Slashdot Mirror
Memories of a Media Card
twistedmoney99 writes "Anyone who has upgraded their digital camera probably has a few older, incompatible media cards lying around — so why not post them on Ebay? Well, if you do, be sure to properly wipe them because the digital voyeurs are watching. Seth Fogie at InformIT.com purchased a bunch of used cards from Ebay and found recoverable data on most of them. Using the freely available PhotoRec application, he was able to extract pictures, movies, and more from apparently formatted cards. The picture is clear — wipe anything that can store digital data before getting rid of it."
It adds to the value on auction sites. A lot of people are willing to pay a fortune to see images of my dick.
Hm, haven't we had this story already with hard disks, some time ago?
What are the best methods for removing almost any record of data? Recently moving to ubuntu, I've found shred is rather exciting, but I still use many windows-only things. What would work best there?
"The picture is clear -- wipe anything that can store digital data before getting rid of it.""
And people worry that their data will not last until the next century.
I take pictures, post it on my website, post it on flickr and hardly anybody sees it. What do I care :(
data scavenger hunting on ebay! bound to be odds of getting SOME pr0n after spending $300 on used memory cards!
Subject says it all, really.
I have a water damaged Razr phone that I haven't sold yet because of this very reason (they sell for around $50 on eBay). On the internal memory are all of my numbers, text messages, etc. I'm not sure how to wipe the phone though (it powers up but complains about the sim card not being present). Any suggestions?
Aych tea tea pea colon slash slash slash dot dot org slash
I'm not entirely certain it'd work on memory cards, but it works great on hard drives. You can overwrite clustertips, free space, etc. with many passes of psuedo-random data. I think the new version is commercial, so here's a link to an older version: http://www.tolvanen.com/eraser/
I for one welcome our ...... overloards. anyone anyone
Memory cards do not have nearly as strong of a memory effect as hard drives. With a hard drive you can write and rewrite multiple times and still have data recovered by someone willing to spend the time, effort, and money. But memory cards are much harder. You could be relatively sure of safety if you just:
1. Delete everything on the card.
2. Fill the card with something not private (maybe a text file that just repeats the same character).
3. Delete everything on the card.
4. If you're paranoid do 2 and 3 again.
If you don't have a computer handy, you can accomplish step 2 by taking photos of a blank sheet of paper or a lenscap or something of that sort.
I've recovered photos by hand for family members who've accidentally nuked their memory cards (did it the hard way with a hex editor, dd and cut). So wouldn't dd if=/dev/random of=/dev/ memory-card bs=1K count= card-size-in-kib suffice?
Well, duh. Smash it with a hammer and throw it in the trash. Is it really worth your time to take more time trying to wipe it, then jump through the eBay hoops to post the damn thing, have them take out their exorbitant fees, deal with shipping it, etc. for $50? Just dump it, buddy.
After reading the article, I wondered how many of these cards are actually stolen?
And I don't mean Pamela Anderson and Tommy Lee stolen either.
I had a 4-month-old 250gb hard drive die of heatstroke within a fanless drive enclosure. The drive had, shall we say, material of an "educational" nature. (ahem)
Anyway, I didn't want to release said material to the general public at [insert HD manufacturer here], so I abandoned any warranty recovery and just physically destroyed the drive. So much for that $100.
I had a hard time finding this program on ubuntu and debian because it's included in a package called testdisk, well that is a fairly generic name. Anyways it works great, my sister has a sony mavica that saves to floppies and she accidently formatted her disk, oops. I think the PhotoRec should be packaged seperately in order to more easily find it. It's a life saver.
