[PB2K]

Hi, I just sold a mac laptop on ebay. The buyer called to make an appointment, but because I was busy with things I barely had time to erase the full harddisk.

I created a new admin account, logged out, and logged in with the new admin account. From there I deleted my user account. I zero'd the remaining space on the drive for 10 minutes. Then I sold it.

Question. Does this qualify as secure? How would you do a quicky to erase a full drive, with just say 10 minutes time to do this?

[AKcrab]

I think you did the only thing that you could given the circumstances, but unless you let the zero out finish, there will still be fragments that could be picked up with data recovery software.

[PB2K]

Is it better to use diskutility and partition the drive in 10 partitions? then back to 1 partition?

[reader50]

That would rewrite the partition map a couple times. No, what you want is to zero out the drive, or better yet, write random data to the entire drive, then zero (secure erase). In either case, you write to the entire drive at least once, possibly 2-3 times.

For a 1 TB drive, and assuming you can average 70 MB/s, that works out to almost 4 hours per pass. So 4-12 hours to truly secure erase a 1 TB drive.

[ghporter]

Goofing up a partition table makes it hard for the OS to find your data, but there are a lot of tools that can sift through clusters and automatically make good guesses about what goes with what. A borked partition map is basically like hiding where the front door keyhole is, without actually locking the door.

Three passes with random data would be more than adequate protection for personal information. The basic standard for wiping drives calls for three passes: write all ones, write all zeros, then write random data. DoDI 5220.22M (Data Remanence) lists more thorough standards for higher levels of classified information.

The Wiki article on data remanence has plenty of good information for the security conscious. Recovering overwritten data from a modern hard drive is very difficult. Recovering data that has been overwritten multiple times is extremely challenging and takes sophisticated, expensive equipment and lots of time. The odds of someone wanting to steal your identity or max out your credit cards and having the means to recover data from a 3-pass wipe are astronomical.

[ibook_steve]

A nice big magnet could also do the trick!

Steve

[reader50]

That would erase the low-level formatting, which can't be restored on IDE drives. Useful for disposing of a drive, but not for resale.

[ghporter]

It takes a humongous magnet to really ruin a hard drive. Or, for that matter, to anything to it at all. To start, the case is pretty good at protecting the platters from external magnetic fields. To really destroy a drive with magnets, you disassemble the whole thing, and put the platters in a degauser (or at least take the outer covers off and put it in). In some cases, bulk destruction goes farther-picture what is essentially a junk yard electromagnet, with a platform on it that intact drives are placed on. The magnet comes on for several minutes, goes off and comes back on again. Sometimes they can reverse the field from one cycle to another. The platters, are wiped, the electronics are fried, and much of the device will now stick to your refrigerator. It's dead as dead can be. And that's really overkill. You may as well shred the drive-and there are machines that physically shred drives. It's a lot quicker.

[Mojo]

A sledge hammer also works quickly and cheaply... for data destruction, not resale.

[turtle777]

1 pass wipe is just fine. Multiple wipes is FUD.

-t

[Eriamjh]

Originally Posted by turtle777 

1 pass wipe is just fine. Multiple wipes is FUD.

-t

I always wondered how they could tell a zero was a one before it was a zero or if it was previously a zero.

[reader50]

The magnetic platter is an analog storage device. The control board converts the raw reading by rounding, and using data correction blocks. We get our clean 1s and 0s from that process.

If someone replaced the control board with one that output the analog value from each bit location, they might be able to tell if the value had recently been different. There'd be a lot of noise in the results - a high background error rate. Requiring lots of manual interpretation. Not practical unless you are trying to extract national secrets, or with a LOT of money at stake. Like industrial espionage.

[Eriamjh]

Originally Posted by reader50 

If someone replaced the control board with one that output the analog value from each bit location, they might be able to tell if the value had recently been different. There'd be a lot of noise in the results - a high background error rate. Requiring lots of manual interpretation. Not practical unless you are trying to extract national secrets, or with a LOT of money at stake. Like industrial espionage.

