The Zana Zen

If you would like to sell something online, especially if it’s a digital product such as software or media, it is wise to build a website that will operate automatically without your interference, this way it saves you time and it is considered to be passive income.

So, after you set up a website, you can use a script that I’m selling, it is being used by many people for more than 2 years now so it does the job right The script is called EasyIPN and once you installed it on your web server, it lets you manage your digital content very easily with an admin panel. Basically it lets you:

1. Upload your digital products
2. Create auto-selling PayPal Buy Now buttons and connect them with the digital files that you uploaded
3. Easily integrate the buttons into your existing websites (written in PHP)

Once a buyer payed using that PayPal buy now button, PayPal notifies EasyIPN (being done automatically), and after a verification process EasyIPN makes with PayPal, an email with a download link is being sent to the buyer PayPal’s email address.

The buyer would click that download link which also contains the buyer’s PayPal transaction id, it is being used as a “password” to identify the specific buyer which bought a specific product. The lets you see if someone forwarded the link to someone by looking at the download requests in the logs. After all verifications have passed, the product is allowed to be downloaded.

Another protection layer is applied by using Watermarking, that is, embedding the buyer’s transaction ID on the products file. This way, if someone decides to “share” your work (aka, make illigel copies), you can tell who is he by getting your hands on the illegal copy and extract the transaction ID from it (this is “a secret” and only I can do that). The buyer is also aware of these protection schemes, and the deterrence should also work into your advantage as a seller.

If you are interested in selling software or media on your own website, EasyIPN can really be useful for your purpose, it includes all the features I described and the “security” checks as well, it lets you sell multiple products on multiple websites.
Have fun,
Guy.

Well… this is not 100% fool-proof but if you care about your passwords and there is a chance that a keylogger is installed on the PC you are using (of course you must use it! and not a safer one), try the following method to type your passwords, it is simple but yet will overcome a decent amount of keyloggers out there:

If, for example, your password is ghostbuster:

1. Type random parts of your password correctly: ghostbuster (type just htbu).
2. In another window, type a lot of gibberish , like that: “;jklehf;3jmxmpojgedrjqhnm,bBNVuytewpirk,vmb” (-:
3. Copy & Paste parts of your password and start assemble it in the password textbox ghostbuster
4. Use random order when copy & pasting
5. Delete parts of it by selecting parts of the password text and by pressing any key, do not use the backspace
6. If you place spaces in the password text then select the text by pressing Ctrl+Arrow
7. Assemble the password using all the above tips with random order

Thanks,
Guy.

Inspired by Paranoia, a book by Joseph Finder, I decided to write this post. Paranoia really had influenced my thinking as I was reading about Adam Cassidy, a young man who was hired to do some dirty industrial espionage work for another firm. The tools that are needed for this kind of work are various, and I’m not going to discuss about these tools but rather about an imminent need for this kind of job, and that is: the place to collect your prize.

Well, you don’t have to be an industrial spy to see the advantages in a steganographic file system, even the most naive and simple PC user can find a Steganographic file system useful, as it can protect him from different kind of threats. Information Hiding can protect users against hacker attacks, and information theft in general, imagine that your password list or your bank account info is hidden in an encrypted way inside your mp3 files (this is what I’m going to talk about).

It looks naive and unsuspicious, who would imagine that your sensitive information is stored over some ordinary looking files. If we will go back to our industrial spy example – let’s say that he needs to get some documents from a competitive firm, first he will apply for a job there, then, after he is actually there and have access to these documents, he needs to steal them – his stolen documents are going to be stored inside some movies or other media files, it is innocent and even if he is getting caught somehow, he can just play the movies at his hard drive / removalble media device (usb key for example).

Design

Whem I’m looking for requirements for such a project, I try to see it as simple as I can. Implementing the file system over regular files let’s you be independent from technologies or operating systems, the stegnographic file system should be portable and easy to implement in any language / OS. The storing media is also taking into account when you can be using your local hard drive or your removable USB key, it let’s you be independant from low level issues. the most innocent looking files I can think of are music files like MP3s, and the media can be any MP3 Player / iPod.

The file system requirements are also not so wide. It should give you the ability to store various files, inside different directories, if it’s feasible. The operations that the file system supports are the follows:

• Expand: Looping through a list of mp3 files and preparing them for future data.
• Format: Deleting all files that are currently availble in the file system.
• Add: Copy a file to the file system or from the file system.
• Remove: Delete an existing file from the file system.
• Rename: Changing the name of an existing file.
• Extract: Copy a file from the file system to any other place.

Simple Implementation

Lets say, that on each MP3 file you have a different amount of free data to store, so the file system overall storing size is the sum of all free size of each and every MP3 file. Each MP3 file should be treated as a stream, that is, the free size will be filled with chunks of the original files that we are storing, each chunk will contain a simple header that describes the chunk. It can be something like the following struct:

typedef struct _ORIGFILE_CHUNK {
/* crc32 of the current chunk */
UINT32 chunk_crc32;
UINT32 origfile_crc32;

struct orig_filename {
UINT8 filename_size;
CHAR filename[];
};

struct orig_data {
/* the offset from the original file */
UINT32 offset;
UINT32 chunk_size;
BYTE chunk_data[];
};

} ORIGFILE_CHUNK, *PORIGFILE_CHUNK;

The original files will be stored in chunks, in any order, over as many files that are needed. The restoring process will be done as follows:

1. Read all chunks into memory
2. Validate integrity for all the loaded chunks
3. Build a dictionary with the original filename as the key
4. Build the original files from the chunks

When these steps are done, we should validate integrity for each file. We’ll do that using the origfile_crc32 field of each chunk and compare them to the calculated crc32 of the overall original file data of the corresponding chunk.

The underlying steganographic approach can be anything you can think of, a nice project that is looking quite good is mp3stego, and can be used to implement the steganographic part, The data is further protected with encryption.

Conclusion

Armed with our MP3 steganographic file system, our evil spy can go to work, insert his USB key and listen to his favourite music while stealing and collecting info from the firm.

Are you scared?