Educational CyberPlayGround ®☰ Menu

HOW TO ERASE THE HARD DRIVE OR RECOVER INFORMATION

You can delete the contents of your server using the exact same thing Hilliary Clinton used called BleachBit which was also something Edward Snowden recommended to Congress.

How to Delete Secret Emails from Microsoft Exchange Server

You can delete the contents of your entire computer with one piece of code. You can delete everything in your servers, and remove all trace of your company and any other websites customers you host.
Just run a Bash script with a rm -rf {foo}/{bar} with those variables undefined to all your servers due to a bug in the code .
Normally, that code would wipe out all of the specific parts of the computer that it was pointed at. But because of an error in the way it was written, the code didn’t actually specify anywhere – and so removed everything on the computer.
The command
"rm -rf /"

The command "rm -rf /": a basic piece of code will delete everything it is told to.
The “rm” tells the computer to remove; the r deletes everything within a given directory; and the f stands for “force”, telling the computer to ignore the usual warnings that come when deleting files. The code will even delete all of your backups taken in case of catastrop if the drives that are backing up your computers are mounted to it, the computer will wipe all of those, too. All servers get deleted and the offsite backups will too if the remote storage was mounted just before by the same script (that is a backup maintenance script).”

rm -rf /* That command will erase everything on the hard drive but not in the Master Boot Record, that takes a low level format to erase the MBR, which you can get from the manufacturer of the hard drive. To boot from CD, you will need to check your BIOS and ensure that CD is the first item in your boot list.

How to really erase any drive -- even SSDs -- in 2016 <--SSD claims are false.

rm -rf /* Another way to wipe the disk would be to zero it from a live environment:

Deleting a file from a computer is only a concept not a reality. A file is not deleted; only its name is erased from a file database. Beyond the obvious deletion functions, you start getting into secure deletion, the act of clearing, overwriting, wiping or "scrubbing" the data once or many times with a string of 1s and 0s. In the middle of the spectrum are devices, such as degaussers, that purge data from a variety of media.

How to Wipe Your Disk

 

Data Wiping Software DBAN is free erasure software designed for the personal user. It automatically deletes the contents of any hard disk that it can detect. This method prevents identity theft before recycling a computer. DBAN is also a commonly used solution to remove viruses and spyware from Microsoft Windows installations.

Get a disk-wiping program that meets the U.S. Department of Defense's Media Sanitation Guidelines. These programs will overwrite your entire hard disk with data multiple times, ensuring that the original data can't be retrieved. If you use them, be patient, because it can take several hours to wipe the hard disk.

  • Sanitizing SSDs Solid State Drives
    Reliably Erasing Data From Flash-Based Solid State Drives

    We empirically evaluate the effectiveness of hard drive-oriented techniques and of the SSDs' built-in sanitization commands by extracting raw data from the SSD's flash chips after applying these techniques and commands. Our results lead to three conclusions: First, built-in commands are effective, but manufacturers sometimes implement them incorrectly. Second, overwriting the entire visible address space of an SSD twice is usually, but not always, sufficient to sanitize the drive. Third, none of the existing hard drive-oriented techniques for individual file sanitization are effective on SSDs
  • How to destroy a hard drive in five seconds When 'Format C:' just isn't good enough.
  • WipeDrive Pro (for hard drives) Government Approved and MediaWiper (for removable drives)
  • BCWipe that wipes and reformat's every sector 7 times, and took all day. I liked it because you can wipe individual files and leave no trace. 
  • Free Windows utility that also meets the DoD's standards is Eraser.
  • Mac, you can use Apple's built-in Disk Utility (it can be found in the Applications/Utility folder).
  • Good disk nuke tool, I recommend "Darik's Boot and Nuke" Switch to Darik's Boot because it does the same, but also gives you the option for a 3x wipe & reformat, which isn't quite enough to be able to change security levels on a hard drive for the Dept. of Defense, but good enough for getting rid of an old computer. The software creates a boot disk that wipes everything on the hard drive. It can also be used with floppy disks, USB flash drives, CDs and DVDs.
    It's fast, easy and fun. You can load the image onto a USB thumb drive and nuke your hard disk in the time it takes to eat 3 tacos. Don't play around with this one though -- even the guys at CSI Miami won't be able to recover your data without a clean room and some insane-expensive magnetic resonance equipment and months of labor. It uses some nice DoD standard algorithms to truly erase the drive several times over. "
    Honestly, if I had any personal financial data on it, or credit card info of any kind, use DBAN at the top level, let it just run for a day (takes over 12 hours for an 80 GB drive), and there won't be a trace of your information, boot sector, anything. All gone. What I really like about DBAN is the option to work on a floppy, as well as USB and CD. It's a very simple program, just chugs away and scrubs each sector. Some of the older Police Toughbooks I have to wipe have only floppy drives and no DVD. It'll run on USB, but needs the bootable USB drive. Warning: DBAN has an ugly home page, is free, is a great product and is very simple to use. It works on SCSI, IDE, or RAID devices.
  • Scott Cooper CMC, a computer forensics expert electronic discovery and forensics practice.s cott.cooper [[at]] FTIconsulting.com
  • Guidance Software's EnCase Forensic program.
  • Mary Mack, technology counsel for Fios, a digital forensics firm in Portland, Ore.
  • Wipe Old Hard Disks Clean  by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
    2006 Wipe Data from Your Old Media
    the National Institute of Standards and Technology (NIST) issued a new guide, "Guidelines for Media Sanitization,"  This guide is intended to assist organizations and system owners in making practical sanitization decisions based on the level of sensitivity of their information. It does not, and cannot, specifically address all known types of media however; the described draft sanitization decision process can be applied universally to all forms of media and categorizations of information.
  • How to Clear the cache from Microsoft Internet Explorer 
    Microsoft has released a utility, which you can download here  that deletes all temporary Internet files, cookies, and history files. After you download and run the files, click Next to the wizard's Welcome page. On the next screen, select "I Agree" and click Next. This program was initially intended to clear the cache in an error scenario, particularly around corrupt entries. In IE 7.0, this functionality will be available under Tools, Delete Browsing History, with granular options that include deleting just cookies, files, history, form data, and passwords or deleting everything.
  • Numbers erased from a cellphone can indicate on its memory that one person knows another. Appointments stored on hand-held devices can help establish a chronology. Even television shows recorded on a TiVo can confirm or destroy an alibi, revealing when a show was started or paused. All this evidence is theoretically recoverable.

 

It is 100% certain that Your hard drive will die at some point so remember to back up your information.  Backup..Backup..Backup... Hardrive meltdowns vs. the suicide hotline. These People will recover your hard drive data when your computer crashed.

A 1993 New Yorker cartoon declared, "On the Internet, nobody knows you're a dog." That was wrong. When it comes to digital data, anyone can find out who you are and what you are doing.

Hard Drive Recovery

In 2003, the School of Information Management and Systems at the University of California, Berkeley, estimated that 92 per cent of new information was being stored on some form of magnetic media. As a result, digital forensics the acquisition and analysis of digital information has become an important legal tool. As hard drives increase exponentially in storage capacity, retrieving incriminating data becomes easier. The bigger the drive, the less often that new data needs to be written on top of old "deleted" files. Passwords, visual images, bank account information is there.

"In general, one pass or one wipe is sufficient to frustrate any ordinary forensic analysis that might take place from outside of the hard drive," he says. "Now, you have to get someone to crack open the drive and look at it with a [magnetic force] microscope. That can cost hundreds of dollars." "It's always a question of how valuable is the information on the drive, and how hard do you think someone would work to get it."

