Sorry about that, George. I have to use MS Outlook where I am right now and I need to
leave it set to quote the original message from the sender without angle brackets.
Here's the part of the original message from Chad I was referring to:
> If a company doesn't even format the drive, that is just plain dumb.
> Unless the data is very sensitive, destroying the drive is just way
> overkill.
As to crushing the drive with a hammer, even that may not be the ultimate solution.
According to Bob Starrett:
"Recently a man was convicted of murder, partly on
the basis of information contained on a floppy
diskette that he thought he had destroyed by cutting
it to pieces with a scissors and crumpling it up. The FBI
was able, through a rather elaborate process, to reassemble
that disk and retrieve the incriminating information from it."
(Source: http://www.roxio.com/en/support/discs/destroydiscs.html)
So if companies go with the hammer approach, they should probably entomb the drive in
cement as well.
CNET Download.com lists several file-wiping utilities at this URL:
http://download.cnet.com/downloads/1,10150,0-10001-103-0-1-7,00.html?tag=srch&qt=permanently+delete&cn=Utilities&ca=10001
I wonder if using such utilities on hard drives would still be considered less
cost-effective than hammering, especially if some enterprising soul is able to
reconstruct data from a bashed drive, forcing the company to verify that bashing truly
renders the data unretrievable.
BTW, I was actually referring to a rare earth magnet, not the simple ceramic type one
might use to affix papers to their refrigerator. But you do have a point in that it
would still take time to verify that the contents of the drive had been completely
wiped, even though I have never heard of any data being recovered from a drive that
has been well drenched in the field of a rare earth magnet.
***************
Mr. George wrote:
I didn't see Chad's message so I hope you don't mind if I respond here...
The problem isn't that a simple magnet "might" be good enough, it's that it
is difficult to verify without a lot of effort. There's now legislation that
penalizes companies significantly for improperly securing sensitive customer
information. They're subject to auditors who will be looking for
VERIFICATION that the data has been removed/wiped/destroyed. Remember, if
you're going to make a case to business, "probably" won't be a good enough
answer. The only way thay can be SURE the data is unrecoverable from the
drive is either wiping -- a lengthy process -- or bashing the drive into
bits. The auditors will always ask for "proof".
As a hobbyist who'd like to get his hands on the stuff, I deplore the
practice. As someone who's aware of their concerns, I have to agree that the
business case for spending a few seconds with a hammer as opposed to several
hours wiping the drives on equipment that's being disposed of is far
stronger. What I HOPE happens is that they come up with an arrangement with
an agency that will work out how to wipe the drives and load an unrestricted
OS on it for use within the community.
************
"Margaret Chesler" <[EMAIL PROTECTED]> wrote:
> I agree with Chad. Whatever happened to running a rare earth magnet over the hard
>drive? Quick,
> easy, and devastating to data without ruining the integrity of the drive, from what
>I understand. Never
> had a chance to try it myself, but it always seems to work in the movies.
*********
Mr. George wrote:
They FORMAT the hard drive, but that does NOT over-write the data. It just
clears the FAT and directories. Anyone can easily retrieve the data without
much effort, as has been demonstrated many times in recent history. A more
thorough wipe is time consuming, and some of the computers don't
necessesarily boot. They're old, so it's hard to justify fixing them just to
wipe the drive. The hammer is the easier answer.
Keep in mind, this could be YOUR financial information we're talking about.
The concerns are valid. If we're going to make the case for donation, 1.) We
have to address the concerns of the donating party (a business), and 2.) we
have to look for ways to make the system usable to the recipients without
getting the donating organization into legal problems.
Just some thoughts on my recent "real world" encounter with this issue.
- Bob
To unsubscribe from SURVPC send a message to [EMAIL PROTECTED] with
unsubscribe SURVPC in the body of the message.
Also, trim this footer from any quoted replies.
More info can be found at;
http://www.softcon.com/archives/SURVPC.html
