|
|
| Author |
Message |
| 25 new of 547 responses total. |
cross
|
|
response 234 of 547:
| 
May 14 16:21 UTC 2003 |
Yes, but one might throw out one's back trying to steal the current
grex.
|
other
|
|
response 235 of 547:
|
May 14 18:20 UTC 2003 |
re #233: Out of curiosity, do you actually KNOW the location of the Pumpkin?
When was the last time someone cracked root on Grex?
What does it cost us to destroy the old disks? What if a user who wants their
privacy doesn't know enough to know the real risks to the privacy of their
data inherent in placing it on Grex? I'd say trashing the disks is less work
and more security than wiping them a few times, and eliminates the risk of
charges of carelessness with user data. (Whether that risk is real or
imagined.)
But I really don't care that much about it. I don't keep my SSID and credit
numbers on Grex... <shrug>
|
cross
|
|
response 236 of 547:
|
May 14 18:52 UTC 2003 |
Regarding #235; No, I don't. But I'm willing to bet that someone who's
going to go to the trouble of restoring user data off of the disks
(how are they going to locate them, anyway?) does. When was the last
time someone broke root? Well, how do you know that anyone other than
the person or persons who did so know? Someone who cares enough about
Grex's data is likely to be able to find someone who could break in
without anyone knowing. Besides, grex runs some insecure software.
The version of sendmail it runs is (last time I checked, anyway)
potentially vulnerable to some well-known holes. If a user stored data
on grex without realizing that they had no expectation of the privacy
of that data; well, tough. And besides, making a good faith effort
at protecting that data by scrubbing the disks is enough to avoid any
charges of negligence (which are purely hypothetical anyway).
Now, don't get me wrong. If you want to destroy the disks; go for it.
But it's not necessary, and people should be educated about why that is.
|
tod
|
|
response 237 of 547:
|
May 14 19:22 UTC 2003 |
This response has been erased.
|
aruba
|
|
response 238 of 547:
|
May 14 20:28 UTC 2003 |
The SCSI disks arrived yesterday. They have the right connectors. Thanks
Leeron! I'll be putting them in this week, and if I can, testing them with
Windows.
|
cross
|
|
response 239 of 547:
|
May 14 22:39 UTC 2003 |
Aww.... At least test it with some variant of Unix. :-0
|
aruba
|
|
response 240 of 547:
|
May 15 01:39 UTC 2003 |
UNIX will get its chance, don't worry.
|
scott
|
|
response 241 of 547:
|
May 15 02:38 UTC 2003 |
I've got plenty of Linux distros, Mark.
|
gelinas
|
|
response 242 of 547:
|
May 15 03:20 UTC 2003 |
(I don't think the old disks would be vulnerable to targetted data recovery,
but they could cause unintended disclosure: someone put something they
really shouldn't have on the disk and then forgot about it. If the disks
were sold to a user of grex, though, targetted data recovery becomes a
higher probability. (Say, 30% instead of 15%, to pull some numbers from
the air.))
|
scg
|
|
response 243 of 547:
|
May 15 05:02 UTC 2003 |
Being a pack rat, I'd be tempted to keep the data intact in case anybody
wants it for historical research in a hundred years, but that's just me.
|
cross
|
|
response 244 of 547:
|
May 15 12:42 UTC 2003 |
Regarding #242; Joe, even if they scrub the entire disk? Just curious.
|
gull
|
|
response 245 of 547:
|
May 15 13:08 UTC 2003 |
I'd say the amount of time necessary to recover data from a scrubbed
Grex disk is going to be totally out of proportion to the value of any
data likely to be on those disks. We're not talking about a situation
where you can just run 'undelete' and get it all back, this is an
expensive and time-consuming process.
|
jep
|
|
response 246 of 547:
|
May 15 16:23 UTC 2003 |
re resp:234: I don't know the location of the Pumpkin, but don't
imagine it would be difficult to find it out if I wanted to. I might
even send you an e-mail:
Hey, Eric! Where is the Pumpkin? Just curious.
Would you refuse to answer such a request? If I sent it to
staff@grex.org, shouldn't I expect to get an answer? I don't think
Grex is all *that* security conscious.
|
jhudson
|
|
response 247 of 547:
|
May 15 21:39 UTC 2003 |
I can give you the street address if you wish.
|
cross
|
|
response 248 of 547:
|
May 15 21:45 UTC 2003 |
Shh! Don't *do* that! The evil ones might go and steal grex.
At least it'll be easy to identify them at the hospital: they'll
have hernias.
|
aruba
|
|
response 249 of 547:
|
May 15 23:09 UTC 2003 |
The address of the Pumpkin is not something Grex makes a point of
publishing. For one thing, we don't want anyone to go to the Pumpkin (or
send mail there) if they need to contact someone about Grex. For another
thing, well, I don't know what the other thing is. But there's no real
reason for anyone but staff to go there.
But, as several people have pointed out, I'm sure it wouldn't be hard to
find out if you wanted to. I just typed the address into google and it
found someone who's listing Grex under that address. Hmmm, we should
probably do something about that...
|
tod
|
|
response 250 of 547:
|
May 15 23:34 UTC 2003 |
This response has been erased.
|
other
|
|
response 251 of 547:
|
May 16 00:45 UTC 2003 |
No, no. NORTH Huron! (Grex moved to Ypsi...)
|
spooked
|
|
response 252 of 547:
|
May 16 01:24 UTC 2003 |
*smiles* We guard it by BIG nasty dogs - they won't get too far :)
|
gelinas
|
|
response 253 of 547:
|
May 16 02:17 UTC 2003 |
Dan, yes, even if the disks were scrubbed first.
I know folks with lots of spare time on their hands. I know folks
who have written their own disk-recovery software. (To the best of my
knowledge, the intersection of those two sets, BTW, is the null set.)
I can see someone with the time and interest using the grex disks as an
experiment base for their own efforts. (They'd probably settle for *any*
disk, not just grex's.)
|
lk
|
|
response 254 of 547:
|
May 16 04:30 UTC 2003 |
Who's in charge of offing people who find out the address of the Pumpkin?
Mark, don't freak out, but I have your address. See that car parked
outside your house? The dark van, with the tinted windows? That's my
sister. She's Mossad so you might not be able to spot the van. Nonetheless,
since you have the new disks, it's only a matter of time before you deliver
them either to the Pumpkin or to someone else who will ultimately take them
there. Don't look over your back, she's following you. Take my word for it.
And then, when we discover the location of the pumpkin, we'll contact
G Gordon Liddy to break in and steal the tapes. Er, disks....
Actually, I got a good laugh from Walter's comment:
> it's reasonable to assume that any data on grex worthy of such
> efforts has already been stolen
So we're just discussing how wide to leave open the barn doors. (:
(Though obviously, some horses are still inside.)
|
aruba
|
|
response 255 of 547:
|
May 16 13:12 UTC 2003 |
So *that's* why that woman was following me yesterday.
|
jhudson
|
|
response 256 of 547:
|
May 16 15:46 UTC 2003 |
What's the matter guys, can't figure out how I know the address
even though I am ~2000 miles away.
|
tod
|
|
response 257 of 547:
|
May 16 16:16 UTC 2003 |
This response has been erased.
|
cross
|
|
response 258 of 547:
|
May 16 16:34 UTC 2003 |
It depends on whether Leeron's sister is smoking or not. Leeron,
got a picture? Nyuk nyuk nyuk. Beware those Israeli women, though;
though they smoke, they're heart breakers.
Regarding #253; Joe, if you know someone who can recover data from a
properly scrubbed disk, I'd almost be willing to say, give them the
disks and see if they can get anything off of them.
|