How hard it was to destroy data?
If you don't know how to do it then smash it into oblivion. The delete key only labels these sections of storage saying it can be over-written. On large disk drives deleted data remains intact for a long time, recovering data is very straight-forward for forensic firms and technically-aware thieves. Even formatting hard drives and other memory cards will not irrevocably remove information stored on them.
Many people are taking risks with data on hard drives and memory cards which they are selling on eBay. Most people only make simple attempts to erase the data. Large amounts of personal and confidential business data are found on storage hardware. Letters, resumes, spreadsheets, phone numbers, e-mail addresses, temporary files from net browsers which contained login details and passwords for websites and even online bank accounts were all found. It is possible to extract the temporary files that Microsoft's Internet Explorer browser uses to keep track of what people do when they are using the web. It is possible to reconstruct almost everything that some users did online, and to grab cookies and login details for sites they visited.

 

WOOPSIE

How do you Recover Files? and some other ideas “You might have an extremely slim chance to recover from this if you turn off everything right now and hand your disks over to a reputable data recovery company. “This will be extremely expensive and still extremely unlikely to really rescue you, and it will take a lot of time.”

2006 College professors and anyone with a computer at work would be wise to find out what happens to their hard drives on the way from the office desk to the scrap heap.
Researchers at the University of Glamorgan sifted through more than 300 secondhand hard drives and found (amid a good deal of pornography) a wealth of company secrets and sensitive personal data. VNUNet, said more than one in five of the computers tossed aside by businesses could easily be traced back to the company that had owned the machine. See UK bank details sold in Nigeria Bank account details belonging to thousands of Britons are being sold in West Africa for less than £20 each. The information can be found on a PC's hard disk, which is easy to access if the drive is not wiped before sending. Users should instead use a program to wipe their hard drive before they sell or give away their PC, a process which over-writes what is already contained on the drive. Alternatively, people should remove their hard drives before they give away their computers.

"Ten Commandments of Data Destruction"
How Far Should You Go? Well pretty far if you are a bank. Utter annihilation: visceral  acts of shredding, pulverizing, incinerating or melting the media aka Pulverize then liquefy. Heating a hard drive past the Curie point (the point at which metal loses its magnetic properties) and melting it into slag are the only sure ways never to recover what once was on there.
Elizabeth Wilmot owns Data Killers, a media - destruction and computer - recycling firm in Maryland that could shred tapes and hard drives securely , and provide a certificate affirming their destruction. It would even let you stay and watch the shredding process, if you wanted which takes about an hour of time. Then the media's "remains" would be delivered to a smelter for melting and recycling its various metals. With its 6,600-pound shredder, Data Killers is able to take just about  any storage medium, such as the college's tapes, and turn it into  particles the size of a thumbnail.
Encryption doesn't necessarily absolve companies of their obligation to destroy highly sensitive data or media, encrypting the data may offer something of a legal safe harbor for companies trying to obey many privacy regulations.
On the other hand, storing data in encrypted format on a drive partition might let you avoid scrubbing the drive: "When someone tries to recover data, they first have to find the data. If all they see on the drive is noise, that's a pretty effective deterrent. It's definitely a counterforensic technique," he says.
Detailed guidelines for media sanitization and disposal can be found in the government sector, including the early U.S. Department of Defense drafts of Standard DoD 5220.22-M. These include a clearing and sanitization matrix and guidelines for destroying every kind of data from classified or top-secret to unclassified.
This standard often is referred to by overwriting-software vendors , a few of whom may claim to be "DoD-certified" or "DoD-compliant." (A 2005 version of the matrix is available from the Web site of the Defense Security Service Office of the Designated Approving Authority.)
Two leading information security standards with specific guidelines for media disposal and sanitization: ISO 17799 and the National Institute of Standards and Technology (NIST) Special Publication 800-88, titled "Guidelines for Media Sanitization."
Procedural model to help organizations determine whether data or media should be cleared or purged, or physically destroyed depends on whether the data or media will be reused or will be leaving  the organization's control. There's just one caveat: The model assumes an organization first can identify and categorize the data stored on specific media into one of four different classes: nonsensitive information, business-sensitive information, legally protected  information and classification not known." [source]

 

Disk Repair | Disk Recovery Software | Disk Recovery Tools | Hard drive Recovery |

 

 XP has the /W option

Quote: "2005 A year ago, I wrote in this space about tools that you can use to wipe hard disks clean of all data. In that article, I mentioned four software-based tools. This week I learned about two more tools and about another type of product that can help when you need to erase a disk.

