Re: [Linux-users] Data security and privacy (Re: PATA drives - 80/40G)
On 24/08/15 10:54, Chris Hellyar wrote: /etc/network/interfaces is the file for most stuff on Debian style distros... And the other files in that folder... -Original Message- From: Chris che...@gmail.com On 22/08/15 00:11, Chris Hellyar wrote: By the way, can you point me to where Debian Distro's keep there net work configuration files? ___ Linux-users mailing list Linux-users@lists.canterbury.ac.nz http://lists.canterbury.ac.nz/mailman/listinfo/linux-users Blessings! thanks chis that is what I needed to know Regards chris t ___ Linux-users mailing list Linux-users@lists.canterbury.ac.nz http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
Re: [Linux-users] Data security and privacy (Re: PATA drives - 80/40G)
/etc/network/interfaces is the file for most stuff on Debian style distros... And the other files in that folder... -Original Message- From: Chris che...@gmail.com On 22/08/15 00:11, Chris Hellyar wrote: By the way, can you point me to where Debian Distro's keep there net work configuration files? ___ Linux-users mailing list Linux-users@lists.canterbury.ac.nz http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
Re: [Linux-users] Data security and privacy (Re: PATA drives - 80/40G)
On 22/08/15 00:11, Chris Hellyar wrote: Indeed... But if I were to use a shotgun for that I'd probably shoot the whole box instead you might recall. :-) Cheers, the other Chris. Indeed I do Chris, even from Australia! By the way, can you point me to where Debian Distro's keep there net work configuration files? I am stuck in the outback with very limited broadband, of a meg a month, and have not got the spare capacity to Google for it. Cheers Chris ___ Linux-users mailing list Linux-users@lists.canterbury.ac.nz http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
Re: [Linux-users] Data security and privacy (Re: PATA drives - 80/40G)
Indeed... But if I were to use a shotgun for that I'd probably shoot the whole box instead you might recall. :-) Cheers, the other Chris. On 20/08/15 17:49, Chris wrote: On 19/08/15 13:55, Chris Hellyar wrote: In the past I’ve found the .22 off-hand at about 50m to be both challenging and fun. ( But possibly not practical, or legal in an urban environment!. YMMV! ) :-) Prefer a shotgun up the back of the farm, then the remains into the offal pit. The acids there dissolve anything. Cheers chris T ___ Linux-users mailing list Linux-users@lists.canterbury.ac.nz http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
Re: [Linux-users] Data security and privacy (Re: PATA drives - 80/40G)
On 19/08/15 13:55, Chris Hellyar wrote: In the past I’ve found the .22 off-hand at about 50m to be both challenging and fun. ( But possibly not practical, or legal in an urban environment!. YMMV! ) :-) Prefer a shotgun up the back of the farm, then the remains into the offal pit. The acids there dissolve anything. Cheers chris T ___ Linux-users mailing list Linux-users@lists.canterbury.ac.nz http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
Re: [Linux-users] Data security and privacy (Re: PATA drives - 80/40G)
On Tue 18 Aug 2015 14:21:04 NZST +1200, Adrian Mageanu wrote: I can't remember where I read but there are ways to retrieve data after a dd fill with zeroes or something else by using photorec and some hardware forensic techniques. Really? I doubt that. What kind of hardware forensic techniques? Dismantling the drive and using equipment worth 6 digits or more is a fairly good protection for Joe Bloggs. I still don't see how you can practically improve on dd'ing zeros. To be better than that you'd need to destroy the platter. Unless the drive firmware implements erased-data recovery functions. Does it? Hard drives are a highly competitive commodity, do you think manufactures spend any time developing features that Joe Henry never knows about and which never get mentioned in any specs? If I'm wrong I'd like to hear. Please note the Gutmann method of the 1990s is only applicable to drives last manufactured in the 1990s. Volker -- Volker Kuhlmann http://volker.top.geek.nz/ Please do not CC list postings to me. ___ Linux-users mailing list Linux-users@lists.canterbury.ac.nz http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
Re: [Linux-users] Data security and privacy (Re: PATA drives - 80/40G)
On Tue, 2015-08-18 at 21:10 +1200, Volker Kuhlmann wrote: On Tue 18 Aug 2015 14:21:04 NZST +1200, Adrian Mageanu wrote: I can't remember where I read but there are ways to retrieve data after a dd fill with zeroes or something else by using photorec and some hardware forensic techniques. Really? I doubt that. What kind of hardware forensic techniques? Dismantling the drive and using equipment worth 6 digits or more is a fairly good protection for Joe Bloggs. I still don't see how you can practically improve on dd'ing zeros. To be better than that you'd need to destroy the platter. Unless the drive firmware implements erased-data recovery functions. Does it? Hard drives are a highly competitive commodity, do you think manufactures spend any time developing features that Joe Henry never knows about and which never get mentioned in any specs? If I'm wrong I'd like to hear. Please note the Gutmann method of the 1990s is only applicable to