- Second-hand PCs and information leaks -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, January 31 2002 -- Two serious cases of confidential information
leaks have come to light recently in Japan. Both of these cases highlight
the need to take precautions when disposing of old PCs.

According to the THE J@PAN INC NEWSLETTER, a second-hand computer shop in
Nagoya, had a computer containing extensive information from a health
insurance company. Similarly, in a shop in Fukuoka, a PC was discovered
containing information concerning investigations carried out by the city
police dept.

Incidents like these occur far too often. Companies frequently sell off old
computers to second-hand shops or companies that specialize in 're-cycled'
hardware. In Japan alone, these kinds of companies handle more than 100,000
machines a year, around 1 percent of the national production of PCs.

Whether by negligence or in the belief that deleted data cannot be
recovered, people tend to overlook the information contained on computers
when reselling them. However, the security implications are serious. If
certain information such as addresses, machine names, user names, passwords
etc. fall into the hands of malicious users, they could easily gain access
to corporate networks.

When disposing of a PC it is important to ensure that there is no
recoverable data on the machine. Deleting information or even reformatting
the hard disk is not enough as the ability to recover data can go way beyond
this. The method recommended by the US National Security Agency is
considered one of the most effective. This method involves overwriting the
entire hard disk with random numbers, five times at least. This impedes even
the most advanced methods of extracting data from old computers.