Someone buying used computers isn't going to do this. The gov't would, but not your average sneak.

[ghporter]

Originally Posted by Eriamjh 

Originally Posted by turtle777 

1 pass wipe is just fine. Multiple wipes is FUD.

-t

I always wondered how they could tell a zero was a one before it was a zero or if it was previously a zero.

It's called "remanence." A zero may be a zero and a one may be a one, but just how far over the threshold for those values is each spot on a platter? The threshold value is managed by controller hardware within the drive-and that can be manipulated in a number of ways from commands to the board to hacking the firmware.

Multiple overwrites make each spot's history muddy enough that previous data is "nearly" impossible to recover. More than just a few overwrites makes it technologically infeasible to recover any data that is not exceptionally valuable (extremely highly classified data-nuclear/strategic systems/intelligence sources/ongoing diplomatic activities), and such recovery is almost certain to be spotty at best. But just a single overwrite is technically quite easy to defeat-data recovery labs do it all the time with a very high percentage of the data fully recovered.

It's not FUD, but it IS a question of just how paranoid you are about your data and what your reasons for this paranoia are. Credit card numbers, Social Security numbers and other personal data are so low-value (to the attacker) that a three-pass wipe may be excessive. Corporate secrets are definitely worth three passes. It's a matter of whether or not your data is really at risk when if the media is obtained by someone who shouldn't have it.

[turtle777]

Originally Posted by ghporter 

It's not FUD, but it IS a question of just how paranoid you are about your data and what your reasons for this paranoia are.

I call it FUD because there is no automated method to do it, and the effort is prohibitive even after 1 pass wipe:

There is some industry debate as to how many times a drive needs to be rewritten in order for the old data to be one hundred percent irretrievable. But Henley, who worked eleven years in law enforcement as a Computer Forensics examiner says he has never encountered an instance where one complete cycle of character writes didn't work.

Nathan Jones, director of sales for White Canyon agrees and says that the Department of Defense standard for sensitive data is three complete passes and a verification check. However, he notes, after a single pass on today's modern hard drives, you would need an electronic microscope to see the data, and that no software could retrieve it. He believes the misconceptions regarding the number of passes needed to completely wipe the drive stem from information that was written with older hard drive technology in mind.

The last sentence seems especially true, since this 7-wipe thing is repeated over and over again w/o merits with today's drives.

Wipe, Don't Reformat, Your Old Hard Drives - www.smallbusinesscomputing.com

-t

[ghporter]

I think context is important here. For law enforcement, data recovery is a very costly thing and any ambiguity in recovered data makes legal proceedings less straightforward, while military and governmental data security operations are built in and part of normal operations. My background is military, so I tend to apply that level of paranoia.

I'll agree that a single pass on a modern drive should make recovery of data infeasible for all but the most diligent adversary, so personal data should be well protected by a single pass wipe. A lot of people underthink security and forget about unused space, but again a single pass would be more than ample, especially since much of that free space is also probably "freed" after being used and overwritten already. But I would still recommend a 3-pass wipe for corporate data, as diligent adversaries abound in business.

[turtle777]

I agree with your assessment.

For most people, choosing a good password would increase their security by magnitudes over a 3 pass wipe.

-t

[ghporter]

Originally Posted by turtle777 

For most people, choosing a good password would increase their security by magnitudes over a 3 pass wipe.

-t

Absolutely true. I'm always surprised with how worried people are about their data, but they still use a 6 character dictionary word for their password-and the same password for everything. I think this is in part due to the old and poorly explained "never write down a password" rule. Sure, NEVER write down you work computers' passwords and leave the note at work. Good, complex passwords need to be written down or you can't really use them, but if you write it down and keep it on your person, the issue is moot. Unless people are commonly mugged for their password lists in your place of work, that is.

