hackers somehow managed to get access to his Gmail account that was linked with Godaddy, and set it such that all incoming mails with certain keywords or from Godaddy were forwarded to their inbox leaving no trace on the primary mail id. And ultimately they requested Godaddy to get the domain transferred by authenticating the request from the hacked Gmail id. Though Albek is not yet sure whether the hackers really used his Gmail id.

ADVERTISEMENT

Let me also tell you, this is not the first time that a G-mail flaw was exploited. Exactly a year ago, another popular blog – Davidairey too, was trapped under a similar circumstance, wherein the hackers got access to the owner’s Gmail account and used the same method to hack down his domain. Details about it is here.

<

p align=”justify”>Well, we are here not to make you scared, our intention is just to aware you that, your Gmail account too may be hacked or misused to gain access to all your important information and data..
So its a high time to ensure that your mail account is never being shared with anyone and you regularly keep on checking all filters, settings, and forwardings.

Categories
Tips

Multiple Yahoo Messenger Hack – Using Many Yahoo Accounts at once!

Long time back I published a simple hack using which you can run multiple Google Talk at once. Now thanks to Ankit, we have a way to run multiple Yahoo messenger at once.

Check following screenshot where me and my friend Sameer signed into our (different) yahoo accounts at the same time!

# How-To Go Multiuser…

  1. Download yahoo_multiuser.reg file. (Tip: Right Click on link, select “save as”…)
  2. Double Click on above file once it is downloaded.
  3. Window may show warning. Click Yes to proceed.
  4. Thats it! Now every click on Yahoo messengers shortcut will start new instance of IM!
ADVERTISEMENT

# How-To Restore singleuser…

I don’t find any harm leaving it multiuser. Still in case you want to restore changes made by above registry file…

  1. Download yahoo_singleuser.reg file. (Tip: Right Click on link, select “save as”…)
  2. Double Click on above file once it is downloaded.
  3. Window may show warning. Click Yes to proceed.
  4. Thats it! Everything is restored again!
ADVERTISEMENT

Now this is for all Windows user using Yahoo Messenger. Others can log into multiple yahoo, GoogleTalk, hotmail or any number of account at once using a multiprotocol messenger like pidgin!

Credit: One of our oldest reader Ankit Agrawal posted this hack in comments on post – Check Who is Invisible/Online on Yahoo Messenger Status Hacks!

[Disclaimer: This post deals with registry modification which is critical part of system. It is strongly advised to make backup of registry in advance. Devils Workshop will not accept any liability as per out ToS.]

Categories
Tips

Check Who is Invisible/Online on Yahoo Messenger!

One of my Orkut friend Niharika Arora asked me on Orkut how to check if a person is online on yahoo messenger? I googled for sometime and here are my tested results…

First let me tell you coolest thing about hacks in this tutorial. They do not require a targeted yahoo user to be on your friend list! Now..

To Check Online Status:

This will work only if user is online and NOT into invisible mode. Invisible part is covered later… 😉

ADVERTISEMENT

First Official Way: Go to Yahoos profile directory and check target user profile. Say you want to check status of someone (where someone is Yahoo ID). Now suffix someone to URL http://profiles.yahoo.com/ so it will become http://profiles.yahoo.com/someone. Open final URL in browser and the profile will have status indicator!

Another Way: There are many simple sites which takes Yahoo ID and returns status of Yahoo user. I have tested http://www.blockstatus.com/yahoo/status-checker successfully!

This part is not a hack but official Yahoo feature documented here.

If you want PHP code to create a status-checker page of your own, this page may help you.

ADVERTISEMENT

To Check Invisible Status:

I tested and used a third-party program named Buddy-Spy! Unlike above this requires a Yahoo account. I strongly discourage using your own Yahoo ID. You better create a new one! 😉

Following is a screenshot of my test result, which says everything.

Also point to note is that I was not in friend-list of Yahoo account used for testing! 😀

Buddy-Spy Links: Download | Homepage | User Guide

Update: Try http://yahoostatus.ro/. Its tested, working fine and web-based! (Added October 7, 2008)

Related: How to go Invisible on Gmail Chat!

Categories
News

Another Blow To Orkut! A new bug for spammers…

Remember above image? Few weeks ago we published a bug in Orkut’s click tracking mechanism which let spammer send third party links bypassing image verification!

Now for those who missed that… A new bug is found in Google Video search history feature! Now Whats a big deal you might say? Well Google Videos and Orkut are both owned by Google Inc. So URL which contains google.com in domain part never encounters image verification!

