Category: Security

How to download any song from Favtape.com

I’ve had my doubts about posting this information because quite honestly I’m a big fan of Favtape.com and I don’t want to see them get in trouble and/or close. That being said, I suppose it can’t hurt that much to put this information out there. Here’s a quick and simple way to download any song that you can play on Favtape.com

  1. Use Firefox (it’s not required but we all know that when you use IE god will kill kittens).
  2. Go to Favtape.com (duh) and find a song that you want.
    FavTape.com songhover
  3. Click the name of the song to begin playing it.
  4. When you hover over the name of the song you should see something like this in the status bar: http://favtape.com/play/**Artist**/**Song**.mp3  (**Artist** and **Song* obviously replaced with the appropriate information). Click on the image to the right if you don’t understand what I just said.
  5. Now you can’t simply right click and “Save link as”. You actually can’t right click at all. So how do you get the MP3 file?
  6. Method 1 – no tweaking involved:
    1. Open a new tab in Firefox (control + t).
    2. Click + hold the Artist – Song Name and drag this onto the new tab you just created.
    3. That’s it! The song should not start to download, but you’ll need to rename it because it’ll save as “fetch.mp3”.
  7. Method 2 – tweaking the Firefox settings:
    Click for full size

    1. In Firefox goes to Tools –> Options
    2. Go to the “Content” tab
    3. Find “Enable Javascript”. To the right of this you will see “Advanced” click on this.
    4. Find “Disable or replace context menus”. Uncheck this box.
    5. Click “OK” and then “OK” again.
    6. Now you can right click on the Artist – Song Name and select “Save link as”.
    7. That’s it! You can now just save the MP3 file we saw in the status bar earlier.
    8. Important Note: You may want to re-enable the “Disable or replace context menus” option because many web applications use this functionality.

Quick Note: Sorry for Any Hassle

Just a very quick note regarding some updates/changes on the website. I’ve activated a few new counter spam measures due to the recent influx of comment spam that I have been seeing. First off, I’ve been using Askimet for a while now with pretty decent success, but it’s time to step up the protection. Next on the list is a new solution (to this blog at least) called Bad Behavior. Viewers shouldn’t see any kind of detrimental impact due to this particular plugin as it only blocks spam bots from accessing the site. If you are blocked for some reason (not that you’d even be able to read this post) please drop me an email. The final line of defense is reCAPTCHA. You’ll notice a red box when you try to leave a comment. This system works like the traditional CAPTCHA check in that you will need to enter the words that are randomly display to verify that you’re human. The twist comes from what happens with those words that you enter: they are fed back to the Internet Archive to increase the accuracy of there OCR processing. Pretty cool huh? I could have used a standard CAPTCHA, but I thought I’d try and help out in small part to a great cause (the Internet Archive project). In summary, I apologize for any inconvenience that these new systems might cause, but it was time to hopefully deal with those heartless, spineless, degenerate bastards (AKA spammers) once and for all.

Interesting Links 10.9.07

This is definitely an eclectic collection of links. I won’t talk about all the links. I’ll just say that Windows Home Server is one of the best things to come from Microsoft in nearly 10 years (since Windows XP). If you have ever downloaded any music *cough* illegally you will definitely want to read the article about how/why the RIAA won this particular trial. It could be very important for you in the future.

Harry Potter – Deathly Hallows Leaked

Yes, it’s true. Harry Potter Deathly Hallows has leaked early. It’s real. Trust me. No, I didn’t read it, but I did verify that it’s real.
Download – Download Harry Potter Deathly Hallows Leak
Proof it’s real – Harry Potter Deathly Hallows leak
Yes, I am enough of a Harry Potter snob at this point that I will not read this half assed leaked copy. I want the real thing (and it’ll be here Saturday or Monday).

Security at my company

So the security at the company I am doing this internship for is abysmal. When I say abysmal I am actually being nice.
A quick example, I called IT this morning to install MS Access 97. The guy remoted into my computer, asked me to log out so he could enable my account as an administration. I log back in, and the real fun begins. He knows perfectly well that I am sitting right at the computer, but he still does everything I am about to tell you.
He goes to “run” and types in the full network location for a folder that happens to contain all kinds of software that the company uses. We’re talking things from AutoCAD, Nero, Maple, etc to Microsoft Office. So obviously I am a bit interested when I see the contents of this folder. He then goes into the “MS Office 97” folder and opens a document called (I kid you not) “Office 97 serial”. So here is the serial number for Office 97 sitting on the screen in front of me. Yes, I know Office 97 is nothing exciting, but the point is that he was flashing the serial for anything around.
So continuing …he installs Access 97 for me and then promptly says “ok, everything looks ok, have a good day, goodbye”. Yes, he hung up that quickly. Now at this point, I was shocked. Not only is 1. the serial number still open on my desktop, 2. the directory of applications (each with a serial in the directory, I checked) still open on my desktop, 3. the full network path for this folder of applications is still in my “run” field, BUT HE ALSO LEFT ME WITH ADMIN PRIVILEGES. I felt like calling this guy back and laughing at him, but instead I decided I didn’t feel like getting fired today.
It’s scary and frightening how poor the security is inside this company. I can only hope, and god do I hope considering what is it they/I do, that security to the outside world is drastically better than this.
p.s. I won’t say where it is that I am working because I can only guess they’d not like me telling the world how crappy their internal security is.

Become a GoogleBot to Access Any Site

Become a Googlebot, get a Free Pass

The Problem:
Sometimes you conduct some search on Google and the engine returns a number of results, but when you try to open the ones that looks the most promising you get a registration page. One thing that you can do is click on the cached content to view the page directly from Google’s cache. But what if you want to view another page from the same site, not present in google’s cache?
The Solution:
It’s evident that there are some sites that allows Google but not you. So why not disguise yourself as Google? Thats exactly what we will do by changing the browser’s user agent to Googlebot.

Check out this site for a handy tip that will let you access just about any website (including those that require you to register for an account or any other access problems. I haven’t give this a shot yet, but I have heard from several people that it does indeed work as advertised. You need to alter your settings to the following:
User Agent: Googlebot/2.1
Compatible: http://www.googlebot.com/bot.html
Check out the site above to see how you can change your settings to the Googlebot user agent.

Fighting Spam with CSS

Fighting Spam with CSS

I had this problem a few months ago with my old site, and was thus forced to find a solution that was light-weight, easy to implement, and most importantly was effective. I decided to turn toward my friend CSS to help me out. The idea here is setting up a form with a text field and via CSS making it invisible. Then, if a post is sent to a php script handling the request and that text box has information in it, that means a human didn’t fill it out, and the script is simply aborted.

Interesting, and surprisingly simple method for blocking most comment spam. This will be the most likely solution if I run into any comment spam problems here.

TorrentSpy is Officially Dead

TorrentSpy ordered to start tracking visitors

TorrentSpy, a popular BitTorrent search engine, was ordered on May 29 by a federal judge in the Central District of California in Los Angeles to create logs detailing users’ activities on the site.

Just a heads up for people. Remove TorrentSpy from your “list”. TorrentSpy is officially dead after this ruling. Move along to the other plethora of sites available.

reCAPTCHA: Fight Spam, Read a Book

reCAPTCHA: the official website
reCAPTCHA: A new way to fight spam

You might notice that reCAPTCHA has two words. Why? reCAPTCHA is more than a CAPTCHA, it also helps to digitize old books. One of the words in reCAPTCHA is a word that the computer knows what it is, much like a normal CAPTCHA. However, the other word is a word that the computer can’t read. When you solve a reCAPTCHA, we not only check that you are a human, but use the result on the other word to help read the book!

A very interesting idea, and I think it might just work. Two problems I see here, 1. someone could just as easily mistype the second word (because that is the one you’re helping the computer “read”). This would lead to the computer related OCR recognition being completely wrong. Correctly me if I am wrong, but I’d like to hope these words that we are helping computers to “read” should be compared with the other responses from so-called humans. In theory if 95% of people say a particular word is “the” and 5% of people say the word is “then” well then the choice of “the” should win out right? 2. CAPTCHA, the original CAPTCHA, still haven’t really taken off all that well. I don’t have any exact numbers, but I’d imagine the proliferation of CAPTCHA is somewhere around 25-35% of web forms. That really isn’t a huge number. Based on that, I can’t imagine web developers are going to promptly leap over to a new (or evolved) technology in any kind of mass migration. This sounds like a great idea, and I may just get around to add this to my blog. That being said, I definitely will not be in any kind of hurry to implement this.