$håùrÿá @ñäñd

"Imagination is more important than knowledge."
posts - 37 , comments - 283 , trackbacks - 54

My Links

News

Locations of visitors to this page

web tracker

Archives

Post Categories

Tuesday, June 25, 2013

Security Issue in LinkedIn – View any 3rd profile without a premium account.

I discovered this accidently when my wife forwarded a contact on LinkedIn from her tablet, using the mobile interface of the website. On opening the contact on my desktop, I was surprised to see, I need to upgrade my account to view the contact. Doing some research along with my wife, I found this simple security vulnerability from LinkedIn that can let anyone view a contact’s full profile even when you have a “not upgraded LinkedIn account and that the contact is a “3rd + Everyone Else”.

Here’s an example of what I am talking about. I just made a random search on LinkedIn for a contact whose name starts with Sacha. Do note, this is just a walkthrough and I am not publicizing any Sacha. I check the “3rd + Everyone Else” and find a “LinkedIn Member”.

image

On clicking this person’s profile to view, I am presented with the following page, asking me to upgrade.

image

Make a note of this page’s web address and you get the profile id from it. For example, for this contact, the page address is:

http://www.linkedin.com/profile/view?id=868XXX35

The Profile Id for this contact is 868XXX35. Now, open following page where the Profile Id is the same as the one we grabbed a moment earlier.

https://touch.www.linkedin.com/?#profile/868XXX35

The mobile page exposes this contact information and you even get the possibility to connect to this person without an introduction mail (InMail).

image
image

I hope someone from LinkedIn sees and issues a fix for this. I am pretty sure, it’s something that they don’t want the user to do without purchasing an upgrade package.

Posted On Tuesday, June 25, 2013 4:02 PM | Comments (0) |

Friday, November 9, 2012

WhatsApp & Tasker for Android – Read & Write messages

So, I finally gave up on all my previous the Microsoft Mobile/Phone OS devices and made my switch to Android this year. I am using my Samsung Galaxy Note GT-N7000 with CyanogenMod 9.1.0 (http://get.cm/get/jenkins/7086/cm-9.1.0-n7000.zip) and ClockworkMod 6.0.1.2 (http://download2.clockworkmod.com/recoveries/recovery-clockwork-6.0.1.2-n7000.zip) since August this year and I am so happy with the performance and the flexibility it offers me. As a software developer by profession, I would expect most of my gadget to be highly customizable and programmable (one time or at intervals) to suit my needs as close as it can.

I was introduced to Automation for Android – Tasker (https://play.google.com/store/apps/details?id=net.dinglisch.android.taskerm&hl=en) via reddit (http://www.reddit.com/r/tasker) and the word ‘automation’ was enough for me to dive right into this app. Only automation that I did earlier was switching profiles depending on location on there phones. And now, just imagine a complete set of possibilities that can be automate on the phone or via the phone. I did my research and found a couple of other tools that do the same/as close as what Tasker can do and few of them are even free. There’s one even by Microsoft called on{X} (https://play.google.com/store/apps/details?id=com.microsoft.onx.app&hl=en). Microsoft’s on{X} really caught my eye. You can write code for your phone on the web application by them, deploy it on your phone and even trace the flow all using your PC. Really brilliant, I love the fact that it’s all JavaScript. Here comes the but, it is still very very young and it’s policy of accessing my News Feed on Facebook is not something that I can not digest.

image

On{X} is good, but as I said earlier, the API is not very mature and hence, I gave up on it. I bought Tasker, the best 5,00 € I spent in ages and I want to talk about it in this post. I am still a “noob” while operating this tool, but I tried my shot at automating WhatsApp (https://play.google.com/store/apps/details?id=com.whatsapp&hl=en), a popular messenger for various platform.

The requirement for the automation is that, if I send a WhatsApp ‘wru’ message to the phone, it should respond back giving the location and battery level of my phone. It could be useful, if you like to locate your misplaced phone or automatically reply to your partner/friend, honestly, I don’t know what you will use it - through this post, I am just introducing automating WhatsApp using Tasker.

