Slashdot Mirror
Governmental Servers Wiped? Never!
Geoff writes with a story from Australia: "Eighteen AIX servers purchased from government via auction -- none of them had data removed from them. Ticket Vending and Validation source code, Payroll, Finance, Emails and Customer complaints. All there on every server; they were even nice enough to include some old backup tapes. At ~$14USD per server, it's amazing how cheap personal information has become."
They're just rushing to get rid of the things without properly preparing them. Kinda like this attempt at a firt post!
Always going forward, 'cause we can't find reverse.
Who's going to be taken out the back and shot quietly for that one?
* That they have sold a bunch of servers laden with personal information for hardly any money at all, or
* Somebody out there is still running AIX
Why are we suddenly complaining about Government being too open?
this is why I love living in Australia! Nobody takes anything too seriously (except beer and sport, which we take very seriously)
And what, ever since I posted to /. about finding the best way to *really* wipe a harddrive I've gotten about 45 emails telling me all kinds of ways to sort out this kind of problem (I still get emails about it, and the posting was more than three years ago). Everything from a quick thermite burn to breaking into a telco exchange for some ultra-high-current bit rearrangement.
those government types just beed to think outside the box a little more. hell, why settle for thermite - these boys have access to our nuclear arsenal!
===== Warble://VX
In Australia, hard disks wipe you !
Odd, this is'nt the case where i work. some of the boxes that gets decomissioned there are wiped by a low-level formatting before they're passed on. Goes to show that they don't seem to care a lot about the potentially confidential information that might be stored on em.
htop(top on stereoids): http://htop.sf.net
Interesting, that the blogs subtitle is:
:D
If it's not on fire, then it's a software problem.
Looks like you're about to have a hardware problem
At ~$14USD per server, it's amazing how cheap personal information has become.
:)
:)
$14 USD? You got ripped off.
A few years back, some guy wearing a workmans uniform and holding a clipboard wandered into the (iirc) customs building here in Australia. Carted off one of the servers from a machine room, and no-one stopped them, or remembered what they looked like.
Slashdot remembers
Makes me proud to be an aussie sometimes
Its kind of hard to get rid of your data on a hard drive. You are lucky if it works, then you can try 'dd if=/dev/zero of=/dev/xxx'. However, if first thay laid off their aix staff, employed some windows engineers, then they decided to sell those aix boxes... Well, well :)
Your task is even harder if you have a hard drive that ceased operating. There exists companies like http://www.kurt.hu/ that have state of the art technology to retrieve data from damaged hard drives. If you need your data: good for you. If you'd like to get rid of it for sure: better take good care of it...
Makes you wonder how many governmental organizations even know how important properly disposing of a computer can be.
Or if the government really cares. Who's going to arrest them? There's no risk of punishment here.
if this guy planned on doing anything with the data, he probably wouldn't have blogged about it. He would copy the data, wipe the disks and pretend that he had seen nothing.
Then at a later date, he could do his evil work using that data.
Therefore, this particular blunder is nothing to get worked up about, but the potential for future blunders is.
Because we have rules which force government agencies to keep data for a certain amount of time. To get around this much of the data that was to be covered by this was wiped before the rules came into force :)
Matt Thompson - Actuality - Insert product here.
Secondly, where the hell can anyone get a server for $14. Even if this is a dual p200 pro, that can still make a good home email server. At one point and time, that server was probably the best available. It is just a matter of finding old enough software to use.
And since we are talking servers, maybe someone can give me adivce. I want to start an on-line forum. I expect a maximum load of 100 people at the same time maximum, with an avarage load of 15-25 people. I was looking and Dell has some servers that are around $400 for a P4. But someone told me for a database you NEED a dual Xeon or the database will be super slow. So I looked on ebay, and found some dual Xeon 650's with 1 gig for $400-600 (most come with 3 scsi hard drives in raid). This beats the $1600+ that Dell wants for a dual Xeon 2.2ghz. On ebay, I even found a quad Xeon 550 with 1 gig memory and 5 9.1 scsi cheeta hard drives for less than half of the Dell Xeon. But I don't have any OS that will use 4 CPU's.
What do I need?
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
It's .. um .. transparent government. Yeah, that's it.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
At least then you know that if the drive dies and you don't physically destroy it, for somebody to copy the data they'll have to do more than just get the drive going again.
PCB board failures are the problem. The drive won't work, yet the data on the platters is likely to still be good. PCB failures are also fairly easy to recover from - just go to ebay to buy a second hand drive of the same model, and swap the PCBs over. If it is easy for you to do, it is also easy for your adversaries.
Even if you sell a working drive, as long as you don't provide the customer with the passphrase for the encrypted filesystem where your important data resides (I'm sure I don't have to point out how stupid doing that would be), you can be sure that the above story is unlikely to happen to you.
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
This is a Career Limiting Move for someone!
for sale at an government auction for ~$20 AUD a server
To me, a more serious problem is why I didn't make a bid myself...$20 for a server!...
Just wondering. He bought the computer and its contents from the government, so does he have rights to the source on the box?
Anyone?
People also mistakenly think that it is a lot more. No. That's why I mentioned http://www.kurt.hu./ Not very cheap, but not exclusive either. And they get out the bare disks in their laboratory, and read the data without even the mechanics working in the drive.
Twice.
Stuart
It's all fun and games until a 200' robot dinosaur shows up and trashes Neo-Tokyo... Again
-AT
Working in a DevOps shop is like playing in a band made up entirely of keytarists.
...we don't let a hard drive out the door. All storage media(disks, tapes, CD/DVD, etc) remain in the buildings unless encrypted(laptops) or we are certain they contain no protected data - such as educational CDROMs, etc. Everything else is dismantled and destroyed. For example, CDs and HDD platters are sanded, tape is shredded.
Anything that goes to auction is diskless, and we cannot return a drive under warranty as it's impossible to securely erase a faulty drive, or, for that matter, a good drive - think bad sector remapping.
We're Federal Government, not State, BTW.
You really thing that the government is going to let a couple of pissy little regulations get in the way of accidentally distributing personal information? I don't think so.
I have heard a similar story about two guys in blue overalls walking out of David Jones (or some other department store) carrying a big-screen TV, and noone stopped them either.
Makes me proud to be an aussie
Y'know, it's interesting to note that all our greatest heroes are thieves and brigands. Go Aussie!
that stuff about database performance is pure BS. I use my 700mhz p3 256MB RAM laptop for web (php) development, and I run a mysql database on it. Stress testing shows that it can handle over 20 requests per second without breaking into a sweat I'd say you need a masimum of 1ghz with 512mb of RAM
$14 for an AIX server, shipping and handling costs more, carrying them to the trashbin costs more. This is really a good deal, even for really old machines.
Anyway, if you do not want anybody to get the data, format the disks, low level if possible, remove the disks, open them up and use sanding paper on the platters before destroying them by bending or cutting them in two. Should do the trick.
My wife's sketchblog Blob[p]: Gastrono-me
We bought a second hand server from ebay which was from someone that buys ex govt stuff from auctions and it had a backup tape in it from the Brisbane Magistrates Court (Australia)
If you have signed all usual secrecy and privacy forms before.
The best you can do is to sent STA a stiff invoice for professional data sanitation. Fix ther wagon!
If you are outraged, tell the STA Union their members details were leaked because a slack security (any excuse to strike), tell the State Auditor, tell tax, and the privacy commissioner. Butts will be kicked.
The auction mob were slack, they are meant to wipe the data, and remove all identifying stickers. But the real blame lies higher up.
Conclusions. The STA are as reliable as their timetables, and going to windows will be more risky than ever, if their admins default everything.
it's good to know that in this cold mechanical corporate world, humans still some times make mistakes. obviously the best thing to do was rub their noses in it, and maybe even get someone fired. Hey it got you hits. what happened to mateship? would it have been so ethically wrong, to contact the seller, say they may have made a mistake, and took steps to rectify the situation? sure it's negligent, but c'mon, we are still human
Mirrors:
1 8zk.png
- MirrorDot.
- Coral CDN.
The images on the main site have been switched over to use CoralCDN
Currently pushing out just over 2Mbit's:
http://img49.imageshack.us/img49/9388/slashdot073
http://www.expatica.com/source/site_article.asp?su bchannel_id=19&story_id=13469&name=The+Dutch+news+ in+October+2004
see october 7th 2004
Some taxi-driver found it, discovered that it had very sensitive information about some current open cases on it, and a lot of personal stuff that could make the prosecutor vulnerable for blackmail etc. when in the wrong hands.
These things just show that some state organisations (or the people working there) have really too little awareness of handling computer data the right way. Actually this year we had a case in the netherlands where some secret state report ended up in an upload filesharing folder of the person working on it, and thereby just could spread all over. I think people working at such positions really should be instructed on safe computing, especially at home or using laptops, the risks are pretty high that data can get stolen.
molmod.com - computing tips from a molecular modeling
o wait, this is the goverment, nevermind
it's normal here to recover servers from public administration sites, having them perfectly working with all data inside :)
Would be too much aggro to do the job right.
threadeds blog
The UK's Data Protection Act, especially as it pertains to medical data, is remarkably strict.
Nonetheless, it came as no surprise to me that, when I worked at a medical centre and they upgraded all their machines, the old ones were merely dumped in the attic before being carted off by the local Council's binmen.
I asked about this (not in terms of security, but because I wanted the machines). Apparently UK companies have to PAY the Council to removed old computers, as part of some enviromental legislation. I offered to take them away for free, naturally.
The only reason I didn't get any "protected" data along with them was because I'd previously wiped it off. But even that was little more than a standard "empty recycle-bin" - it likely wouldn't stop anyone who knew what they were doing.
It's all very well having data protection policies, but unless you tell officials HOW to erase data, it won't be done.
Argh.
These servers could be nicely rehabilitated with Linux, however. In fact, they might make excellent testbeds for developers who wish to compile for Linux on POWER (in lowest common denominator fashion). And IBM hardware is deservedly respected for its quality, and these are server-class machines (unlike, say, a PowerPC 604-based Macintosh). So the buyer did very well, IMHO.
"...And he sang as he laughed as he carted off the server rack - you'll come a-waltzing Matilda with me!"
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Debian runs on CHRP systems, so the E20 would make a pretty good Debian Linux system.
I've only used the free demo but its a great floppy. And it runs FreeDOS too.
You have to ask that question? No matter where I have worked upper management always gets high end computers that they will never use, and at the same time the person that needs the system gets a system that is rather underpowered for what he/she needs.
-Qua
1:Buy decommisioned high-level government servers.
2:Find confidential data on said servers.
3:Sell said information to interested parties
4:??????
5:Profit!
"Sure there's porn and piracy on the Web but there's probably a downside too."
... is the more likely scenario - that, for every one of these incidents that are reported, there are 10 that are not.
I use :-)
It's free, and it works. There are several different types of disk wiping schemes.
He has both a floppy and an iso version.
Mac OS X has a secure disk formatting tool (and secure empty trash) included. I think its based on this . Its very, very slow but it would seem that it's almost impossible to recover the data after it is used.
No doubt. Everyone in Canada knows it's Guvernment.
I8-D
This is the kind of thing that would make people in the U.S. very paranoid. A few years ago Americans were really worried about having their medical records stored electronically. It took a lot of convincing to make people understand that it was much better for them if doctors could easily access their medical history. People still aren't convinced, and so the whole online medical history access idea didn't really catch on.
Is it just me, or does anyone else think that the situation in the article would have produced outrage if it happened in the U.S.?
I use Darik's Boot and Nuke :-)
It's free, and it works. There are several different types of disk wiping schemes.
He has both a floppy and an iso version.
