Hard Work for a Bad Cause

It is becoming easy for me to identify phishing emails these days. Kudos to some of these guys, they give their best to get these mails delivered to inbox despite the mail clients constantly updating their spam filtering methods. Now these guys have to be really smart and surpass these filters and also convince the reader to take an action out of the mail. Even though I was able to identify one of the mails that got into my inbox today, as a phishing email, I was quite impressed by the quality of the mail content. It was a typical mail that my paypal account has been restricted and that I have to complete a checklist by clicking a link to activate it again. The highlight of this mail beyond its actual intent is the right side section of the mail that gives tips on protecting my account - probably something copy pasted but a job well done. The only thing that gave away the authenticity of the mail is the from mail id which wasn’t from paypal.com. Below is the image snapshot (Click to view original).

Phishing Mail

I didn’t leave at that and I wanted to see how well the imitation continues in the rest of the steps. So I clicked on the link in the mail and it took me to an almost similar Paypal site. Look at the below snapshot and compare it with Paypal US website. In the phishing site the only way you can identify it is fraudulent is by looking at two things - one the URL and the second you click on any link like the “About”, “Privacy” etc., it always lands you back to the login page. But just by comparing these two screens you will be surprised at the amount of imitation in terms of fonts, styles, images etc.

Phishing Login Screen

Here is the fun part. The phishers can’t really validate if someone is genuinely using their paypal login and password. But their best bet is if someone really gets convinced that it is from paypal they would input their credentials. But what matters to these people are not the credentials, but the details in the subsequent page. So enter any invalid email address and password, you would be taken to the next page. In the next page comes the details that these guys want - the whole credit card section.  Look at the screenshot (click to view original).

Phishing Detail Screen

Again here the highlight is, to convince the user, they have links like “Help finding your Card Verification Number” and “why is ATM Pin required?”. Clicking on “Why is ATM Pin required?” link shows a popup with the below message.

“By adding VeriSign Payment Services industry-leading tools such as Payflow Link and Payflow Pro to PayPal’s suite of payment solutions, we’re now able to offer online merchants even more choices for their businesses.
Requiring PIN Signatures is the latest security measure against: identity theft, credit card fraud and unauthorized account access. PayPal will verify it with your bank records for your own protection.
If you provide a wrong PIN your account will be suspended for unauthorized account access.

LOL for the last line there :-) .

But Firefox was quick to mark this as a forgery website, when I tried second time clicking on the link to take screenshot for posting here. What surprises me most is, this is not a mere copy paste job, it involves lot of work to imitate the original site, including some testing. For example the login page does a valid email test. So there should be a team with good knowledge on web application programming (this one was done using php, just looking at the URL gave away that), HTML, CSS etc. If only these guys could use their skills to get into a decent job, not only will they be in for a bad cause but the software industry would have got few more good developers. Do these guys realize that by writing software for someone to steal money from those that succumb to this deceit is as good as being thieves themselves?

Blink this Hard Work for a Bad Cause at blinklist.com    Bookmark Hard Work for a Bad Cause at blogmarks    Bookmark Hard Work for a Bad Cause at del.icio.us    Digg Hard Work for a Bad Cause at Digg.com    Fark Hard Work for a Bad Cause at Fark.com    Bookmark Hard Work for a Bad Cause at Furl.net    Bookmark Hard Work for a Bad Cause at NewsVine    Bookmark Hard Work for a Bad Cause at reddit.com    Bookmark Hard Work for a Bad Cause at Simpy.com    Bookmark Hard Work for a Bad Cause at Spurl.net    Bookmark Hard Work for a Bad Cause with wists    Bookmark Hard Work for a Bad Cause at YahooMyWeb

Comments (1)      Cosmos

Dynamically Scale Web Applications in Amazon EC2

Ever since I started working on the Amazon cloud, I was stuck with one thing - not being able to scale the web applications dynamically. To be honest it didn’t even strike me until companies like Rightscale and Scalr started to come into the limelight. Until that time I was just trying to imitate the existing environment, just migrating to Amazon cloud. When I saw the demo of Rightscale and Scalr, I thought it was amazing, to be able to scale the applications dynamically with the click of a button. They have done a wonderful job of automating a whole lot of stuff without getting into the boxes and just using their web based administration application. So I thought what would it take to do a step 1 of what they do - automatically scale up or scale down an instance. I used simple shell scripts to make that happen. I created a white paper that explains the approach and what the scripts do. The white paper assumes Nginx is used for load balancing a web application and Nagios for monitoring the instances. The solution involves dynamically adding a new instance to the Nginx configuration for load balancing and adding the Nagios configuration for monitoring the new instance. It also removes the configurations from Nginx and Nagios when the instance is brought down.

