Measure and control IT security

Declan McCullagh posted a report on ZDNet News, telling that a former employee is claimed to have used a secure file deletion utility in violation of federal hacking laws.

The employee had worked in a real estate related business. His work consisted of identifying “potential acquisition targets.” When he quit and decided to start a business of his own, he had to return his work laptop — and the company consequently tried to undelete files on it to prove he did something wrong. However, it turned out that he had used a “secure delete” program to make sure that the files were not just deleted, but overwritten and unrecoverable.

The company claimed that the former employee’s alleged secure deletion violated a federal computer crime law called the Computer Fraud and Abuse Act. That law says whoever “knowingly causes damage without authorization” to a networked computer can be held civilly and criminally liable.

However, the employee pointed out that his employment contract permitted him to “destroy” data in the laptop when he left the company.

This blog is run by the authors of QuickWiper, a Windows security program. QuickWiper allows you to delete files with simplicity and ease. When deleting files with QuickWiper, you can choose a fast single pass, or the most secure NSA erasure algorithm.

According to THOMAS J. FITZGERALD article found at globetechnology.com, maintaining privacy in the era of digital information requires work on a number of fronts, from network and applications security to protecting important files with encryption to configuring a Wi-Fi hot spot to keep interlopers off a wireless network.

However, there is one privacy measure that is “easily overlooked”: secure data destruction.

For inividual users, deleting confidential data completely is essential when donating or selling old computers, and it can also help “maintain privacy on computers that may end up lost or stolen”.

And for businesses looking for ways to comply with the security requirements of laws like the Sarbanes-Oxley Act, a sound policy on data control and destruction is crucial.

When normal Windows deletion methods are used, the computer’s operating system, for the sake of speed, creates an illusion that data has been deleted. In fact, it merely earmarks that region of a disk or drive as being available for new data to overwrite the old data. Until that overwriting occurs, the old data can be retrieved with undelete programs and tools used by data recovery labs and law enforcement agencies.

There are, however, several options for securely eliminating data from hard disks, USB flash drives and other storage media. File wiping utilities overwrite data with meaningless characters to render it unrecoverable with today’s data recovery techniques. Some of the programs can overwrite entire drives, while others can single out individual files or other information saved by a computer’s operating system or programs like Web browsers. Such programs should become an important part of overall information security within an enterprise. Besides, they can also be used by individual users.

This blog is run by the authors of QuickWiper, a Windows security program. QuickWiper allows you to delete files with simplicity and ease. When deleting files with QuickWiper, you can choose a fast single pass, or the most secure NSA erasure algorithm.

According to a recent research, many people are taking risks with data on hard drives and memory cards which they are selling via internet. Such sensitive information, as personal letters, passwords, resumes, spreadsheets, phone numbers and e-mail addresses were all found on storage hardware that could be easily bought at any auction site. The problems arose because sellers did not delete data from the hardware altogether.

Besides, it was rather easy to reconstruct almost everything that some users did online, and to grab cookies and login details for sites they visited.

In most cases, people used Windows “delete” function to erase the data. However, in PCs and other digital devices it simply applies a label that says these sections of storage can be over-written. That means, such data remains intact for a long time, especially on large drives.

Recovering such information is quite straight-forward for forensic firms and individuals.

It is extremely hard to completely destroy some pieces of information. That’s why the users are advised to employ specific secure file deletion solutions.

This blog is run by the authors of QuickWiper, a file wipe utility.

An article in Iusmentis.com describes secure methods of file deletion. A normal “delete” command does not actually delete files at all. But even when using more advanced “file wiping” utilities, some data may remain on the hard disk that maybe used for some malicious purposes. In particular, the magnetic properties of a hard disk can be exploited to recover data.

Not so long ago, simple Windows system commands were held to be a “secure” method of file deletion. When these were found to offer very little genuine security, specific utilities became available that were able to overwrite the related disk sectors. It seemed that these would surely be foolproof, however not all of these programs provided for the necessary level of security.

There are three areas of particular concern regarding secure files deletion:

1. When a file is written to a disk, it has a certain number of sectors or clusters allocated to it. The area of disk space provided, is always larger than the file itself. Deleting a file alone, leaves a space which can contain sensitive data. There are a number of ways in which this sensitive data can be deposited without a user knowing it.

2. It is in the nature of a computer, to always be updating one file or another. Every time a file is updated or “saved”, new copies are created and written wherever there is sufficient space. Applications can create huge numbers of such files. When a file is eventually deleted, only the last image is accounted for. All other images appearing as free disk space, unseen, unsuspected. That is until a disk is viewed with the appropriate software; then is all is revealed. Even when partially overwritten, these files can make interesting reading ! … As a precaution against this kind of threat, NEVER EVER “save” an edited plaintext file; use “save as” instead. All versions will then remain available for deletion.

3. As if the preceeding were not enough, applications also create “temporary” files as part of their normal execution. That these files are not so “temporary”, can now be appreciated.

Some would say that there is no chance of recovering data that has been overwritten just once or twice. These individuals are without awareness, of the “true” extent to which “data remanence” has been investigated ! Deletion by rewrite is never absolute; more of a sliding greyscale. Once magnetic media have been exposed to a structured magnetic field, it is in reality, very dificult to ever totally diguise the fact. This applies especially to present drive heads, and high coercivity media. When a write function is carried out, magnetic domains are created by the millions for each bit that is written. There is a limit as to how great the write current can be, or adjacent data will be corrupted. Increasing the spacing between adjacent data bit representations, would lower the total capacity of the media. Modern high coercivity magnetic coatings allow much greater data densities, but are more difficult to magnetize.

Consequently, when a rewrite is carried out, a significant number of these tiny molecular domains remain in their original orientation. This orientation is never the exactly the same twice. The precise orientation of the domain would have been influenced by adjacent bit representations. Each precise orientation being individualized like a finger print. With each subsequent rewrite, less of these “permanent” domains remain, and so a molecular history is encoded by a scale of relative molecular domain numbers.

In an age where molecular polarity is such a vital area of science, it should come as no suprise that special techniques exist for its determination. The obvious value of being able to recover data, is not lost to the malicious attackers.

This blog is run by the authors of QuickWiper, a file wipe utility.