RE: Advice regarding servers and Wiping Drives after testing

["Craig Wright" <Craig.Wright () bdo com au>]

Hello,
"Do you mean to say that there is no way to negate a magnetic signature on any surface? Can you explain?"

No, I mean that negating a field will not supply the prior field, it will make a zero. 

"If you felt those ideas are impossible, fine- perhaps you could explain why you believe they are currently not 
possible, so the rest of us can better enjoy the richness of your thoughts. Merely shouting "impossible"
and waving your degree in the air is generally insufficient to convince anyone on these lists that you are correct. 
Also, claiming you can pee farther than someone usually means you intend to show them you can. So please elucidate on 
why they couldn't have invented an electronic device that allows something similar to what I have (poorly, I am sure) 
outlined."

I believe that I did. However, as soon as I try to explain this using the terms that apply, people start to not 
understand as they do not have the knowledge of the underlying subject material. If it is not on Wiki - it seems that 
many IT people do not understand it. This is also not a currently not possible, it is a not possible. Next, you are 
stating a possibility. It is for you to provide proof not for me to disprove - see scientific principle.

As to why what you have outlines is impossible, Stochastic distribution of magnetic fields. 

See the following papers: 
Prof. Dr. sc. nat. Lutz Schimansky-Geier (2007) "Stochastic dynamics and electromagnetic fields of confined random 
charges: from distribution to control" Institut für Physik Theoretische Physik (Stochastische Prozesse)

De Angelis, G F et al (1982) "A stochastic description of a spin-1/2 particle in a magnetic field" J. Phys. A: Math. 
Gen. 15 2053-2061   doi:10.1088/0305-4470/15/7/016

White, R B et al (1993) "Collisionless transport in a stochastic magnetic field"  Plasma Phys. Control. Fusion 35 
595-599   doi:10.1088/0741-3335/35/5/005

Hentschke, S.; Rohrer, S.; Reifschneider, N.(1996) "Stochastic magnetic field micro-sensor" ASIC Conference and 
Exhibit, 1996. Proceedings., Ninth Annual IEEE International Volume , Issue , 23-27 Sep 1996 Page(s):11 - 14
Digital Object Identifier   10.1109/ASIC.1996.551952

If I state, "stochastic magnetic fields follow a binomial PDF" do you understand what I have stated?

So yes I state it is FUD. It is FUD Bill, as the paper that you referred to has no scientific basis in reality. 
However, without some foundation in MCMC (Markov chain Monte Carlo) and other stochastic methods, there is no way to 
prove this. It is not a matter of arguing the point based on hypothesis from rhetoric. This is a matter of mathematical 
proof.

Read the papers attached and do some research into Stochastic magnetic field theory and then you may understand why the 
proposed field negation strategy is FUD.

Regards,
Craig



Craig Wright
Manager of Information Systems

Direct : +61 2 9286 5497
Craig.Wright () bdo com au
+61 417 683 914

BDO Kendalls (NSW)
Level 19, 2 Market Street Sydney NSW 2000
GPO BOX 2551 Sydney NSW 2001
Fax +61 2 9993 9497
www.bdo.com.au

Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

The information in this email and any attachments is confidential.  If you are not the named addressee you must not 
read, print, copy, distribute, or use in any way this transmission or any information it contains.  If you have 
received this message in error, please notify the sender by return email, destroy all copies and delete it from your 
system. 

Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls.  
You may not rely on this message as advice unless subsequently confirmed by fax or letter signed by a Partner or 
Director of BDO Kendalls.  It is your responsibility to scan this communication and any files attached for computer 
viruses and other defects.  BDO Kendalls does not accept liability for any loss or damage however caused which may 
result from this communication or any files attached.  A full version of the BDO Kendalls disclaimer, and our Privacy 
statement, can be found on the BDO Kendalls website at http://www.bdo.com.au or by emailing administrator () bdo com au.

BDO Kendalls is a national association of separate partnerships and entities.

-----Original Message-----

From: William Holmberg [mailto:wholmberg () amdpi com] 
Sent: Friday, 14 September 2007 7:36 AM
To: Craig Wright; gjgowey () tmo blackberry net; Ansgar -59cobalt- Wiechers; listbounce () securityfocus com; 
security-basics () securityfocus com
Subject: RE: Advice regarding servers and Wiping Drives after testing

Craig,

With all due respect to the many years you have spent studying, managing
an IT department for accountants, etc., it is not a factor of me not
understanding you. In fact, you come off a bit high handed and harsh
here. I am trying to explain what someone else stated, not defending his
point or arguing theoretical physics with you (and remember, I wasn't
reading a technical document, this was an individual conveying his
impressions of what he had been exposed to, and my admittedly diluted
explanation of it). Presenting the ideas he espoused hardly means I
haven't "Understood a thing" you were saying. Perhaps if you wrote it in
Mandarin, that may be the case, but I think I struggled through enough
of your verbage that I grasped a wee little bit. So humor me.

