data shredder

--001636e0b61e7f4ab1047b34afa7
Content-Type: text/plain; charset=ISO-8859-1
I'm looking for a data shredder for ubuntu 9.10
--001636e0b61e7f4ab1047b34afa7
Content-Type: text/html; charset=ISO-8859-1
I'm looking for a data shredder for ubuntu 9.10
--001636e0b61e7f4ab1047b34afa7--

On 12/20/2009 07:28 PM, jesse stephen wrote:
> I'm looking for a data shredder for ubuntu 9.10
>
>
$ man shred

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

2009/12/21 jesse stephen :
> I'm looking for a data shredder for ubuntu 9.10
There is a rather efficient method described at
http://www.pcpro.co.uk/blogs/2009/08/14/meet-bustadrive-a-home-made-hard-di=
sk-destroyer/
but you also have 10 suggestions at
http://www.pcpro.co.uk/blogs/2009/08/20/pc-pros-top-10-hard-disk-destructio=
n-methods/
All solutions are cross-platform.
Lo=EFc
-- =
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinf=
o/ubuntu-users

On Mon, December 21, 2009 04:28, jesse stephen wrote:
> I'm looking for a data shredder for ubuntu 9.10
The other suggestions are good, and if you want a low-tech solution:
1) delete your files with rm as usual
2) overwrite the empty disk space with zeroes or random data
Use either one of these commands:
dd if=/dev/null of=nullfile bs=1M
dd if=/dev/random of=randomfile bs=1M
They will create a file called 'nullfile' or 'randomfile', filling all the
empty space on your disk. The dd command will automatically abort when all
free disk space is used.
Please note that this can take a *long* time, depending on the size of
your free disk space. Also /dev/random is a special device that generates
"entropy" (=random data) and with this method you use up all the available
entropy so sometimes it will stall until it has created enough new
entropy.
When it's done, rm nullfile or em randomfile.
If you're really paranoid, repeat the procedure a couple of times.
I use this method with /dev/null for another purpose: to backup usb
sticks. I have some preconfigured images (data recovery, ubuntu
installation,...) and I fill the stick with zeroes before doing a
full-disk backup with dd. This compresses the images very efficiently.
If you understand dutch, you can read about it on
http://amedee.be/kleine-full-disk-backup-dd
This is the short version:
$ dd if=/dev/zero of=/media/USB_2G/delete bs=1M
$ rm /media/USB_2G/delete
$ sudo umount /dev/sde1
$ dd if=/dev/sde | gzip -c9 > USB_2G_ext2.gz
Restore the backup with
$ gunzip -c USB_2G_ext2.gz | dd of=/dev/sde
Have fun!
--
Amedee
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Hi!
On 21/12/2009 09:55, Amedee Van Gasse (ub) wrote:
> On Mon, December 21, 2009 04:28, jesse stephen wrote:
>
>> I'm looking for a data shredder for ubuntu 9.10
>>
> The other suggestions are good, and if you want a low-tech solution:
>
> 1) delete your files with rm as usual
> 2) overwrite the empty disk space with zeroes or random data
> Use either one of these commands:
>
> dd if=/dev/null of=nullfile bs=1M
> dd if=/dev/random of=randomfile bs=1M
>
> They will create a file called 'nullfile' or 'randomfile', filling all the
> empty space on your disk. The dd command will automatically abort when all
> free disk space is used.
> Please note that this can take a *long* time, depending on the size of
> your free disk space. Also /dev/random is a special device that generates
> "entropy" (=random data) and with this method you use up all the available
> entropy so sometimes it will stall until it has created enough new
> entropy.
>
> When it's done, rm nullfile or em randomfile.
> If you're really paranoid, repeat the procedure a couple of times.
>
>
>
The problem with these commands, is that you're not really helping...
Forensics tools will read below one or more levels of re-write. You need
to do this several times in a row... and, more importantly, you need to
use special data patterns that will actually make reading shadows of
former data harder if not impossible. There are standards for that. And
they do not involve writing random data or zeros, but actual specific
patterns.
Gilles.
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Gilles Gravier wrote:
>
>> The other suggestions are good, and if you want a low-tech solution:
>>
>> 1) delete your files with rm as usual
>> 2) overwrite the empty disk space with zeroes or random data
>> Use either one of these commands:
>>
>> dd if=/dev/null of=nullfile bs=1M
>> dd if=/dev/random of=randomfile bs=1M
>>
>>
> The problem with these commands, is that you're not really helping...
> Forensics tools will read below one or more levels of re-write. You need
> to do this several times in a row... and, more importantly, you need to
> use special data patterns that will actually make reading shadows of
> former data harder if not impossible. There are standards for that. And
> they do not involve writing random data or zeros, but actual specific
> patterns.
>
> Gilles.
>
>
Amedee - I am used to the zero/random clearing of disks but not quite
clear on why you create an empty image. Could you clarify?
Gilles - Interesting point, could you expand on your thoughts? What
procedure would you use to clear data? Does deleting from an encrypted
fs (as you mentioned earlier) accomplish this pattern writing?
--
Fred
www.fwrgallery.com
"Life is like linux, simple. If you are fighting it you are doing something wrong."
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

On Mon, December 21, 2009 10:04, Gilles Gravier wrote:
> The problem with these commands, is that you're not really helping...
> Forensics tools will read below one or more levels of re-write. You need
> to do this several times in a row... and, more importantly, you need to
> use special data patterns that will actually make reading shadows of
> former data harder if not impossible. There are standards for that. And
> they do not involve writing random data or zeros, but actual specific
> patterns.
Hi!
Can you name a few of those forensics softwares? + documentation about how
they actually work and what the conditions are to get usable results?
Preferably something recent, not some outdated standards published by the
USA government (I don't trust foreign governments on that subject, I don't
even trust my own government).
Or are you talking about disassembling a hard disk in a dustfree room and
reading the actual magnetic patterns with a scanning probe microscope to
get a palimpsest image of the disk?
If you're afraid of a casual hacker or even most law enforcement (I have
played a bit with the forensic tools cd of our Federal Computer Crime
Unit), overwriting it 10 times with random data will be more than enough.
It's only when you're afraid of *very* large organisations (intelligence
agencies, multinationals) that procedures with special RLL patterns are
worth the effort. But then again, if your data is really *that* important,
you should physically destroy the disk. Throw it in the blash furnace of a
steel mill.
But that's just my humble opinion...
Another argument, if you have 10 KB of sensitive data on a 500 GB drive,
the chances that it will be found are close to zero. The data density is
just too high. And then there is the case of perpendicular recording.
What about flash memory? To shred data on a NAND memory device you will
need something that is covered by patent WO/2009/009052.
--
Amedee Van Gasse
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

This is a multi-part message in MIME format.
--------------020907090704040803010802
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Hi, Fred!
On 21/12/2009 14:08, Fred Roller wrote:
> Gilles Gravier wrote:
>
>>
>>> The other suggestions are good, and if you want a low-tech solution:
>>>
>>> 1) delete your files with rm as usual
>>> 2) overwrite the empty disk space with zeroes or random data
>>> Use either one of these commands:
>>>
>>> dd if=/dev/null of=nullfile bs=1M
>>> dd if=/dev/random of=randomfile bs=1M
>>>
>>>
>>>
>> The problem with these commands, is that you're not really helping...
>> Forensics tools will read below one or more levels of re-write. You need
>> to do this several times in a row... and, more importantly, you need to
>> use special data patterns that will actually make reading shadows of
>> former data harder if not impossible. There are standards for that. And
>> they do not involve writing random data or zeros, but actual specific
>> patterns.
>>
>> Gilles.
>>
>>
>>
> Amedee - I am used to the zero/random clearing of disks but not quite
> clear on why you create an empty image. Could you clarify?
>
> Gilles - Interesting point, could you expand on your thoughts? What
> procedure would you use to clear data? Does deleting from an encrypted
> fs (as you mentioned earlier) accomplish this pattern writing?
>
When you store in an encrypted form... in order to delete a file, all
you have to do is forget the key. Then what is left is what was there
when the file was there, encrypted, i.e. random junk. Since it's
impossible to reverse most modern encryption algorithms (AES, for
example). That's what the ephemerizer does to provide assured delete. It
stores one key per file and when you tell it to delete the file... it
deletes the key. :)
As for pattern writing, there are tools to do that. Quoting from this
page : http://www.fileshredderpro.com/shredding-algorithms.html there
are several algorithms to chose from :
- /Fast (1 pass)/
The fastest shredding algorithm. Your data is overwritten with zeroes.
- /British HMG IS5 (Baseline) (1 pass)/
Your data is overwritten with zeroes with verification.
- /Russian GOST P50739-95 (2 passes)/
GOST P50739-95 shredding algorithm calls for a single pass of zeroes
followed by a single pass of random byte.
- /British HMG IS5 (Enhanced) (3 passes)/
British HMG IS5 (Enhanced) is a three pass overwriting algorithm: first
pass - with zeroes, second pass - with ones and the last pass with
random bytes (last pass is verified).
- /US Army AR380-19 (3 passes)/
AR380-19 is data shredding algorithm specified and published by the U.S.
Army. AR380-19 is three pass overwriting algorithm: first pass - with
random bytes, second and third passes with certain bytes and with its
compliment (with last pass verification) .
- /US Department of Defense DoD 5220.22-M (3 passes)/
DoD 5220.22-M is three pass overwriting algorithm: first pass - with
zeroes, second pass - with ones and the last pass with random bytes.
With all passes verification.
- /the US Department of Defense DoD 5220.22-M (E) (3 passes)/
DoD 5220.22-M (E) is three pass overwriting algorithm: first pass - with
certain bytes, second pass - with its complement and the last pass -
with random bytes.
- /NAVSO P-5239-26 (RLL)/
NAVSO P-5239-26 (RLL) is three pass overwriting algorithm with last pass
verification.
- /NAVSO P-5239-26 (MFM)/
NAVSO P-5239-26 (MFM) is three pass overwriting algorithm with last pass
verification.
- /the US Department of Defense DoD 5220.22-M(ECE) (7 passes)/
DoD 5220.22-M(ECE) is seven pass overwriting algorithm: first and second
passes - with certain bytes and with its compliment, then two passes
with random character, then two passes with character and its complement
and the last pass - with random character.
- /Canadian RCMP TSSIT OPS-II (7 passes)/
RCMP TSSIT OPS-II is seven pass overwriting algorithm with three
alternating patterns of zeroes and ones and the last pass - with random
character (with last pass verification).
- /German VSITR (7 passes)/
The German standard calls for each sector to be overwritten with three
alternating patterns of zeroes and ones and in the last pass with character.
- /Bruce Schneier (7 passes)/
The Bruce Schneier shredding algorithm has seven passes: first pass -
with ones, the second pass - with zeroes and then five times with random
characters.
- /Peter Gutmann (35 passes)/
Peter Gutmann shredding algorithm has 35 passes.
Of course, I would not use the 1 pass fast or British algorithms... I
would

Hi, Amedee!
On 21/12/2009 14:36, Amedee Van Gasse (ub) wrote:
> On Mon, December 21, 2009 10:04, Gilles Gravier wrote:
>
>
>> The problem with these commands, is that you're not really helping...
>> Forensics tools will read below one or more levels of re-write. You need
>> to do this several times in a row... and, more importantly, you need to
>> use special data patterns that will actually make reading shadows of
>> former data harder if not impossible. There are standards for that. And
>> they do not involve writing random data or zeros, but actual specific
>> patterns.
>>
> Hi!
>
> Can you name a few of those forensics softwares? + documentation about how
> they actually work and what the conditions are to get usable results?
> Preferably something recent, not some outdated standards published by the
> USA government (I don't trust foreign governments on that subject, I don't
> even trust my own government).
>
The standards are still there, like /DoD 5220.22-M (3 passes).../ and
more also. See the list on my previous post.
> Or are you talking about disassembling a hard disk in a dustfree room and
> reading the actual magnetic patterns with a scanning probe microscope to
> get a palimpsest image of the disk?
>
That's why you want to have many overwrites... or a full gaussian
demagnetization (there are machines to do that)...
Of course if you want to re-use your drive... overwrites is the way to
go. Or assured delete.
> If you're afraid of a casual hacker or even most law enforcement (I have
> played a bit with the forensic tools cd of our Federal Computer Crime
> Unit), overwriting it 10 times with random data will be more than enough.
>
Random data is not enough... If you're going random, you might as well
do one pass.
If you want to benefit from multiple passes, you should use one of the
patterns created for that.
> It's only when you're afraid of *very* large organisations (intelligence
> agencies, multinationals) that procedures with special RLL patterns are
> worth the effort. But then again, if your data is really *that* important,
> you should physically destroy the disk. Throw it in the blash furnace of a
> steel mill.
> But that's just my humble opinion...
>
True.
> Another argument, if you have 10 KB of sensitive data on a 500 GB drive,
> the chances that it will be found are close to zero. The data density is
> just too high. And then there is the case of perpendicular recording.
>
Unless there is clear text in that block that allows a sector search to
find it...
> What about flash memory? To shred data on a NAND memory device you will
> need something that is covered by patent WO/2009/009052
Or you use assured delete...
Gilles.
--
/*Gilles Gravier*/ *=* *Gilles@Gravier.org*
ICQ : *77488526*
* || *MSN
Messenger : Gilles@Gravier.org *
*Skype : ggravier * || *Y! : ggravier
|| AOL : gillesgravier

Aka-Aki : *ggravier* ||
PGP Key ID : *0x8DE6D026*

"Living on Earth is expensive, but it does include a free trip around
the sun."
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Hi, Amedee!
On 21/12/2009 14:36, Amedee Van Gasse (ub) wrote:
> On Mon, December 21, 2009 10:04, Gilles Gravier wrote:
>
>
>> The problem with these commands, is that you're not really helping...
>> Forensics tools will read below one or more levels of re-write. You need
>> to do this several times in a row... and, more importantly, you need to
>> use special data patterns that will actually make reading shadows of
>> former data harder if not impossible. There are standards for that. And
>> they do not involve writing random data or zeros, but actual specific
>> patterns.
>>
> Hi!
>
> Can you name a few of those forensics softwares? + documentation about how
> they actually work and what the conditions are to get usable results?
> Preferably something recent, not some outdated standards published by the
> USA government (I don't trust foreign governments on that subject, I don't
> even trust my own government).
>
The standards are still there, like /DoD 5220.22-M (3 passes).../ and
more also. See the list on my previous post.
> Or are you talking about disassembling a hard disk in a dustfree room and
> reading the actual magnetic patterns with a scanning probe microscope to
> get a palimpsest image of the disk?
>
That's why you want to have many overwrites... or a full gaussian
demagnetization (there are machines to do that)...
Of course if you want to re-use your drive... overwrites is the way to
go. Or assured delete.
> If you're afraid of a casual hacker or even most law enforcement (I have
> played a bit with the forensic tools cd of our Federal Computer Crime
> Unit), overwriting it 10 times with random data will be more than enough.
>
Random data is not enough... If you're going random, you might as well
do one pass.
If you want to benefit from multiple passes, you should use one of the
patterns created for that.
> It's only when you're afraid of *very* large organisations (intelligence
> agencies, multinationals) that procedures with special RLL patterns are
> worth the effort. But then again, if your data is really *that* important,
> you should physically destroy the disk. Throw it in the blash furnace of a
> steel mill.
> But that's just my humble opinion...
>
True.
> Another argument, if you have 10 KB of sensitive data on a 500 GB drive,
> the chances that it will be found are close to zero. The data density is
> just too high. And then there is the case of perpendicular recording.
>
Unless there is clear text in that block that allows a sector search to
find it...
> What about flash memory? To shred data on a NAND memory device you will
> need something that is covered by patent WO/2009/009052
Or you use assured delete...
Gilles.
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

On Mon, December 21, 2009 14:08, Fred Roller wrote:
> Gilles Gravier wrote:
>>
>>> The other suggestions are good, and if you want a low-tech solution:
>>>
>>> 1) delete your files with rm as usual
>>> 2) overwrite the empty disk space with zeroes or random data
>>> Use either one of these commands:
>>>
>>> dd if=/dev/null of=nullfile bs=1M
>>> dd if=/dev/random of=randomfile bs=1M
> Amedee - I am used to the zero/random clearing of disks but not quite
> clear on why you create an empty image. Could you clarify?
Fred,
Suppose I have a 10MB filesystem with 3 files:
alice.txt - 1MB
bob.txt - 2MB
eve.txt - 3MB
I have 4 MB free disk space
I delete eve.txt but I keep Alice and Bob.
I want to wipe the free space on the filesystem, so I fill it up with a
zero file called charlie.txt. It will be 7MB: 4MB of the original free
space, and 3MB from eve.txt.
If I would zero/random clear the entire disk, then I would destroy the
filesystem and loose Alice and Bob.
--
Amedee
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

