Jimmy Z

My sister alerted me of a new Internet game that is gaining popularity among kids called “Club Penguin.” In a sense, it’s a virtual world much like Second Life, except instead of being whatever you want, you’re constrained to being a penguin.

Within Club Penguin, you can buy items, such as pets, clothing, food, etc, and get jobs to work for money. You can send chat messages to the people who are in your virtual world. You can throw snowballs, dance, etc. You can add a particular penguin to your buddy list and send that penguin emails.

It has won lots of “awards” for being Kids Safe, but I still don’t trust it. Even though there is live moderation and message filtering, it’s the same game where people try to break the controls that are constraining them. Someone is going to find a way to infiltrate the system.

I decided to take a look at the security behind the application itself. I found that Club Penguin was sending messages over port 6112 in plain-text. This was surprising to me as I though there would at least be some encryption involved.

I did some simple packet sniffing on port 6112 to see what I could discover about the messaging protocol being used. At first, it looked a bit cryptic, but later discovered that there were some simple codes being used such as np, rp, sp, and sm which represented “new player,” “remove player,” “move player,” and “send message.” There is a user id tied to each of these actions, and it gives coordinates on the current map.

Anything that is said can be easily read in plain text. For example, I sent out the following message, “anyone hear me?” and the transmission that I was able to sniff was: %xt%m%sm%18%23348762%anyone hear me?%.

What does this mean? Any predator in your neighborhood can just tap in and listen to port 6112 and see who is playing Club Penguin in the neighborhood. He/she can watch everything that goes on, spoof the Club Penguin server, and send un-moderated, un-filtered messages to your child.

Scary!

My advice is to watch what your children are doing online and become informed of potential dangers. There are people who would like to exploit this game. Several visitors have arrived at this post searching for “how to hack club penguins database,”  “club penguin packet sniffers,” “club penguin 6112,” and “clubpenguin mail spoofing.” I’ll let you be the judge.

[Update: I’ve closed comments because of vandalism by people not mature enough to leave respectful comments]

In my Information Architecture class, we’re doing MySQL query optimization, and are required to import data from an Excel spreadsheet into the appropriate MySQL database schema. Many people are trying to use NaviCat to do the import of the data, but are having some problems.

I propose a better way to go about doing this is exporting the data as delimited text files, and importing the data with MySQL’s LOAD DATA INFILE.  I first came upon this mysql functionality as I was working on building an International geocoder. I was importing millions of records in tab-delimited format from the National Geospacial Intelligence Agency.

I first tried importing all of this data with a php script, doing a few million insert statements. This was very slow, as I could only get 100 or so rows to insert per second. I remember it would have taken something like 16 hours to get all of the records inserted into the database.  It just wasn’t feasible.

MySQL’s LOAD DATA INFILE command handles this stuff with ease. You just point it to your csv file, define the data a little bit, and let it go. I was able to import all of the data from the geospacial tab-delimited file in minutes rather than hours.

Yesterday, Ben Robison, Ben Swanson, and I competed in the final round of the Omniture Web Analytics Competition held by BYU’s eBusiness Center. We were given access to analytics data inside of SiteCatalyst for CostumeCraze.com. We then were required to dive into the data, define Key Performance Indicators, find an area of the site that needs improving, and make recommendations based on analytic data findings. The grand prize was $5,000 to the winning team.

We worked really, really hard on this. In just the last few days before the finals, we spent at least 13 hours together as a team, and 10 or more hours individually putting together reports, screen shots, and trying to make our recommendations bullet-proof.

The competition went well. We had practiced hard, and we had anticipated and prepared for many of the questions that we were asked. My team was awesome. Both Bens contributed a ton of insight into the whole process.

We only got to see one other presentation during the finals, since we were the 3rd of 4 to present. The presentation that we saw was really good. I wish I could have seen the other two, because I heard those were really good also and focused on areas that we hadn’t even considered in our research/presentation.

Anyways, we live in the Information Era, and the web and web analytics are becoming increasingly important. I’m glad we had this experience, and I now feel confident enough to do SiteCatalyst implementations and analysis for anyone who needs it.

