12-30-2016, 05:05 AM | #1 | |
Guru
Posts: 927
Karma: 2143512
Join Date: Nov 2011
Location: London, UK
Device: Kobo Aura, Kobo Aura ONE, Marvin 3
|
Malicious ebooks?
I just saw this tweet:
Quote:
|
|
12-30-2016, 06:37 AM | #2 |
Fanatic
Posts: 532
Karma: 1062755
Join Date: Aug 2005
Location: London, UK
Device: Kobo Aura One, iPad, iPhone
|
I doubt most are that secure.
|
12-30-2016, 09:15 AM | #3 |
occasional author
Posts: 2,314
Karma: 2064403292
Join Date: Sep 2011
Location: Wandering God's glorious hills, valleys and plains.
Device: A Franklin BI (before Internet) was the first. I still have it.
|
Can you imagine this, where a malevolent eBook has taken the place of the TV.
|
12-30-2016, 09:59 AM | #4 |
Resident Curmudgeon
Posts: 73,957
Karma: 128903250
Join Date: Nov 2006
Location: Roslindale, Massachusetts
Device: Kobo Libra 2, Kobo Aura H2O, PRS-650, PRS-T1, nook STR, PW3
|
I've always thought that javascript inside and eBook was a rather bad idea. It's a book, not a computer program.
|
12-30-2016, 10:08 AM | #5 | |
Guru
Posts: 927
Karma: 2143512
Join Date: Nov 2011
Location: London, UK
Device: Kobo Aura, Kobo Aura ONE, Marvin 3
|
Quote:
But even plain old XML can also be abused in interesting ways. XML External Entities (e.g. "billion laughs") and XIncludes.... |
|
12-30-2016, 11:27 AM | #6 |
Just a Yellow Smiley.
Posts: 19,161
Karma: 83862859
Join Date: Jul 2015
Location: Texas
Device: K4, K5, fire, kobo, galaxy
|
Did the person happen to tweet where they acquired this epub?
|
12-30-2016, 12:52 PM | #7 |
Guru
Posts: 927
Karma: 2143512
Join Date: Nov 2011
Location: London, UK
Device: Kobo Aura, Kobo Aura ONE, Marvin 3
|
|
12-30-2016, 01:08 PM | #8 | |
Just a Yellow Smiley.
Posts: 19,161
Karma: 83862859
Join Date: Jul 2015
Location: Texas
Device: K4, K5, fire, kobo, galaxy
|
Quote:
I am totally confused. He tweeted he got a malicious epub, but yet he made the epub? It cannot be both. So he made a malicious epub. Or I am totally misunderstanding the first tweet. I read it as I downloaded a malicious epub from a website. |
|
12-30-2016, 01:14 PM | #9 |
Guru
Posts: 927
Karma: 2143512
Join Date: Nov 2011
Location: London, UK
Device: Kobo Aura, Kobo Aura ONE, Marvin 3
|
No, his first tweet only said he had "a" malicious epub without saying about where he got it from - you have to read the rest of the twitter thread to see he made it using an existing exploit.
I'd be interested in knowing what he did too! |
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Kindle and malicious hot spots | Julius Caesar | Kindle Developer's Corner | 20 | 07-18-2016 02:52 PM |
MALICIOUS | jpraven | Self-Promotions by Authors and Publishers | 0 | 11-19-2013 10:13 AM |
Google's official app market found hosting malicious Android apps—again | monkeyluis | Android Devices | 19 | 04-20-2012 08:33 PM |