Aria2: CLI downloader for HTTP, FTP, torrents, metalinks

<!–

aria2 is a lightweight multi-protocol & multi-source command-line
download utility. It supports HTTP/HTTPS, FTP, SFTP,
BitTorrent and Metalink. aria2 can be manipulated via built-in
JSON-RPC and XML-RPC interfaces.

Download

Download version 1.21.0.
There you can download source distribution and binaries for OS X, Windows and Android.

The legacy releases earlier than 1.19.1 are available
here.

Features

  • Multi-Connection Download.
    aria2 can download a file
    from multiple sources/protocols and tries to utilize your
    maximum download bandwidth. Really speeds up your download
    experience.

  • Lightweight.
    aria2 doesn’t require much memory and CPU time. When disk cache is
    off, the physical memory usage is typically 4MiB (normal
    HTTP/FTP downloads) to 9MiB (BitTorrent downloads). CPU usage in
    BitTorrent with download speed of 2.8MiB/sec is around 6%.

  • Fully Featured BitTorrent Client.
    All features you want in BitTorrent client are available: DHT,
    PEX, Encryption, Magnet URI, Web-Seeding, Selective Downloads,
    Local Peer Discovery and UDP tracker.

  • Metalink Enabled.
    aria2 supports The Metalink Download Description Format
    (aka Metalink v4),
    Metalink version 3 and
    Metalink/HTTP.
    Metalink offers the file verification, HTTP/FTP/SFTP/BitTorrent integration
    and the various configurations for language, location, OS, etc.

  • Remote Control.
    aria2 supports RPC interface to control the aria2 process.
    The supported interfaces are JSON-RPC (over HTTP and WebSocket)
    and XML-RPC.

Usage Examples

Command-line scares you off? No, aria2 is really easy to use!!

Download from WEB:

1
$ aria2c http://example.org/mylinux.iso

Download from 2 sources:

1
$ aria2c http://a/f.iso ftp://b/f.iso

Download using 2 connections per host:

1
$ aria2c -x2 http://a/f.iso

BitTorrent:

1
$ aria2c http://example.org/mylinux.torrent

BitTorrent Magnet URI:

1
$ aria2c 'magnet:?xt=urn:btih:248D0A1CD08284299DE78D5C1ED359BB46717D8C'

Metalink:

1
$ aria2c http://example.org/mylinux.metalink

Download URIs found in text file:

Related Projects

UI Frontends

  • webui-aria2: Web browser interface for aria2 (2012 GSOC project)
  • uGet: the Linux Download Manager

License

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or (at
your option) any later version.

Copyright © 2016 – Tatsuhiro Tsujikawa –
Powered by Octopress


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/YjaTt87vy0c/

Original article

File system browser in Node?

File system browser in Node?

davewiner

Suppose I have a Linux server that’s running a Node app that stores data in the file system.

I don’t want to go to the trouble of running a full desktop shell on the server, rather I’d just like a way to browse the filesystem structure in a tree format, through a web browser.

So I’d install a piece of software on the server that provides very basic file browsing capabilities. Just to help me debug stuff.

Does such a thing exist?

PS: Right now I’m using Dropbox for this, but it’s way overkill. I don’t really need to have the files sync’d — I just need to be able to see what’s there.


Original URL: http://scripting.com/2016/04/07/1169.html

Original article

37 Free Ways to Use Tech in Your Law School Course

I often run across interesting ways that faculty can and do use technology in their courses – law faculty and others – and I decided to collect them all in one place for the benefit of law faculty seeking interesting ideas.  Some ideas are more substantive than others, and they all require some small effort […]


Original URL: http://spotlight.classcaster.net/2016/04/07/37-free-ways-to-use-tech-in-your-law-school-course/

Original article

WordPress Plugin Possible Cause in Mossack Fonseca Breach

This entry was posted in General Security, WordPress Security on April 7, 2016 by mark   12 Replies

Mossack Fonseca (MF), the Panamanian law firm at the center of the so called Panama Papers Breach may have been breached via a vulnerable version of Revolution Slider. The data breach has so far brought down the Prime Minister of Iceland and surrounded Russian President Putin and British Prime Minister David Cameron with controversy, among other famous public figures. It is the largest data breach to journalists in history, weighing in at 2.6 terabytes and 11.5 million documents.

Forbes have reported that MF was giving their customers access to data via a web portal running a vulnerable version of Drupal. We performed an analysis on the MF website and have noted the following:

The MF website runs WordPress and is currently running a version of Revolution Slider that is vulnerable to attack and will grant a remote attacker a shell on the web server. 

Viewing this link on the current MF website to a Revolution Slider file reveals the version of revslider they are running is 2.1.7. Versions of Revslider all the way up to 3.0.95 are vulnerable to attack.

Mossack Fonseca running vulnerable Revolution Slider

It appears that MF have now put their site behind a firewall which would protect against this vulnerability being exploited. This is a recent change within the last month.

Looking at their IP history on Netcraft shows that their IP was on the same network as their mail servers.

Screen Shot 2016-04-07 at 9.58.56 AM

ViewDNS.info further confirms that this was a recent move to protect their website:

Screen Shot 2016-04-07 at 10.09.51 AM

According to service crawler Shodan, one of the IP’s on their 200.46.144.0 network runs Exchange 2010 mail server which indicates this network block is either their corporate network or at the very least has a range of IT assets belonging to the company. We also show they’re running VPN remote access software.

You can view the IP addresses used for email for MF below which are all on the same network block:

Screen Shot 2016-04-07 at 10.01.52 AM

To summarize so far:

  • We’ve established that they were (and still are) running one of the most common WordPress vulnerabilities, Revolution Slider.
  • Their web server was not behind a firewall.
  • Their web server was on the same network as their mail servers based in Panama.
  • They were serving sensitive customer data from their portal website which includes a client login to access that data.

A theory on what happened in the Mossack Fonseca breach:

A working exploit for the Revolution Slider vulnerability was published on 15 October 2014 on exploit-db which made it widely exploitable by anyone who cared to take the time. A website like mossfon.com which was wide open until a month ago would have been trivially easy to exploit. Attackers frequently create robots to hit URLs like : http://mossfon.com/wp-content/plugins/revslider/release_log.txt

Once they establish that the site is vulnerable from the above URL the robot will simply exploit it and log it into a database and the attacker will review their catch at the end of the day. It’s possible that the attacker discovered they had stumbled across a law firm with assets on the same network as the machine they now had access to. They used the WordPress web server to ‘pivot’ into the corporate assets and begin their data exfiltration.

Technical details of the vulnerability in Revolution Slider

This is a brief technical summary from one of our analysts describing the nature of the vulnerability in Revolution Slider that was exploited.

Revolution Slider (also known as Slider Revolution) version 3.0.95 or older is vulnerable to unauthenticated remote file upload. It has an action called `upload_plugin` which can be called by an unauthenticated user, allowing anyone to upload a zip file containing PHP source code to a temp directory within the revslider plugin.

The code samples below point you to where the specific problem is in revslider. Note that the revslider developer is allowing unprivileged users to make an AJAX (or dynamic browser HTTP) call to a function that should be used by privileged users only and which allows the creation of a file an attacker uploads.

Screen Shot 2016-04-07 at 10.31.37 AM

A demonstration of Revolution Slider being exploited

The following video demonstrates how easy it is to exploit the Revolution Slider vulnerability on a website running the newest version of WordPress and a vulnerable version of Revolution Slider.

Conclusion

As a courtesy we have reached out to Mossack Fonseca to inform them about the Slider Revolution vulnerability on their site and have not yet received a response. They appear to be protected against it being exploited, or perhaps re-exploited in this case but the WordPress plugin on the site still needs updating.

To protect your WordPress installation it is critically important that you update your plugins, themes and core when an update becomes available. You should also monitor updates for security fixes and give those the highest priority. You can find out if a WordPress plugin includes a security update by viewing the changes in the “Changelog”.

In this case the site owners did not update for some time and it resulted in world leaders being toppled and the largest data breach to journalists in history.

Did you enjoy this post? Share it!


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/LzSbHoOyLM0/

Original article

Facebook will announce chatbot and live chat APIs at F8

facebook-chatbot-alt Chatbots could replace 1-800 numbers, and Facebook wants them on Messenger. But most businesses don’t have the resources or technical skills to build chatbots themselves. That’s why Facebook is currently providing developers with API tools to build chatbots and Live Chat web plug-ins for business clients, according to multiple sources and a leaked deck Facebook shared with devs.… Read More


Original URL: http://feedproxy.google.com/~r/Techcrunch/~3/Zn8IPUp0sGM/

Original article

Verizon plans bid for Yahoo and its Yahoo Japan stake: Bloomberg

SAN FRANCISCO (Reuters) – Verizon Communications Inc is ready to make a bid for Yahoo’s web business, and hopes to make a merger more successful by also making an offer for a stake in Yahoo’s Japan subsidiary, Bloomberg reported on Thursday, citing a source familiar with the matter.



Original URL: http://feeds.reuters.com/~r/reuters/technologyNews/~3/xq99bAX0av0/story01.htm

Original article

Google Launches Android Studio 2.0 With Instant Run, Faster Android Emulator, and Cloud Test Lab

An anonymous reader quotes a report from VentureBeat: Google today launched Android Studio 2.0, the latest version of its integrated development environment (IDE), with a long list of new features. You can download the new version for Windows, Mac, and Linux now directly from Android.com/SDK. In November, Google unveiled Android Studio 2.0, the second major version of its IDE. Version 2.0 brings a slew of improvements, including Instant Run, a faster Android emulator, and app indexing improvements. Google released a beta in February, though it didn’t say when the final version would be ready ([VentureBeat] speculated in time for its I/O developer conference in May, and the company debuted with a month to spare).
The full feature list includes Instant Run, Android Emulator, Cloud Test Lab, App Indexing, and GPU Debugger Preview.


Share on Google+

Read more of this story at Slashdot.


Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/le4JgDyjab8/google-launches-android-studio-20-with-instant-run-faster-android-emulator-and-cloud-test-lab

Original article

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: