Tuesday, February 24, 2009

Escape sequence for HOME and END in Mac OS X 10.5 Terminal APP

I'm using Macbook Pro with Mac OS X 10.5.6
But there is no HOME or END key in the keyboard.
When you use terminal, it is very inconvenient not to have those keys.

You can go to Terminal->Preferences->Settings->Keyboard (tab)
Add two keys:

For example, I specify:
The escape sequence \033 is equal to "control + esc"
option + cursor right (end, go to the end of a line): \033[F
option + cursor left (home, go to the start of a line): \033[H

Then it works fine in my terminal.
But I don't know how to specify "command + cursor"

Friday, February 20, 2009

Break CAPTCHA of AOL Mail and ebay . Crack success rate 10 ~ 15 %

I implemented a java program that can recognize AOL Mail's CAPTCHA with success rate of 1 ~ 2 %. Though not high, but still high enough to threaten their system.
I also implemented a java program that can recognize ebay.com CAPTCHA with success rate of 10 ~ 15%. This success rate is high enough to claim that their CAPTCHA is unsecure. 
Given that I implemented these attacks only for the purpose of our security course study, I will neither publicize my source codes nor do something harmful to their websites, cauze I'm a student not a spammer. But I just want to warn those two companies that their CAPTCHA systems are not strong enough. We can claim that CAPTCHA for AOL mail is broken, and CAPTCHA for ebay is also broken.

Based on my study, I found that GMail's CAPTCHA, reCAPTCHA, Hotmail's CAPTCHA are relatively more secure. GMail's CAPTCHA seems strongest. reCAPTCHA and Hotmail's CAPTCHA are somewhat secure. But I will try to see how difficult it is to break them.

Don't expect to get any of my idea or implementation from me. As a student to research computer science, we should be responsible. 

I really hope someone from AOL Mail or ebay can by any chance see this post and change their CAPTCHA system.

Break, Crack

Thursday, February 5, 2009

How to SSH to iPhone

Step 1. Jail break your iphone. See here for more.

Step 2. Install OpenSSH from Cydia. My OpenSSH version is (5.1p1-6 or 4.7p1-5, I don't know which is the right version -_-)

Step 3. Connect your iphone to a WiFi (This requires you have internet access through this WiFi though). Then goto Settings->WiFi->Click the arrow of the corresponding wifi, a new page will show up->DHCP->IP Address, record this IP address on paper.

Step 4. Get a SSH client. On PCs, you can use WinSCP. On linux, you can simply type "ssh root@iphone's ip". On Mac, you can use Cyberduck, or in terminal, use the same command as linux. (Remember iphone's password is? If you forgot, see here)

Step 5. Here we are.

Remember you are now logining in as root. You can download anything you want, you can create anything, you can delete anything, and you can kill any process (not critical system processes of course) potentially.

If you have a jailbroken iPhone and installed OpenSSH, when you connect to WiFi.
You also need to care for the attackers.
Image how horrible it is if someone can SSH to your iphone as root!