Security Basics mailing list archives
RE: Advice regarding servers and Wiping Drives after testing
From: "Craig Wright" <Craig.Wright () bdo com au>
Date: Fri, 14 Sep 2007 05:38:14 +1000
Bill, You have not understood a thing I was trying to say. Sentence 1 was a standalone. The next paragraph is a separate issue. If you understand what I was stating, you will see that everything in the post you have followed with is in violation of quantum theory. Your best bet is to go to MIT - they have a nice free curriculum these days all online at http://ocw.mit.edu/OcwWeb/web/courses/courses/index.htm. Take the following: 6.012 Microelectronic Devices and Circuits 6.013 Electromagnetics and Applications 6.041 Probabilistic Systems Analysis and Applied Probability 6.071J Introduction to Electronics, Signals, and Measurement 6.231 Dynamic Programming and Stochastic Control 6.374 Analysis and Design of Digital Integrated Circuits 6.432 Stochastic Processes, Detection, and Estimation 6.630 Electromagnetics 6.632 Electromagnetic Wave Theory 6.635 Advanced Electromagnetism 6.641 Electromagnetic Fields, Forces, and Motion 6.642 Continuum Electromechanics 6.728 Applied Quantum and Statistical Physics If you are not willing to spend the few years understanding all this, you can accept that it is not possible and FUD/snake-oil. I know that it is not possible as I have both a degree in Nuclear science and chemistry (amongst others). At the moment I am also in my final stages of a Masters degree in statistics. What you are missing is that there is no means. This is a great sell to those without years in a University in a science or engineering department, but it is not feasible. Your analogy is unrelated. The density of an electromagnetic field is not the same argument. In your analogy it is someone who is arguing the laws of physics incorrectly. The drive analogy is an argument that purple flying unicorns exist. Possible - it is a large universe, but current scientific knowledge stands until proven otherwise. Regards, Dr Craig Wright PS. Wireless speeds will reach a logical limit, based on the wavelength of the photons used in the transmission and a number of other factors. We are just a factor of 10^11 or time under that as we stand at the moment. Then of course you could have mutlple send/recieve channels. Craig Wright Manager of Information Systems Direct : +61 2 9286 5497 Craig.Wright () bdo com au +61 417 683 914 BDO Kendalls (NSW) Level 19, 2 Market Street Sydney NSW 2000 GPO BOX 2551 Sydney NSW 2001 Fax +61 2 9993 9497 www.bdo.com.au Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. The information in this email and any attachments is confidential. If you are not the named addressee you must not read, print, copy, distribute, or use in any way this transmission or any information it contains. If you have received this message in error, please notify the sender by return email, destroy all copies and delete it from your system. Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls. You may not rely on this message as advice unless subsequently confirmed by fax or letter signed by a Partner or Director of BDO Kendalls. It is your responsibility to scan this communication and any files attached for computer viruses and other defects. BDO Kendalls does not accept liability for any loss or damage however caused which may result from this communication or any files attached. A full version of the BDO Kendalls disclaimer, and our Privacy statement, can be found on the BDO Kendalls website at http://www.bdo.com.au or by emailing administrator () bdo com au. BDO Kendalls is a national association of separate partnerships and entities. ________________________________ From: listbounce () securityfocus com on behalf of William Holmberg Sent: Fri 14/09/2007 12:25 AM To: Craig Wright; gjgowey () tmo blackberry net; Ansgar -59cobalt- Wiechers; listbounce () securityfocus com; security-basics () securityfocus com Subject: RE: Advice regarding servers and Wiping Drives after testing Craig, I was skeptical as well, but to be clear, nobody said anything about time stamping. Time IS a factor, as magnetic fields not re-energized are subject to fading over time, as you yourself point out with your comment about magnetic decay. Also, when a drive is written to, then over written, the most recent write is the strongest signature available to the heads. Therefore it is theoretically possible to neutralize the last write, but only IF the head can be placed almost exactly over write spot- something that is not- if I understand current technology- currently possible. If I understood the gentleman correctly he is stating they have a way to 1) Directly control both the movement and the placement of the head 2) Directly control the voltages supplied with either + or - values 3) Correctly read precisely where and what was placed on the sector 4) Do comparative value matching of signature strength and log it to a file 5) Reconstruct possible data writes based upon those findings, rating each write found on each sector based upon it's strength/legibility and reconstruct each probable combination (not possible combinations which would be random) based upon a best matching scenario of the strength of the write 6) rewrite precisely over the last write with an inversely phased 1 or 0, rendering the last write moot 7) Pick up the next strongest signal left on that sector as the probably