Tuesday, July 22, 2008

Orkut



Orkut is a social networking service which is run by Google and named after its creator, an employee of Google - Orkut Büyükkökten. The service states that it was designed to help users meet new friends and maintain existing relationships. Orkut is similar to other social networking sites. Since October 2006, Orkut has permitted users to create accounts without an invitation. Orkut is the most visited website in Brazil and second most visited site in India. The initial target market for Orkut was the United States, but the majority of its users are in India and Brazil. In fact, as of May 2008, 53.86% of Orkut's users are from Brazil, followed by India with 16.97% and 23.4% of the traffic comes from Brazil, followed by India with 18.0%.

History

Orkut was launched in January 2004 by search company Google, as the brainchild of Orkut Büyükkökten, a Turkish software engineer, who developed it as an independent project while working at Google. In late June 2004, Affinity Engines filed suit against Google, claiming that Orkut Büyükkökten and Google based Orkut on inCircle code.

Originally, its membership was by invitation. By April 2008, Orkut's user base numbered at around 120 million, next only to MySpace.

Features

A user first creates a "Profile", in which the user provides "Social", "Professional" and "Personal" details. Users can upload photos into their Orkut profile with a caption. Users can also add videos to their profile from either YouTube or Google Video with the additional option of creating either restricted or unrestricted polls for polling a community of users.

Scrapbook

"Scrapping" is popular among the Orkut community as a form of offline and online communication. In December 2007, the ability to pop up alerts immediately when a scrap is received was added, adding instant messaging-like capabilities to Orkut.

Communities

Another feature of Orkut are "Communities". Anyone with an Orkut account can create a community on anything. One can post topics, inform users about an event, ask them questions or just play games. There are more than one million communities on Orkut with topics ranging from pizza to pasta. The first five communities on Orkut were started within 24 hrs of the site's launch. There were a total of 47,092,584 communities on Orkut as per March 24, 2008 4:25PM IST (+5:30 GMT). With the recent addition of the search topic feature in the communities, some Orkut communities become the de facto source for the website links to movies, e-books etc.

Other miscellaneous features

Members can make groups to join friends according to their wishes. Further, each member can become fans of any of the friends in their list and can also evaluate whether their friend is "Trustworthy", "Cool", "Sexy" on a scale of 1 to 3 (marked by icons) and is aggregated in terms of a percentage. Unlike Facebook, where a member can view profile details of people only on their network, Orkut allows anyone to visit anyone's profile, unless a potential visitor is on your "Ignore List" (This feature has been recently changed so that users can choose between showing their profile to all networks or specified ones). Importantly, each member can also customize their profile preferences and can restrict information that appear on their profile from their friends and/or others (not on the friends list). Another feature is that any member can add any other member on Orkut to his/her "Crush List" and both of them will be informed only when both parties have added each other to their "Crush List".

When a user logs in, they see the people in their friends list in the order of their logging in to the site, the first person being the latest one to do so. Orkut's competitors are other social networking sites including MySpace and Facebook. Ning is a more direct competitor, as they allow creation of Social Networks which are similar to Orkut's communities.

There is a birthday reminder on the homepage of each user, which shows upcoming birthdays of that user's network friends.

Orkut users can decide the countries from which they want to get friends requests from. Or the person sending request has to verify the email address of the another person.

Orkut Redesign

On Friday, August 24, 2007, Orkut announced a redesign. The new UI contains round corners and soft colors including small logotype at upper left corner. The redesign has been announced on the official Orkut Blog.

By Thursday, August 30, 2007, most users on Orkut could see changes on their profile pages as per the new redesign. On the 31st, Orkut announced its new features including improvements to the way you view your friends, 9 rather than 8 of your friends displayed on your homepage and profile page and basic links to your friends' content right under their profile picture as you browse through their different pages. It also announced the initial release of Orkut in 5 new languages: Hindi, Bengali, Marathi, Tamil, and Telugu. Profile editing can take place by clicking the settings button under your profile photo (or alternatively, click the blue settings link at the top of any page).

On September 4, 2007, Orkut announced another new feature. You can now see an "Updates from your friends" box on the homepage, where you'll get real-time updates when your friends make changes to their profiles, photos and videos. Moreover, in case you want to keep some things on your profile private, Orkut has added an easy opt-out button on the settings page.

On November 8, 2007, Orkut greeted its Indian users Happy Diwali in a very special way, by allowing them to change their Orkut look to a Diwali-flavored reddish theme.

On April Fools' Day 2008, Orkut temporarily changed its name on its webpage to yogurt, apparently as a prank.

On 2nd June 2008, Orkut has launched its theming engine with a small set of default themes. along with this PHOTO tagging has also finally arrived at orkut.

Orkut Applications

On 16th April, 2008, Orkut began rolling out applications to everyone in India and then in phases to the rest of the world.[8] Currently, the number of applications in the application directory stands at 287 (as of 19 July 2008).

Criticism

Flooders and fake profiles

As with any online social networking community, a number of fake and cloned profiles exist on Orkut. Due to the large number of users, and the deactivation of the jail system, the profiles were often left unremoved or, when removed, recreated easily. These profiles are normally created to troll, to spam, to flood or just for fun. It is not hard to find users owning more than one profile, with some stating they own hundreds.

In 2005 invisible profiles, communities and topics started to appear in Orkut. This could be achieved by using HTML escaping codes and 1x1 pixel photos to fool the engine behind the site.[10] This hole was later fixed, and currently there is a lower limit on profile image dimensions.

In August 2005 a freeware program was made in Delphi called Floodtudo ("tudo" in Portuguese means "everything" - this was developed by a Brazilian) specifically for flooding Orkut. It quickly spread through the users and was easily downloadable (the most common Floodtudo versions were 1.2, 1.5, 2.0 and 2.2). As this program was massively used by thousands of spammers, a big spam wave struck Orkut in September and October 2005.

As the flooding of Orkut was becoming out of control, the developers implemented some features in order to stop this. These features included not allowing two or more verbatim topics or scrapbook entries to be submitted, forcing the user to wait before posting another topic or scrapbook entry, and the usage of captchas, whenever a scrap entry is hyperlinked. They gave more rights to community moderators as well, so that users can be banned outright instead of relying on the developers to remove them.

Hate groups

There has recently been controversy revolving around the use of Orkut by various hate groups. Virulent racists and religious fanatics allegedly have a solid following there. Several hate communities focused on racism, Nazism and white supremacy have been deleted due to guideline violation.

In 2005, various cases of racism were brought to police attention and reported on in the Brazilian media.[citation needed] In 2006, a judicial measure was opened by the Brazil federal justice denouncing a 20-year-old student accused of racism against those of African ancestry and spreading defamatory content on Orkut. Brazilian Federal Justice subpoenaed Google on March 2006 to explain the crimes that had occurred in Orkut.

Anti-religion, anti-national, and anti-ethnic hate groups have also been spotted. Recently an Indian court has issued notices to Google on some of the groups. The Mumbai Police are seeking a ban on Orkut post objections raised by political groups. Groups denigrating various political leaders and celebrities have also emerged. Also in a reported case of 2005, racist groups have been reported. They were anti-Tamil groups. No names have been revealed yet.

State Censorship

Orkut was very popular in Iran, but the website is now blocked by the government. According to official reports, this is due to national security issues, and Islamic ethical issues about dating and match making. To get around this block, sites such as orkutproxy.com (now defunct) were made for Iranian users. Other websites such as Yahoo! Groups and Google Groups have communities dedicated to receiving updates on the newest location of Iran's Orkut proxy. Though it was once possible to bypass governmental blockage of Orkut, the site has closed its HTTPS pages on all anonymous proxies. Now it is almost impossible for ordinary users to visit this site inside Iran.[neutrality disputed] Many other sites have been published in Iran since Orkut's blockage, using the same social-networking model - examples include MyPardis, Cloob and Bahaneh. Of course, these websites run a high risk of being blocked as well, so they have their own censorship policies to meet Iran's unwritten regulations and rules of filtering.

In August 2006, United Arab Emirates followed the footsteps of Iran in blocking the site. This block was subsequently removed in October 2006. On July 3, 2007, Gulf News revisited the issue, publishing complaints from members of the public against Orkut communities like "Dubai Sex", and officially bringing the complaints to the attention of the state telecom monopoly Etisalat [. The ensuing moral panic resulted in a renewed ban of the site by Etisalat by July 4, 2007, still in effect despite Google's promise to negotiate the ban with the UAE . Saudi Arabia is another country that has blocked access to Orkut, while Bahrain's information ministry is also under pressure to follow suit.

