Re: (update) UT: U. patient records recovered

["TS Glassey" <tglassey () earthlink net>]

You mean the User ID of the File/Tape Owner didn't exist on your system - 
yeah this happens on many systems still. But hey - my point was that if you 
were trying to stop someone who knew what they were doing, the claims made 
by the Newspaper in response to their article are simply wrong IMHO.


Todd
----- Original Message ----- 
From: "Al Mac Wheel" <macwheel99 () wowway com>
To: "TS Glassey" <tglassey () earthlink net>; "Michael Hill, CITRMS" 
<mhill () idtexperts com>; <dataloss () attrition org>
Sent: Thursday, July 03, 2008 7:33 AM
Subject: Re: [Dataloss] (update) UT: U. patient records recovered


> I agree, but it is also OS dependent what can be done, since different OS
> have different features for media support.
> Plus the market can demand something better.  Look at the growth in
> encrypted backup support.
>
> I once got a tape which my OS refused to load.
> "This tape was created by PACIFIC, who is not a user on your system."
> Since I had security officer access, I created user PACIFIC on our system,
> and was able to load the tape.
> With IBM media, it is an issue of who owns the data, and who has what
> access privileges.  User PACIFIC has access privileges.  No other IBM OS
> will accept that data unless that computer system has a user by that name.
>
> The # of usages XX,XXX I believe is related to looking at the magnetics of
> the media & doing an estimate from the wear, which is why I say I do not
> believe the accuracy is good enough for this purpose.  If it was, the
> backup log would record # usages, the restore log would record #, we would
> get an error message if difference is unexpected.
>
> There is a heck of a lot more on the volume than the serial #.  Right now
> with IBM OS there's a date component ... "You are restoring from backup
> made 6/22 ... your most recent backup was 7/2" in other words it 
> recognizes
> that we are not restoring from the latest backup media.
>
> > Folks - a tape is a 100% passive reading system. The processes which would
> > have watermarked this for each use actually have to write on the tape's
> > header or in other locations. And gee whiz,  depending on what type of
> > tape this was, that simply may not be possible.
> >
> > If it is a random access tape then this might work, but say its a
> > streaming media cartridge. All that the hosting system gets is the
> > cartridge's serial number so it really cannot tell how many times a tape
> > was used.
> >
> > The system Michael talks about below is part of an integrated volume
> > management system which most OS's don't have. If this tape or tape
> > cartridge (which is much more likely) was just copied from say a Unix
> > system with DUMP or just DD there would be no record created on the media
> > what so ever.
> >
> > Todd Glassey CISM CIFI
> >
> > ----- Original Message ----- From: "Al Mac Wheel" <macwheel99 () wowway com>
> > To: "Michael Hill, CITRMS" <mhill () idtexperts com>; 
> > <dataloss () attrition org>
> > Sent: Thursday, July 03, 2008 6:01 AM
> > Subject: Re: [Dataloss] (update) UT: U. patient records recovered
> >
> >
> > > , Michael Hill, CITRMS wrote:
> > >
> > > <snip>
> > >
> > >
> > > > >    Before this afternoon's news conference, attorney Scot Boyd, who 
> > > > > is
> > > > > representing 11 plaintiffs and potentially "hundreds" more in that
> > > > > lawsuit, couldn't say whether the recovery of the tapes would
> > > > nullify > the
> > > > > lawsuit. But in court filings, he wrote that it wouldn't, noting the
> > > > > thieves could copy the information and return the original tapes.
> > > >
> > > > Can you detect whether a tape has been copied?  Can any techies out 
> > > > there
> > > > answer that?
> > >
> > > On IBM OS, you can get statistics on backup media # of usages & estimated
> > > life.
> > > For example: this media is rated for 1 million usages, and so far it has
> > > had XX,XXX usages.  I do not know how accurate it is, I have not used it
> > > for this purpose.  The act of accessing the media to get the latest 
> > > count,
> > > that is also a usage.
> > >
> > > How I have used it for backup media ... I have a mountain of backup media
> > > used in rotation.  From time to time some wear out.  I can use this to 
> > > warn
> > > me that some media is approaching the end of its useful life span.
> > >
> > > Usages includes reading in a copy to any other media, or upload to some
> > > computer system.  Depending on how the data on the media is organized, 
> > > you
> > > can also get at the # usages of various files, libraries, records
> > > etc.  With backup media, they should all be consistent with ... save /
> > > verify / restore, except where you know you used that media to restore a
> > > small volume of problem areas.
> > >
> > > A problem with the latter could be that it is a feature of the IBM OS 
> > > that
> > > any time stuff is accessed using that OS, certain aspects of the
> > > description of the objects are incremented by the usage count, but 
> > > suppose
> > > the media is accessed by some other OS, that does not have that same
> > > security feature standard, or suppose the crooks have the geek skills to
> > > mess with the OS wherever they are operating, to circumvent or turn off
> > > some of the stuff the OS normally does.
> > >
> > > <snip>
> > >
> > > Al Macintyre
> > > i/geek
> > > Programmer etc. on IBM Midrange platforms
> > >
> > >
> > > _______________________________________________
> > > Dataloss Mailing List (dataloss () attrition org)
> > > http://attrition.org/dataloss
> > >
> > > Tenable Network Security offers data leakage and compliance monitoring
> > > solutions for large and small networks. Scan your network and monitor 
> > > your
> > > traffic to find the data needing protection before it leaks out!
> > > http://www.tenablesecurity.com/products/compliance.shtml
> >
> >
> > --------------------------------------------------------------------------------
> >
> >
> >
> > No virus found in this incoming message.
> > Checked by AVG.
> > Version: 8.0.134 / Virus Database: 270.4.3/1529 - Release Date: 7/1/2008
> > 7:23 PM


--------------------------------------------------------------------------------



No virus found in this incoming message.
Checked by AVG.
Version: 8.0.134 / Virus Database: 270.4.3/1529 - Release Date: 7/1/2008 
7:23 PM

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml