reputedly, it is possible to make a "malicious" Word document. Maybe using embedded VB script? Anyway, not sure. My question is, is it possible to make an app that safely scrubs all such insertions from a .doc file? Of course, preferably this app should work without actually opening that file in Word application since presumably that may be sufficient for the machine to get damaged.
Is there something like that out there already? Is this even a problem worthy of discussion or in reality there is nothing really malicious that can be done using the Word documents distributed online?
ADDED LATER: johnnyArt, yes, and when you get dirt on your clothes, make sure to go to mommy and tell her about it. Mommy knows best! As a computer programmer, I am interested in learning more about how the world works, including how the world of .doc files and their embedded malicious scripts works. As for using the antivirus and anti-spyware, I will handle these issues without your precious advice. As will, probably, most other users of this forum.
You should scan the file with your antivirus/spyware of choice.
My advice is, if it has malware in it, it's not worth "cleaning" it for use.
Get yourself a clean copy somewhere else.
Related
At work, attached files size to email is limited to 10 Mo and because of many reasons :
Outlook is the only way to share files
I can only use the programs already installed
I am trying to create a VBA macro to :
automatically split PDF bigger than 10 Mo by printing them into smaller files
merge them on the other side
I know it is far from ideal (and many tools exists to do it), but I have no other options.
So far, it seems that I can only use PDFCreator and Adobe Reader for this task, as no other helpfull tools are deployed on my PC (mostly Office)... and I can not figure a way to use command line for printing range of pages.
I successfully created a working (very) inelegant macro, based on Shell commands and SendKeys VBA, basically emulating human interaction to print range A, then waiting for the job to be done, them printing range B, and so on... Among the many problems I should now solve :
add protection to take into account machines with different processing power (replace my timings with file creation verification and detect if jobs are still running in the background)
create a robust merging system when receiving the mail
Plus I am very dependant of the software versions installed, and I foresee a lot of issues with software updates/version if this macro is to be used by many people.
So this method doesn't have a bright futur for now, and unless I find an other way to solve this problem, I will probably give up and keep doing this manually (after all, if my employer doesn't provide better tool, I should not be expected to be as efficient as I could).
Have you any insight about how to cleverly solve this issue ?
(Yes, I already told my boss that working like this is a nightmare, but easy file exchange is not the priority).
I managed to solve my problem using 7-zip and its "-v" option using command line : I split my big file into binary smaller files and automatically create new mail with them as attachments.
I am a Ph.D student, and I usually write articles which are later proof-read by my supervisor. I usually do it in LaTeX and reviews are done to the PDF outputs in Adobe Reader itself. There are mostly grammatical ones and mostly I miss prepositions and conjuctions in fast writing. To re-phrase everything I have to manually enter everything in my LaTeX script again.
This seems to be hell lot of work and this goes on multiple times sometimes. Is there any software in current world that makes the task easier? For example, if a text stuck out for grammar errors and suggested alternatives, can I accept the changes to replace old one with new phrase or sentence and also able to blank out the striked text. Please suggest me a tool which really makes my life easier.
You may want to take a look at the following link. It has some good information about version controlling.
http://en.wikibooks.org/wiki/LaTeX/Collaborative_Writing_of_LaTeX_Documents
You could attach the LaTeX sources to the PDF (with the attachfile2 package), so reviewers can directly edit the source and send that back. Or you try to accept comments to the PDF, but currently only Adobe Reader and Foxit allow that - and not on Linux.
I've been looking for an IDE or Text Editor that can save "snapshots" of my code. I have been coding in a lot of new languages lately using a lot of trial and error. I often find myself wanting to revert a file or multiple files because of a coding/design decisions made in the last couple of hours or even days. It would be nice if I could take a snapshot of my code periodically and reverting to a past snapshot rather than manually making copies of my files on intervals.
I'd imagine that there has to be atleast an editor that shows version-history of a file. ( I realize I could use git or svn or any other versioning solution, but I'd like a more automated process.)
(if not an IDE, does anyone know how to configure Windows-ShadowCopy, OSX-TimeMachine, to make backups of my development folder on 45min intervals... or even a third-party program.)
Eclipse takes a local history on a per file basis... but personally I would strongly suggest using source control for this. If you use something like git or Mercurial, your commits are all local anyway - and it means you'll have a consistent snapshot at moments where you believe you've reached a useful point.
With a bit of experience it only takes a few seconds to commit your current work, and I think it's likely to prove more useful over time than automatically snapshotting either every save or at random intervals.
(It's hard to know whether Eclipse will actually be useful to you, as you haven't specified which language you'll be programming in. Admittedly there are plugins for a fair number of languages in Eclipse...)
Cloud App has this neat feature wherein it automatically uploads new screenshots as they are added to the Desktop. Any ideas how this is done?
You can do similar things yourself without much in the way of programming. In OSX, you can configure "Folder Actions" to run a script, for example, when a new item appears in a folder, including the Desktop. You can then use the script to do whatever you want with the new files.
This article at TUAW includes an example of uploading files to a web server when they hit a particular folder.
So, basically, the answer is "Folder Actions", or "something's keeping an eye on the folder and sending notifications", at some level. Whether Cloud App uses Folder Actions or watches the folder itself at a lower level, using FSEvents/NSWorkspace, or the kqueue mechanisms (for which there's a nice wrapper class called UKKQueue, if I remember correctly -- don't know how current my knowledge is on that one though!) is another matter...
You could implement this at several different levels, depending on the outcome you want, how you want to design whatever it is you're actually doing, and even what kind of filesystem you're targeting. Fundamentally, in Cocoa/Objective C, I think you probably want to start looking at FSEvents.
Once you've got notifications of the file changes, I'd probably use something like ConnectionKit to do the uploading -- any library at all, really, that means you don't have to bother with the sockets level yourself -- but again, there's a lot of different ways.
Depends, really, what level you're looking to solve the problem at, and whether you want to build something for other people or get something working for yourself. If I just wanted to bash something together for myself, I could probably have something cobbled together using Coda's Transmit app, and Folder Actions, or maybe Hazel, and a minimal bit of Applescript, in a half-hour at most, that would do the job well enough for me...
I am not sure what you are asking for exactly. If you are asking for a way to take a screenshot programmatically in MacOSX, I suggest you have a look at the "screencapture" command (in the terminal, type "man screencapture" for doc).
If you want to do it the "hard" way, you should look at this.
I have a shell script stored in the resources folder of my Cocoa app. If used improperly it could be dangerous (even though I have taken precautions to reduce exploits, such as using the absolute path to commands) so is there any way to encrypt the script in binary format, then decrypt it when it needs to be used?
Thanks
It seems as if your concern is about people getting write access to the script and modifying it to run arbitrary code. You could keep a checksum for the script in the binary and compare that with the checksum of the script before you run it. Now, how do you stop people from editing the binary too? Code signing. In fact, if you keep the shell script in the app bundle then editing the script will break the signature of the bundle anyway.
This does not make a lot of sense. If an attacker has access to edit this script file, then they likely have access to edit any number of files, your application is less likely to be a security risk than any number of other things would be attacker could do.
No. If the user will decrypt it to use it, then she can see (and intercept) the clear text at some point. If you think you have "shell-like" things to do, do them in C/ObjC... This can be your friend.
What you're asking for is essentially DRM. A different purpose (“security” instead of thwarting copyright infringement), but the same approach, with the same problems.
In order for the user to be able to normally use the (music|video|script), they must be able to decrypt it. You would do this for them under only the right conditions in your (player|app), but that doesn't matter: no matter how well you hide it, you still have to provide the user with all the technology and keys necessary to decrypt the (music|video|script), so that your (player|app) can do that.
And then, since the user has all the technology and keys necessary to decrypt it, an attacker can and eventually will uncover them all and decrypt the (music|video|script) on their own.
I second Massa's suggestion of switching away from a shell script. This doesn't completely eliminate risk: If an attacker can gain access to write to your shell script, they can gain access to write to a Mach-O executable just as easily. But editing a Mach-O executable is not nearly as easy, so you are at least raising the bar that way.