"You have not understood a thing I was trying to say. Sentence 1 was a
standalone. "
So, is this sentence one? " Snake-oil BS and FUD."

BTW FUD is Fear Uncertainty and Doubt, none of which seems to be what we
are talking about here. This new companies "invention", if that is what
it really is, may very well be Snake Oil, and does appear to have
elements of BS, but all great breakthroughs do at first because they
challenge our assumptions of what we THINK we know. But FUD isn't
involved. They are presumably certain about what they are trying to do,
no doubt.
;)

Or this:

"Magnetic signatures are not time-stamped. There is no unerase
capability."

First off, again, there was no mention of a "Time Stamp", and also none
of an "unerase" of a magnetic signature on the drive. "Unerase" is a
marketing term, not an actual word. 
Restoration is a technical term, but neither is what we are discussing.
Perhaps if you were to address the points that I DID actually say, we
would better understand your rationale for disagreement.
Here is what I DID say.
" Time IS a factor, as magnetic fields not re-energized are
subject to fading over time, as you yourself point out with your comment
about magnetic decay. "

Agree? Disagree?

"Also, when a drive is written to, then over
written, the most recent write is the strongest signature available to
the heads. "

Agree? Disagree?

"Therefore it is theoretically possible to neutralize the last
write, but only IF the head can be placed almost exactly over write
spot- something that is not- if I understand current technology-
currently possible."

Agree? Disagree?

"If I understood the gentleman correctly he is stating they have a way
to

1) Directly control both the movement and the placement of the head
2) Directly control the voltages supplied with either + or - values
3) Correctly read precisely where and what was placed on the sector
4) Do comparative value matching of signature strength and log it to a
file
5) Reconstruct possible data writes based upon those findings, rating
each write found on each sector based upon it's strength/legibility and
reconstruct each probable combination (not possible combinations which
would be random) based upon a best matching scenario of the strength of
the write
6) rewrite precisely over the last write with an inversely phased 1 or
0, rendering the last write moot
7) Pick up the next strongest signal left on that sector as the probably
overwritten data"

Which of those things do you feel would be impossible given a
significantly advanced circuit crafted for those specific purposes? Why?

Take your time, use long sentences. I'll try to keep up.
:)

Specifically it seems that the purported technology can supposedly
nullify the strongest (Assuming that the strongest signal is the most
recent, as magnetic signals decay with time) magnetic signature
precisely where it was laid, leaving previously written signatures
readable in some fashion. If I knew the particulars of that fashion, I
would undoubtedly be raising capital to launch a company doing this
instead of arguing it's possibility with you. If you mean to say you
find it highly improbable, that is a different matter, and many would
agree with you.

You state "there is no means".

Do you mean to say that there is no way to negate a magnetic signature
on any surface? Can you explain?

If you felt those ideas are impossible, fine- perhaps you could explain
why you believe they are currently not possible, so the rest of us can
better enjoy the richness of your thoughts. Merely shouting "impossible"
and waving your degree in the air is generally insufficient to convince
anyone on these lists that you are correct. Also, claiming you can pee
farther than someone usually means you intend to show them you can. So
please elucidate on why they couldn't have invented an electronic device
that allows something similar to what I have (poorly, I am sure)
outlined.

The other conversation I relayed about the Network administrator was not
an Analogy to the current situation as you seemed to take it (since you
used the word analogy), it was an illustration- of how people can
believe only in the impossibilities. That he may have had a
misunderstanding of physics is a given- Although many pre-eminent
network persons believed the same for years- but please don't expect us
to believe that current physicists have a perfect view of it either. I
have studied String Theory and Chaos enough to know that things change
wildly in the physicists world, then often go back to previous theory
before altering yet again.

I guarantee you that within 20 years recovering data from today's
technology based wiped drives will be commonplace. There have simply
been too many breakthroughs (Like IBM's "Pixie Dust") that were
previously thought impossible in Drive and Microprocessor technology in
the last 20 years for anyone to authoritatively state that it can't
happen. Perhaps not in the way it was outlined to me, but certainly,
there is a way. We just don't know it yet. I understand that you and
many others believe there is no means to do this (today). This
individual was trying to explain he believed his acquaintance's new
company was about to unveil a means. They are either wrong, or right.

But thanks for the list from MIT's website. I am sure I would have had
difficulty finding it with my limited intellect (although being in the
same country as MIT I was peripherally aware of it's existence- Hey!
I've actually taken a class from them!). If you like I can list some
courses available online in communicating and personal relationships,
and when we are both done with school we can finally communicate on a
level playing field.
;)
-Bill


-----Original Message-----
From: Craig Wright [mailto:Craig.Wright () bdo com au] 
Sent: Thursday, September 13, 2007 2:38 PM
To: William Holmberg; gjgowey () tmo blackberry net; Ansgar -59cobalt-
Wiechers; listbounce () securityfocus com;
security-basics () securityfocus com
Subject: RE: Advice regarding servers and Wiping Drives after testing

Bill,

You have not understood a thing I was trying to say. Sentence 1 was a
standalone. The next paragraph is a separate issue. If you understand
what I was stating, you will see that everything in the post you have
followed with is in violation of quantum theory.

Your best bet is to go to MIT - they have a nice free curriculum these
days all online at
http://ocw.mit.edu/OcwWeb/web/courses/courses/index.htm. Take the
following:

6.012 Microelectronic Devices and Circuits 

6.013 Electromagnetics and Applications 

6.041 Probabilistic Systems Analysis and Applied Probability 

6.071J Introduction to Electronics, Signals, and Measurement 

6.231 Dynamic Programming and Stochastic Control 

 6.374 Analysis and Design of Digital Integrated Circuits 

 6.432 Stochastic Processes, Detection, and Estimation 

 6.630 Electromagnetics 

6.632 Electromagnetic Wave Theory 

6.635 Advanced Electromagnetism 

6.641 Electromagnetic Fields, Forces, and Motion 

6.642 Continuum Electromechanics 

6.728 Applied Quantum and Statistical Physics 

If you are not willing to spend the few years understanding all this,
you can accept that it is not possible and FUD/snake-oil. I know that it
is not possible as I have both a degree in Nuclear science and chemistry
(amongst others). At the moment I am also in my final stages of a
Masters degree in statistics. 

What you are missing is that there is no means. This is a great sell to
those without years in a University in a science or engineering
department, but it is not feasible.

Your analogy is unrelated. The density of an electromagnetic field is
not the same argument. In your analogy it is someone who is arguing the
laws of physics incorrectly. The drive analogy is an argument that
purple flying unicorns exist. Possible - it is a large universe, but
current scientific knowledge stands until proven otherwise.

Regards,

Dr Craig Wright

PS. Wireless speeds will reach a logical limit, based on the wavelength
of the photons used in the transmission and a number of other factors.
We are just a factor of 10^11 or time under that as we stand at the
moment. Then of course you could have mutlple send/recieve channels. 




Craig Wright
Manager of Information Systems

Direct : +61 2 9286 5497
Craig.Wright () bdo com au
+61 417 683 914

BDO Kendalls (NSW)
Level 19, 2 Market Street Sydney NSW 2000
GPO BOX 2551 Sydney NSW 2001
Fax +61 2 9993 9497
www.bdo.com.au

Liability limited by a scheme approved under Professional Standards
Legislation in respect of matters arising within those States and
Territories of Australia where such legislation exists.

The information in this email and any attachments is confidential.  If
you are not the named addressee you must not read, print, copy,
distribute, or use in any way this transmission or any information it
contains.  If you have received this message in error, please notify the
sender by return email, destroy all copies and delete it from your
system. 

Any views expressed in this message are those of the individual sender
and not necessarily endorsed by BDO Kendalls.  You may not rely on this
message as advice unless subsequently confirmed by fax or letter signed
by a Partner or Director of BDO Kendalls.  It is your responsibility to
scan this communication and any files attached for computer viruses and
other defects.  BDO Kendalls does not accept liability for any loss or
damage however caused which may result from this communication or any
files attached.  A full version of the BDO Kendalls disclaimer, and our
Privacy statement, can be found on the BDO Kendalls website at
http://www.bdo.com.au or by emailing administrator () bdo com au.

BDO Kendalls is a national association of separate partnerships and
entities.

________________________________


From: listbounce () securityfocus com on behalf of William Holmberg
Sent: Fri 14/09/2007 12:25 AM
To: Craig Wright; gjgowey () tmo blackberry net; Ansgar -59cobalt-
Wiechers; listbounce () securityfocus com;
security-basics () securityfocus com
Subject: RE: Advice regarding servers and Wiping Drives after testing



Craig,
I was skeptical as well, but to be clear, nobody said anything about
time stamping. Time IS a factor, as magnetic fields not re-energized are
subject to fading over time, as you yourself point out with your comment
about magnetic decay. Also, when a drive is written to, then over
written, the most recent write is the strongest signature available to
the heads. Therefore it is theoretically possible to neutralize the last
write, but only IF the head can be placed almost exactly over write
spot- something that is not- if I understand current technology-
currently possible.

If I understood the gentleman correctly he is stating they have a way to

1) Directly control both the movement and the placement of the head
2) Directly control the voltages supplied with either + or - values
3) Correctly read precisely where and what was placed on the sector
4) Do comparative value matching of signature strength and log it to a
file
5) Reconstruct possible data writes based upon those findings, rating
each write found on each sector based upon it's strength/legibility and
reconstruct each probable combination (not possible combinations which
would be random) based upon a best matching scenario of the strength of
the write
6) rewrite precisely over the last write with an inversely phased 1 or
0, rendering the last write moot
7) Pick up the next strongest signal left on that sector as the probably
overwritten data

Keep in mind I am just trying to convey why he was so excited and what
(I think) he was saying.

That being said I do have my doubts, however, EVERYTHING is impossible,
until it is not.
I am reminded of a network engineer who once told me that faster speeds
to the home over existing copper infrastructure was impossible without
recabling... then came DSL. He also said the wireless speeds would reach
a logical limit because you can't upgrade the medium (air). But now we
have seen .11G and N since then...

-Bill

-----Original Message-----
From: Craig Wright [mailto:Craig.Wright () bdo com au]
Sent: Wednesday, September 12, 2007 5:07 PM
To: William Holmberg; gjgowey () tmo blackberry net; Ansgar -59cobalt-
Wiechers; listbounce () securityfocus com;
security-basics () securityfocus com
Subject: RE: Advice regarding servers and Wiping Drives after testing

Snake-oil BS and FUD.

Magnetic signatures are not time-stamped. There is no unerase
capability.

What people seem to think is that a digital write is a digital
operation. This is a fallacy. Drive writes are analogue. They have a
probabilistic output. It is unlikely that an individual write will be a
+1.00000 [1]. Rather - there is a set range. There is a normative
confidence interval that the bit will be in.

What this means is that there is generally a 95% likelihood that the +1
will exist in the range of (0.95, 1.05) there is then a 99% likelihood
that it will exist in the range (0.90, 1.10) for instance. This leaves a
negligible probability (1 bit in every 100,000 billion or so) that the
actual potential will be less than 60% of the full +1 value. This error
is the non-recoverable error rating of the drive for a single write.

As a result, there is no difference to the drive of a 0.90 or 1.10
factor of the magnetic potential. What this means is that due to
temperature fluctuations, humidity, etc the value will vary on EACH
write.

There is no way to determine if a 1.06 is due to a prior write or a
temperature fluctuation.

On top of this the issue of magnetic decay will come into play. This
further skews the results.

Snake oil is used to sell product. Do not just use product XXXX, buy may
patented wipe tech. All others are no good. Only XXXX will save you...

Unfortunately, urban legend and FUD seems to trump science as:
1       Too few people have any scientific training and
statistical/engineering knowledge
2       People are gullible and like a good story.

Try reading papers on sites such as the IEEE. Scientific papers (real
peer reviewed ones from respectable journals) have far more value than a
Wiki or a google search.

Regards,
Craig

[1] Using a factor of the drives magnetic density that relates to a +1
bit pattern for simplicity.



Craig Wright
Manager of Information Systems

Direct : +61 2 9286 5497
Craig.Wright () bdo com au
+61 417 683 914

BDO Kendalls (NSW)
Level 19, 2 Market Street Sydney NSW 2000
GPO BOX 2551 Sydney NSW 2001
Fax +61 2 9993 9497
www.bdo.com.au

Liability limited by a scheme approved under Professional Standards
Legislation in respect of matters arising within those States and
Territories of Australia where such legislation exists.

The information in this email and any attachments is confidential.  If
you are not the named addressee you must not read, print, copy,
distribute, or use in any way this transmission or any information it
contains.  If you have received this message in error, please notify the
sender by return email, destroy all copies and delete it from your
system.

Any views expressed in this message are those of the individual sender
and not necessarily endorsed by BDO Kendalls.  You may not rely on this
message as advice unless subsequently confirmed by fax or letter signed
by a Partner or Director of BDO Kendalls.  It is your responsibility to
scan this communication and any files attached for computer viruses and
other defects.  BDO Kendalls does not accept liability for any loss or
damage however caused which may result from this communication or any
files attached.  A full version of the BDO Kendalls disclaimer, and our
Privacy statement, can be found on the BDO Kendalls website at
http://www.bdo.com.au or by emailing administrator () bdo com au.

BDO Kendalls is a national association of separate partnerships and
entities.

-----Original Message-----

From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of William Holmberg
Sent: Thursday, 13 September 2007 5:30 AM
To: gjgowey () tmo blackberry net; Ansgar -59cobalt- Wiechers;
listbounce () securityfocus com; security-basics () securityfocus com
Subject: RE: Advice regarding servers and Wiping Drives after testing

Hi Robert,

It is interesting that you point this out. One of the people in our
local chapter told me there was a company or group of electronics people
working on a "Drive level" SATA "Adapter" (for lack of a better word I
guess) that would read the "top level" magnetic layer generated by the
head on a particular sector, and exactly measure it's intensity, then
generate an "inverse field" (not my words) which would effectively
nullify that overwrite, leaving the last write before that one plainly
readable (with some variables). He said it was an exciting prospect
because since the head that last wrote the 1 or 0 was the one that
"erased" it, it worked to a point of surprising the design team with
it's ability to accurately reconstruct data overwritten.

How much of that was hearsay, fabrication, or wishful thinking, I don't
know. He compared it to military sound suppression devices for
helicopters, which (if you didn't know) can sample the exact frequency
generated by the rotors and moving parts and generate an inverse
frequency, out of phase with the original, through powerful Horn Drivers
mounted under the rotors. The effect in sound engineering is a precisely
controlled "OOP" (Out OF Phase) situation. You can experience it to a
lesser degree very simply with your home stereo speaker. Simply exchange
one of the speakers Red and Black connectors. The phase cancellation
that occurs makes it very difficult to hear certain frequencies
(depending upon that particular speakers dynamic range and other boring
items) and in some cases can almost entirely cancel out each other
across many frequencies.

Note: If you do this, do not turn it up too loud, because the other
effect is that the speakers will be pulling "IN" when they should be
pushing "Out", and the Coils can get damaged by bottoming out and
inverse clipping. Horns should be unaffected however.

Thanks for all the stimulating conversation on this, as well as the
fascinating reading materials.

-Bill

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of gjgowey () tmo blackberry net
Sent: Wednesday, September 12, 2007 12:52 PM
To: Ansgar -59cobalt- Wiechers; listbounce () securityfocus com;
security-basics () securityfocus com
Subject: Re: Advice regarding servers and Wiping Drives after testing

What you're forgetting is that these pieces of software aren't you
normal "access the hdd through regular os calls". These pieces of
software are sending low level commands to the drive its self an
interpreting what's sent back instead of relying on a middle layer.
They can literally have the head scan a particular sector as many times
as is needed until it gets a signal back that resembles something
useable.  Writing all 0's will never prevent against software recovery
because the all 0's approach is like recording over a used VCR tape
once.

Geoff

Sent from my BlackBerry wireless handheld.

-----Original Message-----
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>

Date: Wed, 12 Sep 2007 12:48:42
To:security-basics () securityfocus com
Subject: Re: Advice regarding servers and Wiping Drives after testing


On 2007-09-11 William Holmberg wrote:
> On Tuesday, September 04, 2007 1:03 PM Ansgar -59cobalt- Wiechers
wrote:
> > On 2007-09-01 gjgowey () tmo blackberry net wrote:
> > > A since pass with all zero's really won't protect your data from
> > > being recovered by more advanced data recovery software let alone
> > > alone hardware.
> >
> > I'd like to see a single case where someone was able to recover data
> > from an overwritten harddisk, even after a single pass with zeroes.
>
> No doubt you are an intelligent and well educated person in these
> fields, and probably have many areas of expertise more proficient than
> mine. I do have to state however, and nearly any Infragard member can
> tell you, the FBI uses tools that accomplish this on a regular basis.
> I have no doubt other agencies do as well. We have had demonstrations
> of it remotely in a class I help instruct, SAFE computing for Law
> Enforcement and Non-Profits (SAFE is Security And Forensic Education)
> at Metro State University of Minnesota, MCTC campus.

Demonstrations of recovering data from fully overwritten media, without
opening the case? Sorry, but I seriously doubt that. Feel free to prove
me wrong, but without evidence I find that really hard to believe. Keep
in mind we're not talking about wiping single files, but overwriting the
entire media.

Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq