Orkut still vulnerable to the scrapbook XSS bug
Orkut.com the social networking site from Google is still very much exposed to the XSS bug. Although on orkut's official blog the orkut team states that they have fixed the bug and the new features of the orkut scrapbook cannot be exploited anymore, but the problem still seems to be at large. As per the orkut team "..We believe that this action has been effectively stopped" but here below I am sharing a small script that does the trick on your orkut scrapbook.
If someone copies the below script and sends you a scrap in your scrapbook, you automatically are logged out of orkut. And even if you try login again and go to your scrapbook, you are logged out again. I would suggest not trying this with your friends, because if you do so.. they might not know how to delete your scrap and could never come out of this problem.
Here is the script, which when copy pasted in your friends scrapbook. does the trick
Also there is a method of avoiding these kinds of XSS bug in your scrapbook and also there is a method by which one can delete these kind of scraps (Will write about it latter some time).
Update: The Orkut team has fixed up the security bug.. the trick is no more valid from Jan 2008
If someone copies the below script and sends you a scrap in your scrapbook, you automatically are logged out of orkut. And even if you try login again and go to your scrapbook, you are logged out again. I would suggest not trying this with your friends, because if you do so.. they might not know how to delete your scrap and could never come out of this problem.
Here is the script, which when copy pasted in your friends scrapbook. does the trick
Also there is a method of avoiding these kinds of XSS bug in your scrapbook and also there is a method by which one can delete these kind of scraps (Will write about it latter some time).
Update: The Orkut team has fixed up the security bug.. the trick is no more valid from Jan 2008
Prosperous 2008
Just a thank you for every-one that has made some time to read my blog during the past year. Thank you for bearing with me and some of my wayward ideas. I also appreciate all the feedback and comments. Also thank you for referencing this blog on others. I am humbled to see what great entries on mobile banking are published on the other blogs in this space. See the links on the side (all worthwhile reading).
Anyhow, wishing all of you a prosperous 2008. It is (no doubt) going to be an amazing mobile banking year.
Anyhow, wishing all of you a prosperous 2008. It is (no doubt) going to be an amazing mobile banking year.
Now get a free virtual radio on your mobile.
VirtualRadio brings Web radio stations to your phone. Listen to Internet radio stations from all over the world on your mobile phone with VirtualRadio software on your phone. VirtualRadio connects to the Internet through your mobile phone operator's network and links to more than 800 radio stations from all over the world.
If you have a modern phone, you can directly connect to the Internet by using Wi-fi (WLAN or hotspots) and you can hear radio without being charged by your mobile phone operator.
Just type www.vradio.org in the browser of your mobile phone and download the software to your phone. Enjoy and tell your friends! Please make sure you have either a S60 3rd edition or a UIQ 3 phone. Some Nokia S60 2nd editon are supported too. For mor information, visit the official website.
If you have a modern phone, you can directly connect to the Internet by using Wi-fi (WLAN or hotspots) and you can hear radio without being charged by your mobile phone operator.
Just type www.vradio.org in the browser of your mobile phone and download the software to your phone. Enjoy and tell your friends! Please make sure you have either a S60 3rd edition or a UIQ 3 phone. Some Nokia S60 2nd editon are supported too. For mor information, visit the official website.
True Explorer v.24 SymbianOS9.1 S60v3
TrueExplorer is a simple file explorer for SymbianOS Series60 3rd Edition
into 0.24 it is added: Function including to Cut,Copy,Mark-all Paste Functions
Try once and you will love to know the Easiest functionality.
Included Russian and English language support.
Current Features:
* Browse files, directories & drives
* Show drive free & avail disk space, media type, volume name & id
* Show current path & free RAM memory
* Rename, delete files & directories, create directories
* Launch files by MIME type
* Switch single/double lines (with additional info) view modes
* Mark/unmark files
* Delete, copy, cut & paste selection
* Show file properties
Supported Nokia phones: 3250, 5500, E50, E60, E61, E70, N71, N73, N75, N80, N91, N92, N93, N95,6110 Navigator, 6290, 5700
Download
True Explorer v.24
into 0.24 it is added: Function including to Cut,Copy,Mark-all Paste Functions
Try once and you will love to know the Easiest functionality.
Included Russian and English language support.
Current Features:
* Browse files, directories & drives
* Show drive free & avail disk space, media type, volume name & id
* Show current path & free RAM memory
* Rename, delete files & directories, create directories
* Launch files by MIME type
* Switch single/double lines (with additional info) view modes
* Mark/unmark files
* Delete, copy, cut & paste selection
* Show file properties
Supported Nokia phones: 3250, 5500, E50, E60, E61, E70, N71, N73, N75, N80, N91, N92, N93, N95,6110 Navigator, 6290, 5700
Download
True Explorer v.24
Making free calls via a mobile phone is very easy.
"A killer application that would change the way we communicate on mobile" is what i would call it..
An Israel based fringland Ltd. is a privately held mobile application developer company, who recently launched a free application called the "Fring".Its a mobile voice over IP application that allows you to make free mobile calls and send instant messages. To put it the other way, you can make free call via your mobile through Fring. How ?.. well through internet via the 3G/Wifi network. so you see no airtime/talktime required.
Fring also seamlessly integrates with Skype, Google Talk, MSN. To start with.. all you need to do is download the fring mobile software from the website on your mobile. All simple instructions are very well mentioned on the Fring site. Click here for the website http://www.fring.com/
You could check out the below video, where the application is demonstrated LIVE. Enjoy and post in your comments.
An Israel based fringland Ltd. is a privately held mobile application developer company, who recently launched a free application called the "Fring".Its a mobile voice over IP application that allows you to make free mobile calls and send instant messages. To put it the other way, you can make free call via your mobile through Fring. How ?.. well through internet via the 3G/Wifi network. so you see no airtime/talktime required.
Fring also seamlessly integrates with Skype, Google Talk, MSN. To start with.. all you need to do is download the fring mobile software from the website on your mobile. All simple instructions are very well mentioned on the Fring site. Click here for the website http://www.fring.com/
You could check out the below video, where the application is demonstrated LIVE. Enjoy and post in your comments.
Free web conferencing and screen sharing tool
Adobe recently released its cross platform screensharing and collaboration tool. Codename "Brio." Brio is actually a web meeting service built with collaboration in mind for individual professionals and small businesses. Built on Adobe's Flash platform, Brio operates inside most popular web browsers, so you can start a meeting without worrying if others have a compatible system or the right software.
Brio beta allows you to:
1. Host unlimited online meetings with up to 3 meeting participants.
2. Interact with easy-to-use screen sharing, chat and whiteboards.
3. Access your meeting instantly with a personalized, easy-to-remember URL.
4. Distribute documents and files to meeting participants.
5. Use integrated VoIP, teleconferencing and multi-point video.
This is just the kind of tool that will facilitate easy off-the-cuff tutorials, small business collaboration sessions, and the ability for me to show work in progress to clients instantaneously without them having to sign up for or download a thing.
More detail on Brio is availble here.
My Brio Conference Page
Brio beta allows you to:
1. Host unlimited online meetings with up to 3 meeting participants.
2. Interact with easy-to-use screen sharing, chat and whiteboards.
3. Access your meeting instantly with a personalized, easy-to-remember URL.
4. Distribute documents and files to meeting participants.
5. Use integrated VoIP, teleconferencing and multi-point video.
This is just the kind of tool that will facilitate easy off-the-cuff tutorials, small business collaboration sessions, and the ability for me to show work in progress to clients instantaneously without them having to sign up for or download a thing.
More detail on Brio is availble here.
My Brio Conference Page
True mobile YouTube experience now available on Helio
Helio (Helio, a MVNO joint venture between South Korea’s SK Telecom and Earthlink) has taken the mobile YouTube experience to the next level. This innovative application offers people even more customization and provides them with instant access to interact with the YouTube community whenever and wherever they go..
This new application is much better than Google’s YouTube mobile site at m.youtube.com, as it allows its users to view YouTube videos, rate and comment upon them and upload newly recorded videos as well. Users will be able to share favorite videos with friends in the phone’s contact list or to add a video to their list of Favorites and create new video playlists. Uploaded videos can be given a title, description, tags, category and be set to public or private. Only Helio allows members to also geo-tag video uploads from their mobile device. Using Ocean's built-in GPS capabilities, members can send GPS coordinates with their video to track where they were when everything went down.
The application doesn't cost extra. You just need a Helio Ocean. There aren't that many Helio phones out there overall, about 140,000 as of the third quarter of this year. But with free features like optimized YouTube and MySpace applications and Buddy Beacon, the GPS friend finder, Helio is making good on its promise to turn the mobile phone into something more.
