Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Secure Delete for Windows
From: bkfsec <bkfsec () sdf lonestar org>
Date: Wed, 18 Jan 2006 15:09:28 -0500

J.A. Terranson wrote:

(1) I do have something "useful to say".  The exact same thing every other
security conscious person is saying:

No source?  An exe?  Baaaaaddddd newwwwwssssss....

Publicly released "tools" are only safely released through open source
(or, "full disclosure" if you prefer).  Without source, it's you who
should be taking a turn at stfu.

I'm going to back up the general point of J.A.'s statement.

People who don't care about security and could care less about transparency don't, by and large, use "file shredders". A handful of paranoid users might, but I think that these people are few and far between. Ensuring that files are deleted represents a willfulness amongst the user to be detailed (or paranoid, perhaps, depending on their motives and intentions). As such, I think that the same kinds of people who might be interested in a tool like this would be interested in reviewing the source code, for two reasons:

         - Verification that the code is not a trojan.
- Ensuring that the methods used in the secure deletion utility are sound. (Which is perhaps more important for the detail-oriented.)

In the end, it's easy to see the value of transparency, particularly in a product like this. There really is no sound argument for proprietization anymore. Code is so heavily commoditized that most programs are reinventions of older concepts. That isn't to say that there isn't some innovation going on, but the reality is that the only argument that can be used for proprietization is profit, and that's an argument that has been getting progressively less enticing as more commoditization occurs and as more code projects are shipped off to offshore workshops, the draw of proprietization is decreased - I would even say antiquated. Interestingly, people continue to proprietize code even in the face of that. I guess that that green aura is somewhat blinding. :)

(Not flaming anyone, just making some observations.)


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]