Granted, that works on Linux, not AIX. It's been long enough since I admined AIX that I can't remember how to determine all partitions. More importantly, it probably wouldn't fit on the subject line (which was the purpose of this post).
In any case, the point is it's still a (short) one-liner to clean the disks if you know the partition names. If those were Intel boxes, you could have booted off of Knoppix, and run the subject line. Even for RS/6000 boxes, it should be possible to find a Linux boot CD. That's really all you should need.
And various people have free disk-erase boot CDs/floppies. What more do you really want? Stick in floppy, boot, go for lunch. Job done.
Free Software: Like love, it grows best when given away.
too bad you suck in sports too !
A recent Background Briefing program told the story.
Patients don't even need to Opt-In... There's a sign - on the wall, in the waiting room, that
suggests that the data is to be used for "Research"
(the program made it sound like is was -marketing- research, NOT -medical- research!
Still, the patients needed to Opt-OUT...!
Q: Is the Gutmann method the best method?
A: No.
Most of the passes in the Gutmann wipe are designed to flip the bits in MFM/RLL encoded disks, which is an encoding that modern hard disks do not use.
In a followup to his paper, Gutmann said that it is unnecessary to run those passes because you cannot be reasonably certain about how a modern hard disk stores data on the platter. If the encoding is unknown, then writing random patterns is your best strategy.
In particular, Gutmann says that "in the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data... For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do".
In other words, DBAN doesn't work for modern hard drives. It's as good as random scrubbing. Which is not that effective anyway.
Oh, Background Briefing is a reputable
current events radio program on the ABC's
(domestic) Radio National network.
Freedom of Information laws in Australia are VERY dim...
A very recent (like this past week) Law Report
(another fine radio program on the ABC's domestic
Radio National network) covered an on-going case,
in which The Australian newspaper (or was it another one?)
has been seeking some non-controvertial info -
from Treasury - that several years old and related to
First Buyer's Grant (ie, for home buyers).
In that case, the Treasurer used his ministerial powers to (simply) -declare- the sought-after documents "Subject to "
It's up to the highest court in the land to decide
whether - for such info, as was requested here -
such ministerial "edicts" are to be deemed sufficient to keep files closed,
ie, before a court has ruled.
So, normally, gov't data - at least when thought
capable of embarrassing the gov't - is quite confidential & very hard to acquire
by those outside of gov't!
Funny, it was the opposite in the NASA division where I worked. My second level supervisor has a computer that was the oldest and slowest of the bunch - a 5-6 years old triple hand-me down with a 15" monitor. His secretary was one step better, maybe 4 years old, same monitor. My boss had a 17" monitor and a 2-3 year old ocmputer. The cad guys all sat in front of 21" monitors (this is early 90s, btw) on brand new intel processors - some dual ppros.
Then again, we got real work done in that branch. (And it was the cad guys and working engineers closed their doors, turned off the lights and fragged the hell out of one another for an hour, instead of eating lunch on Fridays.)
Is it just my observation, or are there way too many stupid people in the world?
"Your task is even harder if you have a hard drive that ceased operating. There exists companies like http://www.kurt.hu/ [www.kurt.hu] that have state of the art technology to retrieve data from damaged hard drives. If you need your data: good for you. If you'd like to get rid of it for sure: better take good care of it..."
Anyone else run into the situation where a drive dies during the warranty period and they want the old drive back when supplying the replacement... and the drive was in a laywers office where there is some thought of privilege between the clients and the firm? Or some similar situation like doctors, etc. (Hint - don't give up the old drive.)
all the best,
drew
FreeMusicPush If you want to see more Free Music made, listen to Free
Why, oh why, is this considered "news?"
-- I am. Therefore, I think!
Yes, we have an informal class system here. For example, anyone with a brim on their hat wider than the tip of their nose should be held up to ridicule by city dwellers, unless a foreigner is around, then they should be emulated to make you appear more manly and less of a metrosexual girlyman (go arnie). ;)
About the only classless place I've been to in Australia is the Crown Casino in Melbourne. You can get in there in trakky daks.
-- Howto: Get +5 (1) Whine about M$ (2) Namedrop Gentoo (3) Casually Abuse Mods (4) Namedrop Early Computer Model
Where I used to work for the government we would put a high power magnet on the HD and then pull out the discs and then smash them.
"God fights on the side with the best artillery." - Napoleon, Marshal of France - speaking truth to power
I am surprised that they don't sell them without the drives and woodchip them. That is what any sane organization does that wants to make sure this situation doesn't happen.
Census is supposed to be head count only for a reason. Our founding fathers knew the dangers of the governemt keeping data on the people.
It seems like alot of people here have no idea how to erase a hard drive. If you are worried about your personal data being recovered, reformatting doesn't cut it.
A bit of info: when you delete a file from your computer, the file still remains on the hard drive. Your OS is simply deleting the reference to the file from the file table. Any amateur could easily recover the file, even after a FAT or NTFS formatting.
The simplest way is Darik's Boot and Nuke, aka DBAN. The name says it all. Boot up DBAN, and it will nuke every hard drive it sees.
There are other tools you can use, I am too lazy to look them up for you, but a quick search on sourceforge should yield you some file erasing tools. Many tools will offer you different levels of protection, all the way up to the standards that the Department of Defense uses.
> we were authorized to give away outdated equipment to schools,
> they made us do a multiple-pass low-level format on each
> and every HDD that left the building.
Maybe they were afraid of pr0n leaking into the schools from the upper-management PC's.
And maybe that's what those high-end graphics cards were for.
all your bus (data) belong to us!
bad_outlook
--
Is this vague enough for you?
Actually, I think most American's would refer to a one off event as a "holiday" as well. We also take Mondays off if a national holiday falls on the weekend (at least government agencies do). Now, if it's Christmas time and you have a week off and you go somewhere fun and exciting it would be referred to as a vacation, but Christmas itself is called a holiday. Another example. Independence Day (July 4th) is a holiday that for most school children comes during their summer vacation as opposed to their summer holiday. Hope this clears things up.
Why do we always take potshots at Govt? Yes the buses & train systems have their problems but let's call a spade a spade. This is nothing more than a lazy sysadmin & his/her lazy boss not doing their respective jobs properly. Too often I see IT staff taking the easy way out rather than Doing Their Jobs Properly. Yes sometimes its crap work but you have to take the good with the bad. Thank goodness that for every useless sysadmin there are 2 great ones carrying him! The real tragedy here is that the manager will probably "spin" the situation making him look good for firing/disciplining a subordinate...
Comment removed based on user account deletion
...is still running AIX operationally in mission-critical areas. In the middle of switching to RedHat.
Being funny is my sig nature.
conclusions, the govt. was only testing the computer literacy of Aussies, and chking if they were ethical enough to mention about the mistake..
Data can be retrieved from drives for at least a couple of generations, if you have the tools.
I recall sending a dead drive off for data recovery, and the company (Disk Doctor, in western australia) calling me back and asking "which o/s do you want?". Apparently they were able to see at least 3 different O/S installations on the disk...
To be sure, you need to write crap over the disk several times...
smash.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
If it was me there was a perfectly good 200 ton hydraulic press that could have been used in the same place, a small heat treatment furnace to get all the data off that drive by going beyond the curie temperature, a large array of machine tools and an impact testing rig.
:)
Shouldn't you save that for situations that really require it? I.e. dealing with LUSERS?
putting the 'B' in LGBTQ+
City gov't != US gov't
If you are concerned about the data on your drives, then you shouldn't let them be used again, ever.
There are way to many processes for gaps to occur. Your techs could forget to wipe a drive, or a drive could fail, and not show up at all.
Never let drives out of your premesis, if there ever was any data on then that you are concerned about getting into the wrong hands. Degauss them at least, then store them. Look into shredding solutions where the drives wouldn't be usable at all.
