Amazon Looks Like It’s Creating A Netflix For Books

The following is from:
http://www.huffingtonpost.com/2014/07/16/amazon-kindle-unlimited_n_5591877.html?page_version=legacy&view=print&comm_ref=false

Amazon Looks Like It’s Creating A Netflix For Books
Posted: 07/16/2014 1:31 pm EDT | Updated: 07/16/2014 1:59 pm EDT
Amazon is about to make it even harder for book-lovers to quit Amazon by unveiling a new service that the company clearly hopes will become the Netflix of books.
Gigaom reported Wednesday that the online retailer appears to be testing a new e-book and audiobook subscription service called “Kindle Unlimited” in the U.S. The service will cost $9.99 a month — making it more expensive than Amazon Prime, which costs $99 a year, or $8.25 a month — and will offer unlimited access to more than 600,000 titles and 7,000 audiobooks.
Users on Kindle Boards, a forum for Kindle users, posted about the service early Wednesday. Amazon pages related to Kindle Unlimited have since been pulled down, but Gigaom found a version of the page available through Google Cache. kindle unlimited
A screenshot of the Kindle Unlimited page, archived in Google Cache.
There is one page that is still active online: “KU Test.” The page boasts nearly 650,000 titles, including many available through Amazon’s Kindle Owners Lending Library, an Amazon Prime service that lets members borrow one free e-book per month.
Amazon appears to be preparing to challenge existing e-book subscription services like Oyster Books — which was billed as “Netflix for books” when it launched — and Scribd. Oyster Books has a library of more than 500,000 titles available for $9.95 per month, while Scribd offers more than 400,000 titles for $8.99 a month. Both services received a huge boost earlier this year when major publisher Simon & Schuster made its titles available to Scribd and Oyster subscribers.
But unlike Oyster and Scribd, Amazon’s service also appears to offer more than 7,000 audiobook titles. Critics of Amazon have argued the company holds a monopoly of sorts over the audiobook markets. Amazon bought leading audio entertainment producer Audible in 2008, which boasts the world’s largest catalog of audio books.
Given Amazon’s existing relationships with major book publishers, not to mention its well-documented ability to find its way into better deals with authors, publishers and retailers, the company’s new service should make competitors nervous. Amazon did not immediately respond to a request for comment.

Advertisements

Some Basic Rules To Stay Safe

Here are some simple rules that everyone needs to follow in order to stay safe online.

1. If you didn’t go looking for it, don’t install it.
If you go to a web site and get a message like, in order to view this content you need to install a plug-in or your plug-in is out of date. Click here to install.
Well, you didn’t go to that site to view something, you were just browsing around or following a link from another page. Why would you want to install a plug-in for something you didn’t go looking for to watch to start with?
If you need to install Adobe’s flash player, go to adobe to download it and not easy download site.com.

2. If you have installed a program, or already have it installed on your computer, keep it updated. Many problems with Windows that allow someone to take control of your computer have already been fixed, often several months ago. But if you don’t update your operating software or programs, you can’t benefit from that security fix.
If you are using Windows and haven’t figured this out yet: Microsoft releases security fixes and updates on the second Tuesday of each month. Its called Windows Update Tuesday. The updates are usually available after 12 pm central time for those who want to check manually, but its just easier to keep automatic updates turned on and checking every day.

3. If its installed and you don’t need it anymore, uninstall it. Its just one less program to keep updated and to worry about.

4. Keep regular backups of your data. Many of the current methods of holding your data hostage can be forgotten about if you have another copy of your files. There are free methods in current versions of Windows and Mac that allow you to make a backup or system image plus a backup. The same goes for your mobile devices.

5. Gone are the days where a certain operating system can’t get attacked or taken control of remotely. Things can happen to Windows based computers, Mac systems, Android phones and tablets and even IOS phones and pads, especially when the bad guy convinces you to do something for them so they can get in or take control.

6. No bank or company is going to ask you to give your password or info via e-mail. Your bank isn’t going to ask you to open an attachment so you can verify your credit card number. Your e-mail provider isn’t going to send you a form asking for your password to reset your transfer quota limit.

