Well done everyone. Thanks for the effort everyone had put in during the last 4 months. Indeed it's a tough one with many many sleepless nights. We survived and the feeling is shiok.
- Thanks our supervisor, Han Chiang. Who have been guiding us along these months.
- Thanks Alan for providing your server, cables and equipment. Not forgeting your house, aircon, cha shew PAO.
- Thanks Sebas for sacrificing and coming all the way to the East. Thanks for your petrol and car coupons.
- Thanks adrian for making the mov, and recording your voice.
- Many many thanks to others who in one way or another help make this project a success.
Keep in touch guys. Bon Voyage Sebas. Bring some Japanese gals back for Alan.
And for the accessors who are looking at this page.. Kindly note the following..
- a cd menu is created, just click on the links u wanna see.
- the website inside the CD is more updated that the live one running at epic4security.no-ip.com; website flash FLA source also available for you.
- everything is swee swee done for u, if u would wanna compile and deploy our project, a little ANT script is created.. you just gotta do "ant compile deploy start". Make sure your graphics card is OPEN GL supported to run Java3D
- For the customizer, a little jar file is created for u to just double click. But first you gotta get your MySQL running with the database schema.. then again..
- SQL script to create, insert is also done for you.
If we missed out anything, leave us a comment, pls be gentle on us.. HAHA :)
Saturday, April 12, 2008
Friday, April 4, 2008
Technical: MPEG movie
This section is reserved for the MPEG movies stuffs.
Epic4Security will not release any information on the movie, the contents, or how the movie is created yet. Pls visit after 11 Apr for more updates.
Thursday, April 3, 2008
Technical: Measures against SQL-injection attacks
This section is reserved for article on preventing SQL-injections attacks against EpiCaptcha.
We are using database, so there is a risk to SQL-injections.
How is SQL-injection done?
i.e To login to a site, we need to enter 2 parameters; username and password.
The site validate it by calling a POST method to a servlet/jsp i.e http://epic4security.com/login.jsp?username=blabla&password=blabla.
Over at login.jsp, there is a SQL statement, i.e "SELECT username, password from TABLE where USERNAME = 'username' AND PASSWORD = 'password'";
What an attacker can do is enter the following in the field of username & password:
Username = admin
Password = pass' OR username = 'admin
So he alter the SQL statement to:
"SELECT username, password from TABLE where USERNAME = 'username' AND PASSWORD = 'pass' OR username = 'admin'";
Dangerous right?
Prevention
Thus to prevent this from happening, what we can do is:
1) check length of parameter
2) hash it to a message digest i.e SHA256 or SHA512
Wednesday, April 2, 2008
Technical: Voice Clips in MP3 format
To generate audio challange as an aid to the Text Captcha. We wanted to use one of the our voices, but then we thought it would be more attractive if you hear a woman speaking to you.
1) Cepstral Text to Speech Software is used to generate the audio clips. Website here.
A-Z, 0-9 and majority of the symbols can be read out. However, some like ` < > , . " : ( ) - cannot be interpreted by Cepstral.
So we gotta manually type in the english word, i.e for symbol &, we type ampersand. Guide follow from http://a4esl.org/q/h/9901/nr-keyboard.html.
The following audio are generated.
a) a - z (small caps)
b) A - Z (big caps)
c) 0 - 9 (numbers)
d) other symbols of the keyboard.
2) The audio clips are then edited and compressed to 32bits MONO using Blaze Media Pro, thereby reducing the size of each audio to abt 7-19kb. Website here.
1) Cepstral Text to Speech Software is used to generate the audio clips. Website here.
A-Z, 0-9 and majority of the symbols can be read out. However, some like ` < > , . " : ( ) - cannot be interpreted by Cepstral.
So we gotta manually type in the english word, i.e for symbol &, we type ampersand. Guide follow from http://a4esl.org/q/h/9901/nr-keyboard.html.
The following audio are generated.
a) a - z (small caps)
b) A - Z (big caps)
c) 0 - 9 (numbers)
d) other symbols of the keyboard.
2) The audio clips are then edited and compressed to 32bits MONO using Blaze Media Pro, thereby reducing the size of each audio to abt 7-19kb. Website here.