neosapien header image

Wednesday, August 27, 2008

Ubiquity for Firefox



Ubiquity by Mozilla team is just amazing.
Ubiquity
Existence or apparent existence everywhere at the same time; omnipresence: “the repetitiveness, the selfsameness, and the ubiquity of modern mass culture” (Theodor Adorno )
I also like terms omnipotence and omnipresence as well :)

I have just checked the weather in Bern, added some birthday reminders to my Google calendar, twittered my 'testing ubiquity' status, looked up some pit bull puppies photos on Flickr, messed my open tabs in Firefox and even counted the amount of words in this post - all in a couple of seconds using Ubiquity :)
Ok, what is Ubiquity?
Ubiquity
Firefox add-on that springs to life once you press Ctrl-Space (or Option-Space if you're using Mac) and lets you type what do you want to do instead of where do you want to go in browser to do it. For most commands Ubiquity will fetch the results using the desired website's API and display them in the same window, without a hassle for you to go there and enter search terms/perform an action yourself

Check this movie to see how it works:

Ubiquity for Firefox from Aza Raskin on Vimeo.


This brings back the movies from 80's when a cop used to type 'find all persons with name Hans Jakobli'. Everyone at least a little-bit computer literate used to laugh watching movies like this back then, but now computer power has reached the level to make tricks like this possible. All you need to do to get Ubiquity - have Firefox and click this link: install Ubiquity (this links you to Mozilla site). (you will have to install Growl too if you use Mac).

That's it - after this you are ready to roll :) While being only version 0.1, Ubiquity is very powerful. This is just a few of the available commands (you can check the full list by Ubiquity Commands link once you have Ubiquity installed):
  • add-to-calendar Adds an event to your calendar.
  • convert Converts a selection to a PDF, to rich text, or to html.
  • digg If not yet submitted, submits the page to Digg. Otherwise, it takes you to the story's Digg page.
  • escape-html-entities Replaces html entities (<, >, and &) with their escape sequences. (Extremely useful if you do heavy html hacking like this)
  • flickr Searches Flickr for pictures matching your words.
  • map Turns an address or location name into a Google Map.
  • map-these Maps multiple selected addresses or links onto a single Google Map.
  • tinyurl Replaces the selected URL with a TinyUrl
  • translate Translates from one language to another.
  • twitter Sets your Twitter status to a message of at most 160 characters.
  • weather Checks the weather for a given location.
  • wikipedia Searches Wikipedia for your words.
  • youtube Searches YouTube for videos matching your words.

Commands can be typed using only first few symbols - so w saffron burrows will show you clickable wikipedia results for Saffron Burrows in the same window:


And tw writing about Ubiquity will update your Twitter with message 'writing about Ubiquity'. Commands are extendable and people can write their own - that guarantees the growth of amount of available commands.

Ubiquity is an extremely powerful tool - and it is pretty easy to guess that it will be used on OS level in the future (the attempts to do this include OS X Spotlight, Vista's Start Menu, Google Desktop, Launchy) - yet in present this is the most powerful of them all.

Ubiquity is a Firefox extension - so it will work on any operating system (as mentioned, Mac users will have to download Growl first though). Ubiquity for Linux is currently not available Despite claims on the Ubiquity development page that Ubiquity doesn't yet work on Linux, it actually works on my Ubuntu home box - and even better than on my Windows machine at work :)

Hope you enjoy Ubiquity as much as I do :)

Sunday, August 17, 2008

"Rocky is back" featuring Remi Gaillard as Rocky:

"Rocky is back" featuring Remi Gaillard as Rocky:



This guy (RĂ©mi Gaillard) is amazing. Check him on japanese TV:


And this is my favorite.

Remi Gaillard as a bodybuilder impostor in Mister Universe bodybuilding contest

Thursday, August 14, 2008

MSN worm / virus g00d-stuff.com epidemic launch

This page describes the http://g00d-stuff.com MSN virus/worm (also known as PICS FOR MSN FRIENDS), that has been activated on Aug 14th, it's sources and methods of infection, vulnerable platforms/browsers, methods of removal of http://g00d-stuff.com and similar MSN viruses/worms.

  1. Information about http://g00d-stuff.com and similar sites
  2. http://g00d-stuff.com sources
  3. Malicious linked website forms and variations
  4. Vulnerable platforms/browsers
  5. First things to do
  6. How to remove http://g00d-stuff.com MSN virus from your system
  7. References

Information about http://g00d-stuff.com and similar sites

g00d-stuff.com is an MSN worm that spreads through MSN instant messenger with provoking text description, encouraging users to follow the attached link.

Sources of infection

MSN user receives a text message from one of the users in his contact list. A message can sometimes contain a provoking text and always contains a link to a site, containing a virus.

