Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Privacy Data Storage Security IT

Governmental Servers Wiped? Never! 284

Posted by timothy from the but-this-is-in-australia dept.
Geoff writes with a story from Australia: "Eighteen AIX servers purchased from government via auction -- none of them had data removed from them. Ticket Vending and Validation source code, Payroll, Finance, Emails and Customer complaints. All there on every server; they were even nice enough to include some old backup tapes. At ~$14USD per server, it's amazing how cheap personal information has become."
This discussion has been archived. No new comments can be posted.

Governmental Servers Wiped? Never! More

Governmental Servers Wiped? Never!

Comments Filter:

  • Understandable . . . (Score:5, Funny)

    by Gabrill ( 556503 ) on Sunday July 31, 2005 @04:42AM (#13206535)
    They're just rushing to get rid of the things without properly preparing them. Kinda like this attempt at a firt post!
    • well I am in a rush too, I only have two weeks, so wow, those are some cheap servers, I only have two weeks and a $100 budget to set up my new project. So they will be great for me. And $14USD per server?! Sounds good for my project we only have two weeks and a $100 budget.

    • Re:Understandable . . . (Score:5, Interesting)

      by acceber ( 777067 ) on Sunday July 31, 2005 @05:10AM (#13206601)
      "Keep in mind that these servers came from the State Transit Authority of NSW, how is it possible and acceptable in this day of age that governmental servers be decommissioned and sold without wiping the contents of the drives?"

      The STA is responsible for the operations of the Sydney Buses network which I used to rely on for travel to & from school, work, and for social events -- until I got my car. It is the most unreliable system ever, on par with the NSW Cityrail system both which has been constantly riddled with problems [smh.com.au]. It's not surprising that a blunder such as this went by unnoticed.

      I would like to do my bit for the environment and use public transport as much as possible but I never get where I need to on time. I've been to Russia and even there, the buses and subway system are more reliable.

    • But doesn't it seem that even if they did try to wipe the contents from the drives, someone would be able to read everything anyway?

      You always hear about no matter how many times or what technique you use to wipe out a hard-drive, there is always a way to read everything that has ever been written to it since the birth of the drive. Which is why they say the only reliable way to destroy the data on the drive is to physically destroy the drive itself.

      So hard drives seem to be media that you can write to and
      • I know someone who does this stuff as part of his job. All hard drives are removed from the computers being removed from service. They are sent through an industrial strength degausser to nuke any information left on the drives. What's left is scrap metal, since the degausser also wipes the servo signals needed to position the head over the tracks on the disk. This is what they do to ordinary computers. Computers that have been used to store or process classified information get more intense treatment.

  • I don't know what's worse... (Score:5, Funny)

    by Anonymous Coward on Sunday July 31, 2005 @04:44AM (#13206540)
    * That they have sold a bunch of servers laden with personal information for hardly any money at all, or
    * Somebody out there is still running AIX

  • Policy (Score:5, Funny)

    by Anonymous Coward on Sunday July 31, 2005 @04:47AM (#13206545)
    Why are we suddenly complaining about Government being too open?

  • As an Australian... (Score:5, Funny)

    by PrivateDonut ( 802017 ) <chris5377@mai l c a n .com> on Sunday July 31, 2005 @04:47AM (#13206546)
    this is why I love living in Australia! Nobody takes anything too seriously (except beer and sport, which we take very seriously)

  • Data Eradication / the Nuclear Option (Score:3, Funny)

    by root_dev_X ( 100095 ) on Sunday July 31, 2005 @04:48AM (#13206548) Homepage
    And what, ever since I posted to /. about finding the best way to *really* wipe a harddrive I've gotten about 45 emails telling me all kinds of ways to sort out this kind of problem (I still get emails about it, and the posting was more than three years ago). Everything from a quick thermite burn to breaking into a telco exchange for some ultra-high-current bit rearrangement.

    those government types just beed to think outside the box a little more. hell, why settle for thermite - these boys have access to our nuclear arsenal!

    • I work in a hospital; and we have come up with a very effective way of dealing with hard drives...

      • Step 1: Low-Level Format
      • Step 2: Beat drive to bloody pulp
      • Step 3: Put said drive into the CT Scanner or MRI

      This leaves us with a blank, smashed and scrambled drive. At this point, depending on the type of data stored, the remains of the drive head off to the incinerator...

      This may sound like going overboard, but we're dealing with patient information, and we take it very seriously.

  • Obligatory (Score:3, Funny)

    by Arghdee ( 813921 ) * on Sunday July 31, 2005 @04:49AM (#13206554)
    Interesting, that the blogs subtitle is:
    If it's not on fire, then it's a software problem.

    Looks like you're about to have a hardware problem :D

  • 14 bucks? you got ripped :) (Score:5, Interesting)

    by ashridah ( 72567 ) on Sunday July 31, 2005 @04:50AM (#13206558)
    At ~$14USD per server, it's amazing how cheap personal information has become.
    $14 USD? You got ripped off.

    A few years back, some guy wearing a workmans uniform and holding a clipboard wandered into the (iirc) customs building here in Australia. Carted off one of the servers from a machine room, and no-one stopped them, or remembered what they looked like.
    Slashdot remembers :) [slashdot.org]

    Makes me proud to be an aussie sometimes :)
    • Never underestimate the power to set office workers minds at ease by wearing blue and carrying a ladder. It's a total class issue. White collar workers think blue collar workers a beneigth them and not worth challenging.
    • And the best part was that it was full of intelligence data.

      I share your pride ;)

    • Re:14 bucks? you got ripped :) (Score:5, Interesting)

      by dbIII ( 701233 ) on Sunday July 31, 2005 @05:20AM (#13206626)
      customs building here in Australia. Carted off one of the servers from a machine room, and no-one stopped them, or remembered what they looked like.
      There was the first "middle eastern appearance" conclusion that was jumped to, but it appears that was only fed the the press and the internal investigation showed that there wasn't even that clue.

      There was also the incident a couple of years back when large quantites of backup tapes for three government departments were stored in wheeled garbage bins - as anyone who read this can expect the tapes ended up being dumped and lost forever, and the contractor (Telstra, the half government owned telecomunications company) was not even rapped over the knuckles for it.

      It's not just the government - I picked up an old Sun E250 for parts at an auction. To see if it worked I booted off an install CD, plugged in a serial terminal, edited a couple of files with ed (/etc/passwd and /etc/shadow I think, was a while back) to get root on reboot and was very surprised to find a lot of stuff apart from the OS still on the disks. I wasn't curious enough to find out whose it was and what was there - peril lies that way for no gain, so I just did what should have been done and repartitioned the thing.

      The opposite extreme is the clueless accountant taking to a retired server with a hammer - saying something about traces being left in the RAM - but he probably hated the thing or just wanted to smash things. If it was me there was a perfectly good 200 ton hydraulic press that could have been used in the same place, a small heat treatment furnace to get all the data off that drive by going beyond the curie temperature, a large array of machine tools and an impact testing rig.

    • some guy wearing a workmans uniform and holding a clipboard ... Carted off one of the servers from a machine room

      I have heard a similar story about two guys in blue overalls walking out of David Jones (or some other department store) carrying a big-screen TV, and noone stopped them either.

      Makes me proud to be an aussie

      Y'know, it's interesting to note that all our greatest heroes are thieves [ironoutlaw.com] and brigands [nedkellysworld.com.au]. Go Aussie!

  • Not trivial though (Score:2, Interesting)

    by baldvin ( 267689 )
    Its kind of hard to get rid of your data on a hard drive. You are lucky if it works, then you can try 'dd if=/dev/zero of=/dev/xxx'. However, if first thay laid off their aix staff, employed some windows engineers, then they decided to sell those aix boxes... Well, well :)

    Your task is even harder if you have a hard drive that ceased operating. There exists companies like http://www.kurt.hu/ [www.kurt.hu] that have state of the art technology to retrieve data from damaged hard drives. If you need your data: good for you.
    • Works better if you use /dev/urandom

    • At least then you know that if the drive dies and you don't physically destroy it, for somebody to copy the data they'll have to do more than just get the drive going again.

      PCB board failures are the problem. The drive won't work, yet the data on the platters is likely to still be good. PCB failures are also fairly easy to recover from - just go to ebay to buy a second hand drive of the same model, and swap the PCBs over. If it is easy for you to do, it is also easy for your adversaries.

      Even if you sell

    • Re:Not trivial though (Score:5, Funny)

      by John Seminal ( 698722 ) on Sunday July 31, 2005 @05:16AM (#13206617) Journal
      Its kind of hard to get rid of your data on a hard drive.

      I found running a magnet over it is a good first step. Unscrewing it and opening it is a good second step. Taking a hammer to the internal parts is step 3. And putting the parts over a fire won't hurt. For a final step, I like to throw the hard drive in the lake of acid.

      I also pee on the hard drive. Just incase someone is smart enough to fuck me and find out what was on the hard drive, I can have the last laugh knowing they touched my pee.

      Oh, but you want to sell the hard drive, sans data? Now that gets tricky.

      Here is what I have done in the past when I wanted to sell or give away a hard drive, but did not want anything to be retrievable off the hard drive.

      I start with a format using a windows 98 floppy that will write a FAT table. I then load windows 98 on it and go to malware, spyware and those kinds of websites. When I get to 90% CPU in usage while doing nothing, I know I have enough spyware and viruses. I let them go to town on the hard drive. I delete files, and let the viruses rewrite them.

      Step 2 is putting a Debian CD in the cd-rom and reformatting the hard drive and installing Debian. I then go to websites with huge mpegs and download them until the hard drive is full of data. I delete all this data and do it all over again.

      Next is a Windows 2000 install, in NTFS. I go back to virus and malware websites, and let the hard drive get infected again.

      My final step is a simple FAT format, and the sale. If someone tries to recreate what was one the drive, they might recreate a virus. I toss the debian and large file step in the middle to over write what was written the first time. It is another layer to the cake.

      Oh, I am delusional and paranoid too. People tell me I get fanatical about shit like privacy. You might not need to go through all the steps. A simple format might be all you need, unless you suspect the person buying the hard drive has thousands of dollars in equipment and training to recreate your deleted data (like the National Security Agency in conjunction with the CIA and colonel sanders from KFC. Why would a military grade officer be selling chicken? To get closer to YOU!).

      • Re:Not trivial though (Score:2, Insightful)

        by baldvin ( 267689 )

        has thousands of dollars in equipment and training to recreate your deleted data (like the National Security Agency in conjunction with the CIA

        Wrong. See my previous post. You don't need the personnel, neither the equipment. The service is commercially and easily available.

        This is similar how most people that used only gui mail clients think that the From: header cannot be faked. They think that you need to be CIA to do that. However, you only need a telnet and some knowledge of an rfc...

        You are right only

        • Wrong. See my previous post. You don't need the personnel, neither the equipment. The service is commercially and easily available

          You two seem to be talking about different things. The Hungarian company you mention does not claim that it can recover overwritten data. However, it can recover deleted files, similar to Norton's and PC-Tools' undelete tool under DOS in the old days. Moreover, they can recover data from drives that are electronically or mechanically defective.

          The grandparent (which is funny

      • Odd that you god modded "Troll" for what is such a funny post.

        I just throw it in a lake of acid, and leave it at that. I can't figure out why more people don't just do this.
      • I never realized there is an actual use for viruses and such. That would be fun though. I'd probably cut down the steps to just two.

        1) Format hard drive and reinstall Windows.

        2) Using Google, search xxx and click on all those pornography sites. I'm sure that will load you with some viruses.
    • Its kind of hard to get rid of your data on a hard drive.

      In AIX, you just insert the System Diagnostics CD and tell it to scrub the disk. This is actually apparently US DOD-compliant, so it should probably suffice. Overwriting the disk about a dozen times with various patterns of data is apparently enough to render old data inaccessible.
    • "Your task is even harder if you have a hard drive that ceased operating. There exists companies like http://www.kurt.hu/ [www.kurt.hu] [www.kurt.hu] that have state of the art technology to retrieve data from damaged hard drives. If you need your data: good for you. If you'd like to get rid of it for sure: better take good care of it..."

      Anyone else run into the situation where a drive dies during the warranty period and they want the old drive back when supplying the replacement... and the drive was in a laywers office
      • Reminds me of an anecdote I heard a few years back. It's off-the-wall enough to be true, but I don't vouch for its accuracy. It was a pub conversation, after all.

        Co-worker at a previous job had an acquaintance who was working for a defense contractor (RLM, i think it was), on some crazy uber-classified Over-the Horizon Radar project. They used an absolute stackload of data in Compaq (ex DEC) SANs, I'm told.

        Due to the fact that all this data was classified at some level, and they were a good customer, Com

    • Re:Not trivial though (Score:2, Informative)

      by DRobson ( 835318 )
      Try Darik's-boot-and-nuke, pretty damn easy especially if you set it up to auto wipe things on boot. Last time I tried it there was next to no user intervention needed (And that was a while back). http://dban.sourceforge.net/ [sourceforge.net]

  • Government (Score:5, Interesting)

    by Anonymous Coward on Sunday July 31, 2005 @04:54AM (#13206569)
    Makes you wonder how many governmental organizations even know how important properly disposing of a computer can be.

    Or if the government really cares. Who's going to arrest them? There's no risk of punishment here.

    • Re:Government (Score:2, Interesting)

      by mistfall ( 459736 )
      Given the number of governments that flirt with the concept of ID cards (especially when the bombs go off) aren't you glad they practise such strong safeguards when it comes to data?
    • We're not ALL incompetent. We'd purchased two NAS boxes from Dell/EMC. Turns out they sold a total of SIX before droppiong the line and all support. (Due to extreme suckage I guess) After we negotiated out of that one, we were stuck with two boxes that needed to be surplussed (which I'd hoped to scrounge for a song after the fact....2 Tb of Raid storage in my basement woulda been nice.)

      Unfortunately Dell/EMC, in their incompetence, couldn't figure out how to DOD wipe the drives. So they dot disassembled and

  • You understand that... (Score:5, Insightful)

    by PrivateDonut ( 802017 ) <chris5377@mai l c a n .com> on Sunday July 31, 2005 @04:54AM (#13206572)
    if this guy planned on doing anything with the data, he probably wouldn't have blogged about it. He would copy the data, wipe the disks and pretend that he had seen nothing.

    Then at a later date, he could do his evil work using that data.

    Therefore, this particular blunder is nothing to get worked up about, but the potential for future blunders is.
  • Because we have rules which force government agencies to keep data for a certain amount of time. To get around this much of the data that was to be covered by this was wiped before the rules came into force :)
    • I could be wrong, but don't the regulations apply to how long you have to keep the information, not where you have to keep it? So in this case, if the government had consolidated all of this information onto a new server, thereby still keeping it, they would have been in compliance with the regulations, but still managed to release all of the personal information.
    • There are rules to prevent all sorts of things. Speeding, murder, etc. Doesn't seem to actually stop all of it.

      Rules are there to intimidate the clueful, and to punish the malicious and/or clueless.

  • How is this not negligence? The only problem is how can a person know if their personal information was on one of those servers? I got a feeling everyone will deny, deny, deny everything.

    Secondly, where the hell can anyone get a server for $14. Even if this is a dual p200 pro, that can still make a good home email server. At one point and time, that server was probably the best available. It is just a matter of finding old enough software to use.

    And since we are talking servers, maybe someone can give m


    • What do I need?

      You need to do some actual measurements of the performance load you're going to put on the server. Depending on the queries you're doing a Dual Xeon could be extreme overkill, or not nearly enough.

    • Re:Negligence? (Score:3, Insightful)

      by nmos ( 25822 )
      On ebay, I even found a quad Xeon 550 with 1 gig memory and 5 9.1 scsi cheeta hard drives for less than half of the Dell Xeon. But I don't have any OS that will use 4 CPU's.

      What do I need?

      Any major Linux Distro will handle 4 CPUs just fine.
    • If it's just a forum, you can probably get away with very low specs... say, a 300 mhz machine and 10 gig drive. Especially with those requirements. 100 people aren't going to be reading 100 messages a second. Unless you are running a heavy utilization database, which a 100-people-at-a-time forum doesn't get close to, you don't need to worry about performance. There are other things you can do too, such as caching. Consider upgrading when you hit 1000 or more people at a time.

      I host about a dozen website
      • it's just a forum, you can probably get away with very low specs... say, a 300 mhz machine and 10 gig drive

        That sounds awfully underpowered for a forum because of the database.

        I want a multi processor unit. I know the database will need that extra CPU.

        My problem is trying convince myself that I don't need a new Dell Xeon 2.2ghz machine, that I can get by with a dual Xeon 600 from ebay.

        If the forum grows, what I will do is put the web host on one dual Xeon and the database on a second dual Xeon. I do

        • Re:Negligence? (Score:2, Insightful)

          by ocelotbob ( 173602 )
          Really, a database machine needs more RAM than CPU speed. The more RAM you have, the larger the dataset it can keep in cache, and the less it has to go to the hard drive to pick up information. You'd be fine with a single proc machine; save the money and get a good uniproc motherboard that can accept 4 1 gig sticks of RAM instead.
    • A good hosting service.
    • I ran something similar on uniproc 1,6gig sempron with 512 memory.
      The server had ~300 active users at peak hours and processed something like 50-100 queries/second.(daily average)
      The server load never exceeded 30% and performance was snappy enough.

      My advice, don't throw away thousands of dollars if you can get away with less to start with.
      Try running the forum and database on lower end machine first, and if you want, you can try stress-testing it with load generators to see wether it performs well enou

    • Secondly, where the hell can anyone get a server for $14. Even if this is a dual p200 pro

      It's an RS6000 with an IBM PowerPC - and it's cheap because a lot of people are assuming intel hardware and Microsoft - while with stuff of that age nobody could have said Microsoft and server in the same sentance without stifling a laugh - and no, it will not have the speed of a single p200 pro. That said, it could still be used as a small office mail server, serving up static web pages, or what I use one for - to run

  • You should be happy (Score:3, Funny)

    by Sloppy ( 14984 ) on Sunday July 31, 2005 @05:04AM (#13206591) Homepage Journal
    It's .. um .. transparent government. Yeah, that's it.
  • for sale at an government auction for ~$20 AUD a server

    To me, a more serious problem is why I didn't make a bid myself...$20 for a server!...
    • The E20 would be a 32-bit PowerPC-based (604) server of the 100 MHz to 233 MHz variety (probably 100 MHz). Hard disk sizes would likely be in the 9 GB per disk range. Memory would be around 256 MB or perhaps more if upgraded. But the real limiting factor is that AIX support for the 32-bit hardware is coming to a close. (The 64-bit hardware has been available for quite some time now, and the latest AIX doesn't even run on 32-bit hardware.)

      These servers could be nicely rehabilitated with Linux, however. In

  • Does he have a license to the source now? (Score:5, Interesting)

    by mveloso ( 325617 ) on Sunday July 31, 2005 @05:11AM (#13206605)
    Just wondering. He bought the computer and its contents from the government, so does he have rights to the source on the box?

  • Goverment? (Score:5, Funny)

    by Stuart Gibson ( 544632 ) on Sunday July 31, 2005 @05:17AM (#13206619) Homepage
    Govermental Servers Wiped? Never!

    "Eighteen AIX servers purchased from goverment via auction"
    So, is this genuinely how government is spelt in Australia, or are the editors too lazy to pick up on a glaringly obvious spelling mistake...

    Twice.

    Stuart
    • Funny, I didn't even notice that until you pointed it out. That whole thing where the brain does real-time error correction while reading kicked in, I suppose. You know, where the first and last letters are right, but the middle junk is scrambled and you can still read it as the right word when reading fast?

      goevrnemnt

      Weird. :)

      Still sloppy, though.
    • So, is this genuinely how government is spelt in Australia

      No, if you RTFA Geoffrey Huntley says "Early last week eighteen IBM RS/6000 E20 servers went up for sale at an government auction for ~$20 AUD a server,...", so it was the retarded submitter. (Though Geoff might reconsider the "an".) As is longstanding Slashdot policy, the editors don't edit (I don't know what they do, aside from randomly choosing an article subitted by some naive noobie or self-promoting asshole).

    • So, is this genuinely how government is spelt in Australia

      No, the correct spelling is guvmint, as used in the phrase "I'm agin the guvmint!" or in the other form "Govermental as anything".

      Seriously, anyone who criticises spelling and grammar on a global web forum should realise that while you can gauge and colour your response for your own country not even the dictionary in another country is always going to agree with you. If you are from the USA you can say "fanny pack" with a straight face, because it

    • Which is why everyone everywhere should agree that the correct spelling is gubmint.

  • Reminds me of when I worked for US government... (Score:5, Interesting)

    by Anti-Trend ( 857000 ) on Sunday July 31, 2005 @05:17AM (#13206620) Homepage Journal
    I used to work for city government here in SoCal, USA. In contrast to our Aussie friends, they were super paranoid about data leakage. When there was actually a situation where the red tape was momentarily pierced and we were authorized to give away outdated equipment to schools, they made us do a multiple-pass low-level format on each and every HDD that left the building. A royal pain-in-the-ass more than a security consideration -- none of those machines had anything which would be of much interest to anybody. If you ask me, the most damning piece of information one could gleam from those systems wasn't in the HDD at all. Rather, it's the glaring question of why there were gaming-class video and sound cards in all of the upper-management's old PCs, and nothing but cheap Trident cards in the CAD workstations of the time...

    -AT

    • You have to ask that question? No matter where I have worked upper management always gets high end computers that they will never use, and at the same time the person that needs the system gets a system that is rather underpowered for what he/she needs.

      -Qua
      • Funny, it was the opposite in the NASA division where I worked. My second level supervisor has a computer that was the oldest and slowest of the bunch - a 5-6 years old triple hand-me down with a 15" monitor. His secretary was one step better, maybe 4 years old, same monitor. My boss had a 17" monitor and a 2-3 year old ocmputer. The cad guys all sat in front of 21" monitors (this is early 90s, btw) on brand new intel processors - some dual ppros.

        Then again, we got real work done in that branch. (And it was
  • $14 for an AIX server, shipping and handling costs more, carrying them to the trashbin costs more. This is really a good deal, even for really old machines.

    Anyway, if you do not want anybody to get the data, format the disks, low level if possible, remove the disks, open them up and use sanding paper on the platters before destroying them by bending or cutting them in two. Should do the trick.
  • We bought a second hand server from ebay which was from someone that buys ex govt stuff from auctions and it had a backup tape in it from the Brisbane Magistrates Court (Australia)

  • Cheaper ways... (Score:5, Insightful)

    by pimpimpim ( 811140 ) on Sunday July 31, 2005 @05:55AM (#13206695)
    There was a case in the Netherlands where a state prosecutor just put his personal pc at the trash when it didn't work anymore due to spyware:

    http://www.expatica.com/source/site_article.asp?su bchannel_id=19&story_id=13469&name=The+Dutch+news+ in+October+2004 [expatica.com]
    see october 7th 2004

    Some taxi-driver found it, discovered that it had very sensitive information about some current open cases on it, and a lot of personal stuff that could make the prosecutor vulnerable for blackmail etc. when in the wrong hands.

    These things just show that some state organisations (or the people working there) have really too little awareness of handling computer data the right way. Actually this year we had a case in the netherlands where some secret state report ended up in an upload filesharing folder of the person working on it, and thereby just could spread all over. I think people working at such positions really should be instructed on safe computing, especially at home or using laptops, the risks are pretty high that data can get stolen.

    • "There was a case in the Netherlands where a state prosecutor just put his personal pc at the trash when it didn't work anymore due to spyware:"

      Does it even matter who found the PC? The information on it was already available to the spyware authors, who might be even more interested than taxi drivers in government confidential files
    • Some taxi-driver found it, discovered that it had very sensitive information about some current open cases on it, and a lot of personal stuff that could make the prosecutor vulnerable for blackmail etc. when in the wrong hands.

      To which he immediately brought it...

      (Yes I'm not a fan of PRdV)

  • you know they could have just.... (Score:5, Informative)

    by thegoogler ( 792786 ) on Sunday July 31, 2005 @06:07AM (#13206720)
    used dban [sourceforge.net], its not rocket science. just put the disk in and hit ok

    o wait, this is the goverment, nevermind

    • Please read DBAN FAQ (Score:2, Interesting)

      by bersl2 ( 689221 )
      Q: Is the Gutmann method the best method?

      A: No.

      Most of the passes in the Gutmann wipe are designed to flip the bits in MFM/RLL encoded disks, which is an encoding that modern hard disks do not use.

      In a followup to his paper, Gutmann said that it is unnecessary to run those passes because you cannot be reasonably certain about how a modern hard disk stores data on the platter. If the encoding is unknown, then writing random patterns is your best strategy.

      In particular, Gutmann says that "in the time since th
    • "o wait" There's no AIX version of dban. Duh.
  • Would be too much aggro to do the job right.

  • Data Protection? (Score:3, Insightful)

    by HugePedlar ( 900427 ) on Sunday July 31, 2005 @06:14AM (#13206732) Homepage
    The UK's Data Protection Act, especially as it pertains to medical data, is remarkably strict.

    Nonetheless, it came as no surprise to me that, when I worked at a medical centre and they upgraded all their machines, the old ones were merely dumped in the attic before being carted off by the local Council's binmen.

    I asked about this (not in terms of security, but because I wanted the machines). Apparently UK companies have to PAY the Council to removed old computers, as part of some enviromental legislation. I offered to take them away for free, naturally.

    The only reason I didn't get any "protected" data along with them was because I'd previously wiped it off. But even that was little more than a standard "empty recycle-bin" - it likely wouldn't stop anyone who knew what they were doing.


    It's all very well having data protection policies, but unless you tell officials HOW to erase data, it won't be done.
    • But remember, it's ILLEGAL to use any of this data for nefarious purposes! No one would even consider doing so because their elected representatives DID something about the problem by passing law #187,302 that everyone immediately went and memorized so they wouldn't violate its terms accidentally.

      The fact is, the whole concept of legislating solutions to real world problems is flawed in a world where no one in their right mind still believes they will be punished by the gods for breaking the law. And there

  • Shoulda used... (Score:2, Informative)

    by Mechcozmo ( 871146 )
    http://www.killdisk.com/ [killdisk.com]

    I've only used the free demo but its a great floppy. And it runs FreeDOS too.

  • Replace hd with sd if you have scsi drives.
    Granted, that works on Linux, not AIX. It's been long enough since I admined AIX that I can't remember how to determine all partitions. More importantly, it probably wouldn't fit on the subject line (which was the purpose of this post).

    In any case, the point is it's still a (short) one-liner to clean the disks if you know the partition names. If those were Intel boxes, you could have booted off of Knoppix, and run the subject line. Even for RS/6000 boxes, it s


  • Freedom of Information laws in Australia are VERY dim...

    A very recent (like this past week) Law Report
    (another fine radio program on the ABC's domestic
    Radio National network) covered an on-going case,
    in which The Australian newspaper (or was it another one?)
    has been seeking some non-controvertial info -
    from Treasury - that several years old and related to
    First Buyer's Grant (ie, for home buyers).

    In that case, the Treasurer used his mini

  • Never (Score:2)

    by N8F8 ( 4562 )
    Where I used to work for the government we would put a high power magnet on the HD and then pull out the discs and then smash them.

  • ebay is great for this... (Score:5, Interesting)

    by bani ( 467531 ) on Sunday July 31, 2005 @12:27PM (#13208089)
    You could probably make a living selling data snarfed from used disks/tapes off ebay.

    I picked up some "blank" used DLT tapes from ebay. These "blanks" contained a filesystem backup for the online store of a multibillion dollar corporation.

    Why get so worried about personal data being stolen by l337 h4x0rz through the intarweb? All they need to do is buy a bunch of used media off ebay -- much easier.

  • In Canada... (Score:3, Interesting)

    by myov ( 177946 ) on Sunday July 31, 2005 @01:42PM (#13208518)
    One of the major banks decomissioned servers which eventually wound up on ebay. The person who bought them discovered that all data was still intact.

  • I went to a course on IT security sponsored (Score:3, Informative)

    by multiplexo ( 27356 ) on Sunday July 31, 2005 @05:55PM (#13209869) Journal
    by DISCO, the Defense Indusrial Security Clearance Office or (yes, they are referred to as "DISCO", yes it is an incredibly contrived acronym, no I am not making this [dss.mil] up) and one of the things the instructor discussed was a case where the Department of Justice had surplussed some PCs to various local law enforcement agenties back in the late 1980s. The PCs had not been wiped and a tech savvy cop in Virginia started going through one of them and lo and behold he found the DoJs witness protection program list, unencrypted, just waiting there for sale to the highest bidder.

    Fortunately he was an honest man and didn't sell the list, rather he contacted the DoJ and DoJ contacted DISCO to help get their shit together. The instructor was making the point that when you surplus equipment that you really need to make sure that you wipe the drives and any other storage media. His bias was that the easiest way to do this was to physically remove and destroy the media because you could never really be sure if a wipe program had worked (well you could go over the drive to make sure that it had been erased, but who's going to do this?).

    When I don't want to physically destroy a drive but want to make sure that it's gone I either wipe it with a low-level hardware format utility such as the one built into Adaptec SCSI cards, or I use a program such as autoclave [washington.edu] by Josh Larios (which he isn't supporting any more outside of the University of Washington community) although now I guess I'll have to try the recommended replacement Darik's Boot and Nuke [sourceforge.net]. A side benefit of programs such as this one is that they really exercise the Hell out of your disks, which is great to smoke out any potential failures.

Slashdot Top Deals

"If it ain't broke, don't fix it." - Bert Lantz

Close