I was under the impression that the 5220.22 standard instructed a 3+ pass writing zero's to all bits.
Kickaha -- I understand that was the point of the thread. I was just wondering what was so sensitive that he/she was only using the consumer OS feature of secure delete to remove. It was a just a question, no need to get so defensive about it.
Kickaha -- I understand that was the point of the thread. I was just wondering what was so sensitive that he/she was only using the consumer OS feature of secure delete to remove. It was a just a question, no need to get so defensive about it.
"What are you hiding?"
Actually, when I see another member get attacked like that, I will get defensive. It is none of your business. Or mine. If they have information, as we *ALL* do, that they prefer to keep private, then that is their business, and theirs alone.
To insinuate that because they want to secure delete data, which is a perfectly reasonable thing to do, they have something to 'hide' smacks of paranoia and snooping. We outgrew McCarthyism decades ago, I'd like to keep it that way.
So yes, it was just a question. So is "Have you stopped beating your wife?" Or "How's the kiddie porn ring going?" Or "Where's your sheet?" It was a question that was aggressive, and shouldn't have been asked, and frankly, was just plain off-topic, IMO.
Haha... I fully expected this thread to go off topic as it has. Thanks for those who replied.
I agree with Kickaha. It's not about what I or anyone have to hide. It's just a technical question. I don't even use secure delete at the moment, before or after asking the question. I just felt that this combination presented a risk of some sort. Whether the risk is relevant is not important, except that the risk does exist.
Haha... I fully expected this thread to go off topic as it has. Thanks for those who replied.
I agree with Kickaha. It's not about what I or anyone have to hide. It's just a technical question. I don't even use secure delete at the moment, before or after asking the question. I just felt that this combination presented a risk of some sort. Whether the risk is relevant is not important, except that the risk does exist.
A risk isn't a risk if it is relevant.
(please note the following is a just a joke, so please don't this or any or my comments seriously)
A bear could walk into my living room right now and eat me, that is a risk I am taking by sitting here with a sliding glass door behind me. Is it relevant? No, thus I don't discuss it.
I'm really not trying to be a dink... but I need to ask.
What kind of information could be so critical that it'd need to be written-over 35-times when erased...?
Unless you work for the FBI or you edit child-porn, I am having a tough-time thinking of anything that needs to be deleted that securely. Again, not flaming, I really am curious since I am on a desktop, so the odds of my machine being misplaced or stolen are much less than that of a laptop... and I do not have any high-level corporate information on my system.
I am just looking for an example or two so I can better understand the need.
35 times is excessive (7 ought to be enough), but I would imagine corporate documents is a good example. You wouldn't want to be responsible for competitors to get ahold of internal documents.
Exactly. On my laptop I have literally dozens of files marked "Internal - Confidential" from my work. When I erase them, I expect them to be GONE, and so does my employer.
Unless you work for the FBI or you edit child-porn, I am having a tough-time thinking of anything that needs to be deleted that securely.
Secret love letters to your mistress which you'd rather hide from your wife who works for the FBI and can find the files if she wanted to
Billionaire's banking details
If you were a priest and had any form of pornography on your system (apart from child-porn which would probably get you a promotion)
If you worked in the entertainment industry and had a lot of contacts for famous stars that you wouldn't want to fall into the hands of Joe Public
If you secretly filmed your family members and friends who took showers in your house but didn't want them to find out
^ guess which are mine.
That's right all of 'em :P. I'm gonna be a rich, cheating, famous, voyeur of a pope.
There are lots of reasons. Admittedly, people who need security tend to have something to hide and more often than not it tends to be something bad. however, who is anyone to judge? We've all had a personal vault since we were born - our mind. Would you object to anyone snooping around in there? Well, unless you're a child molestor then you have nothing to hide right? Of course that's a ludicrous suggestion. Well, computers are just physical analogies of that personal space and everyone has the right to keep it to themselves.
I personally keep my letters of the love which never was and notes of how to commit suicide quickly to end the pain. Oh yeah and my online banking details. What's it to ya?
Exactly. On my laptop I have literally dozens of files marked "Internal - Confidential" from my work. When I erase them, I expect them to be GONE, and so does my employer.
