Home page logo
/

basics logo Security Basics mailing list archives

Re: Interesting One
From: ONEILL David J <David.J.Oneill () state or us>
Date: 31 Oct 2002 15:57:54 -0800

Then again they could just be perpetuating the paranoia, so that unsuspecting
companies will continue to waste big $ on their services.  As I noted in an
earlier response, I was only told to degauss the media, then write low values
over the entirety (protecting crypto data - DD Top Secret classified
installation.)  After this process was completed the media was disposed by a
civilian trash company - landfill material.

Beware of hands in your pockets, especially if you have deep ones.

David J. O'Neill
NEDSS - IS7
Parkway Bldg., 2nd Floor
Phone: (503) 378-2101 ext. 364
FAX:     (503) 378-2102

simon () snosoft com 10/31/02 03:39PM >>>
I have heard similar claims from "agencies" about the ability to recover
data after multiple re-writes. I also happen to know that several of
these "agencies" when doing drive disposal, literally drill holes in
their drives then incinerate them. That is after they wipe the drive
clean several times. I'd assume that there is a reason for such
paranoia, wouldn't you?  Or do you think they are just playing it super
safe?


On Tue, 2002-10-29 at 15:57, Carol Stone wrote:
I don't know much about this, but yesterday I read in one of the later 
chapters of Bruce Schneier's book, "Secrets and Lies," (link to amazon 
follows) that over-writing data on a disk does *not* completely 
obliterate it, it just makes it a lot more difficult to recover with 
each over-write. I believe he said just how many re-writes were still 
recoverable was a secret one of our governmental organizations wasn't 
about to give up.  I'll look at my book later when I have it in my 
hands and see if I can't find part and post a pointer to *his* 
reference.

-carol

http://www.amazon.com/exec/obidos/tg/detail/- 
/0471253111/qid=1035924654/sr=8-3/ref=sr_8_3/104-4454644-5987143?
v=glance&n=507846

Greetings Folks,

I had an interesting conversation today with someone from FAST
(Federation
Against Software Theft) They pretend not to be a snitch wing of the 
BSA.
Anyway, to get to the point, the guy that came to see me said that 
their
forensics guys could read data off a hard drive that had been written
over
up to thirty times. I find this very hard to believe and told him I
thought
he was mistaken but the guy was adamant that it could be done. My
question
is, does anyone have any views on this, or, can anyone point me to a
source
of information where I can get the facts on exactly how much data can 
be
retrieved off a hard drive and under what conditions etc etc.

Thanks

Dave Adams
 
 
 
This message (and any associated files) is intended only for the 
use of the individual or entity to which it is addressed and may 
contain information that is confidential, subject to copyright or
constitutes a trade secret. If you are not the intended recipient 
you are hereby notified that any dissemination, copying or 
distribution of this message, or files associated with this message, 
is strictly prohibited. If you have received this message in error, 
please notify us immediately by replying to the message and deleting 
it from your computer. Messages sent to and from 
John Crowley (Maidstone) Ltd may be monitored. 

Internet communications cannot be guaranteed to be secure or error-
free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive 
late or incomplete, or contain viruses. Therefore, we do not accept 
responsibility for any errors or omissions that are present in this 
message, or any attachment, that have arisen as a result of e-mail 
transmission. If verification is required, please request a hard-copy 
version. Any views or opinions presented are solely those of the 
author 
and do not necessarily represent those of John Crowley (Maidstone) 
Ltd.



--
Real people for the virtual world.
http://www.elirion.net 
-- 

-ATD-

-------------------------------------------------------------
Secure Network Operations |     Strategic Reconnaissance Team
http://www.snosoft.com   | recon () snosoft com 
Cerebrum Project   | cerebrum () snosoft com 
-------------------------------------------------------------
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
                                                                              
   


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]