Skip to main content

Bom Sabado flooding on Orkut


On Orkut, you might have noticed something fishy going on over the past few hours. A large number of users are randomly flooding their friend’s scrapbooks (Orkut’s equivalent of Facebook Wall) with the following message:
It doesn’t take a genius to figure out that the “Bom Sabado!” messages are automatically generated by a script. However, it is not clear if this is simply a script exploiting a vulnerability in Orkut, or have the accounts sending the automated scraps have been compromised.
If you are amongst those affected, it’s highly recommended that you follow the steps highlighted below:
  • Switch to the “older version” of Orkut.
  • Log out of Orkut.
  • Clean your browser’s cache
    and cookies.
  • Log in and change your password and security question.
If you haven’t been affected yet, it is strongly advised that you avoid Orkut until the issue has been resolved. I managed to trigger the same exploit while researching this article. Recently other high-profile websites like Twitter and YouTube also fell victim to XSS attacks.

The worm appears to have originated in Brazil, where Orkut is still exceptionally popular. Many of the affected users are noticing the Brazilian flag on their status messages. Additionally, the word ‘Bom Sabado’ means ‘Good Saturday’ in Portuguese, which is the official language of Brazil.

Note: You can delete these scraps by visiting m.orkut.com via google chrome as scripts don't work on m.orkut.com plz be quick and don't let those bugs spread.

Possible Solutions and precaution

Follow these steps:
  1. Immediately change your password and security question{ including secondary email and  number if they also got changed.) This will solve the problem.
  2. Find out whether some communities have been joined automatically. if yeah, do remove them.
  3. If your account has been completely hacked, see here: http://www.google.com/support/forum/p/orkut/thread?tid=39fa418ed1162078&hl=en
  4. Always remember these  :
    1. Do not ever log in to any site rather than www.orkut.com
    2. Do not ever run any JavaScript while logged into your Orkut account
    3. Never use any flooder in your account
    4. Don't ever share your password with anyone else and keep changing your password regularly.
    5. Don't click on the suspicious link while logged into Orkut a/c. if you are curious you can copy the link and check them in another browser after cleaning its browser’s cookie and cache.
    6. Don't run any suspicious script on greasemoneky and ALWAYS DISABLE THE GM before logging in to Orkut.
    7. Do your mobile verification also, so that you can get back your a/c if a hacker doesn’t change the mobile number there. http://www.orkut.co.in/Main#MobileSetupSettings
    8. Use a good Antivirus and Anti Key logger and keep your system free from Key loggers and backdoor trojans.
    9. Use Virtual Keyboard to your password for more security. KIS 2010 provides it and there are many other V. keyboards available.
Take a look here and follow the points given to protect your a/c:

http://www.google.com/support/orkut/bin/answer.py?hl=en&answer=57442

and http://www.google.com/support/orkut/bin/answer.py?hl=en&answer=48579
Labels:

Comments

  1. pankajSeptember 25, 2010 at 10:13 PM

    Nice info Sandy

    thanks for sharing!:)

    users should also revoke third party websites access from their google account if any..


    -----------------------------------------
    Google
    Authorized Access to your Google Account

    You have successfully revoked access to facebook.com

    Currently there are no third party sites authorized to access your account.
    ----------------------------------------------

    ReplyDelete
  2. SandeepSeptember 28, 2010 at 10:53 AM

    hmmmm it's my pleasure to share such info.....:)

    ReplyDelete

Post a Comment

Popular posts from this blog

Error 405 : ASP.NET Core Web API PUT and DELETE Methods not allowed

Recently, while working with .Net core API I came across the issue of “Error 405 — Methods not Allowed” After some research, I found out that both GET and POST requests working fine but neither PUT nor DELETE requests working. Another thing is that the PUT and DELETE request was also working fine on my local machine but failed when we host on our Azure server. When I explored the issue on the web it led me to the conclusion that WebDAVModule seems to set PUT and DELETE request methods disabled by default and due to that PUT and DELETE throw 405 errors. To make the PUT and DELETE requests work, we need to override the WebDAVModule setting in web.config file by adding the below settings under “ system.webServer ”. < system.webServer >   < modules runAllManagedModulesForAllRequests = " false " >     < remove name = " WebDAVModule " />   </ modules > </ system.webServer > There may be 2 web.config files in y...
Post a Comment
Read more

C#: Merging Excel cells with NPOI HSSFWorkbook

In this post we’ll see how to merge the two or more cell with each other while creating the excel sheet using NPOI . Mentioned below is code to merge multiple cells, in this example we are merging first cell to fifth cell of first row (you can adjust row or cell range by passing particular parameters in CellRangeAddress). //Created new Workbook var hwb = new NPOI.HSSF.UserModel. HSSFWorkbook (); //Create worksheet with name. var sheet = hwb.CreateSheet( "new sheet" ); //Create row and cell. var row = sheet.CreateRow(0); var cell = row.CreateCell(0); ; //Set text inside cell cell.SetCellValue( "This is Merged cell" ); cell.CellStyle.WrapText = true ; //define cell range address // parameters: -> first row to last and first cell to last cell var cra = new NPOI.SS.Util. CellRangeAddress (0, 0, 0, 4); //Add merged region to sheet. sheet.AddMergedRegion(cra); Hope this solution helps you J
4 comments
Read more

How to set Swagger as the default start page for API hosted on the Azure web app?

I created an Asp.Net Core 2.x Web API and configured Swagger on it, below is the code added in Configure method under Startup.cs file, for full swagger configuration, check here //Add swagger configuration app.UseSwagger(); app.UseSwaggerUI(c => {     c.SwaggerEndpoint( "../swagger/v1/swagger.json" , "Test API V1" ); }); On my local machine when I run the API it is automatically redirected to the Swagger page. However, when I hosted this API as an Azure web app it is not redirecting directly to the Swagger and to access the swagger, I had to append /swagger in the URL, for example, https://testapi.azurewebsites.net/swagger/ Solution: Set RoutePrefix to string.Empty under app.UseSwaggerUI like below: app.UseSwaggerUI(c => {     c.SwaggerEndpoint( "../swagger/v1/swagger.json" , "Test API V1" );      c.RoutePrefix = string .Empty; // Set Swagger UI at apps root }); And that’s it, now when you b...
Post a Comment
Read more