Phishing Test

Saw this on Lifehacker today.

The Phishing IQ test offers up ten different emails, then asks you to determine whether each email is legit or a phishing fraud. From InternetNews:

According to data from e-mail security firm MailFrontier, only 4 percent of users can spot a phished e-mail 100 percent of the time. That’s a very sobering thought as the holiday season is upon us and Americans flock online for their shopping needs.

The test is… well, kind of tricky. Some are obvious, but it’s a guarantee that you’ll scratch your head, totally paranoid, wondering whether all the emails are frauds and you’re being made a complete fool of.

MailFrontier Phishing IQ Test II [via InternetNews]

I got 10/10 correct, so that puts me in the 4% group. How’d I get so good? Here’s a couple of things I look for:

  • Does the email use my first and last name? Most legitimate companies will, especially eBay and PayPal.
  • If the email contains a link, where does it point to? Links should always start with standard company URL. Links to PayPal should always start with http://www.paypal.com, not something else, like http://www.signupaccount.com.
  • How’s the grammar/spelling? You’d be surprised how many phishing sites don’t run spell/grammar check.
  • Are they asking for information that they should already have? If a bank or website loses your information, you probably shouldn’t be doing business with them to begin with. Companies ALWAYS have backups and should will never ask for it. NEVER EVER!

Hope those tips help. If you find something that you think is a phishing scam and really have no idea, feel free to forward it to me and I’ll take a look at it.

[tags]Lifehacker, phishing, tips, suggestions[/tags]

Full/Partial Feed Debate

Robert Scoble is having a discussion on full versus partial feeds (see his links here, here, and here).

I agree with Scoble and I don’t subscribe to feeds that only have partial text. And there were some really good feeds that I had to delete. But my time is valuable and I only have a limited amount of time between classes to glance at my feed reader (I use JetBrains Omea Reader 2.0, which is free and the best one I’ve found of yet). If I have to spend time reading a small primer and then clicking on a link and waiting for that load (with all it’s wonderful graphics), then I’m not a happy camper.

I would assume the whole point of partial feeds is to draw the user to the site, a marketing gimmick of sorts. With me and countless others, it’s having the opposite effect and driving viewers away. RSS stands for Really Simple Syndication, not Rich Site Summary (at least in my book).

Some of my friends have blogs that only provide partial feeds and I tell them that I won’t subscribe unless they use a blog service that allows full feeds. I even offer to help them move over to a new blog service (like WordPress.com).

[tags]Robert Scoble, RSS, feed, full versus partial, WordPress.com, Omea Reader[/tags]

Riya: Error Report Batch One

The technology is cool, no doubt about that. However, this is definitely an alpha version and tons more work needs to be done, especially in the display of photos area. Here’s my first bug report (also emailed to the Riya team):

  1. When I was tagging faces, some of the faces did not appear. I labeled them as “AlphaError”.
  2. Some faces are not recognized. When I go in to manually tag them, I find that I usually can’t drag a box around their face if their face is too close to another tagged face.

[tags]riya, photosearch, soalphaithurts[/tags]

Riya Alpha Testing

Just got an email Tara over at Riya and I’m in the Alpha. If you’ve never heard of Riya, it’s a photo sharing site, or search engine as they put it. However it does more than just share your photos, it automatically tags them using facial recognition technology. So, still in alpha, but definitely looks cool. Riya also means business. They recommend, at minimum, to upload 1000 photos! That’s just under a 1/4 of all the photos I currently have uploaded onto Flickr!

Yikes.

So my plan is to test it with a bunch of my Flickr Photos. My eventual goal is to help Mom and Dad to scan all of our physical photos and put them through Riya. It will be interesting to see how Riya handles the same person over a period of years and decades. Stay tuned for more Riya!

[tags]Riya, Flickr, facial recognition, alpha[/tags]

Facebook Security Issue

I really don’t know how much of an issue this is, but I was able to gain access to Quinn McGinnis’s Facebook account and change his stuff around (sorry Quinn).

Here’s how I did it:

  1. Download and install Ethereal, Firefox, and Add ‘n Edit Cookies FF extension.
  2. Capture packets using Ethereal
  3. Analyze packets for Facebook traffic, any traffic that is sent to Facebook is fine.
  4. You’re looking for the cookies set by Facebook that are transfered back to Facebook for verification.
  5. Using Firefox and AnEC, input the values for the following cookies: c_code, check_val, and c_user
  6. Navigate to http://facebook.com, you should automatically be logged in.

Some notes:
I did this while both Quinn and my were on a Linksys wireless router, which means that both our public facing IP address were the same. I would suspect (and hope) that Facebook ties your current session to your IP. The c_code value is 32 digits long, I would guess that it’s probably a MD5 hash, but it could also be crc32. Both are easily (and natively) implemented in PHP, which Facebook uses.

I was thinking about how this could be solved, but I couldn’t think of anything, other than just using a pure SSL session. But that wouldn’t make much sense. I’ll also be submitting this information to Facebook on Monday.

[tags]the facebook, facebook, hack, php, md5, crc32, linksys, quinn mcginnis, ethereal, firefox, add ‘n edit cookies, packet capture[/tags]

Countdown Timer v1.1

NOTICE: Copyright format changed from MIT to GNU GPL as of version 1.1

Not a whole lot of major thing. Thanks to Benoit Kechid (http://www.marine-et-ben.info/) for catching a calculation and syntax error. There was a request for making things linkable, so you can now add a link an event. The time is also has a dashed underlined and if you roll over it with your mouse, the date and time of the event are displayed.

I don’t have anymore ideas for this plugin, so unless I you email me with something that you would like, there probably won’t be any more updates.

Go grab it: https://www.andrewferguson.net/wp-content/dl/wp/afdn_countdownTimer-1.1.phps

[tags]wordpress, plugin, countdown timer[/tags]