LSoft Technologies' Active@KillDisk

Heidi Computers' Eraser  - http://www.heidi.ie/eraser
DBAN is also bundled with Heidi Computers' Eraser.

Windows XP ships with a command-line tool, cipher.exe, designed to manage encryption on entire volumes as well as directories. One of the features of cipher.exe is that it can wipe a disk to help prevent data recovery.
The tool's /? switch gives you a list of all the available command-line options. You can use the last option, /W, to wipe an entire disk or a select directory. There are, of course, other tools that can do the same job, which you can probably find using your favorite search engine.
Wiping an entire disk clean (so that you can recycle or dispose of it, donate it to charity, or return it under warranty) is sometimes quite a problem, especially if the disk is in a system that can no longer boot.
- You can of course try to use some sort of bootable CD-ROM and then run a software-based tool to wipe the disk. - -
- You can also remove the disk and put it into another system, boot that system, then wipe it clean.
Another method, which is very handy, is to use a custom connector that lets you connect a disk to any system using a USB or FireWire port. Such connectors are relatively inexpensive and have the added advantage of letting you connect any ATA disk to a supported system, including a laptop, which is also a great way to get a bunch of extra disk space when you need it.

Dan's Data - 2011
reviews at least four connectors I think you might be interested in. One is an external drive box shell from Sunnytek Information available for ATA and SATA configurations review. You can insert just about any regular ATA disk you can think of inside the shell.
Another is ComboDock by WiebeTech, which is a small external connector box that connects to the back of an ATA disk -
Yet another is the USB 2.0 to IDE Cable, available from USBGEEK.COM
And finally, there is the R-Driver II USB to IDE cablewhich I think is the best choice because it lets you connect regular ATA drives and the mini-ATA drives that are typically used in laptops and other portable computing devices.
One thing to keep in mind is that USB 2.0 (up to 480Mbps) is much faster than USB 1.x (up to 12Mbps). And likewise, FireWire 1394b (up to 800Mbps) is twice as fast as FireWire 1394a (up to 400Mbps). If you don't have USB 2.0 or FireWire 1394b in your system, you can buy an inexpensive add-on card to significantly speed up read and write times.
Any of the ATA connectors I mentioned let you add a disk to a system in just a few seconds. Not only can you use them to wipe data off disk, but because they offer complete portability, you can also use them with CD-ROM and DVD drives to create your own portable backup solutions.
If you're interested in these connectors, be sure to read the related hardware reviews at Dan's Data."

 

 jTrust us. Apple's policy re: private data on dead hard drives. ~ anon 2006
I just had a 250gb disk go completely belly up on my iMac G5 (two months out of warranty). Disk Warrior reported bad sectors and refused to recover it. I concluded I needed to replace it. Comparison  shopping showed special deals as low as $85. But having no appetite for mesing around at the time, I took what I thought was the gold-plated option. Ordered a DIY replacement drive from Apple for nearly $300. And the real tale starts there....
It turns out, Apple's policy on DIY disk drives is that they insist that the old drive be returned within 10 days, else an additional charge of almost $200 will be charged.
The same charge applies if the drive is physically damaged or opened, thus thwarting my first thought of how to protect my private data... a sledgehammer.
Apple's basis for imposing such a "charge", given that the original and replacement drives belong to me and not Apple, is one matter of possible interest to some readers.
More interesting to me is Apple's apparent lack of interest in secure disposal of private data on dead drives, and the lack of easy options for computer users with a hard drive failure.
Apple's support line wasn't much help. The obvious solution, cancelling the extra charge, wasn't accepted, nor was returning the disk smashed (although I still question the legality of both of these "requirements"). I gather they want them for quality control/ diagnosis purposes; apparently quite a lot because its worth $200   worth of MY money to them
As for the data, the best they could offer is "Trust us, we're reputable", having just admitted they simply pass dead drives along to Maxtor ("trust them, they're reputable"). And how does reputable relate to the concern that platters from dead drives won't just end  up in a dumpster somewhere.
So.... I imagine a honking big magnet is about the only option I left, short of the "trust us" approach. Maybe an old bulk tape eraser.

