Security Basics mailing list archives
RE: Interesting One
From: "Rodney, John" <John.Rodney () Marconi com>
Date: Fri, 1 Nov 2002 11:18:24 -0500
-----Original Message----- From: ATD [mailto:simon () snosoft com] Sent: Wednesday, October 30, 2002 6:08 PM To: Carol Stone Cc: security-basics () securityfocus com Subject: Re: Interesting One I have heard similar claims from "agencies" about the ability to recover data after multiple re-writes. I also happen to know that several of these "agencies" when doing drive disposal, literally drill holes in their drives then incinerate them. That is after they wipe the drive clean several times. I'd assume that there is a reason for such paranoia, wouldn't you? Or do you think they are just playing it super safe? ************************************************************************** I would go for poor judgment. What is the point of taking the time to wipe the drive several times, and then physically damaging it, before you melt it! That certainly sounds like overkill to me, or someone misinterpreting and blending several requirements together. Why not just melt it? Aren't the end results the same? But having been in the DOD at one point and dealing with some of these and similar regs/stds it does not surprise me. Anyone ever hear of Tempesting or the requirement to keep cabling (non-optic) for various levels of classified LANs a certain distance (3 feet?) apart because of bleed over? How many people have escorted someone else carrying a bag of shredded 5 and 1/2 floppies to an incinerator? (These are sort of 'rhetorical', no answers needed. I am not looking to change the subject or get any responses to these or any other questions I posed in this reply) Years ago to dispose of classified floppies I used a program that wrote 1s and 0s then 0s and 1s seven times, then take the floppy and run it thru a crosscut shredder, which was then emptied into a bag and the bag was taken to the incinerator. Why? Because the guy before me did it. He told me the NSA required it. Did I ever take the time to find the reg/std that required that? No. Does it make sense to take the time to wipe a floppy, that is going to be shredded and burned? Hum? Did I show good judgment? You have to wonder . . . Is there a reg/std that required this? Could be. I did read many regs/stds and there were more than a few that made me wonder what on earth the people who wrote it were thinking. I have never tried to wipe a GB drive 30 times (someone mentioned their program does up to 100!). I imagine that it takes a good deal of time. Perhaps if the information on the disk is that valuable/sensitive, you would be best served by finding a nearby incinerator. I used to wonder why anyone would ever discuss how many angels could fit on the head of a pin. I think I have an idea now . . . ;-)
Current thread:
- RE: Interesting One, (continued)
- RE: Interesting One Rygg Christian (Oct 31)
- RE: Interesting One Trevor Cushen (Oct 31)
- Re: Interesting One ONEILL David J (Nov 01)
- Re: Interesting One Greg van der Gaast (Nov 01)
- RE: Interesting One Leonard.Ong (Nov 01)
- RE: Interesting One Holmes, Ben (Nov 01)
- RE: Interesting One Trevor Cushen (Nov 01)
- Re: Interesting One Meritt James (Nov 01)
- Re: Interesting One Chet Uber (Nov 01)
- Re: Interesting One Pablo Gietz (Nov 01)
- RE: Interesting One Rodney, John (Nov 01)