[DB75]

1,000,000,000 Internet Users

Jakob Nielsen has posted an interesting article about the number of internet users now online. What I find even more suprising is that North America comes in 3rd at 23%.

PayPal Phishermen

I'm frustrated to no end about the misuse of the web. I ventured into web land in 1997 where it was a somewhat calm and peaceful place. Nowadays there are so many fraudulent practices going on....one which is known as phishing. I never understood how someone could actually give up their information to a 3rd party culprit until I actually dug through the entire process. I'm not saying that there aren't completely obvious clues that something is wrong....but these phishermen do a decent job of pretending to be someone they're not. In this post I'm going to cover a PayPal fisherman trying to steal my info.

The way it generally starts is an email saying that someone tried to access your account and that you should login immediately and update your information. Here's a screenshot of the email I received:

Ignore the [SPAM] text in the subject line. This is something that spamassasin does for me. There are millions of users out there that don't user spam filters so this message would slip on through.

One thing that users aren't aware of is that PayPal no longer embed links in their emails. I was able to verify this when I received an email to login and update my credit card info. The email was plain text and gave me a list of steps to follow without providing any links.

Screen 1 has a couple of interesting attributes. The first thing you notice is the supposed IP address of the computer where your information was submitted. After doing a whois lookup you'll find out this IP belongs to a computer in Amsterdam. Screen 2 shows the results of the lookup. Seems strange, but we all know that the Internet flattens the earth so this phishing can take place from anywhere.

The second and most important thing to notice about Screen 1 is the "Click here to activate your account" link. This is the single entry point into the phisherman's world. Different email clients are providing mechanisms to help protect users. I know Outlook displays a tooltip telling me where this link will take me. Others show this in a status bar. Most browsers display this information in a status bar, given that it's enabled. Screen 3 shows what my Safari browser does when I place my mouse over the link.

For the purposes of this analysis I'm actually going to click on this link. In every other scenario I would recommend deleting the email and enjoying the rest of your day. Actually clicking the link isn't harmful other than it will waste your time....and you know what they say about time. Clicking on the link yields what you seen in Screen 4.

So the dead giveaway in this screen is the URL address. If users tend to miss this I'd be completely shocked, but I can guarantee that it happens. Not to give future phisher wannabes an idea, but your chances of success might be better if you used JavaScript to hide the address bar.

If you take a look at the culprit PayPal page it looks IDENTICAL to the real PayPal page. A simple view source, change link references, and save as will get you an identical page. What's even more interesting about this entire process is where this page lives. If you strip off the path and hit the base URL you'll see the site in Screen 5. Note that http://64.6.232.32/ is the IP address for http://www.whenrelationshipshurt.com.

It's very likely that this company doesn't even know these PayPal pages exist on their server. There are several approaches that hackers can take to remotely gain access to the server and upload these types of files. This makes it even more complicated to trace back and find the culprit since the entire system lives on someone else's server.

The next logical step in the process is to actually submit the form, but before we do that let's take a look at where the username/password data will actually go. A quick view of the page source shows that the data will be passed to "dynaform.php" and is highlighted in Screen 6.

Now the fun begins. I decided to submit the form using test@test.com with the password test. I received the standard PayPal "Processing login" screen, which once again led me to believe I was actually using the real system. These guys implemented all the bells and whistles.

For me, this next screen was a dead giveaway that something is insanely wrong with this so called identity verification process. Screen 8 shows a couple of glaring holes that I wanted to point out. The first is the statement "It is a good idea to use the debit card linked to the checking account you have on file with us". You've got to be kidding me. And the fact they're asking for my debit pin number?!? I've never seen something so ridiculous. What's even more ridiculous is the fact that people have probably fallen for this insanely illegal tactic.

After submitting the form I was directed to a success page where all my information was sent to the culprit and I was redirected to PayPal's homepage. Screen 9 shows the "big catch".

I'm disgusted with this complete misuse of the web and hope that someone will benefit from this post. I believe the only way to prevent this type of illegal behavior is for users to become more educated and pay more attention to the environment their working in. If you're aware of any phishing scams then I suggest contacting the Anti-Phishing Working Group.

Video Usability on the Web

If you publish any video content or even consume it, you might find Jakob Nielsen's video study interesting. While Nielsen is one of those guys people seem to love or hate I tend to learn from his studies. While I used to be on the "hate" side of the fence because of his Flash: 99% Bad study I've come around a bit. Plus we should know by know that Flash was seriously misused back in the day with the skip intro button. Plus Nielsen mustn't have been that bad because Macromedia made him a nice offer.

Google Maps and Polylines in IE

The other day I was seriously struggling with a mapping project that included drawing PolyLines on a Google map. To tell you the exact story the application was working perfectly in FireFox. It wasn't until I fired up IE that I decided to see if there were any problems. I can't remember the exact error, but after doing a good amount of searching I found that the solution lies in Google's API Documentation.

I never thought it would come to IE being the secondary browser where I test my code. I remember the days of writing pages for IE and NEVER even opening them in Netscape. It's amazing how times change and I'm beginning to neglect IE the same way I did Netscape.

The Application Formerly Known as FlashCom

A while back I did a post on installing FlashCom on Fedora Core 3. Tonight I decided to download the latest version of FlashCom now known as Flash Media Server 2. I ran into an install problem with Fedora Core 4 and wanted to mention how I got around it.

When trying to run the installer (./installFMS) I kept receiving the following error:

error while loading shared libraries: libstdc++.so.5

I basically had to update the package using the following command:

yum install libstdc++.so.5

After selecting yes a couple of times I had the necessary packages to support the install. The second thing I'd like to mention is that running the installer without any parameters gave me the following error message:

ERROR: Your distribution, unknown, is not supported by this
Macromedia Flash Media Server installer.

By telling the installer to only warn me (./installFMS -platformWarnOnly) I was able to successfully get Flash Media Server installed.

Quicktime Mobile Video and FFmpeg

I was suprised to find out that FFmpeg supports 3GPP format. I've been using this mobile format to take videos of my daughter with me on the road. Quicktime Pro supports exporting to this format and does a great job of it. My only complaint is that it takes an EXTREMELY long time to do so.

Once again FFmpeg has completely suprised with its 3GPP support. I was able to encode the video of my daughter in about 1/10 of the time as Quicktime with near the same quality output. I'm still trying to figure out the optimal settings as there are so many parameters that FFmpeg supports. The magic command is:

ffmpeg -i ellas_first_year.mov -r 15 -b 50 -s sqcif -an ellas_first_year.3gp

and the video looks great on my P900. Once I figure out the optimal settings I'll be sure to post them.

Image ALT Attribute in Firefox

It seems that IE has spoiled me. I used to rely on the ALT attribute of the image tag to provide tooltips for images. I found out this evening that this doesn't work in Firefox. If you mouseover the images below you'll see that the tooltip only works in IE with the image on the left. If you mouseover the image on the right you'll get the tooltip in both IE and Firefox. It turns out the trick is to implement the title="" attribute of the image tag.

For more information on these attributes click here.

Flex Background Style

I've been spending a decent amount of time lately with Flex skins (aka themes). While this is a great step forward from Flash this comes nowhere near the capabilities of raw HTML/CSS. My task was simple: create a custom background image for the Flex application. I'm working on a "Brushed Metal" theme and wanted to specify a bitmap for the background.

This process documents more of a "styling" element than skinning. I'll cover skinning in a future post when I get everything in place. If you've ever used CSS to specify a background image in a standard Web page then this process should seem very familiar. The difference with Flex is that the image is applied to the "Application" tag and not the "Body" tag. It looks something like this:

[mx:Style]
Application
{
background-image: "backgrounds/brushed_metal.jpg";
}
[/mx:Style]

Which yields the following output:

You can see that something doesn't look completely right as the image doesn't fill to the edges. The original is 500x500 pixels and that's what is being displayed as the background. If you're familiar with CSS you're aware of setting the background repeat so that the image will tile. Unfortunately we don't have this facility in Flex...at least not that I'm aware of. So we have to specify a background-size attribute:

[mx:Style]
Application
{
background-image: "backgrounds/brushed_metal.jpg";
background-size: "100%;
}
[/mx:Style]

Which yields the following output:

You'll notice that the background image actually stretches when the browser is resized. I wouldn't say that this is the most desired result, but if you choose your image wisely then everything should work out fairly well.

FLV Encoding with FFmpeg

Last year I put together a video documenting my daughter's first year of life. I created a couple of DVDs several months ago and have been meaning to get around to creating some web friendly versions of the video. In raw format the video is 720x480, 30 frames/sec, 15 minutes long, and right at 3GB. I've been wanting to create an FLV and dump it into a nice Flash video player.

This weekend I was able to run the raw video through FFmpeg and received some pretty astonishing results. When it was all said and done the file size was just shy of 30MB, while the quality was pretty decent. Here's the command along with parameters:

ffmpeg -i ellas_first_year.avi -ar 22050 -ab 32 -f flv -s 320x240 ellas_first_year.flv

Here are the parameters explained:

-i = Input file name
-ar = Audio sampling rate in Hz
-ab = Audio bit rate in kbit/s
-f = format
-s = size

I'm playing around with the video bit rate options and will post what I find to be the optimal settings for the web. Here's a screen of the FLV output:

It's a little pixelated but looks decent when you watch it. There are a ton of settings that can be tweaked and there's definitely room to play with in regards to the file size. 30MB for a 15 minute video is tough to beat. Here's a screen of the same frame rendered in mov format:

The dimensions are a little different with the second video and you can see that the colors are more vivid. I'm not sure if this is an encoding issue or just the nature of Flash vs. the Quicktime player. At any rate, there's a lot of possibilities here and I'm looking forward to more experimentation.