رابط

An article appeared recently on vdoo.com explaining how an attack called “Typosquatting” works. This is not a new concept, but the implementation is interesting.

The way this works is that an attacker crafts a malware, then this malware itself (or a code that downloads and activates it) is then implanted in an innocent-looking code library.
The trick is to make a copy of a commonly used component or code library, name this copy with a name similar to original name but with a slight variation in the spelling which can result from a common typo. The malware is included in the fake copy explicitly or in a obfuscated manner to make it harder to get detected.

An well-intentioned developer writing code that uses that library writes an include statement that mistakenly references the malware-infused library, and that’s it. The bad library should function just like the original one, with some added (undesired) functionalities.

I could imaging this happening in a different way, given the current broad and expansive use of open source components, and the complexity of dependencies.
E.g. In the context of an open source project, the maintainers rely on other open source projects, and they trust the maintainers of those projects to provide well-maintained code. The 2nd level maintainers also depend on other projects, and the chain goes on. Many, if not all, of these open source projects rely on communal support and code enhancements. Eventually someone somewhere will go rouge and intentionally push an update that references IibraryO instead of library0, which the project maintainers might overlook because the two words look similar, but this action will have an effect which cascades over tens of dependent projects causing them all to become vulnerable on the next compilation.

I think the solution to this problem is to implement a black-listing system maintained by the same open-source communities; this system would include a way to submit suspicious projects, and a scoring mechanism to indicate the reputation of a specific component.

Coding Sins: Empty HTTP Header with MS WB

It’s a sin to try to send an HTTP header with an empty value using the Microsoft Web Browser Control. Just keep this in mind, and promise never to do it.

Including a no-value header causes the control to fail to load the URL and to not fully respect the ‘Cancel=True’ returned in its NavigateError event.

E.g.: If your headers look like this, they will certainly break the browser:

HTTP_X_APPLICATION_VERSION: 2.35
HTTP_X_CERT_TYPE:
HTTP_X_PUBLISHER_NAME: Yusran

How to go over Documents in a Notes View in a random order

Today I had the need to process documents in a certain view in a random order.

I have read previously about different algorithms that would iterate a collection (or array) randomly. Luckily, in Notes this can be achieved very easily using a View.

  1. Create a new View. Let’s name it “RandomDocs”.
  2. Set the selection formula to contain your documents of interest.
  3. Set the index to get built manually and expire immediately. This will force Notes/Domino to rebuild the View’s index every time it is accessed by your script, but not in the nightly index update.
    ViewIndexDiscard
  4. Add a column, sorted ascendingly or descendingly, and use the following formula:
    @Random
  5. Save and close the View.
  6. Use a script like this to iterate over the documents randomly:
Sub Initialize
    Dim s As New NotesSession
    Dim db As NotesDatabase
    Dim v As NotesView
    Dim doc As NotesDocument
    
    Set db = s.CurrentDatabase
    Set v = db.GetView("RandomDocs")
    v.AutoUpdate = False
    Call v.Refresh()
    
    Set doc = v.GetFirstDocument
    Do Until doc Is Nothing
        'We've got a random document in hand.
        Print doc.GetItemValue("Subject")(0)
        Set doc = v.GetNextDocument(doc)
    Loop
End Sub

That’s it!

Remember that every time the script runs the View’s index is getting rebuilt. This is not a very friendly operation for Domino/Notes, especially when the database contains thousands of documents, even if only a few are being filtered into the view, so you might want to wisely consider when and how often this code runs.