hph writes:
"CNN.com reports that 'The Pentagon believes it has found a way to give its old computers away to American schools and still protect information locked in the machines' hard drives.'" I hope this story amuses you all as much as it did me.
Re:Whats dd (Score:1)
Bit more complex (Score:1)
- pmitros
Re:In other news... (Score:1)
Re:Recovery of second and third generation deletio (Score:1)
Serious Issue (Score:1)
Re:Wow (Score:1)
is that really you? you're damn hot...
Re:Its only UNCLASSIFIED data... (Score:3)
For those of you who remember history, see also the US's exploits in the Pacific during WW2, accurately outguessing the Japanese, based on whether they would transmit after they leaked information to them. There are many other instances where this has been helpful.
Just because there are occasional individual misses in a large organization, do not make the mistake of assuming that the overall practices of that organization are lacking rigor. Human error is a constant problem in every outfit.
As for Slashdot's snide little comment about DD, just writing a single null bit is most definately NOT up to DoD standards for deletion of sensitive data. Magnetic media has a tendency to maintain shadows of earlier data which, using sufficiently sensitive apparatus and diligent study, can yield a surprising amount of information that could be considered 'deleted'.
Personally, I would advocate a limited-lifespan design where two drives are maintained. One with a pad of entropic noise, one with the actual data, encrypted with this pad. As a sector is accessed on one, it is decrypted or encrypted using the noise. At the end-of-life, the pad drive is pulverized,
But that would require foresight, and that sort of thing would never make it past congressional accountants.
dd was too slow for us (Score:3)
Our normal systems had classified (conf, secret, ts, ts+codeword) info on them. During wartime, if we were over-run, we would set off incendiary grenades (thermite, for those of you playing along at home). Since it is a rather startling sight and you want to MAKE SURE that it is done correctly, we would have one live drill per year.
Alternatively, we would put the TS ones through the shredder. We would take apart the drives and then feed the platters through. Came out as powder. Needless to say, this was a "no-tie" area.
I did have one captain that made us put the head through as well, since "the field could store some information." Yeah. 1 bit...
Re:dd is not good enough to erase data (Score:1)
Re:Ahh...but then it would be marked seneitive (Score:2)
The first problem with that is that from a strictly operational viewpoint, you can't classify *everything* -- because at that point you've eroded the value of the lowest security classification. If every document that is generated is marked sensitive, then either everyone will have to treat every book, file, floppy disk and piece of paper as sensitive ... or everyone will ignore the sensitive classification and keep working as usual. Human nature.
The second problem is the one that I raised, and that you ignored -- individual pieces of information by themselves are often completely benign, but correctly correlated can produce a very accurate estimate of information that would normally garner a much higher security classification.
This applies in every day life, as well. As an example, take the current trend in grocery marketing -- the saver club. If you join the club and use your club card everytime you go shopping at a particular grocery store, you get price discounts and cash back after enough purchases. Of course, the reason the store is willing to give you those discounts is that they are gradually building a very accurate database of information about your buying habits: what brands of food, how much, how often. You might not care if someone knows you eat Cheerios, but how about condom usage, or specific medicines? There's a lot of personal information to be gathered by aggregating supposedly non-sensitive data...
Are you moderating this down because you disagree with it,
Re:Its only UNCLASSIFIED data... (Score:5)
Congratulations. You have failed the first test for a security clearance. Just because the data is unclassified, you can't assume that the data isn't still sensitive.
As an example, suppose you have a spreadsheet that details the fuel consumption for a group of F-16s, and another spreadsheet that details fuel purchases for an air base. Individually the spreadsheets are unclassified information, but together they are sensitive, because from the two spreadsheets you can deduce a great deal about the missions and deployments for that group of F-16s. Even months after the fact, that information is still sensitive, because it can be used to make predictions about that air group.
Are you moderating this down because you disagree with it,
Re:Its only UNCLASSIFIED data... (Score:2)
And there is a TON of useful information that can be gleaned from UNCLASSIFIED data, as mentioned in numerous other posts here. Personally, I think that all drives (CLASS and UNCLASS should be destroyed. Media is cheap enough these days that a school could buy a smallish but usable drive for about 100 bux and have the rest of the hardware for free.
Re:dd is not good enough to erase data (Score:2)
(not a flame, just an honest question)
Re:Sorry that is *NOT* DOD standard. (Score:4)
SCIF = Sensitive Compartmentalized Information Facility
You are pretty dead on about the requirements to certify a facility though. (I worked with certifying them a year or so ago.)
Within the past few years, the tide has changed a few times on what to do with media. Currently (to mean that this article is not legal guidance in my mind), the standard is to physically destroy and burn all media regardless of classification. My guys have a locker full of around 50-100 drives that are waiting to be sledgehammered and sent to a burn facility. (Not sure if this is a "lots of fire" one, "acid bath" one, or something I'm not even aware of...)
And overwriting ANY number of times is not enough to save it from the tools that a foreign intelligence agency would have. I'd assume that we have similar technology, but that's some of the cool stuff I'm not privvy to.
I'll be interested to see what guidance might be waiting for us when we get to work Monday... And yes, those platter clocks/plaques do kick ass!
You're all paranoid. (Score:2)
Re:dd wouldnt do it (Score:1)
Uhh, no shit Einstein! And if you run dd twice it would perform two writes. What a concept! Amazingly, if you run dd 10 times, it will perform 10 writes. Wow!
___
And then there's money ... (Score:2)
I may have a similar situation. I work for a hospital, and we want to get rid of a stack of 486's sitting in a storeroom. Some are chock full of patient info. HIPPA (patient privacy act) says $10,000 fine for each incident of improper release of information, so we have an incentive. Not to mention how happy attorneys are to discover such incidents. (It can get real expensive)
First you have to plug the thing in and hook up the cables. There's only table space for two at a time.
Second, the overwrite. I'm only doing one overwrite. Why?
Do you have any idea how long it takes to do a single overwite of a hard drive on a 486, much less 7, 10, or 16 overwrites?
Suppose the 486 is flaky and the floppy is broken.
I'm supposed to fix it so I can erase the HD?
The salary cost of personnel doing thorough overwrite, degaussing, and all those other games makes it a hellavu lot cheaper to incinerate the drives and buy new ones. (if one were to attempt a thorough job). How many is the Gov talking about? 10's of thousands?
Ideally, one would have them wiped at the desk before installing the upgrade. (as if I trust the contractor-of-the-day to remember or actually spend the time).
Reading between the lines of the article, and interpolating from my own experience, the real problem with releasing overwritten drives versus the acid bath, is that some of the ones that were supposed to be overwritten were not done. How would you know (cost-effectively) that the overwriting was done completely, or at all?
Double-checking doubles the cost.
What's the point in giving away a $100 dollar computer if it costs $200 in taxes to clean it up?
Well, the schools don't care if it costs the government $2000 to donate a 486. To them, it's "free". People holler, politics intervenes, and we're back to giving them away.
The Pentagon says "to hell with it", we'll just do a single wipe and get rid of the problem.
It is possible to retreive some overwritten data (Score:2)
Otherwise they have to physically destroy the drives including crushing and burning.
How I learned to stop worrying.. (Score:3)
Mind you, I haven't found g any data on them, but they still had an operating system + programs. I was really shocked when I booted them up and their DOS Batch menus popped up "NUCLEAR REGULATORY COMMITEE
A Real Problem, Not A Joke (Score:2)
Re:swap in a new harddrive? (Score:2)
dd is often not enough (Score:3)
With specialized equipment, you can often read data that was overwritten on a hard disk, so dd is often not enough. See Secure Deletion of Data from Magnetic and Solid-State Memory [sourceforge.net], by Peter Gutmann of the University of Auckland. There is also a previous slashdot article [slashdot.org] on this subject.
Although the article says that hard disks that held classified data will still be destroyed, there still is lots of information that is unclassified but is not supposed to be released, for example, private personal information, a large body of information that should have been classified because classified information can be derived from directly from it, etc. You can bet that the US military is much more familiar with this issue than the insulting "Pentagon Discovers dd" slashdot title implies.
Re:Its only UNCLASSIFIED data... (Score:3)
If somebody wanted that data bad enough... (Score:2)
Of course, I noted near the end of the article that the truly classified machines still get trashed, it's just the garden-variety receptionist and lower-end lackey machines that get given to universities where the 33l33+ #@X0R d00dZ lurk...
Re: several times over? (Score:2)
"Give the anarchist a cigarette"
What's so funny about this? (Score:2)
Securly erasing magnetic media beyond any hope of recovery without destroying the media is *hard*.
For a full account of the problems involved, read this [rootprompt.org].
-henrik
Re:not very interesting (Score:5)
Agreed. Slashdot's presentation totally misrepresented the actual story.
See, rather than applauding the Pentagon for giving away (!) computers (!!) to schools (!!!), and rather than commending the Pentagon for reversing an existing policy (the path of least resistance would have just destroyed those hard drives), Slashdot decided to flex its techno-elitism and show just how snobby some geeks can be.
So, if some people at Slashdot would stop desperately trying to mock any and all mainstream journalism about computers, perhaps they'd see the actual value of this story.
Re:Recovery of second and third generation deletio (Score:4)
I stand my ground that 20 year old secrets are quite lame and not worth protecting. Your post was the one that seemed most rational, as it focused on things such as spy networks. No problem. That almost makes sense. If the network hasn't already been compromised (Aldrigde Ames, et al.)
If foreign powers (and in this case, I think we need to primarily concern ourselves with the Soviets and possibly the Chinese) are incapable of breaking the secrets after 20 years, they aren't a threat. If they are capable, destroying the drives is a moot point; they already have the information. But I will grant that of all the arguments, the question of spys makes more sense than any other.
Second point that many others made was WRT technological advances. Which doesn't float at all. Even after having a U2, I don't remember tales of a Soviet counterpart (I'm not a hardware buff, so I could be wrong. Still, it would be an important part to the Gary Powers legacy if there was evidence of the Soviets reverse-engineering the thing). There is also the more important matter of build-quality. You can have the greatest design in the world, but if your metallurgy/construction/operation of a device is faulty, who cares? I think the SCUD's proved that point about ten years ago. While the patriot missile helped, so did the fact that the SCUDs were put together like a Trabant. (Come to think of it, a Trabant in a trebuchet would likely have been more effective).
(Most of the rest deals with the other replies, so don't take it personally if it's not 100% related to your post)
Another poster mentions chemical and biological warfare, as well as the Manhattan project, as being items that are still rightfully under wraps. Give me a break. Without access to that data, China, Pakistan, and India (among others) all have nuclear programs. Concurrent discovery of technology is the norm, and the US didn't do anything grand, except get it done before having to get on with the island hopping.
Biological is perhaps the biggest joke there is. Anybody with a few credits of chem or bio in college could develop a rather nasty thing to rain all sorts of shit down on an enemy. The real trick is delivery systems. Given that little GPS powered 'RC' plane, I don't think we need to go high tech, either.
But of course, someone could steal the super-duper-top-secret GPS error removing protocol. This and the exact capabilities fall into the same category: big freakin' deal. Close only counts in horseshoes, handgrenades, and nukes. Do you think Saddam or Osama cares if their pathogen hits at 1602 Penn. Ave. instead of 1600?
I could go on and on about why the arguments posted up to my post were wrong, and did not support the destruction of hard drives. BUT, I have largely reversed my opinion, based on one small thing that I haven't (yet) seen mentioned: most of these machines don't have 20-50 year old data on them. Most like, it is just a few months. Thanks to the DOD (and their worldwide counterparts) Intel, Western Digital, and the rest continue to make 386's, one GB drives, and 30 pin SIMMs. Those 486's that could go into the schools don't contain ancient information. They contain the latest and greatest, given the slow speed of replacement of computers by the DOD.
(And to the moderator of my original post: If you think I am a troll simply because of strong language or an opinion that differs from yours, say so. Don't hide behind the 'overrated' tag. Obviously, at least four people on
Re:Slashdot editors strike again! (Score:5)
Since most of the readership falls into both of these categories, why shouldn't the editors?
Re: [accusation of gross incompetence] (Score:3)
[link to kuro5hin story [kuro5hin.org]]
[patronising comment]
--
Re:dd is not good enough to erase data (Score:3)
At least, that's how I think it's done. Feel free to correct me if I'm wrong.
--
Re:Recovery of second and third generation deletio (Score:2)
So, in other words, you're saying my point about spy networks would isn't valid, since the secret had been blown. There's a bit of a problem, though: If there is any 20 year-old info that needs to stay secret (and has), how the hell am I supposed to know about it to rebut your argument? The government probably has all sorts of stuff that's 20 years old that is still secret, and it's not about to surface on Slashdot.
I have largely reversed my opinion, based on one small thing that I haven't (yet) seen mentioned: most of these machines don't have 20-50 year old data on them. Most like, it is just a few months.
I wasn't saying the data was necessarily old now, but that, even if the technology doesn't currently exist to recover the drives, it could still be a problem if such technology is developed in 10 years. If they're just retiring the computers now, then, in all likelyhood, the data isn't too old.
Re:Recovery of second and third generation deletio (Score:2)
There is a world beyond software, fool. Read this article [auckland.ac.nz]. In case you're too lazy to click the link, you can recover data from a drive by disassembling it and using magnetic force microscopy with a scanning tunneling microscope. Even after you overwrite a bit, there are still traces of its previous value.
Re:Recovery of second and third generation deletio (Score:2)
Touche.
First of all, thank you for the civilized debate. It's a rare thing on slashdot... You seem to be a rational, open-minded individual, and the world needs more like you.
I guess we've come to the conclusion that the government may have important 20 year-old secrets, but we can't reasonably find out if they do.
I figure their security experts probably know best, so they should be the ones making the decisions, not politicians who think the internet is synonymous with the web.
Re:Recovery of second and third generation deletio (Score:3)
The latest blueprints for their newest fighter,
These are fairly lame examples, but I'll work with them anyway... Troop movements would reveal tactics and doctrine, which don't change very quickly. Fighters and other military hardware often stay in service for 30 or 40 years (think--when was the F-15 introduced). Hell, the Russians are about 20 years behind the US in sub quieting technology, so getting old info there could probably still help them, and then we'd see the technology show up in subs sold to the Chinese (and, in turn, to every two-bit rogue nation in the world).
A much better example of something that would still need to be secret after 20 years would be the names of agents operating in foreign countries. Admittedly, that would be classified, but the original poster was talking about releasing drives that had held classified data (and I pointed out that it's hard to be sure a computer wasn't ever used for classified stuff).
Why take chances with national security just to get some crappy 486s into schools? For the cost of proper data wiping (remember, the Pentagon never does anything cheap), you could probably buy them Pentiums.
Politics and Security don't mix (Score:5)
Now I know the Slashdot editors (and more than a few Slashdotters) think that they're left-wing 31337 political h4X0rs, and that the Pentagon is completely incompetent, but maybe, just maybe, you should do some fucking research before your criticize somebody.
Completely deleting data is very, very hard. Wiping a drive securely [auckland.ac.nz] against a determined and experienced foe may take more than 20 passes. Considering the physical security at most schools, giving the drives to schools is as good as handing them to the Russians/Chinese/Martians or whoever is the enemy of the day. If the drives haven't been properly wiped, you might as well give them accounts on all the DoD computer networks so they don't have to steal computers from school kids. I also would say it's a lot easier to smash a drive into itty bitty pieces and burn them than it is to properly erase it.
When dealing with national security, one should generally err on the side of caution.
Finally, for all you sysadmins and security experts out there, how would you like it if politicians with no computer knowledge whatsoever were second-guessing all your security decisions, while making sure you'd still take the fall if anything went wrong?
Re:Recovery of second and third generation deletio (Score:5)
No, no, no! Information can be recovered long after the second or third overwrite. Here's my
source [auckland.ac.nz]. And that's just what the public knows how to do. Who knows what the NSA and their foreign counterparts can manage.
Remember that, when dealing with data security, you don't just need to worry about what your enemy can do now, you need to worry about their capabilities 20 years from now. If the data has to stay secure for 50 years, then the only choice is to destroy the drive (we may have nanotech by then, and then you'd probably be able to uncover everything that was ever written to the drive).
Please, people, the NSA and the Pentagon have people who know way the fuck more about security than you or me. Leave matters of national security up to them, and go back to worrying about how to make your home linux box secure... Write to your politicians, and tell them to stop meddling. Getting 486s for schools may sound like a noble cause, but if it costs the lives of American soldiers 5 years from now, was it worth it?
Is it worth it? (Score:2)
My question is, how old are these systems being retired? If they are relatively old, then the hard drive is probably very low capacity by todays standards and cannot be considered too reliable.
With a low-capacity hard drive, would it be cheaper to just ditch the hard drive entirely, using a destructive secure erasure method and spend the moeny that would have been to pay for staff to erase the disk without destroying it to instead buy a new small hard drive?
The BIOS won't anyway. (Score:2)
Re:But arg format is totally nonstandard and fucke (Score:2)
If you know how path expansion works in UN*X, a '*' expansion would be looking in your current (home?) directory for a subdirectory named 'of='. The unix shell does not know (or care) about what the command being called expects. That's why most UN*X commands do something like '-i filename'. That way the filename stands alone, and shell 'glob' expansion will work properly.
If you want to avoid the whole problem, then you can replace
dd various_options if=/some/long/pathname of=/some/other/long/pathname
with
dd various_options < /some/long/pathname > /some/other/long/pathname
That way, the filename is standalone and shell glob completion will work properly
In my early Unix days, I wondered why dd even had the if= and of= parameters, since < and > do the same things. I think it's so that people who get used to all of the other var=value params for dd stopped bugging the writers for a way of naming the input and output files that was consistent with the rest of dd's options. Perhaps we should update the man pages to reflect that.
--
Re:Its only UNCLASSIFIED data... (pads) (Score:2)
The nice thing is that, since both drives are always getting 'random' data, a couple of extra passes of 'random' data might make it real hard to figure out which pass was the 'real' random data. Randomly switching which side gets the 'pad' and which the data-modified 'pad' may make analysis even harder.
A prototype of this 'secure' filesystem could probably be done up in a couple of hours by modifying a software-raid driver. If i cared enough about my own security, I might do it myself.
I'd patent this idea, but it's now been published
--
Re:When is data truly gone? (Score:2)
(I'm guessing, here)
--
Re:But arg format is totally nonstandard and fucke (Score:2)
If you don't specify an if= or of=, then dd is capable of being used as part of a pipe.
--
Re:dd is not good enough to erase data (Score:2)
Re:dd is not good enough to erase data (Score:2)
------
Re:dd is not good enough to erase data (Score:2)
------
Re:dd is not good enough to erase data (Score:2)
I am not a MIL STD, but... (Score:2)
1. Write all 1's (0xff) to the disk. Readback & Verify.
2. Write all 0's (0x00) to the disk. Readback & verify.
3. Repeast steps 1 and 2 two more times (for three full passes).
4. Write a random byte to the disk (I'm partial to 0x47 or 0xb2, but take your pick). Readback & verify.
5. Write the 1's complement of the previous byte to the disk. Readback and Verify.
Make sure to generate a log somewhere for audit trail purposes!
Note. I am NOT a DoD STD. Please check your customer's relevant specs for purge.
Re:dd is not good enough to erase data (Score:5)
You don't just "dd if=/dev/zero of=/dev/rhd0".
There are several standards for purging media, such as DoD 5220-28M, and AFR 205-16. They specify the means of purging various media, ranging from core to disk to tape.
The smartass comment about "dd" was totally unwarranted. Also, if hph had bothered to READ the article, he'd have seen that DoD was simply reverting to the earlier policy of wiping (unclassified) disks and donating the computers, instead of destroying all disks.
Even the posters don't read the fscking articles any more.
Re:Whats dd (Score:2)
Re:Windows licenses (Score:2)
________________________
dd is not good enough to erase data (Score:5)
Re:Its only UNCLASSIFIED data... (Score:3)
I did computer support at an Air Force base a number of years ago. The only time I heard of information not being properly destroyed was when a hard drive failed that had personel info on it failed, and the computer tech threw it in the trash when he replaced it. The tech had been around a long time, so he managed to not lose his job over the issue, but he should have known better.
The Air Force policy where I was at was that a computer's life span was 5 years, and they rarely bought state of the art computers in the first place. After a few years, the departments with the budgets to buy new computers would buy them, and the still usable used computers would be passed to a department why didn't have money to upgrade their 5+ year old equipment. Often those 5+ year old computers would be passed down to contractors and others without the budget or political clout to acquire new or even slightly used equipment. Old computers were also scavenged to keep other old computers running. By the time the Air Force was done with those computers, there was very little value left in them, even for educational use. An average computer tech contractor costs the government somewhere in the range of $40 an hour. If it really worth spending the time to make sure the computer's drive is wiped. In many cases the computers don't even work, so wiping the hard drive means putting it in another computer to do so. In the end the schools get tons of junk which they have to pay to dispose of, and the government gets to be politically correct.
Just chuck the hard drives in the incinerator and throw the computers away. Don't waste the time and effort trying to figure out if there might possibly be sensitive (classified or otherwise) information on the hard drive, destroy it. At the point the government is willing to give them to schools, they aren't worth anything anyway. If the government wants to spend money on getting rid of old computers, spend it recycling the old parts, so we don't just put them in landfills. Giving them to schools may be politically correct, but mostly it just means that the school wastes it's resources trying to find out if the computer is usefull, then just chucks it in a different landfill.
GPart (Score:2)
Linux rocks!!! www.dedserius.com [dedserius.com]
The Gutmann Paper (Score:5)
For a fairly exhaustive paper regarding the secure deletion of data, see the Gutmann paper on USENIX.
Secure Deletion of Data from Magnetic and Solid-State Memory [usenix.org] by Peter Gutmann
This covers a series of 22 overwrite patterns that are formulated to ensure proper destruction of any trace information on RLL- and MFM-encoded hard drives. It goes into some detail about the ways electron microscopy may be used to recollect trace information. Other patterns exist, and I'm expecting the DoD or NSA has even more rigorous schemes.
Unfortunately, raw degaussing of a whole hard drive device often disables the device's ability to operate in the future, or is not strong enough to ensure the destruction of the data.
Recovery of second and third generation deletions (Score:2)
If you REALLY are paranoid, just get a script to plant misinformation throughout the system before deleting it all.
Re:dd is not good enough to erase data (Score:5)
Re:swap in a new harddrive? (Score:2)
Please consider, as well, that calling it a 'preventive measure' is probably a euphimism for somebody found some useful information on a hard drive we gave away and three informants died as a result -- but we're not going to acknowledge that that's the real problem because it might end up in the whole program being trashed..
You have to look at this from the (probably non-technical) Bureaucrat's point of view. Once the drive is destroyed, the problem is solved. Paying good money to buy hundreds (thousands?) of brand new hard disks that you're going to give away is a waste of funds that you can always find someone in your organization clambering for to help hunt down the latest killer. (remember that this initiative probably made it past on the bigwigs based on the promise that it would cost the department next to nothing, while providing good PR). Providing new drives with every outgoing machine would probably increase the up-front cost of the program by an order of magnitude.
(the scarey thing is that the 'destruction' probably consisted of tossing the drive in the garbage where any spook would be happy to dumpster dive and retrieve all of this data from one place.
--
Re:swap in a new harddrive? (Score:2)
--
Re: several times over? (Score:2)
Most vendors found it easier to just melt down the drives.
Remember that these were mainfraime hard drives, in the early '80s, that probably cost in the range of thousands of dollars each (retail).
--
Re: several times over? (Score:2)
Remember that these are 'unclassified' machines and they feel that the risk of 'only' overwriting them is fine. They're still destroying drives from classified machines.
--
Instead of just zeros and ones... (Score:2)
Thats ascii for "all this bits belong to us (pentagon)"... : )
Re:Bit more complex (Score:2)
Re: several times over? (Score:3)
Re:Secure rm (Score:3)
Re:fp (Score:2)
Re:7 Times. (Score:2)
OpenBSD disk are not physically secure. 1) Openan OpenBSD boxen (or 99.9% of the computers out there) 2) take drive out 3) mount disk 4) look at all your data and p0rn
OpenBSD only encrypts swap (and you have to turn this on manually) and doesn't have support for encrpting ufs yet...
Re:Bit more complex (Score:2)
Re:LAYER the security approach (Score:3)
Please tell me how to make sure they used encrypted filesystems 5-10 years ago, on those old machines that they are scrapping now. (See..., it's not a very helpful suggestion!)
Actually, it wouldn't help security very much to use encrypted file-systems either. Encrypted file-systems are only supposed to help if someone seizes your machine. That means it might be a good idea on a laptop, but if physical security is good, it is an unnessecary hassle to use on desktops. And, as avoiding loss of data is equally important when it comes to security, I wouldn't really think they would want to go through with that. Better just scrap the HD's.
Sorry that is *NOT* DOD standard. (Score:4)
Wow (Score:2)
Re:Recovery of second and third generation deletio (Score:2)
LAYER the security approach (Score:2)
What if you layered the security approach? Encrypt the filesystem with a very good cypher and encrypt the entire filesystem!
Then, when you format the hard drive, overwrite 10x with dd (and random bit patterns, in a randomized write pattern), the black hats would have to
1) Read through 10x overwrites,
2) Read through the format,
3) Decrypt the final result, protected with a strong cypher.
As with all things security related, you provide multiple layers of defense!
Re:Whats dd (Score:3)
dd wouldnt do it (Score:2)
dd would only perform a single write, which is in no way enough to delete all traces. That would be like erasing an audio tape; tiny vestiges of the original recording would still be present.
The military has always known how to properly purge disks, for example with software such as Fortress, which has been around forever. It performs multiple passes of the disk, writing on the disk with different data, and in different scan patterns, with various read tests in between. It is very thorough. And let us not forget to mention large-scale disk degaussing.
This "news" is much like the press "discovering" TEMPEST (the ability to sense radiations from a computer and monitor from a distance)last year, even though that technology has been publicly known for many years now.
Overwriting data with dd does not suffice (Score:4)
Today's hard drives are much more sophisticated than this, so they sure leave many more chances open to retrieve old data in original ways.
//BernardoInnocenti
Heh (Score:2)
I bet that someone at the Pentagon is now looking at the first two buttons on thier keypad and thinking;
G-ddamn this is going to be boring
:-)
Slashdot editors strike again! (Score:4)
Uh, it's the reporter, not the Pentagon that claimed that the Pentagon has "found a way" to erase the hard drives.
Is it just me, or does it seem to anyone else like Slashdot's editors 1) can't read, and/or 2) are easily amused?
--
Re:Politics and Security don't mix (Score:3)
Amen! I hate it when the DoD uses the argument of national security to rationalize nothing less than the wholesale MURDER of thousands of innocent harddrives. The poor little devices served that country well, by storing classified data, and their loyal service was repaid with incineration.
Even the brave harddrives that assisted with unclassified work still had their brains wiped clean several times before being forced into the hellish public school system. It's barbaric.
Re:Windows licenses (Score:2)
Windows licenses (Score:5)
Re:Whats dd (Score:2)
The program that can see past the controller's shenanigans is called "low-level format". It is more akin to a device driver, having intimate knowledge of how the actual disk operates. If the Pentagon wanted to contract with the manufacturers of disk drives for a very special LLF utility that properly exercised each sector, writing magnetic patterns specifically designed to cripple subsequent analysis, that might be good enough.
Or it might not. You've got to ask yourself how much effort an attacker is willing to expend to retrieve the contents of that drive, and how much damage can be done if he's successful to properly evaluate the risk.
New Classroom Projects (Score:4)
They can also gain a valuable jump-start on children in other countries by starting young to learn about data analysis and retrieval, surveillance and the ins-and-outs of the military-industrial complexe.
