A component that's typically changed during computer upgrades is the hard disk. Users run out of space and need a larger disk, particularly if their existing disks are somewhat old and therefore probably have less capacity.
Swapping out disks or complete systems is common, but I wonder whether you wipe clean your old disks before sending them off for recycling or resale. If you do wipe the disks, are you sure that data can't be recovered from them?
Some people might think that simply using Fdisk to destroy partitions is a good enough technique for eliminating data. After all, if the partitions are gone, who could recover the data, right? Wrong. Fdisk changes only partition tables--it doesn't touch the other sectors on the drive. So any data that users stored on those other sectors is still there, which means that someone with a little knowledge could recover that data.
Simson Garfinkel wrote the article "Hard Disk Risk" about a year ago for CSO Magazine. In the article, Garfinkel talks about his adventures in purchasing old hard drives at resale shops and the data that he found on them. One drive was formerly used in an ATM machine and contained a year's worth of transaction records; another drive had more than 5000 credit card numbers; yet another had sensitive personal information about an individual Only 10 percent of the drives Garfinkel purchased were properly wiped of data.
http://www.simson.net/clips/2003.CSO.04.hard_disk_risk.htm
To wipe a disk clean, you need to overwrite all sectors on a drive in some fashion. Some disk-wiping tools can overwrite sectors numerous times to better ensure that the magnetic flux (which is the means by which data is recorded) is dramatically changed so that little if any flux remains to be used toward data recovery. Or you might decide that one overwrite process is enough for your needs.
Garfinkel raises an interesting question: If you give your old hardware to resellers or other organizations, do you trust these organizations to satisfactorily delete your data? You might consider wiping your own drives before you release them from your control. To get the job done, you might use Autoclave, LSoft Technologies' Active@KillDisk, Stellar Information Systems' Stellar Wipe Safe Data Eraser, Heidi Computers' Eraser, or any number of other tools designed to destroy disk-based data.
http://staff.washington.edu/jdlarios/autoclave
http://www.killdisk.com
http://www.stellarinfo.com/file-eraser.htm
http://www.heidi.ie/eraser
If you're interested in some facts as well as theory about how someone might recover data from your old drives and how disk-wiping technology can help prevent that from happening, be sure to read Peter Gutmann's extensive article on the subject.
http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/
Last week, I requested feedback about this newsletter. I've received numerous responses and want to thank those of you who did respond. However, I'd like to hear from even more of you! If you're so inclined, please email me your comments. If you missed last week's editorial, you can read it at the URL below. In essence, I welcomed any suggestions, comments, or critiques regarding this newsletter. Send your response to mark at ntsecurity dot net, and please prefix the subject line with "SECUPD" so that I can more easily identify responses to this request.
http://www.winnetmag.com/article/articleid/42127/42127.html
Register
with kind regards,
H Straat
The Netherlands.
hans straat April 06, 2004