Slashdot Mirror
Data Still Left on Storage Devices for Sale
cluedweasel writes "According to a BBC story many people are still putting up their old PC's and storage devices for sale without taking basic precautions to ensure that confidential data is erased. The suggestion at the end of the story is to get a professional forensics firm to wipe your data or just destroy the item in question. With the low price of storage devices, the latter is probably preferable."
I always hate having to send in my hard drive for warranty repair. Years ago, I watched a friend recover information from a newly arrived warranty repaired drive. If the drive is dead and has to be sent into for warranty service, make sure one of those super powerful magnets from another drives is put around all over the hard drive case. Don't, know if that will wipe anything but I don't expect the manufacturer to ensure my data is secure.
That said I used eraser every night.
I've found some interesting stuff on hard drives purchased second hand including tax forms from apparently a CPA, medical records, patent applications, and most interestingly, a fair bit of data that I will not talk about on a NeXT cube off eBay that was originally purchased from a government auction. I was surprised as it was the only cube I had seen with it's hard drive intact. (All hard drives were erased or physically destroyed, because I am a nice guy).
The interesting thing is that protocols for the destruction of data have existed for magnetic media since before the hard drive. With the advent of the hard drive and higher density media, other protocols have come into place, but the solution is not a technical one. It is the hardest of all solutions...... Behavioral change.
Visit Jonesblog and say hello.
Darik's Boot and Nuke. Cheap, efficient, portable. Worst thing that happened using it was cleaning a PC so old its CD-ROM drivers weren't in firmware, so I had to download a boot disk off the net to reinstall them.
"Made up/misattributed quote that makes me look smart. I am on
On the other hand, I always thought it was a good bonus for the custom when I sell a hard drive on eBay with my mp3 and pr0n collection still intact.
Then again... they probaby would see the reiserfs partition as "Unknown" in the Windows installer.
Microsoft and the BSA don't want people having access to the software products left on hard drives. Even if the original owner is no longer using it and has thrown out the original media.
OR... you can give them to me :)
Actually, check if local schools or other non-profit organisations take old hardware donations. I know some people would find even old computers useful, unfortunate as it is.
...with something like Darik's Boot & Nuke
Would be to disgard all used storage devices in a black hole. One could possibly snoop the emitted hawking radiation, but by then you will propably have changed bank accounts.
I once received about 30 10GB hard disks from the US Army that were tossed in a collection bin (and someone called me to say they were there) which were not wiped and had a fair bit of info on them. Not talking National Secrets, but info that could have been used to cause problems, none the less.
By far the worst, however, was a batch of 15 PIII computers I recovered from the INS. Not only had they not been wiped, but all programs and files were fuctional. Talking about Social Security numbers, Green Card information, and on and on. It was terrible.
Of course, I do the right thing and both wipe and low-level format these before donating on to charity - but it still amazes me what info is given away.
Both of these cases were 1 year+ after 9/11 too. People don't change.
DAMN YOU OCTODOG! DAMN YOU TO HELL!
The best way to destroy data on drives is to have fun in the process.
On labor day weekend, my friend's family and I went out and used old hard drives for target practice. I'll try to post pics soon.
tasks(723) drafts(105) languages(484) examples(29106)
Here at the university I work at we're required to format drives 10 times with random bits. I guess it's a regulation for all state-run or state-funded facilities.
>> "Wheel, fire invented!"
No, that was before the printing press was invented.
http://dban.sourceforge.net/
Set that up for 27 wipes and you're set.
"TK-421, why aren't you at your post?"
1) Write all 1s then 0s to the drive, repeat 5x.
2) Use acetylene torch and reduce drive to slag.
3) Encase slag in concrete.
4)Drop concrete in Marianas trench.
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
(for unmounted drives)
/dev/random if you've got the time and paranoia.
dd if=/dev/zero of=/dev/hdb bs=16384
Or, use
Care about electronic freedom? Consider donating to the EFF!
In my own experience, I have found a single round from a .44 Magnum to be far more effective than 5 rounds of buck shot from a 12 guage. The 5th round eventually powdered the glass platters.
My method? 3 passes and drill a hole thru the drive.
Face it, do something enough times, and it can cause problems.
And many don't have the tools - or if they have them, are unaware that the tools are capable of doing this.
...
I find a large sledgehammer used repeatedly does a fairly good job of handling data getting into the wrong hands, mind you
-- Tigger warning: This post may contain tiggers! --
had to take a sledgehammer to a hard drive after running a huge magnet over it. He said it was hard! Those things were buit so well at the time. But even then, if the platter itself was still in good condition, I guess someone could still get something off of it. What was on it? Some old code for one their OSes at the time.
Evil people don't think they're evil. - George Lucas, Making of Ep III
People around here upgrade there computers a lot (and by upgrade I mean throw out the old one and buy a new one) so I see a lot of old computers on the streets. I usually take them to see what I can salvage and almost 90% of the time there's data left on the drive.
The interesting thing is, my aunt who is beyond computer illiterate, had me come over and wipe her hard drives clean before she got rid of her old computers. I guess if you're someone used to destroying paper bills and information before you throw it out, you'll understand that it's important to destroy information on a computer before you throw it out as well.
For any who wish to avoid such "Data Dangers", I've been using Boot & Nuke (http://dban.sourceforge.net/) for some time now. It's pretty easy to use and supposedly reaches DoD levels of secure delete. All used hard drives my shop sells get a dban scrubbing before they leave.
I don't know if there's a Windows equivalent, but whenever I sell an old Mac, I use the Disk Tool program, and select "Zero All Data", which supposedly flips all the bits on the HD to 0. After that, I'll do a clean install of the default OS version that came with the computer.
Taking guns away from the 99% gives the 1% 100% of the power.
I wonder if they auction them off too?
Evil people don't think they're evil. - George Lucas, Making of Ep III
I wipe all my drives with both Windex and Formula 409 before disposing of them yet my identity still gets stolen. Good thing I only I have a Visa Lead card.
A simple Troll, born of Rock and Fire, leaving in the basement of my parents volcano and typing on an asbestos keyboard.
professional forensics firm to erase your hard drives? really?
how do I market myself as this and sell that service to people? sounds like a great article to whip up some Fear frenzy that we geeks can make good money on.
"Yup, I can safely eradicate your data and wipe that drive, no it's not easy, but that is why it costs $100.00.
thank you, no we dont accept personal checks."
adding that to my spyware cleaning racket and I can quit my job as a web programmer/IS manager.
This rocks, any way to get CNN to stir it up as well to help the fear factor in the general public?
Do not look at laser with remaining good eye.
format c:
how hard is that?
Unfortunately nothing other than DNS records and a few applications licensed to the USPTO were on the disk. I just always wondered what happened to the rest of their off lease hardware, I mean there has GOT to be some confidential stuff there.
Ohhh! Pay Dirt! A pair of half-eaten choco-pants!
It seems like every 2-3 months we get an identical story. This isn't new, and I expect it will still happen for quite a long time still.
Your hair look like poop, Bob! - Wanker.
Actually, check if local schools or other non-profit organisations take old hardware donations.
My mother is the computer teacher at a local gradeschool. She HATES when people say they have a computer to give her. Invariably, it's some 7-year-old PC that runs Win95 or some old Mac that just doesn't fit in with her network.
Students and teachers in schools want crappy computers as much as you do. (This being Slashdot, probably less than you do.)
If you can find someone that genuinely wants the machine because they collect them or because they're a budding nerd, fine. But don't dump these pieces of junk on some organization that will then have a huge collection of PCs that are all unalike. If you're lucky, you live near a place like SWACO that has periodic computer recycling drives. Drop the machines off and they go someplace to be disposed of properly (we hope).
Withdrawal before climax is very ineffective and those who try this are usually called "parents."
Unless it's defective or otherwise damaged, there's no reason to destroy a hard drive -- however low the cost may be for a replacement.
Make wind chimes if you must. Hard drives shouldn't be treated like a disposable commodity.
5) Ship via US Postal Service
The world's burning. Moped Jesus spotted on I50. Details at 11.
Two or three consecutive low-level formats followed by a re-partioning with massive random data files would probably do the trick.
I can understand selling a computer system.. but with the drive still in it? Are they mad? Save the drive! You'll *need* the space, plus you get to keep what you had on it anyway! If you need more space, you buy a new, bigger drive (and maybe a system around it), and put the old one in the system. Then, at least if you do ever decide to part with the drive, you've moved your files off it and reformatted it anyway.
Or you fragged the drive, in which case you can only sell it as a paperweight.
Yes, we understand these tags always apply: fud, dupe, typo, slashdotted, topic name
A couple of years ago, we had to buy a PC with Windows/95 on it because a speech therapist had a program for my daughter that only ran on Win/95.
We were able to find a PC that had just turned in to a local "Cash Converters" and the OS had not yet been wiped/updated and got it for $50. We did try the PC before leaving the store but did not hook up a set of speakers.
When we got home, we discovered that the previous owner of the PC was an affectionado of Jamacian S&M. The first time I turned it on, the PC started up with somebody screaming "Hurt me Mon!" and every mouse click produced a woman's scream.
I was able to reset the default sounds on the PC and delete the thousands of jpegs of bondage pictures, but my daughter (who was 8 at the time) was pretty much traumatized and refused to work on the PC until I could demonstrate it wouldn't make the "scary screams" any more.
We were able to run the speech therapy program, but my daughter never did trust that PC and made me sell it when the therapy was finished.
myke
Mimetics Inc. Twitter
A Romanian SAR-1 does a great job!
A shot or two will penetrate all the platters and leave them a twisted mess.
A lot of people, when disposing of a computer, want to keep the OS and the applications installed because they're giving it to a relative or friend or something like that If that's the case, something like Derek's Boot and Nuke obviously isn't appropriate. There are, however many tools out there that help you clean up a windows machine such as Eraserto wipe data and CCleaner to clear out temp junk.
Best Windows Freeware
Hasn't this story been run a few dozen times before? http://yro.slashdot.org/article.pl?sid=05/07/31/06 18205&tid=158&tid=198&tid=172&tid=218
This isn't exactly rocket science, but maybe companies like Dell and other PC sellers should include a free disk scrubbing utility when they send out a replacement HD.
Lord knows, Dell didn't even bother sending out an extra ATA cable. When my wife's new PC had it's 250GB HD die, I had to buy another cable to copy the resurrected data to the new HD. Then, I had to find a decent HD scrubber to clean the old one, since it had our info from Quicken and probably cache related stuff to online banking, etc.
Hmmm, maybe I should do a recovery on that new HD they sent us... Nah, not worth the effort.
I raised this issue with the manufacturer of my USB key, after it ceased to communicate. I was offered a brand-new one upon receipt of the old one, but had no way to clear the data (a CVS tree of our product). The tech said any obvious, physical damage (i.e smashing with a hammer) would void the replacement guarantee.
Apparently, a few seconds in the microwave does not qualify as obvious, physical damage.
If you are using Windows, then you have to have Eraser.
Click here or a puppy gets stomped!
Is it just me, or is it getting rather bizarre around here lately, with what passes for breaking news? Editors, please don't forget we are /. for cripes sake! We are the movers, we are the leading bleeding edgers, we know things. Please, please start editing again, and stop releasing crap!
You forgot the most important steps!
6) ???
7) Profit!
I should also point out that I don't doubt any individual's account- I just don't know that I trust the whole population. Just a thought...
If brevity is the soul of wit, then how does one explain Twitter?
I specialize in computer demolition. I have always been a pyro and I have always had a fascination with blowing things up. With computer security becoming an issue, and some lessons learned from the arrests, I have turned my talents towards something more constructively destructive.
For $200, I will use shaped charges and implode and obliterate your computer. I also sometimes opt to run computers over with one of my various broken-down cars.
[Disclaimer: This is a joke (attempt). While like to watch explosions on TV from time to time, I've never blown anything up myself, and I've never been arrested. And it's my cousin who owns all the broken-down cars.]
I intentionally did not wipe my old computer's drive before I gave it away. There were some neat old games on there that don't work on "modern" operating systems, and if some wanted to recover the documents folder and read my old homework assignments, so what?
Facts do not cease to exist because they are ignored.
I tried to recover the date using some freeware/shareware data recovery tools found on download.com at the time. Could not get any to work. But the DOD 27 pass took FOREVER. I gave up and used my dads acetylene torch. Worked quite nicely...
I agree. I once got ahold of 6 PIII from a local law firm (64 ram, 10 gig harddrives). I wiped (military standard) the drives, and combined the hardware into 3 desktop units running debian (128 ram, 2x10 gig drives).
They are all happily being used as email/browsing computers.
5000 Degrees and I can PROMISE no data will survive.
Thermite can be purchased for 60$ US Per 10 Lb from most pyrotechnic suppliers in the US (Also see special Effects and Welding)
Muratic acid left to sit a few days will do the trick too ($5 US at any HW store).
I once read an NSA document that recomended using a disk sander. Of course they had in mind large removable discs.
Objective: destroying data.
Needed: 1 nuclear warhead, 1 detonator with long wire, 1 pair of running shoes.
All drives should really be encrypted, whether they are transportable or not. If they are server drives, then the key can be physical (like a USB stick) that is left in place until the drive/machine needs repairs.
Some recent motherboards have the right idea: they come with an encryption key (a physical object) that you plug into the motherboard for encrypting the disks completely without OS intervention as far as I can tell.
Let's hope that kind of feature becomes standard on all motherboards.
Tell your friends that you will take care of their old boxes. Bring a Mepis or Damn Small Linux CD with you and blow away their hard drive. Show them how easy it is to give a new virus-free life to that old box. If they don't want that old box after it is Mepisized, put it up for give-away on Craigslist or DIYparts.org. People have a much easier time understanding how good open source software is when they see it in action.
Taking a sledgehammer to the box might be more fun, but then that box is headed for the landfill, where the metals in it will leach into the water table. Ick.
DIYparts.org is working to help the Katrina victims, so rather than have the box go into landfill, it can go to somewhone who needs it if you list it on DIYparts.org. DIYparts.org is free as in beer.
As far as the military, there is a very detailed plan for decommissioning computer equipment that contained classified data, whether that equipment will be destroyed, auctioned, or donated. Hard drives are opened and the platters are physically destroyed with sandpaper or other abrasive substances and even monitors are degaussed with a heavy magnet and shattered if burn-in is an issue.
Other government agencies aren't held to the same standards, but the odds of national security secrets going out on a trashed drive are pretty close to nil.
HDDs are down to about 50cents for 1GB and USB drives are also getting cheaper. It's safer to keep the drive and sell the rest if you want to make up some of the cost of new hardware. If you sell a PC with hdd and software there are probably some legal/license/EULA violations you could be held liable for, probably won't but there's a chance. Even the older slower lower capacity drives can still be put in another PC or external case and used for backups, there's nothing wrong with using all your IDE slots, cd-r/dvd-r and 3hdds. The 2.5GB hdd of my family's first PC is in a closet and the first hdd, a 60gb, from my current PC now having 2x200GB drives, before upgrades, is now in an external case being used for backups. As for flash memory cards&drives, my half dozen old ones are at home sitting in a box in the back of a desk drawer. If you have older/unused PC hardware and you want to make use of ebay, sell it without the hdd, the worst that can happen is someone doesn't read all the description and complains and leaves bad feesback, and you reply with "try reading the description" or take it appart and sell it as parts.
If you're going to buy storage, consider it a loss unless you can find another use for it.
Hard drives are like underwear, better if they're only used by one person, then burned and thrown out.
F7 doesn't work, ignore spelling and grammar
My girlfriend's sister bought a Dell refurb a few years back. It came complete with the previous owner's files, porn, etc.
Thanks, Dell!
(yes, nuked the drive, installed anti-virus, etc)
"used old hard drives for target practice"
.30 caliber holes data recovery becomes much more difficult. ;-)
With the high density drives that we have today, the info can still be recovered. Not by your average computer user, but there ARE companies around that can re-mount the platters in special drives and recover the bits.
Well maybe if you were using pistols or shotguns. My friends and I tended to use rifles at 100 yards. When a platter has multiple
They can even recover a failed drive from a striped array, if you supply them with all the other drives in the array.
What is so special about that, that's how RAID is supposed to work? Remove failed drive, insert replacement, wait, data regenerated.
You are correct. Format C: only gives a false sense of security. As stated elsewhere, a drive needs to be rewritten with random data preferably a few times. And even this isn't good enough for the paranoid.
http://www.symantec.com/ Norton Systemworks 2003 came with Wipeinfo, which claims to permanently remove files from your hard drive. You can also use a "government wipe" which conforms to a DoD document on industrial security.
.doc and .xls files in My Documents, are protected. Windows Me/XP System Restore maintains copies of protected files. Wiping the original file does not wipe the copy that Windows Me/XP System Restore maintains.
From the help file:
Wipe Info erases files or folders from your hard disk so that they cannot be recovered. On Windows 98/Me, Wipe Info also wipes the free space on your hard disk.
When you wipe a file, Wipe Info wipes the file and attempts to wipe any free space associated with the file and the file's directory entry.
When you wipe a folder, Wipe Info wipes all of the files in the folder, and then, if the folder is empty, it attempts to wipe the directory entry for the folder.
When you wipe free space in Windows 98/Me, Wipe Info wipes the free drive space, free file space, and erased file entries.
In general, you cannot recover files that have been wiped. Windows Me/XP System Restore can restore files that have been wiped if they are one of the protected file types. By default, many document types, such as
Wipe Info eliminates a file's contents from the disk, but does not remove the file name. While the file name remains on disk, it is no longer visible in Windows Explorer, and there is no data stored with it. On NTFS volumes, streams (alternate data that belongs to a file but is not stored with the file) are also wiped.
6) Bury is soft peat for 3 months
7) Recycle as fire lighters
0. Backup
(In the military tradition of "Shred this, but make a copy first.")
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
It's now running OpenBSD as a stand in for a friend's (dead) router, and will soon be passed on to my mother as an upgrade to the P3 550 she's currently using.
I am TheRaven on Soylent News
In ten years I've never sold any storage device I've owned.
Actually if you include the tapes I made in my tape drive of my Atari 600XL it would be about 20+ years.
Actually, the best kept secret is that the best way to keep something secret is not commit it to any storage medium outside of your head.
Your tip is the second best kept secret.
The third is the use of cryptographic file systems.
I had 3 or 4 old hard drives around, from 2GB to 30GB in capacity. I just put them in a contractor's bag one at a time, and hammered them down into pieces. Someone would have to want the data pretty bad to get it back after that.
We are the dupe posters. The grammar and spelling botchers. We are the ad sellers. We have sold out.
digg.com. Just do it.
I felt a disturbance in the info... as if billions of bits had cried in randomness, and then were suddenly erased.
I guy at work just picked one up from the curb, and it had all of the previous owners info still on it. Resume's, banking info, the works.
Even a simple format would have saved that info, as this was not an IT worker that would try to get the data back, or could even get the data back. A simple trip to the local pc repair shop could have saved her her identity.
Remember folks, not all people are honest, many of them just lacked the opportunity.
Remember, when you get a drive on ebay look it over and you should be able to calculate just how much money you can extract from the guy to sell it back. All you have to do is them him there are a lot of doggie pics on it a real lot of doggie pics.
http://www.dogbreedinfo.com/gallery.htm SFW
we have a DA that dumps his PC unerased (with some questionable content). So it not only seems to happen to consumers. P.S. There must be a In Soviet Russia joke DA get spied on joke somewher.
Read, refresh, repeat.
I work at a private K-12 school in the Baltimore area. We often order old parts from the NSA, since it's close by, they give them to us fairly cheaply, and they have nice stuff.
One time, we found a hard drive stuck in an old machine that wasn't supposed to have a hard drive. It wasn't empty.
Without looking at any of the data, we called our sales rep to let them know. There was a scary-looking (unmarked) van at our door in 45 minutes to pick it up.
If only we could all fix our mistakes so quickly...
"Time is an illusion.
Lunchtime doubly so."
