[lug] drive free space "wiper" recommendation

Wed Oct 13 11:35:48 MDT 2010

Hi Bear,

You really make my point here, in several ways.  I long for the day
that I am at risk of having millions of dollars transferred out of my
account.   Even if someone gets my account and routing numbers, they
will find themselves disappointed.   And if they do get this
information, how likely is it they get it off a discarded hard drive
and not off a working computer?  My feeling is that it is pretty
unlikely.  I find it especially unlikely that they are going to track
my email activity from an old disk sitting on the bench in the garage.

The conversation here has drifted into identity theft, which is not
the issue I was talking about.  I'm claiming that the risk that
something valuable is going to be swiped off of one my old hard drives
is negligible.   The common crook isn't going to spend a lot trying to
recover dubious data from a wiped drive, and if the government wants
to throw that much resources at it then I'm toast anyway.

Elsewhere in this thread:  the idea of suggesting to someone searching
your house that information may be concealed all over the place is
nuts.  The last thing I would want is my house disassembled.  Have you
seen what they do in drug busts?

I agree that security is something you buy in degrees.  Destroying
unused hard drives definitely isn't worth it to me.  Wiping drives is
more than plenty.

The security business is often driven by two emotions: pride and fear.
 Pride that you (think you) have something so very valuable that it
makes you a singular target, and fear that you are in imminent danger.
 I've met a lot of people who get carried away by these emotions.
It's a lousy way to live.

Cheers,
Glenn

On Tue, Oct 12, 2010 at 3:24 PM, Bear Giles <bgiles at coyotesong.com> wrote:
> Nobody cares about your balance, it's the bank routing and account numbers
> that are important.  Whip up some fake checks and by the time you fight it
> out with the bank I'm long gone with your money.
>
> Ditto online brokerage accounts.  It's not because someone can peek, it's
> because somebody can authorize a wire transfer of your funds to the Cayman
> Islands.
>
> A few years ago there was a story of a guy who checked his balance every
> day.  Then he came back from vacation and his account had been wiped out.
> It turned out that the attacker also had access to his email and was waiting
> until he knew the guy would be away from his computer for a few days before
> transferring out millions of dollars.
>
> On Tue, Oct 12, 2010 at 2:30 PM, Glenn Murray <glenn.murray at gmail.com>
> wrote:
>>
>> I think I may have checked some balances every couple of years.  I
>> don't keep copies of bank statements, but I probably should.
>>
>> Who cares?  I mean, even if this were public information (as it has
>> been most of my career), does anyone outside of my family really care
>> how much money I have/earn/spend, especially if it is all so
>> predictable?
>>
>> The idea that the government is going to come after me for my
>> depressingly conventional politics is also silly.  I would be thrilled
>> to be able to stand up in front of Congress and speak against the
>> dirty dogs compromising my principles.  Unfortunately, my politics
>> don't seem to attract that much attention.  I've never even been
>> arrested for them, and that's an embarrassment.
>>
>> Cheers,
>> Glenn
>>
>>
>> On Tue, Oct 12, 2010 at 12:02 PM, Bear Giles <bgiles at coyotesong.com>
>> wrote:
>> > Ever check your 401(k) balance online?
>> >
>> > Do you keep PDF copies of bank statements?
>> >
>> >
>> > On Tue, Oct 12, 2010 at 11:49 AM, Glenn Murray <glenn.murray at gmail.com>
>> > wrote:
>> >>
>> >> This seems overly cautious to me.
>> >>
>> >> 1.  I don't know how much "Academic" papers really affect the people
>> >> writing drive erasure software.
>> >>
>> >> 2.  It's not clear to me what a "large number" means here.
>> >>
>> >> 3.  I have a hard time believing that the "Government" really cares
>> >> about what's on my hard drive.
>> >>
>> >> 4.  Needlessly destroying hardware doesn't sit well with my green
>> >> sensibilities.
>> >>
>> >> If there is data on my hard drive worth tens of thousands of dollars I
>> >> wish someone would point it out to me.
>> >>
>> >> Cheers,
>> >> Glenn
>> >>
>> >>
>> >> On Tue, Oct 12, 2010 at 11:36 AM, Nate Duehr <nate at natetech.com> wrote:
>> >> >  By the way, note that a large number of the Academic papers written
>> >> > on
>> >> > the topic of drive erasure were funded by Government money (grants,
>> >> > etc.) the very people who want their data private, and yet might also
>> >> > want to read yours...
>> >> >
>> >> > Physically turning the drive into tiny little bits, pretty much
>> >> > negates
>> >> > any "conflict of interest". :-)
>> >> >
>> >> > Nate
>> >> > _______________________________________________
>> >> > Web Page:  http://lug.boulder.co.us
>> >> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>> >> > Join us on IRC: irc.hackingsociety.org port=6667
>> >> > channel=#hackingsociety
>> >> >
>> >> _______________________________________________
>> >> Web Page:  http://lug.boulder.co.us
>> >> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>> >> Join us on IRC: irc.hackingsociety.org port=6667
>> >> channel=#hackingsociety
>> >
>> >
>> > _______________________________________________
>> > Web Page:  http://lug.boulder.co.us
>> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>> > Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>> >
>> _______________________________________________
>> Web Page:  http://lug.boulder.co.us
>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>