drives last manufactured in the 1990s. Volker I'm ready to stand corrected here, I'm not a specialist in this field. It was some 3 or 4 years ago when I did this and at the time, when searching for a solution to securely wipe the disks, I found about dban and nwipe. I already knew about the dd method. I remember that back then I did a search for dd vs dban and in one of the pages I read that it is possible to recover data from a disk wiped with dd. In the same search I found nothing regarding recovering data from disks wiped with dban. I didn't bookmarked that page and I tried to find it know, but no luck, sorry. From memory, the method described was a combination of utilities of which I can only remember photorec, and one of the forensic techniques described (among others) was a way to read the disk by offsetting the head left and right by only tiny amounts for each pass. I don't remember reading about a success rate and I wasn't interested in the process itself, just if a recovery was possible and what method of wiping a disk - dd or dban - was more secure. One thing is sure, if there will be a next time when I'll need to decommission a hard-disk, I'll follow this list's wisdom and use either dd or a hammer + magnets. Or both. dban is taking way too long. Adrian ___ Linux-users mailing list Linux-users@lists.canterbury.ac.nz http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
Re: [Linux-users] Data security and privacy (Re: PATA drives - 80/40G)
Hmm. one could debate the safest approach - what does OSH suggest? I think 35 passes with a custom tool is seriously painful. The sledgehammer is pretty fast - don't think there are any (reasonable) faster options. Blowtorch costs money and time.. You can power the drive up, remove the top cover, and generate lovely sounds by engraving on the disk surface as it spins But this does not damage all the platters. It does illustrate the spinning nature of the drive. Enough. We are seriously off topic. Cheers, Derek On 19/08/15 13:48, steve wrote: Blowtorch is better... and more fun. On 19/08/15 11:16, Derek Smithies wrote: Hi, we are talking about a sub hundred dollar device. If you want to destroy the data for sure, a sledgehammer is hard to beat. Or a hammer. Yes, some will have urban myths about recovery of data from the above actions. There are others who say man did not land on the moon. equally bogus. Cheers, Derek. On 19/08/15 09:58, Volker Kuhlmann wrote: On Wed 19 Aug 2015 00:00:39 NZST +1200, Adrian Mageanu wrote: From memory, the method described was a combination of utilities of which I can only remember photorec, and one of the forensic techniques described (among others) was a way to read the disk by offsetting the head left and right by only tiny amounts for each pass. Let's forget about photorec, that's just the example for piecing bits together again when your recovered data ins incomplete. The details of the forensic discussion would tell whether the author knows what they're talking about. Heaps of reference has been made to Gutmann's paper and people wrote heaps of software, while forgetting that it all no longer applies to their drives... If you read data can be recovered after dd establish what kind of drive it applies to, if it doesn't say or it's a 90s drive put it on the joke pile. Micro stepping the head in a modern drive is about the only way for Joe Smallfry to get anything at all. Let's assume the firmware is capable of that, and that it has functions for that, because it's how the drive itself finds the middle of the track. Once upon a time drives had elaborate mechanisms to deal with thermal expansion etc, these days you don't care, you just micro-step until you can read something and then you stay with that calibration until your read error rate goes North. These commands are not user visible, but assume they're user accessible as long as you discover the secret command byte for them. Assume this is possible easily (record commands from the manufacturer's disk test utility etc). Btw all IDE/ATA drives are controlled by SCSI commands and always have been, just the connector is different from SCSI, the rest's the same. Back in Gutmann's days write heads were 3 times (or whatever) as wide as read heads, these days in a cut-throat market noone wastes 2/3 their capacity. How much wider do you reckon the write head is now when you can micro-step to the middle? Don't expect spare space between the tracks or any other some such capacity waste. When the drive operates normally, the read error rate is distinctly non-zero. It just hides it from the user with error correction. When you dd zeroes over the track, well-positioned because you can't afford to damage the adjacent tracks, destroying say 90+% of the magnetic recording, your error correction will quickly become non-functional. I believe I've read a paper/etc about that sometime, but I won't find it. Chances of success were minimal and very deep pockets were needed. So when I hear can recover data after dd I want to know how exactly, and with discussion of all the points above, otherwise it goes on the jokers pile (and don't waste any more time on photorec etc please, we're only interested in getting data back, not what to do with it afterwards). The totally safe way to destroy data is to de-magnetise the platter. It's probably easiest for lay people to heat it above the temperature to which the material stays magnetised. Otherwise, totally encrypt the disk over its entire lifetime. Or, my conclusion, you can't practically improve on dd without disk destruction. I'm happy to hear corrections... Volker -- Sent from my Ubuntu computer ___ Linux-users mailing list Linux-users@lists.canterbury.ac.nz http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
Re: [Linux-users] Data security and privacy (Re: PATA drives - 80/40G)
On Wed 19 Aug 2015 00:00:39 NZST +1200, Adrian Mageanu wrote: From memory, the method described was a combination of utilities of which I can only remember photorec, and one of the forensic techniques described (among others) was a way to read the disk by offsetting the head left and right by only tiny amounts for each pass. Let's forget about photorec, that's just the example for piecing bits together again when your recovered data ins incomplete. The details of the forensic discussion would tell whether the author knows what they're talking about. Heaps of reference has been made to Gutmann's paper and people wrote heaps of software, while forgetting that it all no longer applies to their drives... If you read data can be recovered after dd establish what kind of drive it applies to, if it doesn't say or it's a 90s drive put it on the joke pile. Micro stepping the head in a modern drive is about the only way for Joe Smallfry to get anything at all. Let's assume the firmware is capable of that, and that it has functions for that, because it's how the drive itself finds the middle of the track. Once upon a time drives had elaborate mechanisms to deal with thermal expansion etc, these days you don't care, you just micro-step until you can read something and then you stay with that calibration until your read error rate goes North. These commands are not user visible, but assume they're user accessible as long as you discover the secret command byte for them. Assume this is possible easily (record commands from the manufacturer's disk test utility etc). Btw all IDE/ATA drives are controlled by SCSI commands and always have been, just the connector is different from SCSI, the rest's the same. Back in Gutmann's days write heads were 3 times (or whatever) as wide as read heads, these days in a cut-throat market noone wastes 2/3 their capacity. How much wider do you reckon the write head is now when you can micro-step to the middle? Don't expect spare space between the tracks or any other some such capacity waste. When the drive operates normally, the read error rate is distinctly non-zero. It just hides it from the user with error correction. When you dd zeroes over the track, well-positioned because you can't afford to damage the adjacent tracks, destroying say 90+% of the magnetic recording, your error correction will quickly become non-functional. I believe I've read a paper/etc about that sometime, but I won't find it. Chances of success were minimal and very deep pockets were needed. So when I hear can recover data after dd I want to know how exactly, and with discussion of all the points above, otherwise it goes on the jokers pile (and don't waste any more time on photorec etc please, we're only interested in getting data back, not what to do with it afterwards). The totally safe way to destroy data is to de-magnetise the platter. It's probably easiest for lay people to heat it above the temperature to which the material stays magnetised. Otherwise, totally encrypt the disk over its entire lifetime. Or, my conclusion, you can't practically improve on dd without disk destruction. I'm happy to hear corrections... Volker -- Volker Kuhlmann http://volker.top.geek.nz/ Please do not CC list postings to me. ___ Linux-users mailing list Linux-users@lists.canterbury.ac.nz http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
Re: [Linux-users] Data security and privacy (Re: PATA drives - 80/40G)
On 18/08/15 14:21, Adrian Mageanu wrote: [...] I can't remember where I read but there are ways to retrieve data after a dd fill with zeroes or something else by using photorec and some hardware forensic techniques. [...] photorec is only for recovering deleted (as opposed to wiped) files, or for recovering files from a disk with damaged file system. But as it simply reads the data as presented by the disk it cannot do anything at all to recover data from a _wiped_ disk. (When you _delete_ a file only the file system entry is actually changed to pretend there is no file anymore, but all the content of the file is still there as before - and exactly that makes it possible for photorec and other deleted-file recovery tools to do their work.) Hardware forensic techniques... hm, well, firstly there is no guarantee that you will be able to recover anything useful at all, even if you have infinite resource available. And as some have pointed out, if somebody has data worth so much that somebody else would be willing to invest a lot for possibly maybe recovering some of the data, then the original data owner would be well advised to physically obliterate the disk. That's usually also quicker and easier than wiping. Kind regards, Helmut. ___ Linux-users mailing list Linux-users@lists.canterbury.ac.nz http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
Re: [Linux-users] Data security and privacy (Re: PATA drives - 80/40G)
Hi, we are talking about a sub hundred dollar device. If you want to destroy the data for sure, a sledgehammer is hard to beat. Or a hammer. Yes, some will have urban myths about recovery of data from the above actions. There are others who say man did not land on the moon. equally bogus. Cheers, Derek. On 19/08/15 09:58, Volker Kuhlmann wrote: On Wed 19 Aug 2015 00:00:39 NZST +1200, Adrian Mageanu wrote: From memory, the method described was a combination of utilities of which I can only remember photorec, and one of the forensic techniques described (among others) was a way to read the disk by offsetting the head left and right by only tiny amounts for each pass. Let's forget about photorec, that's just the example for piecing bits together again when your recovered data ins incomplete. The details of the forensic discussion would tell whether the author knows what they're talking about. Heaps of reference has been made to Gutmann's paper and people wrote heaps of software, while forgetting that it all no longer applies to their drives... If you read data can be recovered after dd establish what kind of drive it applies to, if it doesn't say or it's a 90s drive put it on the joke pile. Micro stepping the head in a modern drive is about the only way for Joe Smallfry to get anything at all. Let's assume the firmware is capable of that, and that it has functions for that, because it's how the drive itself finds the middle of the track. Once upon a time drives had elaborate mechanisms to deal with thermal expansion etc, these days you don't care, you just micro-step until you can read something and then you stay with that calibration until your read error rate goes North. These commands are not user visible, but assume they're user accessible as long as you discover the secret command byte for them. Assume this is possible easily (record commands from the manufacturer's disk test utility etc). Btw all IDE/ATA drives are controlled by SCSI commands and always have been, just the connector is different from SCSI, the rest's the same. Back in Gutmann's days write heads were 3 times (or whatever) as wide as read heads, these days in a cut-throat market noone wastes 2/3 their capacity. How much wider do you reckon the write head is now when you can micro-step to the middle? Don't expect spare space between the tracks or any other some such capacity waste. When the drive operates normally, the read error rate is distinctly non-zero. It just hides it from the user with error correction. When you dd zeroes over the track, well-positioned because you can't afford to damage the adjacent tracks, destroying say 90+% of the magnetic recording, your error correction will quickly become non-functional. I believe I've read a paper/etc about that sometime, but I won't find it. Chances of success were minimal and very deep pockets were needed. So when I hear can recover data after dd I want to know how exactly, and with discussion of all the points above, otherwise it goes on the jokers pile (and don't waste any more time on photorec etc please, we're only interested in getting data back, not what to do with it afterwards). The totally safe way to destroy data is to de-magnetise the platter. It's probably easiest for lay people to heat it above the temperature to which the material stays magnetised. Otherwise, totally encrypt the disk over its entire lifetime. Or, my conclusion, you can't practically improve on dd without disk destruction. I'm happy to hear corrections... Volker -- Sent from my Ubuntu computer ___ Linux-users mailing list Linux-users@lists.canterbury.ac.nz http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
Re: [Linux-users] Data security and privacy (Re: PATA drives - 80/40G)
On 19 August 2015 at 09:58, Volker Kuhlmann list0...@paradise.net.nz wrote: . Heaps of reference has been made to Gutmann's paper and people wrote heaps of software, while forgetting that it all no longer applies to their drives.. I should expand that the oft cited gutmann paper is now declared irrelevant to modern hard drives by its author. https://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html#Epilogue Additionally, the 35-pass method he describes was not a you need this pattern to erase data, but the system simply encompassed a collection of patterns of which, at least one or two would trigger specific behaviour for whatever hardware you had. That is, when he wrote the paper, he was describing the range of devices in the 30 year window preceding, of which, none are still relevant. Around 2005/2006, they stopped even doing horizontal encoding, due to running out of space, and moved to *perpendicular* recording. https://en.wikipedia.org/wiki/Perpendicular_recording And I'm pretty sure that means if there is any magic flip specific bits to cause a cascade into bits we can't directly read patterns, they are now radically different. ( Even though I doubt we have enough free atoms in the platter to do this with any more ) -- Kent KENTNL - https://metacpan.org/author/KENTNL ___ Linux-users mailing list Linux-users@lists.canterbury.ac.nz http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
Re: [Linux-users] Data security and privacy (Re: PATA drives - 80/40G)
In the past I’ve found the .22 off-hand at about 50m to be both challenging and fun. ( But possibly not practical, or legal in an urban environment!. YMMV! ) :-) On 19/08/2015, at 13:48, steve st...@greengecko.co.nz wrote: Blowtorch is better... and more fun. On 19/08/15 11:16, Derek Smithies wrote: Hi, we are talking about a sub hundred dollar device. If you want to destroy the data for sure, a sledgehammer is hard to beat. Or a hammer. Yes, some will have urban myths about recovery of data from the above actions. There are others who say man did not land on the moon. equally bogus. Cheers, Derek. ___ Linux-users mailing list Linux-users@lists.canterbury.ac.nz http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
Re: [Linux-users] Data security and privacy (Re: PATA drives - 80/40G)
On Mon, Aug 17, 2015 at 11:30 PM, Helmut Walle helmut.wa...@gmail.com wrote: dd if=/dev/zero of=/dev/sdx ... If you want better security use /dev/urandom instead of /dev/zero, however take into account that this can be slower as it does require some CPU work, whereas /dev/zero produces the zero bytes with very little CPU involvement and thus is noticeably faster, particularly on old hardware. Security convenience (speed) rarely go together :-) Blasting zeros onto the disk is nice, because you can easily tell later on if it worked. If you put random data on there you might not be able to confirm it was a successful write! https://en.wikipedia.org/wiki/Data_remanence discusses the problem quite well, and while there are various organisations that publish standards requiring multiple passes with differing data patterns, there don't seem to be any successful reconstructions from the simpler delete. https://kromey.us/2013/04/the-myth-of-data-remanence-484.html The more complex overwrite/delete cycles are a handy workout for the drive, however; if you have time, running multiple passes of dban on the disk both destroys any data on there, and confirms that there are no terminal bad blocks :-) which is a nice extra. -jim ___ Linux-users mailing list Linux-users@lists.canterbury.ac.nz http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
Re: [Linux-users] Data security and privacy (Re: PATA drives - 80/40G)
On 18 August 2015 at 14:21, Adrian Mageanu adrian.mage...@totalimex.com wrote: I can't remember where I read but there are ways to retrieve data after a dd fill with zeroes or something else by using photorec and some hardware forensic techniques. The only downside with dban and nwipe is that for relatively recent large HDDs it takes ages to finish. A while back I gave away 2x400GB SATA2 disks and one disk took 37 hours to wipe with dban. If you're paranoid, I'd be spending more time getting past the hard-drive firmware and getting into the protected regions, and the bad blocks that the drive silently reallocated away from you, and making sure they're zeroed out as well. Those blocks, if any of them exist, will not only contain entire sectors of your data, but they will contain enough of your data that the error correcting codes are still sufficient for the hard drive firmware to have transparently hidden the fact it saw a bad bit or two, and silently copied that data to a new place and pretended it never happened. http://superuser.com/a/688764 And there's always firmware caches as well that might have bits of data in them to be concerned about. -- Kent KENTNL - https://metacpan.org/author/KENTNL ___ Linux-users mailing list Linux-users@lists.canterbury.ac.nz http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
Re: [Linux-users] Data security and privacy (Re: PATA drives - 80/40G)
On Tue, 2015-08-18 at 11:50 +1000, Fraser McGlinn wrote: On 17/08/15 21:30, Helmut Walle wrote: And yes, for wiping disks something like dd if=/dev/zero of=/dev/sdx does the job (obviously replacing 'x' with the letter for the drive to be wiped). Without any further arguments, this will eventually fill the disk and terminate when running out of space. You can give is a block size bs=... and count=... to exactly fill the disk. I definately agree with Criggie on this - You need to be a bit more diligent in wiping your data. I prefer DBAN as well. If its an old drive such as a PATA drive which will have no foreseeable use, i'd probably demantile it and use the platters as coasters too. Also to grab the magnets as a fiddle toy. We should be taking data security seriously since even stuff such as SSH private keys, SSL private keys, DNS DNSSEC keys etc, are definitely sensitive and can be used for years without rolling them to new ones. But at the end of the day, each to their own. I can't force others to take data security seriously. ___ +1 for dban. nwipe can also do the job and is included in most distros, no need for a separate boot I can't remember where I read but there are ways to retrieve data after a dd fill with zeroes or something else by using photorec and some hardware forensic techniques. The only downside with dban and nwipe is that for relatively recent large HDDs it takes ages to finish. A while back I gave away 2x400GB SATA2 disks and one disk took 37 hours to wipe with dban. Adrian ___ Linux-users mailing list Linux-users@lists.canterbury.ac.nz http://lists.canterbury.ac.nz/mailman/listinfo/linux-users