164 replies to this topic

[ceehoppy]

Similarly, running my UFD through the washing machine on "heavy duty" cycle (warm water) & tumble dry had did not sanitize or remove data. I have have yet to determine effectiveness of various brands of laundry detergents & will post with any new updates.

[steve6375]

Interesting.

I'll have to think about the actual meaning of this :

means:

• we have no idea of what we are doing and threw at a chip a strong magnetic field since we happened to have a degausser around, just for the fun of it.
  or
• we know for sure that by applying a strong magnetic field powerful eddy currents will be generated, actually so powerful as to damage the chips metal layers, and since this did not happen, the chips have a protection against such eddy currents or we completely missed the point and produced a not strong enough magnetic field and/or no eddy current (or not powerful enough eddy current) was generated.

Yes that amused me too! What perhaps is not so amusing is when you send your old kit to be recycled with guaranteed scrub by the recyclers - how can you be sure they REALLY have scrubbed the SSD memory in it? Also, when you give your old USB flash pen to someone after having 'wiped' it, is it really wiped?

[MedEvil]

Yes, even burnig, crashing or melting will not really clean any media, because data is indestructable!
Unless of course, you want it to last, then it desintegrates after half a second!

[Wonko the Sane]

Also, when you give your old USB flash pen to someone after having 'wiped' it, is it really wiped?

I fear that you are falling, as most people normally do, into a conspiracy theory of some kind (even if slightly ).

I would like to analyze the thing from a different standpoint, if you don't mind .

• If you want to be 100% secure that noone puts their nose into your things, DO NOT WRITE ANYTHING and just memorize them.
• If you want to be 100% secure that noone puts their nose into the things you have written, don't EVER give anyone access to them.
• The use of the SH-1 degausser^® - though rudimental - has proved over the years to be a very good method of making sure that anything - be it optical, magnetic or solidstate based - will NOT be READ by anyone.

Here is an actual representation of this simple, yet powerful, tool in action :


It produces eddy sledgy^© currents that make sure that ANY metal (or non-metal, a clear advantage over a common degausser ) layer will not be ANYMORE the same as before.

But, if you don't want to go this way, and actually want to mantain the physical integrity of the devices, you need to do some calculations.

• Amount of actual meaningful and sensitive data actually present on the device (which does not include programs, music, videos, lolcat images, p0rn downloaded that some malware put on the device, etc., etc.), expressed in percentage of the device size (let's take an 8 Gb device for the sake of the example):
  4,387 bytes (scattered over 7 files, each on average 100 Kb) 4,387/8,192,000,000=0.0000005355224609375
• Amount of possible people to whom you may want to give your old device: 5
• Average among them that may be interested to your data: 1
• hence probability of giving to the actual one interested and not to any of the other peeps 1/5=0.2
• Amount of people in the WORLD capable of:
  
  • desoldering the chip (without damaging it) from the actual device
  • analyze it with a FPGA (and build/procure such a device) AND have the funds to do so:
    
    

    Figure 2 shows the FPGA-
    based hardware we built to extract remnants. It cost
    $1000 to build, but a simpler, microcontroller-based ver-
    sion would cost as little as $200, and would require only
    a moderate amount of technical skill to construct.

  • finding actually ANYTHING (which is NOT AT ALL like looking for known fingerprints):
    

    Finally, we assemble the fingerprints and analyze them
    to determine if the sanitization was successful. SSDs
    vary in how they spread and store data across flash chips:
    some interleave bytes between chips (e.g., odd bytes on
    one chip and even bytes on another) and others invert
    data before writing. The fingerprint’s regularity makes
    it easy to identify and reassemble them, despite these
    complications. Counting the number of fingerprints that
    remain and categorizing them by their IDs allows us to ....

• let's say (BIG NUMBER!) 10,000 out of an estimated population of 6,901,400,000 10/6,901,400= 0,000001449
• Best result obtained by the good guys for a USB stick: 0.64

Thus:
0.0000005355224609375*0.2*0,000001449*0.64=~ 0,00000000000009932314 or 1*10^-14

Taking into account a factor of correction of 1,000,0000 or 1*10⁶ for possible errors in the previous calculations, we should get the actual probability as 1*10^-8 or 0.00000001
Thus you have a 1-0.00000001=0.99999999 or 99.999999% probability that your secrets will remain so.

I think I will - in my complete unconsciousness and recklessness - sleep well even the night after having given away a half-@§§edly wiped USB stick.

Compare with the known cleaning lady danger :
http://reboot.pro/12367/


Wonko

[steve6375]

I agree that it is VERY unlikely that any ordinary person would bother to recover the data, but there are two things that you need to consider:

1. It is MUCH easier and cheaper to get at the unerased data on a flash chip than the 'erased' off-track residual data on magnetic platters - and people already seem to be paranoid about HDD residual data hacking...
2. Government agencies expect their drives to be securely wiped before disposal/recycling. This paper shows that the 'wipe' that they currently do is probably not good enough.

Therefore, however unlikely, it is easier and cheaper to hack flash memory than a hard disk - so high-security agencies need to be careful when they dispose of their SSDs. It is possible to clamp a socket over the top of these chips and get instant access.

[Wonko the Sane]

I agree that it is VERY unlikely that any ordinary person would bother to recover the data, but there are two things that you need to consider:

1. It is MUCH easier and cheaper to get at the unerased data on a flash chip than the 'erased' off-track residual data on magnetic platters - and people already seem to be paranoid about HDD residual data hacking...
2. Government agencies expect their drives to be securely wiped before disposal/recycling. This paper shows that the 'wipe' that they currently do is probably not good enough.

Therefore, however unlikely, it is easier and cheaper to hack flash memory than a hard disk - so high-security agencies need to be careful when they dispose of their SSDs. It is possible to clamp a socket over the top of these chips and get instant access.

WHY?

I am NOT (and I presume MOST members of boot-land reboot.pro ) :

• Government agencies
• paranoid people
• high-security agencies

those are all theories and experimental results that they may need to consider.


Wonko

[MedEvil]

but there are two things that you need to consider:

and people already seem to be paranoid about HDD residual data hacking...

People are not paranoid, because they fear for their data. People are paranoid, because they were made paranoid, by fear mongers!

2 years ago a tv show made an interesting test and asked people on the street, what they were afraid of.
The top 3 were terrorism, earthquakes and tsunamis.

Well the last act of terrorism here in Germany, was more than 30 years ago. Earthquakes in Germany feels like a lorry driving by, if we ever have any at all. And a Tsunami would have a pretty hard time to reach middle Germany were, the questions were asked.

In short, people were afraid of what they were told to be afraid of in the media, not of any real dangers like crossing a busy street or using the car at bad weather.

Most people are just too happy to replace knowledge with blind belief.

[TheRookie]

Hi,

Just chiming in, but not much... unfortunately it aint a free lunch, but...

Advanced functions of O&O TotalErase
As a first in its field, “O&O TotalErase” provides the user with a completely new feature: the fully-integrated “O&O TotalErase Assistant” now allows you
to delete an entire system, including the system partition, with no need for Boot medium. New with Version 4 is the option of exclusively deleting the
system partition whilst excluding other partitions.

I've not seen any other commercial software claim to do this.

[skyide]

You may want to read this: http://www.lifehacke...id-state-drive/

[Wonko the Sane]

You may want to read this: http://www.lifehacke...id-state-drive/

Which is actually what steve6375 posted on #149
http://reboot.pro/13601/page__st__148
You may want to read the thread before re-posting the same things.


Wonko

[skyide]

You may want to read the thread before re-posting the same things.

Wonko

Have you seen the size of this thread? Still nothing compared to others... but yeah, I should have read it (I posted it at random in the hope it would help others but have no interest in the subject)

[MedEvil]

O&O TotalErase seem to do exactly, what i was looking for, unfortunately it does not use ATAPI erase.
So no perfect erase and quite slow.
But so far the only solution. Great find, Rookie!

[boxer]

To start give East-Tec Eraser at "east-tec.com/consumer/eraser/" a look, very secure erasing, meets and exceeds government and industry standards for the permanent erasure of digital info. I've been using it for years. Then take a look at this project I've been working on, Backtrack4 at "backtrack-linux.org" "Home of the highest rated and acclaimed Linux security distribution to date"

It's free to download and use, it's intended for all audiences from the most savvy security professionals to early newcomers to the information security field. Well documented, The National Security Agency and the Central Security Service and other government bodies use this distro as their main testing platform. BT has indispensable tools related to security, forensics, penetration testing and everything else in between. It far exceeds anything EVER developed commercially and is freely available. BackTrack is the one-stop-shop for all of your security needs.

[chillshy]

I am lost....lol