-Douglas Adams
David Borowitz
I was in a similar situation recently when my laptop hard drive died. The manufacturer would only provide a replacement if I returned the original drive. I tried to argue that I couldn't do that, as it had all our company's source coude and NDA documents on it, but the hotline guy was intractable - new drives only for old.
I considered nuking it in the microwave, but I wasn't sure whether that wouldn't destroy the microwave, and not the drive. (or why else have I always heard that you shouldn't put metal objects into microwaves?)
So I unscrewed the drive and tried to remove the shiny, smooth platters. Unfortunately, I couldn't loosen the screw holding them down, so I tried to bend them by levering the screwdriver under the platter.
It was then that I learnt that the platters aren't some metal alloy, but a more brittle plastic and/or glass composite, as the sudden explosion of silvery shards, while looking very impressive, nearly blinded me. Once I knew what I was dealing with, however, I soon made short work of the rest of the platters. There's no way anyone's going to get information off them now!
I screwed the case together, and you couldn't tell it was empty; it still felt just as heavy as before. So exchanged my empty drive with the delivery guy for the new one.
I just hope the OEM to which the drive was returned doesn't try to run the drive in another laptop, or open it up, or is able to trace the drive back to me. That's probably wishful thinking, but no-one's crapped on me just yet, and here's hoping they never will...
Like any thing else it depends on ones paranoia factor ...
I seldom have old personal hard drives to dispose of that have any value. Being a bit of a pack rat I keep things past their useful lifetime. The last batch of hard drives I junked I think the biggest was 10 Gig. I just put them in the drill press and run a 3/8 drill bit through the whole thing about half way of the centerline of the spindle. I am going through another in house upgrade and will probably wind up with 3 or 4 80 gig drives in the junk box. They will probably just sit around in a drawer (with the 16 MB parity memory stick that I paid $500 for ) until I get over it and junk them also.
I have built systems for a few poor friends with old parts including drives from my junk box, I usually just format them and then copy an image onto it. These systems will probably get trashed from viruses / worms / mal-ware in a few months anyway. (Windows)
I had a drive die and sent it back to the manufacture. I just had to choose between my investment and the possibility of an intrusion of my personal privacy..I guess nothing is free.
DBAN does indeed work with SATA drives, at least with my few months old Dell.
I believe it was a fairly recently added feature at the time.
I used to get computers out of the dumpster form my HS. They made no effort to erase the drives. A couple of them had been used by the school psychiatrist to write reports on students that I went to school with. If I'm not mistaken that's supposed to be relatively confidential.
or just destroy the item in question
Nooo!!!
I worked as the technology re-use manager at a nonprofit organization whose mission was to get donated goodies, including computers (my responsibility), to small local charitable organizations. Our warehouse had pallet upon pallet of donated computers whose hard drives were removed as part of corporate donors' policies regarding data safety. Did we get those computers to community centers, adult education programs, inner city kids, etc? Heck no, we had to send them to the metal recycler for 2 cents per pound. Sure, per-storage unit hard drives are cheap but to get enough for a couple of hundred computers is a major expense. And yes, we applied to Maxtor, Seagate, IBM, HP and a couple of others to try to get them to donate hard drives but no dice.
The late-middle aged lady who wants to type and print the church newsletter has ABSOLUTELY no use for a computer without a hard drive and even less of an idea how to install one even if she did have budget to get one. Get a commercially available eraser program; there are plenty of titles and methods. Said church lady has NO IDEA how to extract prior data from a drive that was just plain formatted and a fresh Windows installation put on.
First we do a 6 pass writing 0's and 1's alternately, then a random character write. Once this is done, or if we can't do a drive wipe, we then run it 4 passes through our degausser. This degausser causes the drive to make some pretty noises while going through it. I can only imagine what's happening to the heads/platters. One of our techs learned the hard way that you remove ALL jewelry, watches, keys from your person before degaussing. His watch stopped working and had to be replaced. If it's a drive we are trying to replace under warranty, we then send it in. If it's denied because degauss destroyed it, we take it as a loss. We don't mind.
But why is the rum gone?
I'm curious as to how I might be able to tell that things are really "gone" off my hard drive.
Not so much for the "be sure before sending it to the computer parts recycling program so nobody swipes it" aspect, much more for the "unstable/mostly borked hard drive that had an accidental formatting done on it with some files I'd really like to get off there but don't want to pay a ton to have forensically removed".
Starkle, starkle, little twink.
How strong of a magnet are talking about??? It's actually quite easy to get strong magnets. The irony is that they are in every single hard drive. So yeah if you do ever take apart your hard drive remember to get those neodymium magnets. They are expensive as hell and are really fun to play with.
Ooo man the floppy drive is broken. No wait. The computer is just upside down.
"The suggestion at the end of the story is to get a professional forensics firm to wipe your data or just destroy the item in question."
All mine were IBM DeathStars.
http://diskzapper.com/
Ten pass high security erase (not DoD compliant, but very good), linux based, on either floppy or CD boot. I've been using it for a couple of years and keep copies around to give to friends at work for when they're selling PCs.
Make sure your friends realize that it wipes EVERYTHING, even partition and boot records, and the "restore" area that many manufacturers put on the drives these days.
