Home page logo
/

basics logo Security Basics mailing list archives

RE: Interesting One
From: "Trevor Cushen" <Trevor.Cushen () sysnet ie>
Date: Thu, 31 Oct 2002 11:58:58 -0000

Thanks James Taylor I was wondering where I got the seven from.  I have
looked at the DOD standard that disk wiping products talk about and it
has no number in it (Orange book).  Other US government documents talk
about three levels of disk destruction, wiping, degaussing, and
destruction.  This may be where the various numbers are coming from.
Another post talked about the US government saying 7 also so "it must be
secure".  I won't go by that since the same US government wants
encryption levels kept down so they can break them.  Do they want the
same from disk wipes??? Yes a bit paranoid conspiracy stuff alright, I
agree.

I think the concensis seems to be that a good overwrite of all sectors
2-3 times will make the disk pretty much safe for reuse if the data is
not highly sensitive.  If it is then burn the disk and buy a new one
instead of reusing it.

Also it seems clear that if it is possible to recover data that was
overwritten 30 times it is not something that would have been done
easily.  It takes great effort, expensive equipment, and expertise.  If
your repair guy could get data then why was he looking and what did he
get.

I would agree it was scare mongering for a sale of some disk wiping
software package they just happen to sell.  Do they sell something like
this???

Trevor Cushen
Sysnet Ltd

www.sysnet.ie
Tel: +353 1 2983000
Fax: +353 1 2960499



-----Original Message-----
From: James Taylor [mailto:james_n_taylor () yahoo com] 
Sent: 30 October 2002 04:50
To: security-basics () securityfocus com
Subject: Re: Interesting One


The CISSP Study Guide (ISBN 0-471-41356-9) states that:

"Information on magnetic media is typically 'destroyed' by degaussing or
overwriting. Formatting a disk once dones not completly destroy all
data, the entire media must be overwritten or formatted seven times to
conform to standards for object reuse".

Also the above book states that "the Orange Book standard reccommends
that magnetic media be formatted seven times before discard or reuse of
media".

So if the US gov't reccommends seven times, you can bet
that they have technology that can read to a lower level
than that! However 30 times seems a bit excessive and it
must depend on the nature of the data being overwritten and what area's
of the media have been completly destroyed. At that level I imagine it's
something like guessing the picture from a 10000 piece jigsaw puzzle,
with most of the pieces missing.

Regards
James


--- Carol Stone <carol () carolstone com> wrote:
I don't know much about this, but yesterday I read in one
of the later
chapters of Bruce Schneier's book, "Secrets and Lies,"
(link to amazon 
follows) that over-writing data on a disk does *not*
completely 
obliterate it, it just makes it a lot more difficult to
recover with 
each over-write. I believe he said just how many
re-writes were still 
recoverable was a secret one of our governmental
organizations wasn't 
about to give up.  I'll look at my book later when I have
it in my 
hands and see if I can't find part and post a pointer to
*his* 
reference.

-carol

http://www.amazon.com/exec/obidos/tg/detail/-

/0471253111/qid=1035924654/sr=8-3/ref=sr_8_3/104-4454644-5987143?
v=glance&n=507846

Greetings Folks,

I had an interesting conversation today with someone
from FAST
(Federation
Against Software Theft) They pretend not to be a snitch
wing of the
BSA.
Anyway, to get to the point, the guy that came to see
me said that
their
forensics guys could read data off a hard drive that
had been written
over
up to thirty times. I find this very hard to believe
and told him I
thought
he was mistaken but the guy was adamant that it could
be done. My
question
is, does anyone have any views on this, or, can anyone
point me to a
source
of information where I can get the facts on exactly how
much data can
be
retrieved off a hard drive and under what conditions
etc etc.

Thanks

Dave Adams
 
 
 
This message (and any associated files) is intended
only for the
use of the individual or entity to which it is
addressed and may
contain information that is confidential, subject to
copyright or
constitutes a trade secret. If you are not the intended
recipient
you are hereby notified that any dissemination, copying
or
distribution of this message, or files associated with
this message,
is strictly prohibited. If you have received this
message in error,
please notify us immediately by replying to the message
and deleting
it from your computer. Messages sent to and from
John Crowley (Maidstone) Ltd may be monitored. 

Internet communications cannot be guaranteed to be
secure or error-
free
as information could be intercepted, corrupted, lost,
destroyed,
arrive 
late or incomplete, or contain viruses. Therefore, we
do not accept
responsibility for any errors or omissions that are
present in this
message, or any attachment, that have arisen as a
result of e-mail
transmission. If verification is required, please
request a hard-copy
version. Any views or opinions presented are solely
those of the
author 
and do not necessarily represent those of John Crowley
(Maidstone)
Ltd.



--
Real people for the virtual world.
http://www.elirion.net


__________________________________________________
Do you Yahoo!?
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/


**************************************************************************************

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. 

If you have received this message in error please notify SYSNET Ltd., at
telephone no: +353-1-2983000 or postmaster () sysnet ie

**************************************************************************************


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]