Don’t talk to cops!

Here’s why:

Tagged with:
 

Why you want to be an engineer

Tagged with:
 

This time for good!

Yep it’s true.

As you probably already know previous versions of Windows a full format did not wipe in any way, all it did is a quick format(resetting the MFT) plus bad sector error checking and correction(1).

So from Vista onwards to Windows 7 full format also zeroes the entire disk, thus making the full format process a lot more secure then before.

I found out the hard way while playing with some recovery tools. 🙂

Random garbage would have been better, but not that needed really, since i don’t believe in recovering, after zero only wipe, strings of more then 5 bytes from 10(0) or so megs, even if doing that magic magnetic polarization thing experts were boasting a couple of years ago. From my experience zero wipe is more then enough, and why bother with dozens of passes of all kinds of garbage that lasts for ages, when people don’t even zero wipe.

So if you ask me, this is nothing but good news from Microsoft. ^^

Tagged with:
 

Albert Gonzalez at the 2001 DefCon hackers' convention in Las Vegas

Twenty years at least for now, because there’s a second conviction on a second trial to be made on which he could get up to 25 years. The court has agreed to serving his sentences concurrently, though, which means if he gets more then 20 year in the second case then he will serve that one if not he will serve the first one, sort of to speak.

Read more here.

Tagged with:
 

skipfish

A fully automated, active web application security reconnaissance tool. Key features:

  • High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.
  • Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
  • Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.

The post announing the tool:

http://googleonlinesecurity.blogspot.com/2010/03/meet-skipfish-our-automated-web.html

The project page at google code:

http://code.google.com/p/skipfish/

Skipfish documentation:

http://code.google.com/p/skipfish/wiki/SkipfishDoc

The tool is written by lcamtuf, who joined google a few years ago. 🙂

Tagged with:
 

Convicted TJX hacker Albert Gonzalez earned $75,000 a year working undercover for the U.S. Secret Service, informing on bank card thieves before he was arrested in 2008 for running his own multimillion-dollar card-hacking operation.

The information comes from one of Gonzalez’s best friends and convicted accomplices, Stephen Watt. Watt pleaded guilty last year to creating a sniffer program that Gonzalez used to siphon millions of credit and debit card numbers from the TJX corporate network while he was working undercover for the government.

Watt told Threat Level that Gonzalez was paid in cash, which is generally done to protect someone’s status as a confidential informant. The Secret Service said it would not comment on payments made to informants. Gonzalez’s attorney did not respond to a call for comment.

read more…

Tagged with: