Moe Trin wrote:
> In the Usenet newsgroup alt.os.linux.suse, in article
> <dc88tq$1914$1@godfrey.mcc.ac.uk>, Roy Schestowitz wrote:
>
>>houghi wrote:
>
>>> James Knott wrote:
>
>>>> A couple of years ago, there was an incident in Canada, where
>>>> someone bought a used computer that contained bank customer records.
>>>> While the disks should have been erased, before the bank released the
>>>> computers, encryption would have also prevented access to the data.
>
> It's not the only time that's happened
>
>>> The best way is to not sell the HD at all if there was sensitive data on
>>> it. The few dollars you make from it are not worth the risk, or at least
>>> sell them without an HD.
>
> One still has to dispose of the drive in some manner. In the USA, the
> DOD has established procedures for doing so. People with government or
> military contracts should contact the Contracting Officer's Representative
> (or equivalent) for very specific requirements that may apply to you.
>
>>Even a standard format will not be help and there are commercial (READ:
>>expensive) products that will do a repeated format, which is also
>>time-consuming.
>
> Have a look at the Bugtraq mailing list - if you don't want to subscribe,
> check your news server for newsgroups that mirror the list, SUCH AS
> mailing.unix.bugtraq or muc.lists.bugtraq. Over the past week or so,
> this subject (which has been discussed to death more times than you can
> count) was again brought up - look for threads with the subject "Peter
> Gutmann data deletion theaory?" (sic). Gutmann, at the University of
> Auckland, produced a paper in 1996 entitled "Secure Deletion of Data from
> Magnetic and Solid-State Memory" which was presented at the Sixth USENIX
> Security Symposium Proceedings, in San Jose, California in July of that
> year. Try http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html as
> the source, but google likely will find dozens of mirrors. If you find a
> copy, make sure it has an 'Epilogue' section after the 'Conclusion'
> section, and before the 'Acknowledgments' and 'References' sections.
>
> 1. "Formatting" has never done a f*cking thing to the data on a hard disk.
> It's still there, period. Formatting destroys SOME of the tables that tell
> where the data is, but does nothing to the data itself.
>
> 2. So-called "low level" format, which creates the sectors, and tracks on
> a platter can ONLY be accomplished in the factory - and has been this way
> for over ten years, since zone formatting (variable number of sectors per
> cylinder to achieve uniformly high data density on the disk) became the
> norm. Modern drive electronics CAN NOT DO a low level format. This concept
> is a throwback to the days of MFM drives in the 1980s.
>
> 3. For data officially classified up to US Secret, the choices of
> degaussing, destruction of the drive, or a 3 pass wipe are acceptable
> methods for disk
> sanitation. Source: DOD Manual 5220.22-M chapter 8 subsection 306.
> BUT, see your Contracting Officer's Representative if this _may_ apply to
> you.
>
> 4. For data officially classified above US Secret, the ONLY acceptable
> method is the destruction of the drive. Source: as above, with same
> caveat.
>
>>Like James said, it's not worth the few dollars.
>
> Actually, I believe houghi wrote that.
>
>>What kind of person buys a hard-drive in order to scrape data off of it
>>anyway?
>
> I rather doubt that many do - but there is a growing business that will
> (for a fee, but some do it for free) "sanitize" the disk before recycling
> it, either for resale, or disposal, just to avoid accidental identity
> theft. If you dispose of a disk, and it has information of value - bank
> account numbers and passwords, old love letters, or pictures of you with
> that hamster wrapped in duct tape - someone may be tempted to take
> advantage of that.
>
>>When I bought my SD card for my Palm, the previous owner, who had a Clie,
>>did not even bother deleting the files from it.
>
> That's nice. Are you willing to guarantee that everyone in a similar
> situation will be as trustworthy?
>
> You have Linux (although other O/S have similar capabilities). Want to
> clean
> a disk AND not required _by law_ to do something specific? Simple:
>
> dd if=/dev/zero of=/dev/hdX bs=1048576 count=999999
> dd if=/dev/one of=/dev/hdX bs=1048576 count=999999
> dd if=/dev/zero of=/dev/hdX bs=1048576 count=999999
> dd if=/dev/one of=/dev/hdX bs=1048576 count=999999
> dd if=/dev/zero of=/dev/hdX bs=1048576 count=999999
> dd if=/dev/one of=/dev/hdX bs=1048576 count=999999
> dd if=/dev/urandom of=/dev/hdX bs=1048576 count=999999
>
> where /dev/hdX is the device name of the entire disk in question, and
> 999999 is the size of the disk in megabytes. That's overkill, but it's
> just mindless work for the computer, so who cares. You want to write to
> the entire disk with one pattern (zeros) to avoid disk caching problems.
> Then repeat with the other patter. The final wipe of /dev/urandom is the
> icing
> on the cake. Only problem is that if there were data blocks swapped out
> with spares (a fault tolerance mechanism on most modern disks), the data
> that _was_ on the bad blocks is still there, and might be accessible by
> someone using factory software to reset the bad blocks list, or someone
> removing the platters and reading them in another drive. That's why you
> would want to be using an encrypted file system from the start.
>
> Old guy
Well stated!
Interestingly enough, the issue of formatting came up yesterday in another
newsgroup that I participate in. It appears as if many people begin to
worry about safety and security of their data these days; much more than
they did in the past. The IBM fingerprint authentication (IBM T42 running
Linux) was the point of focus in that discussion. Firmware avoids access
from another computer, fingerprint authentication (maybe key) enables
restricted access to data on the original machine/housing.
Roy
--
Roy S. Schestowitz
http://Schestowitz.com
|
|
