Slashdot Mirror
Confidential Data Not Safe On Solid State Disks
An anonymous reader writes "I always thought that the SSD was a questionable place to store private data. These researchers at UCSD's Non-Volatile Systems Laboratory have torn apart SSDs and have found remnant data even after running several open source and commerical secure erase tools. They've also proposed some changes to SSDs that would make them more secure. Makes you think twice about storing data on SSDs — once you put it on, getting it off isn't so easy."
Encrypting it?
Is taking data off really an issue anyway. If it's confidential data, destroy the disk when you need to dispose of it. Not repurposing or re-selling hardware with sensitive information on it sounds like a no-brainer.
It doesn't matter if you can get hold of ALL of the data, if it's encrypted you're fucked. Nothing to see here, move along.
Thermite will fix everything! [s/fix/destroy] :-)
Did you mount a military-grade, variable-focus MASER on an unlicensed artificial intelligence?
encrypt the data before writing. at no point in its existence will it appear anything but white noise to unauthorized parties.
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
From what I've seen, it's not the end-of-life disposal of drives which leads to this type of data leak. It's when a drive dies under warranty and you send it to the manufacturer for a replacement. Since it's non-functional, you can't erase it. Since you need to return it without any signs of abuse for a warranty replacement, you can't destroy it.
The manufacturer usually just fixes it, and sells it as a refurb / sends it out as a replacement drive for others which have failed under warranty. They just do a quick format, or sometimes even don't bother formatting, before sending the fixed drive out. Meaning the new recipient of your old drive has all your data.
"Trust but verify"? Verification results from the exact opposite of "trust" :p You're right to verify, but saying stuff like that sounds silly..
Verification is after-the-fact. Prior to that, the vendor could still do something dishonest like fail to deliver on its promises. You're trusting them not to do that as indicated by your willingness to do business with them in the first place. Verification is an attempt to check against not only dishonesty on their part but also well-intentioned mistakes that wouldn't strictly be issues of trustworthiness.
It's sort of like when I deposit cash at a bank. If I tell them "this is 200 dollars, please put it into my account" they are going to count the money. I don't take that as an accusation that I am trying to deceive them, because it isn't. It's a standard practice because multiple pairs of eyes are more likely to catch both honest mistakes and deliberate deception. That's an example of "trust but verify".
It's not really so silly and it's far less extreme than "I want to be involved in each step of the process so I can watch your every move". That would be distrust.
It is a miracle that curiosity survives formal education. - Einstein
TrueCrypt volume inside a TrueCrypt volume
You, dawg, I heard you liked TrueCrypt.
The headline should just read "Confidential data not safe on unencrypted disk". Modern hard drives also arean't as easy to 100% delete as one might think - once a sector gets "spared out" there's no easy way to delete it, and there will still be readible data there. That just happens a lot less frequently than SSD load/wear balancing.
Of course, any media can be adequetly destroyed by shredding - if you really care, this isn't a problem to solve with software.
Socialism: a lie told by totalitarians and believed by fools.