Ajit Gaddam on Security & Technology

Mike Andrews was one of the coolest and most knowledgeable professors I had the opportunity of learning from, while at school @ Florida Tech.

Currently, Mike is currently working as the Principle consultant at Foundstone/McAfee, taking a break from teaching.

At school, we did not have video tape lectures, but I did find this video of Mike talking at Google on how to break web software, how web applications are attacked and walks through a testing framework for evaluating the security of an application and takes some deep-dives into a few interesting and common vulnerabilities and how they can be exploited.

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

The Great Zero Challenge: A challenge to confirm whether or not a professional data recovery firm or any individual(s) or organization(s) can recover data from a hard drive that has been overwritten with zeros once. All they used is the Unix dd command using /dev/zero as input to overwrite the drive.

They are doing this because many people believe that in order to permanently delete data from a modern hard drive that multiple overwrites with random data, mechanical grinding, degaussing and incinerating must be used and even physically destroy them just to be extra safe.

As far as challenges go, this is one that many will pass, because no data recovery firm claims to be able to do zero recovery other than those with access to electron microscopy tools.

Many professional recovery firms for most part use tools that scan through the partition and file table area and perhaps even the entire disk to locate data that has either been marked erased or had references removed (for a full disk scan) and then restoring it. Perhaps they’ll also move the spindle from a dead drive into a new case to complete the operation, but I doubt there are many companies that will actually do electron force microscopy for you and even fewer that will do it at anything other than an astronomical fee.

Read more »

Google claims that its browser Google Chrome is able to isolate events that may crash a browser, isolated within those individual tabs. However, an issue exists with how Google Chrome handles undefined handlers in chrome.dll version 0.2.149.27 which is the latest version of the browser. A crash can result without any user interaction.

When a user visits a malicious link which has an undefined handler and followed by a special character, the browser crashes. You can also crash the browser by typing the characters :% in the Chrome URL bar. Google Chrome crashes with a message ” Whoa! Google Chrome has crashed. Restart now?”

Read more »