Results 1 to 8 of 8

Thread: - Second-hand PCs and info leaks -

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Posts
    742

    - Second-hand PCs and info leaks -

    - Second-hand PCs and information leaks -
    Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

    Madrid, January 31 2002 -- Two serious cases of confidential information
    leaks have come to light recently in Japan. Both of these cases highlight
    the need to take precautions when disposing of old PCs.

    According to the THE J@PAN INC NEWSLETTER, a second-hand computer shop in
    Nagoya, had a computer containing extensive information from a health
    insurance company. Similarly, in a shop in Fukuoka, a PC was discovered
    containing information concerning investigations carried out by the city
    police dept.

    Incidents like these occur far too often. Companies frequently sell off old
    computers to second-hand shops or companies that specialize in 're-cycled'
    hardware. In Japan alone, these kinds of companies handle more than 100,000
    machines a year, around 1 percent of the national production of PCs.

    Whether by negligence or in the belief that deleted data cannot be
    recovered, people tend to overlook the information contained on computers
    when reselling them. However, the security implications are serious. If
    certain information such as addresses, machine names, user names, passwords
    etc. fall into the hands of malicious users, they could easily gain access
    to corporate networks.

    When disposing of a PC it is important to ensure that there is no
    recoverable data on the machine. Deleting information or even reformatting
    the hard disk is not enough as the ability to recover data can go way beyond
    this. The method recommended by the US National Security Agency is
    considered one of the most effective. This method involves overwriting the
    entire hard disk with random numbers, five times at least. This impedes even
    the most advanced methods of extracting data from old computers.

  2. #2
    Senior Member
    Join Date
    Oct 2001
    Posts
    689

    Post

    Hi micael, if you really want to know how bad second hand pcs are with info, the truth is that I picked up an old winNT machine at a government auction. The pc had been used at a hospital, and still had some employee data on it. Im an honest man, and I had no need for NT so I formatted the hard drive that very day. But imagine if I was dishonest.
    Wine maketh merry: but money answereth all things.
    --Ecclesiastes 10:19

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    882

    Lightbulb Upgrade

    Whenever we do a mass upgrade (ie...New puters, hardware and so forth) for companys. If it involves anything with the HDD's being removed from the site or even remaining on the site. If they contain sensitive data we recomend secure over write X32 (Guttman default more secure than NSA or DOD), then physical destruction via stratigicaly placed hole from a carbide tipped drill be be applied to the drives. Then the rest can go.

    Or overwrite and reformat the old HDD's and install Linux and use the machine. I have found that the old PII's 350's and such found in companys mate not run fast with MS Win2000 or XP. But, they do a hell of a job with "LINUX" with many more years of service availible........

    Just my $.02 cents.
    The COOKIE TUX lives!!!!
    Windows NT crashed,I am the Blue Screen of Death.
    No one hears your screams.


  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    742
    Since I work with security daily and have had a computer store a couple of years ago I have seen it myself aswell, some people dont believe in security ..

    I do encourage our technicians to use "Gdisk" an excelent tool for securely wipe a hdd. Nothing is foolprof but leave sencetive data on a second-hand computer without to wipe or atleast format/erase all data on it is (#%#¤%)..

    Good post {P²P}Apocalypse and greenies to you ThePreacher for your honest way of life .

  5. #5
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193

    Thumbs up

    good post micael. What I usually after wiping hdd is to open it and destroy it. Then I pitch it.

    btw - still have not found out info on those alphas, oh well. give bsd a try I guess.
    Trappedagainbyperfectlogic.

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    276
    Nothing´s safe anymore.. Post the gulf war the Norwegian recovery company Ibas received a hd that the Iraqis had filled with glue and then drive a number (more than three) nails straight trough. They managed to recover al the information on the drive except for the parts where the nails had been driven trough.
    Dear Santa, I liked the mp3 player I got but next christmas I want a SA-7 surface to air missile

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    742
    Originally posted by Pooh-Bear
    Nothing´s safe anymore.. Post the gulf war the Norwegian recovery company Ibas received a hd that the Iraqis had filled with glue and then drive a number (more than three) nails straight trough. They managed to recover al the information on the drive except for the parts where the nails had been driven trough.
    Good post Pooh-Bear. And with those words in mind I have found out that it's almost impossible to protect data. But Ibas is professionals the only way to protect data from them are to melt down the hdd and burry it safely, I could call that method C2 cert for hdd erasing .

    The only good (and sad) thing with Ibas is their prices and verification system, they make sure of your identity before restore any data. And ofcourse I can't afford to hire them when my hdd is blown to pieces.

    Some advice in accidental data loss from Ibas.

    1. Don´t panic
    2. Turn off the power
    3. Do not restart the machine
    4. Do not reinstall any software
    5. Do not open the hard disk or try to repair it yourself
    6. Do not use automatic recovery tools
    7. Assess the situation
    8. Contact Ibas for advice
    Since I cant afford to hire them I would have to do the step 1-5 and then unmount the hdd and put it in another computer. Backup all available data (do not write to the damaged hdd) and finally try with a "automatic recovery tool" and pray to higher powers that it'll work.

    You can visit their website here.

  8. #8
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193

    Cool

    now there is a choice. good. In the past have always used ontrack, they are expensive but have never let me down to data recovery. problems that forced me to send hdds of all kinds to them were floods, fire, massive impact, vandals, etc.

    typically they charged me about 1500-3000$ per hdd.
    Trappedagainbyperfectlogic.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •