Re: How to REALLY delete data

From: Mikko Nahkola (mnahkola_at_trein.ntc.nokia.com)
Date: 10/27/05 

Date: Thu, 27 Oct 2005 08:52:27 GMT

In article <9nP7f.15376$ub3.8723@news.cpqcorp.net>, Rick Jones wrote:

>>> And _they_ should be the ones wiping the discs, not you. As
>>> trustworthy as you likely are, they should not be trusting anyone
>>> outside of their organization with the procedure. Unless you happen
>>> to be a bonafide data security contractor or something.
>
>> Hey, it could be that the data isn't _their_ customer data. It could be
>> their old public-'net proxy, for example. I still wouldn't sell those
>> disks unwiped myself...
>
> If they have a system with sensitive data on it, they should be the
> ones wiping it.
> Now, if you are assuming they will have sensitive data on it, but do
> not _know_ the discs will have sensitive data, that might be a
> different story.

Isn't supposed to be. In a place like that, if you don't know what's on
a disk, wipe it just to be safe.

Now, if you _know_ that the disk only contains your DMZ's public-'net
proxy cache stuff, or something like that (already-published press
releases?), then you might decide that it isn't sensitive enough to need
wiping - particularly if you've contracted out all that to an expensive
security contractor who charges by the disk.

I could see requiring a somewhat-trusted buyer to do the wiping in
_that_ case.
 
Mind you, I'd still prefer to see everything wiped in-house. 

-- 
Mikko Nahkola <mnahkola@trein.ntc.nokia.com>
#include <disclaimer.h>
#Not speaking for my employer. No warranty. YMMV.

Relevant Pages

  • RE: Suggestion: erase data posted to the Web
    ... and sensitive data left on disk after having been paged out. ... > memory might get data freed up or abandoned by previously running ... What you need is a weighted threat model, ...
    (Bugtraq)
  • Re: Unable to reformat hard disc on RPC
    ... In such cases serious attempts at wiping the disk would be a ... sensitive data that the average user might have on their computer. ... 3rd parties on your disk. ... people who do similar things with computer hard drives. ...
    (comp.sys.acorn.hardware)
  • [PATCH] zero disk pages used by swsusp on resume
    ... resume as they may contain sensitive data that was never intended to be ... stored on disk in an way ... static struct swsusp_info swsusp_info; ... send the line "unsubscribe linux-kernel" in ...
    (Linux-Kernel)
  • Re: Erase a floppy disc??
    ... does it - sensitive data on, hard disks, optical disks, tapes, chips, ... |> I'm not certain that formatting it as a startup disk would ... | sophisticated data recovery techniques that can ... | chicken bones to look for discarded diskettes, ...
    (microsoft.public.windowsxp.general)
  • Re: any component/library to wipe a file
    ... file contains random data and is later rewritten seven times, ... That is probably fine if you need it for your own use and you have the necessary discipline, but if you really need a secure storage solution for your end users it is probably better to have them use secure storage hardware instead. ... Another option is, of course, to encrypt the contents of the file, and write your run time code to minimize the risk that sensitive data in internal memory swapped to disk, so that you don't have to worry that sensitive data ever hits the disk in the first place. ...
    (borland.public.delphi.thirdpartytools.general)