How to prevent wireless hacking
posted by Praveen at
2:36 AM
3 Comments
Friday, October 10, 2008
Sunday, January 06, 2008
Advertlets.com hijacked - Update (1)
Advertlets is back online. They had an "issue" with their domain name.
I've decided not to put them back on my blog.
Related post: Advertlets.com hijacked
I've decided not to put them back on my blog.
Related post: Advertlets.com hijacked
Labels: advertlets, hacking, malaysia, spoofing, web 2.0
posted by Praveen at
12:23 PM
0 Comments
Advertlets.com hijacked
Ranga pointed this out a few minutes ago (thanks "bro").
If you've tried to visit my blog over the last 24 hours, you would probably have been redirected to Adbaaz.com, a notorious advertising network. Unfortunately, this was due to the Advertlets banner that I had running in the sidebar - my apologies!
Turns out that the guys behind Adbaaz have hijacked the Advertlets domain name (advertlets.com) after it expired on January 3, 2008. This is a terrible crisis that could have been avoided for no more than US$10 - that's how much it costs to renew a domain name.
It's strange that this crisis has hit Advertlets. One of the founders, Josh Lim, was the man behind the WhoIsAdamKing.com "coup" in 2002. I guess karma does bite you back in the ass.
I think this may spell the end of Advertlets, especially in terms of reputation; but let's wait for them to give their side of the story.
If you've tried to visit my blog over the last 24 hours, you would probably have been redirected to Adbaaz.com, a notorious advertising network. Unfortunately, this was due to the Advertlets banner that I had running in the sidebar - my apologies!
Turns out that the guys behind Adbaaz have hijacked the Advertlets domain name (advertlets.com) after it expired on January 3, 2008. This is a terrible crisis that could have been avoided for no more than US$10 - that's how much it costs to renew a domain name.
It's strange that this crisis has hit Advertlets. One of the founders, Josh Lim, was the man behind the WhoIsAdamKing.com "coup" in 2002. I guess karma does bite you back in the ass.
I think this may spell the end of Advertlets, especially in terms of reputation; but let's wait for them to give their side of the story.
Labels: advertlets, hacking, malaysia, spoofing, web 2.0
posted by Praveen at
12:48 AM
1 Comments
Tuesday, July 24, 2007
How to hack WAP portals
NOTE: This post is based on my personal experience and is not intended to cause any malicious harm. I strongly believe that transparency is a necessity on the Internet, and will gladly post comments (and other view points) surrounding this topic in the interest of educating others on the need to plug security loopholes.
Quick tip on how to hack your way through WAP portals using Firefox.
Install the following Firefox add-ons:
- Modify Headers: used to add, modify and filter http request headers
- wmlbrowser: used to emulate a WML browser, although most mobile sites these days should be compatible with XHTML-MP
After restarting Firefox, both add-ons should be active.
To spoof your way through, do as follows:
In Firefox, click Tools > Modify Headers.
Add: x-up-calling-line-id, followed by a mobile number, e.g. 60128889999:
You should now see the header entry, and it should be "enabled" (green circle):
With this in hand, you can spoof your way through to initiate content downloads such as ringtones, wallpapers, and more. What's scary is that you can initiate downloads for random mobile numbers. Unless an SMS acknowledgement is part of the process, this random user will be charged the cost of the download. Screenshot below shows my spoofing experience with a content download via the Maxis WAP Portal. Thankfully, this one required an SMS acknowledgement:
posted by Praveen at
5:28 PM
1 Comments
Friday, January 19, 2007
Do you want a Nokia spy phone?
Prashant pointed this CNET article to me back in December '06:
We are all living on the edge, so be cautious of everything around you.
Related links:
The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations.This means that it is possible to spy using mobile phones, even when they are turned off. Here's a link to a promoter of Nokia spy phones -- Endoacustica.com -- amazing spying capabilities, don't you think so?
We are all living on the edge, so be cautious of everything around you.
Related links:
- CNet News: FBI taps cell phone mic as eavesdropping tool
- Endoacustica: Nokia spy phones
posted by Praveen at
1:35 AM
0 Comments
Friday, January 05, 2007
How to retrieve your Maybank2u.Premier (iAccount) e-statements from 2004 without paying
If you hold a Maybank2u.Premier account, formerly known as the i-Account, then here's a handy tip in case you need to retrieve your old statements. Best part? You can retrieve all your statements from 2004, without paying any of the ridiculous banking fees.
Before we get any further, let's recap the basic features of this account:
Pre-requisites:
Now, here's how you can beat the system:
1) Login to Maybank2u.com
2) Go to: eStatement > Maybank2u.Premier Statement
3) View the source for this page. Note that Maybank2u.com uses HTML frames; this means that you have to view the source of the frame in focus. On a PC with Firefox 2.0, right-click on the main area (Enquiry), and choose: This Frame > View Frame Source. You should see something similar to the following:
4) Press Ctrl+F (Find). Look for BV_SessionID. Copy the "value" in to a temporary text file, e.g.:
5) Press Ctrl+F (Find). Look for BV_EngineID. Copy the "value" in to a temporary text file, e.g.:
6) Press Ctrl+F (Find). Look for accountNo. Copy the "value" in to a temporary text file, e.g.:
7) Open a new tab in Firefox (Ctrl+T)
8) Copy and paste the following URL into your address bar, replacing the REPLACEME's with the values copied from above:
9) The pasted URL contains a date at the end of the string. The example above will retrieve the statement for December 2006 (31/12/06). To retrieve the statement for October 2005, just change this date to 31/10/05 signifying the end of the month. For June 2004, enter 30/06/04.
10) Press Enter, and you should see your statement.
Did it work for you? For help just drop me an email: emailme at praveenrajan dot com
Caveats:
Why Maybank2u, why?
