Disk INsecurity:last word on deletes, wipes & The Final Solution. My fellow Cypherpunks, On the matter of getting rid of dangerous info on your hard disk, here is a very interesting quote from The GIANT BLACK BOOK of COMPUTER VIRUSES, second edition by Dr. Mark Ludwig American Eagle Publications,Inc P.O. Box 1507 Show Low, Arixona 85902 see http://www.logoplex.com/resources/ameagle QUOTE If one views a diskette as an analog device, it is possible to retrieve data from it that has been erased. For this reason even a so-called secure erase program which goes out and overwrites clusters where data was stored is not secure. (And let's not even mention the DOS delete command, which only changes the first letter of the file name to 0E5H and cleans up the FAT. All of the data is still sitting right there on disk!) There are two phenomena that come into play which prevent secure erasure. One is simply the fact that in the end a floppy disk is analog media. It has magnetic particles on it which are statistically aligned in one direction or the other when the drive head writes to disk. The key word here is STATISTICALLY. A write DOES NOT simply align all particles in one direction or the other. It just aligns enough that the state can be unambiguously interpreted by the analog- to-digital circuitry in the disk drive. For example, consider Figure 36.2. It depicts three different "ones" read from a disk. Suppose A is a virgin 1, written to a disk that never had anything written to it before. Then a one written over a zero would give a signal more like B, and a one written over another one might have signal C. All are interpreted as digital ones, but they're not all the same. With the proper analog equipment you can see these differences (which are typicall 40 dB weaker than the existing signal) and read an already-erased disk. The same can be said of a twice-erased disk, etc. The signals just get a little weaker each time. The second phenomenon that comes into play is wobble. Not every bit of data is written to disk in the same place, especially if two different drives are used, or a disk is written over a long period of time during which wear and tear on a drive changes its characteristics. (See Figure 36.3) This phenomenon can make it possible to read a disk even if it's been overwritten a hundred times. The best defense against this kind of attack is to see to it that one NEVER writes an unencrypted disk. If all the spy can pick up off the disk using such techniques is encrypted data, it will do him little good. The auto-encryption feature of KOH can help make this NEVER a reality. 1.2 | 1 | ..................C M | ..................A A 0.8 | ..................B G | . N 0.6 | . E | . T 0.4 | . I | . Z 0.2 | . A | T 0 -------------------------------------I O Figure 36.2 N ----\\----\ | |previous write | p | ----\\ | R |\ | | e | last | | v | write | | i | | | ous| | \--- \ \ \|--\------\ Figure 36.3 UNQUOTE Another problem with wipes is that, as long as 5 years ago, manufactures of disk drives were adding caching functions to the hard drives that were not visible to software. Maybe you can program around a software cache when writing a wipe program but a hardware cache looks like a real problem. Are writers of wipe programs aware of disk hardware caches? With disk caching, you may get one real wipe and several virtual wipes. When I started writing my wipe program, SUPERWIPE, I was not aware of hardware caches. THE FINAL SOLUTION The only way to make sure of disk security is to use encrypted disk programs. That way dangerous plain text never touches your hard drive. I would recommend SECUREDEVICE & SECUREDRIVE. Both are excellent. SECUREDEVICE is easier to use but SECUREDRIVE is a better product. Both may be found on the Internet. Yours Truly, Gary Jeffers BEAT STATE!!!!!!!!! WAKE UP AND SMELL THE CLINTONS!!! ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
