Penetration Testing mailing list archives
Re: RE: Wiping Solaris Servers
From: cwright () bdosyd com au
Date: 17 Sep 2007 19:35:12 -0000
It always surprises me. Security should be rational and quelling fear. We should be the ones with the calm heads, who verify rumours and innuendo. Yet this is not the case. Here we are leading with FUD. First, an intro to materials science for drive platters. Glass is a liquid as hard as it may seem to some of you. It has an incredibly high viscosity but it does flow. What this means is that it is not used in drives. Rather, glass crystal is. This has a large number of shear planes. Think of it like your car windows. It will not break nicely. It will not be reconstructed if it breaks. The film amalgam on the platter will also not maintain its magnetic field on the platter breaking. The shear stresses change the field density. With the configurations today, they may not always break thus it is a good idea to see them. You can not control where and how they hit, but the chances are good that they will break. Opening it is still better it is guaranteed. Next wiping. There is not any great new tech to un-wipe drives. There is nothing short of a slow and erroneous reconstruction bit by bit by bit, over years using very slow and very inaccurate techniques. The issue with wiping is it able to be un-wiped as this is just an urban legend, but was it done correctly and was ALL the drive wiped (Linux dd misses a sector for instance). So basically, there is no magic un-wipe tech. There is no reconstruction tech. Unless Star Trek was right and in the next 50 years or so life as we know it changes due to interstellar travel etc, there is nothing coming to do this. Regards, Craig -----Original Message----- Bill, I know your task may be fun and have good intentions, but unless you opened the drive and verified that the platters are destroyed to the point where nobody can put it back together, then you are just doing the same thing as someone who formats a drive.
From an audit point of view, I think they would have the same question.
With Sarbox and other audit requirements, I have to provide proof that the task was completed. <<got the wrong person before>> Robert works for the govt. I am sure he can tell you that per dod and audit standards, he will not be allowed to just drop a drive on the pavement and not verify that it was destroyed. Anyway.. as I mentioned before, the Solaris format/purge command is free and does do the job. (I think it also follows dod standards) -----Original Message----- From: Bill Stout [mailto:billbrietstout () yahoo com] Sent: Monday, September 17, 2007 12:39 PM To: Levenglick, Jeff; Holstein, Robert - BLS CTR; pen-test () securityfocus com Subject: Re: Wiping Solaris Servers I think pebbles of glass are equivalent to shredding, especially for a commercial environment. Slamming a hard drive against pavement does meet the "so easy a monkey could perform the task" requirement. Plus it's fun. What I was inferring to was the value of the hard drives themselves, and if they needed to be included with the system. It's faster and easier to verify a physically destroyed disk or just not ship it, than trust that a warehouse monkey run through a boot/wipe/verify process. Does the warehouse have the right power connector? Do they have the right keyboard and monitor? Is the system complete or have all the parts needed to wipe the disk? Near-future or existing unknown recovery techniques might be able to recover from wiped disks. For example, recorded encrypted conversations from 10 years ago (and newer) are easily decrypted these days, and back then the decryption techniques of the day were thought to take up to 30years. Bill Stout ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: Wiping Solaris Servers, (continued)
- Re: Wiping Solaris Servers C. Bergström (Sep 13)
- Re: Wiping Solaris Servers Adrian Sanabria (Sep 13)
- Re: Wiping Solaris Servers Mister Coffee (Sep 19)
- Re: Wiping Solaris Servers Bill Stout (Sep 14)
- Re: Wiping Solaris Servers Bill Stout (Sep 17)
- RE: Wiping Solaris Servers Levenglick, Jeff (Sep 17)
- RE: Wiping Solaris Servers MILES John M (LC) (Sep 17)
- RE: Wiping Solaris Servers Levenglick, Jeff (Sep 17)
- RE: Wiping Solaris Servers Roten, Charles D. (Sep 17)
- RE: Wiping Solaris Servers alan (Sep 17)