No introduction Ultimate Boot CD , a Live CD with a myriad of software to perform various tests on your machine (CPU, RAM, disks, etc.), manage partitions, wipe disks or reset passwords. This is an essential element for your first aid kit as an administrator or network technician.

Another famous is LiveCD BackTrack , a Linux distribution specialized in security and information retrieval.

BackTrack 4

Both distributions can each be run from a USB stick but instead of moving continuously with two keys we'll see how to integrate BackTrack 4 Ultimate Boot CD 5 (in RC1 at the time of writing) on ​​a key USB at least 2 GB

Continue reading "Integrating BackTrack 4 to 5 Ultimate Boot CD on a USB stick"

It happened to me several times to get laptops from foreign subsidiaries that were not installed by me and I did not know the administrator password. Rather than completely reinstall the machine I'd rather spend five minutes happily hack the administrator account using a Live CD Ophcrack .

The principle of Ophcrack is simple: the algorithm hash passwords used by Windows XP is known, it suffices to calculate all the possible hashes for combinations of letters and numbers and compare the hash value of the password for the user in the database so calculated to ultimately lead to the password in clear text. Simple and effective. The table of hashes (rainbow table) used in the Live CD contains all combinations of upper and lower case letters and numbers up to 14 characters with a rate of 99.9% for decrypting a size of 380 MB is also possible to buy a table containing 7.5 GB and more characters! »#$%&'()*+,-./:;<=>?@[ \ ]^_`{|}~ And space.

Boot Ophcrack

Continue reading "Cracker passwords of local users of Windows XP"

Since the days of floppy disks indicates that a persistent rumor to destroy confidential data must not only delete the file but rewrite random data on its physical location, and this several times. Some programs offer and deletion of data to write random data 3, 10 or even 35 times and this according to different algorithms (DOD 5220.22-M, Peter Gutmann, etc).

It is interesting to note that on many occasions specialists in data recovery have said that a simple writing 0 to the file location was enough to make any significant recovery not ^one . After a simple rewriting it becomes impossible to recover data by using software but it is theoretically possible to do so through means such as heavy equipment through the use of magnetic force micoscope. This possibility was enough to strengthen the advocates of multiple passes of random writes.

A scientific study of this method was made ​​public today at the ICISS2008 ² . The study focuses on the likelihood of a recovery kb of data on disks with new or used. The result is that there is a probability of 92% to recover a single bit on a new disc and 56% on a used, barely more than a coin toss. Retrieve a complete byte passed these probabilities to 51% and 1%, while full recovery of kilobytes of data is 8,3.10 ^-38 for a new disc and 1,4.10 ^-258 for a disc used, which ensures virtually impossible to recover data significantly.

To take a concrete example, suppose you store a text file in your USB WiFi WPA. The file will be about 64 bytes. Once the file is deleted from the disk and a range of 0 written above, the probability of getting your key by using a magnetic force microscope would be 0.00000000000000766%.

An important point to note in this experiment is that the researchers knew exactly where the data had been written, which is not the case in normal and would therefore fall exponentially the chances of recovery.

It is thus clear from all this that to delete sensitive data securely simply rewrite once over, which on the one hand saves considerable time compared to methods 3, 10 or 35 passes but also preserves the mechanical hard drives. It is against fundamental thinking to destroy all versions of the file that may be in a temporary file in a Shadow Copy or backup.

1. # http://en.wikipedia.org/wiki/Gutmann_method cite_note-Gutman-0 [ ↩ ]
2. http://sansforensics.wordpress.com/2009/01/15/overwriting-hard-drive-data/ [ ↩ ]