Saturday, December 29, 2012

You're gonna need a bigger server

The error 500 page from IMDB contains a reference to Jaws

Imdb

Saturday, November 24, 2012

Star Trek interview from 1976

Interview with DeForrest Kelly, James Doohan and Walter Koenig on Tomorrow with Tom Snyder from 1976.

 

 

Sunday, November 4, 2012

One does not simply walk into Mordor, google maps

switch google maps to english, search for the route from The Shire to Mordor by walking:

Mordor

 

Wednesday, October 3, 2012

Monday, October 1, 2012

Sex Tape worm updated, they just switched the alleged star

Quick update, the Miley Cyrus "Sex Tape" worm has been disabled to a certain extent by Facebook, the hackers have quickly adapted the method to use another page on facebook that doesn't display a warning about the access_token and they have switched from Miley Cyrus to Selena Gomez/Justin Bieber "Sex Tape".

Saturday, September 29, 2012

Miley Cyrus fake "Sex Tape" worm on Facebook

I noticed a stream post on facebook yesterday supposedly about a leaked Sex Tape with Miley Cyrus, that I (though very carefully) clicked on. The images looks like a screen cap from a tv channel, its fictitious however, even though there are tv channels called TVN.

 

The link in the article is as usual a short url to hide where it is actually going, some of the urls that are used include the following, I think that the site uses a random distribution between different sites, even though all are hosted on Google appspot, e.g.
miley-sex-video.appspot.com, miley-vid9.appspot.com, celeb-tv.appspot.com, celeb-hunter.appspot.com
Whatever site you end up at, the resulting page looks suspiciously like Youtube but displays an "age verification" dialogue (even the sad face icon is stolen from Youtube)

This is actually a cunning trick to make the user authorize the application without noticing and revealing the information to the page.

The "click to verify" url goes to facebook.com with a referrer-hiding service (href.li) included probably so that facebook cannot easily determine where the request comes from. (the yellow warning bar displayed above comes from Request Policy addon, this is not displayed in a normal browser)


The resulting page just says success and the page address contains an access token for facebook that the user "has to" pass back to the application. The application then has access to the users stream and posts the image again as mobile upload and tags random friends in the image so that the image and link show up in different users streams that do not even have a friend relation to the compromised user.

The actual image that is supposed to be from the sex tape is shown a brief moment when visiting the page, this should probably look like the video is loading but is blocked due to the age verification, this could be a screen cap from a generic porn movie or even photoshopped, I'm not sure, its however likely not Miley Cyrus


After passing the fake age verification page, the page just displays the twirler symbol as if it has problems loading the video, depending on how desperate you are to actually view the video, you could even try to reload the page and try the authorization once more, posting the worm image once again to a different list of friends.


Sometimes the loading image is displayed waiting for age verification, further adding to the impression that this times out and you could just try again later.

I have tried to analyze the html code of the pages a bit, it looks like the people who wrote this had some rather smart ideas to pull this off, it uses a plethora of free services to host the whole thing (google appspot, dropbox, bit.ly, imgur, whos.amung.us, googleapis, maxmind), they are even distributing between different instances of appspot to cheat the daily limit of cpu time and traffic.

Since Friday, Facebook has apparently noticed this attack and removed the stream posts and is now displaying a warning on the html success page to keep users from disclosing the access token:


I checked the first image with Tineye and it came up with an unmodified version of the image, this is from a blog post about "famous o-faces" from 2010, the original image is probably taken from a video by Miley Cyrus



Two updates (at 10/1/2012):
the same thing has been reported by somebody else yesterday coming to the same conclusions: http://www.breakthesecurity.com/2012/09/miley-cryus-sex-tape-real-or-fake.html
(for the benefit of users finding this article with google): the worm may return as a Selena Gomez/Justin Bieber "Sex Tape" scam, though I haven't found evidence that it is really running around Facebook


Thursday, September 27, 2012

After watching this Keek, I feel sortof old

I watched this video yesterday of Victoria Justice playing Ms Pacman, I can help feeling a bit old, she is way younger than Pacman, in fact she is 3 years younger than the Game Boy.

Ms_pacman
http://www.keek.com/VictoriaJustice/keeks/Lde3aab

(I should mention that I'm 11 years older than Pacman)

before anybody complains: I know it is Ms Pacman, but you get the point I hope

 

Saturday, September 22, 2012

Sunday, September 16, 2012

Kreuzspinne an meinem Fenster

Augenscheinlich hat eine Kreuzspinne an meinem Fester ein Netz gebaut.

 

Spinne

Saturday, September 15, 2012

Kreuzspinne am meinem Fenster

Augenscheinlich hat eine Kreuzspinne an meinem Fester ein Netz gebaut.

Kreuzspinne am meinem Fenster

Augenscheinlich hat eine Kreuzspinne an meinem Fester ein Netz gebaut.

Thursday, September 6, 2012

Twitter phishing/spam worm

I got a few DMs recently purporting to be warnings from people you follow about abusive posts from somebody else.

The bit.ly link in the message goes to a phishing page most likely posting new messages again if you disclose your account.

Even though the scam is quite obvious, there are probably enough people still falling for this.

 

(The taget url is blacklisted by bit.ly now, however)

 

Wednesday, August 15, 2012

Zork running on Android

Sc20120815-190920

Retro gaming, even supporting voice input

Saturday, July 14, 2012

recaptcha is featuring signs

2012_07_14_10_34_34_blogger_ca

currently recaptcha as images of sings to read.

Sunday, June 10, 2012

Bullshit Bingo für EM in Eurosport

(source http://bullshitbingo.net/cards/custom/?title=Eurosport+Reporter&exclamation=D...!&terms=Ein+Auftakt+nach+Ma%C3%9F%0D%0ASpiel+beginnt+bei+Null%0D%0AEs+brennt+lichterloh%0D%0AIm+Fu%C3%9Fball+ist+alles+m%C3%B6glich%0D%0AAchtung+bei+Standardsituationen%0D%0ADie+Null+muss+stehen%0D%0ASpiel+lebt+von+der+Spannung%0D%0AEr+ist+der+Star+der+Mannschaft%0D%0ADer+Star+ist+die+Mannschaft%0D%0AHier+kann+jeder+jeden+schlagen%0D%0AFu%C3%9Fball+ist+Kopfsache%0D%0ADie+R%C3%A4ume+eng+machen%0D%0ADie+Passwege+zu+stellen%0D%0AMehr+%C3%BCber+die+Au%C3%9Fen+kommen%0D%0AAbgerechnet+wird+zum+Schluss%0D%0ASie+stehen+kompakt%0D%0ADas+w%C3%A4re+es+gewesen%0D%0ASie+haben+wenig+zugelassen%0D%0ADas+war+sch%C3%B6n+gedacht%0D%0AZu+viel+Klein-Klein%0D%0AEr+macht+den+Unterschied%0D%0ALa+Ola+schwappt+durchs+Stadion%0D%0ADa+fragt+sp%C3%A4ter+keiner+mehr+nach%0D%0AInternationale+H%C3%A4rte%0D%0ADas+ewige+Talent%0D%0AEs+ist+angerichtet%0D%0ASie+spielen+in+einer+anderen+Liga%0D%0AAngstgegner%0D%0ASchnittstelle%0D%0ADoppel-Sechs%0D%0ATurniermannschaft%0D%0ATagesform%0D%0APsychologisch+ung%C3%BCnstiger+Zeitpunkt%0D%0ARuhe+ins+Spiel+bringen%0D%0ADas+Spiel+pl%C3%A4tschert+dahin)

Sunday, March 18, 2012