Insights and discoveries
from deep in the weeds

Friday, September 23, 2011

ImageMapster 1.2 released

I "finalized" version 1.2 of ImageMapster, which includes a few major new features and a slew of other improvements. Of course, even after waiting two months to officially call it 1.2, I found a couple bugs within hours of releasing it. Such is life. So we're already at 1.2.2 which corrects a couple minor issues on the initial release.

I also finished a significant update to the project web site which I hope will make it a lot easier for new users to understand the plugin, its features, and getting started.

The new version includes many new features (most of which have been in the beta for a month or two):

  • Automatically scale image map data to match the effective image size using scaleMap option
  • resize method will resize an existing, bound imagemap dynamically with visual effects
  • includeKeys can be used to bind staticState areas to active areas and mouse events will affect active areas. That is, if area A is staticState=false and area B is normal, using includeKeys='B' for the area A data will mean that mousing over of clicking area A will cause action on area B.
  • Performance and stability improvements on startup with complex or slow-loading images across all browsers (some edge cases, especially with certain Firefoxes and IE7, didn't bind consistently).

  • ... and lots of other little improvements/tweaks/fixes. See change log on github for everything.

Monday, September 12, 2011

Google search redirects: not necessarily a virus

I just returned from a glorious week in Maine. I didn't quite manage to escape from the infiltration of technology in my life, though. My position as the resident geek came into play when one of our guests noted that his google searches appeared to be redirected intermittently to random spam/ad/virus-smelling web sites.

My first instinct when something like this happens would be to assume their machine had a virus. However, in this case, their machine was an iPad. While not at all impossible, it seemed pretty unlikely. Then, it started happening to me too, on my nearly brand new Windows 7 laptop. I was sure I didn't have a virus and besides, what a coincidence that it happened to us both suddenly while on a new internet connection.

After some effort I realized that the Linksys WRT54GL router had been hacked, and the name servers hardcoded to IP addresses in the Ukraine. This isn't unique, nor new, but it was surprising. This is our own internet connection, and we set the router up. I'm not an idiot - or at least I didn't think I was. The root password for the router had been changed when the thing was set up, and there was no remote access allowed to the router. While it's all too common for people to get compromised because they don't bother to do any configuration when they set up a router, I'm not that person.

However, the password was not strong. It was a single English language word.

I am not sure how the router became compromised, since admin access to the box was only allowed from the private network. I haven't researched to find out if any other back door would allow access to it from the internet, or if the attack must have been sourced from a user of the router (perhaps from a virus-infected computer configured to conduct brute force attacks against its gateway?). Either way the point is, never make any assumptions about security.

My assumption was that since this was a private network with very few users, we didn't need a strong password for the router. This assumption didn't consider that an attacker could be from inside your network (a compromised PC), or possibly the router firmware could have bugs that can be exploited to grant access. I am not in control of every user of the network, so I can't make any assumptions. The access to the router should have been hardened as much as possible (on a consumer device like that, anyway).

Hopefully this post will help others trying to resolve this same problem - google searches on the terms in this post's subject returned few results, and none that identified the problem as a DNS or hacked router issue. Most discussion threads concluded the user had a virus on their PC. Check your routers, and make sure they're locked down!