On Mon, December 21, 2009 14:24, Thomas K Gamble wrote:
> I especially like the comment that the chances of overwritten data being
> recovered from a modern hard drive amount to "urban legend".
>
> If the idea that a single overwrite is sufficient is to be believed then
> we must
> assume that the stories of the FBI and other law enforcement agencies
> recovering data from hard drives, the data must not have been overwritten,
> or at least not thoroughly overwritten.
The emphasis is on *modern* hard drives.
The stories were true once, or at least they were more than a theoretical
method, which doesn't mean that they were ever used on a large scale.
But they moved in the realms of urband legendry about 15 years ago.
You will notice that most scientific research papers on the subject were
published before the eighties or early nineties.
I have yet to see a scientifically sound research paper published after 2005.
I'm an adherent of the cock-up theory (aka Hanlon's Razor), which says
that stupidity is usually more likely than intent to be the cause of
problemns.
Don't we all love TV shows like CSI and NCIS where they _always_ solve the
crime in less than 50 minutes? Near-perfect data recovery is just a tool
to help the storyline. Real life sucks.
--
Amedee
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Hi Gilles!
Something went wrong, I got your last mail 3 times.
On Mon, December 21, 2009 14:48, Gilles Gravier wrote:
> The standards are still there, like /DoD 5220.22-M (3 passes).../ and
> more also. See the list on my previous post.
From Wikipdia:
DoD 5220.22-M is sometimes cited as a standard for sanitization to counter
data remanence. The NISPOM actually covers the entire field of
government-industrial security, of which data sanitization is a very small
part (about two paragraphs in a 141 page document).[4] Furthermore, the
NISPOM does not actually specify any particular method. Standards for
sanitization are left up to the Cognizant Security Authority. The Defense
Security Service provides a Clearing and Sanitization Matrix (C&SM) which
does specify methods.[5] As of the June 2007 edition of the DSS C&SM,
overwriting is no longer acceptable for sanitization of magnetic media;
only degaussing or physical destruction is acceptable.
> Random data is not enough... If you're going random, you might as well
> do one pass.
Doh!
You're right of course. Silly me.
> Unless there is clear text in that block that allows a sector search to
> find it...
That assumes that you already know what you want to find. It won't work
for a blind search.
--
Amedee
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Hi!
On 21/12/2009 15:24, Amedee Van Gasse (ub) wrote:
> Hi Gilles!
>
> Something went wrong, I got your last mail 3 times.
>
Yes. Ahem. Fingers acted out of their own will and did things. :)
> On Mon, December 21, 2009 14:48, Gilles Gravier wrote:
>
>
>> The standards are still there, like /DoD 5220.22-M (3 passes).../ and
>> more also. See the list on my previous post.
>>
> From Wikipdia:
> DoD 5220.22-M is sometimes cited as a standard for sanitization to counter
> data remanence. The NISPOM actually covers the entire field of
> government-industrial security, of which data sanitization is a very small
> part (about two paragraphs in a 141 page document).[4] Furthermore, the
> NISPOM does not actually specify any particular method. Standards for
> sanitization are left up to the Cognizant Security Authority. The Defense
> Security Service provides a Clearing and Sanitization Matrix (C&SM) which
> does specify methods.[5] As of the June 2007 edition of the DSS C&SM,
> overwriting is no longer acceptable for sanitization of magnetic media;
> only degaussing or physical destruction is acceptable.
>
Yes. So software shredding is probably not good enough against people
with fancy hardware...
Note that my customers in the defense space never return faulty drives.
They physically convert them to dust. We just send them
"replacements"... but they don't send the bad ones in exchange. :)
>> Random data is not enough... If you're going random, you might as well
>> do one pass.
>>
> Doh!
> You're right of course. Silly me.
>
As I said, have a look at Radia Perlman's work on assured delete and the
ephemerizer.
>> Unless there is clear text in that block that allows a sector search to
>> find it...
>>
> That assumes that you already know what you want to find. It won't work
> for a blind search.
>
If you're taking somebody's disk... you know what you are looking for,
to some extent. :)
Gilles.
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Gilles Gravier wrote:
>>
> The problem with these commands, is that you're not really helping...
> Forensics tools will read below one or more levels of re-write.
Citation? While possible, this isn't something that is done. It's
probably impossible to find anyone who offers such a service.

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Hi!
On 21/12/2009 15:43, Rashkae wrote:
> Gilles Gravier wrote:
>
>
>> The problem with these commands, is that you're not really helping...
>> Forensics tools will read below one or more levels of re-write.
>>
> Citation? While possible, this isn't something that is done. It's
> probably impossible to find anyone who offers such a service.
>
>
Look for "data recovery" services... People who can take appart your
disk, even with physically damaged surface, and recover most of your data.
My customers don't like to be cited... :)
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

On Mon, Dec 21, 2009 at 1:36 PM, Amedee Van Gasse (ub)
wrote:
> Can you name a few of those forensics softwares? + documentation about how
> they actually work and what the conditions are to get usable results?
> Preferably something recent, not some outdated standards published by the
> USA government (I don't trust foreign governments on that subject, I don't
> even trust my own government).
In the news recently - COFEE (Computer Online Forensic Evidence Extractor)
http://www.google.co.uk/search?q=coffee+forensic+tool should get you
started... you can easily find it on the Torrent sites.
--
Steve
When one person suffers from a delusion it is insanity. When many
people suffer from a delusion it is called religion.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Amedee Van Gasse (ub) wrote:
> On Mon, December 21, 2009 14:08, Fred Roller wrote:
>
>> Gilles Gravier wrote:
>>
>>>> The other suggestions are good, and if you want a low-tech solution:
>>>>
>>>> 1) delete your files with rm as usual
>>>> 2) overwrite the empty disk space with zeroes or random data
>>>> Use either one of these commands:
>>>>
>>>> dd if=/dev/null of=nullfile bs=1M
>>>> dd if=/dev/random of=randomfile bs=1M
>>>>
>
>
>> Amedee - I am used to the zero/random clearing of disks but not quite
>> clear on why you create an empty image. Could you clarify?
>>
>
> Fred,
>
> Suppose I have a 10MB filesystem with 3 files:
> alice.txt - 1MB
> bob.txt - 2MB
> eve.txt - 3MB
> I have 4 MB free disk space
>
> I delete eve.txt but I keep Alice and Bob.
>
> I want to wipe the free space on the filesystem, so I fill it up with a
> zero file called charlie.txt. It will be 7MB: 4MB of the original free
> space, and 3MB from eve.txt.
>
> If I would zero/random clear the entire disk, then I would destroy the
> filesystem and loose Alice and Bob.
>
>
Thank you.
--
Fred
www.fwrgallery.com
"Life is like linux, simple. If you are fighting it you are doing something wrong."
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Steve Flynn wrote:
> On Mon, Dec 21, 2009 at 1:36 PM, Amedee Van Gasse (ub)
> wrote:
>
>> Can you name a few of those forensics softwares? + documentation about how
>> they actually work and what the conditions are to get usable results?
>> Preferably something recent, not some outdated standards published by the
>> USA government (I don't trust foreign governments on that subject, I don't
>> even trust my own government).
>
> In the news recently - COFEE (Computer Online Forensic Evidence Extractor)
>
> http://www.google.co.uk/search?q=coffee+forensic+tool should get you
> started... you can easily find it on the Torrent sites.
>
Coffee is not even close to being able to recover data that's been
overwritten, even by a single pass of zeros. Even in theory,
recovering that kind of data would require removing the platter from the
hard drive and carefully scanning the surface with some star trek
sounding gizmo microscope, then using software to make a 'best guess'
about the contents, (not that tricky if the data was written once to a
pristine drive then overwritten once with zeros, but that's a best case
scenario for recovery.)
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

On Mon, Dec 21, 2009 at 3:52 PM, Rashkae wrote:
> Steve Flynn wrote:
>> On Mon, Dec 21, 2009 at 1:36 PM, Amedee Van Gasse (ub)
>> wrote:
>>
>>> Can you name a few of those forensics softwares? + documentation about =
how
>>> they actually work and what the conditions are to get usable results?
>>> Preferably something recent, not some outdated standards published by t=
he
>>> USA government (I don't trust foreign governments on that subject, I do=
n't
>>> even trust my own government).
>>
>> In the news recently - COFEE (Computer Online Forensic Evidence Extracto=
r)
>>
>> http://www.google.co.uk/search?q=3Dcoffee+forensic+tool should get you
>> started... you can easily find it on the Torrent sites.
>>
> Coffee is not even close to being able to recover data that's been
> overwritten, even by a single pass of zeros. =A0 Even in theory,
> recovering that kind of data would require removing the platter from the
> hard drive and carefully scanning the surface with some star trek
> sounding gizmo microscope, then using software to make a 'best guess'
> about the contents, (not that tricky if the data was written once to a
> pristine drive then overwritten once with zeros, but that's a best case
> scenario for recovery.)
I know Rashkae.
Amadee asked for some examples of forensic software - no more, no less.
I've had the dubious pleasure of attempting to recover data from a
partially degaussed 3490E cartridge using internal IBM software. Not
for the faint of heart.
-- =
Steve
When one person suffers from a delusion it is insanity. When many
people suffer from a delusion it is called religion.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
-- =
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinf=
o/ubuntu-users

Gilles Gravier wrote:
> Hi!
>
> On 21/12/2009 09:55, Amedee Van Gasse (ub) wrote:
>> On Mon, December 21, 2009 04:28, jesse stephen wrote:
>>
>>> I'm looking for a data shredder for ubuntu 9.10
>>>
>> The other suggestions are good, and if you want a low-tech solution:
>>
>> 1) delete your files with rm as usual
>> 2) overwrite the empty disk space with zeroes or random data
>> Use either one of these commands:
>>
>> dd if=/dev/null of=nullfile bs=1M
>> dd if=/dev/random of=randomfile bs=1M
>>
>> They will create a file called 'nullfile' or 'randomfile', filling all the
>> empty space on your disk. The dd command will automatically abort when all
>> free disk space is used.
>> Please note that this can take a *long* time, depending on the size of
>> your free disk space. Also /dev/random is a special device that generates
>> "entropy" (=random data) and with this method you use up all the available
>> entropy so sometimes it will stall until it has created enough new
>> entropy.
>>
>> When it's done, rm nullfile or em randomfile.
>> If you're really paranoid, repeat the procedure a couple of times.
>>
>>
>>
> The problem with these commands, is that you're not really helping...
> Forensics tools will read below one or more levels of re-write. You need
> to do this several times in a row... and, more importantly, you need to
> use special data patterns that will actually make reading shadows of
> former data harder if not impossible. There are standards for that. And
> they do not involve writing random data or zeros, but actual specific
> patterns.
>
> Gilles.
>
Sorry to come in late to this, but no.
And...my apologies for going OT as the OP didn't ask for a diatribe :)
According to NIST (the US's National Institute of Standards and
Technology) in their publication SP 800-88, 2 types of overwrite
standards are defined: 'clear' and 'purge'
'Clear' calls for the systematic overwriting of every addressable sector
of a drive and is sufficient for eradication, bypassing most labs'
ability to recover data, even data recovery companies (I work for one).
'Purge' calls for either 1) calling upon the firmware of the drive to
carry on the eradication by overwriting (security erase is one example),
or by physically shredding the hard drive into pieces of a defined size
(I cannot remember the size and don't have the spec in front of me).
Both 'clear' and 'purge' are single pass overwrite paradigms...and both
are sufficient to eradicate data.
The overwriting 3 pass former standard (referred to as DoD 5225.22M) is
deprecated, but when it was the 'way to go', it called for 3 passes...a
pattern, its compliment, then random data.
The concept of digging into 'layers' of data on a magnetic spinning disk
is, in today's drives and technology, untrue. As part of the data
eradication program we endorse where I work, a single pass of 'purge' or
'clear' satisfies all US standards including GLBA, HIPAA and SoX.
As this is wholly OT at this point, I'll be happy to reply privately if
there are any comments or questions.
HTH,
-Ray
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Gilles Gravier wrote:
> The problem with these commands, is that you're not really helping...
> Forensics tools will read below one or more levels of re-write.
Yes, you are helping.
Also, it depends on who you are worried about.
If you are a normalish person who isn't in the sights of a motivated and
well funded foe, a single pass of quality random data is going to be
quite secure. Particularly if you layer it with some other discipline:
1. Run whole disk encryption, Ubuntu will do that for you (though I
think you need to use the alternate install disc). Regularly wiping
unused space inside an encrypted volume is going to make recovery a
significant problem for anyone. Make sure your swap is also encrypted.
Keep your computer physically secure: /boot will still be unencrypted so
you need to trust that /boot hasn't been tampered with.
2. Use quality passwords (don't dream up something clever that you think
is random, instead think up a password choosing *method*, something that
incorporates actually random input and start flipping real coins). Make
sure they are long enough. If someone casually watching you type your
password doesn't make a funny face because it is so long--it isn't long
enough.
3. Never reuse passwords you care about on different systems.
4. Never type important passwords on keyboards you don't trust and
mostly don't trust many keyboards. Don't trust Bluetooth keyboards,
don't trust keyboards on computers in hotels and airports and cyber
cafes, don't trust your mother's computer, don't trust "your" computer
at work, and don't trust computers running any Microsoft software.
5. Don't let untrusted software run on your computer. Stick to open
source software (not Skype), use mainstream software that others will be
worried about too, keep your installation minimal, never use proprietary
device drivers, keep your software up to date. Spyware, spyware,
spyware: If someone can get you to give away your passwords then all
your other efforts are worthless. Assume all commercial software is
spyware (what will company X do when asked by the feds for backdoor
access?, particularly when some Patriot Act provision threatens them
with jail for even sneezing wrong).
6. Write down your passwords. If you don't keep a list you can't both
use quality passwords and never recycle them--it is impossible to
remember that many quality passwords. Go ahead and encrypt the list, or
use bad handwriting and do some mangling that will make it not so useful
for someone who might find it. Keep a backup copy of the list so you can
go change all your passwords if the primary list gets lost. Don't
photocopy a physical list on a digital copier (and they all are digital
these days), keep it up-to-date by hand.
7. Make sure your data backups are as secure as your working copy.
8. Figure out what I missed in these points that might apply in your
situation: Think about all the weak links.
Does that sound like an excessively paranoid list?
Unless you cover all the other ways your data can get out, the least of
your worries is some slow, laborious, and expensive magnetic microscopic
reading through dozens or hundreds of gigabytes of overwritten data. I
can't believe it is easy to recover old data on modern disks of dizzying
data density. And you probably just aren't worth that kind of effort.
Though you might be worth quietly installing a little software that
records what you type on your keyboard, including your passwords. You
might be worth forcing Google to give up your gmail password and forcing
your bank to give up your online banking password and trying those
passwords on your encrypted data.
Figure out how paranoid you want to be, then think through all the
implications. (A fancy lock on your front door doesn't mean much alone,
consider all the other ways into your house.) Don't fixate on one little
technology, or you risk having your foes just step around it.
-kb, the Kent who recently wrote a much faster yet simple random number
generator in Python* specifically so wiping empty space will be practical.
* No, I didn't write any cryptographic primitives, mostly no one
slightly normal ever should, instead I combined /dev/urandom with
AES-256 encryption and a high resolution timestamp to pump out random
data much faster than /dev/urandom or /dev/random, yet it should be damn
high quality--that is if AES-256 and /dev/urandom are secure, and if I
didn't do anything stupid.
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

This is a multi-part message in MIME format.
--------------060602050205050503080401
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Hi, Amedee!
On 21/12/2009 14:36, Amedee Van Gasse (ub) wrote:
> On Mon, December 21, 2009 10:04, Gilles Gravier wrote:
>
>
>> The problem with these commands, is that you're not really helping...
>> Forensics tools will read below one or more levels of re-write. You need
>> to do this several times in a row... and, more importantly, you need to
>> use special data patterns that will actually make reading shadows of
>> former data harder if not impossible. There are standards for that. And
>> they do not involve writing random data or zeros, but actual specific
>> patterns.
>>
> Hi!
>
> Can you name a few of those forensics softwares? + documentation about how
> they actually work and what the conditions are to get usable results?
> Preferably something recent, not some outdated standards published by the
> USA government (I don't trust foreign governments on that subject, I don't
> even trust my own government).
>
The standards are still there, like /DoD 5220.22-M (3 passes).../ and
more also. See the list on my previous post.
> Or are you talking about disassembling a hard disk in a dustfree room and
> reading the actual magnetic patterns with a scanning probe microscope to
> get a palimpsest image of the disk?
>
That's why you want to have many overwrites... or a full gaussian
demagnetization (there are machines to do that)...
Of course if you want to re-use your drive... overwrites is the way to
go. Or assured delete.
> If you're afraid of a casual hacker or even most law enforcement (I have
> played a bit with the forensic tools cd of our Federal Computer Crime
> Unit), overwriting it 10 times with random data will be more than enough.
>
Random data is not enough... If you're going random, you might as well
do one pass.
If you want to benefit from multiple passes, you should use one of the
patterns created for that.
> It's only when you're afraid of *very* large organisations (intelligence
> agencies, multinationals) that procedures with special RLL patterns are
> worth the effort. But then again, if your data is really *that* important,
> you should physically destroy the disk. Throw it in the blash furnace of a
> steel mill.
> But that's just my humble opinion...
>
True.
> Another argument, if you have 10 KB of sensitive data on a 500 GB drive,
> the chances that it will be found are close to zero. The data density is
> just too high. And then there is the case of perpendicular recording.
>
Unless there is clear text in that block that allows a sector search to
find it...
> What about flash memory? To shred data on a NAND memory device you will
> need something that is covered by patent WO/2009/009052
Or you use assured delete...
Gilles.
--
/*Gilles Gravier*/ *=* *Gilles@Gravier.org*
ICQ : *77488526*
* || *MSN
Messenger : Gilles@Gravier.org *
*Skype : ggravier * || *Y! : ggravier
|| AOL : gillesgravier

Aka-Aki : *ggravier* ||
PGP Key ID : *0x8DE6D026*

"Living on Earth is expensive, but it does include a free trip around
the sun."
--------------060602050205050503080401
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit






Hi, Amedee!

On 21/12/2009 14:36, Amedee Van Gasse (ub) wrote:

On Mon, December 21, 2009 10:04, Gilles Gravier wrote:


The problem with these commands, is that you're not really helping...
Forensics tools will read below one or more levels of re-write. You need
to do this several times in a row... and, more importantly, you need to
use special data patterns that will actually make reading shadows of
former data harder if not impossible. There are standards for that. And
they do not involve writing random data or zeros, but actual specific
patterns.



Hi!
Can you name a few of those forensics softwares? + documentation about how
they actually work and what the conditions are to get usable results?
Preferably something recent, not some outdated standards published by the
USA government (I don't trust foreign governments on that subject, I don't
even trust my own government).


The standards are still there, like DoD 5220.22-M (3 passes)...
and more also. See the list on my previous post.

Or are you talking about disassembling a hard disk in a dustfree room and
reading the actual magnetic patterns with a scanning probe microscope to
get a palimpsest image of the disk?


That's why you want to have many overwrites... or a full gaussian
demagnetization (there are machines to do that)...

Of course if you want to re-use your drive... overwrites is the way to
go. Or assured delete.

If you're afraid of a casual hacker or even most law enforcement (I have
played a bit with the forensic tools cd of our Federal Computer Crime
Unit), overwriting it 10 times with random data will be more than enough.


Random data is not enough... If you're going random, you might as well
do one pass.

If you want to benefit from multiple passes, you should use one of the
patterns created for that.

It's only when you're afraid of *very* large organisations (intelligence
agencies, multinationals) that procedures with special RLL patterns are
worth the effort. But then again, if your data is really *that* important,
you should physically destroy the disk. Throw it in the blash furnace of a
steel mill.
But that's just my humble opinion...


True.

Another argument, if you have 10 KB of sensitive data on a 500 GB drive,
the chances that it will be found are close to zero. The data density is
just too high. And then there is the case of perpendicular recording.


Unless there is clear text in that block that allows a sector search to
find it...

What about flash memory? To shred data on a NAND memory device you will
need something that is covered by patent WO/2009/009052


Or you use assured delete...

Gilles.

--

Signature Home Chastity







Gilles Gravier = Gilles@Gravier.org

ICQ : 77488526  || MSN Messenger : Gilles@Gravier.org
Skype : ggravier || Y! : ggravier || AOL : gillesgravier
Aka-Aki : ggravier || PGP Key ID : 0x8DE6D026
"Living on Earth is expensive, but it
does include a free trip around the sun."









--------------060602050205050503080401--

Ray Leventhal wrote:
> 'Clear' calls for the systematic overwriting of every addressable sector
> of a drive and is sufficient for eradication, bypassing most labs'
> ability to recover data, even data recovery companies (I work for one).
>
The word "clear" might suggest to some that writing all zeros is as good
as writing fancy random data. And it might well be--*if* you can
actually write all zeros. The problem is that disks (and OSs) are
constantly trying to find ways to squeeze in more capacity and speed.
The whole topic of shredding data is complicated by ways disks have
already gotten clever and don't do what you might expect.
Think about it: Writing 100 GB of zeros is *easy*, one might just make a
note of the intention of writing all those zeros and not really write
them, at least not right away. (All those zeros upon zeros, so much
work, I'll do it later...) Random data is better because the operating
system and disk have no choice but to actually write it. It can't be
described, so it has to be written. I don't know of any disk that cheats
in writing zeros, the OS well might. I do know that with quality random
data there is no way to cheat this way, it has to be recorded.
-kb
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

On 12/20/2009 11:26 PM, Emil Payne wrote:
>
>
> NoOp wrote:
>> On 12/20/2009 07:28 PM, jesse stephen wrote:
>>> I'm looking for a data shredder for ubuntu 9.10
>>>
>>>
>>
>> $ man shred
>>
>>
>>
>>
> From MAN SHRED - Note the info about EXT3:
>
...
>
> Ext3 journaling modes can be changed by adding the
> data=something option to the mount options for a particular file
> system in the /etc/fstab file, as documented in the mount man page
> (man mount).
...
I've just noticed that 'scrub' has been packaged for lucid (works in
karmic just fine) so you no longer have to mess with converting the rpm
to deb. I didn't initially suggest scrub as previously you needed to run
alien, convert the rpm to deb, etc., and I've no idea how familiar the
OP is with linux.
http://packages.ubuntu.com/lucid/scrub
http://linux.die.net/man/1/scrub
As for all the rest; I use TrueCrypt, BCWipe, shred, scrub, and a 2 lb
hammer... depending on the need :-)
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

On Mon, December 21, 2009 15:37, Gilles Gravier wrote:
> Yes. So software shredding is probably not good enough against people
> with fancy hardware...
Even a 0.907185 kg, as someone wrote, won't be enough against *really*
fancy hardware.
> Note that my customers in the defense space never return faulty drives.
> They physically convert them to dust. We just send them
> "replacements"... but they don't send the bad ones in exchange. :)
Yeah ok defense... ;-)
I work at a steel mill, and we also have a very efficient way of
destroying disks: use them as scrap metal. :)
> As I said, have a look at Radia Perlman's work on assured delete and the
> ephemerizer.
I don't have to because I already did that a couple of years ago. :-p
>>> Unless there is clear text in that block that allows a sector search to
>>> find it...
>>>
>> That assumes that you already know what you want to find. It won't work
>> for a blind search.
>>
> If you're taking somebody's disk... you know what you are looking for,
> to some extent. :)
for various values of "extent" :)
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

On Mon, December 21, 2009 16:52, Rashkae wrote:
> Steve Flynn wrote:
>> On Mon, Dec 21, 2009 at 1:36 PM, Amedee Van Gasse (ub)
>> wrote:
>>
>>> Can you name a few of those forensics softwares? + documentation about
>>> how
>>> they actually work and what the conditions are to get usable results?
>>> Preferably something recent, not some outdated standards published by
>>> the
>>> USA government (I don't trust foreign governments on that subject, I
>>> don't
>>> even trust my own government).
>>
>> In the news recently - COFEE (Computer Online Forensic Evidence
>> Extractor)
>>
>> http://www.google.co.uk/search?q=coffee+forensic+tool should get you
>> started... you can easily find it on the Torrent sites.
>>
>
> Coffee is not even close to being able to recover data that's been
> overwritten, even by a single pass of zeros. Even in theory,
> recovering that kind of data would require removing the platter from the
> hard drive and carefully scanning the surface with some star trek
> sounding gizmo microscope, then using software to make a 'best guess'
> about the contents, (not that tricky if the data was written once to a
> pristine drive then overwritten once with zeros, but that's a best case
> scenario for recovery.)
My point exactly.
There exists no software that can recover overwritten data without going
lower than the hardware level and without bypassing the hard disk
controller.
I am open for suggestions to the contrary, but as long as you have to rely
on the hard disk controller, I am not convinced that recovery can be
succesful.
That's why my opinion remains that a simple data wipe is sufficient if
your theoretical opponent doesn't have access to Star Trek grade
equipment. It's enough to protect you against Joe Hacker.
--
Amedee Van Gasse
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

jesse stephen schrieb:
> I'm looking for a data shredder for ubuntu 9.10
>
>
if you want to delete entire harddisks take a look at dban:
http://www.dban.org/
About DBAN
Darik's Boot and Nuke ("DBAN") is a self-contained boot disk that
securely wipes the hard disks of most computers. DBAN will automatically
and completely delete the contents of any hard disk that it can detect,
which makes it an appropriate utility for bulk or emergency data
destruction.
This tool is not suited to delete single files!
Take care with your data deletion. The useful commands provided by the
other posters are quite dangerous (if you don't know what you are doing).
Franz
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

On Mon, December 21, 2009 16:59, Steve Flynn wrote:
> On Mon, Dec 21, 2009 at 3:52 PM, Rashkae wrote:
>> Steve Flynn wrote:
>>> On Mon, Dec 21, 2009 at 1:36 PM, Amedee Van Gasse (ub)
>>> wrote:
>>>
>>>> Can you name a few of those forensics softwares? + documentation about
>>>> how
>>>> they actually work and what the conditions are to get usable results?
>>>> Preferably something recent, not some outdated standards published by
>>>> the
>>>> USA government (I don't trust foreign governments on that subject, I
>>>> don't
>>>> even trust my own government).
>>>
>>> In the news recently - COFEE (Computer Online Forensic Evidence
>>> Extractor)
>>>
>>> http://www.google.co.uk/search?q=3Dcoffee+forensic+tool should get you
>>> started... you can easily find it on the Torrent sites.
>>>
>> Coffee is not even close to being able to recover data that's been
>> overwritten, even by a single pass of zeros. =A0 Even in theory,
>> recovering that kind of data would require removing the platter from the
>> hard drive and carefully scanning the surface with some star trek
>> sounding gizmo microscope, then using software to make a 'best guess'
>> about the contents, (not that tricky if the data was written once to a
>> pristine drive then overwritten once with zeros, but that's a best case
>> scenario for recovery.)
>
> I know Rashkae.
>
> Amadee asked for some examples of forensic software - no more, no less.
You took my question out of context. I will repeat the entire context:
-----------
On Mon, December 21, 2009 10:04, Gilles Gravier wrote:
> The problem with these commands, is that you're not really helping...
> Forensics tools will read below one or more levels of re-write. You need
> to do this several times in a row... and, more importantly, you need to
> use special data patterns that will actually make reading shadows of
> former data harder if not impossible. There are standards for that. And
> they do not involve writing random data or zeros, but actual specific
> patterns.
Hi!
Can you name a few of those forensics softwares? + documentation about how
they actually work and what the conditions are to get usable results?
Preferably something recent, not some outdated standards published by the
USA government (I don't trust foreign governments on that subject, I don't
even trust my own government).
Or are you talking about disassembling a hard disk in a dustfree room and
reading the actual magnetic patterns with a scanning probe microscope to
get a palimpsest image of the disk?
----------
It's obvious that I asked for forensic software that is able to read below
one or more levels of rewrite. Obviously I wasn't asking for any random
forensic toolset, I can easily hack those together with a few standard
GNU/Linux tools like dd, strings, grep and such.
> I've had the dubious pleasure of attempting to recover data from a
> partially degaussed 3490E cartridge using internal IBM software. Not
> for the faint of heart.
I assume that you were able to restore data from the part of the cartridge
that wasn't degaussed. I'm sorry but that is just a lot of hard work, it's
not technically impossible.
I was asking about software that can restore data from the part that *is*
degaussed.
-- =
Amedee Van Gasse
-- =
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinf=
o/ubuntu-users

On Mon, December 21, 2009 17:22, Ray Leventhal wrote:
> Gilles Gravier wrote:
>> Hi!
>>
>> On 21/12/2009 09:55, Amedee Van Gasse (ub) wrote:
>>> On Mon, December 21, 2009 04:28, jesse stephen wrote:
>>>
>>>> I'm looking for a data shredder for ubuntu 9.10
>>>>
>>> The other suggestions are good, and if you want a low-tech solution:
>>>
>>> 1) delete your files with rm as usual
>>> 2) overwrite the empty disk space with zeroes or random data
>>> Use either one of these commands:
>>>
>>> dd if=/dev/null of=nullfile bs=1M
>>> dd if=/dev/random of=randomfile bs=1M
>>>
>>> They will create a file called 'nullfile' or 'randomfile', filling all
>>> the
>>> empty space on your disk. The dd command will automatically abort when
>>> all
>>> free disk space is used.
>>> Please note that this can take a *long* time, depending on the size of
>>> your free disk space. Also /dev/random is a special device that
>>> generates
>>> "entropy" (=random data) and with this method you use up all the
>>> available
>>> entropy so sometimes it will stall until it has created enough new
>>> entropy.
>>>
>>> When it's done, rm nullfile or em randomfile.
>>> If you're really paranoid, repeat the procedure a couple of times.
>>>
>>>
>>>
>> The problem with these commands, is that you're not really helping...
>> Forensics tools will read below one or more levels of re-write. You need
>> to do this several times in a row... and, more importantly, you need to
>> use special data patterns that will actually make reading shadows of
>> former data harder if not impossible. There are standards for that. And
>> they do not involve writing random data or zeros, but actual specific
>> patterns.
>>
>> Gilles.
>>
> Sorry to come in late to this, but no.
>
> And...my apologies for going OT as the OP didn't ask for a diatribe :)
>
> According to NIST (the US's National Institute of Standards and
> Technology) in their publication SP 800-88, 2 types of overwrite
> standards are defined: 'clear' and 'purge'
>
> 'Clear' calls for the systematic overwriting of every addressable sector
> of a drive and is sufficient for eradication, bypassing most labs'
> ability to recover data, even data recovery companies (I work for one).
>
> 'Purge' calls for either 1) calling upon the firmware of the drive to
> carry on the eradication by overwriting (security erase is one example),
> or by physically shredding the hard drive into pieces of a defined size
> (I cannot remember the size and don't have the spec in front of me).
>
> Both 'clear' and 'purge' are single pass overwrite paradigms...and both
> are sufficient to eradicate data.
>
> The overwriting 3 pass former standard (referred to as DoD 5225.22M) is
> deprecated, but when it was the 'way to go', it called for 3 passes...a
> pattern, its compliment, then random data.
>
> The concept of digging into 'layers' of data on a magnetic spinning disk
> is, in today's drives and technology, untrue. As part of the data
> eradication program we endorse where I work, a single pass of 'purge' or
> 'clear' satisfies all US standards including GLBA, HIPAA and SoX.
>
> As this is wholly OT at this point, I'll be happy to reply privately if
> there are any comments or questions.
I'm glad that someone who works in a data recovery company agrees with me. :)
I'm not ignorant on the subject, because it was one of the two subjects I
was going to do my thesis on. (eventually I'm doing the other subject,
about spam)
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

On Mon, December 21, 2009 18:36, Kent Borg wrote:
> Gilles Gravier wrote:
>> The problem with these commands, is that you're not really helping...
>> Forensics tools will read below one or more levels of re-write.
>
> Yes, you are helping.
>
> Also, it depends on who you are worried about.
>
> If you are a normalish person who isn't in the sights of a motivated and
> well funded foe, a single pass of quality random data is going to be
> quite secure. Particularly if you layer it with some other discipline:
>
> 1. Run whole disk encryption, Ubuntu will do that for you (though I
> think you need to use the alternate install disc). Regularly wiping
> unused space inside an encrypted volume is going to make recovery a
> significant problem for anyone. Make sure your swap is also encrypted.
> Keep your computer physically secure: /boot will still be unencrypted so
> you need to trust that /boot hasn't been tampered with.
>
> 2. Use quality passwords (don't dream up something clever that you think
> is random, instead think up a password choosing *method*, something that
> incorporates actually random input and start flipping real coins). Make
> sure they are long enough. If someone casually watching you type your
> password doesn't make a funny face because it is so long--it isn't long
> enough.
>
> 3. Never reuse passwords you care about on different systems.
>
> 4. Never type important passwords on keyboards you don't trust and
> mostly don't trust many keyboards. Don't trust Bluetooth keyboards,
> don't trust keyboards on computers in hotels and airports and cyber
> cafes, don't trust your mother's computer, don't trust "your" computer
> at work, and don't trust computers running any Microsoft software.
>
> 5. Don't let untrusted software run on your computer. Stick to open
> source software (not Skype), use mainstream software that others will be
> worried about too, keep your installation minimal, never use proprietary
> device drivers, keep your software up to date. Spyware, spyware,
> spyware: If someone can get you to give away your passwords then all
> your other efforts are worthless. Assume all commercial software is
> spyware (what will company X do when asked by the feds for backdoor
> access?, particularly when some Patriot Act provision threatens them
> with jail for even sneezing wrong).
>
> 6. Write down your passwords. If you don't keep a list you can't both
> use quality passwords and never recycle them--it is impossible to
> remember that many quality passwords. Go ahead and encrypt the list, or
> use bad handwriting and do some mangling that will make it not so useful
> for someone who might find it. Keep a backup copy of the list so you can
> go change all your passwords if the primary list gets lost. Don't
> photocopy a physical list on a digital copier (and they all are digital
> these days), keep it up-to-date by hand.
>
> 7. Make sure your data backups are as secure as your working copy.
>
> 8. Figure out what I missed in these points that might apply in your
> situation: Think about all the weak links.
>
> Does that sound like an excessively paranoid list?
>
> Unless you cover all the other ways your data can get out, the least of
> your worries is some slow, laborious, and expensive magnetic microscopic
> reading through dozens or hundreds of gigabytes of overwritten data. I
> can't believe it is easy to recover old data on modern disks of dizzying
> data density. And you probably just aren't worth that kind of effort.
> Though you might be worth quietly installing a little software that
> records what you type on your keyboard, including your passwords. You
> might be worth forcing Google to give up your gmail password and forcing
> your bank to give up your online banking password and trying those
> passwords on your encrypted data.
>
>
> Figure out how paranoid you want to be, then think through all the
> implications. (A fancy lock on your front door doesn't mean much alone,
> consider all the other ways into your house.) Don't fixate on one little
> technology, or you risk having your foes just step around it.
>
>
> -kb, the Kent who recently wrote a much faster yet simple random number
> generator in Python* specifically so wiping empty space will be practical.
>
>
> * No, I didn't write any cryptographic primitives, mostly no one
> slightly normal ever should, instead I combined /dev/urandom with
> AES-256 encryption and a high resolution timestamp to pump out random
> data much faster than /dev/urandom or /dev/random, yet it should be damn
> high quality--that is if AES-256 and /dev/urandom are secure, and if I
> didn't do anything stupid.
You're so much better with words than I am!
--
Amedee
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Amedee Van Gasse (ub) wrote:
> On Mon, December 21, 2009 18:36, Kent Borg wrote:
>> Gilles Gravier wrote:
>>> The problem with these commands, is that you're not really helping...
>>> Forensics tools will read below one or more levels of re-write.
>> Yes, you are helping.
>>
>> Also, it depends on who you are worried about.
>>
>> If you are a normalish person who isn't in the sights of a motivated and
>>
Big Cut!
My 2 cents are simple. Do not waste a second on securing the
password for your WiFi device. Reason: Only 2 people want this
password who are close neighbors.
My pw for doing root things is a good password I change from
time to time. It is hard. It is so hard I don't remember it.
But on a sticker on the base of my 17 inch monitor is the
current password. Also is the password to my account with a
bank. Also some other things are on the sticker. Makes
figuring out which is the pw for what a problem.
73 Karl
--
Karl F. Larsen, AKA K5DI
Linux User
#450462 http://counter.li.org.
Key ID = 3951B48D
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

On 12/21/2009 01:51 PM, Amedee Van Gasse (ub) wrote:
> Even a 0.907185 kg, as someone wrote, won't be enough against *really*
> fancy hardware.
Just how fancy do you wish it to be? A 2 lb hammer (0.907185 kg) works
just fine on old drives. You just need to use 7x pound to get the
necessary result. Worked for me in my past life; 8 years as a ciphony
specialist for some world government (C4 works better but can't do that
now).
But all of this is getting a bit silly isn't it? The OP asked for a
"date shredder". He didn't specify how 'shredded' the data needs to be.
Several 'reasonable' options have been provided & the thread now has
drifted into disertations & theory on data shredding.
I suppose that's expected, but any search of the list archives will
turn up previous.
Other than 'shred won't do this', 'TrueCrypt can do this', I've not seen
any of the "expert" contributor that have recommend much.
o I recommended looking at shred and scrub.
o Gilles recommended TrueCrypt (which isn't really an answer to the OP's
question, and has nothing to do with the OP's question)
o Amadee recomends dd - OK, but is this practical on a single file?
o Kent write some nice rules about security
o Ray does the same as Kent (who cares?) Security rules regarding
passwords et al have been in place since I worked security & ciphony in
the 1980's. Are they different now?
o Karl of course throws security to the wind... Boggles the mind.
So, other than my recommendations regarding shred & scrub and Gilles
obtuse recommendation about TrueCrypt (which I use) but doesn't have
diddly squat to do with shredding exisiting files etc.), do any of you
thread drifting 'experts' have a recommendation for the OP?


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

NoOp wrote:
>
>
> o I recommended looking at shred and scrub.
> o Gilles recommended TrueCrypt (which isn't really an answer to the OP's
> question, and has nothing to do with the OP's question)
> o Amadee recomends dd - OK, but is this practical on a single file?
> o Kent write some nice rules about security
> o Ray does the same as Kent (who cares?) Security rules regarding
> passwords et al have been in place since I worked security & ciphony in
> the 1980's. Are they different now?
> o Karl of course throws security to the wind... Boggles the mind.
>
> So, other than my recommendations regarding shred & scrub and Gilles
> obtuse recommendation about TrueCrypt (which I use) but doesn't have
> diddly squat to do with shredding exisiting files etc.), do any of you
> thread drifting 'experts' have a recommendation for the OP?
>
I haven't looked at scrub, nor have I really been closely following yet
another long mis-informed chase into the paranoia rabbit hole. However,
as seen by shred's own man page, you can't count on that program doing
what you want on modern filesystems. That's why we come to dd as the
only way to be sure you overwrite what you want. (by filling the entire
free hard drive space in a new file, as root, then sync, then delete.)
The only question is what do you fill it with? I think filling the file
with zeros once is perfectly adequate for anyone not trying to hide
plans of the illuminati new world order takeover. For those who can't
feel better otherwise, you can repeat the process 3x with random data.
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

