SoylentNews is people
SoylentNews
From Asahi Shimbun
A man who won an Internet auction for used hard disks soon discovered that he was in the possession of confidential and sensitive government information that he had no business reading.
At first, the man, who owns an information technology company, was puzzled when he found repeated mention in the file names of Kanagawa Prefecture.
But he was in for a greater shock when he used recovery software and found that the files on the hard disks contained mountains of data compiled by the Kanagawa prefectural government.
The data included everything from individuals who were behind on their taxes and the amount; documents considering the seizure of assets; documents related to contract bid amounts; rosters of employees at public schools; and even design blueprints for electric power plants and water supply works.
(Score: 2) by Immerman on Tuesday December 10 2019, @07:27PM (4 children)
Do you have any evidence that a second pass, much less the sitting around, actually improves the situation? I can't imagine how sitting would make any difference whatsoever.
With modern drives I haven't even seen any evidence that that random data instead of zeros actually improves the situation - though so long as you can generate random data faster than you can write to disk it certainly won't hurt anything, and may well help, at least against well-funded data recovery attempts.
In the days of yore, when hard drives heads were imprecise and disks had large "neutral zone" gaps between tracks to prevent accidentally overwriting data on adjacent tracks, a single pass would leave quite a bit of the previously recorded data remaining in the "neutral zones". It usually wasn't possible to recover the data using the same drive, but putting the platters in a more flexible recovery drive could recover quite a bit it from the "neutral zones". Which led to "military grade" wiping procedures with 5+ passes of noise - each pass would write over a slightly different part of the tracks and surrounding neutral zones, and after several passes you could be confident that the neutral zones would be well-scrambled.
With modern hard drives though the "head slop" and associated "neutral zones" have been virtually eliminated in the quest for greater data densities. And while the platter will still show magnetic anomalies to sensitive enough equipment after a single pass of zeros, I've heard of no evidence that anyone has proven the ability to actually use those anomalies to recover data. Of course there's no guarantee I'd hear about the data-recovery capabilities of covert government intelligence agencies - so a few more random passes to err on the side of safety is probably called for with high-security drives, and even physical destruction probably isn't overkill.
And then we have SSDs - where there's basically no possible way to be completely sure that you've wiped the drive, and physical destruction is the only secure option. Yes, *if* you used whole-disk encryption from day one,and *if* it was 100% flawlessly implemented, then just wiping the key will do the job. But that a whole lot of "if" to rely on for a high-security application.
In fact, it seems to me the lack of a way to wipe SSDs securely is a major flaw for modern PCs. Whole-disk encryption is usually not called for, and comes with a lot of potential risks and headaches to the point that it's hard to recommend without a good reason. But there should be a way to reasonably effectively wipe the data before passing it on to someone else.
(Score: 2, Informative) by Anonymous Coward on Tuesday December 10 2019, @08:35PM (3 children)
I think the "standard" for secure erasure is:
1) a zeros pass
2) a ones pass
3-6) random data passes
7) a zeros pass
The "need" for this 7 pass erasure is why "Cryptographic Erasure" drives actually exist. Basically, a CE drive is one that is encrypted, but the key is "under the door mat" so to speak. The idea being that when you erase it, you overwrite that key 7 times (fast) and you have nothing but garbage on the rest of the drive, then a zeros pass and you are done.
(Score: 0) by Anonymous Coward on Wednesday December 11 2019, @02:07PM (1 child)
yeah 'tis is funny. one would assume that HDD manufacturers "know best" and would have a device for sell, that is maybe 3xAAA battery powered sits on the desk and you can slot-in a 3.5" and press the big red "erase" button?
but noooo ... it is nigh impossible (time wise) to erase them, so junk 'em and don't recycle/second-hand 'em.
(Score: 2) by Immerman on Wednesday December 11 2019, @02:37PM
DBAN - Darrel's(?) Boot And Nuke.
Burn it onto a CD, boot the computer off it, and select how secure an erase you want to apply to the hard drives.
Not quite a standalone box, but you can use any old computer you happen to have lying around. There might even be a Raspberry Pi version which would allow for a pocket-sized option.
(Score: 2) by Immerman on Wednesday December 11 2019, @02:22PM
I think you're right that the standard is something like that. My point is that it's a standard that was created when hard drive implementation details were very different than they are now, and data could be readily recovered by inserting the platters in a drive that would read the gaps between tracks.
Cryptographic erasure is a wonderful alternative - but only if the encryption is theoretically unbreakable (which is... almost nothing in the face of emerging quantum computers) and the implementation is perfect. And as we've seen time and again with such drives, the implementation is often deeply flawed.