daily tweets

• 09:00 Monaco Mac look alike font for Windows programmers: tinyurl.com/ymeb7t #

daily tweets

• 12:49 Got my new OCZ Rally2 USB 2.0 dual channel 16GB flash memory drive (tinyurl.com/o3ph9). I can now make that odd DVD soft copy. #

daily tweets

• 17:29 Lunch at Milos, hilton. Best restaurant service ever. #
• 19:58 Vicky Cristina Barcelona=Woody Alen's sexual fantasies. Thank you very much, my own are more than enough. I'll tell my little niece though.. #
• 20:31 Best "commercial" feta cheese: Sgouritsas, Taygetos. Hard to find (Vassilopoulos, N. Psychiko is one place I know) and pricey; my favourite. #

daily tweets

• 01:07 Just came back from Nonna pina, Daphni. A good italian restaurant it turned out to be. #

daily tweets

• 11:21 Adobe have fixed their Flash Player clickjacking vulnerability tinyurl.com/5x2bzy #
• 11:38 HexEditor plugin for Notepad++: tinyurl.com/6rkjxd #

daily tweets

• 22:18 Vaio gives me: "The installed battery may not be properly connected to the computer or may not be compatible with the computer" ??!!?!?!? #
• 22:32 Kill ISBMgr.exe process to stop nagging message. Run msconfig and uncheck ISB Utility in Startup tab. Sony's ISB Utility update went tits up #

emails, images, base64 and html

How many times have you received an image-laden email that can't quite show itself properly and instead you get the source? This is a recent email I received in Outlook:

Return-Path: <sender@gmail.com>
X-Original-To: you@somedomain.com
Delivered-To: you@somedomain.com
Received: from localhost (localhost [127.0.0.1])
.
.
. 
by Subject: More 3D Chalk Drawings by Julian Beever!
In-Reply-To: <BAY123-DS3D0865B1F4499DF30C37EA6310@phx.gbl>
MIME-Version: 1.0
Content-Type: multipart/related; 
 boundary="----=_Part_66037_8745117.1224059387776"
References: <BAY123-DS3D0865B1F4499DF30C37EA6310@phx.gbl>
To: undisclosed-recipients:;

------=_Part_66037_8745117.1224059387776
Content-Type: multipart/alternative; 
 boundary="----=_Part_66038_2852077.1224059387777"

------=_Part_66038_2852077.1224059387777
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Excellent, as usual!

------=_Part_66038_2852077.1224059387777
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

<div dir="ltr"><div class="gmail_quote"><br><br><br>
.
.
.
</div><br></div>

------=_Part_66038_2852077.1224059387777--

------=_Part_66037_8745117.1224059387776
Content-Type: image/jpeg; name=image008.jpg
Content-Transfer-Encoding: base64
Content-ID: <image008.jpg@01C92D89.A8F97520>
X-Attachment-Id: 0.8

/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAoHBwgHBgoICAgLCgoLDhgQDg0NDh0VFhEYIx8lJCIf
.
.
.
d1qMmLqKKoagXqjRKiijQgpXJWePioorETGoxVvRRRUf/9k=
------=_Part_66037_8745117.1224059387776--

This is a mime-multipart html mail, that's got a few image/jpeg parts. To get the image(s) out of it, save it as .msg somewhere and open it with an editor (e.g. Notepad++). Look for the image part you're interested in:

Content-Type: image/jpeg; name=image008.jpg
Content-Transfer-Encoding: base64
Content-ID: 

Then strip everything off leaving only the base64-encoded image payload that appears beneath (the one that starts with /9j/ and ends in /9k= in our example). Save as say img-base64.txt. This should now look like:

/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAoHBwgHBgoICAgLCgoLDhgQDg0NDh0VFhEYIx8lJCIf
IiEmKzcvJik0KSEiMEExNDk7Pj4+JS5ESUM8SDc9Pjv/2wBDAQoLCw4NDhwQEBw7KCIoOzs7Ozs7
...
JW+6Mj+7T9ixQoEAUFQTiqxPzn61zyep0QWhE4PULioGUk8mrjAbajYcGkiim2egpsSkvz0qcgUi
EjpSY0i1Gp2/KpxRUauxH3jRUG1j/9k=

This is your image, base64 encoded. The "save as .msg" bit was necessary as what's shown in Outlook is fiddled with and will not decode properly.

Now there are several options on how best to proceed. You may use Notepad++ builtin base64 decoding capabilities (TextFX, TextFX Tools, Base64 Decode) and save it as .jpg. Or, if Notepad++ is not available, you may use a command line utility for that, like the excellent base64 by John Walker.

Few people are aware though that the base64 payload can be used directly into html pages, letting the browser do all the hard work! The simplest way is putting the payload in an <img> element:

<img src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEA...UG1j/9k="/>

Likewise in a CSS background:

div.image {
  background-image:url(data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEA...UG1j/9k=);
}

This paradigm applies to other types of entities not just images. CSS stylesheets and javascript scripts can also appear as base64 encoded payloads in html pages. I will simply reiterate here two examples by Grey Wyvern:

<link rel="stylesheet" type="text/css" href="data:text/css;base64,LyogKioqKiogVGVtcGxhdGUgKioq..." />:  

<script type="text/javascript" href="data:text/javascript;base64,dmFyIHNjT2JqMSA9IG5ldyBzY3Jv..."></script>  

Now, I don't know why anyone would want to do that with javascript in particular, since base64 encoding bloats original size by a factor of 4/3, other than a perverse pleasure of tinkering about.

daily tweets

• 23:19 I just now realized that all of the urls include the last dot when the tweets are posted to my blog! #

daily tweets

• 20:13 Happy go lucky: pleasant if you've lived in the UK. #
• 01:50 Dinner at Pakindian, Menandrou: not that great food... #

daily tweets

• 16:19 Another excellent meal at the renovated Furin Kazan. #

daily tweets

• 09:19 Upgraded my Vaio to 2GB of SODIMM DDR2 memory. Now it's ready for an upgrade to Vista. Or is it? #
• 09:45 Eating one of the last "saragli", bought from Papaparaskeua confectionery in Xanthi. Nea Ellas equally if not more fantastic-thx jerry... #

email hiding

I thought that spamming was an issue of the past. Not because spammers have ceased bombarding email addresses with all sorts of unthinkable propositions, but because now we have the means to render their assaults harmless. It's been ages since the last time a spam email transpired into my [Inbox] instead of going straight to [Spam]. Some people though employ this and that in a vain attempt to hold back the very dumbest of spammers out there hunting for valid email addresses. Historically, the most popular way of hiding an email is by replacing @ and . characters with words:

zmeeagain[at]gmail[dot]com

One can think many variations on this, but they all obey the same principle. I read a personal page the other day using a context-sensitive approach:

mylastname@domain.com

This obviously can be used in conjunction with the previous technique. Some organisations have also relied upon context to camouflage their emails by omitting the domain part altogether, so firstname.lastname@domain.com becomes simply firstname.lastname and they do not allow employees to maintain contact lists in their email clients; marvellous. Instead of disclosing their email addresses many incompetent companies provide a mostly ill-designed kind of contact form that does not let you use any other client or know whether a man or /dev/null is handling your email. More recently, emails have started to appear as distorted images of the actual email text, much like a simple captcha:

Alternatively, one may want to prepare a static flash file specifically for hiding your email. Carnegie Mellon have taken this a step further with their reCAPTCHA Mailhide application. The email (or part of it) is replaced with a link that shows you a captcha. If you solve the captcha then the full email address is shown to you, otherwise you are asked to solve another captcha. All challenges are random and you can switch to audio challenges too:

zmee...@gmail.com

Others have come as far as suggesting using Javascript XORing. The idea is you take a normal email link like <a href=mailto:zmeeagain@gmail.com>zmeeagain@gmail.com</a>, XOR each character with some key to get the XORed version, and then serve that together with a script that will dynamically XOR this back to the original link using the same XOR key of course. The idea is to make life difficult for scouting bots since the html page will only have the script and the XORed email. Anoop Sankar demonstrates an example of that technique. Sarven Capadisli reports a few other options. One notable example uses CSS to reverse the direction of text in a inversely written email:

span.codedirection { unicode-bidi:bidi-override; direction: rtl; }
<p><span class="codedirection">moc.liamg@niagaeemz</span></p>

As for myself, I've already made it readily available to spammers worldwide. Here it is once more: zmeeagain@gmail.com.

daily tweets

• 10:06 At last, public transport navigation for Athens is live at youdrive.gr. Give it a try. #