Archive for the ‘Security’ Category

Microsoft told to pay $388 million over piracy patent

April 8th, 2009 1 comment

Microsoft was told by a federal jury to pay $388 million to a Singapore company for infringing a patented invention used to deter software piracy. Read more…


Secure Erase and checking for random data, erased disk drives

January 3rd, 2009 No comments

Below is from the smartmon-ux manual, and shows examples of commands one can use to see if a disk contains random data, as well as how data was distributed on a disk before and after running the Secure Erase command. Read more…

DoD Secure Erase

January 3rd, 2009 3 comments

Users want and need a simple and secure way to erase all their data from disk drives, when releasing them from their physical control for resale or repair. Over a third of drives resold on eBay contain personal data such as credit and medical records.  These drives come from PCs, servers, ATM machines, banks, and workstations. It is important to initially emphasize that erasure security can only be relative. When handling data classified at secret and higher, the edict is that ‘data must be destroyed using methods that assure that legacy information cannot be recovered by any means’. Government document DoD 522.22M is commonly quoted on erasure methods, and requires physical destruction of the storage medium (the magnetic disks) for data classified higher than Secret. [Ryk: subjective in most cases to the sensitivities of the Cognizant Security Authority responsible for the storage asset of data.]

However, even such physical destruction is not absolute if any remaining disk pieces are larger than a single 512-byte record block in size, about 1/125” [Ryk: this size is currently 1/250 of an inch due to the chemistry of current high capacity storage media] today’s drives. Pieces of this size are found in bags of destroyed disk pieces studied at CMRR. Magnetic microscopy can image the stored recorded media bits, using the CMRR scanning magnetoresistive microscope. Physical destruction nevertheless offers the highest level of erasure because recovering any actual user data from a magnetic image requires overcoming almost a dozen independent recording technology hurdles. This is an example of “exotic time consuming technology” necessary as the barrier to data recovery for the highest level of erasure security. Even if these hurdles were overcome, about an hour would be required to recover one single user data block out of millions on the disk. Recovering substantial amounts of data in less than months requires that the disk be intact and undamaged so that heads can be flown over it to obtain data playback signals, and also overcoming the technology hurdles. Simply bending a disk makes this impossible.

Read more…

SCSI Format Unit Command options

January 2nd, 2009 No comments

 The SCSI FORMAT UNIT command is used to format a SCSI, FC, SAS, or any disk that utilizes the SCSI command set into logical blocks.   One would send this command (or run an application that sends this command) to to zero all of the data on the disk (if the command is used correctly).   If you just changed the block size of the disk from 512, to 520/528 or vise-versa, then you must also make sure the disk is reformatted before you can use it.  

In order to have the desired effect, you must make sure that whatever format utility you use sets the parameters you desire.  The various built-ins that come with IRIX, Solaris, etc, don’t provide a mechanism that lets you control all of the settings you may need. Furthermore, the default values may or may not be reasonable.  

Read more…

General thoughts on data security, destruction, protection

January 2nd, 2009 No comments

There are several ways to destroy the data on disk drives.  This entry covers the basics of them and exposes their relative risks. Read more…

How to change a disk’s block size

December 29th, 2008 No comments

With few exceptions, disk drives are set to 512 bytes per block, and operating systems expect disks to be formatted to 512 bytes per block. In fact, some operating systems and/or disk controllers won’t even “see” disks that aren’t formatted to 512 bytes/block.  Certain RAID controllers require disks to be formatted to 520 or 528 bytes/block.  EMC, and NetApp are two vendors that format their disks to use these extra bytes.  (In case you were wondering, they do this in order to increase data integrity, as the extra bytes are used for ECC.

I have gotten a great deal of calls from people who bought used EMC or NetApp gear Read more…

Changing the reported capacity of disk drive

December 29th, 2008 No comments

Disk devices that speak the SCSI protocol (SCSI, SAS, Fibre channel, and even USB memory sticks) have a built-in command designed to specify the drive capacity.    The block size and count is defined as mode page settings, so any software product that incorporates a mode page editor has the mechanism to allow you to change the capacity (or block size) of a device.

Why you might want to do this …

  • You have some older equipment running an operating system such as VMS, or certain RAID controllers that have an upper limit on the maximum disk size which they support.
  • You want to be really sneaky and hide information on a disk drive.   (Once you resize the disk, the “hidden” area is hidden from everything, including low-level formats, partition managers, and anti virus software).
  • You are trying to mirror disk drives, and while they are both advertised to be 146GB large, they have a slightly different number of total blocks.   As such, some RAID software won’t let you mirror the two drives.

Security warning — If you do not want to risk data theft, you should always insure that the disks in your storage farm report 100% of their actual capacity before running software to view the contents, or run a secure erase.

Read more…