Study: 78% of Resold Drives Still Contain Readable Personal or Business Data (consumerist.com) 207
itwbennett writes: Blancco Technology Group, which specializes in data erasure, bought 200 secondhand PC storage drives (PDF) from eBay and Craigslist to see if they could recover any of the old data saved inside. Their findings: 78 percent of the drives contained residual data that could be recovered, 67 percent still held personal files, such as photos with location indicators, resumes and financial data, and 11 percent of the drives also contained company data, such as emails, spreadsheets and customer information. Only 10 percent had all the data securely wiped, Blancco said. The Consumerist points out that Blancco makes their money from promising secure data erasure, so the company has a "strong and vested interest in these results." As for why so many of the drives contain unwanted information, the report says it has to do with the difference between "deleting" data and "erasing" data. Your files aren't actually deleted when you drag them to the Trash or Recycle Bin, or by using the delete key -- shocking, I know. You can format a drive to erase the data, but you have to be careful of the format commands being used. A quick format, which was used on 40% of the drives in the sample, still leaves some residual data on the drive for someone to possibly access. A full format, which was used on 14% of the drives, will do a better job in removing unwanted files, but it too may still miss some crucial information. The solution Blancco recommends: buy a tool to perform complete data erasure.
Simple under linux (Score:5, Insightful)
dd if=/dev/zero of=/dev:sdb
or for the paranoid
dd if=/dev/urandom of=/dev/sdb
Why buy an expensive product when a simple one-liner will do the same job
Re:Simple under linux (Score:5, Interesting)
Was about to post that. For a nice progress indicator, use
dd_rescue -w /dev/zero /dev/target
Apparently, a single zero-overwrite is entirely enough for modern disks (say, newer than 15 years or so), as these are used close enough to the surface data density limit that even magnetic force microscopy can recover a few scattered bits at best after a zero-wipe.
I think the main problem here is that to do something like this under Windows, you have to jump through some hoops. And the other main problem is (of course) that people do not understand how disk storage works in the first place.
Re: (Score:3, Informative)
If you're decommissioning an online disk, the simplest solution would be to boot one of the live-distro Linuxes and run dd on it.
Of course, that does require a certain minimum level of competence. More, perhaps than you'd find in a PHB, but less than you'd find in a hamster.
Re: (Score:2, Funny)
If you're decommissioning an online disk, the simplest solution would be to boot one of the live-distro Linuxes and run dd on it.
Or you could just let Windows update itself to Win10 and then try to rollback to Win7, by all accounts that's just as effective at deleting your data.
Re: (Score:2)
LOL - I'd love to mod you up. Too bad I already posted here.
Re: (Score:2)
No, the simplest solution is to simply not ever bother putting the decryption key on that drive. That way, when the drive fails and you're unable to write to it, your work has already been done.
Re: (Score:2)
I don't know why anyone would retire a drive with private data on it without destroying it.
Because it will fetch something on ebay? Because it is wasteful to destroy something that is perfectly good?
Re: (Score:2)
Even easier than a drill press is a hammer and nail. Most drives that still function will be glass substrate on the platter, so if you drive a nail into it, very likely it will shatter.
Re:Simple under linux (Score:4, Informative)
You don't need to do it under Windows though - burn a Linux USB and off you go.
Hell, there's a bootable image just for it : Darik's Boot and Nuke [dban.org]
Blancco are just capitalising on ignorance (and risk-aversion in the business community which only tends to regard something you pay for as being a safe bet, despite the usual license agreements which preclude the vendor having any liability anyway).
Re:Simple under linux (Score:4, Informative)
Hah, hadn't realized that Blancco is apparently just the monetization of DBAN.
Re: (Score:2)
Ooops ;-)
Re: (Score:2)
That already qualifies as a number of hoops for the average user, and that is the problem. Apparently, even googeling "erase disk" is far too complicated for the average user. Of course, you and me will have that Linux boot CD/DVD/USB-key already laying around, but the average user is apparently so limited that companies like Blancco make good business on something that is easy to do with free tools.
DBAN is nice though. Had not heard of it before.
Re: (Score:2)
"burn a Linux USB"
WTF???
