Posts Tagged Facebook

The importance of HTTPS login pages – Session hijacking fits in a pocket now

You should always prefer SSL-encrypted (HTTPS) login pages on sites over non-SSL (HTTP). Why?

Session hijacking is why.

First, let me [very briefly] explain the difference for the unfamiliar. SSL stands for Secure Sockets Layer and it’s the encrypted, secure version of HTTP, the protocol that loads web pages. Normal web access is over unencrypted HTTP (the http:// part of the web address) and secure access is over HTTPS (the https:// in front of the address bar). In the most basic terms, the extra ‘s’ stands for ‘secure’.

Some screenshots using Firefox:

Normal (unencrypted) session:

Secure (encrypted) session:

So why am I bringing this up? Because I got a chance to play with an app for Android that claimed to allow one to “capture” login sessions over wireless connections.

How does it work? Well, without going into too much detail you simply connect your Android-powered device running this application to a wireless network and it just sits and listens for login data and captures it. I sat down with the app a few minutes ago, put it on my network, and logged in to various sites. You know what? It worked. I was able to capture several logins in just a few minutes and log in to those sites from my mobile device without needing the password. Among those captured were my Facebook and Google login. Note that I had to disable HTTPS logins on Facebook to get it to capture. The encryption provided by HTTPS is enough to prevent this type of hijack from working.

That means that Joe Blow sitting two tables away from you at Starbucks with his phone in his pocket could be capturing your Facebook, Amazon, or other login credentials while you’re casually surfing the web and sipping coffee.  This could also mean that your neighbors unsecured wireless network, which you’ve been casually using to avoid paying for your own, could be silently capturing your login details. This also means that if your own wireless network is unsecured, you’re leaving yourself open to this type of attack.

Note that this worked even though my network is WPA2 secured: I just had to enter the wireless key to connect to the network.

I’m not going to mention the name of the app, though it is available in the Android Market and does require a rooted phone, so if you want to go play with it you have to find it on your own. I’m also not encouraging stealing other people’s identities. As far as I know it’s a Federal crime. :) I’m writing this to make people aware that they should:

  • Use HTTPS login pages whenever possible.
  • Avoid using unsecured wireless networks.
  • Secure your own wireless network and be aware of who you share the key with.
  • Change your own wireless key from time to time if you share it.

Have a nice day :) As always, feel free to share your comments below!


, , , ,

Leave a comment

Happy Mother’s Day

I stole this from Michele’s facebook page:

Happy Mommy’s Day to ALL the mommies out there-the women who choose to love children unconditionally, whether they grew in your stomach or someone else’s. ♥

Happy Mother’s Day to all the moms–the ones Michele mentioned, and the grandmas, the aunts, the caregivers–those who care, and an extra-special dose of love to Michele, my grandmother Sonya, and my almost-mother-in-law Nola. :)

In honor of Mother’s Day, I’ve changed the banner image, and I’d like to try doing this with different holidays, too.  If there’s a holiday I miss, or if you’d like to suggest a banner image for a certain holiday/celebration, contact me.

Leave a comment

My suggestions for WordPress plugins

Here’s my suggestions for a great set of WordPress plugins. The descriptions provided here are from the plug-ins themselves, and the links go to the plugin page on You can also go to your ‘Plugins’ area in your WordPress dashboard to search for and install any of the below plugins easily.

Bad BehaviorDeny automated spambots access to your PHP-based Web site.

Contextual Related PostsShow user defined number of contextually related posts.

Fast Secure Contact Form – Fast Secure Contact Form for WordPress. The contact form lets your visitors send you a quick E-mail message. Super customizable with a multi-form feature, optional extra fields, and an option to redirect visitors to any URL after the message is sent. Includes CAPTCHA and Akismet support to block all common spammer tactics. Spam is no longer a problem.

Fluency Admin – Give your WordPress admin the Fluency look, Fluency 2.4 is the latest update and is compatible with WP 3.1.x.

Google XML Sitemaps – This plugin will generate a special XML sitemap which will help search engines like Google, Yahoo, Bing and to better index your blog.

Jetpack by – Bring the power of the cloud to your self-hosted WordPress. Jetpack enables you to connect your blog to a account to use the powerful features normally only available to users.

Simple Facebook Connect – Simple Facebook Connect is a series of plugins that let you add any sort of Facebook Connect functionality you like to a WordPress blog.

Simple Twitter Connect – Makes it easy for your site to use Twitter, in a wholly modular way.

WP-PageNavi – Adds a more advanced paging navigation to your WordPress blog

What plugins do you use on your WordPress-powered blog? Have any to recommend? Are you a plugin author and want to “plug” your plugin? :) Please feel free to leave a comment below!

