This message is from the T13 list server.
What you're saying is that systems which do not need the "ATA Security" and thus do not use the "ATA Security" feature run the risk of permanently losing all their data. Thomas is correct in that case, those suppliers apparently need to DISABLE the "ATA Security" by requiring modified firmware.
IMHO, the correct place for "Data Security" is in the Operating System -- not in the drive. On MacOS X, strong encription is available at the User level. This allows the user to encript ONLY the data he wants to keep secure, and ONLY that user knows the password. If the drive is stolen, the secure data remains encripted. If the password is forgotten, the secure data is gone but other info is still available and the drive is still usable by erasing the secured user.
...Harlan
On May 16, 2005, at 8:54 AM, Curtis Stevens wrote:
This message is from the T13 list server.
Thomas
I agree with Jim. In addition, this is only a threat to people who
do not use a password. If the drive has an existing password, the password
must be entered to gain access to the drive.
------------------------------------------------- Curtis E. Stevens 20511 Lake Forest Drive #C-214D Lake Forest, California 92630 Phone: 949-672-7933 Cell: 949-307-5050 E-Mail: [EMAIL PROTECTED] Ambition is a poor excuse for not having enough sense to be lazy.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, May 16, 2005 7:40 AM To: [EMAIL PROTECTED] Cc: [email protected]; [EMAIL PROTECTED] Subject: Re: [t13] Security problems
This message is from the T13 list server.
The problem is NOT that ATA security is broken.
The problem is that most/many BIOSes and OS's do not issue the SECURITY FREEZE LOCK command to ANY/ALL devices (not just the boot device).
This is NOT a device failure. This is NOT a 'broken standard'.
This <IS> about major host software vendors NOT using the tools it has had
<<SINCE 1997>> to protect
itself and the host system.
Thank You !!! ----------------------------------------------------------------- Jim Hatfield Seagate Technology LLC e-mail: [EMAIL PROTECTED] s-mail: 389 Disc Drive; Longmont, CO 80503 USA voice: 720-684-2120 fax....: 720-684-2711 ==========================================
Thomas Jansen
<[EMAIL PROTECTED]
om> To
Sent by: [email protected]
[EMAIL PROTECTED] cc
rg
No Phone Info Subject
Available [t13] Security problems
05/16/2005 04:51 AM
This message is from the T13 list server.
I have some questions about hard disk security. Recently a discussion started using the security feature set with non security aware BIOSs. According to a German magazine it is possible for a virus to set a random 32 bytes password in the drive. When this is done for both the user and master password no change for data retrieval exists. One could not even clear the drive but would need to go to a recovery company or an obscure web service to unlock it.
I have read the standard relating this matter several times and must come to the same conclusion.
If this is true I am quite shocked by this. Did any one even consider to
ask the old password before accepting the new one?
I would like any ones opinion on this matter and better any solutions. Obviously the Freeze command does not work. This is really damaging for the ATA reputation and will IMHO require action on behalf of the drive manufacturers. For example firmware versions with security totally disabled / removed.
Sincerely,
Thomas