Re:Simple under linux (Score:4, Interesting)
Interestingly a few organisations have been bitten in the past, for instance by dos-based commercial disk wiping software which only wiped the first 8GB of any drive. I've even encountered a company that wanted to continue using such software because it was "much quicker at wiping large drives" which isn't surprising given that it doesn't wipe the whole drive.
Re: (Score:3)
Blancco isn't just capitalizing on ignorance, it is a tool for people who need reports on each drive's wipe. Anyone can do a dd if=/dev/zero of=/dev:sdb (or similar) but can you report back that it was actually done, in a certified report? Blancco can, and that is a major and valid selling point.
On the otherhand, you can just degauss the damn drive and ruin it without breaking it with a hammer. http://www.garnerproducts.com/ [garnerproducts.com]
Re: (Score:2)
Unless it is a report digitally signed by a secure erase device, that report is worth about as much as a person certifying the erasure.
Re: (Score:2)
Apparently, a single zero-overwrite is entirely enough for modern disks (say, newer than 15 years or so), as these are used close enough to the surface data density limit that even magnetic force microscopy can recover a few scattered bits at best after a zero-wipe.
Well, yes, but many modern disks don't have a surface to speak of. cf SSDs
Re: (Score:3)
By "modern disk" I mean "disk", not "disk emulator" (what an SSD essentially is), of course.
For an SSD, if you want an "eBay safe" erase, just do the zeroing. Some expensive data-recovery software may still recover buffers and the like. If you need more, do physical destruction. You cannot really trust that the ATA "Secure Erase" command does what it claims.
But the whole discussion here is not about disks with any really high-value data on them. For those, always do full zeroing, ATA Secure Erase (if an SSD
Feed /dev/zero into a CBC cipher with OpenSSL (Score:4, Interesting)
Some SSDs use lossless data compression (analogous to gzip) to pack more sectors into fewer physical pages so that they don't have to spend quite as much time erasing pages. To avoid this possibility, you might want to use a cipher to generate noise that the drive's firmware cannot compress.
Re: (Score:2)
Still not trustworthy unless you trust the secure erase. I don't.
Re: (Score:2)
You can always download DBAN, just burn it to cd and boot.
Shred (Score:2)
shred (Score:2)
I've been using /dev/target
shred -vf -n 1
myself to overwrite with pseudo-random data. Seems to come with pretty much every Linux distro, and appears to be purpose-built for secure erasure. It supplies a regular progress update, allows for multiple passes (hence the 1, it defaults to 3), and even allows for a final "zero pass" for the paranoid who want to hide the fact that they did a secure delete.
GNU Shred (Score:3)
Use shred -n 7 /dev/sda - dd is hardly sufficient, especially if my finances are involved.
NAME shred - overwrite a file to hide its contents, and optionally delete it
SYNOPSIS shred [OPTION]... FILE...
DESCRIPTION
Overwrite the specified FILE(s) repeatedly, in order to make it harder
for even very expensive hardware probing to recover the data.
Mandatory arguments to long options are mandatory for short options
too.
-f, --force change permissions to allow writing if ne
Re: (Score:2)
dd is sufficient. It doesn't have to be zeros -- it could be /dev/random or a long series of concatenated goatses: Once the bits are set into different byte patterns, nobody can tell what the previous bytes were anymore.
They used to be able to recover some data using a process called magnetic force microscopy, but those days are gone and the process was/is expensive enough that your financial data wasn't a cost-effective proposition.
One thing that none of these high-level software erasure techniques can d
Re: (Score:2)
You can do that if you do not mind it taking much longer. /dev/urandom only gives you something like 10...20MB/s. And nobody has data so secret that a few recovered bits put them at risk.
Re: (Score:2)
I would just sort all the bits.
The first half of the drive will be all 0's the second half will be all 1's.
Re: (Score:2)
One option would be to use, say, AES in counter mode with a key gotten from /dev/(u)random and overwrite with that. Should give you > 100MB/s on a modern CPU. But it seems nobody cares enough to implement that (would take maybe a few hours), I know that I do not.
Re: (Score:2)
Would it really be slower? I'm assuming the rate limit is the disk IO speed, not the CPU time.
Re: (Score:2)
For /dev/urandom, you assume wrong, unless you have a very, very slow disk. For /dev/zero, you are right.
Re: (Score:2)
Darik boot and nuke is a Linux distribution designed to wipe out the drive for the extremely paranoid. With an easy to use menu interface.
Re: (Score:2)
Wrong, /dev/sda5
shred --verbose
for the GNU world.
Most Windows orientated users will have a file compression program and most antivirus have a shred utility to securely delete files, you can get linux ISO images that shred every disk on a computer as well.
The only thing worse than being insecure is thinking your secure when your not.
Re: (Score:2)
dd if=/dev/zero of=/dev:sdb
That just fills your / partition with a file called dev:sdb and causes nothing good.
dd if=/dev/urandom of=/dev/sdb
That is incredibly slow, as output is slowed down to better get the random pool filled.
Re: (Score:2)
Simple, but wrong.
Consider that your drive might have detected some anomaly while updating the sector containing your secret, and migrated some of your super-secret data away from the suspect sector to another, then marking the original sector as bad. No amount of overwriting will ever overwrite the bad sector, as the drive electronics will not allow it. That data is there permanently.
If you need to really secure your data, the time to do it is before you write it to a device that was designed to not lose
Re: (Score:2)
Why buy an expensive product when a simple one-liner will do the same job
What if there's a problem with the physical drive that prevents the system from recognizing it, or writing data to it?
Doing a dd is also very time consuming. If I had to do this routinely I'd invest in a disk punch or shredder.
Encrypt your drives. (Score:3, Interesting)
Delete the block containing the keys.
For this threat model, this is the perfect answer (if you trust the encryption, that is).
No need for some "secure erase" snake oil.
Re: (Score:3, Funny)
Delete the block containing the keys.
For this threat model, this is the perfect answer (if you trust the encryption, that is).
No need for some "secure erase" snake oil.
You know the cheapest and most secure way to delete your data is to hit the disk a few times with a slegehammer. It's also a great tension reliever. Of course, after you have had a smashing good time please dispose of the part(s) in a responsible manner. :-)
Re:Encrypt your drives. (Score:5, Funny)
> You know the cheapest and most secure way to delete your data is to hit the disk a few times with a slegehammer.
I find that don't make as much on ebay once I've done that.
Don't have to buy one (Score:5, Informative)
You don't have to buy a secure hard drive erasure tool, DBAN [dban.org] does a reliable job for most drives and is free. SSDs are a new kink in the mix that means that some really advanced tools could retrieve data from the drives, even after a complete wipe but, if you're going up against people that dedicated, I recommend a sledgehammer instead.
Re: (Score:2)
I recommend a sledgehammer instead.
While that sounds fun, it likely would be less effective than you might think...
Or it might be, but can you be sure?
https://www.semshred.com/conte... [semshred.com]
Re: (Score:3)
It all comes down to your potential data thief. If it's just some wannabe hacker who buys your drive off ebay, then a tool such a DBAN or the dd commands in linux should do the trick, even for SSDs. If you're up against professional data thieves, you'll want to smash and then have the drive shredded (don't send it to the shredders intact as there have been cases of the drives being resold intact instead; probably by unscrupulous employees). If you're up against the CIA, FSB or the Mossad, dissolve it in
Re: (Score:2)
One place where I worked uses a center-punch or hand drill to perforate the disk platters, then bends them with pliers; laptop disk platters tend to be made of glass, and shatter in a most gratifying manner. Physical destruction of the platter is definitely the most effective way to permanently delete its data.
Re: (Score:2)
DBAN seems to be owned by the company posting the article as well - their front page links to Blancco software and has a comparison chart :
http://dban.org/download [dban.org]
Basically, they're capitalising on corporate dipshittery. It's impossible to attest to the destruction of digital data, because it's so readily copyable. If you must be sure that a given data vessel is unrecoverable, then physically destroy it - unless it's something exotic, it will be cheaper than all that paperwork.
There are some useful features
Re: (Score:2)
Yea, it sad that they were bought. But, use the free tool. If it's important enough that you would need the professional product, just destroy the drive and be sure.
Re: (Score:2)
Many SSDs support encryption with Windows 8+. There is some slow progress on Linux support. With Windows 8.1 manufacturers are required to enable it transparently on their devices if the hardware supports it. For example, Microsoft Surface tablets are fully encrypted by default.
