Wednesday, July 30, 2008

Cryptographic with Asymmetric Keys: Public Key and Private Key

Asymmetric cryptography uses one key to encrypt a message and another key to decrypt the encrypted message. One of the two keys is called a public key. Another is called a private key. As implied by their names, a public key is usually broadcast as general information, while a private key is kept confidential. A private key has no relation to a public key. There is no way (or with little possibility) of inferring a private key from the knowledge of public key.

A -->|Message|-->B

Suppose we would like to protect a message from A to B from being eavesdropped (e.g., in a website with https:://).

The process proceeds as follows:

1. B broadcasts its public key.
2. A recognizes the public key of B.
3. A encrypts the message using the pubic key of B, and sends the encrypted message to B.
4. B decrypts the encrypted message using its private key.

Since there is no way of inferring the private key from the public key, no one benefits from knowing B's public key and the messaged remains gibberish to everybody who does not know the private key of B.

Clearly, the public key is a powerful concept which allows end-to-end encryption without having to share the key apriori.

Saturday, July 19, 2008

Linux initialization files: .bash_profile and .bashrc

As a Linux or Cygwin (Linux emulation for Windows) new, would you wonder what really happen when you execute the shell (e.g., double click on the Cygwin icon)? In the old day, Windows always invokes a file called "autoexec.bat". This file contains a bunch of thing the the window will do at the boot-up such as setting path or invoke other programs (e.g., anti-virus).

In your home directory, there are two files, ".bash_profile" and ".bashrc", which are the initialization file in the Linux. When you open a shell, they are automatically executed as a shell initialization.The path setting is contained in these files.

The difference? According to [Josh Staiger],

- ".bash_profile" is invoked for a log-in session. Log-in? Yeah, log-in. It means anything that you usually need to provide user name and password such as log-in physically at the boot-up or using ssh

- ".bashrc" is invoked for a non-log-in session. For example, when you have already log-in to a graphical environment such as KDE. All you have to do is to click on a terminal icon and you don't have to provide username/password to open a shell.

In fact, you can see in the file ".bash_profile" the following

if [ -f ~/.bashrc ]; then
source ~/.bashrc
fi


which basically invokes ".bashrc" if it exists.

For the Cygwin environment, you can add your own initialization in either ".bashrc" or ".bash_profile". Wanna try? Add the following lines into the files and restart the shell.

- Add to ".bashrc"


echo Add2.bashrc


- Add to ".bash_profile"

echo Add2.bash_profile

PATH=${PATH}:
export =


ENJOY...

Sunday, June 29, 2008

Is Low-level format sufficient to protect your sensitive (private) data?

Unfortunately, NO!! If you have private data that you don't want others to see, and you think that you can get away with a low-level formatting before somebody gets their hands on your hard drive, THINK AGAIN.

Well, a hard drive is just an electrical device. It records data (0 or 1) in a form of electric current. Unfortunately, low-level format simply puts 0 on all the sectors of your hard drive. This pattern of formatting make it easier for a guesser to recover your sensitive data.

How? Think of a tape recording. Suppose you have a conversation that you don't want people to know about. So you re-record with noise (i.e., press recording buttons and say nothing). When you play the tape, you will hear nothing and you think your data is now safe. Unfortunately, somebody may still recover your private conversation.

Here is how forensic recovery works. Well, tape now contain noise over your conversation. The capability of regular human ears would probably not be able to differentiate between the noise and the background conversation. With the current technology, your conversation can be recover without the ears of Clark Kent :) This is as simple as amplifying the sound in the tape and filtering out the noise. This simple signal processing technique can recover your private conversation.

What about the hard drive. Well, when you replace every sector with zero (low-level format). The electric voltage in the sector is not exactly 0 Volts. There is a little electric trace that can tell what was there before the low-level format. Knowing that all the sectors in a hard drive was replace with zero values, it is easy for a forensic team to recover your information. It is hard, but not impossible.

So how do you prevent your private information. Well, the easiest way is to replace data in all the sectors with pseudo-random binary data. Not knowing what was in the hard drive, the forensic team will have a hard time recovering your data. Typically, two runs of pseudo-random overwrite would be sufficient to protect your information.

Source: Security Now: EPS 150

Friday, June 6, 2008

Realtime Transit Map

Talking about transit map... What a boring topic... Not really, if we see the realtime transit map in Helsinki, Finland.


View Larger Map


We can see where the buses is in the map REALTIME!! The map allows you to zoom-in zoom-out move around like a Google Maps. If you can't see buses moving, checkout time in Helsinki. People may be sleeping :)

In a cold place like that, you can stay in the office and start leaving the office few minutes before the bus arrive at the bus stops. Pretty neat, eh?

Upcodes: Picture-Based Identifiers

UpCode is another picture-based identifier, which can be used for anything. It can be used for various purposes:
  • Advertisement in newspaper
  • Bus stop information
  • Bus tickets
  • Video clip identifier
  • Business cards


The neat things about upcodes is that you can read an upcode with your cellphone. Just take a picture of the upcode and send it over to the server, and you will get the info. about the upcode.

Cost? Well, it depends on the business model. In Helsinki, Finland, the transit let their customers use the upcodes for free!! Example use is to find out when the bus will arrive at a bus stop or to use an upcode as a bus ticket.

Wanna know more about upcodes, visit http://www.upc.fi/en/upcode/

Monday, June 2, 2008

Secunia-Personal Software Inspector (PSI)

Secunia is a free software (for personal use) which helps you detects the known vulnerabilities on the software installed on your system. It is a very light weight running on the background of your window system. I have recently installed this piece of software on my system. It detects that versions of JRE and flash player on my system is not up-to-date, and provides an option to patch it.

Here is the link: http://secunia.com/

Sounds good so far, eh? Let me know what you think. Perhaps there are some flaws on this piece of software. I would love to here from you.