So, why does Maybank2u block us from retrieving statements older than 3 months? Is it a way to generate peripheral revenue? Or is this due to a system limitation (e.g. extensive processing tasks)? I doubt that it is in relation to the latter, as Internet-banking sites should be built to handle massive processing tasks.
Considering that the current system produces statements from May 2004, why not make this historical data available to every Maybank2u.Premier account holder? It's a useful enhancement. Besides, no other Internet-banking service in town offers such extensive historical data (for now).
Related links:
Before we get any further, let's recap the basic features of this account:
- Statements are only made available through the Internet (known as e-Statements)
- At any point in time, you will have access to the latest 3 statements
- In the event you require older statements, you would have to request for printed copies, charged at RM10, and an additional RM1 for every printed page
Pre-requisites:
- Firefox 2.0
- Basic understanding of HTML source code
- A little patience
Now, here's how you can beat the system:
1) Login to Maybank2u.com
2) Go to: eStatement > Maybank2u.Premier Statement
3) View the source for this page. Note that Maybank2u.com uses HTML frames; this means that you have to view the source of the frame in focus. On a PC with Firefox 2.0, right-click on the main area (Enquiry), and choose: This Frame > View Frame Source. You should see something similar to the following:
4) Press Ctrl+F (Find). Look for BV_SessionID. Copy the "value" in to a temporary text file, e.g.:
@@@@0759140826.1167939086@@@@5) Press Ctrl+F (Find). Look for BV_EngineID. Copy the "value" in to a temporary text file, e.g.:
ccfkaddjkmflgmjcflgcehfdfkgdgij.06) Press Ctrl+F (Find). Look for accountNo. Copy the "value" in to a temporary text file, e.g.:
5142811435017) Open a new tab in Firefox (Ctrl+T)
8) Copy and paste the following URL into your address bar, replacing the REPLACEME's with the values copied from above:
9) The pasted URL contains a date at the end of the string. The example above will retrieve the statement for December 2006 (31/12/06). To retrieve the statement for October 2005, just change this date to 31/10/05 signifying the end of the month. For June 2004, enter 30/06/04.
10) Press Enter, and you should see your statement.
Did it work for you? For help just drop me an email: emailme at praveenrajan dot com
Caveats:
- I've been able to retrieve all statements from May 2004 onwards. This was when Maybank2u switched their statement cycle to the end of the month. Prior to May 2004, it was processed on the 15th of every month.
- Your Maybank2u.com session expires after 5 minutes -- when prompted, don't forget to click OK to remain online
Why Maybank2u, why?
So, why does Maybank2u block us from retrieving statements older than 3 months? Is it a way to generate peripheral revenue? Or is this due to a system limitation (e.g. extensive processing tasks)? I doubt that it is in relation to the latter, as Internet-banking sites should be built to handle massive processing tasks.
Considering that the current system produces statements from May 2004, why not make this historical data available to every Maybank2u.Premier account holder? It's a useful enhancement. Besides, no other Internet-banking service in town offers such extensive historical data (for now).
Related links:
- Praveen Rajan: dig maybank2u.com
- Praveen Rajan: rhbbank.com - glitch on Firefox?
posted by Praveen at
4:16 AM
0 Comments
Monday, September 18, 2006
How I hacked Friendster with CoComment
Update: Just received an email from Stephanie Booth of CoComment acknowledging the bug. She indicated that the CoComment team is working on a fix - kudos to them for the quick follow-up! (I'm guessing they made the quick discovery with CoComment on this Techcrunch conversation - bravo, definitely a worthy app despite the bug)
I just stumbled upon an interesting loophole with Friendster using CoComment which allows me to see a list of sent messages belonging to other users, presumably those that are also registered with CoComment, and are keeping track of their sent messages using the form on the default Friendster Send Message page (http://www.friendster.com/sendmessage.php)
Here's how it happened:
- I received a private message in Friendster from a friend.
- I clicked on reply, and chose to keep track of the conversation with CoComment.
- Moments later, I receive a notification from CoComment that the conversation has been updated.
- I log on to my CoComment conversations page, and notice that it's a message sent by mrblinky, who happens to be another user that has signed up with CoComment and has chosen to keep track of his/her Friendster messages
The following screenshot shows my sent message amongst 97 other sent messages that do NOT belong to me:
The screenshots below shows the message in my Friendster inbox which I replied to. The reply form is hosted on http://www.friendster.com/sendmessage.php:
Relevant links:
- Articles on CoComment by Techcrunch
- Techcrunch > CoComment: Tracking Your Blog Comments
- Friendster
- CoComment
Labels: hacking
posted by Praveen at
2:52 AM
9 Comments
About Me
- Name: Praveen Rajan
- Location: Kuala Lumpur
- Profile: Who Am I?
Previous Posts
- If only there were yellow apples
- Bangkok
- My loofah is sprouting!
- Hello Britain
- Head over to 1Utama
- DiGi Internet Bonanza
- Where everyone is a Chew
- Heavy lunch
- Smart donation box
- Havoc satay in Burma Road
Archives
- August 2006
- September 2006
- October 2006
- November 2006
- December 2006
- January 2007
- February 2007
- March 2007
- April 2007
- May 2007
- June 2007
- July 2007
- August 2007
- September 2007
- October 2007
- December 2007
- January 2008
- February 2008
- March 2008
- April 2008
- May 2008
- June 2008
- July 2008
- August 2008
- September 2008
- October 2008
- November 2008
- December 2008
- January 2009
- February 2009
- March 2009
- April 2009
- May 2009
- June 2009
- July 2009
- August 2009
- September 2009
- October 2009
- November 2009
- December 2009
- January 2010
- March 2010
