Ajit Gaddam on Security & Technology

Discovery Channel played a very interesting documentary titled “The History of Hacking”. This goes into the whole history of hacking starting with phone phreaking and Blue boxes and to the present state of hacking.

However, a significant portion of this documentary tackles Social Engineering especially the most famous or rather infamous social engineer of all, Kevin Mitnick. Folks in Computer Security should definitely read up on Kevin Mitnick’s books , The Art of Deception and The Art of Intrusion, both very interesting reads.

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

A CAPTCHA is a type of challenge-response test used in computing to determine whether the user is human. The process involves one computer (a server) asking a user to complete a simple test which the computer is able to generate and grade. Because computers are unable to solve the CAPTCHA, any user entering a correct solution is presumed to be human. A common type of CAPTCHA requires that the user type the letters of a distorted image, sometimes with the addition of an obscured sequence of letters or digits that appears on the screen.

One of the strongest and most difficult CAPTCHAs to crack is used by Yahoo which ulilizes a mix of blended alpha numeric characters as show below.

Read more »

Sometimes when running through a CSV or any kind of a log file, you may encounter lists with a lot of duplicates. I will show an example of the simplest order here.

Say, you have a duplicates.txt that goes

one
two
three
one
four
two
four

Now, how to remove duplicates from a list such as the one shown above. If you use a command such as

sort - u < duplicates.txt or cat duplicates.txt | sort | uniq

you may end up with a list that while stripping out the duplicates, does not keep the original order

Read more »

A lot of us who use Linux at work/school or have always grown up using Unix commands and using the Unix shell for years and more often than not, there are instances where a ls command comes more naturally than the dir command at the command prompt when using Windows.

For the most part, a lot of us work around this drawback using the excellent tool: Cygwin. Cygwin is available for windows users here.The Cygwin tools are ports of the popular GNU development tools for Microsoft Windows. They run thanks to the Cygwin library which provides the UNIX system calls and environment these programs expect.

With these tools installed, it is possible to write Win32 console or GUI applications that make use of the standard Microsoft Win32 API and/or the Cygwin API. As a result, it is possible to easily port many significant Unix programs without the need for extensive changes to the source code. This includes configuring and building most of the available GNU software . Even if the development tools are of little to no use to you, you may have interest in the many standard Unix utilities provided with the package. They can be used both from the bash shell (provided) or from the standard Windows command shell.

While Cygwin would be an obvious choice for many Unix/Linux power users, there is an excellent and a much simpler alternative to using Cygwin. In this article, I will show you how to run your Unix commands right in the windows command prompt.

Read more »

In this article, I will introduce you to some well known tools which security analysts use for Network Security Risk assessment, to know more about the layout of the network they are trying to test and also gather intelligence about that company, which the security analyst can use later on to conduct further tests and poke it for its weak points. The more information we can obtain, the more we can advice our client company of any potential problem areas and provide a better Network Security Risk Assessment. This whole process is called footprinting.

Footprinting:(Definition from Wikipedia)

Footprinting is the technique of gathering information about computer systems and the entities they belong to. This is done by employing various computer security techniques, as Ping Sweeps, TCP Scans, UDP Scans, OS Identification, Network Enumeration, Registrar Queries, Organizational Queries, Domain Queries, Network Queries, POC Queries and DNS Interrogation

Read more »