Auto defrag + secure delete = not secure?

2

Comments

  • Reply 21 of 48
    kickahakickaha Posts: 8,760member
    Point.



    Missed.



    We were discussing the erasing of files in the presence of automated disk maintenance, and how EVEN 35-pass delete won't help this apparent issue.



    The file blocks pointed to are well deleted.



    The file blocks that were left behind from previous 'auto-defrag' moves are LEFT BEHIND FOR RECOVERY.



    I thought that was pretty clear.



    *What* is being deleted is completely, utterly, 100% irrelevant. The expectation of secure delete is broken.
  • Reply 22 of 48
    chuckerchucker Posts: 5,089member
    Quote:

    Originally posted by jpennington

    Oh so the DOD seven pass write or the 35 pass write doesn't do a good enough job.



    No, you were suggesting zero'ing out, which doesn't do a good enough job.



    7-pass write does. 35-pass write certainly does.
  • Reply 23 of 48
    I was under the impression that the 5220.22 standard instructed a 3+ pass writing zero's to all bits.



    Kickaha -- I understand that was the point of the thread. I was just wondering what was so sensitive that he/she was only using the consumer OS feature of secure delete to remove. It was a just a question, no need to get so defensive about it.
  • Reply 24 of 48
    kickahakickaha Posts: 8,760member
    Quote:

    Originally posted by jpennington

    Kickaha -- I understand that was the point of the thread. I was just wondering what was so sensitive that he/she was only using the consumer OS feature of secure delete to remove. It was a just a question, no need to get so defensive about it.



    "What are you hiding?"



    Actually, when I see another member get attacked like that, I will get defensive. It is none of your business. Or mine. If they have information, as we *ALL* do, that they prefer to keep private, then that is their business, and theirs alone.



    To insinuate that because they want to secure delete data, which is a perfectly reasonable thing to do, they have something to 'hide' smacks of paranoia and snooping. We outgrew McCarthyism decades ago, I'd like to keep it that way.



    So yes, it was just a question. So is "Have you stopped beating your wife?" Or "How's the kiddie porn ring going?" Or "Where's your sheet?" It was a question that was aggressive, and shouldn't have been asked, and frankly, was just plain off-topic, IMO.
  • Reply 25 of 48
    Alright, it was off topic. No one forced to your reply though.
  • Reply 26 of 48
    kickahakickaha Posts: 8,760member
    Quote:

    Originally posted by jpennington

    Alright, it was off topic. No one forced to your reply though.



    Just conscience.
  • Reply 27 of 48
    amoryaamorya Posts: 1,103member
    Quote:

    Originally posted by Kickaha

    Only an idiot has nothing to hide.



  • Reply 28 of 48
    hirohiro Posts: 2,663member
    Quote:

    Originally posted by Chucker

    No, you were suggesting zero'ing out, which doesn't do a good enough job.



    7-pass write does. 35-pass write certainly does.




    The many pass overwiting was discussed here. Seems like it might be a bit overkill despite that it is a DoD/NSA standard.
  • Reply 29 of 48
    drumsticksdrumsticks Posts: 315member
    Haha... I fully expected this thread to go off topic as it has. Thanks for those who replied.



    I agree with Kickaha. It's not about what I or anyone have to hide. It's just a technical question. I don't even use secure delete at the moment, before or after asking the question. I just felt that this combination presented a risk of some sort. Whether the risk is relevant is not important, except that the risk does exist.
  • Reply 30 of 48
    Quote:

    Originally posted by drumsticks

    Haha... I fully expected this thread to go off topic as it has. Thanks for those who replied.



    I agree with Kickaha. It's not about what I or anyone have to hide. It's just a technical question. I don't even use secure delete at the moment, before or after asking the question. I just felt that this combination presented a risk of some sort. Whether the risk is relevant is not important, except that the risk does exist.




    A risk isn't a risk if it is relevant.



    (please note the following is a just a joke, so please don't this or any or my comments seriously)

    A bear could walk into my living room right now and eat me, that is a risk I am taking by sitting here with a sliding glass door behind me. Is it relevant? No, thus I don't discuss it.
  • Reply 31 of 48
    drumsticksdrumsticks Posts: 315member
    Quote:

    Originally posted by jpennington

    A risk isn't a risk if it is relevant.



    It might be to some people who may have falsely believed that they have securely removed all traces of something when they might not have.



    But I get your point though...
  • Reply 32 of 48
    I'm really not trying to be a dink... but I need to ask.



    What kind of information could be so critical that it'd need to be written-over 35-times when erased...?



    Unless you work for the FBI or you edit child-porn, I am having a tough-time thinking of anything that needs to be deleted that securely. Again, not flaming, I really am curious since I am on a desktop, so the odds of my machine being misplaced or stolen are much less than that of a laptop... and I do not have any high-level corporate information on my system.



    I am just looking for an example or two so I can better understand the need.
  • Reply 33 of 48
    chuckerchucker Posts: 5,089member
    35 times is excessive (7 ought to be enough), but I would imagine corporate documents is a good example. You wouldn't want to be responsible for competitors to get ahold of internal documents.
  • Reply 34 of 48
    kickahakickaha Posts: 8,760member
    Exactly. On my laptop I have literally dozens of files marked "Internal - Confidential" from my work. When I erase them, I expect them to be GONE, and so does my employer.
  • Reply 35 of 48
    MarvinMarvin Posts: 14,224moderator
    Quote:

    Originally posted by Scott Finlayson

    Unless you work for the FBI or you edit child-porn, I am having a tough-time thinking of anything that needs to be deleted that securely.



    Secret love letters to your mistress which you'd rather hide from your wife who works for the FBI and can find the files if she wanted to



    Billionaire's banking details



    If you were a priest and had any form of pornography on your system (apart from child-porn which would probably get you a promotion)



    If you worked in the entertainment industry and had a lot of contacts for famous stars that you wouldn't want to fall into the hands of Joe Public



    If you secretly filmed your family members and friends who took showers in your house but didn't want them to find out



    ^ guess which are mine.



    That's right all of 'em :P. I'm gonna be a rich, cheating, famous, voyeur of a pope.



    There are lots of reasons. Admittedly, people who need security tend to have something to hide and more often than not it tends to be something bad. however, who is anyone to judge? We've all had a personal vault since we were born - our mind. Would you object to anyone snooping around in there? Well, unless you're a child molestor then you have nothing to hide right? Of course that's a ludicrous suggestion. Well, computers are just physical analogies of that personal space and everyone has the right to keep it to themselves.



    I personally keep my letters of the love which never was and notes of how to commit suicide quickly to end the pain. Oh yeah and my online banking details. What's it to ya?
  • Reply 36 of 48
    gene cleangene clean Posts: 3,481member
    Quote:

    Originally posted by Kickaha

    Exactly. On my laptop I have literally dozens of files marked "Internal - Confidential" from my work. When I erase them, I expect them to be GONE, and so does my employer.



    Yeah, I used to do it *twice* that much, that is, 35x2 just to kill any possibility of them ever coming back, even partially.
  • Reply 37 of 48
    MarvinMarvin Posts: 14,224moderator
    One thing I'm curious about is the filesystem databases. I don't think that secure delete covers that. For example, let's say someone stored passwords in the names of text files. The database stores links to the filenames so any software that analysed the databases would recover the passwords. Norton did this under OS 9. Even if the file itself couldn't be recovered, the names of the files often were. Or does secure delete generate a random name? i know some secure delete software does this.



    Another vulnerability we have to consider these days is meta data stored by Spotlight. I don't think it indexes encrypted drives but it would index a file as soon as it came onto your system. Although any deletion would remove the index from Spotlight, I don't know if it would overwrite the index.
  • Reply 38 of 48
    hirohiro Posts: 2,663member
    I think that is a difference between secure-delete and ''total obfuscation". If the data is securely deleted then you meet the delete criteria. The spotlight indices will be deleted when the file is deleted, but the indices are probably not overwritten. But lets face it, if you are that paranoid about something you would be daft not to encrypt all of it from the get-go. AND set the virtual memory swap files to be encrypted too.
  • Reply 39 of 48
    The question I have about this is, is Apple aware of this, and can they fix secure delete to address all of the security problems discussed so far in this thread?



    Seems to me that it's a very useful feature that ought to be toughened up to really be secure. I don't have enough knowledge on this topic to write to Apple and ask for this feature to be looked at and improved. Has anyone contacted Apple with their concerns on this security matter?
  • Reply 40 of 48
    hirohiro Posts: 2,663member
    It wouldn't be reasonable to over-engineer secure delete. If you really want security you already have encrypted images available which address ALL the concerns given so far. And secure deleting the encrypted image will not suffer from the problems of singular files because of its properties as an image.



    Worrying about traces of a non-encrypted file being scattered across a drive if it was ever fragmented enough to rewrite and then not having those unencrypted traces hunted down and eradicated when asking to secure delete the file is a lot like worrying about the stain resistant properties of your Dockers on the day you went to work/school in your undies.



    If you are worried about data theft your unencrypted data is infinitely more vulnerable before it was secure-deleted. The chances of reconstruction out of scattered fragments are infitessimal. Why worry about Buck Rodgers file reconstruction when someone could have just copied the unencrypted file while you were away for coffee?
Sign In or Register to comment.