Click the button below to download the zip file containing the white paper and the shell scripts.

Download Dynamically Scaling Web Applications in EC2.zip

This is just a first step to scaling the applications dynamically. It would still require someone to decide when the application needs to be scaled up or scaled down. But once that decision is made it is just a matter of bringing up or down the instances and the rest of the stuff is taken care of.

Feel free to pass on your comments and feedback.

Blink this Dynamically Scale Web Applications in Amazon EC2 at blinklist.com    Bookmark Dynamically Scale Web Applications in Amazon EC2 at blogmarks    Bookmark Dynamically Scale Web Applications in Amazon EC2 at del.icio.us    Digg Dynamically Scale Web Applications in Amazon EC2 at Digg.com    Fark Dynamically Scale Web Applications in Amazon EC2 at Fark.com    Bookmark Dynamically Scale Web Applications in Amazon EC2 at Furl.net    Bookmark Dynamically Scale Web Applications in Amazon EC2 at NewsVine    Bookmark Dynamically Scale Web Applications in Amazon EC2 at reddit.com    Bookmark Dynamically Scale Web Applications in Amazon EC2 at Simpy.com    Bookmark Dynamically Scale Web Applications in Amazon EC2 at Spurl.net    Bookmark Dynamically Scale Web Applications in Amazon EC2 with wists    Bookmark Dynamically Scale Web Applications in Amazon EC2 at YahooMyWeb

Comments (3)      Cosmos

Rails Web Services Connectivity Issue

For the past few months I have been working on migrating our customer’s applications to Amazon cloud. As part of the migration I was making some environmental changes like switching to light weight web servers. Specifically for Rails applications I moved them from Lighttpd to using mongrel clusters (mongrel_cluster) front-ended by Nginx web server. One of the application had a web and a web service component. The web service component is being used by both the web application as well as by desktop client applications from the internet. I wanted the access from web application to web services go through internal connection than the public URL used by the desktop client application. What I did was configure two virtual hosts in Ngnix, one with the subdomain running on port 80 which will be used by the client applications on the internet and the other virtual host on localhost and a port (8880). Both of these virtual hosts pass the requests through proxy_pass to the mongrel cluster.

The connection from the client applications to the web service worked fine, but the connection from the web application to the web service failed. Inspecting the log file showed the below error.

streamHandler.rb in `send_post’: 301: Moved Permanently (SOAP::HTTPStreamError)

I was originally thinking that this could be a problem with using the web services application behind NGINX and proxying the request. But if that were the case, then even the requests coming from the client applications through the subdomain URL should have failed. So I wanted to dig this inside.

Oh by the way before I proceed, the application was on rails 1.1.6, rubygem 0.9.0 and ruby 1.8.5. I know this combination is quite old, but we never got a chance to port the app to newer versions and without code changes it breaks in the newer versions of ruby/rails.

So, I opened irb and tried to use the SOAP libraries directly to make a request to the web services. Here is the code snippet.

irb SOAP error

As you can see in the irb output above, once I create a RPC connection to the web services providing the WSDL URL, you can see the URL to the web service API misses the port number! Apparently the service calls are routed to my default redirection configuration in the NGINX server to the web application. Looking at the log in the NGINX web server confirms that the request is redirected with HTTP 301 status, which is what is thrown up as above.

Honestly I don’t know what would be the fix at a code level, but I did solve this problem, by simply changing the virtual host for localhost:8880 to localhost:80. My reasoning here is since I have specific server domain configurations listening to port 80 and one would not be able to access the localhost:80 from the internet.

My question now and something that I have to dig is, is there a way to tell the soap api explicitly, always use the host and port when calling the web services. Please post any comments/answers if you are aware of. Thanks.