[PhilCat]

Originally Posted by turtle777 

I call it FUD because there is no automated method to do it, and the effort is prohibitive even after 1 pass wipe:

To prove this accurate, my partner accidentally erased his external drive of his wedding photos.
He got them back, but the service was $500.00.

[P]

Originally Posted by ghporter 

Absolutely true. I'm always surprised with how worried people are about their data, but they still use a 6 character dictionary word for their password-and the same password for everything. I think this is in part due to the old and poorly explained "never write down a password" rule. Sure, NEVER write down you work computers' passwords and leave the note at work. Good, complex passwords need to be written down or you can't really use them, but if you write it down and keep it on your person, the issue is moot. Unless people are commonly mugged for their password lists in your place of work, that is.

My personal annoyance is the mandatory password changes, because all they do is make people add a digit at the end and increment it by one. I have a few passwords that I reuse (not dictionary words, significantly more than 6 chars), but I salt them by adding one or two chars based on what the password is for. Google has also added the option of two-factor authentication - that's an interesting feature that I'll have to consider enabling.

[Spheric Harlot]

Originally Posted by PhilCat 

To prove this accurate, my partner accidentally erased his external drive of his wedding photos.
He got them back, but the service was $500.00.

That's not "cost prohibitive".

That's total peanuts compared to the value of corporate data.

Also, the low cost probably means he just formatted, rather than actually wiping the drive, right?

[PhilCat]

Originally Posted by Spheric Harlot 

That's not "cost prohibitive".

That's total peanuts compared to the value of corporate data.

Also, the low cost probably means he just formatted, rather than actually wiping the drive, right?

True, $5k if corporate is nothing, vs Ebay purchase /sale of single device, and doubtful a deep scan of drive for no reason and cost of.

As for the wiped drive of wedding, hard to say. You could be right, but I'll ask if he recalls details.
Gone is gone if you can't pull them yourself, and severe Panic is usual mode,
vs lost bookmarks.

[ghporter]

Originally Posted by P 

My personal annoyance is the mandatory password changes, because all they do is make people add a digit at the end and increment it by one. I have a few passwords that I reuse (not dictionary words, significantly more than 6 chars), but I salt them by adding one or two chars based on what the password is for. Google has also added the option of two-factor authentication - that's an interesting feature that I'll have to consider enabling.

Properly managed mandatory password changes do make things much more secure, especially when complexity is enforced and reuse is prohibited. But if users only increment a digit in the password, it becomes "the same old password" pretty quickly and thus decreases the security of the whole system.

The method you describe, with what might be called a "base" password and adding various stuff to it for different applications/sites/systems works well. The difficult part is maintaining the complexity without such resulting passwords becoming the same as the increment-based poor passwords. Effectively you have to put the added parts in different spots for different uses to keep it from becoming "password123NN" for this site and "password123Amazon" for Amazon, etc.

[turtle777]

Originally Posted by PhilCat 

As for the wiped drive of wedding, hard to say. You could be right, but I'll ask if he recalls details.
Gone is gone if you can't pull them yourself, and severe Panic is usual mode,
vs lost bookmarks.

No, it's NOT hard to say. I bet you a million $$$ that he only formatted the drive, but did not do at least a 1-pass wipe. Did you read the above link what it takes to read data after a wipe ?

Btw, if it would make your partner feel better, restoring a just formatted drive can be done with software for less than $100. :-)

-t

[Mojo]

To minimize the chances of someone gaining access to sensitive data on a Mac sold or stolen I simply encrypt all financial info, passwords and other sensitive files. My secure password has upper and lower case characters, numbers and punctuation; after typing it hundreds of times I don't have any problem remembering it... Anything that gets trashed is securely deleted; I also use an app that securely wipes trashed e-mail, browser cache, history and cookies.

Finally, if I sell a Mac it gets wiped multiple times and a new OS installed. After doing everything in the first paragraph the wiping is just added insurance...