Suramya's Blog : Welcome to my crazy life…

November 8, 2014

Be careful of software claiming to hide your data on your Phone

Filed under: Computer Security,My Thoughts,Tech Related — Suramya @ 11:59 PM

Yesterday (well, technically today) I was trying to find some data on my old phone to copy to my new phone so I decided to copy over all the folders from the phone to my desktop to make it easier to look through it. While I was going through the data I found a folder called .keepsafe under the Android/data folder so I looked in it cause I got curious and found some interesting data. Actually before I tell you what I found lets take a step back and go over what Keepsafe is: It is an app for both iOS and android that allows you to hide photos/files on your phone and then only people with the correct PIN can view them. From their site: “You lock your rings in a jewelry box. You lock your certificates in a cabinet. Now KeepSafe makes sure your personal files are locked down and hidden, using privacy features such as PIN Pad and Fake PIN.” I had installed this version of Keepsafe a few years ago to try it out but had since uninstalled it as I didn’t find it useful.

Coming back to the folder and what I found. It had two files under it: .local and .email. The .email file had my email address in it but the contents of the .local file were shocking. It had my ‘secret pin’ in clear-text in the file. So anyone with some idea of how apps store data and access to a file browser would have been able to get my pin and view images/data that was supposed to have been protected.

Since this was an older version of the software I downloaded and installed the latest version on my S5 to see if the issue was still there. Thankfully someone at the company figured out that storing the data in clear-text was extremely stupid and in the latest version of the software the same two files are still there but the data is encrypted. Not sure how strong the encryption is because I don’t have the knowledge/skill set to try to figure that out. I did however identify where the files are being stored (they are all encrypted as well) so someone with the original image and an encrypted copy could potentially reverse engineer the encryption and assuming they are using a static encryption key decrypt the remaining files as well.

Moral of the story is that if you want to ‘hide’ data on your phone be very careful of the software you use to do it. Ideally you should avoid storing any data that is sensitive on the phone. There are plenty of ways to get access to the data if someone is interested and has time. This is not an isolated case of a badly written software, There are other cases as well where other software was found to have similar amazing security. So be careful out there.

I did find some more interesting data on the phone that I will take a stab at when I get some time.

Well this is all for now. Will write more later.

– Suramya

November 7, 2014

Free Intro to Cryptography course for programmers

Filed under: Computer Security,Security Tutorials,Tech Related — Suramya @ 1:34 AM

Security pro Laurens Van Houtven has created a free introduction cryptography course to help programmers, by giving them a bird’s eye view of how cryptosystems work and teaching them to apply the same principles in real software. This is an extension of his talk given last year on breaking crypto.

Comes with everything you need to understand complete systems such as SSL/TLS: block ciphers, stream ciphers, hash functions, message authentication codes, public key encryption, key agreement protocols, and signature algorithms.

Learn how to exploit common cryptographic flaws, armed with nothing but a little time and your favorite programming language.

Forge administrator cookies, recover passwords, and even backdoor your own random number generator.

Check it out at: Crypto 101

Thanks to The Register for the link to this great resource.

– Suramya

November 6, 2014

The Internet Arcade releases over 900 classic arcade games for the browser

Filed under: Computer Software,Interesting Sites,Tech Related — Suramya @ 1:46 AM

If you are like me then you must have spent a ton of money and time playing classic arcade games like Frogger, Pac-man plus etc over many long afternoons. A few days ago (2 days to be exact) over 900 of such games were released online and the best part is that you can play them right in the browser. Say good-bye to the possibility of doing any productive work for the next couple of days. 🙂

Check it out at: The Internet Arcade.

Of the roughly 900 arcade games (yes, nine hundred arcade games) up there, some are in pretty weird shape – vector games are an issue, scaling is broken for some, and some have control mechanisms that are just not going to translate to a keyboard or even a joypad.

But damn if so many are good enough. More than good enough. In the right browser, on a speedy machine, it almost feels perfect. The usual debates about the “realness” of emulation come into play, but it works.

Obviously, a lot of people are going to migrate to games they recognize and ones that they may not have played in years. They’ll do a few rounds, probably get their asses kicked, smile, and go back to their news sites.

A few more, I hope, will go towards games they’ve never heard of, with rules they have to suss out, and maybe more people will play some of these arcades in the coming months than the games ever saw in their “real” lifetimes.

Well this is all for now. I am off to relive some memories and to try getting the stupid frog across the road without getting squished.

Source: Slashdot.org

– Suramya

November 5, 2014

A ‘Doctor Who’ game to teach kids how to code

Filed under: Interesting Sites,Tech Related — Suramya @ 1:48 AM

Those who know me know that I am a big fan of Doctor Who and have been a fan for a while. It is one of the most iconic Science Fiction shows out there along with Star Trek and Star Wars. Now BBC is planning on using that popularity to encourage children to learn coding. Yes, you read that right: “Dr Who is going to help kids learn how to code”. The game is called “The Doctor and the Dalek” and it aims to get children to use logical reasoning, variables and loops and repetition to help the Doctor save the universe from the Daleks, teaching them the basics of programing while having fun.

Unfortunately the game is only accessible if you are based out of UK 🙁 which is not surprising considering this is BBC we are talking about. They are famous for restricting content based on geographical boundaries. But from what I have read about it online, it looks like a lot of fun and even though I know programing I want to try it out. Hopefully they will open it up to a broader audience in the near future as I would love to have my Nieces and Nephews take it out for a spin. (and I will of course be there to ‘help’ them play the game)

If you are located in UK you can check it out at the cbbc site.

– Suramya

Source: Comments (0)

November 4, 2014

The Underhanded C Contest 2014 is open

Filed under: Computer Related,Interesting Sites,Tech Related — Suramya @ 11:43 PM

Do you think you have the skills to write code that is as readable, clear, innocent and straightforward as possible, and yet somehow exhibits evil behavior that cannot be seen even when staring at the source code? If so then you should take a look at The Underhanded C Contest. The contest has been running for about 6 years now and it is amazing how easy these guys make it look to create code that does something but looks like it is doing something else.

The 7th Underhanded C Contest is now open.

The goal of the contest is to write code that is as readable, clear, innocent and straightforward as possible, and yet it must fail to perform at its apparent function. To be more specific, it should do something subtly evil. Every year, we will propose a challenge to coders to solve a simple data processing problem, but with covert malicious behavior. Examples include miscounting votes, shaving money from financial transactions, or leaking information to an eavesdropper. The main goal, however, is to write source code that easily passes visual inspection by other programmers.

Check it out at: The Underhanded C Contest.
Source: Slashdot.org

– Suramya

A Cardboard Computer that actually works

Filed under: Computer Hardware,Interesting Sites,Tech Related — Suramya @ 12:31 AM

No, this is not a joke or a toy for a 5 year old. In the 70’s the computers were still not in the affordable range for 99% of the population so a bright chap by the name of David Hagelbarger working at Bell Laboratories designed CARDIAC (CARDboard Illustrative Aid to Computation) as an educational tool to give people without access to computers the ability to learn how computers work. Basically it is a micro-processor made out of cardboard.

The CARDIAC computer is a single-accumulator single-address machine, which means that instructions operate on the accumulator alone, or on the accumulator and a memory location. The machine implements 10 instructions, each of which is assigned a 3-digit decimal opcode. The instruction set architecture includes instructions common to simple Von Neumann processors, such as load, store, add/subtract, and conditional branch.

Operating the computer is fairly simple–the cardboard slides guide you through the operation of the ALU and instruction decoder, and the flow chart shows you which stage to go to next. The program counter is represented by a cardboard ladybug which is manually moved through the program memory after each instruction completes.

Even though the CARDIAC is dated and very simplistic, it is still a useful tool to teach how microprocessors work. Although modern processors include multi-stage pipelines, finely-tuned branch predictors, and numerous other improvements, the basic principles of operation remain the same

You can print your own by visiting Kyle Miller’s Site. More information about CARDIAC and how to use it is available at cs.drexel.edu and on it’s Wikipedia site.

Thanks to Hackaday.com for the story.

– Suramya

November 3, 2014

Use Excel to Watch Movies at Work

Filed under: Computer Related,Computer Security,Computer Software,My Thoughts,Tech Related — Suramya @ 11:14 PM

Before I start, let me make it very clear: I don’t recommend that you do this at work. If you get fired for doing this then it is your fault. I take absolutely no responsibility. That being said, lets proceed. I found this very interesting because it shows that no matter how much you try to secure a system there is always a way around any restrictions people put in the system and the only truly secure system is one encased in a ton of concrete at the bottom of the ocean. In this case a user figured out how to use the VBA (Visual Basic for Applications) functionality in Excel to go around the restrictions placed on his computer by his company’s IT department to watch movies at work.

From a Hacker/ingenuity point of view I love this, but from a work perspective I don’t think this was such a good idea. If you really wanted to watch a movie at work then there are easier and safer options to do so; watching it on your phone or tablet is one option that comes to mind. I seriously doubt that his IT admin or his manager would be amused when they find out about this hack.