Happy weekend :-)

Blink this Rails Web Services Connectivity Issue at blinklist.com    Bookmark Rails Web Services Connectivity Issue at blogmarks    Bookmark Rails Web Services Connectivity Issue at del.icio.us    Digg Rails Web Services Connectivity Issue at Digg.com    Fark Rails Web Services Connectivity Issue at Fark.com    Bookmark Rails Web Services Connectivity Issue at Furl.net    Bookmark Rails Web Services Connectivity Issue at NewsVine    Bookmark Rails Web Services Connectivity Issue at reddit.com    Bookmark Rails Web Services Connectivity Issue at Simpy.com    Bookmark Rails Web Services Connectivity Issue at Spurl.net    Bookmark Rails Web Services Connectivity Issue with wists    Bookmark Rails Web Services Connectivity Issue at YahooMyWeb

Comments      Cosmos

Foundation Stone #48 - To Lead is to Take the First Step

My interactions with my nephew have provoked thoughts of wisdom on many occasions. One such occasion happened recently. If you were an Indian you would know about the Indian roads and what it takes to cross the roads. There is only one thing Indian road users believe in. More than God, they have the break! This same belief is what enables people to cross roads; because the minds have to work instinctively and real time.

My nephew who is ten years old has started to help his mom to get groceries and stuff all by himself. The last time when I was with him over the weekend he was going to buy groceries from shop. I asked him how you will cross the main road (that always has high traffic with town buses and trucks driving as though they are part of F1 race). He said I use a strategy. I asked him what that is. He said there is always one or more who cross the road. He said he will just walk along with them. I smiled and then he thought for a moment and asked this question, “What if others wait for someone to start crossing?” I smiled and told him if you take the first step, then you are leading and the rest follow you. It stuck me after I said that, probably that’s the only difference between a leader and a follower. A leader is confident of when to take the right step forward and the followers believe in the leader and follow the steps of the leader.

Read my other Foundation Stone posts.

Blink this Foundation Stone #48 - To Lead is to Take the First Step at blinklist.com    Bookmark Foundation Stone #48 - To Lead is to Take the First Step at blogmarks    Bookmark Foundation Stone #48 - To Lead is to Take the First Step at del.icio.us    Digg Foundation Stone #48 - To Lead is to Take the First Step at Digg.com    Fark Foundation Stone #48 - To Lead is to Take the First Step at Fark.com    Bookmark Foundation Stone #48 - To Lead is to Take the First Step at Furl.net    Bookmark Foundation Stone #48 - To Lead is to Take the First Step at NewsVine    Bookmark Foundation Stone #48 - To Lead is to Take the First Step at reddit.com    Bookmark Foundation Stone #48 - To Lead is to Take the First Step at Simpy.com    Bookmark Foundation Stone #48 - To Lead is to Take the First Step at Spurl.net    Bookmark Foundation Stone #48 - To Lead is to Take the First Step with wists    Bookmark Foundation Stone #48 - To Lead is to Take the First Step at YahooMyWeb

Comments (2)      Cosmos

Offline Gmail

Google Labs recently launched Offline Gmail a feature that was most wanted. The advantage of using a web based email client is that the mails can be checked anywhere where there is internet connection. But one of the disadvantages is there is no local copy that can be used offline and also act as kind of backup. For an ardent fan like me this is an additional point to promote Gmail against a desktop email client. :-)

Blink this Offline Gmail at blinklist.com    Bookmark Offline Gmail at blogmarks    Bookmark Offline Gmail at del.icio.us    Digg Offline Gmail at Digg.com    Fark Offline Gmail at Fark.com    Bookmark Offline Gmail at Furl.net    Bookmark Offline Gmail at NewsVine    Bookmark Offline Gmail at reddit.com    Bookmark Offline Gmail at Simpy.com    Bookmark Offline Gmail at Spurl.net    Bookmark Offline Gmail with wists    Bookmark Offline Gmail at YahooMyWeb

Comments      Cosmos

Foundation Stone #47 - Keep running even if you are in the rat race

Everyone knows in this industry you are in a rat race. The more you are ahead in the race the more you are wanted and the lesser you are a commodity. Even if you are not ahead in the race it is important you are still in the race. If you are new to the industry then obviously you have to start running and you will be in the back. But it is important to keep running. I was inspired by a TV talk show where a wise man told a joke and explained the inner meaning of the joke.

There was a marathon going on and there were people watching it. A villager who didn’t know about the Marathon asked a person watching the Race.

“Why are these people running?”

The person replied “The first person who reaches the target destination will get a prize”

The villager then asked, “Then why are others behind him running?”

The question the villager asked is thought provoking. Why should others keep running? - For several reasons. The person who is running ahead could slow down because he has lost his energy, or the people following could gain more speed and could come ahead. The point is nobody stops running just because someone is ahead. The hope and the confidence that you can make it to the top list is what keeps everyone running. Also in a marathon, you look upon who is running ahead of you and you are not bothered about who is following you. Set your target with someone who is ahead of you than trying to compare with people who are behind you. The basic point here is not to stop but keep running. You can be a commodity and running in the rat race but it is better than standing still.
Read other Foundation Stone posts.

Blink this Foundation Stone #47 - Keep running even if you are in the rat race at blinklist.com    Bookmark Foundation Stone #47 - Keep running even if you are in the rat race at blogmarks    Bookmark Foundation Stone #47 - Keep running even if you are in the rat race at del.icio.us    Digg Foundation Stone #47 - Keep running even if you are in the rat race at Digg.com    Fark Foundation Stone #47 - Keep running even if you are in the rat race at Fark.com    Bookmark Foundation Stone #47 - Keep running even if you are in the rat race at Furl.net    Bookmark Foundation Stone #47 - Keep running even if you are in the rat race at NewsVine    Bookmark Foundation Stone #47 - Keep running even if you are in the rat race at reddit.com    Bookmark Foundation Stone #47 - Keep running even if you are in the rat race at Simpy.com    Bookmark Foundation Stone #47 - Keep running even if you are in the rat race at Spurl.net    Bookmark Foundation Stone #47 - Keep running even if you are in the rat race with wists    Bookmark Foundation Stone #47 - Keep running even if you are in the rat race at YahooMyWeb

Comments      Cosmos

You are great!

Sometimes it is good to be a copy cat. This post is one of those. The Validation movie is the one that I had watched few times recently through several blogs I read. And everytime someone blogs, I watch the video again. This is one inspiring movie that you will love. I thought why not I too post this, as there could be few of you who might not have seen this video. It’s a must watch. You are great!

Wish you a happy and prosperous new year! May the coming year bring you success, health and prosperity.

Blink this You are great! at blinklist.com    Bookmark You are great! at blogmarks    Bookmark You are great! at del.icio.us    Digg You are great! at Digg.com    Fark You are great! at Fark.com    Bookmark You are great! at Furl.net    Bookmark You are great! at NewsVine    Bookmark You are great! at reddit.com    Bookmark You are great! at Simpy.com    Bookmark You are great! at Spurl.net    Bookmark You are great! with wists    Bookmark You are great! at YahooMyWeb

Comments      Cosmos

Xpen$er

Xpen$erIf you are a person who is keen in maintaining your balance sheets up to the penny and keep track of it everyday then probably Xpen$er is a handy tool that will let you keep track of your expenses in a simple and very effective manner. The application as a concept could be something that is very old and applications existed right from the days computers became common. But what makes it special is the approach and most simple ways to add the expenses quickly and leave the rest to the system. Not just one way but many ways to add the expenses quickly. Because the most difficult part of maintaining expenses is to remember them and record them. It is easy to record the expense immediately after it happens rather than trying to recollect end of the day/week/month. So if you have to record an expense immediately you may not have the time and patience to open a software and record it. Moreover you may not be near your computer or online when you actually spend. Xpen$er allows expenses to be recorded by sending SMS apart from recording through email, all popular IM’s and Twitter. Check out Xpen$er, even if you are not a person who has been keeping track of the expense, you might actually start doing it looking at the ease of using Xpen$er.

Blink this Xpen$er at blinklist.com    Bookmark Xpen$er at blogmarks    Bookmark Xpen$er at del.icio.us    Digg Xpen$er at Digg.com    Fark Xpen$er at Fark.com    Bookmark Xpen$er at Furl.net    Bookmark Xpen$er at NewsVine    Bookmark Xpen$er at reddit.com    Bookmark Xpen$er at Simpy.com    Bookmark Xpen$er at Spurl.net    Bookmark Xpen$er with wists    Bookmark Xpen$er at YahooMyWeb

Comments      Cosmos

« Previous entries

Creative Commons License  This work is licensed under a Creative Commons Attribution-ShareAlike 2.5 License.