Re: Fash cards sanitization from Nokia Symbian and WM5/6

[gjgowey () tmo blackberry net]

Fouo and below is what you're referencing.  That's a universal policy for anything that's connected to niprnet (the 
internet).  Siprnet is where all the classified stuff goes through and that is an entirely separate, segregated network 
(dism)  that has computers that are not dual-connected on it and the connections are all encrypted.  Depending on the 
installation, unit, etc. there maybe one system with siprnet access or there may be none.

Geoff
 


Sent from my BlackBerry wireless handheld.

-----Original Message-----
From: Ryan Chow <rynchow () gmail com>

Date: Sat, 29 Sep 2007 08:43:55 
To:"gjgowey () tmo blackberry net" <gjgowey () tmo blackberry net>
Cc:Luis Lopez Sanchez <luis.lopez () atosorigin com>,"listbounce () securityfocus com" <listbounce () securityfocus 
com>,"security-basics () lists securityfocus com" <security-basics () lists securityfocus com>
Subject: Re: Fash cards sanitization from Nokia Symbian and WM5/6


In the case of blackberries it should be noted that only the lowest  
security classified information is allowed to be accessed. This is the  
case in Australia for government use. For that level of assurance the  
blackberry provides sufficent data security.

The best advice i have would be to contact the manufacturer and ask  
what their internal wiping process does unless you have access to your  
own facilities to conduct this type of evaluation.  And then run this  
process many times to achieve a wipe.

- ryan,

Sent from my iPhone.

On Sep 29, 2007, at 7:53 AM, gjgowey () tmo blackberry net wrote:

> Be careful.  If it's a GSM phone it might not be storing messages  
> and all other info necessarilly to the card.  My blackberry here  
> stores to internal device memory by default and not the card.  I  
> guess that's so if I do a reset the info is definitely destroyed  
> (btw- blackberry's are used by DoD so I think that's enough  
> assurance for me that this device is sufficiently secure in its data  
> protection).
>
> Geoff
>
> Sent from my BlackBerry wireless handheld.
>
> -----Original Message-----
> From: Ryan Chow <rynchow () gmail com>
>
> Date: Sat, 29 Sep 2007 07:46:31
> To:Luis Lopez Sanchez <luis.lopez () atosorigin com>
> Cc:"gjgowey () tmo blackberry net" <gjgowey () tmo blackberry net>,"listbounce () securityfocus com 
> " <listbounce () securityfocus com>,"security-basics () lists securityfocus com 
> " <security-basics () lists securityfocus com>
> Subject: Re: Fash cards sanitization from Nokia Symbian and WM5/6
>
>
> Hello,
>
> From what I understand you are looking for a software application on
> a WM5/6 and Symbian mobile device that wipes external flash memory
> attached to the device?
>
> When looking for products with this type of functionality I always
> have a look at the Common Criteria Portal to ensure that the product
> has been through an evaluation process and is suitable for government
> use.
>
> If the data is sensitive why not destroy it as you can just remove the
> flash card.
>
> - ryan,
>
> Sent from my iPhone.
>
> On Sep 28, 2007, at 6:52 PM, Luis Lopez Sanchez <luis.lopez () atosorigin com
> > wrote:
>
> > Hi Geoff,
> >
> > Thank you very much for clarify me this matter, I'm not very
> > familiarized with solid state memories yet, until now I've been
> > working with hard disks sanitization only ... But I can understand
> > your explanation and their physical considerations.
> >
> > Please, let me drop the question again, I would need some tool for
> > WM5/6 and Symbian to carry out a DoD wiping for external flash ...
> > Do you know anyone to use from mobile devices directly? I know that
> > performing a 'Hard Reset' it would get a internal flash wipe but how
> > I can wipe securely the external flash from the itself mobile device.
> >
> > Thanks in advance,
> >
> > Regards,
> >
> > --
> > Luislo
> > http://luislo.blogspot.com
> >
> > "I speak for myself not Atos Origin"
> >
> > > -----Original Message-----
> > > From: gjgowey () tmo blackberry net [mailto:gjgowey () tmo blackberry net]
> > > Sent: jueves, 27 de septiembre de 2007 19:11
> > > To: Luis Lopez Sanchez; listbounce () securityfocus com;
> > > security-basics () lists securityfocus com
> > > Subject: Re: Fash cards sanitization from Nokia Symbian and WM5/6
> > >
> > > Why would you need gutman to sanitize a flash card?  Gutman
> > > is written specifically for taking the inaccuracies of
> > > writing to magnetic media into account.  Flash cards don't
> > > suffer from those problems and all you're likely to do is
> > > make them burn out faster.  I wouldn't do anything more than
> > > a regular dod wipe on flash cards and even that is overkill.
> > >
> > > Geoff
> > >
> > > Sent from my BlackBerry wireless handheld.
> > >
> > > -----Original Message-----
> > > From: Luis Lopez Sanchez <luis.lopez () atosorigin com>
> > >
> > > Date: Thu, 27 Sep 2007 18:19:23
> > > To:security-basics () lists securityfocus com
> > > Subject: Fash cards sanitization from Nokia Symbian and WM5/6
> > >
> > >
> > > Hi All,
> > >
> > > I wonder if exist some application to write different
> > > sanitization patterns to removable flash cards (such as SD
> > > cards) for to use from the mobile device itself, no using PC
> > > or other computers with flash cards reader. I have been
> > > googling sometimes for this recurrent matter with no successful.
> > >
> > > I'd like to know if somebody know some app to apply the
> > > Guttman method (yeah! Of course, I know this is a any
> > > obsolete method but to me it would be enough to start) to SD
> > > and micro-SD flash cards from Windows Mobile 5/6 and Nokia w/
> > > Symbian 80 3rd ed. based hardware platforms (such as HTC/QTEK
> > > for WM and N*/E* Nokia Series). I am searching for a system
> > > to wipe or sanitize flash cards directly from the two mobile
> > > operating systems based platforms. From a PC with a simple
> > > flash reader reader all is easy, but from a mobile device is
> > > not so much... ¿Any idea?
> > >
> > >
> > > PS: I think that something like 'dd' GNU tool for WM or
> > > Symbian could be useful as a first approach, but I haven't
> > > time to port it (and I don't know if I would be able to carry
> > > out it!).
> > >
> > > Many thanks in advance.
> > >
> > > Best Regards,
> > >
> > > --
> > > Luislo
> > > http://luislo.blogspot.com
> > >
> > > "I speak for myself not Atos Origin"
> > >
> > > ------------------------------------------------------------------
> > > This e-mail and the documents attached are confidential and
> > > intended solely
> > > for the addressee; it may also be privileged. If you receive
> > > this e-mail
> > > in error, please notify the sender immediately and destroy it.
> > > As its integrity cannot be secured on the Internet, the Atos
> > > Origin group
> > > liability cannot be triggered for the message content. Although the
> > > sender endeavours to maintain a computer virus-free network,
> > > the sender does
> > > not warrant that this transmission is virus-free and will not
> > > be liable for
> > > any damages resulting from any virus transmitted.
> > >
> > > Este mensaje y los ficheros adjuntos pueden contener informacion
> > > confidencial destinada solamente a la(s) persona(s) mencionadas
> > > anteriormente. Pueden estar protegidos por secreto
> > > profesional Si usted
> > > recibe este correo electronico por error, gracias de informar
> > > inmediatamente
> > > al remitente y destruir el mensaje.
> > > Al no estar asegurada la integridad de este mensaje sobre la red,
> > > Atos
> > > Origin no se hace responsable por su contenido. Su contenido
> > > no constituye
> > > ningun compromiso para el grupo Atos Origin, salvo
> > > ratificacion escrita por
> > > ambas partes.
> > > Aunque se esfuerza al maximo por mantener su red libre de
> > > virus, el emisor
> > > no puede garantizar nada al respecto y no sera responsable de
> > > cualesquiera
> > > danos que puedan resultar de una transmision de virus
> > > ------------------------------------------------------------------
> >
> > ------------------------------------------------------------------
> > This e-mail and the documents attached are confidential and intended
> > solely
> > for the addressee; it may also be privileged. If you receive this e-
> > mail
> > in error, please notify the sender immediately and destroy it.
> > As its integrity cannot be secured on the Internet, the Atos Origin
> > group
> > liability cannot be triggered for the message content. Although the
> > sender endeavours to maintain a computer virus-free network, the
> > sender does
> > not warrant that this transmission is virus-free and will not be
> > liable for
> > any damages resulting from any virus transmitted.
> >
> > Este mensaje y los ficheros adjuntos pueden contener informacion
> > confidencial destinada solamente a la(s) persona(s) mencionadas
> > anteriormente. Pueden estar protegidos por secreto profesional Si
> > usted
> > recibe este correo electronico por error, gracias de informar
> > inmediatamente
> > al remitente y destruir el mensaje.
> > Al no estar asegurada la integridad de este mensaje sobre la red,  
> > Atos
> > Origin no se hace responsable por su contenido. Su contenido no
> > constituye
> > ningun compromiso para el grupo Atos Origin, salvo ratificacion
> > escrita por
> > ambas partes.
> > Aunque se esfuerza al maximo por mantener su red libre de virus, el
> > emisor
> > no puede garantizar nada al respecto y no sera responsable de
> > cualesquiera
> > danos que puedan resultar de una transmision de virus
> > ------------------------------------------------------------------