Ajit Gaddam on Security & Technology

I think I came across one of the best strong password generators on the Internet at Password Chart. Picking a strong password is very important. A strong and secure password should go beyond just a simple number such as passw0rd where you replace the o with a zero(0) or a special character in the end such as password!. However, when you have to go picking numbers, special characters for a strong password of more than 7 characters, it can become hard to remember such a strong password.

For using the password chart, enter any common phrase you might use or known to you. For example, I used the phrase “the ipod rocks“. Now, using this phrase, the password chart generates a chart for you. If you are online, you can enter a password you wish to convert using this chart. You can enter a simple word or words here. For example, I used the word “zune” as a password I wished to convert to generate a strong password. I end up with a strong password of “%^Ed8u63G“. Once you generate a password chart, you can also print it out and use it for generating other strong passwords without the need to access the internet.

Read more »

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

The Enigma was a rotor machine used by the German Military during WW II to encrypt messages they sent to each other. It was invented by German Engineer Arthur Scherbius in 1923. The Enigma Code Machine consisted of a plugboard, three rotors and a reflector which redirected the electrical current. Each letter entered by a keyboard was matched by an encrypted letter by closing an electrical circuit which was reconfigured after each entry.

We need to use secure passwords for our everyday computing. So how about using the Enigma Code Machine to generate secure passwords for us. Dr. Frank Spiess helps us out here with a very good flash Enigma Code Machine.

A brief example: Open the machine window, click on the “Input:” textbox and enter “c” on the keyboard. The plugboard leaves C as C while highlighting the specific wire in red. The electrical current then moves to the rightmost rotor, that is, to its letter A. A is then connected to B. The current enters the middle rotor, that connects G with R. The third (leftmost) rotor maps V to I. In the next step, the reflecor maps B to R. Then the current moves way back along the green wires through the rotors back to the plugboard, where Q leads to Q. As a result, we have the encryption of C to Q. If you now enter “c” again, you see that in this case it yields G! This is because the rightmost rotor moves one step to the left before a letter is entered.

So, click here to access the Flash Enigma Code machine built by Dr.Frank Spiess

In my example of a secure password, I enter a simple plain text of “securityblog”. This plain text is converted to a cipher text by the Enigma Code Machine resulting in a secure password of “BMGNHOIPWRNB”

Read more »

Mike Andrews was one of the coolest and most knowledgeable professors I had the opportunity of learning from, while at school @ Florida Tech.

Currently, Mike is currently working as the Principle consultant at Foundstone/McAfee, taking a break from teaching.

At school, we did not have video tape lectures, but I did find this video of Mike talking at Google on how to break web software, how web applications are attacked and walks through a testing framework for evaluating the security of an application and takes some deep-dives into a few interesting and common vulnerabilities and how they can be exploited.

The Great Zero Challenge: A challenge to confirm whether or not a professional data recovery firm or any individual(s) or organization(s) can recover data from a hard drive that has been overwritten with zeros once. All they used is the Unix dd command using /dev/zero as input to overwrite the drive.

They are doing this because many people believe that in order to permanently delete data from a modern hard drive that multiple overwrites with random data, mechanical grinding, degaussing and incinerating must be used and even physically destroy them just to be extra safe.

As far as challenges go, this is one that many will pass, because no data recovery firm claims to be able to do zero recovery other than those with access to electron microscopy tools.

Many professional recovery firms for most part use tools that scan through the partition and file table area and perhaps even the entire disk to locate data that has either been marked erased or had references removed (for a full disk scan) and then restoring it. Perhaps they’ll also move the spindle from a dead drive into a new case to complete the operation, but I doubt there are many companies that will actually do electron force microscopy for you and even fewer that will do it at anything other than an astronomical fee.

Read more »

Google claims that its browser Google Chrome is able to isolate events that may crash a browser, isolated within those individual tabs. However, an issue exists with how Google Chrome handles undefined handlers in chrome.dll version 0.2.149.27 which is the latest version of the browser. A crash can result without any user interaction.

When a user visits a malicious link which has an undefined handler and followed by a special character, the browser crashes. You can also crash the browser by typing the characters :% in the Chrome URL bar. Google Chrome crashes with a message ” Whoa! Google Chrome has crashed. Restart now?”

Read more »