It really depends on what kind of data you are storing, but in the case of US export controlled data, even reporting exposure of the data to a foreign party could cost millions of dollars in fines alone. That doesn't even get into how much the IP or data was worth, and how much time you have to spend correcting the session.
Wu-Tang said it best. Protect your neck.
v4sw6PU$hw6ln6pr4F$ck 4/6$ma3+6u7LNS$w2m4l7U$i2e4+7en6a2X h
You could probably make a living selling data snarfed from used disks/tapes off ebay.
I picked up some "blank" used DLT tapes from ebay. These "blanks" contained a filesystem backup for the online store of a multibillion dollar corporation.
Why get so worried about personal data being stolen by l337 h4x0rz through the intarweb? All they need to do is buy a bunch of used media off ebay -- much easier.
I used to work for city government here in SoCal, USA.
Which city in Southern California does the US government run?
-h-
Um, that's not secure in the least. Change /dev/zero to /dev/urandom and do it about 6 or 7 times consecutively to securely wipe your drives (and it should be sufficient to do just hdx without worrying about the partition number).
FC Closer
One of the major banks decomissioned servers which eventually wound up on ebay. The person who bought them discovered that all data was still intact.
I use Macs to up my productivity, so up yours Microsoft!
Why is there 2 pop cans in the computer lab? Do you know better never bring drinks into labs? Maybe you should take CS 101 instead Security 101?
You'll never see this anyhow. Why did you click?
Seriously, putt a little thought into what is actually required to read data off of a hard drive that has been Properly overwritten. The parent's link makes the point that not only would the new random data obscure the deleted files, but the files written previously would do the same. If you're going to infer previous drive contents based on slight shifts in the magnetics of the drive, you have to realize that every use of the drive in the past has created the same shifts. Obviously there are areas that are more used than others but I would be perfectly happy with one complete overwrite of a drive that I'd been using for a few years previously.
Think of it this way: You can certainly track someone across a beach that few people have walked across, but if you expect that you can track me across Venice Beach a week after I go for a swim, you're nuts.
http://www.andashdesigns.com/
Anyway, I always remember to uh, wipe first. Yeah.
Fortunately he was an honest man and didn't sell the list, rather he contacted the DoJ and DoJ contacted DISCO to help get their shit together. The instructor was making the point that when you surplus equipment that you really need to make sure that you wipe the drives and any other storage media. His bias was that the easiest way to do this was to physically remove and destroy the media because you could never really be sure if a wipe program had worked (well you could go over the drive to make sure that it had been erased, but who's going to do this?).
When I don't want to physically destroy a drive but want to make sure that it's gone I either wipe it with a low-level hardware format utility such as the one built into Adaptec SCSI cards, or I use a program such as autoclave by Josh Larios (which he isn't supporting any more outside of the University of Washington community) although now I guess I'll have to try the recommended replacement Darik's Boot and Nuke. A side benefit of programs such as this one is that they really exercise the Hell out of your disks, which is great to smoke out any potential failures.
cheap labor conservatives - they want to keep you hungry enough to be thankful for minimum wage.
I dunno if it is still the case, but the US federal government used to sell off scrap systems by the palette via a warehouse. We purchased some stuff through a junkyard that bought truckloads of them and the systems still had everything on them. Even worse, this junkyard sold off a palette of laptops that previously belonged to the US Army to a guy who was shipping them back to china. I'd guess that they weren't all wiped either though I didn't get an opportunity to look for myself.
The problem might have been the beach reference. He didn't speak to the crowd. To fill you in: http://en.wikipedia.org/wiki/Venice_Beach
We we turfed our old storage system, arranging a recognised "Certificate of Desttruction" was mandatory before I could let the disks and tapes out of the building. OTOH, most of government ICT is now outsourced here in Australia, so maybe the provider was cutting corners.
The agencies that handle lots of personal or sensitive data (the tax office, Medicare, Statistics, Defence etc.) have much stronger policies. For example, surplus PCs from these groups will be sold without drives. Lower risk areas can just scrib drives if there is a low risk of sensitive information being on the HD.
Xix.
"Everything is adjustable, provided you have the right tools"
ice pick + 12M HCl
Snowden and Manning are heroes.
Do that, and anyone can recover 100% of the data on that drive using any data recovery tool. People have been known to buy used PCs and hard drives specifically for the purpose of data mining. The drive needs to be overwritten with random data, preferably multiple times.
I just use them 'till they die, then destroy the platters.
I used to work for city government here in SoCal, USA. In contrast to our Aussie friends, they were super paranoid about data leakage.
This does not, in any way, reflect on "Aussies" or their awareness of the importance of media sanitization.
When there was actually a situation where the red tape was momentarily pierced and we were authorized to give away outdated equipment to schools, they made us do a multiple-pass low-level format on each and every HDD that left the building.
Are you sure you were "low level" formatting those drives? That is a term that gets used often when it should not. Modern IDE drives cannot be low level formatted outside the factory and this has been the case for many years. A true low level format actually re-writes tracks, aligning them again as it goes.
"all modern hard disks are low-level formatted at the factory for the life of the drive. There's no way for the PC to do an LLF on a modern IDE/ATA or SCSI hard disk, and there's no reason to try to do so."
Unfortunately, this term has become so misused, that even hard drive manufacturers are now providing zero-fill utilities labeled as low-level-format utilities.
I have worked for the Australian Government in sanitizing machines prior to them being decommisioned. Luckily, I am a contractor who takes his contracts, customers and their needs seriously and I did not have anything to do with this case. I don't think this reflects on Australia in any way. I'm sure I could dig up similar stories regarding US or UK blunders.
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
-AT
Working in a DevOps shop is like playing in a band made up entirely of keytarists.
I can see how what I wrote might seem to have come off as defensive, but really I just wanted to make sure people don't think this is typical of us or even our government.
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
Nontheless, it's far better than just shipping the drive out the door without doing anything, and it'll at least deter the casual purchaser who wants to know if anybody left something on the (( Presumably anonymous )) drives they bought. if you're expecting that somebody is going to want to read the data on the drives,
If you've got really important stuff on the drive, then yes, you should (1) read from /dev/urandom, and (2), put it in an infinite loop and let it run for a few days.
happy now?The extra electricity will cost you a full $0.20 and save a lot of headache.
Free Software: Like love, it grows best when given away.
There is little doubt that a single overwrite with zeroes (or whatever) is enough to totally stymie anyone who isn't prepared to shell out a swodge of cash to use special hardware. There is considerable uncertainty about just how much cash is required to achieve particular results, but there is, again, widespread agreement that whatever can be achieved, each additional random overwrite makes it much harder to do (probably exponentially so). And multiple cryptographic overwrites are pretty cheap, so why not do them and be safe. True, doing a whole modern disk is slow enough to be rather tedious if you sit there watching it; so don't do that! Leave it running overnight instead.
In case anyone is interested, here is what we did when I worked in the IT section of a small police department. We created a bootable DOS floppy image, which had on it a batch file, and a low level disc overwriter. We made a couple of dozen of these. The floppies were labelled with a skull-and-crossbones. When a machine was booted with this floppy, it gave a last chance to back out, issued "format /u" to unmark bad sectors (so the overwriter would try to write to them, and maybe succeed once or twice), and did multiple cryptographicly random overwrites until told to stop. When a ba
Nice to know you are gullible enough to believe a story about this.
When you buy a clue or two, you will realise that the data "shown" on the website is actually quite useless and doesn't affect anything at all.
Click the link and you land on the guy's homepage. Click through to "News" from there and under "Data Security 101" is the message: What you seek is no longer here, it was once but is not anymore. Soo... Did anyone save a copy?
http://geoffreyhuntley.nyud.net:8090/news/data-sec urity-101/
You have a sick, twisted mind. Please subscribe me to your newsletter.