Now consider link below:

ADVERTISEMENT

http://upload.video.google.com/searchhistory/url?url=//www.devilsworkshop.rsites.dev6.rt.gw

 

You can replace any site URL with www.devilsworkshop.rsites.dev6.rt.gw in it and put the link in scraps! Orkut will never ask for image verification!

This bug is more severe compared to bug in Click Tracking mechanism. Fixing this may be still simple but there are many Googles service and so there must be many bugs like this! All this means a lot more spam in coming month on Orkut… 🙁

Credits: Sumit Kalra found this while analyzing a recent spam "VORUS VIDEO SCRAP" code!

Categories
Tips

New Orkut Bug Let Spammer Send Any Link Without Image Verification! (Orkut Loves SPAM)

Not so long back bugs in orkuts privacy features made their users scrapbook & album content accessible to everyone no matter what privacy settings they choose. Orkut team fixed those bug but unfortunately they have to cancel their holiday plan if any as a new bug in Orkut discovered which let spammer send any links without filling up captcha (image verification). All this means more sCrap all spam on orkut!

 

#proof of concept:

ADVERTISEMENT

Paste following code in any scrapbook…

A link will be send which on clicking will take you to this blogs homepage!

Well you may link looks confusing so end user may not click on it…

ADVERTISEMENT

Ok.. What about following code…

How many of you looks at browser status bar when clicking link? 😉

#How to (ab)use!

ADVERTISEMENT

To send links all you need to do is copy following code and append any URL without http:// to it. (Do not remove any slashes…)

http://www.orkut.com/ClickTracker.aspx?url=////// 

 

#How this bug can be abused?

  • Scrap All Script: Spammers most favorite & most powerful tool against orkut is Scrap All script!
  • To spread Trojan, viruses, spywares, worms, etc: www.devilsworkshop.rsites.dev6.rt.gw can be replace by link to malicious contents
ADVERTISEMENT

Old orkut user may remember in past spreading of worm via scrapbook was one of the reason orkut came up with captcha (image verification)while sending third-party links! What the use of captcha, if it can be bypassed!

 

#Bug Details

  • Bug is in ClickTracker.aspx (URL: http://www.orkut.com/ClickTracker.aspx ).

 

ADVERTISEMENT

#A simple fix Orkut can do..

Put a if-else block at the beginning of ClickTracker.aspx which checks url parameter for third party domains (i.e. anything else than orkut.com or google.com). If third party domain is found, call captcha routine or just abort the execution.

 

That’s it! Thanks Gaurav for the bug and reporting this in orkut google-group! If you are a google-group user please post reply in this thread so that it gets noticed by orkut team earlier!

Categories
Tips

View Locked Orkut Album in Orkut Style!

Important Update: This hack is rectified by orkut. SO IT WILL NOT WORK ANYMORE. If I find a new hack I will definitely post it here!

You may subscribe to my RSS feed or email alert to receive automatic updates regarding this and other hacks in future! (Jan 17, 2008)

This is highly recommended way of exploiting Orkut album hack to unlock (view) pics in the album!

Many users claimed that our old orkut album hack is not working. While we noticed few exception most of the users had trouble in copying and pasting lengthy javascript code. So here comes an automated way – a GreaseMonkey script!

Once you install above script successfully, next time you go to any Orkut locked orkut album, you will see pics from locked orkut album in orkut style alongwith error message which obviously lost its meaning! (See screenshot above)

ADVERTISEMENT

#How to Install (Need to do this only once!)

ADVERTISEMENT

Thats it! All locks will be broken automatically as they never existed! 😀

#Credits:

Thanks Leandro Koiti Sato for creating this script script. Original script is here. We made a small change in our version to give maximum result to our users!

Thanks Bean for notifying about script! 🙂

Important Update: This hack is rectified by orkut. SO IT WILL NOT WORK ANYMORE. If I find a new hack I will definitely post it here!

You may subscribe to my RSS feed or email alert to receive automatic updates regarding this and other hacks in future! (Jan 17, 2008)

Categories
Tips

Orkut Viewing Locked Scrapbook Hack is Back!

Important Update: This hack is rectified by orkut. SO IT WILL NOT WORK ANYMORE. If I find a new hack I will definitely post it here!

You may subscribe to my RSS feed or email alert to receive automatic updates regarding this and other hacks in future! (Jan 3, 2008)

Yep! For those who missed old orkut hack to view locked scrapbook, a new hack to do the same is here!

#Steps to use this hack…

  • Navigate to the profile with locked scrapbook or locked scrapbook itself.
  • Now You will see Profile ID in address / navigation bar. Ex. In http://www.orkut.com/Profile.aspx?uid=10226448830416481862 , 10226448830416481862 is Profile ID. Note down this Profile ID.
  • Now replace Profiled in following URL with Profile ID you have noted above.
  • http://x13.110mb.com/scraps.php?uid=ProfileID
ADVERTISEMENT

Finally paste new link in address bar. Hit ENTER and you will get scraps.

ADVERTISEMENT

#Alternate way… (Javascript)

  • Navigate to the profile with locked scrapbook or locked scrapbook itself.
  • Paste Following javascript in address bar and hit ENTER.

javascript:var dw = document.location.href; dw = dw.split('=');document.location='http://x13.110mb.com/scraps.php?uid='+dw[1];

#Alternate way… (For Firefox Only)

You can drag-n-drop following bookmarklet on your browsers bookmark toolbar. That will create a bookmark named “UNLOCK SCRAPBOOK”. Just click on it whenever you encounter any locked scrapbook and you will be redirected to unlocked scrapbook automatically…

Looks like a bad start for orkut in 2008. Thanks Gaurav!

Important Update: This hack is rectified by orkut. SO IT WILL NOT WORK ANYMORE. If I find a new hack I will definitely post it here!

You may subscribe to my RSS feed or email alert to receive automatic updates regarding this and other hacks in future! (Jan 3, 2008)

Categories
Tips

Orkut Scrapbook XSS Bug is Still Active!

After two days we posted about scrapbook bug and demonstration of its destructiveness  by Rodrigo Lacerda (Portuguese link) and Gaurav, it looks like orkut team haven’t got enough of it!

So on request of some of the members and also to force orkut to take this more seriously we are partially revealing the bug…

The bug is in embed tag’s src attribute! Orkut doesn’t validate if src is pointing to valid flash media file URL and thus any URL submitted as value of src attribute just get executed when user opens scrapbook! This is different than most infection where user have to generate some event like clicking on a particular region, link,  etc.

Proof of Concept 1:

ADVERTISEMENT

Here is harmless but highly annoying code which you can put in your friends orkut scrapbook. This is the reason why some people were getting logged out of orkut just by visiting their scrapbook!

Code:

 

ADVERTISEMENT

Proof of Concept 2:

More serious but harmless exploitation is a worm created by Rodrigo Lacerda (Portuguese link) which is performing following routine.

  • You read the scrap with code (infact just open the scrapbook with code)
  • Code injects javascript in your browser
  • Javascript code makes you join the community
  • Then code collect your list of friends
  • Send the scrap with the code for them!

The community which is being joined is Infectados pelo Vírus do Orkut! Just check out the community page and reload it. Look how fast the number of members increases. 🙂

 

ADVERTISEMENT

Solution:

Solution is in the form of flash block extension we talked about in earlier posts!

 

What should orkut do:

  • They should first activate CAPTCHA (i.e. image verification) for all URLs including their own. That way worm will stop spreading itself!
  • For future they should validate user input properly. XSS is most of the time result of improper validation of input. Like here they haven’t checked URL for filetype!

 

Update: Orkut in a official blog post claim to fix the bug! But this embed tag’s bug is still open! They might have fixed other bug which Rodrigo used!

Link: Post by Rodrigo Lacerda (in Portuguese ) | Flash Block Solution | Gaurav post | Orkut’s official blog post

Categories
News

New Attack on orkut! User gets logged out by just opening scrapbook!

Hackers discovered most serious bug on orkut and that’s too orkut’s most accessed area – scrapbook!

What makes it most serious is that this time user do not need to click or perform any action anywhere to trigger vulnerable codes.

Many users suffered from this. Most of them getting logged out of orkut by just visiting their own scrapbook. Worst they can not delete blank or suspicious scraps either! 🙁

The bug is not fixed yet and this can be used by malicious hackers to gain access victims orkut account so details about this bug will be posted after it gets rectified, till then lets use following solution to save yourself!

Objective: Blocking flash content [on orkut atleast] 

# Firefox User:

Internet Explorer:

  • Go to the Tools Menu -> Internet Options
  • Click on the Security tab
  • Click on Custom Level
  • Disable Run ActiveX controls and plug-ins

 

Additionally delete scraps from your scrapbook if you are getting logged out of orkut on just visiting your own scrapbook!

Thanks Kee Hinckley for timely post on issue!