On 12/21/2009 08:39 PM, Rashkae wrote:
> NoOp wrote:
>>
>>
>> o I recommended looking at shred and scrub.
>> o Gilles recommended TrueCrypt (which isn't really an answer to the OP's
>> question, and has nothing to do with the OP's question)
>> o Amadee recomends dd - OK, but is this practical on a single file?
>> o Kent write some nice rules about security
>> o Ray does the same as Kent (who cares?) Security rules regarding
>> passwords et al have been in place since I worked security & ciphony in
>> the 1980's. Are they different now?
>> o Karl of course throws security to the wind... Boggles the mind.
>>
>> So, other than my recommendations regarding shred & scrub and Gilles
>> obtuse recommendation about TrueCrypt (which I use) but doesn't have
>> diddly squat to do with shredding exisiting files etc.), do any of you
>> thread drifting 'experts' have a recommendation for the OP?
>>
>
> I haven't looked at scrub, nor have I really been closely following yet
> another long mis-informed chase into the paranoia rabbit hole. However,
> as seen by shred's own man page, you can't count on that program doing
> what you want on modern filesystems.
Did you miss:
>
> Ext3 journaling modes can be changed by adding the
> data=something option to the mount options for a particular file
> system in the /etc/fstab file, as documented in the mount man page
> (man mount).
So, I'll repeat:
>> So, other than my recommendations regarding shred & scrub and
>> Gilles obtuse recommendation about TrueCrypt (which I use) but
>> doesn't have diddly squat to do with shredding exisiting files
>> etc.), do any of you thread drifting 'experts' have a
>> recommendation for the OP?
> That's why we come to dd as the
> only way to be sure you overwrite what you want. (by filling the entire
> free hard drive space in a new file, as root, then sync, then delete.)
Really? Cite - reference? If you think that dd will do the trick then I
look forward to you providing details.
> The only question is what do you fill it with?
The only question is what you offer to the OP? dd is a viable option, so
let's see if you can provide a viable option to use dd to shred a
file/folder easily.
< I think filling the file
> with zeros once is perfectly adequate for anyone not trying to hide
> plans of the illuminati new world order takeover. For those who can't
> feel better otherwise, you can repeat the process 3x with random data.
>
OK tell us how.

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

On Mon, 21 Dec 2009 20:58:04 -0800
NoOp wrote:
> On 12/21/2009 08:39 PM, Rashkae wrote:
> > NoOp wrote:
> >>
> >>
> >> o I recommended looking at shred and scrub.
> >> o Gilles recommended TrueCrypt (which isn't really an answer to
> >> the OP's question, and has nothing to do with the OP's question)
> >> o Amadee recomends dd - OK, but is this practical on a single file?
> >> o Kent write some nice rules about security
> >> o Ray does the same as Kent (who cares?) Security rules regarding
> >> passwords et al have been in place since I worked security &
> >> ciphony in the 1980's. Are they different now?
> >> o Karl of course throws security to the wind... Boggles the mind.
> >>
> >> So, other than my recommendations regarding shred & scrub and
> >> Gilles obtuse recommendation about TrueCrypt (which I use) but
> >> doesn't have diddly squat to do with shredding exisiting files
> >> etc.), do any of you thread drifting 'experts' have a
> >> recommendation for the OP?
> >>
> >
> > I haven't looked at scrub, nor have I really been closely following
> > yet another long mis-informed chase into the paranoia rabbit hole.
> > However, as seen by shred's own man page, you can't count on that
> > program doing what you want on modern filesystems.
>
> Did you miss:
>
> >
> > Ext3 journaling modes can be changed by adding the
> > data=something option to the mount options for a particular
> > file system in the /etc/fstab file, as documented in the mount
> > man page (man mount).
>
> So, I'll repeat:
>
> >> So, other than my recommendations regarding shred & scrub and
> >> Gilles obtuse recommendation about TrueCrypt (which I use) but
> >> doesn't have diddly squat to do with shredding exisiting files
> >> etc.), do any of you thread drifting 'experts' have a
> >> recommendation for the OP?
>
> > That's why we come to dd as the
> > only way to be sure you overwrite what you want. (by filling the
> > entire free hard drive space in a new file, as root, then sync,
> > then delete.)
>
> Really? Cite - reference? If you think that dd will do the trick then
> I look forward to you providing details.
>
> > The only question is what do you fill it with?
>
> The only question is what you offer to the OP? dd is a viable option,
> so let's see if you can provide a viable option to use dd to shred a
> file/folder easily.
>
> < I think filling the file
> > with zeros once is perfectly adequate for anyone not trying to hide
> > plans of the illuminati new world order takeover. For those who
> > can't feel better otherwise, you can repeat the process 3x with
> > random data.
> >
>
> OK tell us how.
>
>
>
>
I hope I am not to late to recommend an app.
In any event, there is Bleachbit albeit this app seem geared more
for cleaning up where you have been and other various logs.
Still, might be worth looking at.
--
Best regards,
Chris
"When the people fear their government, there is tyranny; when the
government fears the people, there is liberty."
-- Thomas Jefferson
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Hi!
On 22/12/2009 05:26, NoOp wrote:
> On 12/21/2009 01:51 PM, Amedee Van Gasse (ub) wrote:
>
>> Even a 0.907185 kg, as someone wrote, won't be enough against *really*
>> fancy hardware.
>>
> Just how fancy do you wish it to be? A 2 lb hammer (0.907185 kg) works
> just fine on old drives. You just need to use 7x pound to get the
> necessary result. Worked for me in my past life; 8 years as a ciphony
> specialist for some world government (C4 works better but can't do that
> now).
>
> But all of this is getting a bit silly isn't it? The OP asked for a
> "date shredder". He didn't specify how 'shredded' the data needs to be.
> Several 'reasonable' options have been provided & the thread now has
> drifted into disertations & theory on data shredding.
> I suppose that's expected, but any search of the list archives will
> turn up previous.
>
> Other than 'shred won't do this', 'TrueCrypt can do this', I've not seen
> any of the "expert" contributor that have recommend much.
>
> o I recommended looking at shred and scrub.
> o Gilles recommended TrueCrypt (which isn't really an answer to the OP's
> question, and has nothing to do with the OP's question)
>
I beg to differ. It has all to do. If the OPs aim is to prevent people
from recovering his/her data on discarded or stolen disks, then
initially storing that data in an encrypted containers achieves that aim
with the security level provided by the strength of the encryption
algorithm chosen. Unless the key is also made available to the attacker,
the data is just as well protected in an encrypted container as if it
were shredded in some other way. It's just random junk. You can go to
the extreme of changing the key to a random value before discarding the
disks if you want.
Now if you are trying to prevent people from accessing data on a running
system with a mounted disk... well... once the encrypted disk is
mounted, for all purposes, it's just another FAT disk... so all FAT
tools apply for recovering data, and shredding is in order. At this
point, since the system is running, and not being disassembled to look
at phantom magnetic data, simple shredding is enough (since when you
disassemble it, you lose the access to unencrypted data).
So again, before saying it's got nothing to do, maybe we try to refine
the OP's scenario and then pinpoint the right answer...
Gilles
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Karl F. Larsen wrote:
> My 2 cents are simple. Do not waste a second on securing the password
> for your WiFi device.
Mine is completely open.
-kb
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Kent Borg wrote:
> Karl F. Larsen wrote:
>> My 2 cents are simple. Do not waste a second on securing the password
>> for your WiFi device.
>
> Mine is completely open.
>
> -kb
>
>
Mine was open at first, but I discovered very local users
were using my Internet. So I added a password. How is it that
you have no local users?
73 Karl
--
Karl F. Larsen, AKA K5DI
Linux User
#450462 http://counter.li.org.
Key ID = 3951B48D
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Hi!
On 22/12/2009 13:35, Kent Borg wrote:
> Karl F. Larsen wrote:
>
>> My 2 cents are simple. Do not waste a second on securing the password
>> for your WiFi device.
>>
> Mine is completely open.
>
Not necessarily smart...
In many countries, this means that if somebody uses your WiFi LAN to
commit a cybercrime, you are held liable for it and will be sued
accordingly. This is the case, now, in France with the new HADOPI law
(we are waiting for the application decrees to come out but the law is
there).
It's OK if you live in a house surrounded by a large enough property.
It's NOT if you live in an appartment building with many people around.
This is why most (if not all) internet operators that ship WiFi
equipments ship them, now, with WPA2 enabled by default.
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Hi!
On 22/12/2009 13:45, Karl F. Larsen wrote:
> Kent Borg wrote:
>
>> Karl F. Larsen wrote:
>>
>>> My 2 cents are simple. Do not waste a second on securing the password
>>> for your WiFi device.
>>>
>> Mine is completely open.
>>
>> -kb
>>
>>
>>
> Mine was open at first, but I discovered very local users
> were using my Internet. So I added a password. How is it that
> you have no local users?
>
He has no neighboors... lives in a house with a huge property around...
Gilles.
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Colin Law wrote:
> 2009/12/21 Karl F. Larsen :
>> ...
>> =C2 =C2 =C2 =C2 My pw for doing root things is a good password I chan=
ge from
>> time to time. It is hard. It is so hard I don't remember it.
>> But on a sticker on the base of my 17 inch monitor is the
>> current password. Also is the password to my account with a
>> bank. Also some other things are on the sticker. Makes
>> figuring out which is the pw for what a problem.
> =
> Having told the world this do you not now worry that someone will
> break into your house, find your bank password, and steal all your
> money?
> =
> Colin
> =
Not in the least worried. No-one in 40 years has broken into =
my house. This is because we have 2 dogs and a cat. They are =
noisy if someone gets close to the house. If burglar, we check =
the person and then shoot him/her with a 12 gauge shotgun.
73 Karl
-- =
Karl F. Larsen, AKA K5DI
Linux User
#450462 http://counter.li.org.
Key ID =3D 3951B48D
-- =
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinf=
o/ubuntu-users

Amedee Van Gasse (ub) wrote:

>> Sorry to come in late to this, but no.
>>
>> And...my apologies for going OT as the OP didn't ask for a diatribe :)
>>
>> According to NIST (the US's National Institute of Standards and
>> Technology) in their publication SP 800-88, 2 types of overwrite
>> standards are defined: 'clear' and 'purge'
>>
>> 'Clear' calls for the systematic overwriting of every addressable sector
>> of a drive and is sufficient for eradication, bypassing most labs'
>> ability to recover data, even data recovery companies (I work for one).
>>
>> 'Purge' calls for either 1) calling upon the firmware of the drive to
>> carry on the eradication by overwriting (security erase is one example),
>> or by physically shredding the hard drive into pieces of a defined size
>> (I cannot remember the size and don't have the spec in front of me).
>>
>> Both 'clear' and 'purge' are single pass overwrite paradigms...and both
>> are sufficient to eradicate data.
>>
>> The overwriting 3 pass former standard (referred to as DoD 5225.22M) is
>> deprecated, but when it was the 'way to go', it called for 3 passes...a
>> pattern, its compliment, then random data.
>>
>> The concept of digging into 'layers' of data on a magnetic spinning disk
>> is, in today's drives and technology, untrue. As part of the data
>> eradication program we endorse where I work, a single pass of 'purge' or
>> 'clear' satisfies all US standards including GLBA, HIPAA and SoX.
>>
>> As this is wholly OT at this point, I'll be happy to reply privately if
>> there are any comments or questions.
>
>
> I'm glad that someone who works in a data recovery company agrees with me. :)
> I'm not ignorant on the subject, because it was one of the two subjects I
> was going to do my thesis on. (eventually I'm doing the other subject,
> about spam)
>
>
Amedee, this is not the first time we've been in agreement :) As for
your thesis, I'd be very interested to see it if you're ever willing to
share.
My 'day job' is as the tech writer for the company and we make hardware
that handles the eradication of data per NIST 'clear' and 'purge'
standards. If you feel there's any info I can help with, please feel
free to contact me offlist.
-Ray
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

NoOp wrote:
> On 12/21/2009 08:39 PM, Rashkae wrote:
>> NoOp wrote:
>>>
>>> o I recommended looking at shred and scrub.
>>> o Gilles recommended TrueCrypt (which isn't really an answer to the OP's
>>> question, and has nothing to do with the OP's question)
>>> o Amadee recomends dd - OK, but is this practical on a single file?
>>> o Kent write some nice rules about security
>>> o Ray does the same as Kent (who cares?) Security rules regarding
>>> passwords et al have been in place since I worked security & ciphony in
>>> the 1980's. Are they different now?
>>> o Karl of course throws security to the wind... Boggles the mind.
>>>
>>> So, other than my recommendations regarding shred & scrub and Gilles
>>> obtuse recommendation about TrueCrypt (which I use) but doesn't have
>>> diddly squat to do with shredding exisiting files etc.), do any of you
>>> thread drifting 'experts' have a recommendation for the OP?
>>>
>> I haven't looked at scrub, nor have I really been closely following yet
>> another long mis-informed chase into the paranoia rabbit hole. However,
>> as seen by shred's own man page, you can't count on that program doing
>> what you want on modern filesystems.
>
> Did you miss:
>
>> Ext3 journaling modes can be changed by adding the
>> data=something option to the mount options for a particular file
>> system in the /etc/fstab file, as documented in the mount man page
>> (man mount).
>
> So, I'll repeat:
>
>>> So, other than my recommendations regarding shred & scrub and
>>> Gilles obtuse recommendation about TrueCrypt (which I use) but
>>> doesn't have diddly squat to do with shredding exisiting files
>>> etc.), do any of you thread drifting 'experts' have a
>>> recommendation for the OP?
>
>> That's why we come to dd as the
>> only way to be sure you overwrite what you want. (by filling the entire
>> free hard drive space in a new file, as root, then sync, then delete.)
>
> Really? Cite - reference? If you think that dd will do the trick then I
> look forward to you providing details.
>
I just did, but if you want exact commands:
sudo dd if=/dev/zero of=shred
sync && rm shred
or, the paranoid version:
sudo dd if=/dev/random of=shred
sync && rm shred
(repeat as many times as you think a shadow government can retrieve data
from previous imprints on your hd)
*note* since it might be possible that traces of the filename used might
be left behind, you may want to choose something more innocent sounding
than shred. Name the output file whatever you like.
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Franz Waldm=FCller wrote:
> jesse stephen schrieb:
>> I'm looking for a data shredder for ubuntu 9.10
>>
>>
> if you want to delete entire harddisks take a look at dban:
> =
> http://www.dban.org/
> =
> About DBAN
> Darik's Boot and Nuke ("DBAN") is a self-contained boot disk that =
> securely wipes the hard disks of most computers. DBAN will automatically =
> and completely delete the contents of any hard disk that it can detect, =
> which makes it an appropriate utility for bulk or emergency data =
> destruction.
> =
> This tool is not suited to delete single files!
> =
> Take care with your data deletion. The useful commands provided by the =
> other posters are quite dangerous (if you don't know what you are doing).
> =
> =
> Franz
> =
The problem with software data eradication is that it can be =
interrupted. That is why the NIST 'purge' standard calls for the =
'firmware of the drive' to handle the data purging. If interrupted, it =
must complete before the drive is able to be used. Examples include ATA =
Security Erase.
Drives subjected to overwriting by DBAN or other software have been sent =
to the data recovery company at which I work. The drive defect list is =
never touched, nor are sectors that the software cannot see. Hardware =
based eradication is, by far, the safest way to ensure data is =
gone...short of physically shredding.
Just another .02 on the pile
HTH,
-Ray
-- =
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinf=
o/ubuntu-users

Karl F. Larsen wrote:
> Mine was open at first, but I discovered very local users
> were using my Internet. So I added a password. How is it that
> you have no local users?
>
I am sure I do. I kind of wish I had more--I have more trouble with
interfering access points (lots) than any problems I ever have with
other users on my access point (none). If more people used my access
point and didn't have their own, maybe I would have less interference
and better results.
-kb, the Kent who doesn't see the problem in others using his bits as
long as he gets the bits he wants.
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

On Mon, 21 Dec 2009, NoOp wrote:
> But all of this is getting a bit silly isn't it? The OP asked for a
> "date shredder". He didn't specify how 'shredded' the data needs to be.
> Several 'reasonable' options have been provided & the thread now has
> drifted into disertations & theory on data shredding.
> I suppose that's expected, but any search of the list archives will
> turn up previous.
>
> Other than 'shred won't do this', 'TrueCrypt can do this', I've not seen
> any of the "expert" contributor that have recommend much.
>
> o I recommended looking at shred and scrub.
> o Gilles recommended TrueCrypt (which isn't really an answer to the OP's
> question, and has nothing to do with the OP's question)
> o Amadee recomends dd - OK, but is this practical on a single file?
> o Kent write some nice rules about security
> o Ray does the same as Kent (who cares?) Security rules regarding
> passwords et al have been in place since I worked security & ciphony in
> the 1980's. Are they different now?
> o Karl of course throws security to the wind... Boggles the mind.
>
> So, other than my recommendations regarding shred & scrub and Gilles
> obtuse recommendation about TrueCrypt (which I use) but doesn't have
> diddly squat to do with shredding exisiting files etc.), do any of you
> thread drifting 'experts' have a recommendation for the OP?
>
used to be a program called "wipe", IIRC its file based.
--
Res
"What does Windows have that Linux doesn't?" - One hell of a lot of bugs!
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

On 12/22/2009 05:27 PM, Res wrote:
...
>
>
> used to be a program called "wipe", IIRC its file based.
I love the man page:
http://manpages.ubuntu.com/manpages/karmic/en/man1/wipe.1.html
>
>
> -- < missing a space here
> Res
>
> "What does Windows have that Linux doesn't?" - One hell of a lot of bugs!
>
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Karl F. Larsen wrote:
> the person and then shoot him/her with a 12 gauge shotgun.
nicely said karl, my sentiments exactly!!
steve
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Karl F. Larsen wrote:
> the person and then shoot him/her with a 12 gauge shotgun.
nicely said karl, my sentiments exactly!
steve
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

On Tue, 22 Dec 2009, NoOp wrote:
> On 12/22/2009 05:27 PM, Res wrote:
> ...
>>
>>
>> used to be a program called "wipe", IIRC its file based.
>
> I love the man page:
> http://manpages.ubuntu.com/manpages/karmic/en/man1/wipe.1.html
as i said IIRC, its been a long time since i've used wipe, back in the
day when there was no ext3 etc. Though yes it explains how to get around
it.. You could simply revert your ext3 to ext2, wipe file and then
recreate the journal, problem solved, but i cant understand why anyone
would want to go to that length on a simple file, perfects "questionable
activities" is the reason in which case I wouldnt want to be seen to
assisting that person in any way.
>> -- < missing a space here
nope :) If it appears broken to you, blame this list server for breaking
things for you by adding its own double dash sign
Hope we all had a lovely Christmas.
Best wishes for the new year...
--
Res
"What does Windows have that Linux doesn't?" - One hell of a lot of bugs!
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

On 12/27/2009 03:50 PM, Res wrote:
...
>
> Hope we all had a lovely Christmas.
> Best wishes for the new year...
>
> --
> Res
And you as well :-)
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users