Archive for the ‘Computers’ Category

I Have Your Deleted Files and Photos and Passwords – Memory Card Edition

Saturday, August 19th, 2017

“You’re going to delete that, right?”

If you’ve ever said that after someone who took a video or photo of you that you’d prefer didn’t leave that camera, you probably felt comfort in watching them delete it in front of you. But what if it wasn’t really gone?

I’ve often felt a little paranoid when I’ve decided to keep a broken phone or buy a used hard drive ro replace one in a laptop I’m selling. I have long held a strict policy of not letting anything that stores files leave my possession when I’m done with it for fear that someone could recover files that could lead to anything from mild embarrassment to identity theft. I may be paranoid, but with good reason.

I bought some SD cards

This week, I bought two auctioned lots of formatted memory cards, but what I found may surprise you. Keep in mind that these were specifically listed as “formatted”, meaning that someone went trough the effort of trying to wipe all the data to protect the privacy of the previous owners, but failed to do it in a secure way. More on that in a minute. First, here’s a breakdown of what I bought:

  • 3 Sony Memory Sticks (about 4.5 GB)
  • 8 SD cards (about 17 GB)
  • 7 MicroSD cards (about 50 GB)

In total, I went through about 70 GB of recovered files in a day.

Thousands of private files uncovered

The goal of this experiment was to figure out what types of files I could uncover from all of these cards, but more specifically, I wanted to know if it was possible to get enough off a card to compromise someone’s online account or steal their identity. After all, hackers don’t care much about that photo of you in your underwear. They want something that can generate a profit. In all, I recovered over 15,000 files. Most of the files were photos with video and audio files making up a large portion of the remainder. In the minority were PDFs, XML, DOC, and system files. Of all these, here’s essentially what was uncovered.

  • thousands of photos
  • hundreds of videos
  • medical documents
  • personal information
  • plenty of selfies
  • strange screenshots
  • lots of pet photos!
  • photos of documents, lists, and notes

I started with the PDFs and XML, but came up empty-handed with a couple menus, some instructions, and a couple software configuration files. Next, I skimmed the photos for anything that included a computer screen in the background, hand-written notes, or printed materials. Mostly, I found myself sifting through tons of blurry photos and pictures of pets, family events, and what looks like items people were photographing to sell, but I did land on a few interesting items.

On one SD card, I found photos of medical records for a guy I’ll call “Phil” (I changed the name). Those photos included personal medical details and his home address. On the same card were plenty of photos of him and a girl who I imagined must be his girlfriend alongside screenshots from dating applications like Zoosk. There was enough on the card for me to find him on Facebook in under a minute and confirm that they’re still together. It’s creepy how much you can learn about a person with only an old formatted SD card as a starting point.

On another card, a younger gentleman captured a snapshot of the email on his computer that contained his username, password, and the URL to log into a specific site.

Login Details

A third card included hundreds of photos that mostly just showed a college girl and her friends, her dog and the usual cellphone photo subjects. Looking closely at computer screens and other details in the photos, however, it wasn’t hard to determine her full name, dorm room number classes studied, place of employment, and more.

Less interesting were reminders, shopping lists, a school paper, and one recipe that looked worth trying.

How I recovered deleted files with an undelete program

To understand how files are recovered, it helps to first know a little bit about how they’re stored and deleted. When a file is stored, it’s data is stored in one area of your drive and a file pointer points to the first block of that data. When you click a file to open it, your computer simply references that first block and loads that file. When a file is “deleted”, your computer is really just removing the pointer to that file’s data and marking that space as free, but the data remains in tact. A standard “format” operation on a drive or card just removes all the file pointers, making all the space available for writing.

So-called “undelete” programs take advantage of this by scanning the storage space for any blocks of data that do not have file pointers. Such a program will then collect that data to it’s final block, give it a new file name, and store it in your recovery location, which should always be another storage device. Any parts of the data that were overwritten will be lost, so if you have something to recover, the best idea is to disconnect that drive and use recovery software on another computer to save your lost data.

The program I’ve had for years and which I used for this project is called LSoft Active@ Undelete Professional which currently costs about $45, but the standard version is only 20 bucks. There are other programs out there, but I can’t speak to their usefulness.

How to protect your files

If you’re like me, you’ll just never let that storage media out of your possession, but most people would prefer to sell or donate old hardware or drives that still work. So how to you keep your data safe from prying eyes? The key is to overwrite the data. When you overwrite the data, it makes it much harder for someone to recover it if at all. Your success at eliminating data may depend on the method you use. For example, simply deleting files or formatting the drive will leave your data wide open to anyone who knows how to get it back, but overwriting your data with something less private will make it much harder and using the Department of Defense 5220.22-M method (described more plainly here) will make data recovery virtually impossible.

I learned some things along the way

When I decided to conduct this experiment, I had a fairly narrow goal to see if I could find what a hacker would consider a successful haul of personalized information. Admittedly, I chose memory cards to keep the project cheap, allowing me to get storage media from many people affordably. I had not considered the types of information different devices might yield.

In my case, I procured a mix of SD, MicroSD, and Sony Memory Stick cards. Sony’s cards were popular for gaming and photography. SD Cards are often found in cameras and MicroSD cards have a variety of uses, including cell phone storage, small cameras, web/security cameras, etc. With this in mind, it’s not too surprising that the bulk of recovered files were photos.

This lends itself to the idea that a hacker could narrow his or her search by carefully selecting the storage device to sift through. If high-resolution photos were the goal then purchasing used cards that are specifically designed for high-speed storage would be ideal. In fact, the faster the write time, the more likely that card was purchased by its previous owner for video applications. If, on the other hand, a hacker wanted to get his or her hands on financial documents, spreadsheets or browser cookies and cache, desktop and laptop drives would be ideal. A hacker could even go so far as to target drives known to have been used widely in consumer computers to increase the probability of loosely-secured personal data, or server hard drives in search of corporate bounty.

What’s next

Currently, I’m shopping hard drive auctions and will be looking at other items that store information in internal memory for my next experiment. I’ll post on that soon, but in the meantime, be sure to truly wipe any storage media before sending it back out into the world.

Security Tip: 5 Easy Ways to Remember Your Strong Password

Wednesday, March 5th, 2014

With all the information we keep on our computers, our USB drives, our email accounts, and all other kinds of digital systems, it’s not rare to easily collect half-a-dozen passwords, or even more, that one needs to remember. Strong passwords are important, of course. And many times you simply can’t have the same password for multiple applications; what one system demands for a password might not be the same as another. While multiple passwords will certainly make it harder for prying eyes to get a hold of your data, it can also be counterproductive. Keep reading for 5 easy ways that you can remember your strong password.

Password memory

Use a Password Manager

Alright, this might be cheating, as you won’t technically have to remember much. But a password manager is a welcomed solution to the problem of having countless passwords to remember. With a password manager, you just remember one, and it will handle all the rest. Unfortunately, though, password manager only work on computers that they’re installed on.

Use Random Words You Love

The most secure passwords are the ones that are long and full of random characters. This makes them almost impossible to guess. It also defeats the vast majority of hacking attempts that try to break in through the sheer brute force of constantly entering option after option.

Unfortunately, random characters can be very difficult to remember. Random words, on the other hand, are much easier to commit to memory. Best of all, they have proven to be almost as secure when it comes to protecting your data. Try your first pet’s name, the street you grew up on, and the day of the month you were born on. Or have it be your favorite animal, your dream car, and your mother’s maiden name. Though opinions may vary about this, you can probably afford to write down a reminder—somewhere safe, perhaps in your cell phone—that simply says, “favorite baseball player, sister’s birthday, dream vacation.” That makes for an easy reminder that practically no one should be able to figure out.

Use Mnemonic Devices

Because random characters are such a strong password, there’s a very good argument to choose them. “I always get my password on the first try”, for example, can be changed to “Iagmpot1t.” This is an extremely strong password that’s easy to remember.

Write Down Your Passwords and Keep Them Safe

If you’re particularly concerned about forgetting all your passwords, it’s ok to write them down. However, it’s then of the utmost importance that you store them somewhere safe. They should be nowhere near the computer you use them for. So, if your passwords are for an office computer, keep them locked away at home. If you have a home office, consider writing them down in the back of a favorite book kept on a shelf in another room.

Rotate Passwords

Most systems that require passwords also require you to change them regularly. When possible, simply rotate your passwords through systems. This helps keep you from making countless passwords that you’ll have a hard time remembering. So long as none of your systems have been compromised, there’s no point in wasting a strong password.

Source:
http://www.macworld.com/article/2014040/how-to-remember-passwords-and-which-ones-you-should.html
http://www.techrepublic.com/article/tips-to-help-users-remember-their-password/

The AeroLife Newtrition Challenge

Wednesday, January 29th, 2014

This is a Sponsored post written by me on behalf of AeroLife™ for SocialSpark. All opinions are 100% mine.

As a fan of technology and innovation, I love seeing products that break out of the norm and do things different.  I think about these things when I watch science fiction movies set far into the future and the lead character gets his whole dinner in a pill while running off to save the day.  While I enjoy food far too much to advocate that, vitamins and energy boosts are prime candidates to be made more convenient.

Dr. David Edwards, a Harvard professor and founder of ArtScience Labs in Paris, France, agrees with me.  From his design and science work came AeroLife, powder energy, sleep, and immunity products that you draw into your mouth and swallow.  Sounds pretty sci-fi, right?  Of course, I just had to try it for myself and see what our future holds so they sent me a box of samples.

AeroLife

In the box was a combination of Energy, Sleep, and Immunity products as well as their travel pack which has one of each.

AeroLife Sleep was the first one I opted to try out.  I rarely have any problem falling asleep quickly, so it's hard to discern a difference there, but I did feel refreshed in the morning as expected and didn't quite feel the urge for my morning coffee just yet.  AeroLife Sleep delivers results by way of Melatonin, 5HTP and Magnesium citrate, packaged with a vanilla flavor.

Next up was Energy.  Of the Watermelon, Raspberry, and Mint flavors in the box, I tried Mint first.  The Mint flavor was not what I expected.  It didn't taste much like mint, and left a bit of an aftertaste.  Feeling optimistic, I tried Watermelon the next morning with better results.  The flavor was tasty for an energy powder, so I just won't be buying any Energy AeroLife in the Mint flavor.  So far, Watermelon is the favorite.  The science behind the Energy powder provides the equivelant of a large cup of coffee.  More specifically, 100mg of Caffeine as well as 2mg and 6mcg respectively of Vitamins B6 and B12 and 20mg of Niacin (B3).  Comparable to some of the energy drinks I've tried, it gave me a decent boost of energy.  Looking at AeroLife.com, the most expensive option to purchase AeroLife Energy puts it at about $2.50 per cartridge with 3-5 draws each, so it should be a lot cheaper than most energy drinks, too.

At the time of this writing, I've just tried AeroLife Immunity and haven't noticed any specific difference in how I feel over my normal regimen of gummy multi-vitamins, but I can tell you how it sizes up on paper.  My normal vitamins conatin a near-alphabet of vitamins.  For comparison, the ones included in AeroLife Immunity are Vitamin C (twice as much as my vitamin) and Vitamin D (75% as much as my vitamin).  My regular vitamin also contains 200% Daily Value of Vitamins B6 and B12, missing from the AeroLife product.  This is made up for by adding Selenium and Zinc 50% and 25% of their respective Daily Values.  All of these are good for metabolism, so it's a bit of a trade-off.

Using AeroLife products, the results were good, but the real story is the delivery.  You draw the particles into your mouth and then swallow them rather than taking a pill or gulping down an energy drink.

Because of its unique means of delivery, AeroLife is tiny and super portable.  I would love to have a handful of these in my backpack on a week-long hike or even keep a coulple in my desk drawer for quick use.  They've even got a refillable system in the works that should save waste and probably money soon.

Start your free trial now if you want to give it a shot yourself.  One thing the directions do not show is that the delivery system design allows for a little of the powder to spill out of the mouth end of the cartridge, so when your trial arrives, just keep that end up a little.

Visit Sponsor's Site