Home page logo

basics logo Security Basics mailing list archives

Re: Interesting One
From: "Meritt James" <meritt_james () bah com>
Date: Fri, 01 Nov 2002 14:37:56 -0500

Looks quite spectactular if you use a microwave oven...

Trevor Cushen wrote:

Two minutes opens a disk drive and a further one minute will burn the
platters (Sure burn the whole thing).  Three minutes tops.
I don't think I like the idea of you carrying a hammer around with your
views on end users.  You could crack at any moment and let rip (quite
understandable and justified to all admins etc but the law seems to
frown on this, will it ever catch up with the technology??????).

Trevor Cushen
Sysnet Ltd

Tel: +353 1 2983000
Fax: +353 1 2960499

-----Original Message-----
From: Michael Vaughan [mailto:list () predator-hunter com]
Sent: 30 October 2002 19:37
Cc: security-basics () security-focus com
Subject: RE: Interesting One


Here is how to erase a hard drive securely.

1) Boot to a floppy and wipe it securely using a program that randomly
encrypts the sectors on the hard drive as it runs 10-20 times.
2) Take the Hard Drive out of the computer/server and set it on a bench
AWAY from other magnetically sensitive materials.
3) Take a natural magnet and set it on top of the hard drive for a
couple of days.
2) Take the Hard Drive and go outside.
4) Take a hammer to it and ENSURE you shatter the platters. Think of end
users tends to motivate me a little...  :)
5) Take apart the hard drive and dump the platter pieces into a bag.
6)(Optional) Dump the pieces of platter in a river and hope no one sees
you do it.

I was told this by a person with a 3 letter federal agency.  They best
way to erase a hard drive (for the average person) with critical data is
the above minus #5 & #6.

If it was me...I would simply securely destroy the hard drive and buy a
new one.  Any more than 15-30 minutes is wasting my time.  I typically
wipe the drive a few times and hammer the sucker to pieces.  I have had
to do it for some clients...

-Michael Vaughan
mvaughan () predator-hunter com

Version: 3.1
GIT/GMD/GO d+ s+:+ a32 C++ UL+++ P+ L+++!E W+++ N++ o- K- w++++ O- M+ V
PS--- PE+ Y+ PGP++ t+++@ 5-- X++ R- tv b++++ DI+++ D--- G++ e* h-- r--

The information contained in this message may contain privileged and
confidential information and is intended only for the internal company
use of the individual or entity named above.  If the reader of this
message is not the intended recipient, or the employee or agent
responsible to deliver it to the intended recipient, you are hereby
notified that any examination, distribution or copying of this
communication is strictly prohibited.  Furthermore, any and all
recipients of this message are prohibited from engaging in the
unauthorized dissemination of the information contained herein to
person(s) outside the company.   If you have received this communication
in error, please notify sender immediately.

-----Original Message-----
From: Dan Darden [mailto:dld2517 () yahoo com]
Sent: Tuesday, October 29, 2002 11:35 PM
To: John Orr; security-basics () security-focus com
Subject: RE: Interesting One


Think atomically.  There can be millions of atoms in a apace the size of
a pin tip.  A write head need not turn every atom in a layer of magnetic
material one way or the other.  It only needs to turn just enough
'clearly' one way in order for the read head to pick it up again.  If we
talk about a layer of magnetic material that is just .0001" thick we are
still talking about layers upon layers upon layers (need I go on....) of
atomic material.

It can be done!

Dan Darden.

Email dld2517 () yahoo com for your security
questions and information.

Hoax Info: http://hoaxbusters.ciac.org

"Everyday I beat my own personal record for
number of consecutive days I've stayed
alive" -- Author Unknown ===========================================

-----Original Message-----
From: John Orr [mailto:JOrr () austinbank com]
Sent: Tuesday, October 29, 2002 12:15 PM
To: dadams () johncrowley co uk; security-basics () security-focus com
Subject: Re: Interesting One

  Personally, I think he is full of... hot air.

  Bits are either "on" or "off", "1" or "0".  If you change that pattern
(i.e. write over the same data area with a different sequence of bits),
then the previous state of that field would not be determinable.
Granted, there may be some residual magnetic field left on a particular
area that is now "0" that had been "1", but the converse would not be
true.  There would be no residual field to read on an area that is now
"1" that had been "0".

  Sounds like sales fluff to me.

  Anyway, that is my opinion, based on years of experience and a good
knowledge of physics.


John Orr
Austin Bank
903.759.3828 x2113
903.297.3094 fax
jorr () austinbank com

"Dave Adams" <dadams () johncrowley co uk> 10/28/02 04:06PM >>>
Greetings Folks,

I had an interesting conversation today with someone from FAST
(Federation Against Software Theft) They pretend not to be a snitch wing
of the BSA. Anyway, to get to the point, the guy that came to see me
said that their forensics guys could read data off a hard drive that had
been written over up to thirty times. I find this very hard to believe
and told him I thought he was mistaken but the guy was adamant that it
could be done. My question is, does anyone have any views on this, or,
can anyone point me to a source of information where I can get the facts
on exactly how much data can be retrieved off a hard drive and under
what conditions etc etc.


Dave Adams

This message (and any associated files) is intended only for the use of
the individual or entity to which it is addressed and may contain
information that is confidential, subject to copyright or constitutes a
trade secret. If you are not the intended recipient you are hereby
notified that any dissemination, copying or distribution of this
message, or files associated with this message, is strictly prohibited.
If you have received this message in error, please notify us immediately
by replying to the message and deleting it from your computer. Messages
sent to and from John Crowley (Maidstone) Ltd may be monitored.

Internet communications cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses. Therefore, we do not accept
responsibility for any errors or omissions that are present in this
message, or any attachment, that have arisen as a result of e-mail
transmission. If verification is required, please request a hard-copy
version. Any views or opinions presented are solely those of the author
and do not necessarily represent those of John Crowley (Maidstone) Ltd.


This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.

If you have received this message in error please notify SYSNET Ltd., at
telephone no: +353-1-2983000 or postmaster () sysnet ie


James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]