Bundled Software and Attack Surface

The following is from:
http://www.cert.org/blogs/certcc/post.cfm?EntryID=199

Bundled Software and Attack Surface
By Will Dormann on 07/07/2014 | Permalink
Hi, it’s Will. We are all probably annoyed by software that bundles other applications that we didn’t ask for. You want a specific application, but depending on what the application is, where you downloaded it from, and how carefully you paid attention to the installation process, you could have some extra goodies that came along for the ride. You might have components referred to as adware, foistware, scareware, potentially unwanted programs (PUPs), or worse. Sure, these may be annoyances, but there’s an even more important security aspect to these types of applications: attack surface.
Recently I was working in a virtual machine, and I needed to extract an archive. 7-Zip seemed like a reasonable choice, so I used the default search engine in the default browser in the virtual machine: bing-7zip3.png
I encountered quite the minefield, and I hadn’t even gotten to the point of downloading anything yet! It’s not that any of the sites outlined in red are necessarily malicious, but rather, if 7-zip is installed from any of those sites, I will likely end up with additional unwanted software. This got me wondering about what sort of software other folks might be downloading.
There are sites that are known for bundling installers for the purpose of generating advertising revenue, such as Download.com, Softonic.com, or Winstally.com. Let’s look at a single download from one of the many sites where you can download software, in particular, KMPlayer from CNET Download.com. I chose this application from the list of popular downloads that Download.com provides. In any given week, this application is downloaded approximately half a million times.
A simple thing to do with a file that you’re curious about is to upload it to virustotal.com. The results of the KMPlayer installer from Download.com are interesting. As of the publication of this blog entry, four different AV products detect that the Download.com installer for KMPlayer contains potentially unwanted software.
As it turns out, the behavior of the Download.com installer wrapper has been known for years. The Electronic Frontier Foundation (EFF) wrote about it in 2011. Several other sources have discussed Download.com installer issues as well. It’s pretty clear that installing software from Download.com and other similar sources may result in unwanted software being installed with the software you wanted. But what are the security aspects of such bundling?
For now let’s ignore the specific behaviors of the bundled software and just consider the fact that you have more software on your system. Generally speaking, the more software you have on your system, the larger your attack surface. And the larger the attack surface, the higher the risk.
Let’s say that we don’t have one of the 4 AV products that would warn us when we attempt to run the Download.com installer for KMPlayer, so we proceed with installation. We are first presented with a dialog stating that the download is secure and has been ensured to be virus and spyware free, which is good to know. km1.png
As soon as we click into the installer, we are presented with the first advertising-supported offer: km_clickhere2.png
The nature of this dialog is deceptive, presumably with the intention of convincing more people to install additional software. First, the green “Next Step” button in the previous step has been replaced with an “Accept” button. So if the user has not moved the mouse and simply clicks through to the next step, the extra bundled software will be installed. Second, the “Decline” button appears to be disabled and the user may believe that clicking it may cancel the entire installation process. What the button actually does is opt out of installing additional unnecessary software.
If we’re not careful, we’ll end up with software called “Search Protect,” which installs a service that runs with SYSTEM privileges and also spawns two separate processes that run with the privileges of the currently logged-on user. If we continue with the installation, there are two more offers in the Download.com wrapper installer. The offers seem to be somewhat dynamic, but I’ve seen things like PassShow, RRSavings, and AtuZi. These sorts of programs hook into your browser, exposing a larger attack surface, and potentially making the system less secure. Once we get through the Download.com wrapper installer, we finally get to the KMPlayer installer itself: km8.png
Great. Now we can install the software we actually wanted in the first place. But wait, there’s more! km5_default2.png
The default installation may include AVG Secure Search software. Despite the software claiming to provide “an additional security layer while searching and surfing,” its installation means more code on your system and therefore another thing that attackers might target. The download also provides a web browser toolbar, installs an ActiveX control that bypasses the Internet Explorer Protected Mode sandbox as well as the ActiveX Opt-in feature introduced with IE7, and it changes the browser’s homepage.
Given that CERT has an awesome ActiveX testing tool called Dranzer, I figured that I would take a quick look at this particular control. As it turns out, this one ActiveX control, called ScriptHelper, exposes a number of dangerous methods for anybody on the internet to abuse (CERT VU#960193). This is a perfect example of more software putting you at increased risk.
So now, since we might not want the AVG Secure Search software and we definitely don’t want the ActiveX control, we choose custom installation: km5a_custom2.png
Just when we think we’re past additional software, there’s even more: km6a_custom2.png
Here we can uncheck the box to let the installer know that we don’t care about helping the world or else we’ll get more unwanted code on our system.
Finally, we’re done installing the software. Time to celebrate! We’ll fire up our web browser to look at the newest kitten photos. If we did not go through the extra steps of deselecting the bundled software, we’ll start getting browser pop-ups like this: ie2a.png
The version of Internet Explorer in the virtual machine I used for testing was horribly out of date, so I clicked away to get the update. Look at the VirusTotal report for this download. This one looks even scarier than the last. Every new application loaded onto the system comes bundled with even more unwanted software. At this point, between the pop-ups, the runaway CPU usage, and application crashes, the virtual machine was nearly unusable.
This all started from a single application installed from Download.com. The other advertising-supported recommendations from my original search engine query also put the system in a similar state in the end: slow, bloated, and having an increased attack surface. Conclusion
Free software isn’t always free. Just because you’re not paying money out of your wallet doesn’t mean that there isn’t an economic transaction occurring somewhere as the result of installing the software on your computer. Certain vendors pay money to get their software loaded on to computers. So when you download a free application that is free only because it is bundled with adware, consider the security implications of your actions.
A good strategy is to try your best to find the official developer’s website for the software so that you can download it directly. Regardless of the search engine that you use, be aware of which links in the results are from advertisers and avoid those. Be aware of sites that are known for bundling installers for the purpose of generating advertising revenue, such as Download.com, Softonic.com, or Winstally.com.
If you must use a service known for bundling adware into their installers, pay careful attention to the installation steps to make sure to opt out of any additional software choices provided. Even installing applications such as Oracle Java or Adobe Flash may result in unwanted software, such as browser toolbars, if you are not careful.
One strategy for helping to stay safer on the internet is to minimize your attack surface. More software is not the solution, it’s the problem.