Hacking Reputation

I finally have to admit it, i know next to nothing about MySpace, Facebook or Friendster. I don’t use them, let alone have friends there. But i do know that they are social networking sites, and — to some extent– people’s reputation are based on their popularity on these community.

For that reason, i couldn’t care less when some people try to fake their popularity on social networking sites to gain “reputation”. But this site is too much,

FakeYourSpace is an exciting new service that enables normal everyday people like me and you to have Hot friends on popular social networking sites such as MySpace and FaceBook. Not only will you be able to see these Gorgeous friends on your friends list, but FakeYourSpace enables you to create customized messages and comments for our Models to leave you on your comment wall. FakeYourSpace makes it easy for any regular person to make it seem like they have a Model for a friend. It doesn’t stop there however. Maybe you want to appear as if you have a Model for a lover. FakeYourSpace can make this happen!

I don’t know about you, but having “hot friends” on internet doesn’t do any good to my reputation. But to be able to hack reputation on social network sites surely some reputation to me.

What’s next? Sites that offer services to clarify reputation? or new algorithm for detecting fake friends on social network?

Htscanner

If you’re a PHP developer who use Windows for development platform, you might want to try htscanner. It’s a PHP extension that parses configuration files (for example .htaccess) and changes the PHP settings according to it. You can find its windows binaries here.

It’s a very useful extension especially when you need to simulate PHP configuration setting using .htaccess in Windows, which you can’t do this if you’re using PHP in CGI/FastCGI that usually comes in Apache+PHP installation for Windows.

Just download php_htscanner.dll from PECL4Win, save it to your extension directory (for ex: c:\php\ext) and add these lines in your php.ini :

extension=php_htscanner.dll

[htscanner]
htscanner.config_file=".htaccess"
htscanner.default_docroot = c:\apache\htdocs

c:\apache\htdocs is your docroot, change it to your own docroot directory. Then create .htaccess file in your docroot with these lines:

<IfModule mod_php.c>
php_value register_globals off
</IfModule>

You need <IfModule mod_php.c> to make sure you won’t get 500 error if you’re using mod_access in your Apache installation, also it’s compatible with Apache+mod_php configuration that usually comes with Apache in Linux. In this example i make register_globals off for all PHP files in c:\apache\htdocs.

Thanks to Pierre for maintaining this extension.

Leave Comments Everywhere (Not You, Spammer!)

So, you want to let everyone commenting on any of your web pages? Easy, let the kitty does the work for you. JS-Kit.com gives an elegant yet simple solution for commenting in social network era.

All you need to do is to put this simple scripts on your web page:

<script src="http://js-kit.com/comments.js"></script>

Of course, you can do much more than that by customizing it, such as send an email to you each time somebody put their comment. Just see their website.

However, while JS-Kit allows for a lot of customization, it still lacks some of the important features such as CAPTCHA image challenge, especially to handle those spammer. What do you think? please …

 

IE6 and IE7 Running on a Single Machine

With the release of IE7 many web developers (like me) were faced with a need to test their applications on different versions of IE, but it was impossible for them since there is only one version of IE can be installed on Windows.

But today, as announced by IE Blog, Microsoft has made Virtual PC (VPC) 2004 available for download which contains a pre-activated Windows XP SP2, IE6 and the IE7 Readiness Toolkit to help facilitate developer to test their application on different version of IE (6 and 7).

Now you can install IE7 on your main machine for development, and get all the advantages of IE7, like the RSS platform, native XMLHTTP stack, and improved security, while still running IE6 simultaneously in the VPC on the same computer. Most importantly, you don’t even have to buy an additional Windows license. The VPC image runs in a virtual machine that offers all of the functionality of a full IE6 installation without giving it any access to its host machine’s hard drive, registry, etc. You can make as many modifications as you want to the virtual machine without affecting your host installation at all.

Get more information on Virtual PC 2004 here.

Thanks For Your Votes

PHPClasses.org has just announced the winner of Innovation Award during the month of October 2006. As you can see on my badge here, Ngeblog was ranked in second position with 17.24% from total votes.

Big thanks to all of you who has voted for Ngeblog and helped me for quite some time in developing this class. Especially my geeky friends in Inarts for giving the vote :).

What Geek Like Me Wants from Mobile Phone

dscn3878

I was preparing my new Zendbox alike server to host all of my toys when i found some interesting feed items on my reading list, all talking about the same thing, mobile phone. Which brought me to Ian Hay’s top ten list of what people want from his/her mobile phone.

I’m not really good at making list, so if someone ask me what i want from my mobile phone i’ll give him one single answer: control.

For that matter, i want my mobile phone to support open source software and has open hardware architecture. That’s all i need, i’ll take care the rest myself, thanks.

🙂

Against the System: Rise of the Robots

…big difference between the web and traditional well controlled collections is that there is virtually no control over what people can put on the web. Couple this flexibility to publish anything with the enormous influence of search engines to route traffic and companies which deliberately manipulating search engines for profit become a serious problem.

That was the quote from Sergey Brin and Lawrence Page’s paper about the prototype of Google search engine which then was in http://google.stanford.edu/.

But i don’t think even Brin nor Page would expect that their invention could bring another problem that emphasize what they meant with “no control over what people can put on the web”.

Yesterday post from Securiteam blog shows us that people can use Googlebot to attack other websites anonimously.

The idea is quite simple, all you have to do is to create a malicious website that contains links attacking web application (CSRF), like this:

http://the-target.com/csrf-vulnerable?url=http://maliciousweb.com/attackcode

and submit this to Google. When Googlebot comes to your website and find this link it will dutifully try to index the URL. And when it does .. bang! the robot do the job for you, attacking your target.

This is not a new idea though. Michal Zalewski wrote about this in 2001 in title “Against the System: Rise of the Robots“. His introduction tells us the whole idea,

Consider a remote exploit that is able to compromise a remote system without sending any attack code to his victim. Consider an exploit which simply creates local file to compromise thousands of computers, and which does not involve any local resources in the attack. Welcome to the world of zero-effort exploit techniques. Welcome to the world of automation, welcome to the world of anonymous, dramatically difficult to stop attacks resulting from increasing Internet complexity.

However, this kind of attack is not only Googlebot’s problem, other search engine bot have the same kind of ability to do the dirty job for you like MSN, Yahoo and dozen of others.

So who’s to blame? Surely, the bad guy who run the original website. Although you can also put the blame to the owner of the victim websites which ignore the security factor and leave all their pages open to any bot for higher pagerank.