Penetration Testing mailing list archives

Re: Pen - Test technique: Shred diving

From: William Knowles <erehwon () c4i org>
Date: Fri, 4 Jan 2002 06:17:11 -0600 (CST)

Pre-shred bins are great, one that has worked a few times in small
office buildings is getting the staff to use color coordinated garbage
bags, a little memo from what looks to be from building management
gets pretty fast compliance from the renters and makes the dumpster
diving a little easier than raiding all the dark garbage bags at once.

Cheers!

William Knowles
erehwon () c4i org


On Thu, 3 Jan 2002, R. DuFresne wrote:

even better, saving lots of time the 'pre-shred' bins, those waste
disposal bins where whole sheets are dummped for later shredding,
seldom locked, and very exposed, especially at night, when staff
is low in count.

On Thu, 3 Jan 2002, Mike Shaw wrote:

Don't know if this will pass list muster, but I just had a great time in a 
client company's shredder bin.

This was a very inadequate shredder, very wide 'noodles' and no 
cross-shredding.  I've always disregarded the shredder bin because I 
thought it'd be too much trouble, but this is definitely not the case.

I was able to reconstruct a page of text in about 20 minutes.  This 
particular page was not very useful, but it proved the point.




*====================================================================*
"Communications are the nervous system of the entire SAC organization, 
and their protection is therefore, of the greatest importance. I like 
to say that without communications, all I control is my desk, and that 
is not a very lethal weapon."      ---      General T.S. Power U.S.A.F
----------------------------------------------------------------------
erehwon () c4i org     PGP Key on request     http://www.c4i.org/erehwon/
*====================================================================*




----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Pen - Test technique: Shred diving Mike Shaw (Jan 03)
- Re: Pen - Test technique: Shred diving R. DuFresne (Jan 03)
  - Re: Pen - Test technique: Shred diving William Knowles (Jan 04)
- Re: Pen - Test technique: Shred diving Rainer Duffner (Jan 04)