Sunday, June 29, 2008

Is Low-level format sufficient to protect your sensitive (private) data?

Unfortunately, NO!! If you have private data that you don't want others to see, and you think that you can get away with a low-level formatting before somebody gets their hands on your hard drive, THINK AGAIN.

Well, a hard drive is just an electrical device. It records data (0 or 1) in a form of electric current. Unfortunately, low-level format simply puts 0 on all the sectors of your hard drive. This pattern of formatting make it easier for a guesser to recover your sensitive data.

How? Think of a tape recording. Suppose you have a conversation that you don't want people to know about. So you re-record with noise (i.e., press recording buttons and say nothing). When you play the tape, you will hear nothing and you think your data is now safe. Unfortunately, somebody may still recover your private conversation.

Here is how forensic recovery works. Well, tape now contain noise over your conversation. The capability of regular human ears would probably not be able to differentiate between the noise and the background conversation. With the current technology, your conversation can be recover without the ears of Clark Kent :) This is as simple as amplifying the sound in the tape and filtering out the noise. This simple signal processing technique can recover your private conversation.

What about the hard drive. Well, when you replace every sector with zero (low-level format). The electric voltage in the sector is not exactly 0 Volts. There is a little electric trace that can tell what was there before the low-level format. Knowing that all the sectors in a hard drive was replace with zero values, it is easy for a forensic team to recover your information. It is hard, but not impossible.

So how do you prevent your private information. Well, the easiest way is to replace data in all the sectors with pseudo-random binary data. Not knowing what was in the hard drive, the forensic team will have a hard time recovering your data. Typically, two runs of pseudo-random overwrite would be sufficient to protect your information.

Source: Security Now: EPS 150

Friday, June 6, 2008

Realtime Transit Map

Talking about transit map... What a boring topic... Not really, if we see the realtime transit map in Helsinki, Finland.


View Larger Map


We can see where the buses is in the map REALTIME!! The map allows you to zoom-in zoom-out move around like a Google Maps. If you can't see buses moving, checkout time in Helsinki. People may be sleeping :)

In a cold place like that, you can stay in the office and start leaving the office few minutes before the bus arrive at the bus stops. Pretty neat, eh?

Upcodes: Picture-Based Identifiers

UpCode is another picture-based identifier, which can be used for anything. It can be used for various purposes:
  • Advertisement in newspaper
  • Bus stop information
  • Bus tickets
  • Video clip identifier
  • Business cards


The neat things about upcodes is that you can read an upcode with your cellphone. Just take a picture of the upcode and send it over to the server, and you will get the info. about the upcode.

Cost? Well, it depends on the business model. In Helsinki, Finland, the transit let their customers use the upcodes for free!! Example use is to find out when the bus will arrive at a bus stop or to use an upcode as a bus ticket.

Wanna know more about upcodes, visit http://www.upc.fi/en/upcode/

Monday, June 2, 2008

Secunia-Personal Software Inspector (PSI)

Secunia is a free software (for personal use) which helps you detects the known vulnerabilities on the software installed on your system. It is a very light weight running on the background of your window system. I have recently installed this piece of software on my system. It detects that versions of JRE and flash player on my system is not up-to-date, and provides an option to patch it.

Here is the link: http://secunia.com/

Sounds good so far, eh? Let me know what you think. Perhaps there are some flaws on this piece of software. I would love to here from you.