General discussion

Locked

Data on old hard drives

By editor's response ·
Do you think sensitive data left on old hard drives is a prevalent problem for organizations? How does your company handle this issue when getting rid of hardware? Tell us what you think about Jonathan Yarden's advice concerning this issue, as featured in the Feb. 10 Internet Security e-newsletter.

This conversation is currently closed to new comments.

50 total posts (Page 1 of 5)   01 | 02 | 03 | 04 | 05   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Post a copy of the e-newsletter

by generalist In reply to Data on old hard drives

If you want a greater number of informed responses, post a copy of the newsletter somewhere so those who don't subscribe can read it.

My take on the hard disk problem is that you need to at least do the DoD formatting where everything is written over with null values. That would put recovery of sensitive data beyond the reach of most people.

If the data is really sensitive because of privary or security reasons, go for the higher levels of cleaning or consider destroying the drive in a way that the data can't be retrieved.

Collapse -

Yes.

by mrafrohead In reply to Data on old hard drives

It is our responsibility to make sure that all data is securely removed. Granted the only 100% way I know of would be to physically destroy the drives, but using a DOD wipe should work enough for most places.

I am usually the one that wipes the drives in this company. I run a low level format on them first, and from there, I use a DoD compliant program and run a 7 or 35 wipe set of instructions depending on the nature of the data.

I believe you can NEVER be too careful. If it's a hard drive that I am seriously worried about, I will just remove the platters themselves, rest a magnet on top and then carve my initials into them

As for Jonathon Yarden's advice, I didn't read the article, so I can't comment on what he said. Although if you post it here, I will definately read it and comment on it.

Mrafrohead

Collapse -

Getting rid of hardware???

by GuruOfDos In reply to Data on old hard drives

Surely not?!!!

Pass it down the line maybe....but NOTHING leaves our premises unless it has ceased functioning and has been destroyed beyond recovery.

All our old hard drives get the platters removed and then cut in two with a disc cutter. Thebodies are broken up for scrap aluminium and the controller cards are chemically stripped to recover the gold and copper!

Waste not, want not!!! We recycle 80% of our paper waste and not even a 1Mb 30 pin Simm leaves the company. We never know when we will need one!!

I have a couple of 286's for sale if anyone is interested....no hard disk (it's been recycled) but has twin 5.25" FDD's (1.2Mb)...guaranteed no sensitive data...unless anyone wants to use an electron micrograph on the 1Mb of d-ram to see if there are any residual patterns left in the memory since it was last used!

Collapse -

To discard or not to discard?

by jardinier In reply to Getting rid of hardware?? ...

As usual, member GuruOfDos has something sensible and useful to say. My posting has NOTHING to do with major corporations or networks, but is quite a fascinating tale.
At a church fete I purchased a Hard Drive for $5. On inserting it in a computer,I found that it had belonged to a doctor and ALL his software including personal data was intact. It even had his and his wife's CVs.
So I wrote to the former owner of the HD and received a phone call from his wife. She was very curious as to how Ihad come by the HD as it appeared to have come from one of two laptop computers which had been stolen from their car. She was most anxious to recover a copy of her CV, which I was happy to do.
I would also like to mention that I get some great software off old computers. I have acquired an annoyingly clever Scrabble program, written in 1990 for MS-DOS. I have only ever encountered one version of Scrabble written for Windows (and that only very recently)and it is hard to come by. There is a readily available Mac Scrabble game if anyone is interested.

Collapse -

I've said this before...but

by GuruOfDos In reply to To discard or not to disc ...

I was called in to a client to sort out a 'sick' computer. They had taken it into a local shop and was told 2 weeks later it was dead. They had been sold a 'refurbished computer' and were ripped off. The client wanted a second opinion and I asked her to get the dead machine back from the shop. They were reluctant, but when she threatened them with legal action, they relented.

So I, in her full view, opened up her old computer to discover it had been stripped of the hard disk and ram chips. As it was an IBM, all the remaining parts had IBM labels on all the components. The mobo had burn marks on it, and a closer look revealed that the PSU connectors had been fitted backwards.

The new machine (a clone) was then opened up to reveal a bunch of IBM ram chips and the IBM's drive as well as a 2nd hdd. Booting the machine revealed that the secondary drive wasn't regognised by Windows as it hadn't even been set up correctly in the BIOS.

On setting up the drive as the primary and detecting it in BIOS, it revealed a lot of very sensitive information! It had once belonged to a school and had been used in the secretary's office. It had names, addresses and phone numbers for all the children in the school, contact details and names oftheir parents and other data of great interest to any paedophile!!

The old IBM was a 486 DX2-66 with 16Mb of RAM and the new PC had the same CPU. The new pc had 20Mb of RAM (4 original and 16Mb 'stolen' from the IBM) and the IBM 540Mb HDD and a 1.2GB drive it didn't even recognise!

They had been asked to pay 8 hours labour to attempt a repair on the old machine and ?160 (US$240) for the 'new' PC. Total bill was in excess of ?300 (US$450) when I could have built them a brand new P200MMX (this was in 199 for about half that.

Needless to say, our findings resulted in the shop ceasing to trade and the owner spending time in jail contemplating his actions!

Collapse -

Repairs, rip-offs and rogues ...

by jardinier In reply to I've said this before...b ...

Thank you GuruOfDos, for your fascinating tale about the repair rip-off. I, too have encountered some amazing examples of "technical" work. Perhaps the worst was a computer with two hard drives, with the primary HD held in place with sticky tape, and padded with plastic bubble-wrap to keep it from bumping around too much.

Collapse -

I think I know that repair person...

by dbgirl In reply to Repairs, rip-offs and rog ...

"Perhaps the worst was a computer with two hard drives, with the primary HD held in place with sticky tape, and padded with plastic bubble-wrap to keep it from bumping around too much."

I once spoke with a local computer repair shop during a fruitless search for drive rails (an older machine with no spare parts available). The repair shop in question told me to just do what he did when faced with that problem, which was to keep hard drives in place using hot wax.

Collapse -

You should see

by zlitocook In reply to Getting rid of hardware?? ...

What I am donating to a local charity, 6 laptops 4 are 486s 2 are pent. 1, .A bag of memory sticks pent and below about 100 or so. There are 3 sticks that went into a special wood case computer from north wind or some thing like that. I normaly low level format any drive that I get ride of.

Collapse -

Sledgehammer enough?

by mika In reply to Data on old hard drives

Hi,
in my opinion the best (and only?) way to make sensitive data unreadable is to actually "overwrite" it with some kind of DOD Wipe-program.

For an example have the company below restored data from disks that have had glue between the disks, been in a fire and so on.

IBAS
http://www.ibasuk.com/datarecovery/index.htm
http://www.ibasuk.com/dataerasure/index.htm

Collapse -

True destruction

by Dave Howe In reply to Sledgehammer enough?

the only real way to ensure the drives are destroyed is to dissolve the magnetic substrate - this isn't as hard as it sounds - drill a hole in the drive, fill with some solvent, leave to work.

There are a few choices of solvent - glue removers are good, as are a mix of hot water and some detergents. simple test - get a floppy (or magnetic tape) and dip it in the candidate solution for a minute or so then rinse. if it cleans off the magnetic surface (leaving a clean carrier) then you can probably trust it to do the same inside the drive. You *can* use an acid, but it isn't needful and causes disposal problems.

Back to Security Forum
50 total posts (Page 1 of 5)   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums