2012

All has been a bit quiet here of late, 2011 was a very busy year for me both with work and family life. With half an hour left of the first day of 2012 I thought I’d record a few resolutions for the oncoming year.

  • Photography – I have a great Canon 40D camera which apart from a fabulous trip to New York City has been unloved in the past year. I want to photograph more in 2012, starting with my attempt at the 365 project over on Flickr
  • Writing – I also love writing, when I give myself the time to do so. I intend to write more in 2012 and will try to get my writing published elsewhere than just my own blog.
  • Family – With Daniel almost 2 and Billy 4, our two boys are becoming very interesting little people. It goes without saying the next year will be full of lots of family time, but it doesn’t stop me making sure I remember it should be my focus.
  • Cycling – I rarely cycle to work these days, even though the 4 mile journey is less stressful via bike than car (and takes about the same time). Really need to do this more to offset the beer and pies 🙂

Let’s see how I do in a few months time!..

[Edit: 2012 was a pretty busy year for me, mostly focussed on family and work. Though I did manage a few interesting trips abroad in Europe and the US. Not enough writing though, must try harder!]

Clickjacking exploit on Facebook

I spotted a post today on Facebook which looked rather suspicious. The link was titled “EMBARRASSING: Father caught daughter on WEBCAM!!!” and was obviously designed to lure people in to clicking on the link. It went to the URL qok7.info which claimed to have a YouTube security verification notice (a CAPTCHA) you had to fill in before viewing the video.

In fact, it’s a clickjacking exploit that contains a hidden form which submits a public comment on your Facebook account with a link back to this site. I first came across clickjacking exploits on Chris Shiflett’s blog, it’s a cunning method of hiding a real form within an iframe behind something like an image that usually has something clickable on it. In this case it has a fake CAPTCHA form whose fake form elements are lined up to submit the real Facebook status update form hidden in the iframe.

This exploit may be related to the daughter on webcam issue reported by Sophos or this might just be an example of very successful keywords used by scammers.

I see it’s been reported on Facebook’s security pages, I don’t know if it’s something Facebook can technically fix but I would hope they can ban links from this website to avoid users inadvertently spreading this exploit.

So if you’re a Facebook user don’t go clicking on links about daughters on webcams. Or any suspicious links for that matter. Always check URLs and if it looks dodgy, get out of there!

Checking your Zend Framework route order

The order that you create your routes in Zend Framework is important, with the last route defined in your code being matched first. This allows you to set up custom routes and if these aren’t matched Zend Framework helpfully falls back to the default route which is set up first. If you have a lot of routes though, set up in different places, it can get difficult to verify the order of your routes.

Just use this snippet of code in your controller to return a list of route names set up in your ZF application in the order they are matched via the routing system (i.e. the route at number 1 is matched first, then route 2, etc).

// Output list of routes, in the order they are matched
echo '<ol>';
$routes = array_reverse($this->getFrontController()->getRouter()->getRoutes());
foreach ($routes as $name => $route) {
    echo "	<li>$name</li>\n";
}
echo '</ol>';

Find out more about the ZF Router at the ZF manual.