Before we begin, the following script only works when your phone is rooted as we will be accessing the WhatsApp database and type some special characters like ‘:’.

Let’s follow the code line by line:

Profile:
        Location request from XYZ. (12) // Name of your profile.

Event:
        Notification [ Owner Application:WhatsApp Title:* ] // When a new notification comes from WhatsApp, this event is fired.
Read the end note, if you face problems with Chrome app after enabling Tasker accessibility.

Enter:
        A1: Run Shell [ Command:sqlite3 // We will access the WhatsApp database and check if the message comes from designated phone number or not. We mustn’t reply to every message.
                /data/data/com.whatsapp/databases/msgstore.db "SELECT _id, data FROM 
                messages WHERE key_from_me='0' AND key_remote_jid LIKE '%XXXXXXXXXXX%' // Replace XXXXXXXXXXX with the phone number of your message sender.
                ORDER BY _id DESC LIMIT 1;" Timeout (Seconds):10 Use Root:On Store // I made a timeout for 10 seconds, if in case WhatsApp is busy accessing the database.
                Result In:%WHATSAPP_CURRREQ ] // Store the read Id and the last message on to the variable %WHATSAPP_CURRREQ

        A2: If [ %WHATSAPP_CURRREQ ~R .*[wW][rR][uU].* ] // Check if the pattern of the message is correct and we are all set to send the location.

                A3: If [ %WHATSAPP_CURRREQ !~ %WHATSAPP_LASTREQ ] // Verify that the message is different from the last request. Remember every message has a unique Id.

                        A4: Notify [ Title:WhatsApp location request... Text:Sending location // Just a notification that the location message is being prepared.
                                to Kavita Gupta... Icon:<icon> Number:0 Permanent:On Priority:3 ] // Make a note it is a permanent notification, we will clear it later.

                        A5: Secure Settings [ Configuration:Pattern Lock Disabled // I am disabling the pattern lock, that I use using the plugin Secure Settings.
                                Package:com.intangibleobject.securesettings.plugin Name:Secure // You can download the plugin from here: https://play.google.com/store/apps/details?id=com.intangibleobject.securesettings.plugin&hl=en
                                Settings ]
                        A6: Secure Settings [ Configuration:Keyguard Disabled // Disable the keygaurd, it is useful, when your phone is on lock and you want to automate everything, even the typing.
                                Package:com.intangibleobject.securesettings.plugin Name:Secure
                                Settings ]
                        A7: Secure Settings [ Configuration:GPS Enabled // Pretty clear, turn on the GPS and get location at A8
                                Package:com.intangibleobject.securesettings.plugin Name:Secure
                                Settings ]
                        A8: AutoShortcut [ Configuration:WhatsApp: Some One // I am using AutoShortcut plugin (https://play.google.com/store/apps/details?id=com.joaomgcd.autoshortcut) to start WhatsApp with the indented recipient.
                                Package:com.joaomgcd.autoshortcut Name:AutoShortcut ] // Replace Some One, actually choose it from the plugin, the right recipient.


                        A9: Get Location [ Source:Any Timeout (Seconds):30 Continue Task // I am getting the location, timeout is 30 seconds, adjust it accordingly.
                                Immediately:Off Keep Tracking:Off ]

                        A10: Secure Settings [ Configuration:Screen Dim // Now, this extension of the plugin Secure Settings, wakes your device so that you can type out the string on the WhatsApp app.
                                5 Seconds Package:com.intangibleobject.securesettings.plugin
                                Name:Secure Settings ]

                        A11: Run Shell [ Command:input text // Now, I am using the shell script to type the text to the window, because the ‘:’ while not be typed from the Type task in Tasker.
                                LOCATION:maps.google.com/maps?q=%LOC Timeout (Seconds):0 Use Root:On // And also, this is way faster, but remember you need root for this, not for the other way of typing.
                                Store Result In: ]
                        A12: Dpad [ Button:Right Repeat Times:1 ] // Focus the Send button
                        A13: Dpad [ Button:Press Repeat Times:1 ] // And press it.
                        A14: Dpad [ Button:Left Repeat Times:1 ] // Get back to the typing box.


                        A15: Run Shell [ Command:input text LOCATION_ACCURACY:%LOCACC Timeout
                                (Seconds):0 Use Root:On Store Result In: ]
                        A16: Dpad [ Button:Right Repeat Times:1 ]
                        A17: Dpad [ Button:Press Repeat Times:1 ]
                        A18: Dpad [ Button:Left Repeat Times:1 ]


                        A19: Run Shell [ Command:input text BATTERY_LEVEL:%BATT% Timeout // I am adding Battery level in my case as well.
                                (Seconds):0 Use Root:On Store Result In: ]
                        A20: Dpad [ Button:Right Repeat Times:1 ]
                        A21: Dpad [ Button:Press Repeat Times:1 ]


                        A22: Variable Set [ Name:%WHATSAPP_LASTREQ To:%WHATSAPP_CURRREQ Do // And now, we say, request is done.
                                Maths:Off Append:Off ]


                        A23: Button [ Button:Back ] // I am exiting the WhatsApp nicely and not killing it. If you are the murderer kind, kill it, just know, you don’t have any place in the heaven.
                        A24: Button [ Button:Back ]

                        A25: Notify Cancel [ Title: Warn Not Exist:Off ] // Remove the permanent notification.
                        A26: Notify [ Title:WhatsApp location request Text:Location sent // Make a temporary notification, and say, location is sent.
                                successfully. Icon:<icon> Number:0 Permanent:Off Priority:3 ]
                               
                        A27: Secure Settings [ Configuration:GPS Disabled // Disable all the horrible things we turned on earlier.
                                Package:com.intangibleobject.securesettings.plugin Name:Secure
                                Settings ]
                        A28: Secure Settings [ Configuration:Pattern Lock Enabled
                                Package:com.intangibleobject.securesettings.plugin Name:Secure
                                Settings ]
                        A29: Secure Settings [ Configuration:Keyguard Enabled
                                Package:com.intangibleobject.securesettings.plugin Name:Secure
                                Settings ]
                A30: End If
        A31: End If

Screenshot_2012-11-09-15-59-40Screenshot_2012-11-09-15-59-52Screenshot_2012-11-09-16-00-02Screenshot_2012-11-09-16-00-10

Download this Task from here: http://db.tt/9vRmbhyb

That’s it in the above small example – you can read/write messages from/to WhatsApp app. I am using n7000-cm9.1-cwr6. Oh yea, and if you are having the Talkback auto enabled for Chrome browser, you need to turn Off the Web scripts to run.

Tasker is amazing, I have automated a lot of tasks using this tool. I will share a few none generic ones with you in my coming post here.

Posted On Friday, November 9, 2012 5:18 PM | Comments (12) |

Tuesday, January 17, 2012

My routine for migrating Microsoft Dynamics CRM 4.0 to MS CRM 2011

The following procedures describe my approach toward a minimal error prone migration of Microsoft Dynamics CRM 4.0 to MS CRM 2011.

