Thursday, December 9, 2010

New egg

Click-to-Call service for small business

Under the wraps for now, but should help small businesses increase conversions by connecting with their online prospects in offline world. Easy to use 'Click-to-Call' service for small business. Launching soon.

Friday, April 16, 2010

Furlango - New web service to find interesting things to do

I have been writing about cool things that I find interesting - but developed by others.
This time its new cool web app - that I am building with my friend.

www.Furlango.com - new web app that helps you find interesting things and activities on easy to use map interface. There are many other websites that lists events. But we think going through the list is very painful job. I personally like map interface - since it gives you good idea about where things are. Furlango is built on this idea of leveraging map interface.

We are still in early private beta stage, but soon will be launching full fledged service.

Stay tune for more news on Furlango.

For now check out this video and how our site looks.

Thursday, March 18, 2010

Phishing trap with facebook, and YES, workaround on how to get out of it!

We are getting some very encouraging response on Back Benchers' Facebook fan page, and as as a side effect of that, may be, I am thinking lot about facebook in terms of its strategic value, and potential. And its very clear to me that Facebook and Facebook Connect in particular will be a huge platform. And I'll write more about it later on how Facebook will eat Google's lunch with fb connect. But right now - I just discovered the big flaw in Facebook Connect. I think its very very susceptible to phishing attacks. And as a user its important to be aware of this trap.

Lets see what Facebook Connect is - it is a way for fb users to login into non 'facebook' website using your facebook's login credentials. This is awesome, since with fb connect you no longer need to create your account name and password for every single new service. So as a user, you can login into multiple sites with your fb account, and thus becomes seamless web experience. As a web developer, fb connect is a great way to attract users, and provide personalized services without getting them to sign up on your site. And since virtually everybody has an account with facebook this is great for everyone. So far so good. However the way this mechanism works is where the loop hole is.

When you click on the "f connect" icon like this:



A pop up appears where you are asked to input your Facebook account name and password. If you do, you can login to that site using Facebook account. Pop up looks like this:



Question is, how can you guarantee that pop up is from facebook and not from some phishing website? One can easily put together fbconnect icon and following username / password page. Once you enter your information, attacker will store that info, and even can process 'real' fb connect from here. This is serious issue, one way to make sure pop is actually from facebook is to look at url and it will be from facebook domain. But reality is - this can be faked too. As more and more sites implement fb connect, risk of phishing attempts would rise.

This is serious problem. All your social data and your half drunk party snaps are at risk!

Now as a wanna be good blogger - I am going to provide a solution - well an actionable solution for you.

1. Open a new tab, login to your facebook account. Go back to fb connect and login! : Two things are happening here. If you are are logged into facebook, facebook will store session cookie in your browsers memory. When you open fb connect window from other non facebook site, its back end code, if legal - will have access to these credentials, and will log you in into facebook without explicit login info. If this whole thing sounds too technical for you, just follow as I said earlier - Open a new tab in your browser, login to your facebook account. Go back to fb connect and login! Once you do that fb connect popup screen would look like this (Note email address and password fields are gone):



2. Be vigilant - and follow these general simple guidelines as a rule of thumb. Really, don't go to sites that you dont trust. Or at least don't provide the login info on such sites.

That's it - Happy Surfing!

Wednesday, February 24, 2010

Hi there, some new updates for you

If you are wondering, why am I not writing any new blogs on impressions, and you are eagerly(?%%$#) awaiting some stuff here (Which I guess is likely to be real true story) - I am involved in new blog space called - BackBenchers Blog.

I'll be posting most of my serious blogs on Backbenchers - a blogspace with much wider audience and more skillful group of writers!

Anyways, I'll keep writing here on more lighter subjects related to product, business, technology and just about any everyday things.

On a side note - my wife has far better sense of humor than I have, and she writes far better (although less frequently) on lighter playful topics. So I recommend following her blog as well!