, , , , ,

Leave a comment

Must-have Android apps?

I initially had my list of must-have Android apps posted in my review of my Samsung Moment, but I thought they deserved a mention apart from my awful experience with that phone.

I’ve recently updated this list to reflect my current list of must-have Android apps, rather than the old list. Quite a few of my recommendations have changed. These are recommendations for Froyo and newer. So here they are, in no particular order, and now with Market links. Note that some of these application descriptions have been taken directly from Market where I feel the author has explained it better than I could. If you have an iPhone, feel free to check out my list of must-have iPhone apps as well.

An all-in-one application to track and manage your car: maintenance, fill-ups, fuel mileage, expenses, business trips and more.

Advanced Task Killer (ATK)
Simple, easy-to-use task killer that supports automatically killing tasks as well as force-closing unwanted system tasks.

Astro File Manager
In my opinion the best free file manager / file explorer program available for Android. Easy manage files on your device and SD card. Easy to use, free, and powerful.

Autokiller Memory Optimizer
An outstanding and powerful automatic task killer with manual-kill features and additional tuning for rooted phones. Does have some advanced tuning features, so novice users may want to consider ATK above instead.

Barcode Scanner
A fun little app for using the camera to extract human-readable info from 1D and 2D barcodes. Supports many different barcode formats and recognizes codes quickly.

The natural compliment to Barcode Scanner. Save your scans in a text file or send them via email with a simple touch. Supports batch scanning as well.

Battery Indicator
A free, simple, no-nonsense application to display your remaining battery as a percentage in your notification area.

Battery Widget
This widget displays the battery charge level as a percent on the home screen and offers one-touch access to the Wifi, GPS, and Bluetooth power toggles

Data Counter Widget
A must-have for those who are on data-limited plans. This widget displays your cell and wifi data usage for the month (or another configurable period of time) as a home screen widget.

Dolphin Browser HD
Puts the stock browser to shame. Easy full-screen browsing with swipe access to plugins and gesture  support for quick access to your favorite websites. Supports a variety of plugins as well.

Eternal Legacy HD
If you’re a fan of the turn-based fantasy RPG’s (think Final Fantasy) you will LOVE Eternal Legacy HD. This one is NOT available on Market, but is available from Gameloft.  Check the link for actual phone compatibility.

This is one of those apps that once you have it you’re not sure ow you got along without it. Evernote is an easy-to-use, free app that helps you remember everything across all of the devices you use. Stay organized, save your ideas and improve productivity. Evernote lets you take notes, capture photos, create to-do lists, record voice reminders–and makes these notes completely searchable, whether you are at home, at work, or on the go. Since Evernote’s notes are synced to all of your devices via the cloud, you don’t have to worry about losing them.

FBI Child ID
While the Android app is still in development as of  the date of this update, FBI Child ID is a must-have for anyone with a child that they are responsible for. You can store photos, identifying information, and have the comfort of having it with you whenever you have your phone. With the ability to send it to authorities with a few taps, FBI Child ID can save valuable time in the event of a lost or missing child. See the FBI’s official Child ID page for more information.

What can I say? Facebook app. Much better with recent improvements.

Hackers Keyboard
I don’t like Swype — It lacks some of the extended characters that I use and I’m a tap-typer rather than a swipe-typer. When I do inadvertently swipe my finger across the keyboard it tends to mangle whatever I was trying to type. For me, Hackers Keyboard is better — and free!

JuiceDefender – Battery Saver
A freemium, easy-to-use application to monitor and extend the life of your phone or tablet. Features widgets that give you one-touch access to status and features.

Great app to show historical data about battery life and usage, as well as a widget to show time-to-charge and time-remaining on your battery life. Very useful, and gets more accurate over time.

A great password manager. LastPass web site. With fast and easy access to your LastPass password vault, the LastPass mobile app is a must-have. (Note: Requires a LastPass premium subscription – $12/year)

Lookout Mobile Security
Contains an anti-virus element, phone location, and backup/restore services. Excellent service for free, and a quite reasonable paid subscription service.

Meebo IM
A multi-protocol instant messenger for Android. Supports AIM, Facebook, Google Talk, ICQ, Jabber, MSN, MySpace, and Yahoo messenger protocols.

Track FedEx, UPS, USPS, DHL and more right from your handheld. Also allows you to scan barcodes before shipping to be informed on their progress to the recipient.

Handy for sending money via PayPal while on the go.

Spare Parts Plus
This is a handy utility for editing some hidden functions of your phone or tablet device. Settings should be changed carefully. The most useful reason for this app is enabling/disabling compatibility mode.

It’s Twitter. Do I need to say any more?

Waze uses your devices GPS to not only provide turn-by-turn navigation, but also provides crowd-sourced traffic data to other Waze users  about traffic, delays, police presence, accidents, and other road incidents. Waze allows you to report a road incident with just a few taps on the screen, and Waze works well in both portrait and landscape orientation. (Thanks Jeff T. for the recommendation!)

WeatherBug Elite
Shows up-to-date weather information, forecast, radar (supports multi-touch), and more, with configurable widgets and “follow me” support. WeatherBug Elite is nice, but they do have the free WeatherBug app available too.

A real must-have for anyone with a or self-hosted WordPress blog.

Handy app for testing various functions and sensors on your phone.

If you’ve read this far, you might also be interested in a list of apps specifically for rooted phones, yes? Well, here they are:

Open-source ad blocker for rooted phones.

AdFree Android
Another ad blocker for root phones. For more information and to give feedback, visit the XDA Forums.

An intermediary OpenGL graphics driver which may increase video performance on some devices. Requires: Root, 1ghz+ device, Android 2.1+. See the XDA thread for more information and a list of compatible devices.

Samba Filesharing
A Samba server for your Android phone. Allows you to access your Android phone’s SD card over your network.

Titanium Backup
EXTREMELY powerful tool. Backup ALL apps, Market links, remove bloatware & MORE! Backs up your apps to your SD card and can restore them with their data even after a hard reset, factory reset, or even a new ROM install. It’s fantastic!

Have an Android app you just can’t live without? Please let me know in the comments below!

Last update: December 7th, 2011

, , , , , , , ,

Leave a comment

Facebook Chat via Jabber on Empathy

Facebook chat via Empathy, unlike Pidgin, is actually very easy to set up.

First, go to Edit > Accounts, then click Add… and select Jabber as the protocol.

Fill in the screen with your Facebook username (NOT your email address) in format, and optionally check the Remember password checkbox and fill in your password.

That’s it, you should be all set! If you get a certificate error when signing in, see this article for how to resolve it.

Questions, comments, and feedback are welcome and appreciated!

Leave a comment

Empathy gives ‘untrusted connection’ certificate warning when connecting to Facebook via XMPP

Empathy users may have experienced a rather annoying problem if connecting to Facebook via XMPP using Empathy. This problem may affect other services too, such as Gwibber, but I’m not using Gwibber — so I’m only writing about this.

When trying to connect, you’ll receive a message like the following:

Even if you check “Remember this choice for future connections”, you’ll still get it next time you launch Emapthy.

It seems the root cause is a certificate not being installed in ca-certificates during installation. The original issue and solution are described in Launchpad bug #746973, and is root caused in Launchpad bug #742889.

I’ve rewritten the solution here with some adjustments to the steps for clarity and where instructions were incomplete or needed explanation.

Start by opening Firefox to get the correct certificate out of the certificate store.

In Firefox, go to edit > preferences > advanced > encryption > view certificates > authorities

Scroll down to DigiCert Inc, and find “DigiCert High Assurance CA-3”

Click “Export” and save the file somewhere you can find it later.

I called it DigiCertHighAssuranceCA-3.crt (you will probably have to add the extension, which is important).

It automatically exports in PEM (X.509) format, which is what we need.

Verify by opening a terminal and typing

file DigiCertHighAssuranceCA-3.crt

You should get:

DigiCertHighAssuranceCA-3.crt: PEM certificate

Now, become root (sudo su) and execute the following commands to move the file to the ca-certificates installation source:

mv DigiCertHighAssuranceCA-3.crt /usr/share/ca-certificates/mozilla
chown root:root /usr/share/ca-certificates/mozilla/DigiCertHighAssuranceCA-3.crt
dpkg-reconfigure ca-certificates

Select “yes”, then scroll down the list and place a mark (using the space bar) next to the certificate we just added. Press the TAB key to move the cursor to OK then press space again to confirm.
You will likely see output similiar to the following:

Updating certificates in /etc/ssl/certs... 
WARNING: Skipping duplicate certificate
WARNING: Skipping duplicate certificate Go_Daddy_Class_2_CA.pem
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....
updating keystore /etc/ssl/certs/java/cacerts...
added: /etc/ssl/certs/DigiCertHighAssuranceCA-3.pem

Confirm that it’s fixed by exiting empathy if you had it opened (Chat > Quit) waiting a moment or two and then restarting it. You should automatically be signed into Facebook XMPP without the certificate warning.

Questions, comments, and feedback about this are welcome and appreciated.

, ,

Leave a comment

How to get your Facebook follower count in PHP

If you’re looking for a way to fetch and display your Facebook follower count in PHP, here is your code. In the below, substitute __ID__ for your numeric ID for your app or page, and __TOKEN__ for your access token.

Please consult the Facebook Graph API documentation for more information.

This method uses file_get_contents() rather than the preferrable cURL() call. Also, don’t forget to cache your queries, or you may experience API throttling. See the Rest & Graph API Best Practices for reference on this.

Here is the code:

function GetFacebookFollowerCount(){
  $json = file_get_contents('');
  $obj = json_decode($json);
  $new_facebook_followers= $obj->data[0]->values[0]->value;
  return $new_facebook_followers;

Comments and feedback are welcome.

, ,

Leave a comment

When did Facebook become a social obligation?

So at least once I week I get hit with the following:

“Did you see what so-and-so put on Facebook?”
“Go look.”
“I don’t want to look right now.”
“Just go look.”

Don’t get me wrong, I think Facebook has a certain social value. A certain value. I’m not trying to downplay it, but unfortunately it’s turning into, or been turned into… well, something else. I hear a lot of people say “I use Facebook to keep in touch with family and friends I don’t see very often.” or “I’ve met friends that I wouldn’t have met otherwise, using Facebook.” Good on you!

Unfortunately the real value of Facebook has been drowned in a sea of spam and junk. I had to have someone show me how to hide and block it, otherwise it’s almost impossible to sift through it.

Facebook is turning the corner (some would argue it passed it a few miles ago) of being more harmful than beneficial, but I suppose that can happen with anything that more than half-a-million people get involved in.

Friends you don’t know in real life, people you will never meet, people you may never want to meet, and you and your “friends” are sharing your life with them, around the clock. The “social obligation” of having Facebook friends reminds me of High School cliques.

There’s also the over-sharing: the Facebook status that just screams “I’m a loser!” The pointless random stupid Facebook “repost” crap. Whoever thought some of this up had a fantastic idea to bring Facebook page views and advertising revenue.Lastly, there’s the gossip. Nothing spreads faster on a social network than gossip. Gossip, rumor, stuff that’s made up and has little, if any, truth factor. You want to spread gossip, Facebook is the way. There’s also people who have lost their jobs, ended up in jail, or otherwise punished for something or other they’ve put on Facebook. Recently, a California judge ordered legal action against a juror because of their Facebook posts. Good. You shouldn’t have been discussing the case publicly, and you knew better.

Let’s also not forget the privacy issues surrounding Facebook. After all, Facebook started by stealing people’s personal information and sharing it. That’s what got them off the ground. Why should they stop a good thing? Not to mention the malicious apps that install viruses on your computer, in an effort to get just-that-much-more of your information.

I feel bad for the people that simply “live” on it, and forget that there was a time when it wasn’t around, and there will be a time where it won’t be. Social networks come and go all the time. Look at MySpace for a really good example. I think people have too easily forgotten this… what happened to the good old exchange of email addresses? Rather, it’s “I’m on Facebook.” If you’re using depending on Facebook as a way to share blurbs and photos with others, you might just want to keep your options open.

Businesses have been doing it too: I’ll see billboards and TV ads encouraging me to “Find us on Facebook.” Just the other day I got an email telling me that a business was having a drawing or a contest for something-or-other, and all I needed to do to enter was “like” them on Facebook. Really? So how are you honestly going to choose a “random” “winner” from all your Facebook groupies? I think businesses that do this do a discredit to themselves in an effort to get (or expand) a fan base. I’ll “like” a company on Facebook if I really want to get updates from them, not because you’re throwing me a teaser.

To Mark Elliot Zuckerberg and the rest of the Facebook devs: Well played.

What are your thoughts on Facebook, currently the largest, most controversial, and most profitable social media networking website ever?


Leave a comment

Ten ways to advertise your website or blog that don’t cost money

Webmasters and bloggers are always looking for ways to advertise their sites and increase traffic. There are a lot of ways to do this that don’t cost a penny.
Here’s some of my suggestions in no particular order…

Produce good-quality content and have it indexed by the search engines

People want content, and content sells itself. If you’re searching for something, then come up with what you’re looking for, why not mention it with a link? Or, if you solve a problem with a piece of software, or find a bug, write about it. Certainly other people have run into the same thing, and they’re likely looking for the same thing you were. Help them find you.

This is actually a lot easier than most people realize — it only takes a few steps to set up, and the rest of the crawling is done by the search engines automatically. Don’t bother with sites that want you to pay to submit — you can do it yourself in a few minutes, and it doesn’t cost anything. Depending on your CMS software, you can likely find a plugin to help with generating and submitting your sitemap. Read more about it here.

Participate in forums and have your URL in your signature

An easy method if you’re already involved in one or more forums regularly. Simply edit your forum signature to include your site’s title and a URL. You can also do this with your email signature to hit the people you email as well.

Leave comments on other blogs and link back to your site

This is great when you can find a blog that’s related to yours, or has a post about a topic that’s related to something you’ve already written about. Simply post your thoughts on the issue, with a segue “I mentioned this at…” with a link. I have gotten a lot of traffic this way, though it relies heaving on the other blog having traffic, and catching people with your brief statement enough to make them want to click through. It can be done, and it works very well.

Link to other blogs from your own posts to generate “pingbacks.”

I’ve seen this done well, and I’ve seen it become spammy at the same time. When you link to another blog from one of your posts, (depending on the platform) the software will generate what’s called a “pingback“. This means it posts a link to your site at the site you linked to. It can be good to generate links to your site.

Post links to your new articles on social networking sites like Facebook, Twitter, MySpace, etc.

Again, can be very effective, can also be very spammy if not done correctly. You’ve written a great interesting article that you want people to read. Post a link on your favorite social-networking site — Facebook, MySpace, and Twitter to name a few — and people are sure to click on it, right? Just make sure they’ll find the story as interesting as you did, and avoid over-posting, or you’ll lose followers faster than you can create new posts.

Submit your RSS feed to aggregation sites like Facebook, Digg, etc.

Facebook has a feature in Facebook Notes that allows you to submit an RSS feed that will publish your posts as Notes. The new Digg also has a feature that will allow you to submit an RSS feed to be automatically published on the site. Many other sites also support this, and it’s a great way to have your new articles automatically pushed out there. There is a downside to this: People will read the article on the published site and may not click through to your site. Try including links to other posts inside your own to get those click throughs.

Personally email out links to articles that others would find interesting.

Email marketing is great, and has a very high click-to-impression ratio. This means that, for every person that looks at your link, a lot of them will click on it to read it. Now, be careful with this one, and try not to get spammy. Opt-in mailing lists are great if you can get people to sign up, and you will have a very low likelihood of upsetting someone that doesn’t want to get your emails (or worse — having them report you as a spammer), but if you know you have an audience, shoot them an email, but make sure it’s personal.

Consider Creative Commons

Creative Commons is a set of copyright rules that, among other rights, can allow others to publish your content providing they provide credit in a manner of your choosing. This can include a link back to your site. Interested readers finding these articles can see your authorship on them and click through to your site to see whatever else they might be interested in.

Participate in Link Exchanges and Blogrolls

If you know someone who has a website or a blog, ask nicely if they’ll post a link to your site on theirs in exchange for the same on yours. A well-placed link on another site can generate traffic from an interested visitor, and the other site will no doubt appreciate the same from you.



Leave a comment

How to hide and or block all that Facebook junk

Update: Due to layout updates in Facebook, this method no longer works exactly as shown. It is still possible to hide and block content. Since I’m not going to update this post every time Facebook changes their layout, please use the below only as a reference.

If you’re a Facebook user, you’ve probably seen the plethora of “Status Updates” that come from Facebook Applications.

At it’s best, it’s spammy and can make finding your friend’s actual posts harder. At the worst, it can be offensive, misleading, or suggest you click something that could actually be malicious.

So, here’s a short walk-through of how to hide and/or block those applications from appearing in your feed.

The first thing to do is to find an offending post. The post must say “via” at the bottom, next to the time/date it posted.

That means it was posted via an application, and not as a status update.

A word of caution: It may be possible to block “Text Message”, “Facebook for Blackberry”, “Facebook for Android”, etc. These are actually applications that are used by mobile users to post their own updates. If you block these, you might not get all your friend’s updates, if any at all. You can block them if you choose, but I recommend against it.

That said, there’s two ways to go about it, “hiding” the app, or “blocking” the app. In most cases, hiding is sufficient. Unless you want to make sure that said app never has access to your information, and you never use it. In that case, a block is in order. (It is possible to unblock applications, though I don’t explain that in this post — I may add it at some point in the future.)

Hiding the application

Hover your mouse over the status update and find the “X” that will appear

Click on the “X” and the status update will change to the hide dialog. From here, you can hide the offending application.


Blocking the application

Hover over the image and locate the link to the application

Click it. That will take you to the application page, where you can block the application.

Click block. You will be prompted to confirm.


, ,

Leave a comment