My CF cards I don't worry about so much. Most of the pictures on them are worth zilch to everybody but me. I have to admit, I've already considered what this article talks about though. A buddy of mine borrowed my camera one weekend for some semi-legit reason, and when it got returned I noticed the flash was erased. I realized his girlfriend had been in town that weekend as well, and with a few minutes of flash recovery software, I'll never think of his now-wife in quite the same way again. :)
It's also why any media containing sensitive data has never left my house, aside from backups which are stored securely offsite. If I can't reuse a hard drive for some reason (most get reused initially in other machines), it gets obliterated. Usually it's just a 10 pound sledge until nothing recognizable remains, but sometimes the experience has been known to involve fire, driven by charcoal and a big, big blower. Depends on how destructive I feel. Thermite is fun, too. Put a bunch in a flowerpot above the drive, light it off, and watch the molten metal eat right through it. Did that once in college, fun fun fun...
So, if you're a pervert who enjoys walking around in a trench coat naked underneath, is this a good way to make money and satisfy the urge and make a few bucks?
I'm wondering what a card will go for if it's advertised to *still* have pictures and data on it?
Kind of like a mystery grab bag?
"If you are a dreamer, a wisher, a liar, A hope-er, a pray-er, a magic bean buyer
I'm sure a lot of people don't wipe the camera cards because they don't care if someone gets photos of their pets or disney vacation or drunken stupor. They figure most people - ie. those not interested in writing an alarmist privacy article - will simply wipe and use the card. Unless you're a celebrity, or have a stalker why would you care? You're probably photographed more by traffic cameras these days anyway.
These posts express my own personal views, not those of my employer
There was an article ages ago on the old technocrat.net that talked about files not going away on flash memory devices. I asked what needed to be done to wipe flash (whether it had "memory" like magnetic drives) and Bruce Schneier responded that there's no need to do multiple writes like on a regular hard drive. Just filling the whole thing with junk once will work.
Thank you.
There are ten or fifteen posts here with people suggesting that people should use dd, or wipe to write over these removable media to stop people recovering the data. Most people seem to be suggesting doing a dd from /dev/random TWENTY times.
What I would like to know is what the most effective method is. Someone should take a bunch of these cards (and harddrives etc) and do a little controlled test to see how much of a photo/file is recoverable after one round of dd, after 10 rounds of dd, etc. In short - what's the most effective (time v.s. security) method for cleaning these things?
henry -- the human evolution news relay
> Its man page is also the only one I know of that uses the phrases "rising totalitarianism", "Department of Homeland Security", and "THIS IS AN EXTREMELY DANGEROUS THING TO DO".
Doesn't "man woman" also use those phrases? And for good reason, too...
Who cares what's on there? If you used a strong, 1-time key, you're done.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
When I first started at NASA the methodology was to use something like Norton's Erase, put it on Government Erase (three passes of writing first all ones, then all zeros, then all ones again, then doing half tracks). When Windows 98 came along we still used Norton's Erase but it had a different algorithm which was quite good too. When Windows 2000 came along we were no longer trusted to erase everything properly and we had to send the disk drives to a centralized location where they were wiped before being sold. When Windows XP came along we were told to just take a hammer to them. This was because the government had made so many cutbacks that there wasn't any money to properly erase the disk drives.
:-/
On a side note: When I first started working at NASA we had a budget of well over a million dollars. We got rid of all of the really big mainframes, and minis, and went to micros. Our budget was reduced to somewhere around $500,000.00 a year (about a third of what we originally were given each year). What I'd like to know is - whatever happened to all of that money? We certainly never go pay raises which equaled the amount of money lost. So where did it go? The answer might be a bit more surprising than anyone really wants to know about.
Someone put a black hole in my pocket and now I'm broke.
Perhaps many people really dont care if someone else see's the pictures or movies as the original owner views them as irrelavent/ usless if seen?
Something like "wipe" is needed for rotational magnetic media. For flash, a simple cat /dev/zero > /dev/sd... is sufficient.
Why would I not post them on eBay, even if wiped?
Aren't there data recovery services that recover data from supposedly wiped media (hard drives, memory cards, etc.)?
Besides, how likely are you to to make back the listing fees on used media? Given how the prices are coming down, why would you buy used when you can buy new for only a little more? Brand new 1 GB CF is going for $10, why buy used?
I would be worried that I would lose money selling used memory media on eBay; it would make more sense moneywise to just smash them with a hammer; get some exercise, and anything that was on them is now unrecoverable.
Government's idea of a balanced budget: take money from the right pocket to balance...oh who am I kidding?
I mean seriously, the discussion shouldn't be about "proper erasure techniques that 99.999% of the public couldn't understand if they tried", it should be about not being such a tight-ass cheap fuck that you have to sell your old drives (flash / hard / whatever) on E-Bay. I mean, seriously, do you need to spend that much effort to net yourself an extra $5 or $10?
I erase my old media with a sledgehammer. Try to recover that, bitch.
Help save the critically endangered Blue Iguana
Shouldn't shred used on the device (/dev/sdc or whatever) work fine for Linux users?
Penny - plain text accounting
Anyway, analysis of the remaining FAT may reveal some of your old filenames, but not the data in them.
DRM 'manages access' in the same way that a prison 'manages freedom'
I take pictures, post it on my website, post it on flickr and hardly anybody sees it. What do I care :(
People who love you will one day get it, so cheer up.
Now, the reason you might worry about data deletion and privacy may have nothing to do with you personally. The best way to judge the harm done by snooping is to think of the worst thing it can be used for against someone who's fighting for your rights. See this post for information on harm done by previous domestic spying. Automated spying of that kind has the ability to snuff out "political dissent" before it has a chance to start.
Then again, like WWII "strategic" bombing, it might backfire and create a stronger will to fight.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
I'd just keep the damn thing. You know that as soon as you sell it you'll have a desperate need for it. That's just how the world works.
Unless you're up against the NSA here, or at least someone VERY handy at hard drive electronics who has an available cleanroom, just use dd and write all 0s over the bugger.
Trying to recover it after that point requires an unreasonable investment of time and money that no sane person would bother with unless they had some strong motive to examine that particular drive.
Why would somebody want to sell memory cards on eBay anyway? The only reason I can think of is because it was an original accessoiry for a digital camera or something. But the biggest one tested was 128 MB, which sells for - uh cannot find that one. 1 GB sells for 12,50 over here (SD).
Much of the information in the article about data recovery is also covered by DebianAdministration.org. TestDisk and photorec, are afterall, free software.
Hip, hip hooray!
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Realistically, when a new 1gb card is under $50 in the stores (and a quick froogle search showed some generics around $20), just how much is my 64mb Smartmedia card worth? How about my 16mb Compact Flash? ... For that price, it isn't worth the effort to try selling these antiquated cards.
Well, there is something else, too: what about users of devices which don't support larger cards? I don't know - I've never encountered a problem with SD (which is all I've used in portable devices - choose a platform and stick with it), but isn't it possible that some devices won't read or write to larger cards than were available when they were made?
Example: I had a cheap piece of junk digital camera (Mercury Deluxe Classic Cam) which came with 8 megs of RAM built in, and would accept SD cards. Now note that the issue with this camera was that the firmware refused to support FAT32, so I was limited to 128 megs (or whatever, I can't remember) even on larger SD media. Vexing, but not enough to make me seek out smaller cards than are currently available - I just formatted to FAT, and shrugged my shoulders at the wasted space. Now, are there any hard limits to what size SD or CF or other media that some older hardware might come up against?
Is there therefore any reason why some people with poorly supported (firmware) or pooly designed (hardware) products might need to seek out the older cards for backward compatibility? In another example (part of a $75,000 radar display and course plotting system), I needed to find small SDRAM (32 meg) modules for a specialized computer which wouldn't even POST when it was fitted with 64 meg or 128 meg modules. Can such things happen with the removable Flash devices we take for granted today?
If it's possible that a poor implementation might screw someone, as a service to geekdom, I'll go to the trouble to save them, wipe(1) them, and then *give* them to someone who is in need. I collect and restore 1950s TV sets and other antiquated and difficult-to-support electronics, and I've worked on more than my fair share of specialized equipment which forces you to seek out antiquated commodity parts, so I understand going to this trouble for little to no payout (except to know you saved something from the landfill and got someone out of a bind).
Fire and Meat. Yummy.
From the paper: (blah blah blah)
I don't normally waste bandwidth or other resources commenting this way ("Me too! Me too!"), but I have to tell you that was the most kick-ass summary and explanation of the problem. Thank you for knowing an intelligent and concise technical reason for seemingly (and massively) redundant re-writing, thank you for having it handy, thank you for citing the most useful passage, and thank you for posting.
Damn, I never have mod points when I need them. I'd have dumped all of them on that posting if Slashcode would let me. +5: "The Poster Credibly Could Have Written A PhD Dissertation On What S/He's Talking About".
Fire and Meat. Yummy.
Yes, I'd love to see thermite destroy a hard drive.
Bah. Overkill. There's already a great video somewhere of thermite melting through a car. Likewise, one of the best things you can do is get rid of that Honda Civic in your driveway by stuffing it full of old hard drives and taking it to a serious (no car crushers, just a shredder) scrap metal place in your town and watching it go down the throat. Anyone who wants my old credit card numbers (which, BTW, are exclusively *expired*, no live ones get to any of my own computers, networked or not) is welcome to dig the smashed platters out of the piles of shredded aluminum and glass.
Fire and Meat. Yummy.
When there is: http://media.tinypic.com/new/ An endless flood of free, random pics of all varieties. People think they're "just posting it to my blog that no one sees", but really everyone can see it.
... and it gives some surprises concerning memory devices - http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_ del.html
Just copy a load of JPGs or MP3s to the memory card until its full then delete them, or leave them there. Thats what I did before selling my old ones on.
It's more fun than selling it on eBay. Better yet, make a video of you smashing it, put it on a memory card and then sell it on eBay.
Yes, OK. Props for being modded up and everything, but there's always been equivalent commercial software to do this.
From the article:
In addition, the fact that some of the cards contained undeleted images is a bit disconcerting. At a bare minimum media card owners should have deleted the viewable images.
Why? Why should they have, if they don't care who saw them? As they said, the images were all of clothed people and disney world and things, worth nothing to anyone but the owner.
Privacy just for the sake of privacy seems to have taken hold of too many people, who do not stop to think - is there any point to privacy in this instance?
Obviously if people did not want images being seen they should remove them; I just object to catiioning users against leaving images with the vague fear that "someone may see thier images" when that may not matter at all.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
If it's an old memory card that you don't want anymore it's probably nearly worthless anyways. The best solution is probably to smash it with a hammer and throw it in the trash. Not only will it save you time, but it will also save you paying a commission to EBay and Paypal to boot.
Just use http://ncrypt.sourceforge.net/ to wipe data. It offers Gutmann and Military grade wipes.
Make a smoothie out of it: http://www.willitblend.com/videos.aspx?type=unsafe &video=ipod
Sheldon
I knew someone who had nude photos and I tried and tried to recover than one that had full frontal. I couldn't. Where was Photrec then?!?!?!?
If data is reliably recoverable in "layers", why not use this for higher density storage? Sure some extra curcuitry would be required, and failure rates might be higher in earlier models, but the extra storage could be impressive. The added benefit would be that erased data would be more difficult still to recover, requiring much more expensive hardware.
For an embedded project I bought a bunch of memory cards off ebay. It appeared they had been erased but I was curious what I would find. I found the excellent software photorec, and found various pictures. On one card I found someone's vacation photos, including one of him naked. No naked pictures of his wife, however.
Comment removed based on user account deletion
A year ago, we had a donation program at the local IT College. Companies donated their old computers, we checked the hardware, installed a clean OS and they went to children with disabilities.
Usually we didn't even check, what's left on the hard drives, but occasionally we would stumble upon some pretty sensitive information, like some business-critical e-mails, personal contacts, office gossip. Anyway, we did our best to forget everything we saw and no kind of copies were made before reformatting the drives.
This works faster than dd for me, to create a blank unformatted memory card:
/dev/XXX
shred -v -n 1 -z
where XXX is the device name, eg: sda for the first SCSI drive, assuming there are no other SCSI drives in the system. -v means be verbose and show progress, -n 1 means overwrite with random data once, -z means then overwrite with zeros once.
90% of posts in this forum are irrelevant from people who have no idea how a memory card works!!!! :)
The program mentioned is a simple windows header undelete.
The article is about *memory cards* using NAND gates. Overwritting the data 20x wont make a gorran difference from the 2nd time its over written! Thats only on HARD DISKS with residual electronic fields. Nand's dont use fields, they use logic
OP suggests ebaying your old cards. I have a 16mb CF card, anyone interested? Cost me $80 new, you can have it for $40. I can get you another one if you are interested in two.
I work for the Department of Redundancy Department.
And in the course of looking through his vacation pictures and commenting on his hot girlfriend (yes, we're dicks) we discover... he's a lawyer. And he's left briefs on there. And complete sets of paper applications for things like, oh, social security benefits.
We were absolutely stunned. All in all, there was probably enough data for us to steal at least a half-dozen identities. (a couple of them so complete we could have gotten official documents for these people.)
Luckily, while we're dicks, we're not evil. And our plan all along was to wipe the OS and put 98 on there anyway. So we did so. And I sent him a note explaining what we'd found and the importance of wiping your hard drive before selling a machine. What he wrote back was completely dismissive, saying he didn't think he'd left anything TOO valuable on there.
We came THIS close to writing or calling his clients to let them know just how much respect he had for their personal identifying information. But in the end, we felt so icky just LOOKING at the stuff that we couldn't bring ourselves to do anything but reformat it.
I'm just amazed that, in this day and age, someone could be that clueless (and ignorant and arrogant) in dealing with people's private information. ESPECIALLY a lawyer.
Bush: He's Liberal in all the wrong ways.
Just thought I'd point this out: "DOD capability" is a bit of a misnomer, at least in that it indicates suitability for any type of very sensitive data. Only drives that have never been touched by sensitive data can be wiped using software. Drives that have contained classified information are classified forever, and no number of passes qualify as secure erasure. The only 'secure delete' for DOD classified data is an incinerator.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Well with tapes and floppies, I think you could use a bulk tape eraser and pretty much expunge anything from them. Assuming you use the eraser properly (which involves putting it close to the tape, turning it on, and then moving the tape far away from the coil while it's energized, before turning it off), I don't think any data could remain. Assuming the field was strong enough to penetrate into the media thoroughly when it was close, the act of moving the media further and further from the coil while it's alternating (since it's plugged into the wall) essentially creates "layers" of magnetic polarization. (Since as you move it further away, the field gets weaker and can't penetrate as far into the media.) I don't see how even the NSA could undo that.
Sometimes reel-to-reel tapes that were erased using the erase head on a recorder can be recovered, because the alignment of the tape might be such that the very edge of the tape doesn't get thoroughly erased, and someone with sensitive enough equipment could analyze it and find traces, but it's very hard. I read a few years ago (probably in Wired) that somebody was attempting to get the National Archives let them try a method like that on the Nixon Tapes, but the Archives folks weren't convinced enough that it would work to let 'em try.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
I have a Minolta SLR camera (film camera, not digital) which is capable of downloading shot-by-shot exposure data to a SmartMedia card via a special adapter. (The adapter itself is hard to find, it fits on in place of the lens, and uses the lens's auto-focus contacts for communication with the camera.) It won't take more than 16MB cards, I think. And due to SmartMedia's size (in particular, the thinness of the cards), you can't get adapters that fit more modern cards into their slots, like you can with CompactFlash and PCMCIA.
There are lots of old but still very serviceable devices that need old media to work. Those crusty 8MB cards might seem like junk to most people, but they might be worth their weight in gold to someone who has an older device that won't use anything else.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."