Announcement: This blog is now moved to new domain: CeeKam.com

Sunday, March 16, 2008

Microsoft Press Free eBook Offers

Microsoft eLearning is providing following free eBooks on their website. For those who are eagar to learn the new technologies using eBooks, go and grab them!

Introducing Microsoft LINQ by Paolo Pialorsi and Marco Russo / ISBN: 9780735623910
Introducing Microsoft ASP.NET AJAX by Dino Esposito / ISBN: 9780735624139
Introducing Microsoft Silverlight 1.0 by Laurence Moroney / ISBN: 9780735625396
Download link for above 3 eBooks.

Introducing Windows Server 2008 by Mitch Tulloch with the Microsoft Windows Server Team / ISBN: 9780735624214
Microsoft Windows PowerShell Step by Step by Ed Wilson / ISBN: 9780735623958
Register and Download link for above 2 eBooks and goto the "Special Offers" section.

Saturday, March 15, 2008

BEWARE! - Worm in Orkut Scrap

Recently I received some common scarps from my friends on Orkut. I suspected a worm and carefully read its messages and acted upon. The scrap message says:


The click here link takes to the profile of a female - [BANI :) => I AM "MTV ROADIES" GIRL ]. And the About me section contains the following information:

And now comes the tricky part - this message shows a trick to open anyone's locked photo album and instructs the user to copy/paste a javascript line of code. If anyone tries these steps, then this javascript sends similar scrap to his/her friends list. This way, the worm keeps spreading from one Orkut user to another. The javascript code [orkut0.js] hosted on a public site, which can become a threat to Orkut community. A quick code review of this JS file, revealed the following:
1) It makes use of XMLHTTP calls and the javascript code contains some text about YoutTube and SQL Injection related stuff.
2) Finally, it internally calls the loadFriends() javascript function, which starts its work.
3) loadFriends() function composes a new scrap message.
4) and runs the SendScrapToAll() function, which sends the same message again to other Orkut friends.
As this javascript runs on the same browser instance, it smartly makes use of the User Session and does not require any additional authentication.

With this post of mine, I would urge all the Internet users to be alert w.r.t communities like Orkut and other spoof mails which provides you a link to click.