I hate to get into analyzing a movie, but my guess would be that possibly the machines can't *innovate* yet, or otherwise grow past their programming.
Maybe keeping humans around for observation of how they adapt to solve problems, or write fiction (i.e. they right a sci fi novel about a robot, the matrix uses a lot of the imagination to base number crunching and problem solving to accomplish it), or even the dreams...all part of a creative process the entities composing the matrix of lack. I mean, clearly from the movie the Matrix is just a play pen, robots are moving around up and around outside of the Matrix...maybe it's more of a distributed think tank instead of play pen.
I mean seriously, it's sadly useless. I have implemented GPO in both a user control scenarios and a limited admin control schemes. In both cases it was so easy to get around lock downs in either case that really all GPO boils down to is an initial layout/scheme that your end users are told "You should not being doing this". That's it....a lock made of straw. If they want to do something they shouldn't, it's as easy as a help request, 3rd party app that uses notepad to edit files, etc, etc away from being circumvented.
I have worked with GPO extensively, especially for "securing" an environment. One of my final phases is to once over everything from an account with the GPO initiated, and try to break through it. Then I have a third party try the same (trusted third party being a couple of kids I know that constantly work around these types of thing from being in schools and other work places that try this...your basic l33t haxx0rs if you will)....every time it comes down to that final phase being a list of "how" the GPO can be circumvented, and how to deal with it and what to look for, etc.
Back to the subject, MS is screwing themselves in other ways. I mean really and truly, what features are NEEDED in the next office, Office XP, hell Office 2000 was more than sufficient for pretty much any and all businesses....they will really need to get something a lot more than a shared work system or XML formatting to justify the expense...especially if they finally move to their subscriptions model.
I am not anti-MS, that's just cutting yourself off from a lot of revenue...but every few weeks MS does something that makes the alternatives look better and better.
So can someone please answer this question for me?
First and foremost, doesn't the taxation occur at the point of sale - as far as location goes? I mean, when I physically travel to a different state where they do not have sales tax for example...and buy something, the fact that I am from a state with sales tax is irrelevant, I don't pay sales tax?
So where is the distinction made when I shop online? If I am paying for something at a store in California, but I live in Texas...what tax am I paying? The California tax or Texas tax? More importantly, what if the SERVER this site is running off of is located in a state with *no* sales tax?!? I mean, sorry, but even though I am doing the shopping in Texas, the actual transaction work is happening on the server, and the tax should be based on THAT location right?
It seems to me that if this were to be done fairly, then you would have to specify the state you are shopping from at the online retailer's site (this would be way too hard to verify, I guess it could be based on billing address but still)...and even further along those lines, why not set up the server where the transaction is occurring in a low tax or tax free state?
Again, I am not a business/legal/accounting professional, so I really don't know...but this just seems stupid. The only good middle ground I see would be to make a flat tax, and lower than most state income taxes....like 1-2%. This is still a very good sized sum of money, but I guess it's pointless since distribution amongst states or what have you would be a nightmare.
I just don't understand, this whole thing seems stupid and poorly thought out in general...so I would welcome any response/answers on this.
You know, I generally agree that the general value of a certification is zero...except for a couple of things.
To begin with, I was working for a company that thought it would be a good PR move to get as many of the admins/techs on staff MCSE or RHCE certified, so they actually shelled out the $$$ for training from both RedHat and Microsoft. I got to take the full course for RHCE (RedHat 7.2 exam), and I have to say that not only was the material good (a lot of us went in thinking this was going to be a joke and went out having learned a couple of things), but the test itself was not a total cakewalk...it was exactly what it was supposed to be: challenge level scaled to the examinee's experience. If you were really knowledgeable, and good at troubleshooting, the test was a breeze, if not, you probably failed. I would say more, but they make you sign non-disclosure forms regarding test information, another plus.
As for the Microsoft training, I only got to go to one class, but I did learn quite a bit from this class as well. More than likely had I been able to go to all classes, I would have had an MCSE as well.
The real point on all of this is that the big difference is *who* is training you. The trainers direct from RedHat and Microsoft were top notch...not some fool from CompUsa who likes tinkering...these trainers were focused, knowledgeable, and just good at teaching the material.
Getting back to the value of certs...do I think that a person's merit is determined by a piece of paper (be it from a university or a tech certification) ??? Hell no. But one important thing to keep in mind is that there are people still trying to break into the IT world...whether it's the beginning of a career or a transition from one field to another. If I see someone who has gone out of their way to get an RHCE, an MCSE, CCNA, OCP, GIAC certs, whatever...ESPECIALLY on their own time and money, then I would at least give them a fair evaluation.
THAT is what I would like to see a certification treated as...a minimum requirement for evaluation. If someone wanted to get into InfoSec, or Systems Administration and had little direct work experience...a certification would be a nice way to weed the fly by night types out from the people who are serious about the field they want to work on. I don't know if things will get to that point, experience is still king...but I do know that if I would interview for a position, let's say for an admin...and this was not a senior level position, I would give people with certifications a definite evaluation/interview/shot at the position...especially if this was something they pursued on their own. I mean, isn't that part of what college is? You don't have to go, but people want to see a degree to know you stuck through it or maybe were truly interested in your field?
How Do You Plan on Getting Up to Speed?
on
Ask Kevin Mitnick
·
· Score: 5, Interesting
If have read a bit about you, so I know that you were no slouch back in the days prior to your incarceration and release...but if you have actually stuck with the limits of your probation how are you planning to jump into consulting again?
Don't get me wrong, but you can only advise people on social engineering and easy passwords for so long...what kind of knowledge did you already have on PKI, VPNs, Firewalls, IDSes? There seems to be so much that has changed that just a cursory understanding of the principles behind these technologies does not seem sufficient to serve as a consultant (or at least one I would pay for)
Since so much has changed radically in the last few years, how have you kept up or do you plan to keep up at the moment? I can't see just reading a book on the latest OS specs and administrative tasks and being able to consult on them without hands on experience, and in your case you have quite a few years of language, os, security, and other operational technology advances to get up to speed with, etc.
So basically....what's you game plan to get back to a modern day equivalent of the proficiency you had several years ago?
I am sorry, but this is really just not impressive
on
Scaling Server Performance
·
· Score: 3, Insightful
I hate to do this, and get into some kind of "look at my l33t skills" type thing...but seriously, those numbers are just nothing to be impressed with.
As several people have pointed out, usually the limitation on a well configured server is the bandwidth available. I have a buddy who runs a few adult sites, and I go ahead and keep his machines updated, optimized, etc, etc.
On one web server alone, with simply rebuild Apache with a higher HSL and streamlining only essential services this *one* server is handling an average of 16,000,000 hits per day. (avg approx. 16,000,000 hits, 5,000,000 pageviews, 450,000 unique visitors per day).
In fact, only last month did we set up a separate database server in anticipation of him getting even more traffic (I wanted to separate the web server from the db server esp. if we were gonna move to load balancing)...even still the cpu load was consistently low and the site was/is serving dynamically generated content (php) and is all driven by a mysql content management system.
I have yet to even max out the usage of the server and do some ulimit type stuff or hard adjustments via kernel changes....
so what is the big deal about this article.
I think it would be good to put up an article about how to optimize your web servers both in layout and actual configurations to allow for Slashdot levels of traffic. I doubt this will happen, just as the mirroring content on featured stories to help ease bandwidth or other similar suggestions.
The saddest part is that once you spend the time to really optimize a machine or machines...it takes far less time to maintain them.
You know what, I would love to have the happy go lucky give everyone a hug rainbow brite outlook you are showing....but there are too many other considerations:
(1)In addition to H1B workers, outsourcing of work, be it support, development, etc is continuing to increase by U.S. countries.
