|
|
| Author |
Message |
| 25 new of 547 responses total. |
other
|
|
response 221 of 547:
| 
May 13 22:26 UTC 2003 |
Why the heck would we KEEP the current Grex one we complete the migration
to the next Grex?
Do we still need the first Grex? Or the second? So why not give it away
to someone else who might actually put it to use? Including Marcus or
STeve, if they want to take it away.
And, if we're not going to use the current disks on the new system, then
why should we keep them? And if we're not going to keep them, then we
damn well ought to destroy them because it is the only way to absolutely
insure that their contents are unrecoverable.
I don't think my comment was radical, and I DO think it was logically
sound and consistent with both our past practices and our current
philosophies.
|
keesan
|
|
response 222 of 547:
|
May 13 22:45 UTC 2003 |
Can't you simply overwrite the entire disk with 0's?
|
other
|
|
response 223 of 547:
|
May 13 23:08 UTC 2003 |
There are a lot of levels of sophistication of data recovery tools
available, and I don't know how available products of any particular
level are, but it is quite possible that no reasonable amount of
overwriting with 1s, 0s and/or random ASCII values would entirely
obliterate and render irretrievable someone's personal data on these
disks.
|
styles
|
|
response 224 of 547:
|
May 13 23:11 UTC 2003 |
/dev/zero is your friend.
dd if=/dev/zero of=/dev/whatever bs=8192 (blocksize on grex is probably lower)
there may be some concern about the disks being magnetic and the zero's not
doing enough.
|
gelinas
|
|
response 225 of 547:
|
May 14 00:34 UTC 2003 |
(The question is not, "Who would be interested in the data on the disks?"
The question is, "Who would be interested in _their_ data on the disks being
released or revealed?" We've too many users to get ALL of them to answer that
question negatively.)
|
lk
|
|
response 226 of 547:
|
May 14 01:26 UTC 2003 |
The question I'd ask: is it easier to (potentially) crack root and see the
data on the disks or to actually recover the data once reasonable precautions
are taken to erase it. The point being that no one should ever expect that
their data on a public access system is 100% secure.
Of course, if STeve or mdw are interested in the old machine, that would
solve the problem given that the scrubbed disks would be in safe hands (for
some time to come).
|
cross
|
|
response 227 of 547:
|
May 14 02:01 UTC 2003 |
I agree with #226; no one on grex has any sort of guarantee about the
safety of their data. Indeed, grex is planning on using a password system
on next grex that inherently compromises the data of all users if someone
has managed to crack root. Going and getting the disks from someone in
Michigan after they've been scrubbed is a lot more work than just getting
the data off the disks now or after the transition to the next grex.
I sympathize with Joe's sentiment about wanting to keep user data secure,
not it's not going to be any less secure on a scrubbed disk as it is on
grex now or in the future.
|
i
|
|
response 228 of 547:
|
May 14 02:03 UTC 2003 |
With a clean room for disecting disk drives, some millions of dollars worth
of exotic high-tech instruments, and skilled staff to match, it should be
presumed that supposedly-totally-erased data can be recovered from drives.
Anyone *that* interested in the data could get it far faster, sooner, and
cheaper in a host of other ways, starting with simple physical break-in.
Thus, it's reasonable to assume that any data on grex worthy of such
efforts has already been stolen, and giving the hypothetical hostiles an
extra copy is actually *good* tactics - they waste resources to read it.
|
other
|
|
response 229 of 547:
|
May 14 02:17 UTC 2003 |
Well. I guess I'M the one being anal about security this time. It's a
rotating responsibility. Someone else take over, 'cause it looks like
I'm done.
|
polytarp
|
|
response 230 of 547:
|
May 14 02:40 UTC 2003 |
WE NEED TO STOP THE SUBVERSIVEs... SQUIRRLEy-Group?
|
scg
|
|
response 231 of 547:
|
May 14 04:58 UTC 2003 |
The first Grex is (or at least was the last time I saw it) in Marcus's
basement. As of a couple years ago, when I was last in the Pumpkin, Grex 3
was still there. I think Grex 2 may have been as well, but Grex 2 may have
been harvested for parts (2 and 3 were similar enough for some hardware to
be interchangable.
|
cross
|
|
response 232 of 547:
|
May 14 13:08 UTC 2003 |
Regarding #229; There's nothing wrong with being anal; but if you're
going to be anal about one thing, it's best to be anal about everything
else, as well. For instance, not just merging the existing contents of
/etc/shadow into a Kerberos KDC for use as keys....
Security is all about tradeoffs. If people really wanted their data to
be secure, they'd encrypt it, put it on some sort of tramper-resistant
media, enclose that in a cube of lead with two foot walls, enclose that
in a block of concrete, booby trap it so that if anyone tries to open it,
they die, and dump it into the Mariana's trench; all in secret so that
nobody knew they'd done it. Even then, it wouldn't be totally secure.
One has to do a risk analysis, and determine whether the cost of
protecting the data from prying eyes is worth the value of the data.
If it is; great, do whatever you need to to make sure no one gets access
to it. If not, then take some reasonable precautions, but don't lose
sleep over it. Data from grex definately falls in the latter category.
|
jep
|
|
response 233 of 547:
|
May 14 14:47 UTC 2003 |
Oh, I'd say para 2 in ersp:232 describes "total security" in real-world
terms. There's no way to recover anything 7 miles into the ocean.
Leeron in resp:226 and the next several comments describe my opinion
about the need for disk security. Grex needs to reasonably match the
security presently given to that data. That's all anyone has any right
to expect. A good formatting of those drives ought to be easily
sufficient to keep the data as secure as it is now.
My goodness, how difficult would it be for someone to break into the
Pumpkin right now and steal tapes, hard drives, or even all of Grex?
Where else are backups kept? Any of those places could be breached by
someone with such sophisticated specialized training as we probably all
got from our parents when taught how to use a screwdriver. It'd be a
lot easier to steal the data (and cheaper, and much more reliable) than
to recover data from a formatted hard disk.
|
cross
|
|
response 234 of 547:
|
May 14 16:21 UTC 2003 |
Yes, but one might throw out one's back trying to steal the current
grex.
|
other
|
|
response 235 of 547:
|
May 14 18:20 UTC 2003 |
re #233: Out of curiosity, do you actually KNOW the location of the Pumpkin?
When was the last time someone cracked root on Grex?
What does it cost us to destroy the old disks? What if a user who wants their
privacy doesn't know enough to know the real risks to the privacy of their
data inherent in placing it on Grex? I'd say trashing the disks is less work
and more security than wiping them a few times, and eliminates the risk of
charges of carelessness with user data. (Whether that risk is real or
imagined.)
But I really don't care that much about it. I don't keep my SSID and credit
numbers on Grex... <shrug>
|
cross
|
|
response 236 of 547:
|
May 14 18:52 UTC 2003 |
Regarding #235; No, I don't. But I'm willing to bet that someone who's
going to go to the trouble of restoring user data off of the disks
(how are they going to locate them, anyway?) does. When was the last
time someone broke root? Well, how do you know that anyone other than
the person or persons who did so know? Someone who cares enough about
Grex's data is likely to be able to find someone who could break in
without anyone knowing. Besides, grex runs some insecure software.
The version of sendmail it runs is (last time I checked, anyway)
potentially vulnerable to some well-known holes. If a user stored data
on grex without realizing that they had no expectation of the privacy
of that data; well, tough. And besides, making a good faith effort
at protecting that data by scrubbing the disks is enough to avoid any
charges of negligence (which are purely hypothetical anyway).
Now, don't get me wrong. If you want to destroy the disks; go for it.
But it's not necessary, and people should be educated about why that is.
|
tod
|
|
response 237 of 547:
|
May 14 19:22 UTC 2003 |
This response has been erased.
|
aruba
|
|
response 238 of 547:
|
May 14 20:28 UTC 2003 |
The SCSI disks arrived yesterday. They have the right connectors. Thanks
Leeron! I'll be putting them in this week, and if I can, testing them with
Windows.
|
cross
|
|
response 239 of 547:
|
May 14 22:39 UTC 2003 |
Aww.... At least test it with some variant of Unix. :-0
|
aruba
|
|
response 240 of 547:
|
May 15 01:39 UTC 2003 |
UNIX will get its chance, don't worry.
|
scott
|
|
response 241 of 547:
|
May 15 02:38 UTC 2003 |
I've got plenty of Linux distros, Mark.
|
gelinas
|
|
response 242 of 547:
|
May 15 03:20 UTC 2003 |
(I don't think the old disks would be vulnerable to targetted data recovery,
but they could cause unintended disclosure: someone put something they
really shouldn't have on the disk and then forgot about it. If the disks
were sold to a user of grex, though, targetted data recovery becomes a
higher probability. (Say, 30% instead of 15%, to pull some numbers from
the air.))
|
scg
|
|
response 243 of 547:
|
May 15 05:02 UTC 2003 |
Being a pack rat, I'd be tempted to keep the data intact in case anybody
wants it for historical research in a hundred years, but that's just me.
|
cross
|
|
response 244 of 547:
|
May 15 12:42 UTC 2003 |
Regarding #242; Joe, even if they scrub the entire disk? Just curious.
|
gull
|
|
response 245 of 547:
|
May 15 13:08 UTC 2003 |
I'd say the amount of time necessary to recover data from a scrubbed
Grex disk is going to be totally out of proportion to the value of any
data likely to be on those disks. We're not talking about a situation
where you can just run 'undelete' and get it all back, this is an
expensive and time-consuming process.
|
