The Infinite E-mail – An Artistic Potential Security Flaw in Apple’s Mail Application [Inbox Art]
|| 8/12/2009 || 1:53 pm || + Render A Comment || ||
Imagine that every time you clicked on an e-mail in your inbox, the e-mail showed something different. Well thats what I discovered last night before I went to bed.
A few weeks ago I found out that Mac users can send fully coded HTML e-mails using Apple’s Mail Application. All one needs to do is open up Safari, go to the page you want to e-mail, and select “Mail Contents of This Page” in the File Menu (see image above). The contents of the page are then automatically pasted into an e-mail that is ready to be sent:
But what if the HTML contains PHP scripts that dynamically load content? The HTML (originally from the Grand Juxtaposition via the front page of my website) calls two PHP scripts that randomly selects two images from two different folders on my website. So when you click on the e-mail in your inbox, two new images are displayed because Apple’s Mail Application runs the PHP scripts:
Notice that the images in the e-mail are different than what was originally sent
Click to view the full-sized image
Lets say the script was malicious and called a website that attempted to download malware. Would this ‘discovery’ be a flaw in Apple’s Mail Application?
So far I have tested this splendid e-mail out by emailing myself the same page to my GMail, Yahoo Mail, and MSN e-mail accounts. With the exception of MSN, which only loaded the foreground graphic and not the background graphic, neither GMail nor Yahoo worked like Apple’s Mail Application. I have not tested it out on Entourage or any other off-line e-mail client programs and I am curious if they’ll run the scripts or not. Regardless, this is probably one of the coolest e-mails ever!
Related Lost Series Entries:
Dear Yahoo! & Navteq, it’s not the National Msm of the American Indian!
|| 7/13/2009 || 3:49 pm || 1 Comment Rendered || ||
Back in March of 2008 I discovered that Google Maps was incorrectly displaying the official title of the National Museum of the American Indian on their maps. They had truncated the word museum to MSM. A friend of mine who works at Navteq, the supplier of the data, confirmed that the length of the title was too long, so they shaved off a few characters by truncating the word museum to msm. This lexical error was eventually corrected on Google Maps….
However, last night I had someone in India do a Yahoo! search for National Msm of the American Indian and ended up visiting my page. Upon closer inspection, I discovered that Yahoo! Maps was also doing the same type of truncation with Navteq’s data. I think NavTeq should to change it’s dataset so all the museums names are spelled correctly.
Note: the links in the images in this entry go to the Hirshhorn Museum & Sculpture Garden because it was the closest result for my query “National Msm of the American Indian”
The Geospatial Art FAIL Landing Page
|| 12/14/2008 || 2:20 pm || Comments Off on The Geospatial Art FAIL Landing Page || ||
In continuance of my previous entry related to finding and exploiting a flaw in search engine aggregation algorithms, I decided to modify the landing page slightly. So instead of displaying a random foreground graphic, like my splash page, it only displays the text FAIL. Its an attempt to poke fun at the humorous FAIL Blog by extending the meme to failed search results. The title of the page says “Nikolas Schiller thinks you should try searching again,” and when you hover your mouse over the FAIL text the title text says “You clicked on a bogus search result.”
To get the extent of how many visits this internet bait has been generated, look at a portion of this weekend’s search results:
Geospatial art created by exploiting search engine aggregation algorithms
|| 12/10/2008 || 6:22 pm || Comments Off on Geospatial art created by exploiting search engine aggregation algorithms || ||
The other day I noticed that there were literally hundreds of search engine results that contain a fictitious url to a page on my website that didn’t exist. It appears that Internet bots have exploited an issue with search engine aggregation algorithms to trick them into showing a bogus search result for a page that never existed on my website. Throughout the internet there are numerous pages that contain https://nikolasschiller.com/showthread.php?XXXXX and when people clicked on the bogus link they were brought to a 404 page. Last night I created a copy of this website’s splash page and renamed the file showthread.php. Now when people click on the fake link in the fraudulently created search engine result, they are brought to my website’s beautifully abstract splash page. Today I’ve been receiving all sorts of random visitors!
UPDATE – 12/13/08 – I’ve decided to change the page slightly and add the word FAIL to the landing page. The reason for this is because the person landing on the page failed to find what they were looking for.
Pondering Digital Existentialism Through Query
|| 9/24/2008 || 3:29 pm || Comments Off on Pondering Digital Existentialism Through Query || ||
Screen grab of Yahoo’s search result (#9) for “Nikolas”
Having a eponymous website means that both my first & last name are combined to create the name for my website. The other day I decided to see where my first name (Nikolas) and my last name (Schiller) showed up in the search results of the three major search engines Google, MSN and Yahoo. The results are somewhat surprising.
As you’ll see below, “Nikolas” was ranked #8, #9, and #11 and “Schiller” is #31, #114, and #106 on Google, MSN, and Yahoo, respectively.
Welcome Robots and Strangers
|| 3/14/2008 || 1:48 pm || Comments Off on Welcome Robots and Strangers || ||
Below is the text of an e-mail I sent out today:
One year ago today my ugly mug was on the front page of the Washington Post’s style section in David Montgomery’s article “Here Be Dragons.” To celebrate the one year anniversary of this 15 minutes of fame I did something I’ve been waiting a VERY long time to do– I removed the Robots Exclusion Protocols from my website. This means that in a few weeks you will be able to find the contents of my website with a simple search string from your favorite search engine.
Before 12:01am today, you could only search the contents of my website on my website. By preventing my website from being crawled by spiders (or robots as they are technically called) I also prevented anyone [strangers] from freely accessing the hundreds of maps that I’ve made over the last 4 years. Thus the paradox of making maps without being able to be found is now over, and in that respect I am liberating myself from the self-censorship experiment that I’ve been conducting these last few years.
Frankly, dear reader, its a very nice feeling. I am unaware of any website that has opened itself up to the robots with over a 1,000 different pages to index at once. I sincerely wonder what search words will bring people to my website from this day forward. Currently postmodern art is my number one search string (I am currently listed at #5)– and that was only possible because of the article that was published one year ago today. So with that said, today marks the beginning of a new phase in my life, and maybe yours– if you search for the right words.