1. I start by installing CRM 2011 with a dummy organisation, yes, I don't import the CRM 4.0 organisation, because I want to make sure CRM 2011 is installed and deployed with out any problems. More over it gives the flexibility to map user, if it is from a different domain.
(1,5 Hour)

2. I install all the latest updates and roll-up for the CRM 2011, verify if everything is alright. (0,5 Hour)

3. I install the latest update and roll-up on CRM 4.0 machine, that is only if my client is agrees. Of course, I make a snapshot or a backup before doing this, just in case any new roll-up might break the existing system. This is the productive environment and I don't want to mess any thing. (2 Hours)

3. I backup and transfer the CRM 4.0 database - Org_CRM along with the SQL Report Server database - ReportServer to the new SQL Server. I do not back up and restore the MS_Config file, it already exists from CRM 2011 installation. If it's taking any longer and no one is working on the live system, I use the detach and re-attach database method.  (1 Hours)

4. Export the SRSS Encryption Key from SQL Server for CRM 4.0 Reports and import them to the CRM 2011 SQL Report Server. I verify it from the Keys table in ReportServer database. (0,5 Hour)

5. I start the deployment manager and do the import for the CRM 4.0 database. If I have to, I re-map the users. If it succeeds without any errors, I won't believe myself; else, I will start to look for error details in %AppData%\Microsoft\MSCRM\Logs and fix them with my best friend Google. Delete the dummy organisation that I created in step 1. (2,5 Hours)

Estimates are basic fixtures for your idea that later could be used for billing purposes depending on the unexpected errors that appear.

Cheers, Shaurya

Posted On Tuesday, January 17, 2012 2:27 PM | Comments (0) |

Wednesday, August 3, 2011

Connector for Microsoft Dynamics, Microsoft Dynamics CRM 2011 Online & Microsoft Dynamics NAV 2009 R2 – All for the cloud

Keeping things short and simple, here I am will demonstrate on how to setup synchronization between Microsoft Dynamics NAV 2009 R2 and Microsoft Dynamics CRM 2011 using the Connector for Microsoft Dynamics.

Configuring Connector for MS Dynamics (Microsoft Dynamics CRM Adapter)

Assuming that you had a smooth installation of the Connector, let’s start by configuring the CRM Adapter.

image

For the CRM Online, make the following settings:

Domain crm.dynamics.com
User Name Windows Live ID for your CRM Online organization.

This should be a dedicated Live Account for Integration process. Read connector manual for more details.

Password The password for the Live ID you entered. (duh)
Port <Empty>
Discovery Server dev.crm4.dynamics.com if CRM Online is hosted in EMEA region. 
Read this blog entry to find what’s the right one for you.
Microsoft Dynamics CRM Online <Checked>

After this, click the configuration utility and proceed with the wizard.

image

You might have to re-enter the details again! “Get Organizations” and select your organization and proceed forward! Btw, you should really be patient, this and fore coming operations will take lots of waiting time!

So after it it done, you get list of entities that you want to configure, select them and proceed.

image

Next click “Configure” and let the magic happen! After which ‘Finish’ and exit the wizard.

image

Do a “Test Settings” and lets get to the next stage for configuring NAV.

Configuring Connector for MS Dynamics (Microsoft Dynamics NAV 2009 Adapter)

This is simple, assuming you know about Navision, expose your page as a web service, and start configuring the NAV adapter.

image

Go through the wizard and select your company and page that need integration.

image

Test and move on, let’s make an integration now!

Creating Maps (Microsoft Dynamics CRM & Microsoft Dynamics NAV)

First, you need to create a new Integration between the two systems.

image

Then a new Map.

image

I am not going to talk about Mapping, you should read the Connector manual on how to make maps and configure the Source and Destination fields.

image

So that is how you connect to the cloud, CRM Online & NAV 2009 R2. Happy data syncing! Over and out.

Posted On Wednesday, August 3, 2011 10:59 AM | Comments (2) |

Sunday, November 28, 2010

Windows Update to deliver MS CRM 2011 updates

Here’s a great new, Windows Update will now deliver Microsoft Dynamic CRM 2011 updates; I bet it’s an end to every 8 week Rollup update.

image

If you are interest to see all update releases by Windows Update for CRM 2011, you gotta visit this: http://catalog.update.microsoft.com/v7/site/Search.aspx?q=Microsoft Dynamics CRM 2011 Beta

Posted On Sunday, November 28, 2010 9:37 PM | Comments (1) |

Powered by: