Category Archives: 10MinuteMail

Interesting Phishing Technique

Posted on by
13

I got contacted today with a non-form e-mail from a person offering a partnership which would “highly increase your context advertisement block (adsense) earnings” on 10MinuteMail. Essentially saying that they could increase my ad revenue, and would do that for a share of the increased revenue.

Which sounds good as I was wondering if there was stuff I could be doing with layout or ad types to help increase clicks, except this was from a random guy at a gmx.com address, with no company name. Googling his name and e-mail address turned up nothing. So I replied asking for his company info or references, etc…

Sorry, but our company has no web
site.
You will easteablish our credibility during partnership with us.
Lets just try it first, ok?
Put this code between the body tags on your 10minutemail.com
main page only:
<img src=”some russian site” />
It is an 1*1px transparent image.

Supposedly after I do that I’ll see the result in a couple of days.

So wow, little warning bells are now big warning bells. Adding a web bug can’t impact your Google adsense revenue. Adding a web bug to your site from a domain name with no website that’s registered by someone in Russia seems like a TERRIBLE idea! So of course I said no.

What do you think? Some sort of XSS attack, or cookie attack? I’m just not sure what the end game would be on this…

10MinuteMail and Form Submission Charsets in Seam/JSF

Posted on by
3

I launched a minor update to 10MinuteMail.com last night. It contained:

  1. Changed the mail domain to owlpic.com
  2. Updated the Russian language translation (thanks to Vladimir)
  3. Fixed a bug where replying to an e-mail using a non-latin character set would result in an unreadable e-mail (also thanks to Vladimir for pointing this out)

This last issue was an odd one to fix, so I wanted to document it here (although the same fix can be found elsewhere on the net).

10MinuteMail.com is pretty well internationalized. The site content is translated into over 30 languages and the pages are served as UTF-8. Incoming e-mails are also displayed using UTF-8 and display non-latin character sets correctly. However, until this latest release, if you replied to an e-mail using non-latin characters, the resulting e-mail contained gibberish instead of the correct characters.

I started off by adding UTF-8 as the specified character set for outgoing e-mails. That didn’t help. I added UTF-8 encoding declaration attribute to the form element. That didn’t help. Finally after some frustration, googling, and trying a ton of things, I discovered that for some reason, and I”m not sure if the bug is in JBoss, JSF, Seam, or where exactly, but you have to set the request objects character encoding programmatically for each request, otherwise it will use the wrong encoding on the form contents and you end up with gibberish. The easiest way to solve this that I’ve found so far is to create a small Servlet Filter that sets the encoding on the request, and add that filter in before your Seam filter in your web.xml. It worked for me.

The filter:

package com.digitalsanctuary.seam;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

/**
 * The Class UTF8Filter.
 */
public class UTF8Filter implements Filter {

    /** The Constant UTF_8. */
    private static final String UTF_8 = "UTF-8";

    /**
     * Destroy.
     *
     * @see javax.servlet.Filter#destroy()
     */
    public void destroy() {
    }

    /**
     * Do filter.
     *
     * @param pRequest
     *            the request
     * @param pResponse
     *            the response
     * @param pChain
     *            the chain
     * @throws IOException
     *             Signals that an I/O exception has occurred.
     * @throws ServletException
     *             the servlet exception
     * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
     *      javax.servlet.FilterChain)
     */
    public void doFilter(ServletRequest pRequest, ServletResponse pResponse, FilterChain pChain) throws IOException,
	    ServletException {
	pRequest.setCharacterEncoding(UTF_8);
	pChain.doFilter(pRequest, pResponse);
    }

    /**
     * Inits the.
     *
     * @param arg0
     *            the arg0
     * @throws ServletException
     *             the servlet exception
     * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
     */
    public void init(FilterConfig arg0) throws ServletException {
    }

}

An excerpt of web.xml:

....
	<filter>
		<filter-name>UTF8 Filter</filter-name>
		<filter-class>com.digitalsanctuary.seam.UTF8Filter</filter-class>
	</filter>

	<filter-mapping>
		<filter-name>UTF8 Filter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

	<filter>
		<filter-name>Seam Filter</filter-name>
		<filter-class>org.jboss.seam.servlet.SeamFilter</filter-class>
	</filter>

	<filter-mapping>
		<filter-name>Seam Filter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
....

Does anyone have a better fix or know exactly why this happens?