Your computer is not secure. By Meir Rinde April 27, 2006
When agents from the federal Bureau of Alcohol, Tobacco and Firearms arrested convicted felon Michael Crooker on a charge of illegally shipping a firearm across state lines, they searched his apartment in the Feeding Hills neighborhood of Agawam, Mass. and found substances that gave them pause.
They called in military and civilian hazardous material units, and a bomb squad, and police closed off all areas within 1,000 feet. A story spread that investigators found the poison ricin in the apartment; in reality, they found castor beans, which have commercial uses but do contain ricin. They also found lye, which is used in ricin production, and rosary peas, which contain a toxin called abrin. In Crookers car they found powerful homemade fireworks, and they conducted a controlled explosion of at least one device.
That was almost two years ago. Hes now locked up at the state correctional facility in Suffield Connecticut, awaiting trial on a single charge of trying to ship an air-gun silencer to a man in Ohio.
The 52-year-old ex-con fills his time studying his case and writing letters to the judge, as well as filing lawsuits against the government and other parties, as he has done all his life.
Among the entities he has targeted is the computer maker Hewlett Packard. In his suit, Crooker traces back the history of his Compaq Presario notebook computer, which the ATF seized when he was arrested.
He bought it in September 2002, expressly because it had a feature called DriveLock, which freezes up the hard drive if you dont have the proper password.
The computers manual claims that if one were to lose his Master Password and his User Password, then the hard drive is useless and the data cannot be resurrected even by Compaqs headquarters staff, Crooker wrote in the suit.
Crooker has a copy of an ATF search warrant for files on the computer, which includes a handwritten notation: Computer lock not able to be broken/disabled. Computer forwarded to FBI lab. Crooker says he refused to give investigators the password, and was told the computer would be broken into through a backdoor provided by Compaq, which is now part of HP.
Its unclear what was done with the laptop, but Crooker says a subsequent search warrant for his e-mail account, issued in January 2005, showed investigators had somehow gained access to his 40 gigabyte hard drive. The FBI had broken through DriveLock and accessed his e-mails (both deleted and not) as well as lists of websites hed visited and other information. The only files they couldn't read were ones hed encrypted using Wexcrypt, a software program freely available on the Internet.
Despite the exposure of his e-mails, Crooker isn't in prison on a chemicals or explosives charge. Rather, hes been detained for two years on a single firearms charge because the judge thinks hes too dangerous to let out on bail.
A six-page rap sheet included in his firearms charge file lists arrests going back to March 1970, when he was 16 and committed an armed robbery while wearing a ski mask, according to the Springfield Republican. In 1977, he was accused of threatening to kill President Gerald Ford; he was cleared, but convicted of mailing death threats to the police chief of Southwick, Mass., where he grew up, and to a probation officer. In 1986, he was charged with rape and attempted murder; the charges stemmed from a phone argument with his wife, he says, and were dropped. In 1993, he plead guilty to a conspiracy to possess guns, witness tampering -- he admits he blew up a witnesss car -- and IRS fraud. He and an accomplice had filed about 70 false tax returns and pocketed the refunds.
The judge who ordered him to remain incarcerated described Crooker as a real threat to the community at large, if not particular individuals as well. The judge wrote that prosecutors believe Crooker has made ricin in the past; that he is accused of keeping three hundred rounds of ammunition at his parents house; that in letters he refers to Timothy McVeigh as a martyr and expresses admiration for Osama bin Ladens brilliance.
If the government agrees Crooker is so dangerous he can't stay at home while he awaits trial, should he be allowed to use purportedly unbreakable computer security systems to hide potentially criminal activity?
Because of cases like Crookers, some might argue the government should have access to security backdoors to discourage criminals or at least catch them more easily, much as the technology in the movie Minority Report allows police to prevent crime by arresting criminals before they act.
