Infosanity's Blog

Cleaning the harddrive of any machine, be it desktop, laptop or server, before either repurposing or selling (or even scrapping), should be a basic requirement of any organisation. But there is a seemingly unrelenting stream of reported incident, some of which coming from organisations that really should know better, MI6 and military contractors for example.

Is securely wiping data from drives really that difficult? Not really.

Simply boot the system with nearly any live linux system (I use Knoppix for this kind of work), then simply use dd (discussed previously to image drives) to overwrite the drive with random data. For example:

dd if=/dev/urandom of=/dev/sda

This simple overwrites the entire physical drive, sda, with random data taken from the pseudo device /dev/urandom. For more indepth info on wiping with dd and some different options see this guide.

The downside to wiping drives in this method is the length of time involved, in recent cases I have seen a 80GB drive take a little of five hours to complete.

Disclaimer: this may not make your data completely irratrievable but it should be enough to prevent the data being obtained by the simply curious. To truely ensure irratrievable data, try this method.

Disclaimer’s Disclaimer: Server destruction should only be carried out be trained professionals, InfoSanity accepts no responsibility for loss of live, limb or eyebrow)

– Andrew Waite

Quick heads up to anyone following the Phorm/privacy debates: The government’s response to an e-petition to ask the government to stop ISP’s from breaching privacy laws has been released.

The full response can be read here, it’s fairly short so I won’t go into too much detail, but I’m glad to see the government is taking this seriously and not passing the buck to the ICO (the ICOs view):

ICO is an independent body, and it would not be appropriate for the Government to second guess its decisions. However, ICO has been clear that it will be monitoring closely all progress on this issue, and in particular any future use of Phorm’s technology. They will ensure that any such future use is done in a lawful, appropriate and transparent manner, and that consumers’ rights are fully protected.

“Thank you for bringing this to our attention; your concerns are very important to us; your concern will be answered shortly…”

– Andrew Waite

Once again I’m glad I don’t do business with BT(with the exception of line rental). First Phorm: now this

BT has begun transforming its commercial customers’ Business Hubs into OpenZone hotspots for any passing Tom, Dick or Harry to share, and leaving businesses to figure out how to opt out of the scheme after the fact.
…snip…
“Free BT public wi-fi hotspot for every business broadband customer” claims the release, proudly suggesting that “Hub owners buy BT Openzone access vouchers … and can choose to pass the vouchers to their customers or resell the prime business service and add revenue”, so you can either screw visitors to your office by selling them vouchers, or pay BT twice for the same bandwidth by giving them away.

Full info can be found here. BT keep managing to setting the bar lower and lower….

– Andrew Waite

Just read an interesting article on El Reg about Adam Laurie, who has supposedly been ‘hacking’ satellite feeds. Unless I’m missing something it appears to be more a case of sniffing unencrypted communication coming from and going to satellites, but it is interesting in any case.

One of the parts of the article I liked was the comment on the UK’s Privacy laws:

A resident in the UK, Laurie says he’s careful to obey the country’s privacy laws. While he is able to identify certain traffic as email, for instance, he doesn’t actually read the contents of the message. Still, he says it isn’t always easy to follow the letter of such laws because they prohibit people from receiving a message if they aren’t the intended recipient.

“It’s a bit of a quandary,” Laurie says. “You can’t tell you’re not supposed to see that data until after you see it. I can’t unsee what I’m not supposed to have seen.”

Whilst I’ll agree that some of the privacy laws are ’strange’ the actions Laurie took was looking for traffic in which he wasn’t the intended recipient for any of it, as someone pointed out: if you’re concerned you might be breaking the law you can stop looking.

– Andrew Waite