Governmental Servers Wiped? Never! 284
Geoff writes with a story from Australia: "Eighteen AIX servers purchased from government via auction -- none of them had data removed from them. Ticket Vending and Validation source code, Payroll, Finance, Emails and Customer complaints. All there on every server; they were even nice enough to include some old backup tapes. At ~$14USD per server, it's amazing how cheap personal information has become."
This would never happen in the UK.! (Score:2, Informative)
Re:14 bucks? you got ripped :) (Score:3, Informative)
Possibly the best reason to encrypt data from day1 (Score:3, Informative)
At least then you know that if the drive dies and you don't physically destroy it, for somebody to copy the data they'll have to do more than just get the drive going again.
PCB board failures are the problem. The drive won't work, yet the data on the platters is likely to still be good. PCB failures are also fairly easy to recover from - just go to ebay to buy a second hand drive of the same model, and swap the PCBs over. If it is easy for you to do, it is also easy for your adversaries.
Even if you sell a working drive, as long as you don't provide the customer with the passphrase for the encrypted filesystem where your important data resides (I'm sure I don't have to point out how stupid doing that would be), you can be sure that the above story is unlikely to happen to you.
Re:14 bucks? you got ripped :) (Score:1, Informative)
Wif spilling like dat u gota oneder y!
PS: The is no class (structure) in Australia perhaps apathy, different cultures, values and amounts of cash but not class structure. Many families have blue and white collar bread winners so that kinda implies that you mean to say that within a hosehold there are two classes.
PS: My spelling and checking is crap as well
same thing happened to me (Score:2, Informative)
you know they could have just.... (Score:5, Informative)
o wait, this is the goverment, nevermind
About that $20 per server (Score:2, Informative)
These servers could be nicely rehabilitated with Linux, however. In fact, they might make excellent testbeds for developers who wish to compile for Linux on POWER (in lowest common denominator fashion). And IBM hardware is deservedly respected for its quality, and these are server-class machines (unlike, say, a PowerPC 604-based Macintosh). So the buyer did very well, IMHO.
Re:14 bucks? you got ripped :) (Score:2, Informative)
Buy the way no one will get fired for this they are govenment employees where you can get sacked for just about anything except incompetance..
Re:14 bucks? you got ripped :) (Score:3, Informative)
Shoulda used... (Score:2, Informative)
I've only used the free demo but its a great floppy. And it runs FreeDOS too.
Mac OS X (Score:1, Informative)
Re:Please read DBAN FAQ (Score:1, Informative)
Re:Not trivial though (Score:2, Informative)
Boot and Nuke (Score:1, Informative)
A bit of info: when you delete a file from your computer, the file still remains on the hard drive. Your OS is simply deleting the reference to the file from the file table. Any amateur could easily recover the file, even after a FAT or NTFS formatting.
The simplest way is Darik's Boot and Nuke [sourceforge.net], aka DBAN. The name says it all. Boot up DBAN, and it will nuke every hard drive it sees.
There are other tools you can use, I am too lazy to look them up for you, but a quick search on sourceforge should yield you some file erasing tools. Many tools will offer you different levels of protection, all the way up to the standards that the Department of Defense uses.
Re:Data Eradication / the Nuclear Option (Score:3, Informative)
I work in a hospital; and we have come up with a very effective way of dealing with hard drives...
This leaves us with a blank, smashed and scrambled drive. At this point, depending on the type of data stored, the remains of the drive head off to the incinerator...
This may sound like going overboard, but we're dealing with patient information, and we take it very seriously.
Re:Please read DBAN FAQ (Score:1, Informative)
It's as good as random scrubbing. Which is not that effective anyway.
That is complete bullshit. This guy obviously has not read Guttman's recent comments about this exact topic. Random (pseudo-random data) passes on new HDDs are more effective than the 35 passes Guttman suggested on older HDDs, because newer HDDs do not have the tracking misalignment problem that older drives had; they are more consistent. So, it's much easier and takes far less effort to overwrite data on newer drives, even if newer drives don't allow access to many lower level functions.
Re:you know they could have just.... (Score:3, Informative)
Re:Understandable . . . (Score:4, Informative)
The spec for declassification is DOD-5220.22M
Re:Not trivial though (Score:3, Informative)
I went to a course on IT security sponsored (Score:3, Informative)
Fortunately he was an honest man and didn't sell the list, rather he contacted the DoJ and DoJ contacted DISCO to help get their shit together. The instructor was making the point that when you surplus equipment that you really need to make sure that you wipe the drives and any other storage media. His bias was that the easiest way to do this was to physically remove and destroy the media because you could never really be sure if a wipe program had worked (well you could go over the drive to make sure that it had been erased, but who's going to do this?).
When I don't want to physically destroy a drive but want to make sure that it's gone I either wipe it with a low-level hardware format utility such as the one built into Adaptec SCSI cards, or I use a program such as autoclave [washington.edu] by Josh Larios (which he isn't supporting any more outside of the University of Washington community) although now I guess I'll have to try the recommended replacement Darik's Boot and Nuke [sourceforge.net]. A side benefit of programs such as this one is that they really exercise the Hell out of your disks, which is great to smoke out any potential failures.