Forgot your password?

Comment: Re:srm -v -z (Score 2) 76

Well, it confounds it at any rate. But completely filling the device's memory 33 times in a row is pretty likely to overwrite everything at least once or twice - even the hidden "failure reserve" space if it's included in the wear leveling (and if it's not, then it doesn't yet hold any sensitive data, so there's no problem). Guttmann's values may be irrelevant to today's storage media, but that many repeated rewrites of anything still mostly does the job.

If you were an engineer in charge of destroying data printed on paper, and you decided on shred then burn then stir the ashes in water, how many times would you repeat the cycle in order to be sure the data was destroyed? Hint: if your recommendation is greater than one (in order to be pretty sure), check your job title, because you're probably Dilbert's pointy-haired boss.

Drives today work almost nothing like the drives of 20 years ago. They don't paint bit-bit-bit in a stripe, they encode a set of bits in every pulse of the write head. Alter it a tiny fraction, and it becomes a completely different set of bits, one that error correction won't be able to overcome.

Old disks were recoverable because the mechanisms weren't precise, and the data was written with big chunky magnets to assure it was readable. All that slop has been engineered out on order to achieve today's remarkable areal densities. One overwrite is all it takes - as long as you're overwriting it all.

Comment: Re:And then throw it in a fire (Score 3, Informative) 76


What is the value of a used device? Compare that to the risk of the data on that device going to a malevolent third party.

I've had people saying "oh, look at all these hard drives, you should totally sell them on ebay and I bet you could get $10 apiece for them!" Adding up the time I would waste running DBAN or sdelete or whatever, and keeping track of which ones have been wiped, and double checking to make sure everything is really gone, it's not worth the time.

A big hammer and a punch, driven deeply through the thin aluminum cover and down the platter area, takes about a second and leaves nothing anybody would bother trying to recover. You can quickly look at a drive and say "yes, this drive has been taken care of", or "hey, there's no jagged hole here, this drive isn't destroyed." The aluminum cover contains the shards if the platters are glass. I don't care who handles them after destruction. There's no worries about toxic smoke. And if you have to inventory them before shipping them to a recycler, the serial numbers are still readable.

Smashing a phone wouldn't destroy the data on the chips, so a fire is a somewhat safer option.

Comment: Re:Problem traced (Score 4, Informative) 92

by plover (#47437271) Attached to: Chinese Hackers Infiltrate Firms Using Malware-Laden Handheld Scanners

The "scanner" portion of these devices is typically an embedded system that drives a hardware sensor, and speaks USB out the back side. You could probably open one up, solder a cable to the right points on the scanner board, and you'd have exactly the simple and transparent scanner you requested.

But because the business wants a truckload (no pun intended) of functionality out of these scanners, they need it to have more capabilities. First, it needs to be on the network, or it won't give them any benefit. Next, it needs to be multi-tasking so it can display alerts, etc. Its primary task may be to inventory the stuff coming off a truck, its other tasks may include assigning work items to line employees, displaying alerts on the supervisors' screens, punching the timeclock for breaks, and possibly even employee email. To a lot of businesses, a browser based interface lets them run whatever kind of functions they want, without the expense of continually pushing a bunch of apps out to a bunch of random machines. So taking all that together, embedded XP is one (bloated) way of meeting all that.

So while the scanner itself is simple, it's the rest of the hardware in the device that was infested with XP and other malware.

Comment: Re:Cry Me A River (Score 1) 586

by plover (#47422059) Attached to: Normal Humans Effectively Excluded From Developing Software

What I think a lot of the utopian visions miss, as well as a lot of the posters here, is that the problems with programming are not problems with the tools, but with the code that these amateurs produce. Writing clean, clear, correct, modular, maintainable, tested, and reusable code is still a skill that takes time to learn.

Generally, most people understand following a sequence of steps to achieve a goal. They can follow a recipe's steps to bake a cake. Some can even write down the steps they took to accomplish a task, which is the beginning of automating it; but recording and playing back steps is certainly not all there is to programming. Almost anyone who can write steps down can then learn enough of a language to string together a dozen or even a hundred individual steps to then achieve a goal: StepA(foo); bar = StepB(foo); StepC(foo,bar); ... another 97 steps here...; return(). The problem is that because writing down all those steps is possible, people who manage to do it once think they're programming. But all they're really doing is scripting.

Once someone tries to add logic to their scripts, the resultant code is generally buggy, slow, difficult to maintain, impossible to test, and probably should not be put into production, let alone reused. What a professional software developer does is recognizes the difference. He or she uses his or her experience, skills, and knowledge to organize those instructions into small groups of functionality, and wraps them into readable, testable, reusable, methods. He or she recognizes dependencies in the code, follows design principles to ensure they are properly organized, groups related methods into classes or modules, knows when to follow design patterns and when to break from them, groups related areas of modules into architectural layers, and wraps the layers with clean, testable, usable interfaces. He or she knows how to secure the code against various types of attack or misuse, and to properly protect the data it's been entrusted with. He or she understands validation, authorization, authentication, roles, sanitization, whitelisting, and blacklisting. And he or she understands the many forms of testing needed, including unit testing, system testing, integration testing, fuzz testing, pen testing, performance testing, as well as tools to evaluate the code, such as static code analysis and metrics.