Designed to easily browse, search and view millions of YouTube videos, Helio's YouTube application also offers a simply organized interface where members can access their own video feeds including My Subscriptions, My Favorites, My Playlists, My Videos and Received Videos. Members can also check out YouTube videos in traditional categories like Most Viewed, Most Recent, Top Rated and Recently Featured.
This new application is much better than Google’s YouTube mobile site at m.youtube.com, as it allows its users to view YouTube videos, rate and comment upon them and upload newly recorded videos as well. Users will be able to share favorite videos with friends in the phone’s contact list or to add a video to their list of Favorites and create new video playlists. Uploaded videos can be given a title, description, tags, category and be set to public or private. Only Helio allows members to also geo-tag video uploads from their mobile device. Using Ocean's built-in GPS capabilities, members can send GPS coordinates with their video to track where they were when everything went down.
The application doesn't cost extra. You just need a Helio Ocean. There aren't that many Helio phones out there overall, about 140,000 as of the third quarter of this year. But with free features like optimized YouTube and MySpace applications and Buddy Beacon, the GPS friend finder, Helio is making good on its promise to turn the mobile phone into something more.
Designed to easily browse, search and view millions of YouTube videos, Helio's YouTube application also offers a simply organized interface where members can access their own video feeds including My Subscriptions, My Favorites, My Playlists, My Videos and Received Videos. Members can also check out YouTube videos in traditional categories like Most Viewed, Most Recent, Top Rated and Recently Featured.
A new record!
Today's Google Alert for "mobile banking" delivered 29 hits. This is by far more than what has been delivered to me in the past. Although not a direct metric of mobile banking take-up, it does indicate an fast growing interest in mobile banking. Much more people are talking and writing about it.
Three rules to defend against e-Fraud
After having read my previous blog-post, I realised how scary it can be for un-informed people doing their banking in the electronic world. I thought one can make it simple by giving three simple rules to consumers that will make banking much safer. In my view these are:
1. Never write your passwords, PIN's or any security information down. Make sure that no-body can see this information or steal it in any way. When you feel that this information has been compromised, contact your bank or log on to the website or mobile phone and change the secret information to something else immediately.
2. Never communicate with your "bank" via a mechanism or channel that you are not fimiliar with. If your "bank" phone you or send you an e-mail or SMS requesting you to give security information, don't do it. Rather contact your bank via channels that you have used before (a known website, a known telephone-number or menu on your phone) to check this unsolicited request.
3. When your phone dies unexpectantly, phone your phone from another phone. If your number rings and it is not the phone in your hand that rings, chances are that your SIM has been swapped illegally. Phone your mobile Operator and report your phone as stolen so that they can switch it off immediately. Even if this does not stop a bank fraud, at least it will stop some-one calling on your account.
As with anything in life, safety is common-sense. People feel safe in their houses only because they know that they must lock-up at night. People feel safe in their cars, because they put on safety belts.... to feel safe in doing banking remotely, one must stick to a few simple rules.
1. Never write your passwords, PIN's or any security information down. Make sure that no-body can see this information or steal it in any way. When you feel that this information has been compromised, contact your bank or log on to the website or mobile phone and change the secret information to something else immediately.
2. Never communicate with your "bank" via a mechanism or channel that you are not fimiliar with. If your "bank" phone you or send you an e-mail or SMS requesting you to give security information, don't do it. Rather contact your bank via channels that you have used before (a known website, a known telephone-number or menu on your phone) to check this unsolicited request.
3. When your phone dies unexpectantly, phone your phone from another phone. If your number rings and it is not the phone in your hand that rings, chances are that your SIM has been swapped illegally. Phone your mobile Operator and report your phone as stolen so that they can switch it off immediately. Even if this does not stop a bank fraud, at least it will stop some-one calling on your account.
As with anything in life, safety is common-sense. People feel safe in their houses only because they know that they must lock-up at night. People feel safe in their cars, because they put on safety belts.... to feel safe in doing banking remotely, one must stick to a few simple rules.
Another SIM swap fraud
I was phoned by one of South Africa's popular radio hosts (Bruce Whitfield) on 567 Cape Talk on Friday to ask my opinion on another recent fraud perpetrated by means of swapping the SIM of the target account holder (See story) (Transcript of the call). It is of concern that these incidents are creating the perception that mobile banking is not safe, as it does not have anything to do with mobile banking.
In order to explain this statement, I need to describe how South African banks have improved Internet Banking by utilising an additional channel to improve the security of sensitive transactions. Most South African banks enable customers to log into their Internet banking websites in the acceptable ways through entering Username/Account-number and a secret password. Some have even improved on this by utilising soft-keypads (to counter key-logging attacks) and partial passwords. Typically this would be viewed as "strong-enough" security in most places in the world.
However, most South African banks have improved on this security by also sending a one-time password to a client's mobile phone for sensitive transactions (e.g. registration of a new beneficiary). The client is then required to enter this one-time password into the Website. This is an ADDITIONAL security mechanism for Internet Banking.
If the passwords of a victim were compromised (either by means of phishing, resetting or physical stealing), a fraudster would have been able to commit a fraud in most other countries. However in South Africa, the fraudster is now also confronted with the need to have access to the one-time password that will be sent to the victim's mobile phone. It is in these instances that an illegal SIM swap is performed to get access to the one-time password.
This fraud is solely to perform an Internet Banking fraud and has very little to do with mobile banking. We at Fundamo have deployed more advanced functionality that would have countered even these types of frauds which I will not publish. What we have deployed for one of our clients is a feedback mechanism from the Mobile Operator that would render the sending of a one-time password temporary suspended in the case of a SIM swap. The customer is then required to confirm the SIM swap with the bank first (via other security mechanisms), before the transaction can be completed.
Find Mp3 files using a simple search engine
There are times when you want to listen to a particular music track and then you go to google and search for it. If its mp3 that you are looking for and if are not aware of the google mp3 finder trick, then chances are you might not those mp3 files so easily. And one of the biggest frustrations with iTunes is that we need a credit card to download songs.
But this simple mp3 aggregator does the trick it can be used for finding free mp3s online. This is really free and its now one of my favourite mp3 finder. The Web is full of free music, and BeeMP3 is intent on helping you find it. The site features an easy to use interface that allows you to search open directories and FTP servers for music that you can download with a single click.
They don't host any files - their crawler searches through the Net and indexes all the brand new and popular songs for Your comfortable and fast search. Today they have 800 000 mp3 files in their search database and approximately 10000 files are added daily.
Click here to visit the beemp3.com Check out this site.. and post in your view/reviews. Also if you have any better alternative to search mp3s online.
But this simple mp3 aggregator does the trick it can be used for finding free mp3s online. This is really free and its now one of my favourite mp3 finder. The Web is full of free music, and BeeMP3 is intent on helping you find it. The site features an easy to use interface that allows you to search open directories and FTP servers for music that you can download with a single click.
They don't host any files - their crawler searches through the Net and indexes all the brand new and popular songs for Your comfortable and fast search. Today they have 800 000 mp3 files in their search database and approximately 10000 files are added daily.
Click here to visit the beemp3.com Check out this site.. and post in your view/reviews. Also if you have any better alternative to search mp3s online.
iPhone Interface Runs Faster using Google Application
Google and the iPhone have been togather from the very start, ever since the iPhone launched with Google Maps as one of its main applications. Now Google has created an integrated iPhone Google application that gathers most of its tools into one site.
Google recently updated their iPhone home screen which allows users to launch things such as Gmail, Reader, and Calendar from convenient tabs right on the touch screen. With this revamping, the apps now run faster.
To access the application, iPhone users can point their Web browser to Google's home page, which detects the Apple handset and Safari browser.
Google officials said in a statement that they used AJAX (asynchronous JavaScript and XML), the same technology they used to put their applications on the desktop, for the new application, which lets users switch between different services.
Google has added links to Google Maps and YouTube right on the main menu of the phone,as well as direct links to Gmail, Calendar, and Reader at the top of the screen.
Google is apparently working on making their applications run faster on other phones as well.
Google recently updated their iPhone home screen which allows users to launch things such as Gmail, Reader, and Calendar from convenient tabs right on the touch screen. With this revamping, the apps now run faster.
To access the application, iPhone users can point their Web browser to Google's home page, which detects the Apple handset and Safari browser.
Google officials said in a statement that they used AJAX (asynchronous JavaScript and XML), the same technology they used to put their applications on the desktop, for the new application, which lets users switch between different services.
Google has added links to Google Maps and YouTube right on the main menu of the phone,as well as direct links to Gmail, Calendar, and Reader at the top of the screen.
Google is apparently working on making their applications run faster on other phones as well.
Now access internet while flying
Now experience Wi-Fi when you Hi-Fly. JetBlue Airways is all set to reveal its latest service which will kick off on December 11th, offering a broadband Wi-Fi service to its limited number of flights.
The airlines’ goal is to turn their planes into the equivalent of a wireless hot spot once the aircraft reaches its cruising altitude. Internet services will not be available on takeoff and landing. JetBlue has teamed up with Yahoo and Research in Motion (RIM) to offer this Wireless Internet for passengers on JetBlue in-flights. Few more airline companies are also following his path. American Airlines, Virgin America and Alaska Airlines plan to offer a broader Web experience in the coming months. The services will most likely be priced around 10 USD per flight.
Some international carriers had started offering in-flight Internet service through Boeing, but the aircraft maker decided about a year ago to stop its Connexion service after it failed to sign on enough airlines. First announced in April 2000, Connexion suffered a major setback with potential U.S. airlines after the 2001 terrorist attacks caused an industry-wide slump.
The Boeing system connected to the Internet through satellites, while the JetBlue system will be using about 100 ground towers to provide e-mail and instant messaging services.
more details available here..
The airlines’ goal is to turn their planes into the equivalent of a wireless hot spot once the aircraft reaches its cruising altitude. Internet services will not be available on takeoff and landing. JetBlue has teamed up with Yahoo and Research in Motion (RIM) to offer this Wireless Internet for passengers on JetBlue in-flights. Few more airline companies are also following his path. American Airlines, Virgin America and Alaska Airlines plan to offer a broader Web experience in the coming months. The services will most likely be priced around 10 USD per flight.
Some international carriers had started offering in-flight Internet service through Boeing, but the aircraft maker decided about a year ago to stop its Connexion service after it failed to sign on enough airlines. First announced in April 2000, Connexion suffered a major setback with potential U.S. airlines after the 2001 terrorist attacks caused an industry-wide slump.
The Boeing system connected to the Internet through satellites, while the JetBlue system will be using about 100 ground towers to provide e-mail and instant messaging services.
more details available here..
Google mobile now can track your location without GPS
Google has released version 2.0 of 'Google Maps for mobile', its innovative mobile mapping and local search application. My Location (beta) calculates a user's location by measuring the distance of the phone from nearby base stations. Unfortunately, it isn't as precise as using GPS, but it drains less battery life. Google is hoping to get within one-quarter to three miles of a user's location.
Google stated that they “use various algorithms to approximate your location relative to the cells nearest you. The accuracy of this information depends on how big an individual cell is. Thus, areas with a denser concentration of mobile towers allow for a more accurate My Location reading. Additionally, as our database of cell locations continues to improve, so too does the accuracy and coverage of the My Location feature.”
My Location" technology is claimed to be faster than GPS; besides being able to cover the inside of buildings unlike GPS; and results in slower drainage of batteries vis-a-vis GPS
Users can access Google Maps for mobile with My Location through the following countries: U.S., U.K., France, Italy, Germany, Spain, Austria, Switzerland, Lichtenstein, Portugal, Brazil, Australia, New Zealand, Belgium, Canada, Denmark, Finland, Sweden, Norway, The Netherlands, Russian Federation, and Taiwan.
More details avaiable here, Also refer the below video to understand the concept, its quite simple.
Google now has your emails, GTalk conversations, search queries, personal info and now your location, What would be next ? Post in your views below.
Google stated that they “use various algorithms to approximate your location relative to the cells nearest you. The accuracy of this information depends on how big an individual cell is. Thus, areas with a denser concentration of mobile towers allow for a more accurate My Location reading. Additionally, as our database of cell locations continues to improve, so too does the accuracy and coverage of the My Location feature.”
My Location" technology is claimed to be faster than GPS; besides being able to cover the inside of buildings unlike GPS; and results in slower drainage of batteries vis-a-vis GPS
Users can access Google Maps for mobile with My Location through the following countries: U.S., U.K., France, Italy, Germany, Spain, Austria, Switzerland, Lichtenstein, Portugal, Brazil, Australia, New Zealand, Belgium, Canada, Denmark, Finland, Sweden, Norway, The Netherlands, Russian Federation, and Taiwan.
More details avaiable here, Also refer the below video to understand the concept, its quite simple.
Google now has your emails, GTalk conversations, search queries, personal info and now your location, What would be next ? Post in your views below.
Subscribe to:
Posts (Atom)