LISTSERV - HP3000-L Archives

HP3000-L Archives

May 2007, Week 3

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L May 2007, Week 3

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives
Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]
Subject:	Re: Deleting data from a HP 3000 disk drives
From:	Pete Eggers <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Thu, 17 May 2007 15:32:15 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (190 lines)
<ding>

On 5/17/07, Stan Sieler <[log in to unmask]> wrote:
>
> Re:
>
> > > > Option "c" is only for clearing, not sanitizing.
> > >
> > > Not true, according to NIST Special Publication 800-88 "Guidelines
> > > For Media Sanitization":
> > >
> > >    Clearing information is a level of media sanitization
> >
> > I think that only confuses the issue.  If you are worrying about DoD
> > standards and have reason to, you had better know the difference.
>
> I was merely correcting your error above, by quoting from the US
> government document.
>
> > > Now, some people (including the above document) distinguish between
> > > "clearing" and "purging":
> > >
> > >    Purging information is a media sanitization process that protects
> the
> > >    confidentiality of information against a laboratory attack. For
> some
> > >    media, clearing media would not suffice for purging. However, for
> ATA disk
> > >    drives manufactured after 2001 (over 15 GB) the terms clearing and
> purging
> > >    have converged.
> >
> > Unless your ATA disk has a firmware secure wipe function, this makes
> > no sense at all.  If anything, people are less aware that chunks of
> > sensitive data maybe lurking on a well used drive that are out of
> > sight of everything but the drives firmware, or some low budget spy.
>
> I agree, but take that up with the U.S. government...that was their
> document I quoted :)
>
> That said, the chances of any user data being in a spared (and now
> normally
> inaccessible) track is slim.  The chance that it can be recovered is even
> slimmer.
> Of course, that still non-zero.  But, then, the chance of someone using an
> electron
> microscope to get data off a sledge-hammered disk drive is *also*
> non-zero.
> Short of grinding up the platters (and RAM chips) there is no 100%
> complete
> method of sanitizing any disk drive against *all* odds.
>
> But that's not relevant: if someone is that worried about their data,
> their other
> sanity problems will prevent them from getting that far in life anyway. :)
>
> If we *could* convince every spy/identity-thief to work on trying to
> recover
> recover data from spared tracks the world would be a MUCH better/safer
> place!
> But, even the dumb ones probably realize that it isn't worth their
> time/effort...
> it's *so* much easier to get data in other ways (trash cans, online
> hacking,
> social engineering), that retrieving data from spared tracks doesn't even
> make
> good science fiction.
>
> BTW, your "low budget spy" is going to be equipped (at best) to read ATA
> disks, not SCSI disks.
> Why?  Numbers.  (The number of ATA disks in use vs. the number of SCSI
> disks in use,
> and the cost of equipment/software to read ATA disks vs. SCSI disks.)
> We can dismiss the "low budget spy" ... besides, they're going to get MUCH
> better
> information by simply swiping a backup tape!
>
>
> > And for the high budget spy, what difference is there in the magnetic
> > media that eliminates magnetic ghosting in the data?
>
> huh?
>
> In addition to being puzzling as to what you're talking about, that kind
> of speculated data recovery is so difficult, so time consuming, and
> never shown to have been done in the real world (i.e., outside a
> research environment), that discussing that kind of data recovery on this
> list is fruitless.
>
>
> > > But, such distinction does not mean that "clearing" isn't a method of
> > > sanitizaing.
> > >
> > > > Option "d" does sanitize, but not for the higher levels of security.
> > >
> > > "d" is still a method of sanitizing ... it just isn't an acceptable
> level
> > > for some needs.
> >
> > Hmmm, isn't that what I just said?
>
> No, what you had said was mischaracterizing information from a U.S.
> government
> report :)
>
> You had implied that the first two options of WipeDisk were not
> "sanitizing".
>
> I, quite correctly, pointed out (by citing lines from the afore-mentioned
> paper)
> that they were.
>
> > >
> > > > Even your "ridiculously toughest" does not erase/clear/sanitize any
> > > > sparred tracks/sectors, or does it?
> > >
> > > nope...no access to that from MPE or HP-UX :(
> >
> > Well actually, if you know what you are doing, you can issue firmware
> > commands to the drives themselves.  Drives tend to support different
> > function sets even from the same manufacturer, let alone different
> > manufacturers.  And then there is the problem of getting documentation
> > on drive firmware, errors in the documentation, and being able to get
> > the function calls right without trashing too many drives.
>
> precisely....and said in fewer words:
>    the risk of data being recovered from spared tracks is very low.
>
> > Anyone that has $5,000 to $10,000 dollars can get an independent lab
> > to do an easy data extraction off an "accidentally" erased disk.  If
>
> I'd be interested in a quote that would include spared tracks from a SCSI
> drive.
>
> > Of course at some point, the S/N ratio of the magnetic media creates a
> ...
>
> [Interesting discussion of high-tech techniques to extract data from
> apparently erased drives deleted ... interesting, but not likely
> to be applicable to us]
>
> > speaking.  This will only continue to get better.  Well, until mass
> > storage is actually kept in a truly binary form and not analog as it
> > is with magnetic media.
>
> All mass storage ... all storage ... is analog.  There is no true binary.
> RAM chips store charges or have areas of increased/reduced resistance,
> magnetic bubbles have some degree of magnetization, but it's all analog
> when you look at the edges :)
>
> Even punched cards are analog ... just ask the Florida election riggers,
> er, counters :)
>
> If it isn't clear, I think the summary of the thread should be:
>
>    There is one choice in disposing of a used disk drive, with
>    two possible answers:
>
>        1) leave it operable
>
>        2) leave it inoperable
>
>     For both choices, one should ask:
>
>         what options to I have to implement my choice,
>         and what kinds of vulnerabilities exist thereafter?
>
>    For each, the vulnerability chart is a standard security pyramid...
>    the broad base represents most people, the point represents the fewest
> people.
>    The higher up the pyramid you go, the more vulnerable your data becomes
>    (and the more costly it is to extract).
>
>    For #1, a one pass write-over produces a security pyramid that excludes
>    the vast majority of people.
>    Further,
> <ding>
>
> Sorry, my "time's being wasted, get back to real work" buzzer just went
> off.
>
> --
> Stan Sieler
> work:     www.allegro.com
> personal: www.sieler.com/wanted/index.html
>

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
ATOM RSS1 RSS2
RAVEN.UTC.EDU