Posted by
ryuzaki0
on from the god-bless-america dept.
hph writes: "CNN.comreports that 'The Pentagon believes it has found a way to give its old computers away to American schools and still protect information locked in the machines' hard drives.'" I hope this story amuses you all as much as it did me.
Re:Its only UNCLASSIFIED data...
by
miniver
·
· Score: 5
Congratulations. You have failed the first test for a security clearance. Just because the data is unclassified, you can't assume that the data isn't still sensitive.
As an example, suppose you have a spreadsheet that details the fuel consumption for a group of F-16s, and another spreadsheet that details fuel purchases for an air base. Individually the spreadsheets are unclassified information, but together they are sensitive, because from the two spreadsheets you can deduce a great deal about the missions and deployments for that group of F-16s. Even months after the fact, that information is still sensitive, because it can be used to make predictions about that air group.
Are you moderating this down because you disagree with it,
-- We call it art because we have names for the things we understand.
Re:not very interesting
by
RovingSlug
·
· Score: 5
Agreed. Slashdot's presentation totally misrepresented the actual story.
See, rather than applauding the Pentagon for giving away (!) computers (!!) to schools (!!!), and rather than commending the Pentagon for reversing an existing policy (the path of least resistance would have just destroyed those hard drives), Slashdot decided to flex its techno-elitism and show just how snobby some geeks can be.
So, if some people at Slashdot would stop desperately trying to mock any and all mainstream journalism about computers, perhaps they'd see the actual value of this story.
Re:Slashdot editors strike again!
by
gmhowell
·
· Score: 5
>>Is it just me, or does it seem to anyone else like Slashdot's editors 1) can't read, and/or 2) are easily amused?
Since most of the readership falls into both of these categories, why shouldn't the editors?
-- Jesus was all right but his disciples were thick and ordinary. -John Lennon
Politics and Security don't mix
by
tbo
·
· Score: 5
This is a very bad decision, which I'm sure is being mad for political and not security reasons. From the article:
Others supported it after an audit found sensitive information such as lists of names and addresses had been left on hard drives of donated computers. Though unclassified, they said such cases still present risks.
This is entirely true. There's a lot of information that, when taken individually, isn't dangerous, but, when combined with large amounts of other info, could present a security hazard. Maybe one piece of unclassified info says the Air Force is building a new stealth fighter, and another piece of info is an Air Force requisition order for 20 tons of titanium. Put 2 and 2 together, and you know that the new fighter will be made of titanium... (Example borrowed from The Cuckoo's Egg). Also, are you sure that none of those computers was ever used for classified information?
Now I know the Slashdot editors (and more than a few Slashdotters) think that they're left-wing 31337 political h4X0rs, and that the Pentagon is completely incompetent, but maybe, just maybe, you should do some fucking research before your criticize somebody.
Completely deleting data is very, very hard. Wiping a drive securely against a determined and experienced foe may take more than 20 passes. Considering the physical security at most schools, giving the drives to schools is as good as handing them to the Russians/Chinese/Martians or whoever is the enemy of the day. If the drives haven't been properly wiped, you might as well give them accounts on all the DoD computer networks so they don't have to steal computers from school kids. I also would say it's a lot easier to smash a drive into itty bitty pieces and burn them than it is to properly erase it.
When dealing with national security, one should generally err on the side of caution.
Finally, for all you sysadmins and security experts out there, how would you like it if politicians with no computer knowledge whatsoever were second-guessing all your security decisions, while making sure you'd still take the fall if anything went wrong?
Re:Recovery of second and third generation deletio
by
tbo
·
· Score: 5
... even the computers that had classified information on their harddrives should be allowed to be re-used.
No, no, no! Information can be recovered long after the second or third overwrite. Here's my
source. And that's just what the public knows how to do. Who knows what the NSA and their foreign counterparts can manage.
Remember that, when dealing with data security, you don't just need to worry about what your enemy can do now, you need to worry about their capabilities 20 years from now. If the data has to stay secure for 50 years, then the only choice is to destroy the drive (we may have nanotech by then, and then you'd probably be able to uncover everything that was ever written to the drive).
Please, people, the NSA and the Pentagon have people who know way the fuck more about security than you or me. Leave matters of national security up to them, and go back to worrying about how to make your home linux box secure... Write to your politicians, and tell them to stop meddling. Getting 486s for schools may sound like a noble cause, but if it costs the lives of American soldiers 5 years from now, was it worth it?
Re:dd is not good enough to erase data
by
sconeu
·
· Score: 5
Having written several disk purge (not declassification -- once it's classified, it's classified) routines, I feel qualified to comment.
You don't just "dd if=/dev/zero of=/dev/rhd0".