Of course, Crooker does not agree. Sitting in a low-ceilinged prison visiting room last week, his bright yellow prison jumpsuit hanging loosely on his narrow six-foot frame, Crooker rifled through stacks of legal documents and criticized what he described as HPs deception in not admitting up front that DriveLock was flawed, and in selling him out to the feds.
Even if its the CIA and the NSA, its wrong for HP to say, we can't help you if you lose your password, he said. Its causing people to hide things on their computers, and they're not secure.
Crooker argues that by providing the FBI with a way to circumvent DriveLock, and claiming the system was impenetrable when there was actually a backdoor, HP committed a breach of contract.
We left a message for HPs lawyer, Thomas W. Evans of Cohen & Fierman in Boston, and got a call back from Ryan Donovan, a company spokesman in Palo Alto, Calif.
We don't comment on pending litigation, he said.
In a legal response sent to Crooker but not yet available in court, Evans says HP didnt help the FBI, and argues it was unreasonable for Crooker to expect that data he entered on the laptop would remain inaccessible to others.
Crookers goal is primarily to get money from HP. He's demanded $350,000, and would probably accept much less. But he has also stepped into a much larger debate over computer security: whether HP and other companies are providing their customers with sufficiently strong protection and whether the government should allow anyone access to security systems so strong that even federal law enforcement agents have a hard time breaking through them.
Crooker has spent many years in prison, but he's had some success with the law as well. In 1984, when he faced a charge of having an unregistered machine gun, a federal District Court panel reviewed his claims that he should have access to certain ATF documents. Although he ultimately didnt get everything he wanted, the judges ruled ATF hadnt given a specific enough reason for withholding the documents, and Crooker v. BATF became an important footnote to discussions of Freedom of Information law.
In his current criminal case, he argues that although the silencer would fit on an actual firearm, it was only intended for use on the air gun it was attached to. You wouldnt believe the hearings and motions weve filed on this, he said.
He knows firearms law inside and out. Hes published a pamphlet called A Felons Guide to Legal Firearms Ownership , which you can buy online for $4.95.
But his lawsuit against HP may be a long shot. Crooker appears to face strong counterarguments to his claim that HP is guilty of breach of contract, especially if the FBI made the company provide a backdoor.
If they had a warrant, then I dont see how his case has any merit at all, said Steven Certilman, a Stamford attorney who heads the Technology Law section of the Connecticut Bar Association. Whatever means they used, if its covered by the warrant, its legitimate.
If HP claimed DriveLock was unbreakable when the company knew it was not, that might be a kind of false advertising. But while documents on HPs web site do claim that without the correct passwords, a DriveLocked hard drive is permanently unusable, such warnings may not constitute actual legal guarantees.
According to Certilman and other computer security experts, hardware and software makers are careful not to make themselves liable for the performance of their products.
I haven't heard of manufacturers, at least for the consumer market, making a promise of computer security. Usually you buy naked hardware and youre on your own, Certilman said. In general, computer warrantees are limited only to replacement and repair of the component, and not to incidental consequential damages such as the exposure of the underlying data to snooping third parties, he said.  So I would be quite surprised if there were a gaping hole in their warranty that would allow that kind of claim.
That point meets with agreement from the noted computer security skeptic Bruce Schneier, the chief technology officer at Counterpane Internet Security in Mountain View, Calif.
I mean, the computer industry promises nothing, he said last week.  Did you ever read a shrink-wrapped license agreement? You should read one. It basically says, if this product deliberately kills your children, and we knew it would, and we decided not to tell you because it might harm sales, were not liable. I mean, it says stuff like that. They're absurd documents. You have no rights.

Schneier entered the field of computer security as a cryptographer. He invented an algorithm called Blowfish, which is used in many software programs including Wexcrypt, which Crooker used on some of his files, and which the FBI has apparently been unable to crack.
In recent years Schneier has been a prominent critic of most computer security schemes, saying that they're not reliable in part because companies aren't financially liable for failures. He described Crookers lawsuit as kind of funny.
Part of me says, Well, go get them, Schneier said. Because the industry, for years, makes all of these false promises. So heres someone whos saying, Look, goddammit, I believed them, and I got arrested, or something. So thats kind of neat, actually.
Online, self-declared computer geeks have discussed at length how to unlock DriveLocked hard drives. The general consensus is that, unlike many computer password systems, DriveLock is a hard-drive-only system, a technology added to the drive, rather than a routine in the computer software. Only a chip on the hard drive knows where the password is stored, and the chip simply will not allow the drive to spin if the password is not provided. Putting the drive in a different computer, or tinkering with computer system files, doesn't help. Encryption isn't the problem, either: your files may just be sitting there, in readable form, but the drive refuses to work.
The computer geeks seem to throw up their hands at devising a home-office method of getting around DriveLock. However, in a clean room laboratory setting it should be possible to take apart a hard drive and scan the platters where magnetic information is stored.
A few companies advertise password removal services for a fee, such as Nortek Computers Limited, in North Bay, Ontario, Canada. For $85, the company will simply erase your hard drive, which removes the password and at least makes the drive useable again. For $285, the company will copy your information off the drive, wipe the drive, and put the information back on, sans the password, said Chris Boyer, a support specialist at Nortek.
He wouldn't describe how its done, except to say that some computer drives can be penetrated using non-invasive methods, while others are more difficult. Theres quite a bit involved, engineering-wise and facility-wise, Boyer said. The company is alert to suspicious clients who seem to be trying to break into someone elses computer, and keeps records of device serial numbers, he said. It has removed passwords for law enforcement agencies in the U.S., Canada, England, Denmark and other countries.
The availability of commercial password removal suggests HP may be sincere when it says it didn't help the FBI. But Crooker said that's no obstacle to his lawsuit. Why are HP and Compaq still advertising this DriveLock system when they have to know about the Canadian operation for $285? he asked. They're lulling us into this sense of security, when for $285 it can be exposed? It ain't right.
In the recent past the federal government has attempted to build in backdoors to certain computer systems: In the early 1990s, the National Security Agency tried to require the installation of a chip in phone transmission systems, so agents could eavesdrop on encrypted conversations. The Electronic Frontier Foundation and other civil liberties groups attacked the proposal, which eventually died (although recently AT&T reportedly allowed the NSA to monitor millions of phone calls without warrants, using specially installed supercomputers).
So while DriveLock may not be wholly secure, software that uses Blowfish and other encryption methods remains widely available. To civil liberty advocates, thats good news, even if it means individuals like Michael Crooker can hide their secrets from law enforcement.
Encryption software is becoming a very ordinary thing. Thats a very positive development in terms of limiting the erosion of privacy in certain ways, said Seth Schoen, a staff technologist at the Electronic Frontier Foundation.
Crooker said he understands the argument for allowing the government to penetrate computer security systems. I can see both sides of it, he said. But that doesn't mean he's letting HP off the hook for pretending DriveLock was really secure.
That's a point security experts would agree with: undisclosed flaws are the Achilles heel of any security scheme, because then the user of the system doesn't even know what kind of incursions to watch out for.
For Bruce Schneier, the key to preventing such flaws is the kind of legal liability that Michael Crooker is trying to create, forcing companies to pay though the nose until they develop security that really works.
Unfortunately, this probably isn't a great case, Schneier said.  Here's a man who's not going to get much sympathy. You want a defendant who bought the Compaq computer, and then, you know, his competitor, or a rogue employee, or someone who broke into his office, got the data. Thats a much more sympathetic defendant.


© Educational CyberPlayGround ® All rights reserved world wide.