On destroying data

The Known Plaintext blog has a pretty interesting high-level article called Ten Commandments of Data Destruction, which gives some advice on how to handle destruction of data on hard drives or USB thumb drives (e.g. if you want to sell them on eBay)...

While most of the stuff is good advice, there's one thing in there which is certainly not a good idea: "format your hard drive before giving it to the recycler"! That will usually not help at all! Don't ever think that formatting will really erase your data! Using simple, and widely-available tools everybody could restore data from such a formatted drive, even without requiring any costly equipment.

If you absolutely must sell or give away an old hard drive (physical destruction is always better!), wipe it with a Gutmann-style tool, such as wipe(1), or shred(1). Oh, and apply the tools to the raw partitions (e.g. /dev/hda) after booting from a live CD. Wiping single files on a mounted file system might not yield the expected results on some (journalled) file systems, because they are caching stuff etc...

The follow-up article presents some further ideas, e.g. an acid bath for your hard drive. It also mentions that simply breaking the read/write head or the motor of the disk might not suffice, forensics labs could replace those parts successfully...

David Bianco makes a very good point about data on company laptops (especially so if you consider the alarmingly high rate of "laptop theft, xxx million data records lost"-type news stories): "don't put the freakin' data on the laptop in the first place!".

(via Jesse Kornblum)

Nexuiz - a fast-paced, GPL'd ego shooter

Nexuiz screenshot

Although I'm not a "gamer", I enjoy playing computer games from time to time. First-person shooters are especially well-suited for relaxing after a long and exhausting day ;-)

IMHO a very good choice, if you're looking for a fun Free Software first-person shooter running on Linux, is Nexuiz.


  • is GPL'd (and not only the code, but also the data!)
  • is based on the Darkplaces engine, which in turn is based on the Quake engine
  • should be packaged for Debian sooner or later
  • has an unpronouncable name, which is always a bonus ;-)

Nexuiz version 1.5 has recently been released, which features new maps, new characters, better AI and lots more. Check it out!

Forensic Discovery - a (free) book by Wietse Venema and Dan Farmer about forensic techniques for gathering digital evidence

I accidentally stumbled over this today: the book Forensic Discovery, written by two security gurus — Wietse Venema and Dan Farmer - has been published by Addison-Wesley.

Which is nice and all, but even nicer is the fact that the book is freely available for online reading. There's also a ZIP-file, if you want to get the whole thing.

This should make for some interesting reading during the next few weeks...

Last chance to fight EU data retention

On the 13th of December (next Tuesday) the European Parliament will vote on a Data Retention Directive. This directive is stupid, stupid, stupid (you cannot stress that enough)! More info on the Data Retention is No Solution wiki.

The Open Rights Group has an article on fighting data retention which outlines what you can do to (hopefully) stop this.

/me walks to the local Irish pub for some Guinness now.

Syndicate content