Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 19/20 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #16  
Old 26th July 2009, 11:06 AM
Evil_Bert Offline
Retired Again - Administrator
 
Join Date: Nov 2007
Location: 'straya
Posts: 3,263
From someone who used to do that for a living - don't believe everything you read in Wikipedia or other online publications. This is not the kind of subject matter that engenders openness.

Clearly you're not going to believe me and like I said, I don't give a flying rat's arse. The only things I do care about are you misleading others and calling names when you haven't had the experience in the field that I have.

For others:

Do take care with your magnetic media if they contain sensitive data. For most people, who wish simply to defeat digital readback techniques, a single overwrite is sufficient.

A single overwrite is not sufficient to defeat sophisticated techniques that some well-financed organisations can employ. However, the likelihood of someone using those techniques is remote.
__________________
Marching to the beat of his own conundrum.
Reply With Quote
  #17  
Old 26th July 2009, 11:18 AM
scottro Offline
Retired Community Manager -- Banned from Texas by popular demand.
 
Join Date: Sep 2007
Location: NYC
Posts: 8,142
Ok, let's try it this way.

What is the *#@#@)(#$ difference if you wrote, instead...

I used to do this for a living, and experience indicates that one shouldn't believe everything in wikipedia. (See, a smiley--to indicate that you're not trying to relieve boredom by getting into a flame war).

It doesn't seem that you're going to take my word for it, but honestly, I think you're mistaken here and might be misleading others.

See, same information imparted, with a chance of actually getting the other person to listen to you.

If you're trying to convince someone else, insulting them is usually taking a BIG step towards completely failing in that respect. If (and this goes for both of you, it's just that Bert's is the last in the thread) you want to share information, doing it more politely is the way to go.

If of course, you just want to pontificate and show how clever you are and how stupid the other person is---well, please do it elsewhere.

I know that for folks who have been around, this is so relatively mild compared to the good old usenet days that it wouldn't even be considered flaming. While I too miss those days, for better or worse, it's become a kinder, gentler forum.

If it goes on, we're either going to have to close the thread, which is a bit of a shame, or move the posts in question to moderation, perhaps providing a summary of the information, which is extremely useful, on both sides, to see differing views, for the users.

So, why don't the two of you stop acting selfish, which is what you're doing--you guys might be bored, and have nothing better to do than have an argument, but by doing so, you can wind up depriving less knowledgeable people of a lot of useful information.

Please?
__________________
--
http://home.roadrunner.com/~computertaijutsu

Do NOT PM forum members with requests for technical support. Ask your questions on the forum.


"I don't know why there is the constant push to break any semblance of compatibility" --anon
Reply With Quote
  #18  
Old 26th July 2009, 11:24 AM
Nokia Offline
Registered User
 
Join Date: Aug 2006
Location: /dev/realm/{Abba,Carpenters,...stage}
Posts: 3,286
I googled *#@#@)(#$ and didn't get any conclusive results. Did you applied Guttman on it ? Seemed like NSA at first glimpse.
__________________
For safer browsing, use OpenDNS nameservers 208.67.222.222 and 208.67.220.220

SELinux User Guide

AutoPager
Reply With Quote
  #19  
Old 26th July 2009, 12:06 PM
scottro Offline
Retired Community Manager -- Banned from Texas by popular demand.
 
Join Date: Sep 2007
Location: NYC
Posts: 8,142
Everyone's a comedian. Ok, change *#@#@)(#$ to <insert naughty word here>
__________________
--
http://home.roadrunner.com/~computertaijutsu

Do NOT PM forum members with requests for technical support. Ask your questions on the forum.


"I don't know why there is the constant push to break any semblance of compatibility" --anon
Reply With Quote
  #20  
Old 26th July 2009, 12:32 PM
Gödel Offline
Registered User
 
Join Date: Jul 2009
Location: London,England
Posts: 1,102
I'm not sure why pointing out objective facts about data recovery should cause so much fuss, the wikipedia articles are linked to as a starting point, the proper references are included. (as a side note, wikipedia's generally good for tech info, it's in other areas that it gets a bad press)

Perhaps I shouldn't have claimed to not believe EB, as the recovery mechanisms under discussion may have been possible on older technology. To be accurate I should have said "I don't think that type of recovery is possible on modern drives, in fact here are some references which point out that just a single pass will securely wipe data"

from http://cmrr.ucsd.edu/people/Hughes/D...onTutorial.pdf

Quote:
Computer Forensics Data Recovery

Forensics recovery uses exotic data recovery techniques by experts with advanced
equipment. Its normal purpose is to recover data from failed hard disk drives, and for
legal discovery. Forensic companies can successfully recover unerased but protected data
in a disk drive using electronic instrumentation. However, the secure erase commands
discussed above erase all user data on the disk drive beyond physical disk drive forensic
recovery. Drives old enough to permit such attack are too old to have the Secure Erase
built-in command.

Paranoid-level recovery concerns based on hypothetical schemes are sometimes proposed
by people not experienced in actual magnetic disk recording, claiming the possibility of
data recovery even after physical destruction. One computer forensics data recovery
company claims to be able to read user data from a magnetic image of recorded bits on a
disc, without using normal drive electronics ( www.actionfront.com) . Reading back tracks from a disk taken out
of a drive and tested on a spin stand was practical decades ago, but no longer with today’s
microinch-size tracks.

The time required by exotic technologies is itself a barrier to data recovery and increases
data security. Also, accessing data from magnetic images requires overcoming almost a
dozen successive magnetic recording technology hurdles. Even if these hurdles were
overcome, about an hour would be required to recover a single user data block out of
millions on a disk. Recovering substantial amounts of data in less than months requires
that the disk be intact and undamaged, so that heads can be flown over it to obtain data
playback signals; then overcoming these technology hurdles. Simply bending a disk
makes this nearly impossible, so physical damaging drives to warp their disks makes
recovery practically impossible.