With encryption by default the user doesn't need to enter a key, that's stored in secure memory on the PC. But when they want to discard that machine they can do an instant secure wipe that takes it back to factory settings, with no
Re: (Score:2)
Why? (Score:5, Insightful)
Why do people even sell old hard drives, let alone BUY used drives that may be full of bad sectors or viruses?
Re:Why? (Score:4, Informative)
Re:Why? (Score:4, Informative)
Modern drives will silently remap sectors without telling you (unless you look at the SMART status).
Once they exhaust their pool of spare sectors, then they start telling things higher up the chain that there are bad sectors.
By the time a disk is reporting bad sectors to the OS (as a bad sector, instead of incrementing a SMART counter and silently carrying on) it has remapped so many bad sectors that it can no longer automatically remap them and is now telling you there is a problem.
In my experience, every single drive that I've seen reporting even a single bad sector will soon go pear-shaped and shouldn't be used.
Re: (Score:2)
That's the problem with SMART. If it says something is bad, it is. If it says everything is good, you don't really know for sure -- you may just be one bad sector away from hitting the "too many bad sectors to remap them all".
Re: (Score:2)
Huh? There's a SMART attribute that already says "number of remapped sectors". It should be zero. It might hit 1 or 2 if it's a portable drive treated badly, but that's it. Once it starts hitting double digits, the drive is generally going. It may have a few months of error free opera
Re: (Score:2)
In my experience, every single drive that I've seen reporting even a single bad sector will soon go pear-shaped and shouldn't be used.
Not that I want to go back to measuring disk size in tens of megabytes, but I do have a certain nostalgia for the days when hard errors would sometimes correct themselves and an unusable sector would become usable again.
Re: (Score:2)
Re: (Score:2)
Why do people even sell old hard drives,
Because $20 is better than $0 in my pocket.
let alone BUY used drives that may be full of bad sectors or viruses?
Because a chance at a lot of personal data is worth $20.
What about the remaining 22% ?!? (Score:2)
Re: (Score:2)
Or perhaps they never had anything on them to start with?
Many companies keep a pool of spare drives for various reasons (e.g. hot spares incase any fail in a raid array), but these drives are discarded along with the live ones once they become obsolete. It's not uncommon for drives to be disposed of which have never been used at all.
Only $5 and way more satisfying (Score:4, Insightful)
I already bought a data erasure tool years ago, it's my trusty 16oz ball peen hammer.
Re: (Score:2)
Re: (Score:2)
I already bought a data erasure tool years ago, it's my trusty 16oz ball peen hammer.
I have yet to sell a second hand drive on ebay that's been pounded with a hammer for more than $zero, or in your case -$5 depending on how many drives need peening.
When I hear the words (Score:3)
"Craigslist" and "Hard drive" used in the same sentance I'm expecting either an interesting story or a punchline at the end of it.
Simple solution (Score:2, Interesting)
1) Use one of the many freely available utilities to overwrite the entire drive
2) Use a script to fill the drive with randomly named copies of goatse, tubgirl and other such wonderful images. Throw some of them into other document formats as well, just to keep things interesting. For added fun, make sure all the MS office documents are infected with macro viruses. Bonus points if the random names are made using a list of enticing words like "password", "private", "taxes", "accounts", etc.
3) Delete all th
Re: (Score:2)
You sir, have a single-minded dedication to evil... I salute you!
Re: (Score:2)
Just Google "BBW" + "Scat" If you don't find the originals, you should find some work-a-like images
Who sells their old drives? (Score:2)
Re: (Score:2)
My place of choice is the old gravel pit, where I can light off small amounts of thermite without much risk. If I'm all out of thermite, the same location serves as a handy shooting range, which also gets the job done, but the noise attracts unwanted attention.
Re: (Score:2)
Make sure he wears safety glasses.
Re: (Score:2)
I usually get used drives at yard sales, either inside of a used PC or sometimes as an external. Every single time, there has been personal information included. Only once has any of their data been interesting, and it's never been the personal information in my case. They just had a cool mp3 collection.
Re: (Score:2)
I can confirm the near-ubiquitous presence of personal data - I've been "refurbishing" donated PCs for the local thrift store - basically just a secure delete and Linux install (plus a big "NOTICE: this computer can't run normal programs + details" label on the side to reduce buyer's remorse), and have yet to encounter a computer that has even had the personal data even superficially deleted. Apparently most people don't have any concept of security.