This could be the best strategy to educate american children in the face of the growing espionage-publicity gap caused by the recent spade of british agents "losing" their laptops.
Many things look stupid... (Score:2)
There is a temptation to blame recent moral turpitude in elected officials for the intellectual vacuum of the civil service corps, but calling it a leadership issue is oversimplifying.
Closer to the mark, we get what we pay for. I just turned down a GS position, because the pay was 2/3 a private sector offer.
Go figure why we are shocked by this decision to spare unclassified hard drives.
Re:Whats dd (Score:2)
Re:Its only UNCLASSIFIED data... (Score:2)
not very interesting (Score:4)
Re:When is data truly gone? (Score:2)
Now, I believe (and if I'm wrong, correct me), that when a bit is written to the hard drive, there is a minor amount of error where it could be written to physical area of the hard drive. The error isn't enough to make it interfer with the other bits of data on the hard drive, but is enough that there is a decent amount of chance that you could pull off the previous value of the bit from the hard drive, if you tried hard enough.
Also, when a bit is changed from one state to another, if the bit is changed, it might vary slightly (but still in the range of tolerance) if the bit was changed from 0 to 1 or 1 to 0 instead of the bit being 1 before or 0 before and remaining unchanged. Think of it as the magnetic field defining the bit as being not as strong as if the bit was not "flipped".
Now, the way to get around this is to write random bits of data to the hard drive several times. Another poster has commented that seven is the magic number, and since I've heard that number before, I have to agree. So fill the hard drive with random bits seven times and the original data can be assumed destroyed.
In other news... (Score:4)
Deputy Secretary of Defense Paul Wolfowitz is credited with discovering that nonclassified material could be removed from the whiteboard with an eraser.
An anonymous source close to the Pentagon has stated that this is undisputably the smartest decision the government has made in years.
Re:Politics and Security don't mix (Score:3)
Re:PShaw the govt's been doing this for years! (Score:2)
Just install it on any Windows machine and it'll do its job within a few days.
Re:dd is not good enough to erase data (Score:2)
Re: several times over? (Score:2)
Of course, there is a big assumption when erasing this thorough is required: that someone will get hold of the drive and believe that it is worth a great deal of work by high-paid techs using very expensive test equipment in a clean room. If the computer has a sticker saying "War plans room. May contain classified data", there's a pretty good chance someone would do that. But if you simply dd (or a DOS/Windows equivalent) a shipment of 100 machines scrapped from the personnel dept, do you really think anyone is going to dissassemble all 100 hard drives on the chance that maybe one of them contains useful data? (And don't you think that the school receiving those machines might investigate who's been stealing the hard drives?)
Re:Its only UNCLASSIFIED data... (Score:2)
Re:Recovery of second and third generation deletio (Score:2)
Brant
[accusation of previous poster's incompetence] (Score:2)
[absurdly thorough overkill method for secure deletion]
[suggestion that previous method is barely adequate]
[expression of smug superiority]
--
[accusation of gross incompetence] (Score:3)
[inadequate deletion method presented as obvious solution]
[insultingly simple and inadequate recommendation for general solution to computer incompetence]
--
Who wants or needs these machines? (Score:3)
Re: several times over? (Score:2)
If somebody hasn't already pointed it out, unclassified data can be combined to derive classified data. Say a terrorist already has the following information.
Re: several times over? (Score:5)
Yes, it is very, ah, 'funky'. You can use magnetic analysis of the drive to get back data written to it a long time ago. Basically, the only way to actually remove data from a drive is this: It isn't so much about reading back single bits, but about reading whole files, in which a single bit or two might be slightly damaged. For example, read the following sentence: The meaning of the sentence remains intact, even when four or five characters are lost. In the same way, quite a great amount of data can be uncovered by reading large chunks of data, even if you can't retrieve everything to the bit.
Making these decisions based on politics and not security is a dangerous choice. I hope the Pentagon thought about it very seriously. Of course, with the Presidents virtually giving away our nuclear missile designs, there isn't much left to protect, but still the issue stands.