Securely erase individual files

As I might have previously mentioned^{1) 2)}, pressing “delete” in Windows (or on Linux or Macs) does not remove the file from the hard drive. The only thing that happens is that in the big list of files, the entry for that file is removed, so that the operating system knows that if it wants to, it can go ahead and write to the place on the hard drive where that file used to be stored. Now, you can wipe the entire hard drive if needed, but is there any way of securely removing individual files?

Short answer: No.

For the long answer, read on below.

Keep reading →

Securely erase hard drives

In a previous post I wrote about disk wiping tools. If you haven’t read that article, I suggest reading it before reading this one. Also, this article is written with the assumption that the reader has a fair amount of technical knowledge.

The reasons for wanting to wipe a hard disk drive are many:

• You might expect a visit by NSA-SCS.
• You might suspect a rootkit infestation.
• You might wish to sell your old computer or throw it away and you don’t want your anyone else to get a hold of your private data ¹⁾.
• Same as above, only for companies, hospitals, law firms or anyone else with legal obligation to prevent the spreading of sensitive data.
• You’re simply paranoid.

Whatever your reasons are, you need to make sure that the data that used to be on your hard drive are gone, hence the need for a disk wiping tool.

But as mentioned in my previous post, wiping tools – that is; block erase wiping tools (BEWTs) – have certain limitations:

• Hidden data areas (HPA/DCO) might not be wiped, possibly leaving rootkits in place (although probably non-functional).
• Blocks marked as bad by the hard drive itself are not wiped (blocks marked as bad by the operating system only will be wiped). This information is possible to recover using exotic forensic techniques ²⁾.

In addition to these two previously mentioned limitations, the following apply:

• When data is overwritten (block erased), the old data on the hard drives might leave magnetic information on off-track areas of the hard drive. BEWTs have no way of erasing this off-track information. This information is theoretically possible to recover using exotic forensict techniques. ³⁾
• On modern, high-capacity drives, multiple overwrites are no more effective than a single overwrite. ⁴⁾
• BEWTs are suseptible to malware attacks. ⁵⁾
• Using BEWTs takes time. Following the old DoD 5220.22-M directive of 3 consecutive wipes might take as much as 24 hours on a 250GB disk. BEWTs can exceed the DoD standard and wipe a drive as many as 35 times, leaving the computer used for wiping non-operational for weeks.
• When you’ve run a BEWT, you have little posibility of verifying that a complete wipe has taken place; that all user accessible areas has been wiped. You’ll have to rely on the information that the BEWT gives you.

Enter Security Erase
Lately there’s been some hype about the relatively new ATA command addition called Secure Erase (part of the ATA Security Feature Set), from now on refered to as “ATA-SE”. ATA-SE is an ATA command (SECURITY ERASE UNIT) built into hard drive firmware that, if executed, orders the hard disk drive to wipe itself. Using software similar to BEWTs (boot disk with an ATA command program) you can trigger this built-in function, wiping your hard drive. Alternatively, you can use the same program to simply lock the hard drive rendering it useless, so that only a wipe (or providing the correct password) can unlock the drive to make it usable again ⁶⁾. If you have a disk drive produced 2001 or later (with a capacity of 15GB or higher) there’s a 99% chance that your hard drive implements ATA-SE.

But what’s the hype about?

Keep reading →

Can God Create a Rock So Heavy Even He Can’t Lift It?

Relax, this hasn’t turned into a religious blog, I’m simply drawing a parallel to one of the best data recovery companies out there, Norwegian Ibas. Ibas are experts on recovering lost or hidden data. And it’s amazing how often they succeed. Take a look at this charred wreck of a burnt PC¹⁾:

 

On this particular PC 100% data was recovered.

What’s this got to do with you, you ask? Or with Gawd, for that matter?

Well, if you have sensitive data that you do not want anyone to find, let alone be able to read then companies like Ibas (or NSA, for that matter) are your worst nightmare. If the data has ever been stored on your computer these guys can probably find it. Pressing “Delete”, formatting the disk or using “fdisk” or similar tools will NOT do the job. If you have data that you want to get rid of, you need something serious.

Hence the God analogy - Ibas know how to treat the data so that they themselves cannot recover it. Enter: ExpertEraser

Keep reading →

EPIC Online Guide to Practical Privacy Tools

The Electronic Privacy Information Center (EPIC) is an independent non-profit public interest research center. They work on privacy issues, open government, free speech, and other important topics related to civil liberties.

