Slashdot Mirror

← Back to Stories (view on slashdot.org)

Not-So-Clean Hard Drives For Sale

Posted by timothy on from the oops dept.

Saeed al-Sahaf writes "The Register is running a story about a security consulting company that as part of a study bought hard drives and laptops on eBay, and then was able to recover highly sensitive data including customer databases, financial information, payroll records, personnel details, login codes, and admin passwords for their secure Intranet site. This is a bit scary considering all of these drives were supposedly formatted and sold for surplus by major companies (although few of us actually use the multiple formatting standards of the DoD). Looks like it's hardly necessary for crooks to get at your private information, although I sure industrial espionage spooks have probably done this for awhile." Shades of the recent post about recovering sensitive contents from swap partitions.

9 of 436 comments (clear)

  1. Learn something!! not scaremongering!! by kiwioddBall · · Score: 5, Insightful

    Perhaps more useful than yet another pointless scaremongering exercise would be for the company that now owns the drives to go back to the companies that they bought them off to find out how they were erased so we could find out how not to do it, and where they were not successful in recovering info to go back to those companies to find out how they did wipe that info properly.
    The point is to learn something from it.

    1. Re:Learn something!! not scaremongering!! by 1u3hr · · Score: 4, Insightful
      Perhaps more useful than yet another pointless scaremongering exercise would be for the company that now owns the drives to go back to the companies that they bought them off to find out how they were erased

      From the wording of the story, it's not clear that the drives were erased at all -- it says 'all of had "supposedly" been "wiped-clean" or "re-formatted"', which makes it seem likely to me that this is not some high tech recovery from wiped space, but simply taking advantage of negligence. Other stories have highlighted this as a consequence of outsourcing of disposal to companies which are supposed to do this before selling them, but neglect to. A company shouldn't let a disk off the premises without wiping it themselves -- it's a trivial process, as many other posts are detailing their favorite methids I won't bother. The sad consequence is that many potentially useful machines will now be destroyed out of paranoia and cosntribute to computer waste

  2. If you're really paranoid about your data... by WIAKywbfatw · · Score: 5, Insightful

    If you're really paranoid about your data then don't sell your hard drives, even if you have used US DoD-levels of formatting. Duh.

    Rather than make a few tens of dollars selling an old drive, take it apart, and burn the platters until they're nothing more than dust. Problem solved.

    --

    "Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
  3. This is why... by DaHat · · Score: 3, Insightful

    Personally speaking, I've never given away or sold a HD in my life... not that I'm paranoid about what might be on it, I find it a good practice to use em until they die, even if it's only a few extra gigs.

    --
    Help Brendan pay off his student loans
  4. I'm going to rip a line from Schnier(sp?) by foidulus · · Score: 4, Insightful

    and say that if your company's secrets are that valuable, the safest way to get rid of hard drives is just to scrap them. Laptops are a slightly different story, but how much can one actually expect to get off an auction of an old hard drive off of ebay? By the time you figure in all the auction fees, labor to ship them etc, I would bet that the companies probably don't make that much. It might just be safer to eat the cost than to try to sell them. It all really depends on the value of your secrets.

  5. Re:Just Destroy The fucking Things! by neuro.slug · · Score: 5, Insightful

    Why destroy something that is perfectly reusable? We waste enough resources as it is. If anything, give them away to low-budget institutions in need. I'm sure the cost of low-level formatting a bunch of drives really isn't all that high.

    Waste = bad.

    -- n

  6. Re:Active KillDisk by afidel · · Score: 5, Insightful

    Ah, but with modern disk drives it's basically impossible to be sure that you are writing to the same physical location. The magnetic domains are so small with GMR that temperature fluctuations of just a few degrees can throw off the alignment enough to ensure that complete erasure is not possible.

    --
    There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  7. Re:Eraser (GPL) by asdfghjklqwertyuiop · · Score: 3, Insightful

    What The HELL does a program's license have to do with its quality? Geez, talk about GPL zealotry!


    Its not about the licesne you dolt, its about source code visibility. If you can't see the source code, then you can't easily sure what the program is really doing.

  8. Re:Low level it. by 0x0d0a · · Score: 3, Insightful

    Last think I want is HIV or some nasty cuts from broken glass or metal shit.

    Phone handsets or doorknobs are generally *far* worse from a sanitary perspective than just about anything else. All the communicable respiratory diseases have been nicely cultured on the doorknobs by people sneezing on their hands and then operating the knob.

    Heck, your ancestors survived tromping around in the mud, barefoot, getting stabbed, clawed, bitten, stung, and so forth. You have an immune system and regenerative abilities that are awfully tough to muck with. Now, *cars*...*cars* are scary. Not many people die each year from scorpion bites, but tens of thousands of people die each year from auto accidents in the United States. And you probably have a road out right in front of your house!

    As Neal Stephenson put it -- you're a stupendeous badass. You come from a long line of stupendous badasses. Anything that wasn't a stupendous badass is now dead.

    --
    May we never see th