Home page logo

basics logo Security Basics mailing list archives

RE: Interesting One
From: "Carol Stone" <carol () carolstone com>
Date: Wed, 30 Oct 2002 22:35:08 -0500

-----Original Message-----
From: ATD [mailto:simon () snosoft com]
Sent: Wednesday, October 30, 2002 6:08 PM

I have heard similar claims from "agencies" about the ability to recover
data after multiple re-writes. I also happen to know that several of
these "agencies" when doing drive disposal, literally drill holes in
their drives then incinerate them. That is after they wipe the drive
clean several times. I'd assume that there is a reason for such
paranoia, wouldn't you?  Or do you think they are just playing it super

The Bruce Schneier reference I promised the list is on pages 253 - 254 and yes,
he's talking about magnetic force microscopy but no, he doesn't provide any
footnotes. He just has a couple pages of heavy-duty reading listed at the back
finished with an apology to all the other references he forgot to mention.

But to answer your question - if you're a government and you know how to recover
data that's been overwritten some number of times, surely you're also working on
improving on that number and expecting other governments and shady characters to
do the same? I imagine whatever was just barely possible last year is now merely
difficult. With enough time, money and intent, I've no doubt that 30 times is a
perfectly reasonable number.

But I can't imagine anyone operating with something much less than a
governmental budget being able to afford to become particularly good at
recovering data overwritten *that* many times.

Then again, maybe I'm just naive. I imagine if anyone *really* wanted any
information about me, they probably wouldn't have to do anything more expensive,
difficult or high-tech than paw through my trash.

-carol stone

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]