On the other end of the developer's life are the inputs to the processes: requirements, stories, use cases, usability, scalability, performance. They know that following certain development methodologies can make a great deal of difference to the software's quality. And then there are the realities of all the non software development issues: equipment, firewall rules, IDPs, networking, vendor contracts, software licensing, hosting, distribution, installation, support, bug tracking, and even sales.

Tools can help with all of these steps, but as you pointed out, having a word processor does not make one a poet.

Comment: Re:seems like snowden did the exact same thing. (Score 1) 95

by plover (#47416707) Attached to: Thousands of Leaked KGB Files Are Now Open To the Public

Really? Because I don't seem to remember the purges that took place when Reagan took office, or Bush, or Clinton, or Obama. I don't remember when they arrested the political dissenters from the opposition parties, hauled them out of Washington and trucked them up to camps in North Dakota where the majority froze to death, or shot them in the basement of the Lubyanka after pronouncing them guilty in a secret "trial". Perhaps that all took place when the Ministry for Information took razor blades and cut out the encyclopedia pages for Jimmy Carter, and extended the entry for the Bering Sea to compensate, because we can't really trust our history books.

Go read Mitrokhin's books. Read the KGB's own history, stolen from their own archives. Compare it to what the USA claimed actually happened, and to what the USA claimed was Soviet propaganda. Mitrokhin's papers serve as independent corroboration that essentially everything the USA said about the Soviet Union's "active measures" was true.

Comment: Re:seems like snowden did the exact same thing. (Score 1) 95

by plover (#47416581) Attached to: Thousands of Leaked KGB Files Are Now Open To the Public

Wow, such hate and bile. The country Mitrokhin "betrayed" no longer existed. He turned over documents from the Soviet Union, not from "Russia". Yes, there is a distinction.

You completely failed to read what was written, which was a comparison of Mitrokhin to Snowden.

Apparently, that's what the fuck I don't get.

Comment: Re:And Chicago is relevant to Australia? (Score 1) 60

TFA tries to compare the legal aspects of one country's police using a legitimate cell tower's data (a "tower dump") with a court request for a copy of the purchase order of a surreptitious TriggerFish by a police force located in a different country. Different countries, different laws, different technologic approach to collecting the data, different accusations. The primary thing they share in common seems to be the outrage they spark.

Comment: Re:And in 20 years (Score 1) 95

by plover (#47408609) Attached to: Thousands of Leaked KGB Files Are Now Open To the Public

The declassification rules in the US are such that all documents are to be publicly released 50 years after the end of their active life. That's why they were compelled to release ULTRA and VENONA information in the 1990s, 50 years after the end of WWII. The declassification process is not automatic, in that someone still redacts the names of involved people who are still alive, and they make sure that the release won't endanger any current activities, but for the most part they are compelled to release it all.

If you are at all interested in the history of our intelligence services, and you find yourself in the D.C. area, I strongly recommend visiting the NSA's Cryptologic Museum.

Comment: Re:seems like snowden did the exact same thing. (Score 5, Informative) 95

by plover (#47408547) Attached to: Thousands of Leaked KGB Files Are Now Open To the Public

Here are a few more differences and corrections:
* Mitrokhin turned the data over to British officials only after the collapse of the Soviet Union. He did not endanger his country's ongoing intelligence operations. He may have embarrassed several former Soviet officials, but the revelations were not a crime against his country, as that country no longer existed at the time of their release. While the act of copying the classified data would certainly have been a crime against the Soviet Union, again, that country was gone. (Snowden released the data of his own still-active country, including information about active operations.)
* The data he turned over was archival material spanning decades and ending in the 1980s; he gave it up in the early 1990s. Some of it was less than ten years old at the time it was delivered. (Snowden's data was indeed more current and relevant.)
* After the publication of his notes in two books, the SVR actually provided academic access to the old KGB archives for a time. I think that was ended after the wrong person was embarrassed by his historical record, perhaps a former lieutenant colonel in the KGB. (The NSA has not yet opened their doors to the public in response to Snowden's release.)
* He was not a "whistleblower" in that he did not release this data in an attempt to change any ongoing practices. He was a historian who respected the truth, and did not want the facts distorted or destroyed by a regime with a long history of rewriting history. (Snowden is an activist, who is trying to effect change.)
* Mitrokhin's position was a Senior Archivist. He had access to essentially all KGB historical records, not simply operations of which he was a part. (Snowden was an administrator of systems, and had access to the records they contained; he also used other people's credentials to gain additional access to other records.)

Comment: Re:Nobody check this (Score 1) 95

by plover (#47408353) Attached to: Thousands of Leaked KGB Files Are Now Open To the Public

Well, considering Mitrokhin had Christopher Andrew publish selected information in two English language volumes already, "The Sword and the Shield", and "The World was Going Our Way", I think your pleas for ignorance are not going to have much effect. This is simply a release of the rest of the materiel he exfiltrated.

God made machine language; all the rest is the work of man.