Hard Drive/Email Security and Encryption

Hey Renton,

I just bought a new computer (a Mac, i’m a convert), but my old PC is going to be sitting around.

If I use Derek’s Boot n’ Nuke to clean my hard drive will that work to erase all my data beyond recovery?

I’m also considering just taking the piece of junk and installing a lightweight linux-based OS (like puppy linux) to play around with. I’m assuming the hard disk reformat would help erase some of the data?

[quote]boyscout wrote:
Hey Renton,

I just bought a new computer (a Mac, i’m a convert), but my old PC is going to be sitting around.

If I use Derek’s Boot n’ Nuke to clean my hard drive will that work to erase all my data beyond recovery?

I’m also considering just taking the piece of junk and installing a lightweight linux-based OS (like puppy linux) to play around with. I’m assuming the hard disk reformat would help erase some of the data?
[/quote]

Boot n’ Nuke is a good way to go but the only way to be truly sure is to take a hammer to the plattens inside the drive. It’s certainly good enough to stop everyone who may get hold of the drive from seeing anything though. Except of course a determined government agency.

It boils down to risk assesment.

If you are going to keep the drive I’d give it a quick nuke first and then get your linux distro installed.

[quote]Renton wrote:
More difficult is the index.dat file which stores every web site that you have ever been to. Don’t believe me? Download Winspy from Tracks Eraser Free Download and see all the information your computer has about your browsing.

You cannot erase the index.dat file easily - you’ll need help. Index.dat viewer and delete index.dat file - Free Internet Window Washer follow the link and download WindowWasher. It’ll do the trick nicely.

[/quote]

Very nice tools Renton. Absolutely love them. Adding to the collection. Thanks!

[quote]Renton wrote:
MaximusB wrote:
The only true security is what you keep within your head these days.

There are ways to get at that too…[/quote]

You sadistic devil you :slight_smile:

[quote]boyscout wrote:
Hey Renton,

I just bought a new computer (a Mac, i’m a convert), but my old PC is going to be sitting around.

If I use Derek’s Boot n’ Nuke to clean my hard drive will that work to erase all my data beyond recovery?

I’m also considering just taking the piece of junk and installing a lightweight linux-based OS (like puppy linux) to play around with. I’m assuming the hard disk reformat would help erase some of the data?
[/quote]

Just an FYI, I have tools in my office that will recover after a windows delete, format, and fdisk. Only way to be sure is a 3 level pass delete.

When you empty your recycle bin there is a number in front of the deleted file that is turned on/off on the low level of the hard drive. But the data of the file is still there unless its written over.

Then you use a tool, there are many out on the net, where the free space on the drive is written over with 1’s and 0’s in a random pattern, then with a pattern, then with random 1’s and 0’s. This is suppose to be the most secure way of deletion. US GOV endorses and uses it.

So find your self a tool that does the 3 level pass and nuke your data so that your drive can not be read.

This is the sort of thing dirtbag is talking about …

http://www.heidi.ie/node/6

[quote]Renton wrote:
This is the sort of thing dirtbag is talking about …

http://www.heidi.ie/node/6

[/quote]

Hmmm another to add to the archive.

Wow what are you guys doing at home that you that worried?

I used to work for a US agency and we had hammer them into pieces and send the pieces back to the Feds. We did however get to come into the light every third Tuesday…lol

I had a friend who worked computer forensics for another Washington agency. The paper work he had to fill out and the red tape far out weighed the cool factor of testifying in court on what you recovered…

[quote]Colin Wilson wrote:
Wow what are you guys doing at home that you that worried?
[/quote]

Well our porn collections are really top secret info. Can’t let “little busty blondes take rome part 15” out on the public internet. Could get into lots of trouble.

[quote]Colin Wilson wrote:
Wow what are you guys doing at home that you that worried?
[/quote]

Ummmm - Not telling :stuck_out_tongue:

[quote]I used to work for a US agency and we had hammer them into pieces and send the pieces back to the Feds. We did however get to come into the light every third Tuesday…lol

I had a friend who worked computer forensics for another Washington agency. The paper work he had to fill out and the red tape far out weighed the cool factor of testifying in court on what you recovered…[/quote]

I know what you mean - My own miltary career has had me see and do some weird shit.

I was visiting an ISP once (as a civilian) when several large chaps in glasses arrived with some classified intelligence instructions. They were given access to the main server rooms and installed a box in there.

I was later privvy to the reason why. The box fed through every email and potentially every data stream to a government led installation that monitors emails etc. This information is also freely shared with the US who do similar.

Emails are routinely scanned for key words. So are many other forms of communication.

That’s why I like to have an email strap line that says “Bomb ready to go. Semtex explosives and C-4 acquired. Timing devices and detonators in place” - I don’t know for sure but I suspect it winds them up something rotten. :wink:

Another bit of info I was going to offer is the trade off. All security models are as good as the end user.

If the end user chooses to download the latest greatest game infected with gawd knows what. You efforts to secure your information are wortheless.

Also you have to think about usability. If something is so secure and 10 passwords deep no user is going to want to use it.

So for most IT people its a trade off on security vs usability vs “end user knowledge”. And at the end of the day nothing beats a removable hot swap drive and a safe for data security. Yes I have even setup that for users before.

[quote]dirtbag wrote:
Colin Wilson wrote:
Wow what are you guys doing at home that you that worried?

Well our porn collections are really top secret info. Can’t let “little busty blondes take rome part 15” out on the public internet. Could get into lots of trouble.
[/quote]

Damn! Took me ages to track that down and it turns out you have it all along. Sheesh!

[quote]dirtbag wrote:
Another bit of info I was going to offer is the trade off. All security models are as good as the end user.

If the end user chooses to download the latest greatest game infected with gawd knows what. You efforts to secure your information are wortheless.

Also you have to think about usability. If something is so secure and 10 passwords deep no user is going to want to use it.

So for most IT people its a trade off on security vs usability vs “end user knowledge”. And at the end of the day nothing beats a removable hot swap drive and a safe for data security. Yes I have even setup that for users before.[/quote]

Dirtbag you are adding some great stuff to this thread. Thankyou.

I find that an HIV positive rottweiler with a flick knife is also handy.

Slightly off topic, but while we are talking security anyway, your mobile phone holds huge amounts of information too, even when texts etc are deleted.

Even more for the man to go at.

Having had my old gMail account broken into (jealous husbands are such whiny pussies), I’ve become something of a paranoid security guy.

Not that I know shit about what I’m doing, though. Thanks for the info.