Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Datacenter HDD Wipe Policy?

Posted by timothy on from the oh-just-a-bunch-of-16-digit-numbers-and-names dept.

New submitter socheres (1771002) writes I keep a Slackware server hosted at various datacenters on leased hardware for personal / freelance business use. I have been doing this for the last 10 years and during this time I moved my stuff to several datacenters, some small and some big name companies. No matter the hosting company, since I choose to install my own OS and not take a pre-installed machine, I always got the hardware delivered with the previous guys' data stored on the hard drives. It was also the case with spare drives, which were not installed new if I did not ask specifically for new ones. Has this happened to you? How often?

74 of 116 comments (clear)

  1. none by Anonymous Coward · · Score: 1

    Seems like the policy is none

    1. Re:none by Z00L00K · · Score: 1

      Datacenters are all about saving money as much as possible, so the re-use of hard disks and wiping/destruction of them is non-existent.

      Essentially this means that the data center owner takes a calculated risk that no sensitive data will be misused by another customer.

      Now this knowledge is out so we can expect front-ends for black hat hackers to purchase services at random trying to poach data.

      The end result will be that the price of "cloud" services will go up rendering them possibly as expensive as hosting the services yourself.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  2. Physical destruction by BaronM · · Score: 2, Interesting

    I've been in the IT infrastructure business for years, and have always relied on physical destruction (shredding) of hard drives when disposing of old systems.

    I can see where that may not be cost effective with leased systems, but I would take your experience as a warning to clean up after yourself and secure-wipe hard drives when your lease is up and not count on the datacenter to do it for you.

    IANAL, but I also wonder who owns the data on a leased hard drive when the lease is up? If you improve an apartment or build a building on leased land, those improvements typically become the property of the owner when the lease is up. I wonder if that has been addressed with data in the absence of relevant contractual language?

    1. Re:Physical destruction by AbRASiON · · Score: 4, Insightful

      It's a stupid policy, if you've been in IT infrastructure for years, you should have a basic understanding of how to wipe a hard disk properly, it's a waste of money, it's creating environmental waste in disposing of it, it's wasting resources needing to purchase another one.

      When you start talking about tens or hundreds or even thousands of disks, you're pissing away good money, because you're either too lazy or too stupid to know how to wipe a disk.

      I've seen far too much of this idiocy over the past decade or so. ( http://hardware.slashdot.org/c... ) it needs to stop. Learn how to wipe a disk, if it's not faulty, re-use the thing. That old post from 2011 is even more applicable to server drives which are not even remotely cheap pieces of hardware.

    2. Re:Physical destruction by Revek · · Score: 2

      foolish and wasteful. You don't believe that FBI fairy tale about getting data off a drive even if its been wiped do you?
      http://how-to.wikia.com/wiki/How_to_wipe_a_hard_drive_clean_in_Linux

    3. Re:Physical destruction by jon3k · · Score: 1

      Same, per policy we destroy all hard drives.

    4. Re:Physical destruction by Charliemopps · · Score: 1

      I've been in the IT infrastructure business for years, and have always relied on physical destruction (shredding) of hard drives when disposing of old systems.

      I can see where that may not be cost effective with leased systems, but I would take your experience as a warning to clean up after yourself and secure-wipe hard drives when your lease is up and not count on the datacenter to do it for you.

      IANAL, but I also wonder who owns the data on a leased hard drive when the lease is up? If you improve an apartment or build a building on leased land, those improvements typically become the property of the owner when the lease is up. I wonder if that has been addressed with data in the absence of relevant contractual language?

      He's talking about a datacenter. He doesn't have physical access.

      Encrypt the drive. If, for some reason, the contract goes south or they go out of business, the data's garbage even if they sell the drive at auction. Our company policy is everything is encrypted outside our network. This includes portable devices like laptops, phones, and I even saw new USB sticks yesterday that will wipe themselves after a few invalid attempts.

    5. Re:Physical destruction by AbRASiON · · Score: 4, Insightful

      No that's what security people and people speculating will tell you.
      You do a full single pass of 0's to a disk and recover a single word document for me, a single one - I'll give you $1,000 cash.

    6. Re:Physical destruction by sjames · · Score: 1

      I would imagine it is equivalent to clothes in the closet. If you leave them behind, the apartment owner can dispose of them as he sees fit.

    7. Re: Physical destruction by mcrbids · · Score: 2

      Actually, I have a physically secured, locked box full of hard drives that I haven't bothered to wipe or destroy. Our approximate policy is to use in house for other purposes if it makes sense, or throw into the box. HDDs just 3 to 5 years old are basically worthless. For storage in volume, anything smaller than about 2 or 3 TB is ready to be replaced, just because of the savings in electricity.

      --
      I have no problem with your religion until you decide it's reason to deprive others of the truth.
    8. Re:Physical destruction by Fencepost · · Score: 1

      It's not worth my time to hook up old PCs or removed drives so I can wipe someone's 40/80/120/160 GB IDE drives for reuse. A nail punch in a few places makes it not feasible for someone to try to recover potential legally protected from possible temp files saved on an old desktop system. My concern is generally that I'm not sending used drives from medical offices out to end up "recycled" to Africa where someone might actually try to recover data from them.

      --
      fencepost
      just a little off
    9. Re:Physical destruction by AbRASiON · · Score: 2

      Hang on what are we talking about here, let's be clear.

      Are we talking about a server inherited from someone else at a datacentre when leasing equipment?
      Are we talking about desktop computers?
      Are we talking about some kind of big SAN device loaded with disks and no OS?

      If it's the first 2, why would the disks be unhooked / removed? Presumably they are in the computer you want to use them in. Run DBAN on them, it's not particularly expensive.......
      You shouldn't even be in the habit of physically removing disks unless there's a need to. Reasons I can think of removing a disk would be:
      1, disk is faulty
      2, upgrading to a larger / faster drive.

      Faulty disk, not under warranty? Ok Drill it, fine.
      Upgrading to a larger and or faster drive though? Do you have another server which might have use of those disks? Would they make a good spare? What about some kind of dev / uat environment which could use them? Maybe you should've kicked off the dban before pulling the disks from the server in the first place?
      If you seriously have absoloutely no use for the disks and they are 'proper' old of low value? Ok maybe drill them, maybe - but recyclers pay money for old stuff and drilling disks happens far too often because it's cool to be overly security conscious.

    10. Re:Physical destruction by Noah+Haders · · Score: 1

      as the data center person, I would offer clients the opportunity for an extra $50 to have their disks destroyed when they're done with them.

    11. Re:Physical destruction by Osgeld · · Score: 1

      my only beef with that is its getting harder to find old scsi drives for retro computers, IDE fuck it nail away

    12. Re:Physical destruction by LordLimecat · · Score: 1

      You're talking about an attack that has never been publicly demonstrated, and you think a $1000 offer is sufficient to prove its infeasibility? Cute.

      No that's what security people...will tell you

      By all means dont ever listen to THOSE people.

    13. Re:Physical destruction by AbRASiON · · Score: 2

      The _VAST_ and I mean _VASTTTTTTT_ majority of security people I've encountered have, what I'd be comfortable describing as "fuck all" technical knowledge regarding hardware (and in some ways software too) - they get concepts, fundamentals and then read dipshit theorising articles on retreiving data from a hard disk by analysing the "bits between the bits"

      Don't take my word for it, go to some googling, I've read at least 1 article by an actual storage guy (I can't recall if he was actually a physical media designer or what) but he laughed off the idiotic claims as presicely that.

    14. Re:Physical destruction by chuckinator · · Score: 2

      Agreed. The rule of thumb for the paranoid is a write of semi-random data for 3-7 passes with a final pass of zeroes. The tool has been part of GNU coreutils for a long time. Easy to do with a simple:

      shred -z /dev/sda

      Just be careful. That's worse than `rm -rf /` if you mess up.

    15. Re:Physical destruction by Anonymous Coward · · Score: 1

      No that's what security people and people speculating will tell you.
      You do a full single pass of 0's to a disk and recover a single word document for me, a single one - I'll give you $1,000 cash.

      I work as a data recovery technician and, for the most part I agree if you zero a drive you will not get any data from it unless someone is very cunning and knows about the glist (bad sector list) and if they release that they might be able to get something but usually only a few sectors. It makes me cry when I see people drilling or smashing hard drives... total waste.

    16. Re:Physical destruction by Fencepost · · Score: 1

      Well, my customers have traditionally used servers until they're mostly beyond being repurposed, and the same with desktop PCs. The only ones with anything in datacenters are ones using hosted solutions, and we and they don't have any access to the vendor's setups. That said, for retired SATA drives they'll likely get scrubbed and shelved as possible future spares - an old enterprise 250GB SATA drive will work just fine for reimaging a local PC.

      For desktop machines, we don't image or wipe them before replacement, and we let them sit in a storeroom for a couple weeks just in case we need to retrieve something, but after that we're not hooking them back up just to wipe, we just yank the drive and send the machine out for recycling. This year they've tended to be old Pentium 4 boxes that were running XP acting as remote desktop terminals. It's very unlikely that there's anybody's medical data on any of the drives, but it's not a chance that we want to take and physical destruction of the drive is the quickest and therefore cheapest way to do it that I'll trust.

      One special situation here is that I'm part of a small enough group that we don't really have low-paid PFYs or interns to do this - if I had someone available being paid $10-15/hour for basic technical tasks it might change things, but right now any time spent wiping drives on obsolete PCs for donation could be much better spent on billable tasks.

      --
      fencepost
      just a little off
    17. Re: Physical destruction by darkonc · · Score: 1
      physical destruction is only 'foolproof' if you're the fool doing it... Otherwise you're depending on the protocols of the people doing the destruction for you.

      If you've got a number of drives to go through, wiping drives is a pretty simple process. Get a USB drive enclosure (or 5)... then plug in a drive, turn it on. Run the wipe and wait for the drive to finish wiping. switch off, switch drives and repeat. physical destruction is only called for if the writes fail.

      Going beyond wiping a drive is only necessary if someone like the NSA is interested in your data.

      --
      Sometimes boldness is in fashion. Sometimes only the brave will be bold.
    18. Re:Physical destruction by goarilla · · Score: 1

      And takes a very long time /dev/{u}random does not have a lot of bandwith. In my opinion a single dd if=/dev/zero suffices for drives going out of the company.
      But for a reinstallation of a system in the company I just format and reinstall again because a zero pass takes a long time as well.

    19. Re:Physical destruction by sribe · · Score: 1

      Whether or not data can be recovered off of wiped (overwritten) disks is a subject of great speculation.

      No ,it's not. It's the subject of idle wild speculation by people who have no clue what the hell they're talking about.

    20. Re:Physical destruction by pnutjam · · Score: 1

      Drilling or destroying is great for physically failing equipment that can't be wiped.

      --
      Cheap storage VM.
    21. Re:Physical destruction by nerdbert · · Score: 2

      I do disk drives, and have for the last 20 years or so.

      Practically speaking, unless you have a government actor or someone with extremely deep pockets coming after you, just wiping a drive once is enough for privacy.

      Not practically speaking, and assuming you're worried about a government-grade attack on your drive, a single write of a constant value or a psuedorandom pattern that I can predict isn't enough to completely erase the data. Heads are always slightly misaligned from the servo track, so there's always some leakage at the edges that usually survives a wipe, although it's usually -20 dB or so down from the main signal and requires some finesse to get to. It's this misaligned head that's the most practical attack on erasures. Then you can go to more exotic things (transition modulation, etc) that are less likely to work.

      There's also a problem with abandoned sectors in your drive leaking data. What we do in modern drives is that we have multiple tracks that we use for backup data. When a sector starts to go bad and we have to do multiple retries to read the data (including some very, very weird read modes), we'll take the data and move it to a backup track, then mark the original sectors bad, while mapping the new sectors into the file system so that everything is transparent to the user. You'll never see this, it's all done behind the scenes in ways you can't detect. So the old sensitive data is still there, but hard to read, and nothing you do as a user can ever get to it.

      But all these weird modes are HARD to get to, and the data recovery is often pretty manual and extremely expensive so unless you're Edward Snowden it's not worth the time of the NSA or DoD to come after you.

      So my view is pretty simple: single pass erasure for normal business users or personal use, although I tend to do erasure and a reformat to a completely different filesystem type (e.g. to ntfs from ext4) if I'm giving an old drive to a friend/relative. Usually I take my old drives to the shooting range for destruction just because it's a lot more fun. If the data is really, really private where not one bit can afford to be found, then shred it. It's not like disks are super expensive.

    22. Re:Physical destruction by LordLimecat · · Score: 1

      This discussion gets kicked around a lot, and it astonishes me how much assumptions are kicked around in a security-focused discussion.

      Superuser has a good write up on this.

      Heres the TL;DR:

        * It has been shown to be theoretically possible under the right conditions to recover data from "shadow bits"-- detectable differences in over all magnetic moment from a bit on the disk. This was demonstrated in 1995 by Peter Gutman.
        * It is widely believed that modern disk technologies and densities make such methods much more difficult. However, Heise Security demonstrated that it is still a theoretical possibility, at least for single bytes, though very difficult.
        * There are sector remapping technologies which throw all of this out the window. Blindly following the "multi-overwrite" mantra is also ineffective on non-magnetic media.
        * For reasons unknown, DoD, NSA, and NIST, as well as the UK's ICO all require varying degrees of overwrite and / or destruction. The NSA / DoD specifically indicate that overwrites are OK only when the disks will be repurposed in the same security area. I'll leave it to you to determine if you know more than they do.

      Security is highly based upon theory. That is, we trust encryption schemes like AES because there is a strong degree of confidence that it will remain very difficult to crack for many years to come. When "theoretical" holes are discovered, they are treated very seriously because the entire point of such security is to defeat a determined, well funded attacker. Security schemes which do not defeat determined attackers are little better than "do not burgle" signs on your door.

      With that in mind, it is incredible that people would suggest things like drilling a hole through a drive when it is clear that that would not prevent a determined attacker from recovering data Worst case, fill the hole with epoxy and sacrifice that quarter of the platter, you can still recover ~75% of the data. Appeals to the difficulty or expense of the recovery are not statements on security, and when a degausser can guarantee security in roughly the time it would take to drill press the drive, its astonishing that people would even suggest it.

      Some of the suggestions here are akin to recommending turning off WiFi beacons or using MAC security on your AP. They sound cool, they have the appearance of working, but they are in reality snake oil; a determined attacker will simply ignore them.

    23. Re:Physical destruction by david_thornley · · Score: 1

      I've been told that modern disks store one bit per magnetic domain, meaning that one overwrite should be enough. Obviously, this doesn't apply to non-magnetic media.

      The NSA and DoD may well have policies that go well beyond what is necessary. It's really not much more hassle to do multiple overwrites than just one, and disks are cheap enough that they can be considered disposable. If you're really worried about security, spending a hundred dollars to replace a drive may be preferable to worrying about whether somebody, sometime, might be able to read it

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    24. Re: Physical destruction by toddestan · · Score: 2

      Well, you could donate the drives to the various charities that refurbish computers. They're always short on drives because they get so many computers donated to them that have had the drive pulled. They'd be really appreciative if someone showed up with a box full of drives. Size doesn't even matter so much as they are at least 80 GB or so.

    25. Re:Physical destruction by toddestan · · Score: 1

      As long as the computer is functional it would seem that the quickest and easiest way would be wipe the drive. Hook up the computer quick, throw in the DBAN cd, let it crunch for a while, then you can throw the whole box into the recycle pile. With physical destruction you've got to have someone take the computer apart and remove the drive, then actually punch the holes in it (or whatever). Granted, getting the drive out can be easy with some cases, but others it can be a huge pain in the ass. Then you also have the problem that once the drive is separated from the rest of the computer it's a lot easier for it wander off too...

  3. Never happened to me because... by Jiggy · · Score: 1

    ...financial services degauss then physically shred the drives. You get a nice certificate too. It's extreme but cheaper than a data leak.

    1. Re:Never happened to me because... by bobbied · · Score: 1

      So much for taking decommissioned drives home and putting them into the NAS to store my video archives....

      (No, I'm not serious about taking stuff home from work... Never a good idea, even out of the trash can...)

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  4. Before leaving the server by mrspoonsi · · Score: 1

    Get an OS re-image then simply fill the hdds with random data. This works well on HDDs, but SSDs with their 10 or 20% wear space, perhaps not, they need pulling and disposing.

    1. Re:Before leaving the server by Anonymous Coward · · Score: 1

      SSDs do not expose logically overwritten data to anyone without firmware or hardware level access.

      SSDs may expose logically overwritten data to anyone with firmware or hardware level access.

      There, fixed that for you.

    2. Re:Before leaving the server by Culture20 · · Score: 1

      An OS reimage with 'doze and use sdelete.exe from Sysinternals Suite. http://technet.microsoft.com/e...
      Or 'nix, dd a huge file and shred it (remember to restrict the passes with -n since the default is "a lot")
      Neither is perfect, but better than delivering your data to the next schmoe on a platter (pun intended).
      If you can request the specific OS image, send them a copy of a memory-resident linux installation configured to auto-wipe the HDDs with shred.

    3. Re:Before leaving the server by silas_moeckel · · Score: 1

      You can skip the overwrite on a SSD just trim the whole thing reads will be all zero's as it's an unassigned block. If you need to protect the data that much you destroy the drive.

      --
      No sir I dont like it.
    4. Re:Before leaving the server by Culture20 · · Score: 1

      Why do it to a file and not to the block device itself?
      dd if=/dev/zero of=/dev/sda

      (I can never remember the argument for setting the block size.)

      the block size setting is a lot of bs. (bs=)
      You can't be guaranteed to escape a kernel panic or general screwiness when the system tries to use swap space or access a file. That's why I suggested a "run from RAM" distro.
      Also dd dead stops if it hits a bad block. You're better off using shred or ddrescue to overwrite stuff when going directly to device.
      You can target other partitions like say, /home , /data , /var , etc. if you've actually partitioned them separately. You can also turn swap off and target it. But like I said, you're best off nuking from RAM.

    5. Re:Before leaving the server by mysidia · · Score: 1

      SSDs may expose logically overwritten data to anyone with firmware or hardware level access.

      Not if it's an encrypted SSD and you replace the crypto keys with new ones.

  5. Re:My policy by the+eric+conspiracy · · Score: 1

    Thermite.

  6. Use a drive eraser, then physically destroy by HunterZero · · Score: 1

    For security purposes, I use a WiebeTech drive eraser to scrub the drive (DoD Sanitize standard), then send them to a physical destruction service.

    Paranoid? Yes. Expensive? Yes. Worth it to my employers? Yes.

    --
    "They told me it was impossible. I replied with maniacal laughter." http://www.mydailyrant.com/
    1. Re:Use a drive eraser, then physically destroy by LordLimecat · · Score: 1

      You'd be better off degaussing, if youre gonna shred it anyways. Doing 7 overwrites is gonna take longer than just tossing the drive in a degausser and being done with it.

  7. Here is the corporate policy by thieh · · Score: 1

    What I have learned from the news is that the policy has always been "If there has been nothing in the news, don't bother." It costs electricity and labour cost to do it. The previous story on /.

  8. Art! by CanHasDIY · · Score: 1

    https://www.google.com/search?...

    --
    An enigma, wrapped in a riddle, shrouded in bacon and cheese
  9. Re:IRS by bobbied · · Score: 1

    Contract with them. They destroy everything.

    Oh no they don't destroy everything. They have tax records going back for a decade or more from both what you, your employer, and financial institutions reported and trust me they can pull these records out of the hat when it suits their purpose. (Such as when they decide to audit you.)

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  10. Depends on the DC by silas_moeckel · · Score: 1

    I would never expect new drives on a leased box as it's a leased box. Nor would I expect them to sanitize my data before handing it to a new customer. I work with a lot of hosting companies and it's not very uniform. One dirt cheap place runs everything through dban before handing it back others not so much. If you need to insure this happens expect to pay for it.

    --
    No sir I dont like it.
  11. Re:Breach by Anonymous Coward · · Score: 1

    I have seen this so often, this is something I consider is assumed.

    First thing I do with any new machine is zero it out. SSDs... easy:

    blkdiscard /dev/sdx; dd if=/dev/zero of=/dev/sdx bs=1024 count=1024; blkdiscard /dev/sdx

    The reason I do a quick dd of the first part is to completely zero out the partition table. Some SSDs might have zapped all data, but it can't hurt to be safe and know that the partition table is ready to be initalized by a subsequent OS install.

    HDDs, I use /dev/zero, /dev/urandom, then /dev/zero again, alternating this a couple times. This is less for destroying data than to ensure that no drive errors come up.

    The main reason I erase a disk thoroughly before bringing it online, other than to check for disk errors, is so I don't have to deal with the previous owner's data and possible legal entanglements that may cause. Look how many years in prison a guy in Texas got because of Google's findings. It is easier to just zero out all incoming media to ensure that any data sitting on the drives is mine, and mine alone.

    Of course, the real question of zeroing out drives is when the server is being decommissioned. This is why I try to encrypt all partitions. With BitLocker, the Windows format command is smart enough to thoroughly zero out the metadata and the areas on the volume that hold the master key, making recovery pretty much impossible. So, a simple format command, and the machine is decommissioned. However, I much prefer to overwrite the drives completely (most server RAID controllers have this functionality, or if they don't, just delete the existing drive volume, and make a RAID 2 volume on pairs, let it complete, then delete the volume and go back to a RAID 5, which will end up overwriting all drives with unrecoverable garbage.)

    Of course, booting up a DBAN CD will also do the trick.

    Of course, the best way is to pull all drives and physically destroy them, but that usually isn't doable in a lot of cases, so having a volume encryption layer does help.

  12. Re:My policy by bobbied · · Score: 1

    Drill press. 'nuf said.

    I was thinking that taking it apart followed by sanding off the oxide layer from the platters would be good enough, but if you have a drill press, to each their own.

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  13. Old Tech by Teun · · Score: 1

    Some things require Old Tech.

    --
    "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
  14. Re:refurb drives by davidwr · · Score: 1

    I've worked for companies that sell Refurb drives.

    Oh how I wish you could tell us who you used to work for. Unfortunately, as soon as you do, /. is going to get a subpeona for your IP address, and your ISP will get a supeona for your personal information, and... well, it could get ugly.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  15. Re:My policy by LordLimecat · · Score: 1

    A drill press, while flashy, is simultaneously less secure, convenient, and available than a wipe, all while being more expensive.

  16. most datacenters will do what they are paid for. by NemoinSpace · · Score: 1

    Or what they are contracted to do. There is no use arguing with somebody who insists you spend 2 hours+ doing a D.O.D. wipe on a out of warranty drive if they are willing to pay you. Otherwise, 15s through a degausser will do the trick.
    Something tells me you didn't make a copy of the last guy's data before you wiped it and installed your stuff. I'm betting no calls to the NSA,or even the local police were made. Nobody cares about this stuff except the people that need to. Finally, there is no machine in a datacenter that has both important data and Slackware on it. Hope you remove your own data before the next lease runs out, because nobody is going to do it for you.

  17. Re:Breach by jones_supa · · Score: 4, Informative

    Issuing the ATA Secure Erase command is the most professional way. The drive itself knows the most efficient way to nuke all data from the orbit. Especially useful for SSDs as it might also zero hidden wear leveled data and set all sectors into a TRIMmed state.

  18. Re:IRS by kelemvor4 · · Score: 1

    Contract with them. They destroy everything.

    Oh no they don't destroy everything. They have tax records going back for a decade or more from both what you, your employer, and financial institutions reported and trust me they can pull these records out of the hat when it suits their purpose. (Such as when they decide to audit you.)

    http://politics.slashdot.org/s...

  19. Thre is really only one solution by WillAffleckUW · · Score: 1

    If it's ceramic, wipe them three times with 1s and 0s and then smash them to bits with a large hammer, and then cast the resulting powder into a nice art sculpture.

    If it's metal, do the same but melt it.

    Have to agree - anything that went on the cloud should be assumed to have been copied.

    --
    -- Tigger warning: This post may contain tiggers! --
  20. Re:Google by magarity · · Score: 1

    Someone was pulling your leg unless you mean their internal bookkeeping and H.R. records or internal research projects. But for the typical drive in a Google search engine node, well, all of its data is available to the entire public via Google's own web page. which is kinda the point. There's no need to shred those drives

  21. Re:My policy by gnu-sucks · · Score: 1

    Explain please how a drill press is not secure.

    Let's see...

    1) flashy: not really
    2) secure: definitely, no hard disk has ever been physically reconstructed that had holes in the platters. Short of a scanning electron microscope, you're not reconstructing that data
    3) available: go to home depot
    4) price: yes, more expensive than running dd if=/dev/random of=/dev/olddisk, but cheaper than an industrial-grade shredder and of course cheaper than any commercial "enterprise" data removing software. I think drill presses can be had for around $200.

  22. Re:Google by danlip · · Score: 1

    The search-engine drive may contain stuff they'd rather not be public (for reasons of competition), like the software that manages all that data and the data structures it is stored in. Then there is Google Mail, which contains private emails and contacts. And I'm sure other examples.

  23. Re:IRS by someSnarkyBastard · · Score: 1

    ...when it suits their purpose.

    Note the fine distinction made there.

  24. Legal side of leased equipment by Karem+Lore · · Score: 1

    One of the early comments alluded to this, but didn't quite take it far enough.

    If userA leases a drive and fills it with illegal content (child pornography, Snowdon's files, whatever) and then leaves and the hosting company the re-leases the drive to userB without clearing out the drive properly, who gets arrested? Who should get arrested?

    userA is long gone. Could potentially be tracked down. Need to prove they put the files there and not userB or hosting company.
    userB has access (but potentially not ownership) of said files. This is still arrest-able offence.
    Hosting company has ownership of files (possibly) in a leased environment??? If this is the case, should the hosting company be responsible not only for clearing the files from userA before putting userB in jeopardy from the law but also responsible for monitoring their drives for illegal activity and content.

    Now we are on a slippery slope...

    --
    When all is said and done, nothing changes...
    1. Re:Legal side of leased equipment by mysidia · · Score: 1

      If userA leases a drive and fills it with illegal content (child pornography, Snowdon's files, whatever) and then leaves and the hosting company the re-leases the drive to userB without clearing out the drive properly, who gets arrested? Who should get arrested?

      Possession of the hard drive containing illegal content is not a strict liability crime, meaning those accused of the crime have to be charged under due process.

      As long as userB is not aware of the content placed by userA and does not become aware of the inaccessible content placed by user A, then userA is the only party who has met both conditions, mens rea and actus rea, required for criminal liability.

      Therefore, it is userA who could and should be arrested.

      Neither userB nor the lease provider has any criminal liability, unless they became aware of the illegal material and committed a guilty act, such as illegally retaining the material and failing to report the matter.

  25. Re:My policy by i.r.id10t · · Score: 1

    And, not nearly as fun as a FN-FAL or similar with milsurp ammo.

    --
    Don't blame me, I voted for Kodos
  26. Re:most datacenters will do what they are paid for by mysidia · · Score: 1

    Something tells me you didn't make a copy of the last guy's data before you wiped it and installed your stuff. I'm betting no calls to the NSA,or even the local police were made

    These days he might care.... never know when one might find a Bitcoin wallet carelessly left lying around complete with private keys.

    If he didn't at least take a deep look at the data to see if there was anything there that he could "use", then it's because he's an honest person, perhaps. Not everyone is like that.

  27. Re:Policy Varies by mysidia · · Score: 1

    I work for a hosting company and we wipe all drives using DBAN when a server is canceled.

    That's one approach.... another is simply delete and re-create the hardware RAID10 (or RAID5), re-initialize, and install the new tenant's operating system. The data has not been explicitly wiped, but the new leassee is not going to get anything meaningful out of it without physical access and a lot of trouble, anyways.

  28. Cheap drill press... by guevera · · Score: 2

    I got a cheap drill press from Harbor Freight for $56 on sale.

  29. My policy by Hamsterdan · · Score: 1

    Dismantle, keep the magnets (the flat ones are really fun to play with, lots of projects) , and recycle the drive and platters (50 cents/pound), there's even a copper coil in there at 3$/pound

    Not much, but once dismantled, data is gonna be pretty hard to recover.

    If you really want it gone, Thermite...

    --
    I've got better things to do tonight than die.
  30. Re:My policy by Osgeld · · Score: 1

    Belt Sander

    hold it long enough you dont even have to take it apart lol

  31. Re:My policy by LordLimecat · · Score: 2

    secure: definitely, no hard disk has ever been physically reconstructed that had holes in the platters

    Not correct, and its not even a little difficult. A contiguous multi-inch stripe of a modern HD platter contains gigs of data. The only challenge is going to be fragmentation, but with a single hole the file table is probably intact.

    You're basically relying on the high cost and inconvenience-- the hole through the disk renders the existing casing + chipset inoperable, but does nothing to affect 99% of the actual data on the disk. An attacker with the right sort of enclosure could simply read the data right off of the platters, very little reconstruction necessary.

    And while you you would be right to take any such self-interested claims with a grain of salt, its worth noting that several recovery companies (Kroll, Centrex) indicate that such recoveries are possible, and that a number of national regulations in both the US and the UK mandate very particular forms of physical destruction, notably where the entire surface of the drive is affected (shredding, grinding, degaussing).

    But hey-- if you want to argue with the DoD, NIST, Kroll, and the UK Information Commissioner's Office, all so that you can use a messy and non-compliant form of destruction-- go for it. Have fun explaining to federal regulators why you felt it was best to ignore both the experts and federal law regarding private information.

  32. Re:My policy by LordLimecat · · Score: 2

    Because it cant be automated, it creates a huge mess, cant be done in office space (unless you like cleaning up fine bits of aluminum, epoxy, and steel), and requires a decent drill.

  33. Re:My policy by Z00L00K · · Score: 1

    When in doubt - C4
      -- Jamie Hyneman

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  34. Re:Breach by jones_supa · · Score: 1

    Based on my empirical experience, I am fully confident that it is properly implemented in the firmware.

  35. Re:So criminals should always buy used hard drives by darkonc · · Score: 1
    They can only say that about data that was clearly deleted.

    If I was a criminal, I'd buy used drives in bulk, and see if there was any data on them worth using (or ransom). Using a drive in a way that allowed plausible deniability would take some effort and technical knowledge ... Not the kine of thing that most thieves depend on.

    --
    Sometimes boldness is in fashion. Sometimes only the brave will be bold.
  36. Re:Google by dave420 · · Score: 1

    There is a lot more on those drives than simply one big folder called "Internets". It will most likely have keys, configurations, software, information about network structure, logs, and anything else you might be able to think of. It's rather weird to assume they don't have anything on there.

  37. Re:IRS by BVis · · Score: 1

    Take some personal responsibility. Pay your taxes like everyone else and that won't happen.

    --
    Never underestimate the power of stupid people in large groups.
  38. If it's not written policy, it isn't done by kriston · · Score: 1

    The rule of thumb here is:
    If the process you are expecting is not written into your agreement or documented as a matter of company policy, then the process is not done.

    Likely you're not using a data center certified under HIPAA, PCI, SOX, SSAE/SAS-70, otherwise it would be documented and you'd already know.

    --

    Kriston

  39. Re:Breach by Marillion · · Score: 1

    This technique works for data drives not boot drives: 100% full disk encryption. When you decommission the drive, decommission the encryption key. This technique also works with wear leveling SSD drives that might not always properly erase if you attempt to wipe the data.

    --
    This is a boring sig
  40. Destruction by tengu1sd · · Score: 1

    Encryption or physical destruction. Failed media replaced under vendor's field service is destroyed. Most vendors will add a surcharge to their service agreements that allow failed media to remain on site for destruction rather be be RMA'd. If not, well then bill me.