Re: Interesting One

["Meritt James" <meritt_james () bah com>]

Looks quite spectactular if you use a microwave oven...

Trevor Cushen wrote:
> Two minutes opens a disk drive and a further one minute will burn the
> platters (Sure burn the whole thing).  Three minutes tops.
> I don't think I like the idea of you carrying a hammer around with your
> views on end users.  You could crack at any moment and let rip (quite
> understandable and justified to all admins etc but the law seems to
> frown on this, will it ever catch up with the technology??????).
>
> Trevor Cushen
> Sysnet Ltd
>
> www.sysnet.ie
> Tel: +353 1 2983000
> Fax: +353 1 2960499
>
> -----Original Message-----
> From: Michael Vaughan [mailto:list () predator-hunter com]
> Sent: 30 October 2002 19:37
> Cc: security-basics () security-focus com
> Subject: RE: Interesting One
>
> Folks,
>
> Here is how to erase a hard drive securely.
>
> 1) Boot to a floppy and wipe it securely using a program that randomly
> encrypts the sectors on the hard drive as it runs 10-20 times.
> 2) Take the Hard Drive out of the computer/server and set it on a bench
> AWAY from other magnetically sensitive materials.
> 3) Take a natural magnet and set it on top of the hard drive for a
> couple of days.
> 2) Take the Hard Drive and go outside.
> 4) Take a hammer to it and ENSURE you shatter the platters. Think of end
> users tends to motivate me a little...  :)
> 5) Take apart the hard drive and dump the platter pieces into a bag.
> 6)(Optional) Dump the pieces of platter in a river and hope no one sees
> you do it.
>
> I was told this by a person with a 3 letter federal agency.  They best
> way to erase a hard drive (for the average person) with critical data is
> the above minus #5 & #6.
>
> If it was me...I would simply securely destroy the hard drive and buy a
> new one.  Any more than 15-30 minutes is wasting my time.  I typically
> wipe the drive a few times and hammer the sucker to pieces.  I have had
> to do it for some clients...
>
> -Michael Vaughan
> mvaughan () predator-hunter com
> http://www.predator-hunter.com
>
> -----BEGIN GEEK CODE BLOCK-----
> Version: 3.1
> GIT/GMD/GO d+ s+:+ a32 C++ UL+++ P+ L+++!E W+++ N++ o- K- w++++ O- M+ V
> PS--- PE+ Y+ PGP++ t+++@ 5-- X++ R- tv b++++ DI+++ D--- G++ e* h-- r--
> z++
> ------END GEEK CODE BLOCK------
>
> The information contained in this message may contain privileged and
> confidential information and is intended only for the internal company
> use of the individual or entity named above.  If the reader of this
> message is not the intended recipient, or the employee or agent
> responsible to deliver it to the intended recipient, you are hereby
> notified that any examination, distribution or copying of this
> communication is strictly prohibited.  Furthermore, any and all
> recipients of this message are prohibited from engaging in the
> unauthorized dissemination of the information contained herein to
> person(s) outside the company.   If you have received this communication
> in error, please notify sender immediately.
>
> -----Original Message-----
> From: Dan Darden [mailto:dld2517 () yahoo com]
> Sent: Tuesday, October 29, 2002 11:35 PM
> To: John Orr; security-basics () security-focus com
> Subject: RE: Interesting One
>
> John,
>
> Think atomically.  There can be millions of atoms in a apace the size of
> a pin tip.  A write head need not turn every atom in a layer of magnetic
> material one way or the other.  It only needs to turn just enough
> 'clearly' one way in order for the read head to pick it up again.  If we
> talk about a layer of magnetic material that is just .0001" thick we are
> still talking about layers upon layers upon layers (need I go on....) of
> atomic material.
>
> It can be done!
>
> Dan Darden.
>
> ===========================================
> Email dld2517 () yahoo com for your security
> questions and information.
>
> Hoax Info: http://hoaxbusters.ciac.org
>
> ===========================================
> "Everyday I beat my own personal record for
> number of consecutive days I've stayed
> alive" -- Author Unknown ===========================================
>
> -----Original Message-----
> From: John Orr [mailto:JOrr () austinbank com]
> Sent: Tuesday, October 29, 2002 12:15 PM
> To: dadams () johncrowley co uk; security-basics () security-focus com
> Subject: Re: Interesting One
>
>   Personally, I think he is full of... hot air.
>
>   Bits are either "on" or "off", "1" or "0".  If you change that pattern
> (i.e. write over the same data area with a different sequence of bits),
> then the previous state of that field would not be determinable.
> Granted, there may be some residual magnetic field left on a particular
> area that is now "0" that had been "1", but the converse would not be
> true.  There would be no residual field to read on an area that is now
> "1" that had been "0".
>
>   Sounds like sales fluff to me.
>
>   Anyway, that is my opinion, based on years of experience and a good
> knowledge of physics.
>
> -John
>
> --------------------------------------
> John Orr
> VP/CIO
> Austin Bank
> 903.759.3828 x2113
> 903.297.3094 fax
> jorr () austinbank com
>
> > > > "Dave Adams" <dadams () johncrowley co uk> 10/28/02 04:06PM >>>
> Greetings Folks,
>
> I had an interesting conversation today with someone from FAST
> (Federation Against Software Theft) They pretend not to be a snitch wing
> of the BSA. Anyway, to get to the point, the guy that came to see me
> said that their forensics guys could read data off a hard drive that had
> been written over up to thirty times. I find this very hard to believe
> and told him I thought he was mistaken but the guy was adamant that it
> could be done. My question is, does anyone have any views on this, or,
> can anyone point me to a source of information where I can get the facts
> on exactly how much data can be retrieved off a hard drive and under
> what conditions etc etc.
>
> Thanks
>
> Dave Adams
>
> This message (and any associated files) is intended only for the use of
> the individual or entity to which it is addressed and may contain
> information that is confidential, subject to copyright or constitutes a
> trade secret. If you are not the intended recipient you are hereby
> notified that any dissemination, copying or distribution of this
> message, or files associated with this message, is strictly prohibited.
> If you have received this message in error, please notify us immediately
> by replying to the message and deleting it from your computer. Messages
> sent to and from John Crowley (Maidstone) Ltd may be monitored.
>
> Internet communications cannot be guaranteed to be secure or error-free
> as information could be intercepted, corrupted, lost, destroyed, arrive
> late or incomplete, or contain viruses. Therefore, we do not accept
> responsibility for any errors or omissions that are present in this
> message, or any attachment, that have arisen as a result of e-mail
> transmission. If verification is required, please request a hard-copy
> version. Any views or opinions presented are solely those of the author
> and do not necessarily represent those of John Crowley (Maidstone) Ltd.
>
> **************************************************************************************
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
>
> If you have received this message in error please notify SYSNET Ltd., at
> telephone no: +353-1-2983000 or postmaster () sysnet ie
>
> **************************************************************************************

-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566