Governmental Servers Wiped? Never! 284
Geoff writes with a story from Australia: "Eighteen AIX servers purchased from government via auction -- none of them had data removed from them. Ticket Vending and Validation source code, Payroll, Finance, Emails and Customer complaints. All there on every server; they were even nice enough to include some old backup tapes. At ~$14USD per server, it's amazing how cheap personal information has become."
Well (Score:1, Insightful)
You understand that... (Score:5, Insightful)
Then at a later date, he could do his evil work using that data.
Therefore, this particular blunder is nothing to get worked up about, but the potential for future blunders is.
Re:Negligence? (Score:3, Insightful)
What do I need?
Any major Linux Distro will handle 4 CPUs just fine.
Blatant theivery. (Score:2, Insightful)
I have heard a similar story about two guys in blue overalls walking out of David Jones (or some other department store) carrying a big-screen TV, and noone stopped them either.
Makes me proud to be an aussie
Y'know, it's interesting to note that all our greatest heroes are thieves [ironoutlaw.com] and brigands [nedkellysworld.com.au]. Go Aussie!
Re:Not trivial though (Score:2, Insightful)
Wrong. See my previous post. You don't need the personnel, neither the equipment. The service is commercially and easily available.
This is similar how most people that used only gui mail clients think that the From: header cannot be faked. They think that you need to be CIA to do that. However, you only need a telnet and some knowledge of an rfc...
You are right only in that they must spying on you to do any steps, and this is definitely not something to consider as a small company. But I expect organizations like the IRS to really take care of my data. Or if they do not, I want to be able to decide what I tell them and what I don't...
Re:Negligence? (Score:2, Insightful)
Cheaper ways... (Score:5, Insightful)
http://www.expatica.com/source/site_article.asp?su bchannel_id=19&story_id=13469&name=The+Dutch+news+ in+October+2004 [expatica.com]
see october 7th 2004
Some taxi-driver found it, discovered that it had very sensitive information about some current open cases on it, and a lot of personal stuff that could make the prosecutor vulnerable for blackmail etc. when in the wrong hands.
These things just show that some state organisations (or the people working there) have really too little awareness of handling computer data the right way. Actually this year we had a case in the netherlands where some secret state report ended up in an upload filesharing folder of the person working on it, and thereby just could spread all over. I think people working at such positions really should be instructed on safe computing, especially at home or using laptops, the risks are pretty high that data can get stolen.
Data Protection? (Score:3, Insightful)
Nonetheless, it came as no surprise to me that, when I worked at a medical centre and they upgraded all their machines, the old ones were merely dumped in the attic before being carted off by the local Council's binmen.
I asked about this (not in terms of security, but because I wanted the machines). Apparently UK companies have to PAY the Council to removed old computers, as part of some enviromental legislation. I offered to take them away for free, naturally.
The only reason I didn't get any "protected" data along with them was because I'd previously wiped it off. But even that was little more than a standard "empty recycle-bin" - it likely wouldn't stop anyone who knew what they were doing.
It's all very well having data protection policies, but unless you tell officials HOW to erase data, it won't be done.
Re:I don't know what's worse... (Score:1, Insightful)
AIX is still huge once you get out of college.
Re:Not trivial though (Score:3, Insightful)
In AIX, you just insert the System Diagnostics CD and tell it to scrub the disk. This is actually apparently US DOD-compliant, so it should probably suffice. Overwriting the disk about a dozen times with various patterns of data is apparently enough to render old data inaccessible.
What you *should* be worried about.... (Score:5, Insightful)
Re:Not trivial though (Score:3, Insightful)
tens of terabytes are fairly cheap these days (as in less than the labor for the tech doing the scanning). How important is that data that you forgot to backup? With $20 million? If so, spending a couple hundred thousand to read it is a good idea. Not as good as just having enough backups of course, but that has been ruled out.