[lug] drive free space "wiper" recommendation

Paul E Condon pecondon at mesanetworks.net
Wed Oct 13 17:22:11 MDT 2010


Hi Glenn,

Actually my triggering post was, I thought, about using disk wiping
software as a vector for infecting a working computer with a trojan (I
think that is the word for malware that is inserted by deception),
which trojan is designed to send cracking information to someone who
is interested in cracking into computers of known security nut cases,
who just might put some interesting stuff on the old HD. I guess I
didn't express myself clearly enough.

As a separate issue, I am curious about the assumption that the most
likely perp. in a breakin into a computer in USA is gov't of USA. Why
not Mossad, or some Islamic counterpart to it? or BP? or Goldman? or
some other evil doers? Why fixate on the organization that is much
more likely just to smash in the door to the building and waterboard
whoever they find inside?

Cheers, 
Paul

On 20101013_113548, Glenn Murray wrote:
> Hi Bear,
> 
> You really make my point here, in several ways.  I long for the day
> that I am at risk of having millions of dollars transferred out of my
> account.   Even if someone gets my account and routing numbers, they
> will find themselves disappointed.   And if they do get this
> information, how likely is it they get it off a discarded hard drive
> and not off a working computer?  My feeling is that it is pretty
> unlikely.  I find it especially unlikely that they are going to track
> my email activity from an old disk sitting on the bench in the garage.
> 
> The conversation here has drifted into identity theft, which is not
> the issue I was talking about.  I'm claiming that the risk that
> something valuable is going to be swiped off of one my old hard drives
> is negligible.   The common crook isn't going to spend a lot trying to
> recover dubious data from a wiped drive, and if the government wants
> to throw that much resources at it then I'm toast anyway.
> 
> Elsewhere in this thread:  the idea of suggesting to someone searching
> your house that information may be concealed all over the place is
> nuts.  The last thing I would want is my house disassembled.  Have you
> seen what they do in drug busts?
> 
> I agree that security is something you buy in degrees.  Destroying
> unused hard drives definitely isn't worth it to me.  Wiping drives is
> more than plenty.
> 
> The security business is often driven by two emotions: pride and fear.
>  Pride that you (think you) have something so very valuable that it
> makes you a singular target, and fear that you are in imminent danger.
>  I've met a lot of people who get carried away by these emotions.
> It's a lousy way to live.
> 
> Cheers,
> Glenn
> 
> On Tue, Oct 12, 2010 at 3:24 PM, Bear Giles <bgiles at coyotesong.com> wrote:
> > Nobody cares about your balance, it's the bank routing and account numbers
> > that are important.  Whip up some fake checks and by the time you fight it
> > out with the bank I'm long gone with your money.
> >
> > Ditto online brokerage accounts.  It's not because someone can peek, it's
> > because somebody can authorize a wire transfer of your funds to the Cayman
> > Islands.
> >
> > A few years ago there was a story of a guy who checked his balance every
> > day.  Then he came back from vacation and his account had been wiped out.
> > It turned out that the attacker also had access to his email and was waiting
> > until he knew the guy would be away from his computer for a few days before
> > transferring out millions of dollars.
> >
> > On Tue, Oct 12, 2010 at 2:30 PM, Glenn Murray <glenn.murray at gmail.com>
> > wrote:
> >>
> >> I think I may have checked some balances every couple of years.  I
> >> don't keep copies of bank statements, but I probably should.
> >>
> >> Who cares?  I mean, even if this were public information (as it has
> >> been most of my career), does anyone outside of my family really care
> >> how much money I have/earn/spend, especially if it is all so
> >> predictable?
> >>
> >> The idea that the government is going to come after me for my
> >> depressingly conventional politics is also silly.  I would be thrilled
> >> to be able to stand up in front of Congress and speak against the
> >> dirty dogs compromising my principles.  Unfortunately, my politics
> >> don't seem to attract that much attention.  I've never even been
> >> arrested for them, and that's an embarrassment.
> >>
> >> Cheers,
> >> Glenn
> >>
> >>
> >> On Tue, Oct 12, 2010 at 12:02 PM, Bear Giles <bgiles at coyotesong.com>
> >> wrote:
> >> > Ever check your 401(k) balance online?
> >> >
> >> > Do you keep PDF copies of bank statements?
> >> >
> >> >
> >> > On Tue, Oct 12, 2010 at 11:49 AM, Glenn Murray <glenn.murray at gmail.com>
> >> > wrote:
> >> >>
> >> >> This seems overly cautious to me.
> >> >>
> >> >> 1.  I don't know how much "Academic" papers really affect the people
> >> >> writing drive erasure software.
> >> >>
> >> >> 2.  It's not clear to me what a "large number" means here.
> >> >>
> >> >> 3.  I have a hard time believing that the "Government" really cares
> >> >> about what's on my hard drive.
> >> >>
> >> >> 4.  Needlessly destroying hardware doesn't sit well with my green
> >> >> sensibilities.
> >> >>
> >> >> If there is data on my hard drive worth tens of thousands of dollars I
> >> >> wish someone would point it out to me.
> >> >>
> >> >> Cheers,
> >> >> Glenn
> >> >>
> >> >>
> >> >> On Tue, Oct 12, 2010 at 11:36 AM, Nate Duehr <nate at natetech.com> wrote:
> >> >> >  By the way, note that a large number of the Academic papers written
> >> >> > on
> >> >> > the topic of drive erasure were funded by Government money (grants,
> >> >> > etc.) the very people who want their data private, and yet might also
> >> >> > want to read yours...
> >> >> >
> >> >> > Physically turning the drive into tiny little bits, pretty much
> >> >> > negates
> >> >> > any "conflict of interest". :-)
> >> >> >
> >> >> > Nate
> >> >> > _______________________________________________
> >> >> > Web Page:  http://lug.boulder.co.us
> >> >> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >> >> > Join us on IRC: irc.hackingsociety.org port=6667
> >> >> > channel=#hackingsociety
> >> >> >
> >> >> _______________________________________________
> >> >> Web Page:  http://lug.boulder.co.us
> >> >> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >> >> Join us on IRC: irc.hackingsociety.org port=6667
> >> >> channel=#hackingsociety
> >> >
> >> >
> >> > _______________________________________________
> >> > Web Page:  http://lug.boulder.co.us
> >> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >> > Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
> >> >
> >> _______________________________________________
> >> Web Page:  http://lug.boulder.co.us
> >> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
> >
> >
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
> >
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety

-- 
Paul E Condon           
pecondon at mesanetworks.net



More information about the LUG mailing list