Slashdot Mirror
Microsoft Offers New Data-Security Scheme
bingly_beep writes "The BBC is reporting Microsoft's new user security measure, whereby users sensitive information is stored on their PC rather then online, as in their previous offerings, such as Passport. This sounds like a good idea, but any such system would surely require that the user definitely erases the HD on any machine they sell. Perhaps Microsoft should include an option, like 'Prepare this computer for resale,' which utterly destroys all data."
Pimp offers new "disease-free guarantee".
With spending like this, exactly what are "conservatives" conserving?
Sounds reasonable. I'll take ten.
Yeah, like THAT won't be hacked all to fvck by virus-writers. Great suggestion!
Doesn't installing windows automatically come with built in features that "destroy all data"?
The problem with the feature right now is that it happens when you least expect it, rather than when you'd actually want it to occur.
NetInfo connection failed for server 127.0.0.1/local
If they did include a prepare for resale "feature" that erased all data, it would be a big button on the desktop by default.
Was that snarky enough?
Perpare to destroy all data....wait...Windows is already installed!
there was a story a few minutes ago about a report that Windows security was better than Linux but then it came to light afterwards that it was MS funded but undislosed.
it seems to have disappeared and been replaced by this advert for MS doing good things for security?
Lay off on poor timothy. CmdrTaco is going through a messy divorce.
This could be good or bad. The data, stored on the computer, would not be on the Internet all the time and thus be safer. On the other hand, .Net has great security. A user with little computer knowledge would not protect his/her computer well enough from hackers, etc., which would leave the data "out there." I think that the latter is safer, however.
And, as stated in the article, there had better be a way to destroy all sensitive data if the user wishes to sell the computer.
INACTIVE ACCOUNT
So you either store the information locally, and run the risk of a local exploit thanks to the latest and greatest security hole, or you store the information online, and run the risk of the central site being compromised. The first will be more common but limit the data theft to only a single person, whereas the second will be much less frequent but will limit the data theft to the entire customer base.
In the grand scheme of things, they are both as flawed, just in differing ways.
Feed the need: Digitaladdiction.net
rather THAN damnit
please continue
This sounds like a good idea, but any such system would surely require that the user definitely erases the HD on any machine they sell.
Yes, because today it is perfectly ok to sell a system without erasing the hard drive. I mean for real, who stores private or important data on a computer?
Finkployd
Dupe.
[Your comment violated the "dupe" compression filter. Try less repetition. Article aborted.]
storing data on your PC ? it will never catch on , mark my words !
whereby users sensitive information is stored on their PC rather then online, as in their previous offerings, such as Passport.
wouldn't that lead to easyer spoofing?
I think that a universal sign-on is an awesome idea, but I don't think Microsoft can pull it off. Frankly, even outside of /., the general public is a little wary of Microsoft. To really pull it off, we'd need a trusted company to manage the actual technology. As in, a company that's not evil.
Google, are you listening?
Acius the unfamous
No it isn't.
Have you even looked at both links? They're entirely different.
I even believed you for a minute... it's not like dups are uncommon on slashdot, but WTF has storing data on your own hard disk got to do with a dodgy research paper?
Of course it is... this is Slashdot after all; journalistic integrity is a dirty concept in these parts.
MSFT's assumption is apparently that data stored on personal computers is more secure than on servers.
I'm not sure that this is necessarily true.
When you consider that the vast majority of computer users have no idea what a "firewall" is, and that MSFT's track record for security is poor to say the least -- its not obvious that storing sensitive data in designated locations on PC's is the safer route at all.
Some might say this is MSFT's way of passing the buck of responsibility to the end user rather than fixing the problem. Now if data is compromised fault could arguably lie with mom and pop rather than a Microsoft server.
------ The best brain training is now totally free : )
...is there something fishy about trusting Microsoft to manage confidential data?
Yeah, it's better than Passport, where they not only manage the data but store it too -- but for true privacy, shouldn't the relevant code be open for all to see? At least the encryption algorithm, anyway...
Paleotechnologist and connoisseur of pretty shiny things.
I think that Microsoft fails to see the only way to make their data secure: Disconnecting it from the internet completely.
Just running any Windows box online is a security risk, and until Microsoft figures out that our "precious" data can only be secure by having absolutely no connection to it, will anyone have no breakins. It would make more sense for Microsoft to offer some sort of "data security lock-box" on their own machines, where their data is stored on disconnected machines, where if needed, a direct request to Microsoft can be given.
Read the article. Sounds like they've made cookies, but more than one site can read them. My guess is you'd have to authorize the site to read them, but this is bad news.
If a site can trick you into hitting "OK," they could get your info.
Of course the site probably has to be registered with MS in some way. Maybe this is a way for Microsoft to offer a "secure browsing experience" that is also convenient. IE7 will likely view MS-approved sites as "higher security" than SSL approved sites.
Erasing or otherwise formatting a hard drive doesn't do any good to eradicate personal information. I've used these guys on numerous occasions to successfully recover data from hard drives that have been formatted, imaged, etc.
If you're going to sell a computer, swap out the drive containing your data for a new one. They're cheap. Hold onto the drive that houses your data.
SiO2
Fox has designed new security measures for chickens.
If the data gets compromised in a central Microsoft server, Microsoft is the only one to blame. If the data gets compromised on your home PC, Microsoft will blame you for failing to secure it properly.
Their idea of a secure "prepare for resale" function would probably erase the whole OS and all other Microsoft products (like Office), so that they would need to be purchased again.
taken! (by Davidleeroth) Thanks Bingo Foo!
I like the idea of a button with this function. But at the same time, it should back-up my Outlook addresses, save my bookmarks, transfer my MP3s to my file server, and then post my used computer listing on eBay.
Geek Of The Day, "A geeky place for geeky faces."
Yep, it's definatelly a dupe
What?
If the central server is holding all the info, users have a legit gripe against the company who just compromised their data.
If it's on the machine, it seems to be a use at your own risk proposition.
From a companies POV, one of these options is slightly more attractive. Plus, it can be spun as letting users have controll of their own data, and not some big evil corporation.
They are probably afraid of getting customer support calls from people who used that option to "see what it did", or from people who changed their mind and wanted their data recovered, or folks who thought that MS didn't really mean it when they said (with a huge red bold and blinking disclaimer no less) that all data would be erased. Ahd then they'd sue MS, OEM, and CompUSA for the emotional distress caused by the loss of their data.
If a hard drive always wrote its bits in the same place, there would be no problem. Data could be reliably erased. The problem is that as a hard drive ages it writes information slightly off track. The result is that the old information is often not erased completely. As you point out, the only reliable way to erase a hard drive is to utterly destroy it.
It's called fdisk isn't it?
One little linux command is all it takes, insert linux live CD and su -c"shred /dev/hda" and even the NSA would have trouble getting any data off the harddisk, windows license isn't transferable anyways. Fight software piracy, shred used Windows hard disks!
Apocalypse Cancelled, Sorry, No Ticket Refunds
This appears to be changing the burdon of security from microsoft to the end user. if you have a secure box this might be an improvement but for the average user this could create more problems then it solves. I trust a large server for secure authentication more than i trust the average windows box
Microsoft Windows is preparing your computer for resale. Please insert your Red Hat Linux CD now.
Physicist, consultant, science communicator
I suppose the could rename "Login to Windows" to "Destroy All Data."
We've seen it before. Who does not remember Trusted Computing? By the way, it it still around? Do I encounter it while using a Windows box? I will be biased here...it seems trusted computing cannot be trusted after all!
Perhaps people should just learn how to take care of their machines and clean up after themselves. Just like you have to wash your car, and change your oil, etc. Your average computer user needs to educate themselves enough to take care of the PC.
http://jayceecorder.blogspot.com
WHY THE FUCK is it so hard to master using Then and Than appropriately?????!!!!!!!
"Would it kill you to put down the toilet seat?" -- Maya Angelou
Perhaps Microsoft should include an option, like 'Prepare this computer for resale,' which utterly destroys all data.
/W:C:' (replace C with any drive letter), which simply fills all of the free space on a drive with '0', and then fills it with random values. Although it takes a while, it'll virtually destroy any chance of recovering permanently deleted files from the hard drive.
Actually, Windows XP has a tool similar to that, the command 'cipher
You could use Autoclave, but since it's being end-of-lifed, you could follow the Autoclave author's recommendation and use Darik's Boot and Nuke instead.
Give me my freedom, and I'll take care of my own security, thank you.
instead of shred, dd if=/dev/zero does the trick. Sure the FBI might be able to get the data, but not without cracking open the drive.
Or, as we like to call it, 'Prepare this computer for confiscation.'
philo
If your data needs more protection than that, consider removing the disk drive prior to sale and either keeping it (the HDD) or destroying it.
Another fine idea adopted from OS X. It's like stealing candy from a baby!
At least the candy is tasty.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
You'd have to erase the hard drive anyway -- isn't so that you aren't allowed to resell windows? It's a licence to use, not ownership.
I can imagine the new shutdown menu
Logoff jdoe
Shutdown
Restart
Hibernate
Prepare for resale
Of course I bet their too lazy to even add that feature, they'll require the manufactuers to put a bigass magnet somewhere safe in the box with a label on it saying:
In America, you spam computers In Soviet Russia, computers spam you!
Perhaps Microsoft should include an option, like 'Prepare this computer for resale,' which utterly destroys all data."
Seriously, use strong encryption and require a passphrase or something better to access the data. However, I dont know how secure this would be on a computer that has five or six different pieces of spyware installed.
-- john
It's a play against other systems. Don't use it. Deliberate platform incompatibility, when we're doing so well web-enabling everything. I don't want to be too tinfoil hattish, but I don't think there's a compelling reason to do it.
Read jack phelps dot net
You can use a 5/7/9 pass DOD overwrite. Or a 39-step Gutmann overwrite. Or the ultrasuperduperTFH method of... You get the idea. It takes a looonng time.
HDDs are cheap, especially one you've used so long you're going to sell the computer.
Take it apart & melt the disks. If you have a lot of them, just use a fish cooker.
"Reality is that which, when you stop believing in it, it doesn't go away." - Philip K. Dick
Perhaps Microsoft should include an option, like 'Prepare this computer for resale,' which utterly destroys all data."
t e.shtml/ to do the wiping.
Maybe I'm missing something here, but doesn't the format command do this already?
IMHO, if you're reselling a pre-built PC and have system recovery disks but don't wipe the HD and use the recovery disks to restore the system to the original condition, you're not doing it right.
In any case, there are free tools http://www.thefreecountry.com/security/securedele
Maybe I'm missing the obvious.
(and no, I don't know how to properly insert URLs)
Government's idea of a balanced budget: take money from the right pocket to balance...oh who am I kidding?
And, with Microsoft DRM, "My Computer" no longer means "the operator's computer", but rather "Bill Gates' computer that you use". When your own computer is controlled by MS DRM, what difference does it make if their HDs are in Redmond, or in your living room?
--
make install -not war
Save it on a /\/\^>+0[ 7200 rpm 120GB drive and wait.
http://www.carlostn1.com/ Check out free Deals
It makes me so mad I am going to loose it!
Perhaps Microsoft should include an option, like 'Prepare this computer for resale,' which utterly* destroys all data."
*see EULA for full details
If you think
Taking most if not all of your data with them. As an alternative, if you prefer not to rely on Window's crashes, try Darik's BootnNuke, which you can find on freshmeat.net.
Isn't this the same website the complains everytime Microsoft adds a new feature? Adding this could take away from the competition that sells such programs that delete your hard drive. Hell, even virus writers can't compete with that.
We can probably assume that Microsoft's previous "Safe ID" a.k.a. Passport can account for a portion of the high-tech (i.e. non-"other means") ripoffs. 200 million potential vulnerabilites and it's "popularity suffered". A masterful understatement.
If they have proven themselves completely inept at securing at storing 200 million passwords on one password server system, why would anyone think they could possibly secure one password on 200 million password server systems?
I suspect they're just drumming up new lock-ins for Longhorn. FTA: "would not confirm however whether the new info cards ID system will be built into the current Windows XP version or Longhorn". If i were a betting man...
--
Remember, it's never too late to have a happy childhood!
Prior to hare-brained schemes like Passport, where exactly does Microsoft think people stored sensitive information? That's what we have had keychains, vaults, and client certificates for, supported by browsers, operating systems, and add-ons.
Maybe this whole story is an attempt to create the false impression that this is new, breakthrough technology so that Microsoft can then patent "local disk storage of personal information"? Or maybe it's just an April's Fools joke.
Which would probably wipe the harddrive so that M$ would have to sell the new schmuck a new Windows license.
JMD
When all else fails, feel free to panic.
How many of you have relatives who call you when they can't see standard buttons in IE?T his is the wrong direction, users can't protect a pc, get serious. Save the stuff on a providers site who can be held accountable and make a buck.
I use a .308 Win. 2500fps beats your solution and guarantees every sector you hit will be unreadable.
Keeping the disk, pulverizing it completely, or throwing it into Mount Doom would seem to be the most reliable methods of ensuring security.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Haven't there been JavaScript breaches that allow web sites to gain access to local filesystems? No one can predict what security holes remain in Windows, so it's hard to say any new approaches would make personal data safer.
I don't even use Windows, have a BSD firewall, etc. but I still don't put account numbers in my finance program, for example. While I do use mailorder websites, at least my CC number is revokable. My checking account is not!
-- Microsoft is the most expensive commodity operating system and office suite vendor in the marketplace.
labelled "Secure Erase" or "Darik's Boot 'n Nuke" Hmmmm. Decisions, decisions, decisions...
The best 'Prepare this computer for resale' functionality would be for it to install linux.
Apart from the obvious benefits, unless you have a full version of XP (most people only have OEM), the licence is non-transferrable.
I like the idea of having TOTAL CONTROL of my sensitive personal information on **MY** machine and not theirs.
Control comes back to me. I dig that.
I do believe that MS would find some way to screw it up, though.
--- Grow a pair, liberals... stop letting the Republicans bully you!
Mod parent up!!! I totally agree!!
ha busted
San Francisco (Star Date 2505.0401) -Today Dr. Noonan Singh announced a new scheme for securing Data.
"Hundreds of attempts over the centuries failed to develop any system storing massive amounts of information that can be conveniently accessed, yet NOT susceptile to abuse" he intoned. "Human beings are just too gosh darn good at breaking systems that other people have designed, especially when motivated by money or curiosity."
"But now we have The Answer: a positronic brain with a strict moral code hard-wired into the lowest level of its structure. Surely, this system can NEVER be used for evil!!!"
--- Attorneys Assisting Citizen-Soldiers & Families -
From the shred manpage:
/dev/null to /dev/hd? is also useless for this same reason.
F ile_Wipe
CAUTION: Note that shred relies on a very important assumption: that
the filesystem overwrites data in place. This is the traditional way
to do things, but many modern filesystem designs do not satisfy this
assumption. The following are examples of filesystems on which shred
is not effective:
* log-structured or journaled filesystems, such as those supplied with
AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)
Ie, shred is useless. Also of note is someone's idea to write
Also of note is that this applies to Windows users (NTFS) as well!
For more information check http://http://www.infoanarchy.org/wiki/index.php/
The basic idea is summarized here:
There are several ways to securely wipe files when using journaling filesystems:
1. Store data that needs to be wiped on a partition (slice, volume, or drive) that uses a non-journaling filesystem. For example, users of Windows can use a Z: drive formatted with FAT32, and users of GNU/Linux can use a partition formatted with Ext2.
2. Store data that needs to be wiped on a partition that is encrypted using Hard Disk Encryption. This eliminates the need to use a secure wiping mechanism for individual files.
3. Store data on a temporary partition using any journaling or non-journaling filesystem. When it is time to wipe all files, use a tool such as Eraser or Wipe to securely wipe the entire partition.
4. Physically destroy the hard drive after use by melting the hard drive. (Passing a magnet over the hard drive will not work.)
Ie... There is no method for proper undelete protection of journalled drives. Better have your thermite ready!!
Someone pointed out to me that it seems a bit odd that when berkeley got their laptop stolen w/ everyone's computer data that apparantly berkeley can't be bothered to do what nearly everyone who uses a laptop on a mac and anything vaguely "sensitive" (typically quicken data etc) takes for granted: Encrypted file system. On a mac this is as easy to do as clicking "security" from system preferences and hitting filevault on. Given the number of times Los Alamos, CIA, colleges keep losing sensitive info on laptops there's got to be an equivalent on windows? (My understanding is its something called EFS) Does anyone here use it? I am curious why this isn't enabled by default on laptops or administrators of laptops in universities, feds etc etc etc. On a mac its trivial to turn this on (its AES 128 bit). Linux has cryptfs which is blowfish 128 bit. Surely this is in place in the windows world at this point?
-bloo
...cookies!
Keep reading that man page. That only comes into play if you are shredding a mount point/filesystem. Just shred the device file and you are golden.
For more information check out this link.
For the lazy, here is a summary:
Many modern operating systems such as Windows XP (NTFS), Mac OS X ( [[HFS+]] ), and GNU/Linux with a kernel version greater than 2.4 (Ext3, JFS, ReiserFS, and XFS) have the ability to use a journaling filesystem that makes complete erasure of data unlikely.
There are several ways to securely wipe files when using journaling filesystems:
Store data that needs to be wiped on a partition (slice, volume, or drive) that uses a non-journaling filesystem. For example, users of Windows can use a Z: drive formatted with FAT32, and users of GNU/Linux can use a partition formatted with Ext2.
Store data that needs to be wiped on a partition that is encrypted using Hard Disk Encryption. This eliminates the need to use a secure wiping mechanism for individual files.
Store data on a temporary partition using any journaling or non-journaling filesystem. When it is time to wipe all files, use a tool such as Eraser or Wipe to securely wipe the entire partition.
Physically destroy the hard drive after use by melting the hard drive. (Passing a magnet over the hard drive will not work.)
So, basically... there is no proper way of protecting yourself from undelete data recovery methods, if you use a journalled file system, aside from keeping some thermite handy!
If you ask me, we should all be encyrpting our data partitions by now!
Perhaps Microsoft should include an option, like 'Prepare this computer for resale,' which utterly destroys all data.
Consider data loss guaranteed
The only downside, I would imagine, would be physical loss of the device.
If you sell the old PC, remove the USB thumb drive and use it with the new box.
That only applies when you're shredding individual files, as when you mount a device, there exists an abstraction layer. If you shred the device file, what it does is fill every single byte of the hard disk with garbage, overwriting everything, including the filesystem itself.
Just wanted to update and say that, you can safely erase an entire hard drive (even with a journalled filesystem) if you unmount it, and wipe it (ie side step the filesystem driver). This is pretty easy to do in Linux, not sure about Windows... although I know one good method would be to use the hard drive manuacturers low level formatter (running it 3 or 4 times should be enough).
But once again, be wary of any file erasure programs like the one mentioned by the grandparent post. You need to take care that your usage of them is not in vain!
you should format the hard drive fully anyway if you are re-selling a computer, since when you get a copy of windows YOU get the licence, no-body else. so unless you supply a licence for windows too, and dont remove windows from the drive, you could be breaking the law.
portfolio
nuff said? I wish they would fix the stuff that is broke now instead of creating new headaches for everyone.
Join the Slashcott! Feb 10 thru Feb 17!
The fastest data erasers in use today are made by Smith & Wesson... not to mention the fun that can be had while using that ol' hard drive for target practice!
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Oh, like the setup program?
Sounds a lot like they've re-invented Roboform.
Who stores data so secret that the hard drive needs to be physically destroyed before selling it? If you have data that's this important & secret, you don't read Slashdot. I mean c'mon, all this fuss over, what, credit card numbers? Jesus, anybody with a web browser can get stolen credit card numbers. Credit card users aren't liable for illegal/unauthorized activity on their cards, so what's the big deal here?
I don't respond to AC's.
the ONLY way to securly wipe a hd is with a blow torch. no if's, no buts. the fact that ms are doing this proves to the world they don't have a clue about security
If you mod me down, I will become more powerful than you can imagine....
Data is information, especially that stored in a battle to the horse and zebra.
If you're not going to be true, in an age of lies. Whatever it is that it is that this is necessarily true.
Data is information, especially that stored in a computer.
The problem is that those who bear arms then have a problem with the instigators victimized. The means to quench a selfish lust brings eden's demise. Mass-murder, demonic cruelty. Absolute fascism. To end the enslavement and slaughter, the antidote is veganism. Microsoft is not a way of life at all in any true sense. Under the clouds of war, it is a comedy for those who hunger and are not respected. The enforcement of, for example, right to trial, has now become arbitrary.
Earth to editors... this word "definatelly" has so many things wrong with it, it's incredible. I don't know that there are even a finite (or finate) number of problems with it. Hardly (or hardelly) something worthy of slipping by the editors
When you change homes, your banker/broker/phone/cable companies will come to your old home, and destroy all records pertaining to your relationship wiht them, so that your move to the new house is "safe".
Puhleeze. Your PC is your posession. Protect it as you would your wallet/safe/wife/significant other etc.
http://linux.slashdot.org/linux/05/03/30/2252229.s html?tid=98&tid=172&tid=201&tid=106
I can't stop laughing reading that...
As always, MS creates the problem (making people store personal information online) and comes as the big, clever and almighty savior after that (well, it's more secure if you keep your data to yourself). But I can't decide between laughing and crying...
They're calling it the Next Generation Secure Computing Base.
It's mostly a Longhorn thing, though as with all things Longhorn bits of it seem to get retrofitted into XP.
Basically, it's the old adage "Put all of your eggs in one basket, first making sure it's a really, really good basket." This "new data security scheme" is the "eggs in one basket" part; the Next Generation Secure Computing Base is the "make the it's a really, really good basket" part.
The theoretical aspects are solid: compartment data like crazy, use lots of crypto to keep them separated, and try to make it easy enough to use that people don't end up putting everything in one compartment. Whether you actually trust MS to implement that theory is another matter.
Translation, "lets just keep that 'control' stuff away from the consumer..."
The system would differ from its previous attempts to make online transactions more secure, said Microsoft.
While Passport and Hailstorm stored user information centrally on the net, the latest system will store data on a user's PC.
Yeah, we know how secure most folks Windows PCs are; Microsoft will tell you, just ask em!
"It's going to put control of digital IDs into the hands of an end-user, the end-user will be in full control," said Mr Stephenson. ...
How come I am left with the suspicion that "End User" and "Consumer" are two totally different things here.
"Enjoy what you're doing! If it becomes drudgery, you're doing it wrong!" - Jim Butterfield
How original, Microsoft! I have two kewl names you could give your wonderful service to protect files and passwords. How about, uh, "Keychain" and "FireVault". Those sound kewl. I just can't wait for Longhorn!
http://www.apple.com/macosx/features/security/
Isn't the point of Passport to allow you to use the secured information from any computer, not just your own? If the information is stored on my computer, rather than a Passport server, then it seems I lose the ability to automatically log in to many different services just by logging into Passport. And I can't automatically provide to web sites the secured information like credit card number or whatever else I stored in Passport from a computer other than my own.
it'll probably get a BSOD when you do that and it gets half-way done and then the option to erase disappears from the menu.
Don't press the big red button.
Yeah? And what is that?
Yeah... That's never gonna happen. So how exactly do they plan to offer a new data-security scheme? By fixing their bugs? They've been saying that for 20 years."It's going to put control of digital IDs into the hands of an end-user, the end-user will be in full control," said Mr Stephenson.
Microsoft - get with the program and impliment liberty - here's the info you need http://www.projectliberty.org/.
I don't make predictions, and I never will.
Why not save to a USB dongle or a SmartCard.
<g>
or as encripted data on a software RAID of totally mixed up USB dongles;
ie: Store it, unplug all 12 identical USB dongles, hand them all to someone un-numbered in a bag.
(I would almost bet you can't recover data from that)
Then again, don't ask me to recover it; even if you gave me the encription password!
</g>
I am the unwilling control for my Origin.
Either that, or he really hated the thing and wanted to destroy it, or hated the techno geeks that wanted to take it home.
Or, assuming MSFT gave a "prepare computer for resale", etc option, the software could simply nuke the sectors containing this (and other) sensitive data.
Otherwise, yes it takes a long time to blank out a 300GB HD if you're trying to clear out the whole damn thing...
Check out the latest version of QuickBooks Pro. It will not run under a normal user account, and there is no reason for QuickBooks to need the lower level access you are talking about. You are right about the games though. But hey we all want the workstation that is doing the financials wide open to get hacked.
Sledgehammer followed by a bonfire or wood burning stove ought to do it. Ever wonder why there are no harddrives at government auctions?
Who will guard the guards?
Unfair!
The original post from the editors read:
How come they can change that, but we can't edit our comments?
What happens to all the existing data of the users stored in the central server of passport.
No, formatting or even repartitioning will guarantee that data will be erased. I found a software program that can recover NTFS files long after the partition was corrupted, reformatted, even after the hard drive was repartitioned, but you probably knew this.
What is needed is to overwrite random data to all sectors of the drive.
Calling atheism and agnosticism a religion is like calling bald a hair color.
Yeah, but what about the following fictitious example text?
Dan Rather then wrote "rather then" in his notes, rather than using the word than properly.
Other than that, I agree. It was an example of bad grammar.
Shattering the drive does nothing. Even individual flakes of magnetic material will be large enough to extract dozens of sectors. Melting or converting to fine dust is really the only way to destroy the data.
I don't believe that you can trust PGP/GPG or shred to do the overwriting task. Think about the way data is stored on the hard disk platter, and realize that the writing head may be slightly mis-aligned (read: by a tiny tiny amount) when writing, and as a result, ends up writing a bit/byte in 'most of the place the bit/byte should land on the platter'. Fact is, reading off the platter reads the most likely bit/byte, but if you were to replace the head/hardware that reads the platter and instead use a super-precise read head, you could read many generations of overwritten data due to the fact that writing data does not flips 100% of the electrons/particles and that writing many times over the same place may result in writing at slightly different locations.
A more secure way of permanently erasing a hard disk would be to use an extremely powerfull degaussing wand (like those used to erase video tapes). Those device works by alternatively changing the electromagnetic poles, which totally scrambles the hard disk platter. Please take note that a video-tape-degaussing-wand very likely isn't powerfull enough to even affect the hard disk.
-marton
All they have to do is install a service that runs as admin/root to do that access then use IPC to talk to the game that is in UserMode. DUHH!!!!!
How hard is that.
Or just dump the (C) checks, everyone knows that if games NEVER got copied, prices would be the same, because marketforces/marketing/common prices NEVER change. If they get XX % profit today, then they wont lower their profits just to be NICE to customers when they only care about the shareholders.
Liberty freedom are no1, not dicks in suits.
Perhaps Microsoft should include an option, like 'Prepare this computer for resale,' which utterly destroys all data."
Well, as soon as I see a Linux distribution that offers a similiar option (i.e. point, click, destroy all user home directories), then we can start throwing stones at MS.
Realistically, it's not necessarily a bad idea to keep everything in a standardized directory but to make sure that it is encrypted with a user-prompted password to prevent malicious software from randomly going through it without permissions/authorization/consent.
Here I thought the remembered passwords and stored data in my Firefox browser were located on mozilla.org. Silly me -- they're on my hard drive.
- Michael T. Babcock (Yes, I blog)
Headline: Microsoft Offers New Data-Security Scheme
I see a lock icon and a stapler icon attached to this story. But I don't see a foot. Where's the foot? C'mon, Slashdot editors, this is pure comedy gold and you know it!
I don't think anyone has noted that if Microsoft controls your OS, security wise it doesn't matter if they store the info on your computer or theirs. Your computer is their computer.
The other merits of course are:
- any info losses are your fault not theirs
- ms not responsible for viruses
- use your hardware so they don't have to buy more
- they don't have to secure their hardware
- ms comes out looking like they care even
- ms has a reason to be getting data from your pc
- another channel to drm enforcement
- fbi might make a case for being able to get in there, another beachhead into your pc if you don't have wmp or ie.
I've been told by our security folks (lets just say you're familiar with who we are) that a degauser strong enough to kill a modern hd would be so powerfull it would bend the disks in half.
Take that as you will... I've never bothered to look it up.
"whereby users sensitive information is stored on their PC rather then online"
Come on people. How many times do we have to make the Slashdot crowd look like a bunch of uneducated DnD nerds to the rest of the world? Could someone please talk to the editors about the difference between "then" and "than"?
Linux lower privileged user can run games burn cds and get stuff done.
Microsoft bigest problem is they don't have a clue how to setup a lower privileged user without cutting the users nuts off.
Or how about a new virulent exploit means that in the space of an afternoon, data is stolen from thousands of individuals. Remember that we are talking about a pretty homogenous environment, spreading the data may not offer much protection.
Xix.
"Everything is adjustable, provided you have the right tools"
And offers to pull out of data-security market.
"Freedom and Justice for All" is a registered trademark of The United States Govt Inc. Not available in all areas.
I am not a proponent of this system, but I know a little bit about this stuff.
The Info-cards concept is mainly the brainchild of Kim Cameron, who was one of the architects for a directory server called, "ZoomIT", before it was bought by Microsoft. It is now the essential core of what we all know as Active Directory. So in that sense, the designer of the iCards is also a chief designer of AD. He described this whole solution to me several months ago, although the devs at MS were calling them "vCards" at the time. He claimed, "its like your email Vcard, but with X.509 tossed in," (digital signatures).
You can read his blog, where he postulates and proselytizes about identity, including setting forth a semi-formal set of "Laws of Identity"; essential criteria which any distributed identity system must satisfy. Like Passport (didn't). Like pingID. Like Sxip. Like i-Names. Etc., etc.
The MS guys actively follow identity trends on the Internet today. They didn't say this, but I am quite certain that they were not huge fans of Passport, knowing the technical and privacy risks associated with centrally stored identity data. Duh.
I'm sure they let Passport die. They knew it was not a workable solution. Fundamentally, the type of identity applications for which Passport was designed would never have worked if they had culminated in massive web services buy-in. How could it? Do you "sign in" to user forums (like this one) with huge requirements for security and privacy? So why would you use the same system for banking??? And that, literally, was the mission for Passport years ago! Single-signon for the web! w00t!
No. You probably don't sign in to discussion forums with the expectation of security that you would your email. Most forums and pages and all that fun stuff that we slashdotters built for fun in the late nineties is fair game for this. And who of us wanted to actually store a database of users and names and stuff for just a silly forum? And I think thats what infoCards is. It allows you to share info about yourself without an actual authentication (as we know it). Remember what Cameron said, he said it was "V-Cards with some X.509 tossed in". V-Cards are basically a set of data that you write, or even... data that is written about you and digitally signed. Name, gender, date of birth, etc. So whatever you wanna "tell" to your forum page about yourself when you sign in, you'll actually authenticate to that little local datastore they put into windows. Then this unlocks those little tidbits of info that you're sharing. You're not going to auth to the webpage (or maybe you will, but its again a super low assurance mechnism and no one expects it to be anything more than that).
So... you will authenticate locally. Want heftier security for that? Cool. Then buy our cool little one-time password token... :-)
So, once you've authenticated to your little datastore, you get to decide whom you're sending your data to. So there will be some mechanism by which you get to authenticate them. Kim said this had to be omnidirectional, right? So you're making sure that the World of Warcraft forums are indeed whom you're telling your gender to or favourite colour, etc. Then this stuff gets all packaged up and sent over the wire to wherever its supposed to go. Maybe its encrypted. Maybe its signed. Maybe its cleartext. Depends on the app. And the forum writer doesn't even have to be running Windows to accept that data.
