November 2006 – Ngoprek Web

What Geek Like Me Wants from Mobile Phone

I was preparing my new Zendbox alike server to host all of my toys when i found some interesting feed items on my reading list, all talking about the same thing, mobile phone. Which brought me to Ian Hay’s top ten list of what people want from his/her mobile phone.

I’m not really good at making list, so if someone ask me what i want from my mobile phone i’ll give him one single answer: control.

For that matter, i want my mobile phone to support open source software and has open hardware architecture. That’s all i need, i’ll take care the rest myself, thanks.

Against the System: Rise of the Robots

“…big difference between the web and traditional well controlled collections is that there is virtually no control over what people can put on the web. Couple this flexibility to publish anything with the enormous influence of search engines to route traffic and companies which deliberately manipulating search engines for profit become a serious problem.“

That was the quote from Sergey Brin and Lawrence Page’s paper about the prototype of Google search engine which then was in http://google.stanford.edu/.

But i don’t think even Brin nor Page would expect that their invention could bring another problem that emphasize what they meant with “no control over what people can put on the web”.

Yesterday post from Securiteam blog shows us that people can use Googlebot to attack other websites anonimously.

The idea is quite simple, all you have to do is to create a malicious website that contains links attacking web application (CSRF), like this:

http://the-target.com/csrf-vulnerable?url=http://maliciousweb.com/attackcode

and submit this to Google. When Googlebot comes to your website and find this link it will dutifully try to index the URL. And when it does .. bang! the robot do the job for you, attacking your target.

This is not a new idea though. Michal Zalewski wrote about this in 2001 in title “Against the System: Rise of the Robots“. His introduction tells us the whole idea,

Consider a remote exploit that is able to compromise a remote system without sending any attack code to his victim. Consider an exploit which simply creates local file to compromise thousands of computers, and which does not involve any local resources in the attack. Welcome to the world of zero-effort exploit techniques. Welcome to the world of automation, welcome to the world of anonymous, dramatically difficult to stop attacks resulting from increasing Internet complexity.

However, this kind of attack is not only Googlebot’s problem, other search engine bot have the same kind of ability to do the dirty job for you like MSN, Yahoo and dozen of others.

So who’s to blame? Surely, the bad guy who run the original website. Although you can also put the blame to the owner of the victim websites which ignore the security factor and leave all their pages open to any bot for higher pagerank.

GData Calls JSON Hacker

Hey you, yes you, JSON hacker. GData now supports JSON. Try this out: Blog: http:// full stone film hd toy story 3 movie dvd release watch william & kate full movie good quality man on fire full how to download gladiator the full movie “the boy who cried werewolf” dvd .blogspot.com Search

My Delicious Linkblog

Gee, even Andrei now has linkblog. I think I have to make it too. So, i took a little PEAR::Services_Delicious and some ugly codes of mine and there you go, <?php require_once ‘Services/Delicious.php’; $d = new Services_Delicious(‘eristemena’,’guesswhat’); $r = $d->getRecentPosts(); $k=0; foreach ( $r as $l ) { $tidx = date(‘d F Y’,strtotime($l[time])); $lb[$tidx][$k][‘href’] = …

Continue reading “My Delicious Linkblog”

AJAXish Domain Search

I’m an old time user of domaintools.com, they’re doing great for domain search and suggestion. They even share their XML API for domain spinner. I’ve tried myself here. true grit film But for most of you who are used to instant result for everything (ajax enabled), then you have to try this : PCNames Domain …

Continue reading “AJAXish Domain Search”

Microsoft, Google, Yahoo! Unite to Support Sitemaps

Finally, Microsoft, Google and Yahoo! announced today that they will all begin using the same Sitemaps protocol to index sites around the web. Now based at Sitemaps.org, the system instructs web masters on how to install an XML file on their servers that all three engines can use to track updates to pages. What and …

Continue reading “Microsoft, Google, Yahoo! Unite to Support Sitemaps”

Gdata and The Future of Database

I’ve been playing around with GData for the last couple months. And i must agree with Jeremy when he said that GData is the realization of the future that Adam Bosworth talked about. beverly hills chihuahua 2 complete movies Adam gave us a different view of how to deal with huge amount of data. Until …

Continue reading “Gdata and The Future of Database”

Web 3.0

R/WW has a great wrap up from last week Web 2.0 Summit. It seems to me that Web 2.0 now has become more attractive to business world than the geekosphere who gave birth to it. … this year’s conference was a lot different from last year’s. It was still a great conference, but in a …

Continue reading “Web 3.0”