Why do all this ? Because just one pass doesn't truly erase data, it's still recoverable with advanced hardware
The Raven
Yeah, that's what you did.
Favorite quote: "
Nothing leaves my hands without being disabled--CD's, DVD's, HD's, you name it. The simpler and more dramatic the data neutering process, the better, if only for therapeutic value.
If you go into security options from Disk Utility, there's a click box for "zero out all data", "7 times zero", and "35 times zero", depending on how sensitive your data is. It even warns you "this will take 35 times as long as a single erase.
This is where I get my recommended daily allowance of "Foot in Mouth."
Just ship it via UPS marked "Fragile"....
The physical destruction will be total.
...so get yerself a big glass or porcelain pot or container big enough to hold the drive completely submerged under liquid. After shooting your old hard drive full of holes at the range, take what's left of it and put it into the glass or porcelain container and cover completely with concentrated muriatic acid (hydrochloric acid) you can buy in the swimming pool section of Lowes/Home Depot/WalMart/etc. Wear proper eye and skin protection and don't let any of the liquid splash on you. In a short while, there won't be much left of the drive except for some black goo.
For extra credit, you can also try out a little bit of "Having Fun With Hydrogen".
That's a good point, and checking with another key wouldn't even help to determine this. You might manage to fry only the I/O circuits, while leaving the storage core intact. I don't know exactly how these devices work, but it's quite possible all the data could be recovered by a simple hardware swap of subcomponents.
I knew I forgot to erase something before tossing that disk! Now its all over the InterNet.
Anyone with minimal programming skill and a compiler can just write a small (less than 10 lines of code) to just start writing random characters to a file until the drive is full.
:P
I have seen it done many times in college. People did it with VB, C/C++, and even COBOL. But then in their cases I don't think it was intentional (ie. Infinate Loops in there file writing proceedures).
So anyways, just delete everything on the HD and then run one of these programs. Besides wiping out all of the data, you might even crash the hard drive pretty bad too.
DEAD DEAD DEAD DELETE ME
"The suggestion at the end of the story is to get a professional forensics firm to wipe your data or just destroy the item in question."
So are these the same "forensics experts" that were thwarted by the user using Firefox instead of Internet Explorer (previously mentioned on Slashdot).
I got a really good deal on an iMac from a church sale. Needless to say, the teenage daughter didn't erase her diary. Brian was a lucky guy.
Two ideas, actually...
Idea #1 - include a floppy-based "erase HD" tool with all new computer purchases. Yeah, kinda dangerous in the wrong hands. "What does this disk do? Ooops."
Idea #2 - get this same tool into the hands of charities and others that accept discard PCs and encourage them to use it.
Idea #3 - include a preloaded, industry-standard encryption-key USB dongle with new computers, and encrypt every drive to that key. When you give away the computer, keep the dongle. As a bonus, mom and dad can take away Jr.'s computer by taking away the dongle, and corporations can "lock up their computers" when not in use.
#2 is probably the most practical to impliment quickly.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
suggesting a professional forensics team can wipe your hd beyond anyones ability to read it is very poor. if they ARE pro's then they will just say, no, it can't be done. the only safe method of hd disposle is a blow thorch.period.no if's or buts.
If you mod me down, I will become more powerful than you can imagine....
No, it's not "Nuke it from orbit"
It's a good old fashioned sledge hammer.
The from orbit option sounds better, but I don't want to be on the watch list.
I am the unwilling control for my Origin.
once you open the case and break the airtight seal, how much damage does that do to the recovery?
and of course,
5a) Lable Shipping container as "Fragile!"
What are we going to do tonight Brain?
format /X C:
easy to do, ain't it ?
I'm still trying to figure out what people mean by 'social skills' here.
eom
...that the manufacturer of a USB pen drive will actually spend any effort to replace parts and repair one of these that's sent in defective do you?
At least not on one that's smaller than 2GB anyway. It's just not worth the labor. They throw them away after accounting for them on paper for the write-off and just keep making new ones on the assembly line. Just handling all the warranty return and accounting paperwork costs them too much already, so I seriously doubt they'd waste any more labour to try to repair a throwaway device.
6.) Put a JTS Corp. label on the drive
considering the amount of toxic crap already in our landfills, do we really need to destroy a drive? How many of us actually have data that is worth retrieving off a drive that has already been wiped? The "it doesn't cost much to just replace it" mentality is going to bite us in the ass eventually.
A Dutch attorney (Tonnino) once threw away a PC without erasing the data. Too bad for him, it had not only sensitive information, but some child porn as well. He should have used shred to destroy at least the evidence...
Well, from a short-term economic point of view, it's probably best to do as you say, and just trash the drive.
In the longer term, you really should let the drive be used (wiping it), or make sure you recycle it. But, even if you destroy it and recycle it, you're making less use of the energy resources used to create it. Meaning, suppose it took 1000 joules of energy (pulling a number out of my ass) to make and transport that drive, and you trash it after 3 years, when it could have run for 6, you've just reduced the efficiency of the use of that 1000 joules in half.
I know it doesn't seem like much, but as energy is starting to cost more, I think it's wise for people to consider the total cost of what they are doing.
I knw
USPS: When it absolutely, positively, has to be destroyed overnight.
Yes, I know this is from a Fedex advertisement.
Alternatively, replace USPS with your (least-) favorite carrier.
eom
I also bought a second hand computer, from an auction from a company that had gone into receivership, I got it home, turned it on, it wouldn't boot... I fiddled with the internals a bit and low and behold it booted and came up into Windows XP... well, I don't know the passwords, so I then just boot of a Knoppix Live CD and have free reign to look over the entire hard drive, of what turned out to be a PA's computer, complete with photos of the vehicle parts machine plants they were building right up until they went under...
The saddest part was looking through the 'Recent Documents' list.
Letter x, letter y for boss, travel iteneries etc... then... typing tests... job guides, and finally the resume...
So sad... I wiped it good and proper before I gave it to who it was intended.
This article about data left on storage devices is churned out by the tabloids least once a year, if not twice. Its one of there staple fjear factors they like to inflict upon joe public whilst trying to educate them. Despite the fact joe public cant remove a HD let alone sell it with all there bank account details on ebay.
Ironicly there are companies that will garantee to destroy all your data on your old HD's and I personaly would ove to make money from taking drill bits to discs.
Is anything good enough for the paranoid?
NO you will never satisfy some people.
Did a job today where a sysadmin has 2 hardware Firewalls back to back both doing NAT and the system does not even store any financial data.
I save up old disks that need to be "securely destroyed". When I've got a good stack, I go out to the range with the glock or ar-15 and fill 'em full of holes. Most of the time the platters shatter into itty bitty pieces. The ones with just a few pretty looking holes go back and sit on my desk at work.
Fun, thereputic, and effective
So would it piss you off if I told you my company (I work, not own) regularly "donated" computer stuff to avoid the recycling fees the city charged?
Now, we have a shared building and we dump it in the dumpster under the other companys' garbage.
Or just put it on the curb, some loser always grabs it.
(note, the city just this week lifted the fees so they will be properly recycled. but at $35 a pop, F the city landfill they can mine it for metals in 100 years)
I loved what the old DOD instruction said. It was something to this effect:
"In an approved facility (EG, one with cement floors) and wearing proper safety gear (EG, goggles and hearing protection) strike the hard drive repeatedly with a heavy object (EG, a sledgehammer) until it is totally crushed."
I still use that method of destruction today. Heck, the Marines love it when you tell them to take the hard drive out back and attack it with a pickax.
Andrew Borntreger
Champion of cinematic disasters
With a raid 5 array consisting of 2 data drives and one parity drive, what is the possibility of recovering data and/or images from one drive? Is it 1/2 of the stripe size, ie: 1/2 of an image or document if the entire document fits within the stripe size? Or 1/4 of an image or document if the entire document is twice the stripe size? Or is it impossible to recover anything due to the way raid 5 works?
Debating whether to warranty a drive with mission critical data on it, or just bite the cost of a new drive over the risk of the warranted drive being lost in transit or repaired and sold as used by the manufacturer.
you can get usb keys a lot cheaper than hard drives and CDR media is extremely cheap nowadays.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
Have you hugged your penguin today?
Don't use the DoD wipes or similar. Just use PRNG any modern hard drive. Modern as in one you could hook up to your IDE or SCSI controller. Other wipes on these kinds of hard drives are the equivalent of PRNG anyway. Might as well save time and actually use a real PRNG algorithm to do it.
An important fact that many hard drive sledgehammerers miss is that the drive should be placed on its side - so the platters are vertical.
I bought a mobile phone (actually a smartphone) off ebay a couple of months ago.
Left on the phone were...
What they did wrong was not only that they sold the phone without resetting the settings. They also failed to use the built-in feature where you can encrypt the sensitive information.
About the only thing they did right was to sell it to someone who wouldn't make use of this kind of information.
Karma: It's all a bunch of tree-huggin' hippy crap!
How do you get the data off the drive? Everyone wants to say what you can and can't write to a drive to "zero" it. I'm curious to see how they would get this information off, does anyone truely know, or are we still guessing?
Who cares about the ozone layer?...thanks to CFC's I can write my name......IN CHEESE!!!
2) Use acetylene torch and reduce drive to slag.
Outdated thermite also works. Thermite demonstrations were the best part if working in a classified area.
The truth shall set you free!
Nothing will happen to the microwave if you put metal objects in it.
You still shouldn't do it though.
If you put in a metal object, the object will get very hot. It will not look hot until you reach in and burn yourself trying to remove it. Then it will still not look hot, but you'll know better because of the burnt flesh stuck to it.
If you put in a metal object that has lots of sharp edges, (such as crinkled up aluminum foil from your hat) it may spark. while it gets very hot.
If you put in a metal object with something flamable (say, aluminum foil rolled up with a paper ball full of grain dust) maybe you could start a fire. if you left it in for a long time. you will probably still be able to use the magnetron after the fire, but the electronics are sure to be toast. (and the carbon scoring will not make the interior very appetizing)
If you insist on putting a hard disk in the microwave however, make sure ot remove any metal coverings. a solid conductive enclosure is almost opaque to radio so the case would get very hot and nothing would happen the platters.
Can you be Even More Awesome?!
If they were good machines, then fine. If you no longer needed them, then they were not really "good". If the schools asked for them, fine.
If they were bad machines, you've shifted the cost and burden of having them disposed by dumping them on a school. (And hey! TAX BREAK!) Either way, you've shifted the burden of disposing them (the school will have to throw them away eventually) from your company which, more than likely, makes more money than the school that is too poor to buy their own computers. That's a pretty crappy deal.
As for the losers that go dumpster diving, that's cool. They want it, they can have it.
Withdrawal before climax is very ineffective and those who try this are usually called "parents."
I recently bought a new phone on ebay and the muppet that sold it had left all his phone numbers and pictures of his baby on there!
Will wash cars for karma
Seems like a fairly useless article considering this was a forensic's lab that SPECIALIZES in recovering data doing this "study" on data recovery.
"If users were worried about potentially sensitive data, said Mr Steggles, they should use a professional forensics firm to erase it" - article
Yeah, thats not biased or promotional in any way.
"With a little work, it was possible to reconstruct almost everything that some users did online, and to grab cookies and login details for sites they visited." - article
Considering they do this for a job every day, you wonder how much work the average joe would need to go through to get said data from a purchased used drive? Sounds like a load of paranoid bull intended to freak out people with threats that some one is going to take all your personal information when you sell that old hd on ebay.
"The suggestion at the end of the story is to get a professional forensics firm to wipe your data or just destroy the item in question. With the low price of storage devices, the latter is probably preferable."
Who wants to buy my used storage device? In great condition and only slightly destroyed...
The military mandates the hard drive or other permanent storage media be removed.
This is a legitimate site. I mourn that it's gone to a contrator because at the local DRMO it was easy to pick up cool stuff.
It's all run through here now and no computer will have a harddrive.
http://www.govliquidation.com/
I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
That is almost large enough to put a Linux or BSD distro on. I guess a person could buy 2 and split folders on different partitions. Better yet, get 3 because at least 1 out of 3 is going to be a rip off.
Ops, I shuld have usd the prevuwe but in.
Hmmm... wouldn't it be better to use a steganographic file system like StegFS? In the case of encrypted data, authorities may have the legal power to force you to surrender your decryption keys to the encrypted data. Now, if had used a steganographic file system, they wouldn't even know that your data is there on your disk!
w00t
In your example, the court could as easily order you to explain the steganographic system as they could order the keys to the cryptographic system. The difference being, that unless you use cryptography within your steganography, that anyone who figures out where to look can figure out your unencrypted data in a steganographic system.
BTW, systems such as StegFS are cryptographic systems at heart. They use steganography to hide the fact that the encryption is there, but their strength is the fact that the data is encrypted, not that the data is hidden. The data being hidden just makes it harder to unencrypt.
I'm surprised. Really I am. At the large fed TLA where I work, data destruction is taken seriously. We're an all-WinXP (for users) shop, so our default file locations on our standard disk images (there are almost *no* non-standard images in use) all use EFS. Machines to be discarded are run through a standard 7-random-overwrites procedure. Any machine with even the slightest atypical response will have the drives removed, physically dismantled, and destroyed. Our local guy responsible for this is building a giant sculpture made of platters and magnets. Every platter goes across one of those massive magnetic drive-killer machines (you know, the ones with all the scary warnings about not wearing your watch while you use it and keeping uncontrolled metal bits at least 8 feet away) before it gets added to the pile. Over the last couple of years, it's gotten too big to lift and, yes, we know we'll eventually have to send it for meltdown but it sure is funny to watch the pile grow.
Data destruction is easy. There's no excuse for any govt agency to screw it up.
I forget the exact command, since I haven't used it in a while, but there's mention of a command in the book Knoppix Hacks that will overwrite everything in your hard drive with random data, and then overwrite all THAT data with 0s. Sounds like a pretty darn secure method to me.
The default shred command in knoppix is better than dd if=/dev/zero of=/dev/hda in my opinion. To start, shred will show you progress and what it's overwriting the data with (random, zeros, etc). Second, you can specify the number of times it rewrites the data. All formatting is also erased.
/dev/hda
Simply enter the following command:
sudo shred -n 2 -z -v
This shred command will overwrite the drive twice (-n 2). Random data to start (defalut), zeros to finish (-z). The -v tells you the progress on the drive.
Did you have to disassemble the drive? Very likely, as reconstructing data requires examining the platters with special hardware.
If you didn't, then by definition it wasn't really zeroed - the drive's firmware lied to you if it said it was.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
That should get some attention.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Disk-less computers with bootable CDs a la Knoppix make great library-kiosk computers.
They also make halfway-decent home computers if they are configured to support writable USB media and/or the user won't be storing anything bigger than a floppy.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I work for a non-profit that has a student computer lab. I'm the one that's gotta check out the donated machines. You're absolutely right. It's kinda like that old joke of waiting till a bank teller's not looking and dropping a handful of change into their drawer; you'll cause them hours of repeated fun-filled recounts just by giving them thirty eight cents.
Quantum materiae materietur marmota monax si marmota monax materiam possit materiari?