Cloud, Digital, SaaS, Enterprise 2.0, Enterprise Software, CIO, Social Media, Mobility, Trends, Markets, Thoughts, Technologies, Outsourcing


Contact Me:

Linkedin Facebook Twitter Google Profile


wwwThis Blog
Google Book Search



  • Creative Commons License
  • This page is powered by Blogger. Isn't yours?
Enter your email address below to subscribe to this Blog !

powered by Bloglet


Saturday, January 29, 2005

Used And Sold Harddisks With Valid Data

Brad Feld writes about valid data retained in used disk drives based on findings from Simson Garfinel of MIT. Excerpts with edits :

Simson bought 235 used hard drives between 11/2000 and 1/2003 from eBay, computer stores, and swap meets. He set up a technical infrastructure to mount the drives, image them (using FreeBSD), store the images on a RAID server, store the metadata in a MySQL database, and then mine the data. Simson Garfinel found a huge amount of data, including confidential information such as medical records, HR correspondence, and financial data including a hardidsk from an ATM.It contained one year’s worth of transactions, including over 3,000 card numbers. In this case, the drives weren’t sanitized correctly and the data was still on them for Simson to play around with.
In addition to explaining the problem and substantiating it with real data, Simson makes a number of suggestions for how to address the issue. Two of his more severe (but logical) suggestions for cleaning all the data off of used drives are :
(a) to degauss them with a Type 1 or Type II degausser or
(b) destroy, disintegrate, incinerate, pulverize, shred, or melt the drive.
For less than $1,000 and working part time, he was able to collect thousands of credit cards, detailed financial records on hundreds of people, and confidential corporate files. He concludes by asking – "who else is doing this?". Simson's presentation is available here. Every system administrator, IS security expert, CIO's and business manager must read this excellent presentation.

ThinkExist.com Quotes
Sadagopan's Weblog on Emerging Technologies, Trends,Thoughts, Ideas & Cyberworld
"All views expressed are my personal views are not related in any way to my employer"