Category: Internet

A confused deputy attack

A confused deputy is a computer program that is innocently fooled by some other party into misusing its authority. It is a specific type of privilege escalation. In information security, the confused deputy problem is often cited as an example of why capability-based security is important, as capability systems protect against this whereas ACL-based systems do not.

Confidence trick based scams are based on gaining the trust of a victim in order for an attacker to use them as a confused deputy. For example in Salting, an attacker presents a victim with what appears to be a mineral-rich mine. In this case an attacker is using a victim’s greed to persuade them to perform an action that the victim would not normally do.

When checking out at a grocery store, the cashier will scan the barcode of each item to determine the total cost. A thief could replace barcodes on his items with those of cheaper items. In this attack the cashier is a confused deputy that is using seemingly valid barcodes to determine the total cost.

A cross-site request forgery (CSRF) is an example of a confused deputy attack that uses the web browser to perform sensitive actions against a web application. A common form of this attack occurs when a web application uses a cookie to authenticate all requests transmitted by a browser. Using JavaScript an attacker can force a browser into transmitting authenticated HTTP requests.

The Samy computer worm used Cross-Site Scripting (XSS) to turn the browser’s authenticated MySpace session into a confused deputy. Using XSS the worm forced the browser into posting an executable copy of the worm as a MySpace message which was then viewed and executed by friends of the infected user.

Clickjacking is an attack where the user acts as the confused deputy. In this attack a user thinks they are harmlessly browsing a website (an attacker-controlled website) but they are in fact tricked into performing sensitive actions on another website.[3]

An FTP bounce attack can allow an attacker to indirectly connect to TCP ports that the attacker’s machine has no access to, using a remote FTP server as the confused deputy.

Another example relates to personal firewall software. It can restrict internet access for specific applications. Some applications circumvent this by starting a browser with a specific URL. The browser has authority to open a network connection, even though the application does not. Firewall software can attempt to address this by prompting the user in cases where one program starts another which then accesses the network. However, the user frequently does not have sufficient information to determine whether such an access is legitimate—false positives are common, and there is a substantial risk that even sophisticated users will become habituated to clicking ‘OK’ to these prompts.[4]

Not every program that misuses authority is a confused deputy. Sometimes misuse of authority is simply a result of a program error. The confused deputy problem occurs when the designation of an object is passed from one program to another, and the associated permission changes unintentionally, without any explicit action by either party. It is insidious because neither party did anything explicit to change the authority.

EPUB publishing

ton of different formats:

.aeh (used by Archos eReaders)
.lrx (used by Sony eReaders)
.ibooks (used by Apple eReaders)
.pkg (used by Newton eReaders)
.mobi (used by Amazon Kindle eReaders)
.epub (used by just about everyone else, including Barnes & Noble NOOK eReaders)

There are actually even more formats than those. That’s just a small sample. So, which one should you make?

Well, the only formats you need to create are EPUB and MOBI. Forget the others. EPUB is quickly becoming the industry standard and 90% of the eReaders on the market can open EPUB files. There is also a very simple conversion tool to change your EPUB into a MOBI. So, you really only need to make an EPUB, convert it to MOBI, and your book will be accessible on 99% of the eReaders out there, including NOOK and Kindle.

 

Build a digital book with EPUB

The open XML-based eBook format

Need to distribute documentation, create an eBook, or just archive your favorite blog posts? EPUB is an open specification for digital books based on familiar technologies like XML, CSS, and XHTML, and EPUB files can be read on portable e-ink devices, mobile phones, and desktop computers. This tutorial explains the EPUB format in detail, demonstrates EPUB validation using Java technology, and moves step-by-step through automating EPUB creation using DocBook and Python.

EPUB (short for electronic publication) is a free and open e-book standard by the International Digital Publishing Forum (IDPF). Files have the extension .epub.

Continue reading “EPUB publishing”

DVDFab

DVDFab Passkey 8.2.1.7

This is why DVDFab.com is down – the actual injunction

Posted at 12 March 2014 15:44 CET by Jan Willem Aldershoff

Recently we reported that the DVDFab.com domain was shutdown due to an injunction sought by the AACS LA (Advanced Access Content System Licensing Administrator). The AACS LA is the developer and licensee of  AACS , a copy protection part of the Blu-ray specification. Their interest in DVDFab is not surprising, DVDFab contains functionality to circumvent the AACS copy protection, rendering it useless.

As DVDFab is in China the company is currently coping well, their website is still available through other domain names and orders are processed as usual.

DVDFab sees Facebook page removed, launchesIlikeDVDFab.com

Posted at 12 March 2014 17:41 CET by Jan Willem Aldershoff

While Facebook removed their  page today, DVDFab started a website explaining what happened and asking people for their support. On the website IlikeDVDFab.com the company asks people to tweet the message; “love this software and I need DVDFab come back! #DVDFabComeBack”.

http://en.dvdfab.cn/download.htm

Mini-Stream Ripper

Digital Media Converter is a very good free audio video converter software that also converts every type of media file. No adware, and completely virus free. Great for converting files for YouTube
http://www.deskshare.com/media-converter.aspx

What is RMJ file?
RMJ file is a Real Jukebox file
File extension: .rmj
MIME type: application/vnd.rn-realsystem-rmj, application/vnd.rn-rn-taiko-real-rmj
Developed by: RealNetworks
Type of format: audio file formatWhat is MP3 File?
MP3s are small, high quality audio files that can be played on MP3 players or software.
File extension: .mp3
MIME type: audio/mpeg
Type of format: AudioTo convert RMJ to MP3, you must use a file format converter program. Converter programs are abundantly available via the web. BestShareware.net may be a good place for you to start shopping around. Many downloadable programs offer a free trial period so you may find it a good idea to try a program before purchasing it.3 basic steps to converting RMJ to MP3:

* Download a converter that supports RMJ to MP3 conversions.
* Install the program on your computer.
* Follow the instructions the program provides you with and you will be able to convert RMJ to MP3 format.

Here you can find out RMJ to MP3 Converter tools!

RM to MP3 Converter lets you easily to convert Real Audio files (.rm, .ra, .ram, .rmj) to MP3.

Mini-stream Ripper is a multi-channel Music Converter, which makes it convenient to convert RMJ to MP3, WMA, format. Support Batch Conversion.

Easy RM to MP3 Converter is an easy-to-use tool for converting Real Audio files to mp3 format. Also Support Convert RMJ to MP3.

Source:

Mini-Stream Ripper

Although it handles its main job without incident and supports a decent number of audio codecs, this ripper/converter has a poorly designed interface that may turn some users off. Mini-stream Ripper’s main window is merely a small, nonresizable, gray box with menu items for Load, Batch, and Convert. Although you can use the Load button to queue up files, you also can simply drag and drop them to the main window. Clicking the Batch button lets you convert multiple files into MP3, WAV, WMA, OGG, RM, and FLAC formats at the quality of your choice, whereas the Convert icon allows you to transform single files. We wonder why all conversions can’t be handled from the same menu item. Also, though the application does rip CDs, you’ll have to browse to your drive to do so, as the interface lacks a dedicated icon for extracting tracks. We also were disappointed to discover the ripping tool can’t retrieve song information from the Web and that the demo will convert only six files at a time. Still, since this program does what it promises, we think savvier users may find it worth downloading.

Norton labels any new sofware as WS.Reputation.1

WS.Reputation.1 – is this the best they can come with?

‎12-21-2011 08:29 PM – edited ‎12-21-2011 08:33 PM

I just found out that Norton labels any new sofware as WS.Reputation.1 VIRUS and deletes it after the download.

Please can some here answer these questions?

1. How Norton users will get to a perfectly fine new file if it is labeled as virus and deleted?
2. Why Norton ruins businesses by labeling perfectly fine new version of software as virus?
3. Why is Norton LYING to his paying customers and robs them from ability to try and use perfectly fine software?
4. Is that the best they can think of? Taking customers money for nothing is that the new Norton business model?
5. Do you pretend to have reputation by scaring people with nonsense and lying about other vendor files and labeling them WS.Reputation.1 ?

They have invented this name WS.Reputation.1 to sound like a virus. On their own qweb site they explain they use that label when they DO NOT KNOW ANYTHING ABOUT THE FILE! How can you label file as virus if you acknowledge you do not know anything about it? Are you running a little scam here?