Re: (update) UT: U. patient records recovered

["TS Glassey" <tglassey () earthlink net>]

Folks - a tape is a 100% passive reading system. The processes which would 
have watermarked this for each use actually have to write on the tape's 
header or in other locations. And gee whiz,  depending on what type of tape 
this was, that simply may not be possible.

If it is a random access tape then this might work, but say its a streaming 
media cartridge. All that the hosting system gets is the cartridge's serial 
number so it really cannot tell how many times a tape was used.

The system Michael talks about below is part of an integrated volume 
management system which most OS's don't have. If this tape or tape cartridge 
(which is much more likely) was just copied from say a Unix system with DUMP 
or just DD there would be no record created on the media what so ever.

Todd Glassey CISM CIFI

----- Original Message ----- 
From: "Al Mac Wheel" <macwheel99 () wowway com>
To: "Michael Hill, CITRMS" <mhill () idtexperts com>; <dataloss () attrition org>
Sent: Thursday, July 03, 2008 6:01 AM
Subject: Re: [Dataloss] (update) UT: U. patient records recovered


> , Michael Hill, CITRMS wrote:
>
> <snip>
>
>
> > >    Before this afternoon's news conference, attorney Scot Boyd, who is
> > > representing 11 plaintiffs and potentially "hundreds" more in that
> > > lawsuit, couldn't say whether the recovery of the tapes would nullify 
> > > the
> > > lawsuit. But in court filings, he wrote that it wouldn't, noting the
> > > thieves could copy the information and return the original tapes.
> >
> > Can you detect whether a tape has been copied?  Can any techies out there
> > answer that?
>
> On IBM OS, you can get statistics on backup media # of usages & estimated 
> life.
> For example: this media is rated for 1 million usages, and so far it has
> had XX,XXX usages.  I do not know how accurate it is, I have not used it
> for this purpose.  The act of accessing the media to get the latest count,
> that is also a usage.
>
> How I have used it for backup media ... I have a mountain of backup media
> used in rotation.  From time to time some wear out.  I can use this to 
> warn
> me that some media is approaching the end of its useful life span.
>
> Usages includes reading in a copy to any other media, or upload to some
> computer system.  Depending on how the data on the media is organized, you
> can also get at the # usages of various files, libraries, records
> etc.  With backup media, they should all be consistent with ... save /
> verify / restore, except where you know you used that media to restore a
> small volume of problem areas.
>
> A problem with the latter could be that it is a feature of the IBM OS that
> any time stuff is accessed using that OS, certain aspects of the
> description of the objects are incremented by the usage count, but suppose
> the media is accessed by some other OS, that does not have that same
> security feature standard, or suppose the crooks have the geek skills to
> mess with the OS wherever they are operating, to circumvent or turn off
> some of the stuff the OS normally does.
>
> <snip>
>
> Al Macintyre
> i/geek
> Programmer etc. on IBM Midrange platforms
>
>
> _______________________________________________
> Dataloss Mailing List (dataloss () attrition org)
> http://attrition.org/dataloss
>
> Tenable Network Security offers data leakage and compliance monitoring
> solutions for large and small networks. Scan your network and monitor your
> traffic to find the data needing protection before it leaks out!
> http://www.tenablesecurity.com/products/compliance.shtml


--------------------------------------------------------------------------------



No virus found in this incoming message.
Checked by AVG.
Version: 8.0.134 / Virus Database: 270.4.3/1529 - Release Date: 7/1/2008 
7:23 PM

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml