Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Quick Survey: How do you "dispose" of outbound harddrives??

From: Michael Schalip <mschalip () CNM EDU>
Date: Tue, 28 Sep 2010 19:18:08 +0000
Still sounds much more cost effective to apply the Sledg-O-Matic (or Drill-O-Matic) and move on....

M
Sent via BlackBerry from T-Mobile

-----Original Message-----
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Sender: The EDUCAUSE Security Constituent Group Listserv
        <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Tue, 28 Sep 2010 12:32:01 
To: SECURITY () LISTSERV EDUCAUSE EDU<SECURITY () LISTSERV EDUCAUSE EDU>
Reply-To: The EDUCAUSE Security Constituent Group Listserv
        <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Quick Survey: How do you "dispose" of outbound hard
 drives??

On Tue, 28 Sep 2010 08:54:53 CDT, "Doty, Timothy T." said:


Still, for anyone using DBAN it is IMO worth considering wiping with the ATA
secure erase command where possible. The drive I wiped had ~3600 reallocated
sectors (and was still "good" according to SMART) which represents ~1.8MB of
data DBAN would not have erased.


Something to keep in mind is that usually a drive won't reallocate a sector
unless it encounters a write error - which means that physical block probably
has a physical defect, and almost certainly will return a read error due to the
aborted (and now short) write - and that's *if* you can convince the drive to
read from the previous location of a reallocated block.  As a result, those
blocks are not going to be uncovered by any sort of normal user-level snooping
on the drive - in fact, it's going to take some heavy duty diagnostics simply
to convince the drive to try to read the old block and not the reallocated
location. (On most drives, it will be a challenge to even get the list of
relocated blocks - SMART data usually only includes the total number
of reallocated blocks).

Still, I guess some sites might have "people will take apparently zero'ed
disk drives and send them off to data recovery shops at $2K+ a pop hoping
that something valuable will be recoverable off the relocated blocks that
probably have physical defects which will prohibit recovery".

For the record - the wording in DOD 5220-22M regarding sanitizing drives:

"Non-Removable Rigid Disks" or hard drives must be sanitized for reuse by
overwriting all addressable locations with a character, its complement, then a
random character and verify."

Remapped blocks are no longer addressable locations, and thus aren't covered.
If the DoD isn't worried about national secrets leaking out on the bad blocks,
I'm not going to lose sleep over it either...
Previous By Date Next
Previous By Thread Next

Current thread: