FEED Validator

for Atom and RSS and KML

Congratulations!

This is a valid RSS feed.

Recommendations

This feed is valid, but interoperability with the widest range of feed readers could be improved by implementing the following recommendations.

line 24, column 70: Image not in required format [help]

	<url>https://blog.aleperno.com/wp-content/uploads/2019/06/favicon.ico</url>
                                                                      ^

line 40, column 0: content:encoded should not contain sizes attribute (13 occurrences) [help]
```
										<content:encoded><![CDATA[
```

line 57, column 0: content:encoded should not contain data-width attribute [help]

<figure class="wp-block-embed aligncenter is-type-rich is-provider-twitter w ...

line 57, column 0: content:encoded should not contain data-dnt attribute [help]

<figure class="wp-block-embed aligncenter is-type-rich is-provider-twitter w ...

line 57, column 0: content:encoded should not contain script tag [help]

<figure class="wp-block-embed aligncenter is-type-rich is-provider-twitter w ...

line 66, column 0: content:encoded should not contain loading attribute (15 occurrences) [help]

line 123, column 0: content:encoded should not contain iframe tag [help]

<figure class="wp-block-embed is-type-video is-provider-youtube wp-block-emb ...

line 128, column 0: content:encoded should not contain data-type attribute (4 occurrences) [help]
line 128, column 0: content:encoded should not contain data-id attribute (4 occurrences) [help]

Source: http://blog.aleperno.com.ar/?feed=rss2

<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
xmlns:content="http://purl.org/rss/1.0/modules/content/"
xmlns:wfw="http://wellformedweb.org/CommentAPI/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
>
<channel>
<title>Aleperno's Blog</title>
<atom:link href="https://blog.aleperno.com/?feed=rss2" rel="self" type="application/rss+xml" />
<link>https://blog.aleperno.com</link>
<description>Inside a young engineering student's mind</description>
<lastBuildDate>Fri, 10 Mar 2023 15:00:44 +0000</lastBuildDate>
<language>en-US</language>
<sy:updatePeriod>
hourly </sy:updatePeriod>
<sy:updateFrequency>
1 </sy:updateFrequency>
<generator>https://wordpress.org/?v=5.8.9</generator>
<image>
<url>https://blog.aleperno.com/wp-content/uploads/2019/06/favicon.ico</url>
<title>Aleperno's Blog</title>
<link>https://blog.aleperno.com</link>
<width>32</width>
<height>32</height>
</image>
<item>
<title>Shallow Diving into PDFs embedded images</title>
<link>https://blog.aleperno.com/?p=2692</link>
<dc:creator><![CDATA[Alejandro]]></dc:creator>
<pubDate>Fri, 30 Jul 2021 02:30:24 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">https://blog.aleperno.com/?p=2692</guid>
<description><![CDATA[Recently I had the chance…actually the need to have a look into how a given PDF manages its images. Here I’ll explain what the initial issue was an the findings along my journey. Disclamer: This is written more like a logbook / narration than an actual article. Last week I started reading the online material … <a href="https://blog.aleperno.com/?p=2692" class="more-link">Continue reading "Shallow Diving into PDFs embedded images"</a>]]></description>
<content:encoded><![CDATA[
<figure class="wp-block-image size-large is-resized"><img src="https://blog.aleperno.com/wp-content/uploads/2021/07/header-edited.png" alt="" class="wp-image-2695" width="679" srcset="https://blog.aleperno.com/wp-content/uploads/2021/07/header-edited.png 1255w, https://blog.aleperno.com/wp-content/uploads/2021/07/header-edited-300x169.png 300w, https://blog.aleperno.com/wp-content/uploads/2021/07/header-edited-1024x575.png 1024w, https://blog.aleperno.com/wp-content/uploads/2021/07/header-edited-768x431.png 768w" sizes="(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px" /><figcaption>Yes…this is me during one of my PADI OWD Classes</figcaption></figure>
Recently I had the chance…actually the need to have a look into how a given PDF manages its images. Here I’ll explain what the initial issue was an the findings along my journey. Disclamer: This is written more like a logbook / narration than an actual article.

Last week I started reading the online material for my PADI OWD (Open Water Diver) course. Yes…now you realize this post title is very pun-intended, anyway… To my surprise the content had quite a bad responsiveness. Some images failed to load, others disappeared if I scrolled up and down. Here’s a tweet showcasing the issue
<figure class="wp-block-embed aligncenter is-type-rich is-provider-twitter wp-block-embed-twitter"><div class="wp-block-embed__wrapper">
<blockquote class="twitter-tweet" data-width="525" data-dnt="true">Este es el material online de PADI. En vez de tener un simple PDF y un viewer online no… Carga un pdf sin imágenes, y luego las carga dinámicamente. No sólo te carga más de una vez la misma imagen si vas y volvés en las páginas… Sino que se bugea, no te las carga bien, lento <a href="https://t.co/yWQhZwJoDm">pic.twitter.com/yWQhZwJoDm</a>— Alejandro Pernin (@alepernin) <a href="https://twitter.com/alepernin/status/1418400824749875204?ref_src=twsrc%5Etfw">July 23, 2021</a></blockquote><script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
</div><figcaption>Let the rant begin…</figcaption></figure>
Not only that, but the page requested the images more than once, making it even slower. All these made me wonder how this was made and if it could be improved in any way. So, into the browser’s dev tools we go.
<figure class="wp-block-image size-full"><img loading="lazy" width="805" height="453" src="https://blog.aleperno.com/wp-content/uploads/2021/07/Screenshot-from-2021-07-31-18-10-06.png" alt="" class="wp-image-2766" srcset="https://blog.aleperno.com/wp-content/uploads/2021/07/Screenshot-from-2021-07-31-18-10-06.png 805w, https://blog.aleperno.com/wp-content/uploads/2021/07/Screenshot-from-2021-07-31-18-10-06-300x169.png 300w, https://blog.aleperno.com/wp-content/uploads/2021/07/Screenshot-from-2021-07-31-18-10-06-768x432.png 768w" sizes="(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px" /><figcaption>Google Chrome Network Requests</figcaption></figure>
The first two interesting elements are a book.pdf and a set of img_X.jpg which are the images that are shown in the document. Let’s first try to open the PDF and see how it is.
<figure class="wp-block-image size-full"><img loading="lazy" width="936" height="536" src="https://blog.aleperno.com/wp-content/uploads/2021/07/Screenshot-from-2021-07-31-18-10-45.png" alt="" class="wp-image-2767" srcset="https://blog.aleperno.com/wp-content/uploads/2021/07/Screenshot-from-2021-07-31-18-10-45.png 936w, https://blog.aleperno.com/wp-content/uploads/2021/07/Screenshot-from-2021-07-31-18-10-45-300x172.png 300w, https://blog.aleperno.com/wp-content/uploads/2021/07/Screenshot-from-2021-07-31-18-10-45-768x440.png 768w" sizes="(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px" /><figcaption>Attempt to open PDF</figcaption></figure>
The document is password-protected, however since the viewer is able to show the document without asking for any password we can assume the password is accessible to the client-side at some point. Let’s continue browsing the resources.
<figure class="wp-block-image size-full"><img loading="lazy" width="636" height="397" src="https://blog.aleperno.com/wp-content/uploads/2021/07/Screenshot-from-2021-07-31-18-12-30-edited.png" alt="" class="wp-image-2771" srcset="https://blog.aleperno.com/wp-content/uploads/2021/07/Screenshot-from-2021-07-31-18-12-30-edited.png 636w, https://blog.aleperno.com/wp-content/uploads/2021/07/Screenshot-from-2021-07-31-18-12-30-edited-300x187.png 300w" sizes="(max-width: 636px) 100vw, 636px" /><figcaption>index.html</figcaption></figure>
In the index.html two things caught my eye.
<ul><li>The book variable containing b64 encoded data than is then passed to a PdfViewer method</li><li>There is something called iSpring which seems to be the viewer.</li></ul>
Let’s first add a breakpoint in the mentioned method
<figure class="wp-block-image size-full"><img loading="lazy" width="804" height="343" src="https://blog.aleperno.com/wp-content/uploads/2021/07/Screenshot-from-2021-07-31-18-13-34.png" alt="" class="wp-image-2774" srcset="https://blog.aleperno.com/wp-content/uploads/2021/07/Screenshot-from-2021-07-31-18-13-34.png 804w, https://blog.aleperno.com/wp-content/uploads/2021/07/Screenshot-from-2021-07-31-18-13-34-300x128.png 300w, https://blog.aleperno.com/wp-content/uploads/2021/07/Screenshot-from-2021-07-31-18-13-34-768x328.png 768w" sizes="(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px" /></figure>
The first thing done by the method is create a new instance of an object, using the b64 code. Inspecting the object’s attributes we can see something resembling a document name (“Open Water Manual 02 Intro”) and other strings. After trying some, I found out the nh attribute was in fact the document password.
<figure class="wp-block-image size-full"><img loading="lazy" width="574" height="490" src="https://blog.aleperno.com/wp-content/uploads/2021/07/Screenshot-from-2021-07-31-18-18-00.png" alt="" class="wp-image-2775" srcset="https://blog.aleperno.com/wp-content/uploads/2021/07/Screenshot-from-2021-07-31-18-18-00.png 574w, https://blog.aleperno.com/wp-content/uploads/2021/07/Screenshot-from-2021-07-31-18-18-00-300x256.png 300w" sizes="(max-width: 574px) 100vw, 574px" /><figcaption>bingo!</figcaption></figure>
However we do see there’s something odd… The document lacks any images, what I deduce is the viewer loads the PDF and then loads the images dynamically as we scroll through the document. This arises some questions.
<ul><li>How does the viewer know which images to load and where to put them?</li><li>Is there any way to revert the process and obtain the original PDF?</li></ul>
However, I don’t want to keep fiddling around with this document / page to avoid any ToS / Copyright infringement. Luckily the very same html page does provide a hint which I previously mentioned, the iSpring name. After some googling I found the following
<figure class="wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"><div class="wp-block-embed__wrapper">
<iframe loading="lazy" title="iSpring Flip Overview" width="525" height="295" src="https://www.youtube.com/embed/QPHrFv7_YvA?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
</div></figure>
It seems the document viewer is called <a rel="noreferrer noopener" href="https://www.ispringsolutions.com/ispring-flip" data-type="URL" data-id="https://www.ispringsolutions.com/ispring-flip" target="_blank">iSpring Flip</a> and fortunately they do offer a trial version of their product.
I used the software with one of my physics assignments, which you can check <a href="http://pdftest.aleperno.com" data-type="URL" data-id="pdftest.aleperno.com">here</a>. iSpring gives you a folder with the following contents
<figure class="wp-block-image size-full"><img loading="lazy" width="337" height="527" src="https://blog.aleperno.com/wp-content/uploads/2021/09/Screenshot-from-2021-07-31-18-58-25.png" alt="" class="wp-image-2786" srcset="https://blog.aleperno.com/wp-content/uploads/2021/09/Screenshot-from-2021-07-31-18-58-25.png 337w, https://blog.aleperno.com/wp-content/uploads/2021/09/Screenshot-from-2021-07-31-18-58-25-192x300.png 192w" sizes="(max-width: 337px) 100vw, 337px" /></figure>
The images contained in the res folder are indeed the images embedded in the pdf.
<figure class="wp-block-image size-full"><img loading="lazy" width="720" height="181" src="https://blog.aleperno.com/wp-content/uploads/2021/07/Screenshot-from-2021-09-06-19-22-20.png" alt="" class="wp-image-2789" srcset="https://blog.aleperno.com/wp-content/uploads/2021/07/Screenshot-from-2021-09-06-19-22-20.png 720w, https://blog.aleperno.com/wp-content/uploads/2021/07/Screenshot-from-2021-09-06-19-22-20-300x75.png 300w" sizes="(max-width: 720px) 100vw, 720px" /></figure>
There’s also a files named book.pdf.js and taking a look into it we find the following
<figure class="wp-block-image size-large"><img loading="lazy" width="1024" height="555" src="https://blog.aleperno.com/wp-content/uploads/2021/07/book.pdf.js-1024x555.png" alt="" class="wp-image-2790" srcset="https://blog.aleperno.com/wp-content/uploads/2021/07/book.pdf.js-1024x555.png 1024w, https://blog.aleperno.com/wp-content/uploads/2021/07/book.pdf.js-300x163.png 300w, https://blog.aleperno.com/wp-content/uploads/2021/07/book.pdf.js-768x417.png 768w, https://blog.aleperno.com/wp-content/uploads/2021/07/book.pdf.js.png 1366w" sizes="(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px" /></figure>
I decoded the b64 into another file and opened it, finding a password protected PDF. Using what I’ve learned above I found the password. This is a comparison between the original PDF and the pdf found in the resources, where we can see the lack of some images.
<figure class="wp-block-image size-large"><img loading="lazy" width="1024" height="639" src="https://blog.aleperno.com/wp-content/uploads/2021/09/compared_pdfs-1024x639.png" alt="" class="wp-image-2791" srcset="https://blog.aleperno.com/wp-content/uploads/2021/09/compared_pdfs-1024x639.png 1024w, https://blog.aleperno.com/wp-content/uploads/2021/09/compared_pdfs-300x187.png 300w, https://blog.aleperno.com/wp-content/uploads/2021/09/compared_pdfs-768x479.png 768w, https://blog.aleperno.com/wp-content/uploads/2021/09/compared_pdfs-1536x958.png 1536w, https://blog.aleperno.com/wp-content/uploads/2021/09/compared_pdfs.png 1675w" sizes="(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px" /><figcaption>Original on the left, processed on the right</figcaption></figure>
I opened the pdf file with a text editor and searched for any reference of a “img_x.jpg”. NOTE: The original PDF is compressed which makes inspecting its contents harsh. I used the <a href="https://github.com/qpdf/qpdf" data-type="URL" data-id="https://github.com/qpdf/qpdf">qpdf</a> tool to decompress it.
<figure class="wp-block-image size-full"><img loading="lazy" width="551" height="257" src="https://blog.aleperno.com/wp-content/uploads/2021/09/xobject.png" alt="" class="wp-image-2792" srcset="https://blog.aleperno.com/wp-content/uploads/2021/09/xobject.png 551w, https://blog.aleperno.com/wp-content/uploads/2021/09/xobject-300x140.png 300w" sizes="(max-width: 551px) 100vw, 551px" /><figcaption>Reference of img_1.jpg</figcaption></figure>
The first result we see some kind of object with a reference to an image (with the correct path), some attributes such as height and width (which matches the actual image size) and some sort of stream.
Taking a look into the <a href="https://www.adobe.com/content/dam/acom/en/devnet/pdf/pdfs/PDF32000_2008.pdf" data-type="URL" data-id="https://www.adobe.com/content/dam/acom/en/devnet/pdf/pdfs/PDF32000_2008.pdf">pdf specification</a> we can find the following definition:
<blockquote class="wp-block-quote">An external object (commonly called an XObject) is a graphics object whose contents are defined by a self-contained stream, separate from the content stream in which it is used.</blockquote>
It looks like we can include an image just by including its stream into the stream / endstream block, so let’s test it. I opened a Jupyter Notebook and started fiddling around, ending up with
[gist]https://gist.github.com/aleperno/33a61a582d53edfd736686fe0e9292a7[/gist]
This code basically does the following
<ul><li>Finds every object of type XObject and subtype Image</li><li>Checks it contains a property F matching ‘data/res’ and retrieves the image name</li><li>With the image name tries to obtain the image from a given folder and set the stream into the file.</li></ul>
And as a result we obtain a PDF with images just like the original one
<figure class="wp-block-image size-large"><img loading="lazy" width="1024" height="640" src="https://blog.aleperno.com/wp-content/uploads/2021/09/compared_2-1024x640.png" alt="" class="wp-image-2798" srcset="https://blog.aleperno.com/wp-content/uploads/2021/09/compared_2-1024x640.png 1024w, https://blog.aleperno.com/wp-content/uploads/2021/09/compared_2-300x188.png 300w, https://blog.aleperno.com/wp-content/uploads/2021/09/compared_2-768x480.png 768w, https://blog.aleperno.com/wp-content/uploads/2021/09/compared_2-1536x960.png 1536w, https://blog.aleperno.com/wp-content/uploads/2021/09/compared_2.png 1676w" sizes="(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px" /><figcaption>Original (left) vs New (right)</figcaption></figure>
<h2>Learnings</h2>
PDFs has a simple way to include images by including an stream, it is also allows us to use the same image multiple times without duplicating the stream but rather using references to the object.
Also by them being streams, we can extract images, modify them and re-add them to the file without much hassle, this could be useful when trying to reduce a document size, we can try to compress the images.
An important side-note is by being streams, images conserve metadata which could be “dangerous” by enabling anyone to extract the images EXIF info.
]]></content:encoded>
</item>
<item>
<title>Blog Season 2 Trailer</title>
<link>https://blog.aleperno.com/?p=2651</link>
<dc:creator><![CDATA[Alejandro]]></dc:creator>
<pubDate>Wed, 22 May 2019 16:58:47 +0000</pubDate>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://blog.aleperno.com.ar/?p=2651</guid>
<description><![CDATA[So… It’s been three years since I last updated this blog and I’m kinda missing doing so; therefore I hereby commit to resume posting, these will be the likely updates on the blog Moving Out!: I’ll be migrating the blog completely, both from host and perhaps framework. Of course there will be an entry about it. … <a href="https://blog.aleperno.com/?p=2651" class="more-link">Continue reading "Blog Season 2 Trailer"</a>]]></description>
<content:encoded><![CDATA[<a href="https://blog.aleperno.com/wp-content/uploads/2019/05/e1e4573acd5523ea7672a523c68cf200.jpg"><img loading="lazy" class="aligncenter wp-image-2635 size-large" src="https://blog.aleperno.com/wp-content/uploads/2019/05/e1e4573acd5523ea7672a523c68cf200-1024x512.jpg" alt="" width="580" height="290" srcset="https://blog.aleperno.com/wp-content/uploads/2019/05/e1e4573acd5523ea7672a523c68cf200-1024x512.jpg 1024w, https://blog.aleperno.com/wp-content/uploads/2019/05/e1e4573acd5523ea7672a523c68cf200-300x150.jpg 300w, https://blog.aleperno.com/wp-content/uploads/2019/05/e1e4573acd5523ea7672a523c68cf200-768x384.jpg 768w, https://blog.aleperno.com/wp-content/uploads/2019/05/e1e4573acd5523ea7672a523c68cf200-1568x784.jpg 1568w, https://blog.aleperno.com/wp-content/uploads/2019/05/e1e4573acd5523ea7672a523c68cf200.jpg 2048w" sizes="(max-width: 580px) 100vw, 580px" />
</a>
So… It’s been three years since I last updated this blog and I’m kinda missing doing so; therefore I hereby commit to resume posting, these will be the likely updates on the blog
<ul>
<li>Moving Out!: I’ll be migrating the blog completely, both from host and perhaps framework. Of course there will be an entry about it.</li>
<li>I may completely quit writing in Spanish: Though I like to keep it open to all audiences, writing one entry is hard and time-consuming by itself, let alone in two languages.</li>
<li>A Simple Telegram Bot: I have an abandoned Telegram Bot laying around, I will do a review of the code, simple tutorial (code + hosting) and examples.</li>
<li>Security by Example: I had the chance to review a software service with mild security and design flaws. We’ll review the case as a 101 example.</li>
<li>iPad Note Taking: I’ve been using an iPad Pro for about a year for college note-taking. I’m working on a post-process to improve the results of my notes.</li>
</ul>

]]></content:encoded>
</item>
<item>
<title>Curiosidades de Facebook Reloaded</title>
<link>https://blog.aleperno.com/?p=380</link>
<comments>https://blog.aleperno.com/?p=380#comments</comments>
<dc:creator><![CDATA[Alejandro]]></dc:creator>
<pubDate>Sun, 04 Sep 2011 19:42:09 +0000</pubDate>
<category><![CDATA[internet]]></category>
<guid isPermaLink="false">http://blog.aleperno.com.ar/?p=380</guid>
<description><![CDATA[En el post anterior ya mencioné algunas curiosidades respecto a las url’s de facebook y que información podíamos sacar de ellas; sin embargo sentí que quedaba algo pendiente y es mostrar como es hipotéticamente posible robar fotos de una cuenta a la que no tenemos acceso, mediante la fuerza bruta. ¿Por qué “hipotéticamente”? En el … <a href="https://blog.aleperno.com/?p=380" class="more-link">Continue reading "Curiosidades de Facebook Reloaded"</a>]]></description>
<content:encoded><![CDATA[

En el post anterior ya mencioné algunas curiosidades respecto a las url’s de facebook y que información podíamos sacar de ellas; sin embargo sentí que quedaba algo pendiente y es mostrar como es hipotéticamente posible robar fotos de una cuenta a la que no tenemos acceso, mediante la fuerza bruta.
¿Por qué “hipotéticamente”? En el post anterior mostré la siguiente url
<pre>https://fbcdn-sphotos-a.akamaihd.net/hphotos-ak-snc6/262207_10150250379330782_639435781_7283246_1748549_n.jpg[/note]</pre>
donde el número marcado en rojo corresponde a mi profile id, el cual obviamente es constante, al contrario de todos los demás números que son variables y representan el resultado de algún algoritmo de ordenamiento o algo así. Para los que no lo recuerden o sepan (este blog intenta ser lo más friendly posible) un algoritmo de fuerza bruta, implica ni más ni menos que ir probando todas las combinaciones posibles.
Analizemos esto, tenemos 37 dígitos que varian, siendo los mismos decimales cada dígito tiene 10 combinaciones posibles lo que nos da un 10³⁷ combinaciones aproximadamente. Es más que evidente que es un número bastante grande. Computacionalmente es un número más que accesible que tardara su tiempo dependiendo del poder de cálculo de nuestra computadora, el problema radica en que por cada iteración haremos un pedido al servidor y eso tiene su delay. Multipliquemos este delay por 10³⁷ y más o menos tenemos desde Moisés hasta la actualidad.
Podriamos realizar un ataque a más de un servidor y/o desde más de una pc atacante, pero en definitiva el tiempo necesario para perpetrar dicho ataque seguiría siendo bastante.
Resumiendo, este ataque no tiene practicidad alguna, más que demostrar que hipotéticamente es posible y para resaltar ciertas curiosidades que tiene esta red social.
<h3 style="text-align: justify;">El Ataque</h3>
Antes de realizar un script para perpetrar el ataque de fuerza bruta, indagué un poco los links de mis propias fotos, esperando encontrar algun orden lógico el cual me permita acotar la cantidad de variables y me encontré con una curiosidad. Los links de mis fotos viejas (09-10) poseian otro formato
<pre>https://fbcdn-sphotos-a.akamaihd.net/photos-ak-ash1/v254/51/16/639435781/n639435781_450402_9982.jpg</pre>
En base a la observación el /51/16 parecería constante así como el /v254 tenía cierta persistencia, pero poniéndonos estrictos podríamos decir que tenemos 26 dígitos que varían, bajamos 11 variables! Sin embargo sigue siendo un número bastante alto.
Por lo que para el script en cuestión tomé ciertas consideraciones al “atacar” a un álbum específico
<ul style="text-align: justify;">
<li>/v254/51/16 son contantes</li>
<li>45042 posee sólo 10 ciclos de iteración</li>
</ul>
<div style="text-align: justify;">Obteniendo como resultado</div>
<div style="text-align: justify;">[sourcecode lang=”bash” collapse=”false”] 
#!/bin/bash 
LOC=/home/alejandro/Escritorio/Facebook 
OUTPUT="$LOC/file.txt" 
BASE="http://fbcdn-sphotos-a.akamaihd.net/photos-ak-ash1/" 
LINK="" 
ID=639435781 
CONST1=254 
CONST2=51 
CONST3=16 
MIN1=450403 
MAX1=450412 
MIN2=702 
MAX2=3970
while [ $MIN1 -lt $MAX1 ];do 
MIN2=702 
while [ $MIN2 -lt $MAX2 ];do 
LINK=$BASE"v"$CONST1"/"$CONST2"/"$CONST3"/"$ID"/n"$ID"_"$MIN1"_"$MIN2".jpg" 
echo $LINK 
TEST=$(wget $LINK -o – -q) 
if [ "$TEST" != "" ]; then 
echo $LINK >> $OUTPUT 
fi 
let MIN2=$MIN2+1 
done 
let MIN1=$MIN1+1 
done 
[/sourcecode]
</div>
<div style="text-align: justify;">En este preciso momento, el script lleva 2 horas ejecutándose y como resultado arrojó las siguientes imágenes</div>
<div style="text-align: justify;"><a href="https://fbcdn-sphotos-a.akamaihd.net/photos-ak-ash1/v254/51/16/639435781/n639435781_450403_702.jpg"><img loading="lazy" class="alignnone" alt="" src="https://fbcdn-sphotos-a.akamaihd.net/photos-ak-ash1/v254/51/16/639435781/n639435781_450403_702.jpg" width="130" height="98" /></a><a href="https://fbcdn-sphotos-a.akamaihd.net/photos-ak-ash1/v254/51/16/639435781/n639435781_450404_951.jpg"><img loading="lazy" class="alignnone" alt="" src="https://fbcdn-sphotos-a.akamaihd.net/photos-ak-ash1/v254/51/16/639435781/n639435781_450404_951.jpg" width="130" height="98" /></a><a href="https://fbcdn-sphotos-a.akamaihd.net/photos-ak-ash1/v254/51/16/639435781/n639435781_450405_1208.jpg"><img loading="lazy" class="alignnone" alt="" src="https://fbcdn-sphotos-a.akamaihd.net/photos-ak-ash1/v254/51/16/639435781/n639435781_450405_1208.jpg" width="130" height="98" />
</a>Se puede apreciar que las fotos siguen el orden lógico del script</div>
<h3 style="text-align: justify;">Colorario</h3>
Para resumir, planté la hipótesis de que es posible ejecutar un ataque de fuerza bruta contra los servidores de imágenes de facebook. Usando un caso modelo acotado, demostré que es posible aunque extremadamente impráctico.
Como aprendizaje o curiosidad me queda, que las imágenes están alojadas ‘públicamente’, que las url de las mismas muestran el id de su dueño y una de las cosas más interesantes es que el servidor permite realizar el ataque.
Me resulta curioso como uno es capaz de realizar un gran número de pedidos a direcciones inválidas sin que el servidor detecte un comportamiento sospechoso o si lo hace, no actúe.
<pre>NOTA: Al término de esta entrada el script arrojó otro resultado,
siendo al momento 4 imágenes en 2 horas 20 min aproximadamente.</pre>
<a href="http://creativecommons.org/licenses/by/3.0/" rel="license"><img style="border-width: 0;" alt="Licencia Creative Commons" src="http://i.creativecommons.org/l/by/3.0/80x15.png" /></a> 
Curiosidades de Facebook Reloaded por <a href="http://blog.aleperno.com.ar/?p=380" rel="cc:attributionURL">Alejandro Pernin</a> se encuentra bajo una Licencia <a href="http://creativecommons.org/licenses/by/3.0/" rel="license">Creative Commons Atribución 3.0 Unported</a>.

]]></content:encoded>
<wfw:commentRss>https://blog.aleperno.com/?feed=rss2&p=380</wfw:commentRss>
<slash:comments>1</slash:comments>
</item>
<item>
<title>Curiosidades de Facebook</title>
<link>https://blog.aleperno.com/?p=343</link>
<comments>https://blog.aleperno.com/?p=343#comments</comments>
<dc:creator><![CDATA[Alejandro]]></dc:creator>
<pubDate>Tue, 23 Aug 2011 02:50:30 +0000</pubDate>
<category><![CDATA[internet]]></category>
<guid isPermaLink="false">http://blog.aleperno.com.ar/?p=343</guid>
<description><![CDATA[Hay muchas cosas en la vida, que uno ve, conoce, utiliza y desconoce pequeñas curiosidades o perlitas que no van muy al caso, pero siempre son interesantes de conocer. Facebook ha causado enorme controversia, con sus políticas de privacidad, supuesta exposición de datos privados, etc. Aquí no voy a hablar de eso ya que soy … <a href="https://blog.aleperno.com/?p=343" class="more-link">Continue reading "Curiosidades de Facebook"</a>]]></description>
<content:encoded><![CDATA[

Hay muchas cosas en la vida, que uno ve, conoce, utiliza y desconoce pequeñas curiosidades o perlitas que no van muy al caso, pero siempre son interesantes de conocer. Facebook ha causado enorme controversia, con sus políticas de privacidad, supuesta exposición de datos privados, etc. Aquí no voy a hablar de eso ya que soy temeroso de los abogados de Mark Zuckerberg y no tengo dinero para costearme un litigio legal, así que sólo mostraré unas pequeñas perlitas con las que me he encontrado.
Observemos la siguiente URL:
[su_note color=”#e0e0e0″]https://fbcdn-sphotos-a.akamaihd.net/hphotos-ak-snc6/262207_ 10150250379330782_639435781_7283246_1748549_n.jpg[/su_note] 
Dicha URL corresponde al enlace directo de mi foto de perfil, aunque posea una configuración de seguridad tal que sólo mis amigos puedan ver mi foto de perfil, cualquiera con esa URL podría verla; con lo que por medio de un intermediario habilitado, uno podría tener acceso a las fotos de una persona que normalmente no podría.
-Ahh, pero no pasa nada, porque siempre tiene que haber un amigo que le pase el link. ERROR.
Luego voy a mostrar un ejemplo, pero teoricamente es  posible crear un algoritmo que variando las secuencias numéricas de la URL, capture las imágenes subidas. Las secuencias numéricas no son numeros al azar, sino que identifican el perfil, el album y la foto (ejemplo burdo). Un ejemplo particular, el 639435781 remarcado en la URL corresponde a mi ‘profile id”.
Existe una suerte de “aplicación” dentro de facebook, que dado un numero de perfil, nos devuelve cierta información. 
<a href=" http://graph.facebook.com/639435781">http://graph.facebook.com/639435781</a> nos devuelve:
[su_note color=”#e0e0e0″] 
{ 
“id”: “639435781”, 
“name”: “Alejandro Pernin”, 
“first_name”: “Alejandro”, 
“last_name”: “Pernin”, 
“link”: “https://www.facebook.com/ale.pernin”, 
“username”: “ale.pernin”, 
“gender”: “male”, 
“locale”: “en_GB” 
}[/su_note]
No es información del todo privada, menciona solo mi nombre, apellido, sexo y en qué idioma uso Facebook; asimismo si mi configuración de privacidad fuese tal que mi mail sea público, aparecería en los datos. De nuevo, esto nos permite mediante un algoritmo (para nada complicado) ir obteniendo datos, por ejemplo yo utilizé un algoritmo que a partir de mi id, iba a obtener los resultados de los siguientes 100 id’s; el resultado fué el siguiente:
[su_spoiler title=”Ver Resultados”]
{“id”:”639435781″,”name”:”Alejandro Pernin”,”first_name”:”Alejandro”,”last_name”:”Pernin”,”link”:”http://www.facebook.com/ale.pernin”,”username”:”ale.pernin”,”gender”:”male”,”locale”:”en_GB”} 
{“id”:”639435782″,”name”:”Roslyn Fontaine”,”first_name”:”Roslyn”,”last_name”:”Fontaine”,”link”:”http://www.facebook.com/people/Roslyn-Fontaine/639435782″,”locale”:”en_US”} 
{“id”:”639435787″,”name”:”Lucie Sykes”,”first_name”:”Lucie”,”last_name”:”Sykes”,”gender”:”female”,”locale”:”en_US”} 
{“id”:”639435789″,”name”:”Joy Garcia”,”first_name”:”Joy”,”last_name”:”Garcia”,”link”:”http://www.facebook.com/people/Joy-Garcia/639435789″,”gender”:”female”,”locale”:”en_US”} 
{“id”:”639435792″,”name”:”Franco Olivera”,”first_name”:”Franco”,”last_name”:”Olivera”,”link”:”http://www.facebook.com/people/Franco-Olivera/639435792″,”gender”:”male”,”locale”:”es_LA”} 
{“id”:”639435795″,”name”:”Mary Ann”,”first_name”:”Mary”,”last_name”:”Ann”,”link”:”http://www.facebook.com/people/Mary-Ann/639435795″,”locale”:”en_US”} 
{“id”:”639435796″,”name”:”Selovema Alami”,”first_name”:”Selovema”,”last_name”:”Alami”,”link”:”http://www.facebook.com/people/Selovema-Alami/639435796″,”gender”:”female”,”locale”:”fr_FR”} 
{“id”:”639435803″,”name”:”Krista Schriver”,”first_name”:”Krista”,”last_name”:”Schriver”,”link”:”http://www.facebook.com/kristaaa”,”username”:”kristaaa”,”gender”:”female”,”locale”:”en_US”} 
{“id”:”639435805″,”name”:”Amanda Wade”,”first_name”:”Amanda”,”last_name”:”Wade”,”gender”:”female”,”locale”:”en_US”} 
{“id”:”639435807″,”name”:”William Waddington”,”first_name”:”William”,”last_name”:”Waddington”,”link”:”http://www.facebook.com/people/William-Waddington/639435807″,”gender”:”male”,”locale”:”en_US”} 
{“id”:”639435813″,”name”:”Stephen R. Abdon”,”first_name”:”Stephen”,”middle_name”:”R.”,”last_name”:”Abdon”,”link”:”http://www.facebook.com/people/Stephen-R-Abdon/639435813″,”gender”:”male”,”locale”:”en_US”} 
{“id”:”639435815″,”name”:”Andres Restrepo Bastidas”,”first_name”:”Andres”,”last_name”:”Restrepo Bastidas”,”link”:”http://www.facebook.com/people/Andres-Restrepo-Bastidas/639435815″,”gender”:”male”,”locale”:”es_LA”} 
{“id”:”639435818″,”name”:”Jerome Haquin”,”first_name”:”Jerome”,”last_name”:”Haquin”,”link”:”http://www.facebook.com/people/Jerome-Haquin/639435818″,”gender”:”male”,”locale”:”en_US”} 
{“id”:”639435820″,”name”:”Nick Yencopal”,”first_name”:”Nick”,”last_name”:”Yencopal”,”link”:”http://www.facebook.com/nick.yencopal”,”username”:”nick.yencopal”,”gender”:”male”,”locale”:”en_US”} 
{“id”:”639435823″,”name”:”Carlos Velez”,”first_name”:”Carlos”,”last_name”:”Velez”,”link”:”http://www.facebook.com/people/Carlos-Velez/639435823″,”gender”:”male”,”locale”:”es_LA”} 
{“id”:”639435826″,”name”:”Meryem u00c7alu0131u015fkan”,”first_name”:”Meryem”,”last_name”:”u00c7alu0131u015fkan”,”link”:”http://www.facebook.com/people/Meryem-u00c7alu0131u015fkan/639435826″,”gender”:”female”,”locale”:”tr_TR”} 
{“id”:”639435830″,”name”:”Emilio Consul Jr”,”first_name”:”Emilio”,”middle_name”:”Jr”,”last_name”:”Consul”,”link”:”http://www.facebook.com/people/Emilio-Consul-Jr/639435830″,”gender”:”male”,”locale”:”en_US”} 
{“id”:”639435831″,”name”:”Mattie Willock”,”first_name”:”Mattie”,”last_name”:”Willock”,”link”:”http://www.facebook.com/people/Mattie-Willock/639435831″,”gender”:”male”,”locale”:”en_GB”} 
{“id”:”639435835″,”name”:”Emanuel Calo”,”first_name”:”Emanuel”,”last_name”:”Calo”,”link”:”http://www.facebook.com/people/Emanuel-Calo/639435835″,”gender”:”male”,”locale”:”es_LA”} 
{“id”:”639435840″,”name”:”Moo Massoud”,”first_name”:”Moo”,”last_name”:”Massoud”,”link”:”http://www.facebook.com/Tranceholic”,”username”:”Tranceholic”,”gender”:”male”,”locale”:”en_US”} 
{“id”:”639435842″,”name”:”Emily Ong”,”first_name”:”Emily”,”last_name”:”Ong”,”gender”:”female”,”locale”:”en_US”} 
{“id”:”639435843″,”name”:”Janet Ung”,”first_name”:”Janet”,”last_name”:”Ung”,”link”:”http://www.facebook.com/people/Janet-Ung/639435843″,”gender”:”female”,”locale”:”en_US”} 
{“id”:”639435844″,”name”:”Alexandra Hughes”,”first_name”:”Alexandra”,”last_name”:”Hughes”,”username”:”alex.elizabeth.hughes”,”gender”:”female”,”locale”:”en_US”} 
{“id”:”639435847″,”name”:”Tom Kurvers”,”first_name”:”Tom”,”last_name”:”Kurvers”,”link”:”http://www.facebook.com/people/Tom-Kurvers/639435847″,”gender”:”male”,”locale”:”en_US”} 
{“id”:”639435855″,”name”:”Solveig Rabjerg”,”first_name”:”Solveig”,”last_name”:”Rabjerg”,”gender”:”female”,”locale”:”da_DK”} 
{“id”:”639435858″,”name”:”Eddie Lian”,”first_name”:”Eddie”,”last_name”:”Lian”,”link”:”http://www.facebook.com/eddielian”,”username”:”eddielian”,”gender”:”male”,”locale”:”en_US”} 
{“id”:”639435859″,”name”:”Rosie Romero”,”first_name”:”Rosie”,”last_name”:”Romero”,”link”:”http://www.facebook.com/rosa.romero1″,”username”:”rosa.romero1″,”gender”:”female”,”locale”:”en_US”} 
{“id”:”639435861″,”name”:”Lee Blessed”,”first_name”:”Lee”,”last_name”:”Blessed”,”gender”:”female”,”locale”:”en_US”} 
{“id”:”639435862″,”name”:”Wade Angeli”,”first_name”:”Wade”,”last_name”:”Angeli”,”username”:”wadange”,”gender”:”male”,”locale”:”en_US”} 
{“id”:”639435865″,”name”:”Karlo Lugo”,”first_name”:”Karlo”,”last_name”:”Lugo”,”link”:”http://www.facebook.com/karlorlm”,”username”:”karlorlm”,”gender”:”male”,”locale”:”en_US”} 
{“id”:”639435872″,”name”:”Mona Cecilie Bakkene”,”first_name”:”Mona”,”middle_name”:”Cecilie”,”last_name”:”Bakkene”,”link”:”http://www.facebook.com/people/Mona-Cecilie-Bakkene/639435872″,”gender”:”female”,”locale”:”nb_NO”}
[/su_spoiler]
Como se puede apreciar no son 100 resultados ya que algunos resultados arrojan “false” y mi algoritmo los omite; pero sin embargo se puede entender lo que quiero demostrar.
¿Es seguro utilizar Facebook? 
“Lo dejo a tu criterio” – Karina Olga Jelinek, filósofa contemporánea argentina.
<a href="http://creativecommons.org/licenses/by/3.0/" rel="license"><img style="border-width: 0;" src="http://i.creativecommons.org/l/by/3.0/80x15.png" alt="Licencia Creative Commons"></a> 
Curiosidades de Facebook por <a href="http://blog.aleperno.com.ar/?p=343" rel="cc:attributionURL">Alejandro Pernin</a> se encuentra bajo una Licencia <a href="http://creativecommons.org/licenses/by/3.0/" rel="license">Creative Commons Atribución 3.0 Unported</a>. 
Basada en una obra en <a href="http://blog.aleperno.com.ar" rel="dct:source">blog.aleperno.com.ar</a>.

]]></content:encoded>
<wfw:commentRss>https://blog.aleperno.com/?feed=rss2&p=343</wfw:commentRss>
<slash:comments>1</slash:comments>
</item>
</channel>
</rss>

If you would like to create a banner that links to this page (i.e. this validation result), do the following:

Download the "valid RSS" banner.
Upload the image to your own server. (This step is important. Please do not link directly to the image on this server.)
Add this HTML to your page (change the image src attribute if necessary):

<a href="http://www.feedvalidator.org/check.cgi?url=http%3A//blog.aleperno.com.ar/%3Ffeed%3Drss2"><img src="valid-rss-rogers.png" alt="[Valid RSS]" title="Validate my RSS feed" /></a>

If you would like to create a text link instead, here is the URL you can use:

http://www.feedvalidator.org/check.cgi?url=http%3A//blog.aleperno.com.ar/%3Ffeed%3Drss2

Home · About · News · Docs · Terms