If you’re not already a supporter, you might consider becoming one.

Anyway, today’s blog post is about their list of privacy tools. It’s certainly not a complete list, and they’re not doing anyone any favor listing Skype under “Voice Privacy” and “Secure Instant Messaging” (since Skype is Evil^tm), but the list is a great compilation of good tools.

Check it out here: http://www.epic.org/privacy/tools.html

Why Google is Evil™

Do you like the Google search engine? Yeah? I do too. In fact, I LOVE Google, and basically don’t use any other search engine. Why would I? Google gives great search hits, it’s fast and has that lean, efficient interface that doesn’t get in the way of my searching for information.

But do I trust Google Inc. to do no evil, to know everything about me; every aspect of my life – and not misuse that information, today and in the forseeable future?

Maybe I’m being Ultraparanoid™, but I’d have to say ”NO!”.

”But Google doesn’t know everything about me”, you say. Well, let’s take a look at what Google DO know (or may know), shall we?

If you use GMail, Google reads all your mail. If you use Google Desktop, Google reads every document on your computer. Just those two are enough to give me the creeps. But it gets even worse – a lot worse!

Keep reading →

Why Skype is Evil™

So, you’re a security-minded individual who uses a HW firewall, a client firewall, antivirus SW and anti-spyware SW to protect yourself, your computer and your privacy. Great! Now you’ve found a great way to communicate with your friends and family in a secure fashion: Skype! Well, let’s take a deep breath and have a closer look at Skype. Here’s a conversation between me and you:

You: I’ve found a way to communicate with my friends and my family in a secure fashion!

Me: Wow, that’s great. Tell me more about it.

You: It’s a voice-over-IP program with chat functionality.

Me: Sounds nice, but how exactly is it “secure”?

You: It encrypts everything with a 256-bit EAS algorithm – it’s unbreakable!

Me: Yes, 256-bit AES is a strong algorithm. Did you make sure to choose a long and complex passphrase when generating the master key to keep the implementation of the encryption as strong as the algorithm lets you?

Keep reading →

Another crappy product bites the dust

Apparently, the guys over at Secustick has convinced French military contractor Dassault, French bank Crédit Agricole and “the French intelligence service” (according to Secustick) that their new, cool “self-destructing” USB stick is the ultimate in portable storage security:

“a memory stick that will self-destruct after an incorrect password has been entered more than a set number of times”

Turns out that the stick is neither self-destructing nor secure, and that the French intelligence service should be very, very, very ashamed of themselves.

Thank God for hackers.

Update, april 19:th, 2007:
Apparently, renown IT security expert Bruce Schneier came to the same conclusion that I did.

Beware of the hidden information

Take a look at my Profile Image. Normally, someone with a little bit of knowledge could find out quite a bit of information about me just by checking the EXIF metadata of the image. Since I stole this particular image off the Internet, nothing much interesting can be revealed, besides the date and time I modified the image and the fact that I used Photoshop CS2 to modify it.

However, a photo taken by myself with my digital camera can tell you

• when the picture was taken,
• what camera make and model I used,
• what software I used to download the picture to my computer,
• when the picture was modified and
• what software I used to modify it.

If I’m using one of these GPS-enabled devices, you can even find out exactly WHERE I took the picture.

If you have one of those fancy new digital single-lens reflex cameras (e.g. Canon Digital Rebel) you’ve probably registered your camera with the manufacturer (Canon) for bonus crap, haven’t you? And since the “Camera Body No.” is stored in the EXIF information, the people at Canon (and NSA, if they want to) know what pictures YOU took (or someone using your camera).

Normally, EXIF is a Good Thing^TM. The GPS camera, for example, was created to enable you to let your friends know where (and when) you took the picture. But as usual: beware of what you reveal to strangers. If tinfoil is your friend, you might want to remove that EXIF information before giving the picture to the entire world, without ever being able to remove it…

The simplest and best tool I’ve encountered for removing EXIF information is “Exif Farm“.

Unfortunately, EXIF Farm costs money (the demo sucks ass). However, there are numerous other tools available, including some Open Source ones.

Migration

Moving from Blogger to WordPress. Not just because Google is evil, though – WordPress has some nice features that Blogger just don’t have: the ability to create static pages, statistics, image upload, etc. The drawback is that some blog postings will have the same publication date, but I’m guessing that nobody cares.