Other “experts” claim that limited information can be recovered from unerased track
edges. But this has been shown to be false by tests at CMRR13. Such recovery also
presumes detailed technical knowledge of the drive’s magnetic recording design. Charles
Sobey at ChannelScience.com wrote an illuminating article on drive-independent data
recovery, showing how difficult these hurdles are. (See white papers at http://www.actionfront.com/ts_whitepaper.aspx)
In summary, if you have a disk drive bought this century you can securely wipe it with one pass of 'dd if=/dev/zero of=/dev/disk' (that may skip unused bad sectors, but that would be the case with any type of software overwrite), or using the drive's in-built SecureErase function, which does the same thing but also wipes unused bad-sectors.

If you have older drives (and floppies) then, as some posters have suggested, data may still be recovered using exotic forensic techniques.
Reply With Quote
  #21  
Old 28th July 2009, 04:27 AM
Evil_Bert Offline
Retired Again - Administrator
 
Join Date: Nov 2007
Location: 'straya
Posts: 3,263
Forgive me if I have seemed annoyed over this subject. It's like being a mountain climber: imagine how you'd feel if, after climbing mountains for 20 years, someone decided to tell you about climbing based on a book they'd read.

My aim was to emphasise that there is a range of media, conditions and treatments out there - not every treatment boils down to using a single pass of dd. My bluntness was in response to similar bluntness and came from the fact that I used to do this sort of thing for a living. I can say with certainty that the publications available to the general public, and those used inside some agencies, are quite different. The assumptions and techniques used in generally available studies do not reflect the complete picture used in risk assessments (and hence procedures) within some agencies.

Still, it's all academic, since the people who hold sensitive data requiring verified purging already have their own procedures, while the rest can rely on disk overwrite - and a single pass is most likely sufficient for their needs.

Now, to make sure this post is actually useful .....

Internal HDD "Secure Erase": Should be included in newer HDDs. An internal subroutine overwrites all accessible data blocks, similar to older external overwrite routines except guaranteed (to the degree of trust and competence of the HDD manufacturer) to reach all data blocks. Plus it's quicker, since the overwrite pattern need not be transferred bytewise across the disk interface. This function is accessible through a downloadable DOS program to send the ATA/SCSI commands. I don't know of any *nix version.

Internal HDD "Fast (Enhanced) Secure Erase": Only available in some newer 2.5" drives, AFAIK. Data is never written to disk in plain text - it is always stored in encrypted form, and therefore any recovery will yield only encrypted data. Removing the decryption key removes all access to the information. This is highly recommended for the security conscious, where available.


After all that, BleachBit is aimed at application data files, and doesn't have a whole-disk overwrite mode.
__________________
Marching to the beat of his own conundrum.
Reply With Quote
  #22  
Old 28th July 2009, 04:30 AM
scottro Offline
Retired Community Manager -- Banned from Texas by popular demand.
 
Join Date: Sep 2007
Location: NYC
Posts: 8,142
My most sincere thanks to both of you on this.

I repeat, I realize that in the old days, which many of us remember fondly, this wasn't even a raised eybrow type thing, but, for better or worse, flames here get a thread closed--and there's too much knowledge here to merit that.

So once again, I thank both of you.
__________________
--
http://home.roadrunner.com/~computertaijutsu

Do NOT PM forum members with requests for technical support. Ask your questions on the forum.


"I don't know why there is the constant push to break any semblance of compatibility" --anon
Reply With Quote
  #23  
Old 28th July 2009, 10:49 AM
LinuxTom Offline
Registered User
 
Join Date: Jul 2005
Location: Kentucky, U.S.A.
Posts: 354
How did my thread dissolve into this mess?
Reply With Quote
  #24  
Old 28th July 2009, 11:08 AM
Gödel Offline
Registered User
 
Join Date: Jul 2009
Location: London,England
Posts: 1,102
Quote:
Originally Posted by LinuxTom View Post
How did my thread dissolve into this mess?
It's the forum's own reality show: "Former CMs swing handbags". Your thread was the lucky winner, watch out for an upcoming episode (will probably involve Demz)

edit: (I used to be CM under another name)

Last edited by Gödel; 28th July 2009 at 11:15 AM.
Reply With Quote
  #25  
Old 29th July 2009, 11:59 AM
LinuxTom Offline
Registered User
 
Join Date: Jul 2005
Location: Kentucky, U.S.A.
Posts: 354
Obviously...

It's worse than "Rock of Love" and "I Love New York" combined.
Reply With Quote
  #26  
Old 15th August 2009, 04:09 AM
Astrals Offline
Registered User
 
Join Date: May 2008
Location: That's why we all leave Bigpond ISP.
Posts: 84
linuxfedorafirefox
Hahahaha.
The old arguments about security.
Here is my two cents worth:
If you want to clean out your garbage use the app, if your paranoid do a three pass zero, or if your paranoid and lazy just fill it with random characters.
The random is easier and quicker.
Some of my customers are paranoid and lazy so i use the random characters after sanitizing, happy customers then.
__________________
That's why we all leave Bigpond ISP.
Once you use linux, learn a few basics, you'll never go back to the windows darkness.
Reply With Quote
Reply

Tags
app, bleachbit, neat, privacy

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
I want to update Bleachbit. Pink Panther Using Fedora 14 13th October 2009 08:10 PM
regarding neat munna_dude Using Fedora 1 3rd January 2007 04:12 AM
Neat video of installing fc4 Melio EOL (End Of Life) Versions 1 26th September 2005 06:17 AM


Current GMT-time: 03:45 (Friday, 01-08-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat