LISTSERV - HP3000-L Archives

HP3000-L Archives

May 2007, Week 3

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L May 2007, Week 3

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives
Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]
Subject:	Re: Deleting data from a HP 3000 disk drives
From:	Stan Sieler <[log in to unmask]>
Reply To:	Stan Sieler <[log in to unmask]>
Date:	Thu, 17 May 2007 10:22:40 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (157 lines)
Re:

> > > Option "c" is only for clearing, not sanitizing.
> >
> > Not true, according to NIST Special Publication 800-88 "Guidelines
> > For Media Sanitization":
> >
> >    Clearing information is a level of media sanitization
> 
> I think that only confuses the issue.  If you are worrying about DoD
> standards and have reason to, you had better know the difference.

I was merely correcting your error above, by quoting from the US government document.
 
> > Now, some people (including the above document) distinguish between
> > "clearing" and "purging":
> >
> >    Purging information is a media sanitization process that protects the
> >    confidentiality of information against a laboratory attack. For some
> >    media, clearing media would not suffice for purging. However, for ATA disk
> >    drives manufactured after 2001 (over 15 GB) the terms clearing and purging
> >    have converged.
> 
> Unless your ATA disk has a firmware secure wipe function, this makes
> no sense at all.  If anything, people are less aware that chunks of
> sensitive data maybe lurking on a well used drive that are out of
> sight of everything but the drives firmware, or some low budget spy.

I agree, but take that up with the U.S. government...that was their document I quoted :)

That said, the chances of any user data being in a spared (and now normally
inaccessible) track is slim.  The chance that it can be recovered is even slimmer.  
Of course, that still non-zero.  But, then, the chance of someone using an electron 
microscope to get data off a sledge-hammered disk drive is *also* non-zero.  
Short of grinding up the platters (and RAM chips) there is no 100% complete 
method of sanitizing any disk drive against *all* odds.  

But that's not relevant: if someone is that worried about their data, their other 
sanity problems will prevent them from getting that far in life anyway. :)

If we *could* convince every spy/identity-thief to work on trying to recover
recover data from spared tracks the world would be a MUCH better/safer place!
But, even the dumb ones probably realize that it isn't worth their time/effort...
it's *so* much easier to get data in other ways (trash cans, online hacking,
social engineering), that retrieving data from spared tracks doesn't even make
good science fiction.

BTW, your "low budget spy" is going to be equipped (at best) to read ATA disks, not SCSI disks.
Why?  Numbers.  (The number of ATA disks in use vs. the number of SCSI disks in use,
and the cost of equipment/software to read ATA disks vs. SCSI disks.)
We can dismiss the "low budget spy" ... besides, they're going to get MUCH better
information by simply swiping a backup tape!

 
> And for the high budget spy, what difference is there in the magnetic
> media that eliminates magnetic ghosting in the data?

huh?  

In addition to being puzzling as to what you're talking about, that kind
of speculated data recovery is so difficult, so time consuming, and
never shown to have been done in the real world (i.e., outside a 
research environment), that discussing that kind of data recovery on this
list is fruitless.


> > But, such distinction does not mean that "clearing" isn't a method of
> > sanitizaing.
> >
> > > Option "d" does sanitize, but not for the higher levels of security.
> >
> > "d" is still a method of sanitizing ... it just isn't an acceptable level
> > for some needs.
> 
> Hmmm, isn't that what I just said?

No, what you had said was mischaracterizing information from a U.S. government
report :)

You had implied that the first two options of WipeDisk were not "sanitizing".

I, quite correctly, pointed out (by citing lines from the afore-mentioned paper)
that they were.

> >
> > > Even your "ridiculously toughest" does not erase/clear/sanitize any
> > > sparred tracks/sectors, or does it?
> >
> > nope...no access to that from MPE or HP-UX :(
> 
> Well actually, if you know what you are doing, you can issue firmware
> commands to the drives themselves.  Drives tend to support different
> function sets even from the same manufacturer, let alone different
> manufacturers.  And then there is the problem of getting documentation
> on drive firmware, errors in the documentation, and being able to get
> the function calls right without trashing too many drives.  

precisely....and said in fewer words: 
   the risk of data being recovered from spared tracks is very low.

> Anyone that has $5,000 to $10,000 dollars can get an independent lab
> to do an easy data extraction off an "accidentally" erased disk.  If

I'd be interested in a quote that would include spared tracks from a SCSI drive.

> Of course at some point, the S/N ratio of the magnetic media creates a
...

[Interesting discussion of high-tech techniques to extract data from
apparently erased drives deleted ... interesting, but not likely
to be applicable to us]

> speaking.  This will only continue to get better.  Well, until mass
> storage is actually kept in a truly binary form and not analog as it
> is with magnetic media.

All mass storage ... all storage ... is analog.  There is no true binary.
RAM chips store charges or have areas of increased/reduced resistance, 
magnetic bubbles have some degree of magnetization, but it's all analog 
when you look at the edges :)

Even punched cards are analog ... just ask the Florida election riggers, er, counters :)

If it isn't clear, I think the summary of the thread should be:

   There is one choice in disposing of a used disk drive, with
   two possible answers:

       1) leave it operable
 
       2) leave it inoperable

    For both choices, one should ask:

        what options to I have to implement my choice,
        and what kinds of vulnerabilities exist thereafter?
 
   For each, the vulnerability chart is a standard security pyramid...
   the broad base represents most people, the point represents the fewest people.  
   The higher up the pyramid you go, the more vulnerable your data becomes
   (and the more costly it is to extract).

   For #1, a one pass write-over produces a security pyramid that excludes
   the vast majority of people.  
   Further, 
<ding>

Sorry, my "time's being wasted, get back to real work" buzzer just went off.

-- 
Stan Sieler
work:     www.allegro.com
personal: www.sieler.com/wanted/index.html  

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
ATOM RSS1 RSS2
RAVEN.UTC.EDU