Provoking message can be one (but not limited to) of these:

  • "Album photo.zip"
  • oh you and me? nah its me the clown again"
  • "lool someone put ur photo here: D"
  • "i want you to swim with me! send this file to swim with me!"
  • "lool someone put ur photo here: D"
  • "lol someone has put your photo here: D"
Embedded link can be one of these:

  • g00d-stuff.com
  • username.bl1ng.info
  • username.jumphost.info
  • username.n1cestuff.info
  • checkdiz.info
  • username.awes0me.info
  • username.ther1ng.info
  • username.snapsh0t.info
  • username.da-real-deal.info
  • username.ch33se.info
  • c0ol-th1ng.info
  • imgeshack.info
  • m0bil3.info
  • imageloko.info
  • imagedino.info
  • imagealina.info
  • hostapic.info
  • holyimage.info
  • imagrshak.info
  • get-that-stuff.info
  • coooool.info
  • datsyou.com
  • is-thatt-you.com
  • is-dat-u.com
  • thatzyou.com
After visiting, the virus uses an unknown yet vulnerability of Firefox/Internet Explorer to infect the victims machine and distribute  itself by sending links to further contacts.




Malicious website forms and variations

There are two known forms of g00d-stuff MSN worm page: The PICS FOR MSN FRIENDS phishing page and "FREE RINGTONES, WALLPAPERS, JAVA-GAMES" page etc.

PICS FOR MSN PAGE will look similar to MSN login interface and will ask you to enter your MSN login credentials to proceed. DO NOT enter your credentials there under any circumstances.

"FREE RINGTONES, WALLPAPERS, JAVA-GAMES" page looks like this (photo from Switzerland):

g00d-stuff.com virus-infected page appearance for swiss users

Both pages are heavily booby trapped with viruses and exploits, and if you use Windows and Firefox lower then version 3.0 or Internet Explorer - you are probably already infected.







Vulnerable platforms/browsers

List of known vulnerable platforms:

  • Windows 95/98/Me/2000/XP/2003/Vista
List of known vulnerable browsers:

  • Internet Explorer
  • Firefox 2.0

First things to do

  1. First of all - DON'T PANIC! :)
  2. It really helps not to open the link, enclosed in the text message. However, you have probably already opened it - and that's why you are here
  3. Try to notify your friends and warn them not to open any links they will receive.
  4. You can also set a warning message as your status in MSN
  5. And if you didn't open the link - you are pretty much done :) If you actually did and you notice that you keep sending links to other people - proceed to g00d-stuff removal instructions





How to remove http://g00d-stuff.com MSN virus from your system

  1. Download MSNFix utility (yes, it is safe - I can clearly state it after checking the batch file code and finding other reputable sources linking to it (like this site with 34 thousands subscribers)).
  2. Extract the contents into some directory on your hard drive (for example, C:\MSNFix)
  3. Run MSNFix.bat
  4. Choose your language
  5. Press R to start virus scan
(Update: Author of MSNFix has left a comment here, asking for submission of all non-detected modifications of virus to http://upload.changelog.fr/. There you can leave your nickname, url where you've gotten the virus, your comment, and an infected file - so it will be analyzed and MSNFix will be updated to be able to cure your modification of MSNFix as well (Just in case: the button for download is marked Envoyer, not Annuler)).

After test and removal is performed (so you don't have any spyware/malware/keyloggers on your machine), you will need to reclaim your MSN account:

1. Go to http://login.live.com web page and click on Forgot Your Password.
2. Type in your MSN e-mail address, type the characters that appear in the Picture box, and click Continue.
3. Click Send yourself a password reset e-mail message.
4. Click Send Message.
5. Click Done on the confirmation page.
6. Open your e-mail and follow the link in the e-mail message to reset your password.
7. On the Confirm your e-mail address page, type your e-mail address, and then click Continue.
8. Type your new password two times, and then click Continue.
9. If you want to enter an “alternate” e-mail address, type the address two times, and then click Continue. If you do not want to enter an “alternate” e-mail address, click Skip.
10. When you receive the “You’ve changed your password” message, click Done.



If you want to receive updates about the g00d-stuff virus activity and methods of removal, subscribe to my rss feed - I will keep an eye on that one since couple of my friends are still infected.



References

This article has received hundreds of hits from Google by "g00d-stuff"-related queries in first hours after being published, meaning it has became a real threat due to unknown before vulnerability of Firefox. Judging by geographical locations of requests through the day (over a thousand), I can say that the most affected countries are USA, Canada, China, Hong Kong and Australia.

Friday, August 8, 2008

Proof how stupid people are on Internet and ways to exploit it

As you may know, there is an armed conflict between Georgia and Russia in South Ossetia. Call me inhumane, but I didn't believe that noone will try to make money on that fact.