overwritten data Keep in mind I am just trying to convey why he was so excited and what (I think) he was saying. That being said I do have my doubts, however, EVERYTHING is impossible, until it is not. I am reminded of a network engineer who once told me that faster speeds to the home over existing copper infrastructure was impossible without recabling... then came DSL. He also said the wireless speeds would reach a logical limit because you can't upgrade the medium (air). But now we have seen .11G and N since then... -Bill -----Original Message----- From: Craig Wright [mailto:Craig.Wright () bdo com au] Sent: Wednesday, September 12, 2007 5:07 PM To: William Holmberg; gjgowey () tmo blackberry net; Ansgar -59cobalt- Wiechers; listbounce () securityfocus com; security-basics () securityfocus com Subject: RE: Advice regarding servers and Wiping Drives after testing Snake-oil BS and FUD. Magnetic signatures are not time-stamped. There is no unerase capability. What people seem to think is that a digital write is a digital operation. This is a fallacy. Drive writes are analogue. They have a probabilistic output. It is unlikely that an individual write will be a +1.00000 [1]. Rather - there is a set range. There is a normative confidence interval that the bit will be in. What this means is that there is generally a 95% likelihood that the +1 will exist in the range of (0.95, 1.05) there is then a 99% likelihood that it will exist in the range (0.90, 1.10) for instance. This leaves a negligible probability (1 bit in every 100,000 billion or so) that the actual potential will be less than 60% of the full +1 value. This error is the non-recoverable error rating of the drive for a single write. As a result, there is no difference to the drive of a 0.90 or 1.10 factor of the magnetic potential. What this means is that due to temperature fluctuations, humidity, etc the value will vary on EACH write. There is no way to determine if a 1.06 is due to a prior write or a temperature fluctuation. On top of this the issue of magnetic decay will come into play. This further skews the results. Snake oil is used to sell product. Do not just use product XXXX, buy may patented wipe tech. All others are no good. Only XXXX will save you... Unfortunately, urban legend and FUD seems to trump science as: 1 Too few people have any scientific training and statistical/engineering knowledge 2 People are gullible and like a good story. Try reading papers on sites such as the IEEE. Scientific papers (real peer reviewed ones from respectable journals) have far more value than a Wiki or a google search. Regards, Craig [1] Using a factor of the drives magnetic density that relates to a +1 bit pattern for simplicity. Craig Wright Manager of Information Systems Direct : +61 2 9286 5497 Craig.Wright () bdo com au +61 417 683 914 BDO Kendalls (NSW) Level 19, 2 Market Street Sydney NSW 2000 GPO BOX 2551 Sydney NSW 2001 Fax +61 2 9993 9497 www.bdo.com.au Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. The information in this email and any attachments is confidential. If you are not the named addressee you must not read, print, copy, distribute, or use in any way this transmission or any information it contains. If you have received this message in error, please notify the sender by return email, destroy all copies and delete it from your system. Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls. You may not rely on this message as advice unless subsequently confirmed by fax or letter signed by a Partner or Director of BDO Kendalls. It is your responsibility to scan this communication and any files attached for computer viruses and other defects. BDO Kendalls does not accept liability for any loss or damage however caused which may result from this communication or any files attached. A full version of the BDO Kendalls disclaimer, and our Privacy statement, can be found on the BDO Kendalls website at http://www.bdo.com.au or by emailing administrator () bdo com au. BDO Kendalls is a national association of separate partnerships and entities. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of William Holmberg Sent: Thursday, 13 September 2007 5:30 AM To: gjgowey () tmo blackberry net; Ansgar -59cobalt- Wiechers; listbounce () securityfocus com; security-basics () securityfocus com Subject: RE: Advice regarding servers and Wiping Drives after testing Hi Robert, It is interesting that you point this out. One of the people in our local chapter told me there was a company or group of electronics people working on a "Drive level" SATA "Adapter" (for lack of a better word I guess) that would read the "top level" magnetic layer generated by the head on a particular sector, and exactly measure it's intensity, then generate an "inverse field" (not my words) which would effectively nullify that overwrite, leaving the last write before that one plainly readable (with some variables). He said it was an exciting prospect because since the head that last wrote the 1 or 0 was the one that "erased" it, it worked to a point of surprising the design team with it's ability to accurately reconstruct data overwritten. How much of that was hearsay, fabrication, or wishful thinking, I don't know. He compared it to military sound suppression devices for helicopters, which (if you didn't know) can sample the exact frequency generated by the rotors and moving parts and generate an inverse frequency, out of phase with the original, through powerful Horn Drivers mounted under the rotors. The effect in sound engineering is a precisely controlled "OOP" (Out OF Phase) situation. You can experience it to a lesser degree very simply with your home stereo speaker. Simply exchange one of the speakers Red and Black connectors. The phase cancellation that occurs makes it very difficult to hear certain frequencies (depending upon that particular speakers dynamic range and other boring items) and in some cases can almost entirely cancel out each other across many frequencies. Note: If you do this, do not turn it up too loud, because the other effect is that the speakers will be pulling "IN" when they should be pushing "Out", and the Coils can get damaged by bottoming out and inverse clipping. Horns should be unaffected however. Thanks for all the stimulating conversation on this, as well as the fascinating reading materials. -Bill -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of gjgowey () tmo blackberry net Sent: Wednesday, September 12, 2007 12:52 PM To: Ansgar -59cobalt- Wiechers; listbounce () securityfocus com; security-basics () securityfocus com Subject: Re: Advice regarding servers and Wiping Drives after testing What you're forgetting is that these pieces of software aren't you normal "access the hdd through regular os calls". These pieces of software are sending low level commands to the drive its self an interpreting what's sent back instead of relying on a middle layer. They can literally have the head scan a particular sector as many times as is needed until it gets a signal back that resembles something useable. Writing all 0's will never prevent against software recovery because the all 0's approach is like recording over a used VCR tape once. Geoff Sent from my BlackBerry wireless handheld. -----Original Message----- From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net> Date: Wed, 12 Sep 2007 12:48:42 To:security-basics () securityfocus com Subject: Re: Advice regarding servers and Wiping Drives after testing On 2007-09-11 William Holmberg wrote:
On Tuesday, September 04, 2007 1:03 PM Ansgar -59cobalt- Wiechers
wrote:
On 2007-09-01 gjgowey () tmo blackberry net wrote:A since pass with all zero's really won't protect your data from being recovered by more advanced data recovery software let alone alone hardware.I'd like to see a single case where someone was able to recover data from an overwritten harddisk, even after a single pass with zeroes.No doubt you are an intelligent and well educated person in these fields, and probably have many areas of expertise more proficient than mine. I do have to state however, and nearly any Infragard member can tell you, the FBI uses tools that accomplish this on a regular basis. I have no doubt other agencies do as well. We have had demonstrations of it remotely in a class I help instruct, SAFE computing for Law Enforcement and Non-Profits (SAFE is Security And Forensic Education) at Metro State University of Minnesota, MCTC campus.
Demonstrations of recovering data from fully overwritten media, without opening the case? Sorry, but I seriously doubt that. Feel free to prove me wrong, but without evidence I find that really hard to believe. Keep in mind we're not talking about wiping single files, but overwriting the entire media. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- Re: Advice regarding servers and Wiping Drives after testing, (continued)
- Re: Advice regarding servers and Wiping Drives after testing Ansgar -59cobalt- Wiechers (Sep 11)
- RE: Advice regarding servers and Wiping Drives after testing Craig Wright (Sep 11)
- RE: Advice regarding servers and Wiping Drives after testing Murda Mcloud (Sep 11)
- RE: Advice regarding servers and Wiping Drives after testing William Holmberg (Sep 11)
- Re: Advice regarding servers and Wiping Drives after testing Ansgar -59cobalt- Wiechers (Sep 12)
- Re: Advice regarding servers and Wiping Drives after testing gjgowey (Sep 12)
- RE: Advice regarding servers and Wiping Drives after testing Craig Wright (Sep 12)
- RE: Advice regarding servers and Wiping Drives after testing William Holmberg (Sep 12)
- RE: Advice regarding servers and Wiping Drives after testing Craig Wright (Sep 13)
- RE: Advice regarding servers and Wiping Drives after testing William Holmberg (Sep 13)
- RE: Advice regarding servers and Wiping Drives after testing Craig Wright (Sep 13)
- RE: Advice regarding servers and Wiping Drives after testing William Holmberg (Sep 13)
- RE: Advice regarding servers and Wiping Drives after testing Craig Wright (Sep 14)
- RE: Advice regarding servers and Wiping Drives after testing Craig Wright (Sep 14)
- Message not available
- Re: Advice regarding servers and Wiping Drives after testing Daniel Anderson (Sep 18)
- Re: Advice regarding servers and Wiping Drives after testing Ansgar -59cobalt- Wiechers (Sep 11)
- RE: Advice regarding servers and Wiping Drives after testing dave kleiman (Sep 12)
- RE: Advice regarding servers and Wiping Drives after testing William Holmberg (Sep 12)
- RE: Advice regarding servers and Wiping Drives after testing dave kleiman (Sep 12)
- Re: Advice regarding servers and Wiping Drives after testing Steve Olive (Sep 13)
- Re: Advice regarding servers and Wiping Drives after testing Ansgar -59cobalt- Wiechers (Sep 13)
- RE: Advice regarding servers and Wiping Drives after testing dave kleiman (Sep 13)