Privacy

Earlier in Orkut it was allowed for anybody to view any one's pictures, videos as well as scraps. But this gave promotion to the people who started misusing the photos and videos and placed them on the internet with fake details. Many of them were vulgar, especially pictures of women. Moreover the scraps could be read easily.

Currently privacy covers such features as scraps (separately read and write access), videos, photoalbums, testimonials, applications. The following privacy levels are currently available to users: friends/friends of friends/everyone in the network. The user can limit visibility of her/his profile to a certain region or group of regions (that's what is called "network"); in this case outside of these regions no user information is available.

Initially, the common opinion was that out of the two major countries, only users in India will be interested in privacy on orkut, while Brazil, being a very open society, will not need it. In reality, the percentage of users choosing to hide their data is the same in India and Brazil. The only difference is that in Brazilian sector of there is a community "Quer privacidade? Sai do orkut" ("want privacy? get out of orkut") against other people's privacy.

Security and safety

Hacking accounts and communities with XSS

In 2005 dozens of communities' ownership was hacked. A similar feat was performed using a cross-site scripting (XSS) vulnerability. Eventually, various phishing sites were developed with the intent of stealing other people's accounts and communities.

In December 2007, hundreds of thousands of users accounts were affected, using another XSS vulnerability and a worm. A user's account was affected when the user simply read a particular scrap containing an embed which caused the user to automatically become a part of a community on the site, without approval. The affected user's account was then used to send this scrap to everyone present in the user's friend list thereby creating a sort of a huge wave.

MW.Orc worm

On June 19, 2006 FaceTime Security Labs' security researchers Christopher Boyd and Wayne Porter discovered a worm, dubbed MW.Orc.

The worm steals users' banking details, usernames and passwords by propagating through Orkut. The attack was triggered as users launched an executable file disguised as a JPEG file. The initial executable file that causes the infection installs two additional files on the user's computer. These files then e-mail banking details and passwords to the worm's anonymous creator when infected users click on the "My Computer" icon.

The infection spreads automatically by posting a URL in another user's Orkut Scrapbook, a guestbook where visitors can leave comments visible on the user's page. This link lures visitors with a message in Portuguese, falsely claiming to offer additional photos. The message text that carries an infection link can vary from case to case.

In addition to stealing personal information, the malware can also enable a remote user to control the PC and make it part of a botnet, a network of infected PCs. The botnet in this case uses an infected PC's bandwidth to distribute large, pirated movie files, potentially slowing down an end-user's connection speed.

The initial executable file (Minhasfotos.exe) creates two additional files when activated, winlogon_.jpg and wzip32.exe (located in the System32 Folder). When the user clicks the "My Computer" icon, a mail is sent containing their personal data. In addition, they may be added to an XDCC Botnet (used for file sharing), and the infection link may be sent to other users that they know in the Orkut network. The infection can be spread manually, but also has the ability to send "back dated" infection links to people in the "friends list" of the infected user.

According to statements made by Google, as noted in Facetime's Greynets Blog, the company had implemented a temporary fix for the dangerous worm.

HTTPS Not Obvious

In and around April 17, 2007 users began reporting that secure (https) access to the Orkut login server was no longer available.

In fact, Google had changed the main login page to http delivery to improve efficiency, but the actual login remained secure using https in an iframe. This information had not been well-published by Google, and did not give the users the reassurance of seeing the "secure connection" padlock in the browser. On July 17, 2007, a revised login page, which is delivered via https, addressed these issues.

Session Management and Authentication Issues

On June 22, 2007 Susam Pal and Vipul Agarwal published a security advisory on Orkut vulnerabilities related to authentication issues. The vulnerablities are considered very dangerous in cybercafes, or in the case of man-in-the-middle attack as they can lead to session hijacking and misuse of legitimate accounts. The vulnerabilities are not known to be fixed yet and therefore pose threat to the Orkut users.

A week later, on June 29, 2007 Susam Pal published another security advisory which described how the Orkut authentication issue can be exploited to hijack Google and Gmail sessions and misuse the compromised account of a legitimate user under certain conditions.

Joseph Hick performed an experiment on the basis of the advisories published by Susam Pal, to find out how long a session remains alive even after a user logs out. His experiment confirmed that the sessions remain alive for 14 days after the user has logged out. It implies that a hijacked session can be used for 14 days by the hijacker because logging out does not kill the session.

W32/KutWormer

On December 19, 2007, a worm written in Javascript started to cause havoc. Created by a Brazilian user, it automatically made the user join the virus related community and infect all friends' scrapbooks with copies of itself.

The worm is spreading through Orkut’s recently introduced tool that allows users to write messages that contain HTML code. The ability to add Flash/Javascript content to Orkut scraps was only recently introduced. on March 3, 2008 W32/Scrapkut.worm was found. The worm attempts to spread itself by sending orkut users scraps that contains the link to the worm itself.Aliases Downloader.Banload.ONK (GRISoft) TR/Dldr.Orkut.A (Avira) Trojan-Downloader.Win32.Banload.auf (IKARUS) Trojan.DL.Win32.Banload.dzm (Rising) W32.Scrapkut (Symantec)

Other Attacks

Private Album Hack

In December 2007 a Brazilian hacker with the pseudonym "Rodrigo Lacerda" published a script that allowed users to scrape other people's private photos. The exploit consisted of generating album photo urls, due to their simple structure. See e.g. [1]

Social Engineering

Attacks on orkut using social engineering never stop. Among these the easiest kind is to offer a user to enter a script into the browser's address area, to "improve performance".

Legal Issues

Brazil

On August 22, 2006, Brazilian Federal Judge José Marcos Lunardelli ordered Google to release Orkut user’s information of a list of about two dozen Brazilian nationals, believed to be using Orkut to sell drugs and involved in child pornography by September 28. The judge ordered Google to pay $23,000 per day in fines until the information is turned over to the Brazilian government. The information the government is requesting would also be used to identify individuals that are spreading child pornography[25] and hate speech, according to the Brazilian government. As of September 27, 2006 Google has stated that they will not release the information, on the grounds that the requested information is on Google servers in the U.S. and not Google servers in Brazil, and is therefore not subject to Brazilian laws. In March 2008, the Minister of Justice broke the accounts, and the locked albums became opened only to the advocates. There is a possibility of Orkut erasing the pornographic accounts/profiles.

India

Of late, the number of Indians on Orkut has been increasing rapidly. On October 10, 2006, the Bombay High Court's Aurangabad bench served a notice on Google for allowing a hate campaign against India. This referred to a community on Orkut called 'We Hate India', which initially carried a picture of an Indian flag being burned and some anti-India content.

The High Court order was issued in response to a public-interest petition filed by an Aurangabad advocate. Google had six weeks to respond. Even before the petition was filed, many Orkut users had noticed this community and were mailing or otherwise messaging their contacts on Orkut[citation needed] to report the community as bogus to Google, which could result in its removal. The community continues to exist and had spawned several 'We hate those who hate India' communities.

Prior to the 60th Independence Day of India, orkut's main page was revamped. The section which usually displayed a collage of photos of various people, showed a stylized orkut logo. The word orkut was written in the Devanagiri script and was colored in the Indian national colours. Clicking on the logo redirects to a post by the orkut India Product Manager, Manu Rekhi, on the orkut internal blog. There has also been some media outcry against Orkut after a couple of youngsters were apparently lured by fake profiles on the site and later murdered.

On November 23, Bombay High Court asked the state government to file its reply in connection with a petition demanding a ban on social networking site, Orkut, for hosting an anti-Shivaji Web community.

Recently, the Pune rural police cracked a rave party filled with narcotics. The accused have been charged under anti-narcotic laws, the (Indian) Narcotic Drugs and Psychotropics Substances Act, 1985 (NDPS). Besides the NDPS, according to some media reports, the police were deliberating on the issue of charging the accused under the (Indian) Information Technology Act, 2000 perhaps because Orkut was believed to be one of the mode of communication for these kind of drug abuses.

The Cyber police in India have entered into an agreement with Orkut to have a facility to catch and prosecute those misusing Orkut since the complaints is in a rising stage.

1 comment:

♥Arasi Yazhini ♥ said...

very informative...but too long to read..
keep posting