Behind the cascade of rectangles and in the land of the Excel macro, [AyrA_ch] took advantage of the program’s VBA (Visual Basic for Applications) functions to circumvent the computer’s restrictions. Although VBA typically serves the more-complex-than-usual macro, it can also invoke some Windows API commands, one of which calls Windows Media Player. The Excel file includes a working playlist and some rudimentary controls: play, pause, stop, etc. as well as an inspired pie chart countdown timer.

Hacking things is fun, but folks need to realize that they need stop being stupid about it. I am sure there is a lot of things I can do at work that I might not be supposed to but just because you can, doesn’t mean that you should.

Check out the original post on Reddit for a link to the file and a more detailed explanation.

Thanks to Hackaday.com for the story.

– Suramya

October 12, 2014

Take Orders From A Cat And Learn Cybersecurity

Filed under: Computer Security,Interesting Sites,Security Tutorials,Tech Related — Suramya @ 10:26 PM

Here’s an interesting site that teaches Cybersecurity to folks in the form of a game. As you know cyber criminals are getting more and more sophisticated and the best way to counter that is to train more folks on the basic principles of Cyber Security. It is targeted towards children but is good fun for adults as well.

Take cybersecurity into your own hands. In this Lab, you’ll defend a company that is the target of increasingly sophisticated cyber attacks. Your task is to strengthen your cyber defenses and thwart the attackers by completing a series of cybersecurity challenges. You’ll crack passwords, craft code, and defeat malicious hackers.

Check it out at: NovaLabs Cybersecurity
Source: Popsci.com

– Suramya

October 11, 2014

Microsoft Research releases Android Wear keyboard prototype

Filed under: Computer Hardware,Computer Software,My Thoughts,Tech Related — Suramya @ 5:33 PM

Yes, you read that correctly. Microsoft Research has released the prototype of it’s new keyboard for Android Wear which allows you to input text by drawing letters on the watch face. This is not the first time MS has released stuff of android and I am quite happy with this trend.

The idea of inputting text by drawing characters is not new. If you remember the Palm OS devices they had a keyboard call Graffiti which used a sort of shorthand of letting you input text. I used to love it and had it installed it on my Galaxy Nexus and used it quite often till it got replaced by the voice typing option on the Google Keyboard.

As touch screens are getting smaller, soft keyboards are getting harder to use. For example, on a 1.6” smart watch, a soft keyboard with 10 keys across has keys less than 1/8” (3mm) wide. Speech recognition can be a viable alternative, but unfortunately, speaking into your watch is not always appropriate or even possible (noisy environments).

With the Analog Keyboard Project we are exploring handwriting recognition for text input on small touch screens. Handwriting, unlike speech, is discreet and not prone to background noise. And unlike soft keyboards, where many keys have to share the small touch surface, handwriting methods can offer the entire screen (or most of it) for each symbol. This allows each letter to be entered rather comfortably, even on small devices. In fact, it has been shown that some handwriting systems can be used without even looking at the screen . Finally, handwriting interfaces require very little design changes to run on round displays, which are becoming increasingly popular.

Interestingly the developers decided to support lower-case alphabets instead of upper-case in this first release. I would have thought they would go the other way as it is easier to identify upper case letters for the most part than lower-case.

Please keep in mind that this is a prototype (Alpha) release so it possibly has a lot of bugs and is not production ready. Plus it can’t be installed on the watch from Google Play, it has to be side loaded and the process is a bit complicated so might not be the best option for non-tech savvy folks right now.

Source: androidcentral.com
Project Page: The Analog Keyboard Project
Download: Analog Keyboard for Android Wear

– Suramya

October 10, 2014

Instead of wasting time playing Sudoku you should mine Bitcoins with Pencil and Paper

Filed under: Computer Related,Computer Security,Tech Related — Suramya @ 11:58 PM

Do you like to play Sudoko? If so then you should look at using paper and pencil to mine Bitcoins instead and make some money out of your hobby. A bloke named Ken Shirriff who is an engineer at google has created a video and a detailed blog post on how this can be done. Apparently it is a slow process but the algorithms for Bitcoin generation are easy enough to crunch.

Shirriff completed a round of SHA-256 in 16 minutes and 45 seconds at which rate a full Bitcoin block would take about a day and a half, less with more practice, he said.

“The SHA-256 algorithm is surprisingly simple to do by hand,” Shirriff said.

“In comparison, current Bitcoin mining hardware does several terahashes per second, about a quintillion times faster than my manual hashing.

All I can say is, go for it if you like crunching numbers… I know I won’t. 🙂

Source: Theregister.com

– Suramya

« Newer PostsOlder Posts »

Powered by WordPress