Full Disclosure mailing list archives

Re: Secure Delete for Windows

From: bkfsec <bkfsec () sdf lonestar org>
Date: Wed, 18 Jan 2006 15:09:28 -0500

J.A. Terranson wrote:



(1) I do have something "useful to say".  The exact same thing every other
security conscious person is saying:

No source?  An exe?  Baaaaaddddd newwwwwssssss....

Publicly released "tools" are only safely released through open source
(or, "full disclosure" if you prefer).  Without source, it's you who
should be taking a turn at stfu.

I'm going to back up the general point of J.A.'s statement.

People who don't care about security and could care less abouttransparency don't, by and large, use "file shredders". A handful ofparanoid users might, but I think that these people are few and farbetween. Ensuring that files are deleted represents a willfulnessamongst the user to be detailed (or paranoid, perhaps, depending ontheir motives and intentions).As such, I think that the same kinds of people who might be interestedin a tool like this would be interested in reviewing the source code,for two reasons:


         - Verification that the code is not a trojan.

- Ensuring that the methods used in the secure deletionutility are sound. (Which is perhaps more important for thedetail-oriented.)

In the end, it's easy to see the value of transparency, particularly ina product like this. There really is no sound argument forproprietization anymore. Code is so heavily commoditized that mostprograms are reinventions of older concepts. That isn't to say thatthere isn't some innovation going on, but the reality is that the onlyargument that can be used for proprietization is profit, and that's anargument that has been getting progressively less enticing as morecommoditization occurs and as more code projects are shipped off tooffshore workshops, the draw of proprietization is decreased - I wouldeven say antiquated. Interestingly, people continue to proprietizecode even in the face of that. I guess that that green aura is somewhatblinding. :)


(Not flaming anyone, just making some observations.)

               -bkfsec


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Secure Delete for Windows, (continued)
- Re: Secure Delete for Windows J.A. Terranson (Jan 16)
  - Re: Secure Delete for Windows Valdis . Kletnieks (Jan 16)
  - Re: Secure Delete for Windows Jason Coombs (Jan 17)
    - Re: Secure Delete for Windows J.A. Terranson (Jan 17)
  - Re: Secure Delete for Windows GroundZero Security (Jan 17)
  - Re: Secure Delete for Windows Michael Holstein (Jan 17)
    - Re: Secure Delete for Windows GroundZero Security (Jan 17)
    - Re: Secure Delete for Windows Valdis . Kletnieks (Jan 17)
    - Re: Secure Delete for Windows greybrimstone (Jan 17)
  - Message not available
    - Re: Secure Delete for Windows J.A. Terranson (Jan 17)
    - Re: Secure Delete for Windows bkfsec (Jan 18)
- Re: Secure Delete for Windows virus (Jan 16)
  - Re: Secure Delete for Windows GroundZero Security (Jan 17)
    - Re: Secure Delete for Windows Yvan Boily (Jan 17)
    - PC Firewall Choices Steven (Jan 17)
    - Re: PC Firewall Choices Morning Wood (Jan 17)
    - Re: PC Firewall Choices Nic Werner (Jan 17)
    - RE: PC Firewall Choices Greg (Jan 17)
    - Re: PC Firewall Choices Nic Werner (Jan 17)
    - RE: PC Firewall Choices Greg (Jan 17)
    - Re: PC Firewall Choices Dave Korn (Jan 19)

(Thread continues...)