From: Aron Roberts (aron_at_socrates.berkeley.edu)
Date: Thu Sep 18 2003 - 14:30:56 PDT
At 13:35 -0700 2003-09-18, Tony Christopher wrote:
>we have 30+ machines whose hard drives need to be erased before
>sending them to Excess & Salvage. What tools are people using to do
>this?
[Followed by very useful contributions in this thread by Graham,
Sara, Steve, and Scott ...]
In case anyone might have thoroughly sensitive data that needs to
be protected, or might just wish to understand the issues involved in
exhaustive depth :-), the definitive paper on this topic is widely
reported to be:
Peter Gutmann
"Secure Deletion of Data from Magnetic and Solid-State Memory"
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
For most practical purposes, unless collections of highly sensitive
personal data have been stored on a drive -- such as Social Security
numbers, credit card numbers, health records, or the like -- even
tools which just write all zeros or all ones to a drive in one or two
passes will result in a far more thorough protection of the data than
typically occurs.
There have been a number of reports in the computing press recently
of hard drives (and interestingly, PDAs as well) containing un-erased
sensitive data which were sold by corporations or individuals to
salvage companies ... and in some cases, even offered for sale via
eBay auctions! Here are two representative examples:
"Used PDAs expose data"
http://www.computeractive.co.uk/News/1143337
>The buyer of a BlackBerry device sold on eBay last month found that
>it contained valuable corporate data left by its previous owner, a
>former vice president at investment bank Morgan Stanley.
"Used Hard Drives Hold Sensitive Data"
http://www.techweb.com/wire/story/TWB20030116S0003
>Better purge the data on those old hard drives your company is
>tossing out: According to a study by two MIT graduate students who
>examined nearly 160 used drives they bought on eBay, most people and
>companies don't bother, and leave critical information for the buyer.
>
>Their study reported that three-fourths of the drives contained
>recoverable data, including thousands of credit card numbers,
>medical histories, and gigabytes of e-mail and pornography.
>
>The authors of the study suggest using disk sanitizers such as
>Autoclave to overwrite the entire drive with meaningless data.
FYI.
Aron Roberts
Workstation Software Support Group
P.S. Here's a page on the Excess & Salvage Web site which may contain
the injunction that Tony is referring to:
http://www-propmgmt.bsrvm.berkeley.edu/excess/software.htm
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
This archive was generated by hypermail 2.1.5 : Thu Sep 18 2003 - 14:32:43 PDT