Yeah, I used to do it *twice* that much, that is, 35x2 just to kill any possibility of them ever coming back, even partially.
One thing I'm curious about is the filesystem databases. I don't think that secure delete covers that. For example, let's say someone stored passwords in the names of text files. The database stores links to the filenames so any software that analysed the databases would recover the passwords. Norton did this under OS 9. Even if the file itself couldn't be recovered, the names of the files often were. Or does secure delete generate a random name? i know some secure delete software does this.
Another vulnerability we have to consider these days is meta data stored by Spotlight. I don't think it indexes encrypted drives but it would index a file as soon as it came onto your system. Although any deletion would remove the index from Spotlight, I don't know if it would overwrite the index.
I think that is a difference between secure-delete and ''total obfuscation". If the data is securely deleted then you meet the delete criteria. The spotlight indices will be deleted when the file is deleted, but the indices are probably not overwritten. But lets face it, if you are that paranoid about something you would be daft not to encrypt all of it from the get-go. AND set the virtual memory swap files to be encrypted too.
The question I have about this is, is Apple aware of this, and can they fix secure delete to address all of the security problems discussed so far in this thread?
Seems to me that it's a very useful feature that ought to be toughened up to really be secure. I don't have enough knowledge on this topic to write to Apple and ask for this feature to be looked at and improved. Has anyone contacted Apple with their concerns on this security matter?
It wouldn't be reasonable to over-engineer secure delete. If you really want security you already have encrypted images available which address ALL the concerns given so far. And secure deleting the encrypted image will not suffer from the problems of singular files because of its properties as an image.
Worrying about traces of a non-encrypted file being scattered across a drive if it was ever fragmented enough to rewrite and then not having those unencrypted traces hunted down and eradicated when asking to secure delete the file is a lot like worrying about the stain resistant properties of your Dockers on the day you went to work/school in your undies.
If you are worried about data theft your unencrypted data is infinitely more vulnerable before it was secure-deleted. The chances of reconstruction out of scattered fragments are infitessimal. Why worry about Buck Rodgers file reconstruction when someone could have just copied the unencrypted file while you were away for coffee?
Comments
Missed.
We were discussing the erasing of files in the presence of automated disk maintenance, and how EVEN 35-pass delete won't help this apparent issue.
The file blocks pointed to are well deleted.
The file blocks that were left behind from previous 'auto-defrag' moves are LEFT BEHIND FOR RECOVERY.
I thought that was pretty clear.
*What* is being deleted is completely, utterly, 100% irrelevant. The expectation of secure delete is broken.
Originally posted by jpennington
Oh so the DOD seven pass write or the 35 pass write doesn't do a good enough job.
No, you were suggesting zero'ing out, which doesn't do a good enough job.
7-pass write does. 35-pass write certainly does.
Kickaha -- I understand that was the point of the thread. I was just wondering what was so sensitive that he/she was only using the consumer OS feature of secure delete to remove. It was a just a question, no need to get so defensive about it.
Originally posted by jpennington
Kickaha -- I understand that was the point of the thread. I was just wondering what was so sensitive that he/she was only using the consumer OS feature of secure delete to remove. It was a just a question, no need to get so defensive about it.
"What are you hiding?"
Actually, when I see another member get attacked like that, I will get defensive. It is none of your business. Or mine. If they have information, as we *ALL* do, that they prefer to keep private, then that is their business, and theirs alone.
To insinuate that because they want to secure delete data, which is a perfectly reasonable thing to do, they have something to 'hide' smacks of paranoia and snooping. We outgrew McCarthyism decades ago, I'd like to keep it that way.
So yes, it was just a question. So is "Have you stopped beating your wife?" Or "How's the kiddie porn ring going?" Or "Where's your sheet?" It was a question that was aggressive, and shouldn't have been asked, and frankly, was just plain off-topic, IMO.
Originally posted by jpennington
Alright, it was off topic. No one forced to your reply though.
Just conscience.
Originally posted by Kickaha
Only an idiot has nothing to hide.
Originally posted by Chucker
No, you were suggesting zero'ing out, which doesn't do a good enough job.