I’ve come to realize that you learn a million times more by doing than by just studying. This may seem like a no brainer, but I really believe that experience is one of the best teachers. This applies to just about everything in life.

A couple of examples that have really driven this home for me has been the current Omniture competition that I’m involved in, the Adwords campaigns that we ran in Paul Allen’s Internet marketing class, and my recent starting of a business.

This year is my first year actually competing in the Omniture Analytics competition. I’ve attended all of the past final presentations, but always thought I was too busy to compete. I’ve watched, taken notes, and studied the charts, findings, and recommendations that prior teams have given, thinking that I could learn to be an effective data analyzer by just studying what the top teams have done. I’m sure this has helped us in getting into the finals this year, but I’ve gotta say, actually diving into Omniture’s Site Catalyst application and trying to pull out some gems is harder than it looks.

Our team spent hours and hours during the preparation time before the preliminary rounds just trying to figure out which direction to go. We debated key terms, key performance indicators, success events, and such. It actually took a good amount of time to narrow what we wanted to look for. Once we put it together, it all seemed obvious, but it was hard to not get distracted by all of the cool data found inside Site Catalyst. We watched training videos, read knowledge-base articles, but still, applying what we had studied was a whole new ballgame.

Last semester, we ran an Adwords campaign for WorldVitalRecords.com during our Internet marketing class. I had read plenty about how Adwords works, but I had never actually done it. It almost seemed intimidating to actually spend money on ads, but actually doing it was one of the best experiences that I had that semester. I learned more from doing than from learning about Adwords through articles and case studies.

Starting a business has been another awesome learning experience for me. I have always been fascinated by start-up businesses, but until last year had no experience with an actual start-up. I was able to spend 8 good months at Provo Labs, learning about what it took to run LDSAudio.com, LDSLibrary.com, and WorldHistory.com. I learned a lot of valuable lessons from that, but because ProvoLabs was venture funded, I missed out on a lot of the bootstrapped start-up experience.

My time at 42Co was a totally different experience, as we worked to get proposals to clients for contract work, pulled several all-nighters, and later pursued venture funding for TagJungle. I’m no longer with 42Co, but the time I spent there was very valuable. I was associated with a great team, and I moved closer to my goal of becoming an entrepreneur.

Now, Brian Corrales and I are starting our own venture, and things have been great. I’ve stepped into a new realm of managing my own business. It feels great to take charge of my future. I think the uncertainty and risk that comes along with entrepreneurship brings a lot of excitement and feeling of accomplishment when things come through.

I guess the point of all this is that experience is a great teacher. I know I’ll especially come to realize this in the next couple of days as all we’ve studied about being parents will fly out the window and we’ll be learning by doing.

In my Web Analytics class, we’re beginning to analyze Apache log files to extract Analytics data. Today, I pulled down a raw access log from this site to see what I could learn. I also have AWStats going to build reports for server access. As I’ve been digging through my access log, I’ve noticed that comment spammers make up a large portion of my server access.

I have found that comment spambots will hit a page on my blog, then scrape the page for the comments form, and then post spam comments to the form target. From AWStats, close to 50% of the access of my site are from Operating Systems that are unknown. This leads me to believe that about 50% of my access log data is pollution from spambots.

Luckily, spambots don’t usually download my Google Analytics JavaScript and execute it like a normal browser so the data is more pure.

Today, a list was posted with all of the blogs from our web analytics class. I’ve created an OPML file with all of the blog feeds included. So, if you use some kind of feed reader, you can import this opml file and read up on all of our blogs.
Here is the web analytics class opml file.

We’ve been required in our Web Analytics class to contribute to the BYU eBusiness Wiki. I took the topic of Risks of E-Business, but more specifically mitigating risks in E-Business. The page I contributed to is found at http://ebusiness.byu.edu/wiki/index.php?title=Mitigating_Risks.

Contributing to a University’s wiki has been somewhat stressful, as my contribution is being graded. Unlike Wikipedia, this wiki is less likely to be edited by other contributors, so what I have written will most likely stand there for a long period of time.

It has been a good experience to become more acquainted with wiki syntax and actually gain some wiki contribution experience.