Re: (Score:2)
plus a big "NOTICE: this computer can't run normal programs + details" label on the side to reduce buyer's remorse
Does the label mention Wine, which can run many but not all Windows desktop applications?
Re: (Score:2)
Actually yes, at the bottom of a short list of suggested applications further down the page. I had even briefly considered pre-installing it, but decided a secure wipe and Linux install was about as much effort as I felt like donating (the store is operated as a funding source for the local homeless shelter)
I decided a big warning was called for as I had been informed by multiple friends around town that they had seen terrible return rates with Linux PCs, and the thrift store has a no returns policy. Unde
Re: (Score:2)
"I have a hard time seeing how it is worth the effort to sell an old drive. "
Mostly, you're right. But if you work in an IT department and have 700 of the blasted things stacked in the corner after an upgrade, it may be worth the effort to gather em up and sell them -- especially if you can use volunteer labor to clear them. Also, if you want to donate your old PC to a charity or sell it at a garage sale, you might want to clear the drive and install a fresh copy of the OS.
Re: (Score:2)
People sell the machines with the drives still inside, sometimes it can be quite a considerable hassle to remove the drive and doing so significantly decreases the resale value of the laptop as it's no longer a fully working unit.
Or... (Score:2)
Rather than buy... Use Darik's Boot and Nuke.
ou still have to cope with Blancco's ads, but it does do the job
Y
Built into the hard disk's firmware? (Score:3)
At least for hard disk drives, what happened to just using the low level tools? .iso file that is distributed.
Historically it was dead easy to run them from DOS. Still looks like it's possible, e.g. with Seagate it's an
See there, page 6/20, section G. : (an emphasis added)
http://www.seagate.com/files/s... [seagate.com]
Seagate is not responsible for lost user data. Erase Drive is available for Seagate or Maxtor drives only. ... BLAH BLAH BLAH
Five choices are available under this section:
Secure Erase. This method uses the drive firmware to erase the data by overwriting the data
with zeros. In Enhanced Erase mode, all previously written user data shall be overwritten,
including sectors that are no longer in use due to reallocation. Secure Erase requires a user
password to run which is deleted at the conclusion of the procedure. If your drive does not have
a user password, SeaTools for DOS will set a temporary password "idrive" without the quotes.
This password will be removed at the end of the Secure Erase so you never need to actually use
it to access your drive. If
No idea if you have a UEFI computer, maybe you need to use BIOS emulation, maybe it works, maybe it doesn't because you lack BIOS emulation etc.
But then, they've got a Windows version as well. The pdf for that is harder to read says it's from October 2015. It has a changelog.
It's more terse but says stuff like :
http://www.seagate.com/files/w... [seagate.com]
- SED Crypto Erase
Self-Encrypting Drive Instant Secure Erase. If the drive supports hardware
encryption, this menu will be displayed. Like Full Erase this command will permanently destroy
access to all user data on the drive, but will do so by the erasure of the drive encryption key which
takes less than one minute to complete. Both SAS and SATA drives are supported, but the boot
drive should not be listed as an available choice.
- Sanitize Erase
Write zeros to all user data sectors on the SATA drive including unallocated and
cache sectors. This command is mostly found on SSD drives
Failing vendor tools, see what the FLOSS punks have
https://tinyapps.org/docs/wipe... [tinyapps.org]
So, a quote, with a bolding on what I thought was fun.
Explanation
According to National Institute of Standards and Technology (NIST) Special Publication 800-88: Guidelines for Media Sanitization, Secure Erase is "An overwrite technology using firmware based process to overwrite a hard drive. Is a drive command defined in the ANSI ATA and SCSI disk drive interface specifications, which runs inside drive hardware. It completes in about 1/8 the time of 5220 block erasure." The guidelines also state that "degaussing and executing the firmware Secure Erase command (for ATA drives only) are acceptable methods for purging."
Benefits
Can securely wipe most PATA/SATA hard drives manufactured this century
Reportedly restores peak performance to SSD drives (though SE fails to securely wipe some SSDs) [hummm...]
hdparm/Linux offers much better hardware support than HDDErase/MS-DOS
Overwrites blocks marked as bad by the hard drive (which DBAN and similar tools ignore)
Though speed (vs. block erase wiping tools like DBAN) is often cited, the difference is negligible.*
Don't just format - zero out (Score:2)
Remember kiddies:
Don't just format - zero out.
--zero_out
macOS (OS X) (Score:2)
Disk Utility > Erase > Security option > Most secure (DOD 5220-22M compliant)
Only two ways to ensure data privacy (Score:2)
If you're squeamish about physical destruction, you can always use Darik's Boot and Nuke (DBAN).
Re: Buying not needed (Score:4, Informative)
Set a password for the drive and issue an ATA secure erase using hdparm. This will get all the remapped sectors as well. Procedure documented here
https://ata.wiki.kernel.org/in... [kernel.org]
Re: (Score:2)
Re: (Score:2)
Paper I read stated . . . . . . .
One of the problems in this area is that people are writing papers based on information that was true 20 years ago but is no longer valid today, due to the massive increase in bit density of modern hard drives. A single wipe renders data unrecoverable, even with super-secret NSA government magic.
Re: (Score:2)
For clarification, it's not unrecoverable. It's just so cost prohibitive and time consuming to recover it that recovery is unreasonable. A subtle difference but, important if they want you bad enough that they're willing to throw years and millions of dollars away to get you.
Re: (Score:2)
For further clarification, I once read about that story after I was pointed out I was wrong to believe in it.
Even back then it was a rather speculative paper, and consisted in looking after every single bit trying to find remanence, like, mmmm.... I think there's 70% probability there used to be a 1 here.
So I'm feeling like it has never been possible, but we could wonder what can be done today, if throwing millions of dollars at an old 20MB or 10MB hard drive.
Re: (Score:2)
78% of Crapdot stories are worse under the new editors.
What's your baseline? Because if you mean Dice time, I completely disagree.
Re: (Score:2)
I concur. Dice was Ramsey Bolton and the question is whether current management wants to be Reek, Theon Greyjoy or John Snow.
They started off doing a good Theon impression but I'm seeing more and more Reek with purposefully clickbait written article summaries recently.
The editing is bad, but the modding is worse. (Score:3, Interesting)
I've not been impressed with the editing, as well, but I find the moderation to be much more disruptive these days. I've had to start browsing at -1 all of the time just to see perfectly fine comments that are at -1 for some reason. It defeats the purpose of having a mod system if I have to disable it all the time, ya know? Once a good comment ends up at -1 it's like it never gets seen by the mods again, so it will likely remain at -1. I think that anyone with mod points should automatically be shown the -1
Re: (Score:3)
-1 = "I don't like your opinion, you're a troll" far too often. Politically incorrect wording of a factual statement is likely to be modded -1 almost all the time. The issue is that the system needs more Meta Moderation, so that people who are wounded by chalk marks aren't allowed to get Mod points very often, leaving the discussion to people who are adults who merely disagree on a particular subject.
Political Correctness is censorship, and the worst kind.
Re: (Score:3)
-1 = "I don't like your opinion, you're a troll" far too often. Politically incorrect wording of a factual statement is likely to be modded -1 almost all the time. The issue is that the system needs more Meta Moderation, so that people who are wounded by chalk marks aren't allowed to get Mod points very often, leaving the discussion to people who are adults who merely disagree on a particular subject.
Political Correctness is censorship, and the worst kind.
Whatever. I would think that people showing up to your house, putting a bullet in your head and burning your letters and manuscripts would be a much worse kind of censorship, but everybody has their own degrees of comfort with this sort of thing. Still, if posts are getting modded to -1, in many cases they are an AC and highly probably a troll, or they are being such an asshole they have pissed off at least three people to the point of modding them down, and fit a pretty good definition of being a troll. St
Re: (Score:3)
Censorship is when you prevent someone from communicating in some way. Calling the speaker names isn't censorship, and attempting to stop people from doing that is censorship. There's nothing stopping anyone from posting something on Slashdot, and no matter how many people post replies that are just insults and ad hominems, the post is still there.
Re:The editing is bad, but the modding is worse. (Score:4, Interesting)
I've been coming here for 7 years, and I've always browsed at -1. Comments modded down for inappropriate reasons has always been a problem, at least during my time here, but I agree that it's become much worse in the last few years. When I have points I always mod such comments back up. I also mod up comments which I don't agree with, and which I may consider assholish, but which I feel are well thought out and/or important to the overall discussion.