7-pass write does. 35-pass write certainly does.
The many pass overwiting was discussed here. Seems like it might be a bit overkill despite that it is a DoD/NSA standard.
I agree with Kickaha. It's not about what I or anyone have to hide. It's just a technical question. I don't even use secure delete at the moment, before or after asking the question. I just felt that this combination presented a risk of some sort. Whether the risk is relevant is not important, except that the risk does exist.
Originally posted by drumsticks
Haha... I fully expected this thread to go off topic as it has. Thanks for those who replied.
I agree with Kickaha. It's not about what I or anyone have to hide. It's just a technical question. I don't even use secure delete at the moment, before or after asking the question. I just felt that this combination presented a risk of some sort. Whether the risk is relevant is not important, except that the risk does exist.
A risk isn't a risk if it is relevant.
(please note the following is a just a joke, so please don't this or any or my comments seriously)
A bear could walk into my living room right now and eat me, that is a risk I am taking by sitting here with a sliding glass door behind me. Is it relevant? No, thus I don't discuss it.
Originally posted by jpennington
A risk isn't a risk if it is relevant.
It might be to some people who may have falsely believed that they have securely removed all traces of something when they might not have.
But I get your point though...
What kind of information could be so critical that it'd need to be written-over 35-times when erased...?
Unless you work for the FBI or you edit child-porn, I am having a tough-time thinking of anything that needs to be deleted that securely. Again, not flaming, I really am curious since I am on a desktop, so the odds of my machine being misplaced or stolen are much less than that of a laptop... and I do not have any high-level corporate information on my system.
I am just looking for an example or two so I can better understand the need.
Originally posted by Scott Finlayson
Unless you work for the FBI or you edit child-porn, I am having a tough-time thinking of anything that needs to be deleted that securely.
Secret love letters to your mistress which you'd rather hide from your wife who works for the FBI and can find the files if she wanted to
Billionaire's banking details
If you were a priest and had any form of pornography on your system (apart from child-porn which would probably get you a promotion)
If you worked in the entertainment industry and had a lot of contacts for famous stars that you wouldn't want to fall into the hands of Joe Public
If you secretly filmed your family members and friends who took showers in your house but didn't want them to find out
^ guess which are mine.
That's right all of 'em :P. I'm gonna be a rich, cheating, famous, voyeur of a pope.
There are lots of reasons. Admittedly, people who need security tend to have something to hide and more often than not it tends to be something bad. however, who is anyone to judge? We've all had a personal vault since we were born - our mind. Would you object to anyone snooping around in there? Well, unless you're a child molestor then you have nothing to hide right? Of course that's a ludicrous suggestion. Well, computers are just physical analogies of that personal space and everyone has the right to keep it to themselves.
I personally keep my letters of the love which never was and notes of how to commit suicide quickly to end the pain. Oh yeah and my online banking details. What's it to ya?
Originally posted by Kickaha
Exactly. On my laptop I have literally dozens of files marked "Internal - Confidential" from my work. When I erase them, I expect them to be GONE, and so does my employer.
Yeah, I used to do it *twice* that much, that is, 35x2 just to kill any possibility of them ever coming back, even partially.
Another vulnerability we have to consider these days is meta data stored by Spotlight. I don't think it indexes encrypted drives but it would index a file as soon as it came onto your system. Although any deletion would remove the index from Spotlight, I don't know if it would overwrite the index.
Seems to me that it's a very useful feature that ought to be toughened up to really be secure. I don't have enough knowledge on this topic to write to Apple and ask for this feature to be looked at and improved. Has anyone contacted Apple with their concerns on this security matter?
Worrying about traces of a non-encrypted file being scattered across a drive if it was ever fragmented enough to rewrite and then not having those unencrypted traces hunted down and eradicated when asking to secure delete the file is a lot like worrying about the stain resistant properties of your Dockers on the day you went to work/school in your undies.
If you are worried about data theft your unencrypted data is infinitely more vulnerable before it was secure-deleted. The chances of reconstruction out of scattered fragments are infitessimal. Why worry about Buck Rodgers file reconstruction when someone could have just copied the unencrypted file while you were away for coffee?