This message is from the T13 list server.
The problem is NOT that ATA security is broken.
The problem is that most/many BIOSes and OS's do not issue the SECURITY
FREEZE LOCK
command to ANY/ALL devices (not just the boot device).
This is NOT a device failure.
This is NOT a 'broken standard'.
This <IS> about major host software vendors NOT using the tools it has had
<<SINCE 1997>> to protect
itself and the host system.
Thank You !!!
-----------------------------------------------------------------
Jim Hatfield
Seagate Technology LLC
e-mail: [EMAIL PROTECTED]
s-mail: 389 Disc Drive; Longmont, CO 80503 USA
voice: 720-684-2120
fax....: 720-684-2711
==========================================
Thomas Jansen
<[EMAIL PROTECTED]
om> To
Sent by: [email protected]
[EMAIL PROTECTED] cc
rg
No Phone Info Subject
Available [t13] Security problems
05/16/2005 04:51
AM
This message is from the T13 list server.
I have some questions about hard disk security. Recently a discussion
started using the security feature set with non security aware BIOSs.
According to a German magazine it is possible for a virus to set a
random 32 bytes password in the drive. When this is done for both the
user and master password no change for data retrieval exists. One could
not even clear the drive but would need to go to a recovery company or
an obscure web service to unlock it.
I have read the standard relating this matter several times and must
come to the same conclusion.
If this is true I am quite shocked by this. Did any one even consider to
ask the old password before accepting the new one?
I would like any ones opinion on this matter and better any solutions.
Obviously the Freeze command does not work. This is really damaging for
the ATA reputation and will IMHO require action on behalf of the drive
manufacturers. For example firmware versions with security totally
disabled / removed.
Sincerely,
Thomas