So what is infoCards?
Low assurance localized authentication, user-controlled data exchange, nodal verification and built with personal or 3rd-party assertions about that information.
Its pretty smart, IMHO most of th
> Take it apart & melt the disks. If you have a lot of them, just use a fish cooker.
can I use a deep fryer alternatively ?
cat
'nuf said...
I'm not a prophet or a stone-age man,
I'm just a mortal with potential of a super man.
*** Perhaps Microsoft should include an option, like 'Prepare this computer for resale,' which utterly destroys all data." ***
Not the best of ideas - this option might also enforce any eulas and, say, prevent the next user from using the XP OEM key that came with the computer, or enforce other obscure rules that are buried in the fine print.
Your best bet is to overwrite your existing data, then reformat and reinstall the OS. Or, if you're truly paranoid, keep the hard drive and let the new owner buy their own.
Umm... most people already have their sensitive info on their hard disks anyway.. Anyone who uses quicken will have many more things to worry about than their hotmail password if their computer is stolen or if they forget to erase the HDD before they sell the machine.
However, with USB keys becoming cheaper than sand, I don't think it'll be long before everyone simply carries a secured, encrypted USB device that has their pertinent info on it...
and don't forget to store secure information in a non-journaled filesystem. Cause overwrite is a lie.
When you delete a file, the data stays exactly where it is on the disc; but the space it has been taking up is marked as "free for re-use". Windows usually tries to use this space up last of all, which makes it hard to be sure that a deleted file has been overwritten. {DOS used to re-use it straight away, until people complained that that made it harder to recover files.}
.WAV files. These are uncompressed, therefore they take up lots of room -- about 2/3 of a gigabyte for a full CD album. On this occasion at least, big files are what you want. In fact, rip as many CDs as you can find. If you have a scanner, scan some pictures at a high DPI setting, and save them as uncompressed .BMP files.
The basic objective is to create a load of junk files, taking up all the room on the hard disc drive, before you delete the files you want rid of. Then create some more junk; and because you created so much junk earlier, the only possible place your computer will have left to put this new junk will be over the top of where your unwanted files used to have been. Once magnetic data has been overwritten, it's gone forever. So don't delete anything yet!
You probably have loads of junk data lying around that you can use. Rip a music CD as
Keep scanning and ripping -- or even just making copies of the files you created earlier {but note, they must be real copies, not shortcuts} -- until you run out of disc space. {Watch the disc usage meter}.
Now, and only now, delete the "sensitive" files.
Now you have some room again, create more junk files, until you run out of disk space again. Then try creating smaller files -- rip shorter songs, scan smaller bits of picture, or use a compressed format -- until you have absolutely no room to save anything else.
Delete just some of your junk files, defragmentate the hard disc -- this will shuffle things around the disc surface -- and delete the rest of the junk.
Now if anyone tries recovering anything from the drive, all they will get is the junk you put there.
Je fume. Tu fumes. Nous fûmes!
You sir, are an idiot. Plenty of data recovery companies are able to put the shattered bits back together.
THE ONLY WAY to ensure the HD is completely unrecoverable is to melt it down. Completely melt it down. Get it?
Melt
it
down
Have you got a microwave? Google for instructions on turning it into a kiln and use that.
I think we should ask MS to include a 'Prepare this computer for theft' feature, too.
If it isn't true, don't say it. If it isn't helpful, don't say it. If it's true and helpful, wait for the right time.
Um.. Keychain? Hello!? Stole from Mac a bit?
This is basically a good idea (as others have pointed out).
Note that this goodness is totally dependent on who controlls your computer. If you stay in control, then things are good (at least in theory it will be your fault if you give away the info). With things like "Trusted Computing", this can turn into a really bad idea really fast. Think about it, if Microsoft controls what programs can run you computer, they control everything. If Bill doesn't like someone, he tells your computer to refuse to deal. (More accurately, he tells his program to refuse, and also tells your computer to refuse to run any other program).
Also, think about the privacy issues - any program that is signed by Microsoft will be able to rummage through all your stuff. Do you trust Microsoft (or anyone) to have that power and never make any mistake?
Recover This! - Drive Slagging | Complete Data Destruction
GrimRC
isn't it spelled definitely?
GrimRC
If the deep fryer will raise the media above its curie temperature. And then you have to hold it there for a while.
But I'd use the fish cooker without a pot--just the butane flame.
(Actually, where I come from it's called a crawfish boiler)
"Reality is that which, when you stop believing in it, it doesn't go away." - Philip K. Dick