I love your point about the scarcity of comments, and I agree that the mod system needs to be tweaked. Doing so might even start to raise the level of discourse again and bring back some worthwhile voices that have left in frustration at Slashdot's downward slide. While we're on the (off-topic) subject, I think people need to back off from slagging the editors so much. They're doing a difficult job, trying to balance the desires of a very cranky, picky membership with the need to keep the site financially viable. Yes, we still need to call them out on obvious Slashvertisements - but beyond that, they're doing a pretty good job. We need to be careful here - otherwise the ghost of Timothy will come back to haunt us; or, worse yet, Slashdot will cease to exist.
Re: (Score:2)
Discuss.
No. Go back to 4chan.
Re: (Score:2)
You mean you have been a Slashdot anonymous troll. Users sign up for accounts.
Re: 78% of Crapdot stories are worse now (Score:2, Interesting)
This story bugs me in part because there's a pretty blatant conflict of interest.
The Consumerist points out that Blancco makes their money from promising secure data erasure, so the company has a "strong and vested interest in these results."
There's every reason to want the results to seem as severe as possible because that drives sales. While not necessarily invalidating the results, it's like trusting Coca-Cola to impartially study the effects of sugary drinks on health, ExxonMobil to study the impacts of burning fossil fuels on climate change, or the makers of any dietary/weight loss supplement to study the health effects of their product. There are always ways
Re: (Score:2, Informative)
Can Intelligence Agencies Read Overwritten Data?
Daniel Feenberg
National Bureau of Economic Research
Cambridge MA
Claims that government intelligence agencies can recover overwritten data on disk drives have been commonplace for many years now. The most commonly cited source for this claim is a paper, "Secure Deletion of Data from Magnetic and Solid-State Memory", written by Peter Gutmann in 1996. Gutmann believes that an overwritten sector can be recovered under examination by a sophisticated microscope and
Re: (Score:3)
Regardless of whether Gutman's claims in 1996 were valid back then, they fundamentally relied on loose manufacturing tolerances of certain mechanical attributes of the drives of that era. Drive tech has completely changed in the last 20 years in the race for increased data density, and those old faults are no longer relevant.
That said, if you want to keep your data safe today, there are a few things to consider:
1. Drives are made for reliability as a primary goal, not secure erasure. A drive that detects a
Re: (Score:2)
(1) is even more relevant for SSDs.
(2) is of course the best advice, but many avoid crypto because it can make it hard to recover files even knowing the password, and it can be hard to find a good crypto solution that works on boot if you still use Windows.
(3) is the most relevant for this particular article, and sort of shows why this discussion is unlikely to help many people- no one contributing to this discussion will ever sell a hard drive of theirs.
The best secure deletion method appears to be a claw
Re: (Score:2)
The best secure deletion method appears to be a claw hammer, some goggles, and a few spare minutes.
But if you do that with your HDD, you might damage the shiny coffee mug coasters inside.
Re: (Score:2)
There's every reason to want the results to seem as severe as possible because that drives [Blancco] sales. While not necessarily invalidating the results, it's like trusting Coca-Cola to impartially study the effects of sugary drinks on health .. [etc],
It does not matter what the exact percentage is. The point is that many people sell used HDDs with data still present and that people should be more careful; would you argue with that? I can vouch that people do sell used HDDs with data on, having bought a few myself, and even if I happened to buy the only used HDDs ever to be sold in the World with data on them, unlikely as that is, the message to be careful is still valid.
Your claimed parallel with Coca-Cola etc is not a true one. The data on HDDs is a
Re: (Score:2)
All of it. A full format re-writes the file tables and the sectors but, the data is still there and can be pieced back together. It's really hard to reassemble files if they are badly fragmented but, you can capture the majority of data, especially for common file types. Images are really easy to pull. Videos are hard to get intact due to fragmentation but, you will get, at least, some of it. In order to clear the drive, you have to, at minimum, write 0s to every bit on the drive. That requires either
Re: (Score:2)
Re: (Score:2)
And that drive is now no longer part of the statistics for resold drives, and you've increased the percentage of resold drives that still have personal data on them. Way to not solve the problem.