Wednesday, June 29, 2011

Social Engineering - New way of hacking

Social Engineering is the new way of hacking and getting into systems, here's my case.

Got a phone call today at 2:24PM from an unknown caller. They asked for the person's name (whom the number is listed under) I continued to speak as if I am them as they explained that "your computer was generating errors" or messages or something rather "when browsing the internet and downloading..." of course being in this field I know what they are saying is completely bogus but I wanted to find out more about what they doing, suggesting and their intentions and goals (as I always do with phone calls to me).

I asked who are they, where they calling from and what is the problem. They answered (something like) 'windows department' (I don't remember the exact answer), 'New York' and the problem is 'the errors' (or similar answer) in that order. I got somewhat fed up with the lack of information in the answers and said I am a system administrator and what they are saying is bullshit so they said "it's not bullshit" and that was the last I heard from them as they hung up unfortunately. I do regret ending the conversation short and wish I could get more information that would help in future mitigation of such attackers (training my staff accordingly) and ultimately to convict these criminals.

What I wish to have learned:
What exactly they wanted to do and how did they want to do it?
For example; did they want me to download something on my computer to help 'solve the problem'? (probably a virus or other malicious type of software that would most likely log what I have potentially email username/passwords and bank account numbers and passwords, spreading itself to other computers that mine would be in contact with) or did they want to sell me something (which would be like a scam or fraud) or maybe their intention is to have my computer infected from the conversation of let's say download something and then they would offer whatever they sell to fix it.

Whether they are scamming to get into the computer and have control over it or they just want to make a quick buck is still unclear but from the clues I do have they most likely want access directly into my computer since they did identify as a windows department of sorts.

Many questions still unanswered and I still working on making a recording system because I feel recording phone conversations is important these days to both protect myself and also everyone else as I could report them to authorities to help stop such criminal defrauders.

As always give me your opinions, comments and thoughts. If you have encountered such security threats or have ideas as to how to record conversations automatically when answering my phone.

Thanks for visiting EduBoris blog! 

Monday, June 27, 2011

Video host script project php mysql

After the massive popularity of youtube there were many niche video hosts created and so here's my take on it with a friend's idea and my programming skills...the website is called www.ranland.com (defunct) and since we didn't have the funds after getting over 100s of hits/day in first week it went down to a steady 5/day so I decided to put out the source code in hopes that someone will find it useful, as always feel free to improve, remix, re-use!

If there's enough demand may place this on sourceforge and continue development.

Features:
-Flash player (flowplayer) with controls (pause play, full screen and seek)
-Video page with description, title, date posted, count views, thumbnail (image) and the flash video
-Share video on Twitter
-Share video on Facebook
-Share video on Google plus one
-Commenting on videos with Disqus
-Next and previous videos buttons
-Random Video button
-Pages (pagination)
-Featured page with thumbnail images, title and short description, order by newest first
-Most viewed page, same as featured but ordered by most viewed
-Search videos (with google custom search)
-auto tweet to twitter when new video added/uploaded
-auto generate sitemap when new video added (great for Google web and custom search)

Instructions:
-Unzip the contents and upload to your root directory
-modify the db.php with your database info (database info will be added soon)
-modify the index.php with contact info (email, facebook and twitter if you have it) and about info
-if you want twitter status updated when new videos added follow the twitter developer instructions (will be provided later)
-database structure (sql download) provided at the bottom, upload it to your mysql database host

How to use:
To post video go to post.php (no login authentication yet) upload via ftp (no browser upload yet) the flash video (.flv -- no conversion yet) to videos directory, upload the image thumbnail to images directory, past the name of image, name of flash file, add title and description, choose date or leave the existing and click to post the video.

The rest will sort it self and work on it's own, featured goes by latest page, most viewed or popular by most views on individual pages. Share them and enjoy!

There's many features that I would like to have done for this project but the development has been halted as the project came to an end and no further videos have been added, if someone is interested in helping with posting new videos I may continue the development with the following being ideas for new features:
-Add html5 video player support (so videos can be viewed on iDevices-ipod,iphone,etc)
-Add tags and keywords to videos for better SEO
-Ability to upload from browser (now it's only text addition in browser, upload files via FTP)

videohost.sql  Download 1k
video-host.zip Download 847k

Let me know what you think theborisedu@gmail.com

Thursday, June 9, 2011

Print another webpage or image from this page javascript

Pretty simple solution for this I found with slight modifcation.

Place this code with 'otherpage.jpg' as the one you want to print, whether an image or webpage (could even be pdf) and it will prompt for printing when clicked on the button below the code

<script type="text/javascript" >
function printExternal() {
printWindow = window.open(  "otherpage.jpg","mywindow");
setTimeout('printWindow.print()', 2000);
setTimeout('printWindow.close()', 2000);
}
</script>

As you see the first step is to open the page (can be html,  pdf, jpg or other image, etc).
Second step (after short wait of 2 seconds) start the print built-in javascript function.
Third and final is to close that window after print or canceled.

Now here's how to trigger the external print:
<input type='button' value='print' onclick="printExternal()">


The code can also be modified to have much more customized pages (this is how I use it):
<script type="text/javascript" >
function printExternal(str) {
printWindow = window.open(  str,"mywindow");
setTimeout('printWindow.print()', 2000);
setTimeout('printWindow.close()', 2000);
}
</script>

As you see there is now str instead of direct image or file, this allows the function to take it dynamically from page code, now using your favourite server side language you can generate the files from a database (which is what I do in my case with php):

<?php
//this function to get the files
$files = files();

//loop through them
foreach($files as $file){ ?>
<input type='button' value='print' onclick="printExternal(<?php  echo $file ?>)">
<?php } ?>

anyway hope this php didn't confuse you but should help in basic scenarios too.

Comment and let me know if you have questions, comments etc.