As some of you might know, even though russian is only my third language, I can understand it enough to read russian mass-media and community sites. So I've decided to check reaction to russian-georgian events in South Ossetia in LiveJournal blogs.

Blogs like this pop up like mushrooms after a nice rain. Oldest are created just a couple of days ago and say something like this:
Today I have decided to start a blog. I've never done it before, but events around me force me to write this...

A guy goes to a war territory just to create a page in a blogging service? The blog is filled with content, stolen from news pages (you can Google a first phrase of every blog post). User has no userpics, except this one:


which leads to a SEO'ed site with plenty of advertising links to payed services like tourist companies and products like glass doors.

The users profile is filled with every imaginable interest (which leads to being discovered by interest search):


The blog 'author', that 'went to fight Georgian aggressors' had already miraculously 'survived' and asks fellow readers to lead this journal into the 'top journals' list - so others can hear good news. And you know what?  

He has already 265 readers (from almost zero in the morning) and counting.
There are plenty of comments like "we are gonna pray for you!" and "hold on there, show them!"

What else is left to do? Only to point dumb idiots on Internet to a proper page of his 'friends'. For example, some musical band (what he already did).

Any more examples needed how social engineering can boost your sales? :)

Thursday, August 7, 2008

Webmasters' tip learned from TypePad: Treat your visitors like your life depends on them

While developing FoxRecord, a need arose to test it on TypePad.
"Sure thing!". http://typepad.com/ in awesome bar and let's go.
Truth came crashing down unexpectedly. TypePad is a payed blogging service.
I mean, come on? Payed blogging service? When there are WordPress and BlogSpot out there?
Whatever. While I prefer not to shop online, TypePad offers a free 14-day trial - more than enough to test the embed widget api, and have a look at what TypePad has in its arsenal.
If only my visa credit card wasn't gathering dust at home, while I tried this trick at work (please don't demote me, I did it on a lunch break, I swear).
So, the result was "oh well".
Until a few days later I receive this e-mail:

Was it something we said?

We noticed that you started to register for a TypePad account, but didn’t complete it.

Maybe the doorbell rang. Maybe you were late for a meeting.

Or maybe it was us.

Whatever the reason, we want the chance to show you that we’re quite simply the best hosted blogging service on the market. Just follow this link and enter code REG*** for a special 10% discount and a 14-day free trial.

We hope to see you again soon.

The TypePad Team


And on a sidebar:

Why Choose TypePad?

Design: You'll look good

Mobile Blogging: You can blog on the go

SEO: You'll stand out

Connect to Others: Be the center of attention


Working in corporate environments and using sites like LinkedIn, I receive plenty of e-mails per day. Yet I have never seen an e-mail written as good as this one.
Why this e-mail message is good:
  1. Taking the blame and full responsibility. Right in the message subject.
    People tend to be forgiving. Especially for something that you didn't do.
  2. Being short and to the point.
    Most people are not amused by amount of graphics you put into your e-mail message. And a lot of people also value their time enough to send the message directly into trash if it looks like 3 pages of justified text, when they already know what this message will be about.
  3. Offering something (in this case, a discount).
    While I consider tricks like 'If you register until midnight today, you will get a special discount, and also this, this and this', at least they offer something in a non-annoying form to a visitor that could never be back. (Instead of selfish 'Please fill this 10 pages survey why you didn't like the product, and go the hell outa here, our robot will read it. One day.')
  4. Providing links to immediate actions.
    "Check out our designs", "Check out how we will work to SEO your blog" - everything a considering customer might want to check - everything is there, in the right sidebar of the message.
  5. Automatic feedback.
    All links in the message go through a redirect - this way, if someone clicks on a link in the message, they know which exactly customer responded to their e-mail and which action did he took.
  6. "Unsubscribe" link.
    If an automatically generated e-mail from services like this does not contain this sort of link - this is a first "red" signal.
    It takes one click to unsubscribe from this sort of e-mails from TypePad. Compare it to Photobucket:
    There is an option to unsubscribe from Photobucket Newsletters in the Personal Information section of your Account Options. All other email from Photobucket cannot be disabled. Most email from Photobucket after the original registration of your account is in direct response to requests from you (account information, email address updates, etc.). The only way to remove
    your email address from the Photobucket site is to request that your account be deleted.
    The only feeling that I have after reading this Photobucket e-mail - I don't want to see photobucket ever again.
    While after unsubscription from TypePad (to test how it works) I even felt sorry.


Morale: treat your visitors the way you want to be treated yourself. A kind e-mail from TypePad made me write this article linking to them. Outrageous behavior of photobucket made me setup an auto-responder with two simple words: "fuck you" to all their e-mails a filter to send every message from them directly to trash.