In Depth
PC Disposal: Hard-Disk Risk
Are all those old hard drives you're getting rid of completely wiped clean of important company data? Don't be so sure.
By Simson Garfinkel
In fact, only 10 percent of the drives I purchased had been properly sanitized.
Much of the data we found was truly shocking. One of the drives once lived in an ATM. It contained a year's worth of financial transactions—including account numbers and withdrawal amounts—from a organization that had a legal requirement to not divulge such information. Two other drives contained more than 5,000 credit card numbers—it looked as if one had been inside a cash register. Another had e-mail and personal financial records of a 45-year-old fellow in Georgia. The man is divorced, paying child support and dating a woman he met in Savannah. And, oh yeah, he's really into pornography.
Abhi and I published our findings earlier this year in IEEE Security and Privacy journal. The story got a lot of media attention. It seems that many people have heard that some used computers still have confidential information on their hard drives, but few suspected the scale of the problem.Suds for Your Hard DriveSo what's to be done?
Perhaps the saddest observation in our story is that erasing information from hard drives is not difficult—with a little bit of Web searching, we found more than 50 programs that purport to clean your hard drive so that the information on it cannot be recovered using even the most advanced technical means. One program costs more than $1,000, but some cost only $20 or $30, while still others are free. All of the programs do more or less the same thing: They repeatedly overwrite the blocks on your computer's hard drive with random bit patterns, completely obscuring the information that was previously there.
These so-called disk sanitizers actually come in two varieties. The first is programs that promote themselves as file shredders, secure erasers or slack-space sanitizers, designed to be used on a running computer system. They overwrite blocks on your disk that aren't actively being used to store files but might have been used in the past for file storage. These programs, such as SecureClean from AccessData, assure that deleted files are no longer recoverable. The best will sanitize other kinds of telltale privacy leaks, including browser caches, temporary files and certain kinds of cookies.
The second kind of program will completely erase the contents of a disk—just the thing when you want to upgrade the PCs in the accounting department and redeploy them on reception desks throughout your enterprise. The programs, properly called disk sanitizers but sometimes called disk shredders, repeatedly overwrite every block of a disk drive, then fill the drive with zeros.
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
Maximizing Site Visitor Trust Using Extended Validation SSL
Now with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.
- The Latest Advancements in SSL Technology
- Maximizing Site Visitor Trust Using Extended Validation SSL
- How to Offer the Strongest SSL Encryption
- Solving Online Credit Fraud Using Device Reputation
- Forrester Reports 321% ROI Through Device-Based Fraud Management
- Enterprise Management Associates: Taking the Botnet Threat Seriously
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
7th Annual Digital ID World
-
September 8 - 10, 2008Hilton AnaheimRegister now »
Anaheim, California
(ISC)2 members can earn up to 20 CPE Credits
Reference priority code ONLINE and save $800 off the full registration price — attend the program for $995
