Facebook changes again, this time for programmers

Facebook has announced that as of February first remove profile pages opened for applications. How do you prepare for this and what should you do now?

Another change in the area of ​​Facebook, but this time he relates mainly to developers and users. After a long period, which represented the dedicated profile pages and applications automatically open them herself – stopFacebook support them. In addition, announces that on February 1, delete these pages completely. So what can you do to keep the fans and information?

Changes the rules

Facebook announced that from February 1, remove profile pages only opened for applications on a social network. Although until now these pages are created automatically by Facebook itself every time he opened up a new application, the company explains that the profile pages work similarly to existing Pages. Due to inconsistencies between the two in-Insights, distribution channels and APIs, decided to unite the two.

Administrative application profile pages already come across the latest perched at the top of the page, informing them that from February 1 each profile pages opened for applications will be removed. In addition, the company offers to the skygear dedicated pages for the application – Pages , function similarly.

Currently, if you open a new application is not a profile page will automatically, but will be asked to create her own dedicated page. The new Page will contain a button that will lead directly to the application itself, can block, download or report it and of course link to contact us with the key.

So what do we do?

The first and most important you need to do before anything else – a backup. While Facebook offers you the fans to a new page and thus not lose them, but also notes that the transfer does not save messages that were released, Images, Insights , or anything else that appeared on the page. If you wish to save the information, you will need to back it up manually, by downloading content to your PC. Note that you must do so before you click Migrate, as soon as you click on it – the profile will disappear and you will have the option to enter it.

Afterwards, you can enter the application’s profile page and follow the instructions of Facebook, asking you to merge the profile page with new page, under the appropriate classification. In addition to the fans – as skygear were you, if you have a special link with the application name, the company also worry to him – if he still does not exist in the system.

Keep in mind that this is a fairly long process and you will need to be patient – Facebook notes that the transfer process can take up to seven days. In addition, application pages that will be transferred to the new pages until the date that Facebook said, will be lost – and attempt to access them will lead directly to the application itself. In addition, you lose all users who supported you and you will need to collect them from the beginning.

Buby – Extending PortSwigger Burp Suite through JRuby.

Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger. Burp is driven from and tied to JRuby with a Java extension using the BurpExtender API. This extension aims to add Ruby scriptability to Burp Suite with an interface comparable to the Burp’s pure Java extension interface.

Features/Problems :

  • Intercept and log proxied requests and responses via Burp into Ruby and perform arbitrary processing on them.
  • Modify requests and responses in-line using Ruby scripts.
  • Pass requests and other information from JRuby to various sub-interfaces in Burp
  • Use the Burp framework for active and passive scanning using arbitrary requests and responses.
  • Use the Burp framework for making arbitrary HTTP requests

Buby is implemented using an abstract Ruby event handler and interface class. The Buby Ruby class is back-ended with a minimal BurpExtender class implemented in Java. The java code is required to conform to nuances in the Burp extension interface and while it’s in the pure Java runtime, it acts as ‘glue’ where deemed appropriate, but otherwise tries to stay out of the way.

The java BurpExtender included with Buby is an implementation of IBurpExtender which is the interface API supplied by PortSwigger for writing extensions to Burp Suite. It mostly acts as a method proxy between Ruby and Java, doing very little except event handler proxying between the java and ruby runtimes with run-time type conversion as needed.

Read more in here

Download Version :    – download as zip       – download as tar.gz

PJScan a command-line utility that uses a learning algorithm to detect PDF files with JavaScript-related malware (i.e., malicious PDF files)

PJScan is a command-line utility that uses a learning algorithm to detect PDF files with JavaScript-related malware (i.e., malicious PDF files). The name PJScan is an acronym for “PDF and JavaScript Scanner”.

The learning algorithm

PJScan utilizes a machine learning algorithm called a One-class Support Vector Machine (One-class SVM) to learn a model of malicious PDF files and then uses this model to classify previously unseen, suspicious PDF files. This is accomplished in a two-step process:

Learning a model of malicious files.

This step consists of applying PJScan’s learning algorithm on a collection of malicious PDF files. PJScan analyzes these files, extracts JavaScript scripts from them (using libpdfjs) and applies a JavaScript tokenizer (pjscan-js, a modified version of Mozilla SpiderMonkey) in order to obtain the lexical properties of the scripts. The token sequences are then used as input (converted by libstem) for the machine learning algorithm (a One-class SVM implementation called libsvm_oc, based on libsvm), which outputs a model of known malicious PDF files. This model (saved as a file) is used as the input to the second step.

Classification of previously unseen files.

After a model of PDF files that are known to be malicious has been learned, it’s used for the classification of previously unseen PDF files. Every PDF file to be classified has its JavaScript scripts extracted, tokenized and converted for use with the learning algorithm. Finally, the learning algorithm compares this information with the learned model and classifies the file as malicous or benign.

Other uses

In addition to learning and classification, PJScan also features some useful diagnostic tools:

  • Dumping all JavaScript scripts from a PDF file.

You can use this tool to extract the source code of all JavaScript scripts from a certain PDF file for further analysis. The scripts are saved as UTF-8-encoded text files with a .js extension in a directory.

  • Analysis of machine learning features.

Top N machine learning features are extracted from a PDF file and printed in comparison with the features found in a previously learned model. This is useful for the analysis of the impact of individual features of JavaScript code on the classification result.

System Support : Linux | Read More in here

Change log

Download in here  : http://sourceforge.net mirror pjscan.tgz