There are several standards for purging media, such as DoD 5220-28M, and AFR 205-16. They specify the means of purging various media, ranging from core to disk to tape.
The smartass comment about "dd" was totally unwarranted. Also, if hph had bothered to READ the article, he'd have seen that DoD was simply reverting to the earlier policy of wiping (unclassified) disks and donating the computers, instead of destroying all disks.
Even the posters don't read the fscking articles any more.
-- General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
dd is not good enough to erase data
by
Baki
·
· Score: 5
At least a simple dd if=/dev/zero of=/dev/hda is not. There are still ways (disassembling the drive and analyzing the magnetic surface carefully) to retrieve old data written before a constant bit pattern was written, and I'm sure the Pentagon does take such possibilities (difficult, but it can be done) seriously. A real good erase must write several different bit patterns in a row to make sure the original bits have been changed several times. The story isn't as stupid as some might think.
Re:dd is not good enough to erase data
by
OmegaDan
·
· Score: 5
My question is -- if all this data can be recovered in 3rd or 4th generation wipes... why can't they make a hard drive that exploits this to double its capacity ?
This covers a series of 22 overwrite patterns that are formulated to ensure proper destruction of any trace information on RLL- and MFM-encoded hard drives. It goes into some detail about the ways electron microscopy may be used to recollect trace information. Other patterns exist, and I'm expecting the DoD or NSA has even more rigorous schemes.
Unfortunately, raw degaussing of a whole hard drive device often disables the device's ability to operate in the future, or is not strong enough to ensure the destruction of the data.
Everyone's talking about 'dd' - to my knowledge it's not a Windows utility. My hunch is that most of these computers are Windows systems, meaning we (taxpayers) have paid for a license. Unless the gov't has immaculate record keeping and can provide the license for Windows (and the media to restore it) the recipients of these systems are going to pay again for a Windows license. True, not everyone will put Windows on, but my guess is that a majority of them will be put back in service with Windows on them.
Re: several times over?
by
F00Fmaster
·
· Score: 5
Seems a little funky
Yes, it is very, ah, 'funky'. You can use magnetic analysis of the drive to get back data written to it a long time ago. Basically, the only way to actually remove data from a drive is this:
Overwrite about a dozen times with pseudo-random noise, not just zeros. Simply overwriting with a constant pattern (just zeros [000...] or just ones [111...], or just a pattern [01010101...]) is easy to read through in magnetic analysis. You can do this from the command line: dd if=/dev/urandom of=/dev/hda
Use a cryptographically secure number to write truly random data over the drive, to which no pattern can be found. This is the hardest step, and it should be done several times.
Finally, wave a magnet over it to scatter the remaining magnetic field. This shouldn't really be so much a 'wave' as a 'continuous bombardment that goes on for several hours', but the idea is the same.
Then, finally, you also format the drive. Simply formatting it or simply running 'dd' does nothing to prevent the people the Pentagon is afraid of from getting the data.
It isn't so much about reading back single bits, but about reading whole files, in which a single bit or two might be slightly damaged. For example, read the following sentence:
Th` new b`mber is m`de of tritanium oxid`.
The meaning of the sentence remains intact, even when four or five characters are lost. In the same way, quite a great amount of data can be uncovered by reading large chunks of data, even if you can't retrieve everything to the bit. Making these decisions based on politics and not security is a dangerous choice. I hope the Pentagon thought about it very seriously. Of course, with the Presidents virtually giving away our nuclear missile designs, there isn't much left to protect, but still the issue stands.
Slashdot Mirror
Congratulations. You have failed the first test for a security clearance. Just because the data is unclassified, you can't assume that the data isn't still sensitive.
As an example, suppose you have a spreadsheet that details the fuel consumption for a group of F-16s, and another spreadsheet that details fuel purchases for an air base. Individually the spreadsheets are unclassified information, but together they are sensitive, because from the two spreadsheets you can deduce a great deal about the missions and deployments for that group of F-16s. Even months after the fact, that information is still sensitive, because it can be used to make predictions about that air group.
Are you moderating this down because you disagree with it,
We call it art because we have names for the things we understand.
Agreed. Slashdot's presentation totally misrepresented the actual story.
See, rather than applauding the Pentagon for giving away (!) computers (!!) to schools (!!!), and rather than commending the Pentagon for reversing an existing policy (the path of least resistance would have just destroyed those hard drives), Slashdot decided to flex its techno-elitism and show just how snobby some geeks can be.
So, if some people at Slashdot would stop desperately trying to mock any and all mainstream journalism about computers, perhaps they'd see the actual value of this story.
>>Is it just me, or does it seem to anyone else like Slashdot's editors 1) can't read, and/or 2) are easily amused?
Since most of the readership falls into both of these categories, why shouldn't the editors?
Jesus was all right but his disciples were thick and ordinary. -John Lennon
Now I know the Slashdot editors (and more than a few Slashdotters) think that they're left-wing 31337 political h4X0rs, and that the Pentagon is completely incompetent, but maybe, just maybe, you should do some fucking research before your criticize somebody.
Completely deleting data is very, very hard. Wiping a drive securely against a determined and experienced foe may take more than 20 passes. Considering the physical security at most schools, giving the drives to schools is as good as handing them to the Russians/Chinese/Martians or whoever is the enemy of the day. If the drives haven't been properly wiped, you might as well give them accounts on all the DoD computer networks so they don't have to steal computers from school kids. I also would say it's a lot easier to smash a drive into itty bitty pieces and burn them than it is to properly erase it.
When dealing with national security, one should generally err on the side of caution.
Finally, for all you sysadmins and security experts out there, how would you like it if politicians with no computer knowledge whatsoever were second-guessing all your security decisions, while making sure you'd still take the fall if anything went wrong?
... even the computers that had classified information on their harddrives should be allowed to be re-used.
No, no, no! Information can be recovered long after the second or third overwrite. Here's my
source. And that's just what the public knows how to do. Who knows what the NSA and their foreign counterparts can manage.
Remember that, when dealing with data security, you don't just need to worry about what your enemy can do now, you need to worry about their capabilities 20 years from now. If the data has to stay secure for 50 years, then the only choice is to destroy the drive (we may have nanotech by then, and then you'd probably be able to uncover everything that was ever written to the drive).
Please, people, the NSA and the Pentagon have people who know way the fuck more about security than you or me. Leave matters of national security up to them, and go back to worrying about how to make your home linux box secure... Write to your politicians, and tell them to stop meddling. Getting 486s for schools may sound like a noble cause, but if it costs the lives of American soldiers 5 years from now, was it worth it?
Having written several disk purge (not declassification -- once it's classified, it's classified) routines, I feel qualified to comment.
You don't just "dd if=/dev/zero of=/dev/rhd0".
There are several standards for purging media, such as DoD 5220-28M, and AFR 205-16. They specify the means of purging various media, ranging from core to disk to tape.
The smartass comment about "dd" was totally unwarranted. Also, if hph had bothered to READ the article, he'd have seen that DoD was simply reverting to the earlier policy of wiping (unclassified) disks and donating the computers, instead of destroying all disks.
Even the posters don't read the fscking articles any more.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
At least a simple dd if=/dev/zero of=/dev/hda is not. There are still ways (disassembling the drive and analyzing the magnetic surface carefully) to retrieve old data written before a constant bit pattern was written, and I'm sure the Pentagon does take such possibilities (difficult, but it can be done) seriously. A real good erase must write several different bit patterns in a row to make sure the original bits have been changed several times. The story isn't as stupid as some might think.
For a fairly exhaustive paper regarding the secure deletion of data, see the Gutmann paper on USENIX.
Secure Deletion of Data from Magnetic and Solid-State Memory by Peter Gutmann
This covers a series of 22 overwrite patterns that are formulated to ensure proper destruction of any trace information on RLL- and MFM-encoded hard drives. It goes into some detail about the ways electron microscopy may be used to recollect trace information. Other patterns exist, and I'm expecting the DoD or NSA has even more rigorous schemes.
Unfortunately, raw degaussing of a whole hard drive device often disables the device's ability to operate in the future, or is not strong enough to ensure the destruction of the data.
[
Everyone's talking about 'dd' - to my knowledge it's not a Windows utility. My hunch is that most of these computers are Windows systems, meaning we (taxpayers) have paid for a license. Unless the gov't has immaculate record keeping and can provide the license for Windows (and the media to restore it) the recipients of these systems are going to pay again for a Windows license. True, not everyone will put Windows on, but my guess is that a majority of them will be put back in service with Windows on them.
creation science book
Yes, it is very, ah, 'funky'. You can use magnetic analysis of the drive to get back data written to it a long time ago. Basically, the only way to actually remove data from a drive is this:It isn't so much about reading back single bits, but about reading whole files, in which a single bit or two might be slightly damaged. For example, read the following sentence:The meaning of the sentence remains intact, even when four or five characters are lost. In the same way, quite a great amount of data can be uncovered by reading large chunks of data, even if you can't retrieve everything to the bit.
Making these decisions based on politics and not security is a dangerous choice. I hope the Pentagon thought about it very seriously. Of course, with the Presidents virtually giving away our nuclear missile designs, there isn't much left to protect, but still the issue stands.