-so what the hell? You have a bunch of MBAs sitting around and realizing that in the short run, paying the average outsourced/overseas employee 8000 USD per YEAR saves them 22,000 USD per year per US employee...thus saving tons of money as more and more labor is outsourced.
but suddenly, after about a year, these same MBAs decide budget cuts and layoffs are needed because darn it, consumer spending is down, the economy is still rough, etc, etc.
Did it ever occur to these people that by shipping out X number of jobs you potentially short the LOCAL spending of X number of consumers?
Why is it so hard for these people that spend countless hours learning BUSINESS and ECONOMICS to realize this?!? This is common sense. More than likely because the people making this decision immediately reap the rewards and are not touched by the consequences as anyone lower than the top level does.
(2) H1B workers come over to take specialized jobs, not checkout clerks or janitors (nothing wrong with either), but developers, scientists, etc, etc.
-again, less jobs for the people here in our own country who are looking...another wonderful way to help the us economy.
(3) Typically H1B workers take less pay and work longer hours.
-we're not talking about and extra 2 hours a day, many of these people work 13-16+ hour days, sometimes 6-7 days per week. Plus they are making a good deal less than the average salary. If nothing else, they lower the standard pay base and raise expectations, effectively ruining the labor reforms people in this country fought so hard for.
I am happy that I have a job that seems pretty stable, but I am scared to think of the world out there should I lose it, and I feel bad for a lot of the people looking for work these days. Simple fact is that yes, people everywhere are looking for jobs...but as heartless and mean as this may sound, I only care about the U.S. workers and the U.S. economy because that is where I live.
You can be damned sure nobody else in other countries worries about the American workers whose potential jobs they take. Economic survival is cutthroat. Right now, the U.S. is in no shape to care about imported workers.
I think that if a company outsources jobs for services or goods to be provided or sold in the United States, then there should be serious export taxation of some kind. If a company is headquarted outside of the U.S. and was founded in the U.S. or primarily operates in the U.S., then they should be heavily taxxed as well. Take a look at how other countries tax OUR U.S. exports before you cry about that.
I bet you anything that if you took a few steps to make it less lucrative for a company to outsource in these ways, it would suddently stop. Quality of service is not their concerns, nor is practiciality...it's just the bottom line, how much can they save to put in their pockets.
If some people in charge of this country don't wake up to this soon, the problem now is gonna be small compared to 10-15 years from now when the U.S. slips to a second level or third world level country. And you can be sure no country is going to give us foreign aid or care about our job struggles.
Look at the conclusion.
They could *not* recover the files, but there were other elements that EnCase could find and use.
Lokk at the "Results" information right above Conclusions and Recommendations. Specifically states that the files were deleted, although a lot of MFT information, points previosly marked as deleted, and file slack, registry, pagefile, and shortcuts for files were still in place.
The main point is that EFS does kind of suck compared to the levels of dread it provided, but it does wipe the data past the point of standard recovery.
Even the conclusion of that whitepaper says that the tool is hard to use, takes a good chunk of time, and does not cover artifacts left outside of the blocks/clusters themselves. EnCase was not able to grab the actually scrubbed files, they just found a bunch of other items and remnants the scrubber missed...so again, 3 passes was all that took.
Also, in response to your previous post about my comment. The levels of wiping you are talking about are way outside of the standard users realm of expertise to implement, and quite honestly the "recovering data after 24 wipes" stuff is still the stuff of government investigations. The reality is that nobody knows the exact methodology or techniques being used on that high a level, who knows what an electron microscope and a huge amount of time can find regardless of the overwrites?
Basically, 3+ wipes and most of your non-higher-government (i.e. - public sector, law enforcement) forensics efforts are going to be foiled.
I am very suprised that more forensic investigators and the companies the create forensics software do not use Linux as a primary workstation solution. Windows simply does not have the ability to handle so many different file systems types, etc as compared to Linux (or BSD, etc, etc.. I go with Linux because I think it is a happy medium for a Unix evironment). I mean, with my forensics workstation, Linux allows me to pretty much mount and work with any filesystem type in use, yet I have to swap OS drives and reboot to use most of the commerical forensics tools.
Getting Windows to read other filesystems is not that simple, there are occasional bit pieces like explore2fs and the like, but handling non-Windows based files and file systems is not as simplistic as can be arranged on a Linux workstation with a very flexible kernel.
As for all of the people mocking your question...that seems silly. What I have yet to try though is using a tool like rawwrite on windows to try and make or copy images. I'll admit so far I am lazy and have not worked with it yet since I have so much of the functionality I need already, but I would imagine getting DD itself (if rawwrite is not an option) to work on Windows (outside of a Cygwin type option) would not be too hard.
Wipe is a nice program, but it is simply overkill. It has been shown in studies that typically 3 passes of a data wiping program should make your data non-recoverable by standard means (using popular forensics tools such as EnCase, Maresware, NTI's batch of programs, or disk editors on whatever platform you are interested in). As to how much the U.S. government investigators are able to retrieve...well that falls into your urban legends category I suppose.
For the most part, DoJ guildelines suggest wiping your data 7 times as part of the norm. This is because of the non precise manner in which hard drive read/write heads pass over the disk itself (more of a wobble rather than a perfect circular motion). I just recently saw a whitepaper on Encase's site that covered users of WinXP using EFS (encrypted filesystem) secure deletion (which just does 3 passes) that makes recovery of the files deleted not possible this is the whitepaper.
Just as the above reference article concludes, it should be kept in mind that there is so many places to look on Windows and Unix machines other than what files were deleted. Perhaps pictures of your latest porn stash or the Word document covering your NDA violations are gone, but registry settings, file slack (as was mentioned in the parent article briefly), pagefiles, memory dumps, and many other locations that track your activities on a given machine can be used as well.
Wow, I did not mean to get so long winded...I just really get into computer forensics. My personal advice for decent file security and deletion is encryption + multi-pass deletion. There are several encrypted filesystems out there for both Windows and *nix, and a few options that are viable with both (BestCrypt File system containers and also BCWipe for deletion is a good example). I don't see the need to start advertising products, so check out the options for OS level and OS independent solutions.
Slashdot Mirror
I am sure they will....provided you are not expecting them to use thermal grease or third party fans.
I hate to get into analyzing a movie, but my guess would be that possibly the machines can't *innovate* yet, or otherwise grow past their programming.
Maybe keeping humans around for observation of how they adapt to solve problems, or write fiction (i.e. they right a sci fi novel about a robot, the matrix uses a lot of the imagination to base number crunching and problem solving to accomplish it), or even the dreams...all part of a creative process the entities composing the matrix of lack. I mean, clearly from the movie the Matrix is just a play pen, robots are moving around up and around outside of the Matrix...maybe it's more of a distributed think tank instead of play pen.
It's just a shame that Windows GPO is a joke.
I mean seriously, it's sadly useless. I have implemented GPO in both a user control scenarios and a limited admin control schemes. In both cases it was so easy to get around lock downs in either case that really all GPO boils down to is an initial layout/scheme that your end users are told "You should not being doing this". That's it....a lock made of straw. If they want to do something they shouldn't, it's as easy as a help request, 3rd party app that uses notepad to edit files, etc, etc away from being circumvented.
I have worked with GPO extensively, especially for "securing" an environment. One of my final phases is to once over everything from an account with the GPO initiated, and try to break through it. Then I have a third party try the same (trusted third party being a couple of kids I know that constantly work around these types of thing from being in schools and other work places that try this...your basic l33t haxx0rs if you will)....every time it comes down to that final phase being a list of "how" the GPO can be circumvented, and how to deal with it and what to look for, etc.
Back to the subject, MS is screwing themselves in other ways. I mean really and truly, what features are NEEDED in the next office, Office XP, hell Office 2000 was more than sufficient for pretty much any and all businesses....they will really need to get something a lot more than a shared work system or XML formatting to justify the expense...especially if they finally move to their subscriptions model.
I am not anti-MS, that's just cutting yourself off from a lot of revenue...but every few weeks MS does something that makes the alternatives look better and better.
So can someone please answer this question for me?
First and foremost, doesn't the taxation occur at the point of sale - as far as location goes? I mean, when I physically travel to a different state where they do not have sales tax for example...and buy something, the fact that I am from a state with sales tax is irrelevant, I don't pay sales tax?
So where is the distinction made when I shop online? If I am paying for something at a store in California, but I live in Texas...what tax am I paying? The California tax or Texas tax? More importantly, what if the SERVER this site is running off of is located in a state with *no* sales tax?!? I mean, sorry, but even though I am doing the shopping in Texas, the actual transaction work is happening on the server, and the tax should be based on THAT location right?
It seems to me that if this were to be done fairly, then you would have to specify the state you are shopping from at the online retailer's site (this would be way too hard to verify, I guess it could be based on billing address but still)...and even further along those lines, why not set up the server where the transaction is occurring in a low tax or tax free state?
Again, I am not a business/legal/accounting professional, so I really don't know...but this just seems stupid. The only good middle ground I see would be to make a flat tax, and lower than most state income taxes....like 1-2%. This is still a very good sized sum of money, but I guess it's pointless since distribution amongst states or what have you would be a nightmare.
I just don't understand, this whole thing seems stupid and poorly thought out in general...so I would welcome any response/answers on this.
You know, I generally agree that the general value of a certification is zero...except for a couple of things.
To begin with, I was working for a company that thought it would be a good PR move to get as many of the admins/techs on staff MCSE or RHCE certified, so they actually shelled out the $$$ for training from both RedHat and Microsoft. I got to take the full course for RHCE (RedHat 7.2 exam), and I have to say that not only was the material good (a lot of us went in thinking this was going to be a joke and went out having learned a couple of things), but the test itself was not a total cakewalk...it was exactly what it was supposed to be: challenge level scaled to the examinee's experience. If you were really knowledgeable, and good at troubleshooting, the test was a breeze, if not, you probably failed. I would say more, but they make you sign non-disclosure forms regarding test information, another plus.
As for the Microsoft training, I only got to go to one class, but I did learn quite a bit from this class as well. More than likely had I been able to go to all classes, I would have had an MCSE as well.
The real point on all of this is that the big difference is *who* is training you. The trainers direct from RedHat and Microsoft were top notch...not some fool from CompUsa who likes tinkering...these trainers were focused, knowledgeable, and just good at teaching the material.
Getting back to the value of certs...do I think that a person's merit is determined by a piece of paper (be it from a university or a tech certification) ??? Hell no. But one important thing to keep in mind is that there are people still trying to break into the IT world...whether it's the beginning of a career or a transition from one field to another. If I see someone who has gone out of their way to get an RHCE, an MCSE, CCNA, OCP, GIAC certs, whatever...ESPECIALLY on their own time and money, then I would at least give them a fair evaluation.
THAT is what I would like to see a certification treated as...a minimum requirement for evaluation. If someone wanted to get into InfoSec, or Systems Administration and had little direct work experience...a certification would be a nice way to weed the fly by night types out from the people who are serious about the field they want to work on. I don't know if things will get to that point, experience is still king...but I do know that if I would interview for a position, let's say for an admin...and this was not a senior level position, I would give people with certifications a definite evaluation/interview/shot at the position...especially if this was something they pursued on their own. I mean, isn't that part of what college is? You don't have to go, but people want to see a degree to know you stuck through it or maybe were truly interested in your field?
If have read a bit about you, so I know that you were no slouch back in the days prior to your incarceration and release...but if you have actually stuck with the limits of your probation how are you planning to jump into consulting again?
Don't get me wrong, but you can only advise people on social engineering and easy passwords for so long...what kind of knowledge did you already have on PKI, VPNs, Firewalls, IDSes? There seems to be so much that has changed that just a cursory understanding of the principles behind these technologies does not seem sufficient to serve as a consultant (or at least one I would pay for)
Since so much has changed radically in the last few years, how have you kept up or do you plan to keep up at the moment? I can't see just reading a book on the latest OS specs and administrative tasks and being able to consult on them without hands on experience, and in your case you have quite a few years of language, os, security, and other operational technology advances to get up to speed with, etc.
So basically....what's you game plan to get back to a modern day equivalent of the proficiency you had several years ago?
I hate to do this, and get into some kind of "look at my l33t skills" type thing...but seriously, those numbers are just nothing to be impressed with. As several people have pointed out, usually the limitation on a well configured server is the bandwidth available. I have a buddy who runs a few adult sites, and I go ahead and keep his machines updated, optimized, etc, etc. On one web server alone, with simply rebuild Apache with a higher HSL and streamlining only essential services this *one* server is handling an average of 16,000,000 hits per day. (avg approx. 16,000,000 hits, 5,000,000 pageviews, 450,000 unique visitors per day). In fact, only last month did we set up a separate database server in anticipation of him getting even more traffic (I wanted to separate the web server from the db server esp. if we were gonna move to load balancing)...even still the cpu load was consistently low and the site was/is serving dynamically generated content (php) and is all driven by a mysql content management system. I have yet to even max out the usage of the server and do some ulimit type stuff or hard adjustments via kernel changes.... so what is the big deal about this article. I think it would be good to put up an article about how to optimize your web servers both in layout and actual configurations to allow for Slashdot levels of traffic. I doubt this will happen, just as the mirroring content on featured stories to help ease bandwidth or other similar suggestions. The saddest part is that once you spend the time to really optimize a machine or machines...it takes far less time to maintain them.
You know what, I would love to have the happy go lucky give everyone a hug rainbow brite outlook you are showing....but there are too many other considerations: (1)In addition to H1B workers, outsourcing of work, be it support, development, etc is continuing to increase by U.S. countries. -so what the hell? You have a bunch of MBAs sitting around and realizing that in the short run, paying the average outsourced/overseas employee 8000 USD per YEAR saves them 22,000 USD per year per US employee...thus saving tons of money as more and more labor is outsourced. but suddenly, after about a year, these same MBAs decide budget cuts and layoffs are needed because darn it, consumer spending is down, the economy is still rough, etc, etc. Did it ever occur to these people that by shipping out X number of jobs you potentially short the LOCAL spending of X number of consumers? Why is it so hard for these people that spend countless hours learning BUSINESS and ECONOMICS to realize this?!? This is common sense. More than likely because the people making this decision immediately reap the rewards and are not touched by the consequences as anyone lower than the top level does. (2) H1B workers come over to take specialized jobs, not checkout clerks or janitors (nothing wrong with either), but developers, scientists, etc, etc. -again, less jobs for the people here in our own country who are looking...another wonderful way to help the us economy. (3) Typically H1B workers take less pay and work longer hours. -we're not talking about and extra 2 hours a day, many of these people work 13-16+ hour days, sometimes 6-7 days per week. Plus they are making a good deal less than the average salary. If nothing else, they lower the standard pay base and raise expectations, effectively ruining the labor reforms people in this country fought so hard for. I am happy that I have a job that seems pretty stable, but I am scared to think of the world out there should I lose it, and I feel bad for a lot of the people looking for work these days. Simple fact is that yes, people everywhere are looking for jobs...but as heartless and mean as this may sound, I only care about the U.S. workers and the U.S. economy because that is where I live. You can be damned sure nobody else in other countries worries about the American workers whose potential jobs they take. Economic survival is cutthroat. Right now, the U.S. is in no shape to care about imported workers. I think that if a company outsources jobs for services or goods to be provided or sold in the United States, then there should be serious export taxation of some kind. If a company is headquarted outside of the U.S. and was founded in the U.S. or primarily operates in the U.S., then they should be heavily taxxed as well. Take a look at how other countries tax OUR U.S. exports before you cry about that. I bet you anything that if you took a few steps to make it less lucrative for a company to outsource in these ways, it would suddently stop. Quality of service is not their concerns, nor is practiciality...it's just the bottom line, how much can they save to put in their pockets. If some people in charge of this country don't wake up to this soon, the problem now is gonna be small compared to 10-15 years from now when the U.S. slips to a second level or third world level country. And you can be sure no country is going to give us foreign aid or care about our job struggles.
Look at the conclusion. They could *not* recover the files, but there were other elements that EnCase could find and use. Lokk at the "Results" information right above Conclusions and Recommendations. Specifically states that the files were deleted, although a lot of MFT information, points previosly marked as deleted, and file slack, registry, pagefile, and shortcuts for files were still in place. The main point is that EFS does kind of suck compared to the levels of dread it provided, but it does wipe the data past the point of standard recovery. Even the conclusion of that whitepaper says that the tool is hard to use, takes a good chunk of time, and does not cover artifacts left outside of the blocks/clusters themselves. EnCase was not able to grab the actually scrubbed files, they just found a bunch of other items and remnants the scrubber missed...so again, 3 passes was all that took. Also, in response to your previous post about my comment. The levels of wiping you are talking about are way outside of the standard users realm of expertise to implement, and quite honestly the "recovering data after 24 wipes" stuff is still the stuff of government investigations. The reality is that nobody knows the exact methodology or techniques being used on that high a level, who knows what an electron microscope and a huge amount of time can find regardless of the overwrites? Basically, 3+ wipes and most of your non-higher-government (i.e. - public sector, law enforcement) forensics efforts are going to be foiled.
I am very suprised that more forensic investigators and the companies the create forensics software do not use Linux as a primary workstation solution. Windows simply does not have the ability to handle so many different file systems types, etc as compared to Linux (or BSD, etc, etc.. I go with Linux because I think it is a happy medium for a Unix evironment). I mean, with my forensics workstation, Linux allows me to pretty much mount and work with any filesystem type in use, yet I have to swap OS drives and reboot to use most of the commerical forensics tools. Getting Windows to read other filesystems is not that simple, there are occasional bit pieces like explore2fs and the like, but handling non-Windows based files and file systems is not as simplistic as can be arranged on a Linux workstation with a very flexible kernel. As for all of the people mocking your question...that seems silly. What I have yet to try though is using a tool like rawwrite on windows to try and make or copy images. I'll admit so far I am lazy and have not worked with it yet since I have so much of the functionality I need already, but I would imagine getting DD itself (if rawwrite is not an option) to work on Windows (outside of a Cygwin type option) would not be too hard.
Wipe is a nice program, but it is simply overkill. It has been shown in studies that typically 3 passes of a data wiping program should make your data non-recoverable by standard means (using popular forensics tools such as EnCase, Maresware, NTI's batch of programs, or disk editors on whatever platform you are interested in). As to how much the U.S. government investigators are able to retrieve...well that falls into your urban legends category I suppose. For the most part, DoJ guildelines suggest wiping your data 7 times as part of the norm. This is because of the non precise manner in which hard drive read/write heads pass over the disk itself (more of a wobble rather than a perfect circular motion). I just recently saw a whitepaper on Encase's site that covered users of WinXP using EFS (encrypted filesystem) secure deletion (which just does 3 passes) that makes recovery of the files deleted not possible this is the whitepaper. Just as the above reference article concludes, it should be kept in mind that there is so many places to look on Windows and Unix machines other than what files were deleted. Perhaps pictures of your latest porn stash or the Word document covering your NDA violations are gone, but registry settings, file slack (as was mentioned in the parent article briefly), pagefiles, memory dumps, and many other locations that track your activities on a given machine can be used as well. Wow, I did not mean to get so long winded...I just really get into computer forensics. My personal advice for decent file security and deletion is encryption + multi-pass deletion. There are several encrypted filesystems out there for both Windows and *nix, and a few options that are viable with both (BestCrypt File system containers and also BCWipe for deletion is a good example). I don't see the need to start advertising products, so check out the options for OS level and OS independent solutions.