Penetration Testing mailing list archives
RE: Wiping Solaris Servers
From: "MILES John M (LC)" <John.Miles () co lane or us>
Date: Mon, 17 Sep 2007 12:06:49 -0700
Why not just boot to a forensic distro like Helix or BackTrack and let "wipe" run for X passes, or do something like dd if=/dev/urandom of=/dev/sda && dd if=/dev/zero of=/dev/sda . . . -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]On Behalf Of Bill Stout Sent: Monday, September 17, 2007 9:39 AM To: Levenglick, Jeff; Holstein, Robert - BLS CTR; pen-test () securityfocus com Subject: Re: Wiping Solaris Servers I think pebbles of glass are equivalent to shredding, especially for a commercial environment. Slamming a hard drive against pavement does meet the "so easy a monkey could perform the task" requirement. Plus it's fun. What I was inferring to was the value of the hard drives themselves, and if they needed to be included with the system. It's faster and easier to verify a physically destroyed disk or just not ship it, than trust that a warehouse monkey run through a boot/wipe/verify process. Does the warehouse have the right power connector? Do they have the right keyboard and monitor? Is the system complete or have all the parts needed to wipe the disk? Near-future or existing unknown recovery techniques might be able to recover from wiped disks. For example, recorded encrypted conversations from 10 years ago (and newer) are easily decrypted these days, and back then the decryption techniques of the day were thought to take up to 30years. Bill Stout ----- Original Message ---- From: "Levenglick, Jeff" <JLevenglick () fhlbatl com> To: Bill Stout <billbrietstout () yahoo com>; "Holstein, Robert - BLS CTR" <Holstein.Robert () bls gov>; pen-test () securityfocus com Sent: Monday, September 17, 2007 6:48:35 AM Subject: RE: Wiping Solaris Servers Bill, Unless you open the drive, how do you know that all of the platters broke? Heck, what if it broke into a few big parts that I crazy glued back together and read data off the disk? I am surprised that a government agency will allow you to do that in the first place. (although this might explain why there are so many data leaks) -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Bill Stout Sent: Friday, September 14, 2007 10:36 PM To: Holstein, Robert - BLS CTR; pen-test () securityfocus com Subject: Re: Wiping Solaris Servers Is the hard drive important? When Google bought GreenBorder, they removed and destroyed the hard drives, then called a recycler to pick up the computers. When I replace failing hard drives, I take them to the parking lot, and throw them against the ground, hard. The platters are made of glass in later hard drives and will shatter, the drive will sound like it's full of gravel. Bill Stout ----- Original Message ---- From: "Holstein, Robert - BLS CTR" <Holstein.Robert () bls gov> To: pen-test () securityfocus com Sent: Wednesday, September 12, 2007 8:50:38 AM Subject: Wiping Solaris Servers Hey everyone, I need to find a method of securly wiping Solaris servers using the DOD standard disk sanitization requirements. So far the only thing I have come up with is customized bootable Solaris CD of some sort with bcwipe on it. There has got to be a better way. Does anyone know of a bootable (or other) solution that's a little less complicated. Essentially we would need the end process to be so easy a monkey could perform the task. Ideally, during the surplus phase a wharehouse employee would boot the server up, run a simple command, and the server would be on its way... Any assistance is apprecited. Regards, Bobby ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ ----------------------------------------- This e-mail message is private and may contain confidential or privileged information. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: Wiping Solaris Servers, (continued)
- Message not available
- Re: Wiping Solaris Servers Brett Cunningham (Sep 12)
- RE: Wiping Solaris Servers Levenglick, Jeff (Sep 13)
- Message not available
- Re: Wiping Solaris Servers Justin Lintz (Sep 12)
- Re: Wiping Solaris Servers vtlists (Sep 13)
- Re: Wiping Solaris Servers C. Bergström (Sep 13)
- Re: Wiping Solaris Servers Adrian Sanabria (Sep 13)
- Re: Wiping Solaris Servers Mister Coffee (Sep 19)
- Re: Wiping Solaris Servers Bill Stout (Sep 14)
- Re: Wiping Solaris Servers Bill Stout (Sep 17)
- RE: Wiping Solaris Servers Levenglick, Jeff (Sep 17)
- RE: Wiping Solaris Servers MILES John M (LC) (Sep 17)
- RE: Wiping Solaris Servers Levenglick, Jeff (Sep 17)
- RE: Wiping Solaris Servers Roten, Charles D. (Sep 17)
- RE: Wiping Solaris Servers alan (Sep 17)