Slashdot Mirror
Microsoft Offers New Data-Security Scheme
bingly_beep writes "The BBC is reporting Microsoft's new user security measure, whereby users sensitive information is stored on their PC rather then online, as in their previous offerings, such as Passport. This sounds like a good idea, but any such system would surely require that the user definitely erases the HD on any machine they sell. Perhaps Microsoft should include an option, like 'Prepare this computer for resale,' which utterly destroys all data."
Pimp offers new "disease-free guarantee".
With spending like this, exactly what are "conservatives" conserving?
Yeah, like THAT won't be hacked all to fvck by virus-writers. Great suggestion!
Doesn't installing windows automatically come with built in features that "destroy all data"?
The problem with the feature right now is that it happens when you least expect it, rather than when you'd actually want it to occur.
NetInfo connection failed for server 127.0.0.1/local
there was a story a few minutes ago about a report that Windows security was better than Linux but then it came to light afterwards that it was MS funded but undislosed.
it seems to have disappeared and been replaced by this advert for MS doing good things for security?
This could be good or bad. The data, stored on the computer, would not be on the Internet all the time and thus be safer. On the other hand, .Net has great security. A user with little computer knowledge would not protect his/her computer well enough from hackers, etc., which would leave the data "out there." I think that the latter is safer, however.
And, as stated in the article, there had better be a way to destroy all sensitive data if the user wishes to sell the computer.
INACTIVE ACCOUNT
So you either store the information locally, and run the risk of a local exploit thanks to the latest and greatest security hole, or you store the information online, and run the risk of the central site being compromised. The first will be more common but limit the data theft to only a single person, whereas the second will be much less frequent but will limit the data theft to the entire customer base.
In the grand scheme of things, they are both as flawed, just in differing ways.
Feed the need: Digitaladdiction.net
rather THAN damnit
please continue
This sounds like a good idea, but any such system would surely require that the user definitely erases the HD on any machine they sell.
Yes, because today it is perfectly ok to sell a system without erasing the hard drive. I mean for real, who stores private or important data on a computer?
Finkployd
whereby users sensitive information is stored on their PC rather then online, as in their previous offerings, such as Passport.
wouldn't that lead to easyer spoofing?
No it isn't.
Have you even looked at both links? They're entirely different.
I even believed you for a minute... it's not like dups are uncommon on slashdot, but WTF has storing data on your own hard disk got to do with a dodgy research paper?
MSFT's assumption is apparently that data stored on personal computers is more secure than on servers.
I'm not sure that this is necessarily true.
When you consider that the vast majority of computer users have no idea what a "firewall" is, and that MSFT's track record for security is poor to say the least -- its not obvious that storing sensitive data in designated locations on PC's is the safer route at all.
Some might say this is MSFT's way of passing the buck of responsibility to the end user rather than fixing the problem. Now if data is compromised fault could arguably lie with mom and pop rather than a Microsoft server.
------ The best brain training is now totally free : )
...is there something fishy about trusting Microsoft to manage confidential data?
Yeah, it's better than Passport, where they not only manage the data but store it too -- but for true privacy, shouldn't the relevant code be open for all to see? At least the encryption algorithm, anyway...
Paleotechnologist and connoisseur of pretty shiny things.
I think that Microsoft fails to see the only way to make their data secure: Disconnecting it from the internet completely.
Just running any Windows box online is a security risk, and until Microsoft figures out that our "precious" data can only be secure by having absolutely no connection to it, will anyone have no breakins. It would make more sense for Microsoft to offer some sort of "data security lock-box" on their own machines, where their data is stored on disconnected machines, where if needed, a direct request to Microsoft can be given.
Read the article. Sounds like they've made cookies, but more than one site can read them. My guess is you'd have to authorize the site to read them, but this is bad news.
If a site can trick you into hitting "OK," they could get your info.
Of course the site probably has to be registered with MS in some way. Maybe this is a way for Microsoft to offer a "secure browsing experience" that is also convenient. IE7 will likely view MS-approved sites as "higher security" than SSL approved sites.
Erasing or otherwise formatting a hard drive doesn't do any good to eradicate personal information. I've used these guys on numerous occasions to successfully recover data from hard drives that have been formatted, imaged, etc.
If you're going to sell a computer, swap out the drive containing your data for a new one. They're cheap. Hold onto the drive that houses your data.
SiO2
If the data gets compromised in a central Microsoft server, Microsoft is the only one to blame. If the data gets compromised on your home PC, Microsoft will blame you for failing to secure it properly.
I like the idea of a button with this function. But at the same time, it should back-up my Outlook addresses, save my bookmarks, transfer my MP3s to my file server, and then post my used computer listing on eBay.
Geek Of The Day, "A geeky place for geeky faces."
They are probably afraid of getting customer support calls from people who used that option to "see what it did", or from people who changed their mind and wanted their data recovered, or folks who thought that MS didn't really mean it when they said (with a huge red bold and blinking disclaimer no less) that all data would be erased. Ahd then they'd sue MS, OEM, and CompUSA for the emotional distress caused by the loss of their data.
One little linux command is all it takes, insert linux live CD and su -c"shred /dev/hda" and even the NSA would have trouble getting any data off the harddisk, windows license isn't transferable anyways. Fight software piracy, shred used Windows hard disks!
Apocalypse Cancelled, Sorry, No Ticket Refunds
Microsoft Windows is preparing your computer for resale. Please insert your Red Hat Linux CD now.
Physicist, consultant, science communicator
You could use Autoclave, but since it's being end-of-lifed, you could follow the Autoclave author's recommendation and use Darik's Boot and Nuke instead.
Give me my freedom, and I'll take care of my own security, thank you.
Or, as we like to call it, 'Prepare this computer for confiscation.'
For general purposes, yeah, but if someone is intent on getting at your data, with a lot of work they can still get to it. All deleting a partition with fdisk does is destroy the partition information, so it looks like unallocated space on the drive. It never actually deletes the data.
Or you could do "shred -z /dev/hda" which is MUCH more secure. It will write over the drive 25 times w/ random data (you can change it with the
-n' switch to any number you want), and then write zeros to the disk.
You can use a 5/7/9 pass DOD overwrite. Or a 39-step Gutmann overwrite. Or the ultrasuperduperTFH method of... You get the idea. It takes a looonng time.
HDDs are cheap, especially one you've used so long you're going to sell the computer.
Take it apart & melt the disks. If you have a lot of them, just use a fish cooker.
"Reality is that which, when you stop believing in it, it doesn't go away." - Philip K. Dick
All that does is write over your data with a 0. It is complicated, but it is VERY easy to recover formatted data. What you need to do is white is 7+ times with random data.
We can probably assume that Microsoft's previous "Safe ID" a.k.a. Passport can account for a portion of the high-tech (i.e. non-"other means") ripoffs. 200 million potential vulnerabilites and it's "popularity suffered". A masterful understatement.
If they have proven themselves completely inept at securing at storing 200 million passwords on one password server system, why would anyone think they could possibly secure one password on 200 million password server systems?
I suspect they're just drumming up new lock-ins for Longhorn. FTA: "would not confirm however whether the new info cards ID system will be built into the current Windows XP version or Longhorn". If i were a betting man...
--
Remember, it's never too late to have a happy childhood!
Prior to hare-brained schemes like Passport, where exactly does Microsoft think people stored sensitive information? That's what we have had keychains, vaults, and client certificates for, supported by browsers, operating systems, and add-ons.
Maybe this whole story is an attempt to create the false impression that this is new, breakthrough technology so that Microsoft can then patent "local disk storage of personal information"? Or maybe it's just an April's Fools joke.
Which would probably wipe the harddrive so that M$ would have to sell the new schmuck a new Windows license.
JMD
When all else fails, feel free to panic.
I use a .308 Win. 2500fps beats your solution and guarantees every sector you hit will be unreadable.
From the shred manpage:
/dev/null to /dev/hd? is also useless for this same reason.
F ile_Wipe
CAUTION: Note that shred relies on a very important assumption: that
the filesystem overwrites data in place. This is the traditional way
to do things, but many modern filesystem designs do not satisfy this
assumption. The following are examples of filesystems on which shred
is not effective:
* log-structured or journaled filesystems, such as those supplied with
AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)
Ie, shred is useless. Also of note is someone's idea to write
Also of note is that this applies to Windows users (NTFS) as well!
For more information check http://http://www.infoanarchy.org/wiki/index.php/
The basic idea is summarized here:
There are several ways to securely wipe files when using journaling filesystems:
1. Store data that needs to be wiped on a partition (slice, volume, or drive) that uses a non-journaling filesystem. For example, users of Windows can use a Z: drive formatted with FAT32, and users of GNU/Linux can use a partition formatted with Ext2.
2. Store data that needs to be wiped on a partition that is encrypted using Hard Disk Encryption. This eliminates the need to use a secure wiping mechanism for individual files.
3. Store data on a temporary partition using any journaling or non-journaling filesystem. When it is time to wipe all files, use a tool such as Eraser or Wipe to securely wipe the entire partition.
4. Physically destroy the hard drive after use by melting the hard drive. (Passing a magnet over the hard drive will not work.)
Ie... There is no method for proper undelete protection of journalled drives. Better have your thermite ready!!
Someone pointed out to me that it seems a bit odd that when berkeley got their laptop stolen w/ everyone's computer data that apparantly berkeley can't be bothered to do what nearly everyone who uses a laptop on a mac and anything vaguely "sensitive" (typically quicken data etc) takes for granted: Encrypted file system. On a mac this is as easy to do as clicking "security" from system preferences and hitting filevault on. Given the number of times Los Alamos, CIA, colleges keep losing sensitive info on laptops there's got to be an equivalent on windows? (My understanding is its something called EFS) Does anyone here use it? I am curious why this isn't enabled by default on laptops or administrators of laptops in universities, feds etc etc etc. On a mac its trivial to turn this on (its AES 128 bit). Linux has cryptfs which is blowfish 128 bit. Surely this is in place in the windows world at this point?
-bloo
Frodo tosses hard disk into volcano. Not very far away, a tower in Redmond crumbles as a giant bespectacled eye glaces around in terror. Outside the Gates of mordor, a troll-like figure is about to stomp on the penguin's head. When the hard drive melts, Ballmer lifts his mishapen head, takes his foot off the penguin, and shambles confusedly into the night.
Don't blame Durga. I voted for Centauri.
Keep reading that man page. That only comes into play if you are shredding a mount point/filesystem. Just shred the device file and you are golden.
For more information check out this link.
For the lazy, here is a summary:
Many modern operating systems such as Windows XP (NTFS), Mac OS X ( [[HFS+]] ), and GNU/Linux with a kernel version greater than 2.4 (Ext3, JFS, ReiserFS, and XFS) have the ability to use a journaling filesystem that makes complete erasure of data unlikely.
There are several ways to securely wipe files when using journaling filesystems:
Store data that needs to be wiped on a partition (slice, volume, or drive) that uses a non-journaling filesystem. For example, users of Windows can use a Z: drive formatted with FAT32, and users of GNU/Linux can use a partition formatted with Ext2.
Store data that needs to be wiped on a partition that is encrypted using Hard Disk Encryption. This eliminates the need to use a secure wiping mechanism for individual files.
Store data on a temporary partition using any journaling or non-journaling filesystem. When it is time to wipe all files, use a tool such as Eraser or Wipe to securely wipe the entire partition.
Physically destroy the hard drive after use by melting the hard drive. (Passing a magnet over the hard drive will not work.)
So, basically... there is no proper way of protecting yourself from undelete data recovery methods, if you use a journalled file system, aside from keeping some thermite handy!
If you ask me, we should all be encyrpting our data partitions by now!
Perhaps Microsoft should include an option, like 'Prepare this computer for resale,' which utterly destroys all data.
Consider data loss guaranteed
Just wanted to update and say that, you can safely erase an entire hard drive (even with a journalled filesystem) if you unmount it, and wipe it (ie side step the filesystem driver). This is pretty easy to do in Linux, not sure about Windows... although I know one good method would be to use the hard drive manuacturers low level formatter (running it 3 or 4 times should be enough).
But once again, be wary of any file erasure programs like the one mentioned by the grandparent post. You need to take care that your usage of them is not in vain!
Either that, or he really hated the thing and wanted to destroy it, or hated the techno geeks that wanted to take it home.
Sledgehammer followed by a bonfire or wood burning stove ought to do it. Ever wonder why there are no harddrives at government auctions?
Who will guard the guards?