On 20/09/11 05:24, D G Teed wrote: > On Mon, Sep 19, 2011 at 3:08 PM, Lee Winter <lee.j.i.win...@gmail.com > <mailto:lee.j.i.win...@gmail.com>> wrote: > > > You also failed to consider the asymmetry between the possible > outcomes once the "truth" becomes known. �If one-pass overwrite is > sufficient, but one uses multiple passes, then one has lost a small > increment of time. �If one pass overwrite is not sufficient and you > use only one pass, then you have a disaster on your hands. > > The way to resolve uncertainty is not to guess or flip a coin. �It is > to carefully evaluate the risk vs. cost tradeoff. �People who perform > that evaluation tend to be conservative about assessing unknown > potential risks against known, fixed, and minor costs. > > > That is what I said. �I called it "better safe than sorry" rather > than giving it a business speak spin. > > > Paranoia is whole 'nother story. �I suspect you use the term for > dramatic purposes rather than for the purpose of clarity. �It devalues > all of your comments. > > I don't mean clinical paranoia. �Just political. �In other words, > an overly cautious over reaction to the unknown capabilities > of an adversary. �It is widely mentioned in history. �It is never > realized at the time, but usually some decades later in hind sight. > > If the data is military or similar, it probably makes sense to > terminate hard drives with prejudice, because capabilities could > change in the future. � But for most people, DBAN is > probably appropriate (if the drive still works, if not, try > some power tools or hammer until the deformation is to > your satisfaction).
I think there's already been a case where a "researcher" recovered data from damaged drives (or was it CDs) and went on televison hawking their "security/paranoia" tips. Everybody has something to hide (it's why we have toilet doors and wear clothes even in warm weather). > > To make the flip side of your argument of "you don't know 'cause > it would be a secret": if the NSA/FBI/CIA had no way to recover > data from a simply wiped drive, would they let the public know? > > It's very hard to tell what may be dangerous so time down the track (as history shows). See Cardinal Cardinal Richelieu for some examples. My preferred method for risk management is to try and determine how long something is exposed (how long will that drive be a drive) and what is the worst case scenario - then consider that only psychics can accurately predict the unknown (I strongly suspect psychics are bull*). Finally, what reasonable measures can be taken to prevent the known and counter the unknown. I use Dban and shred (stick them in an old machine and take as long as it takes) - then disable the drive (pin in the breather hole), pliers on the power connectors. I don't think my personal information needs to be secure - but I don't know about the future - I do think/know that if client information was recovered by unscrupulous people (or publicity seeking academics) it would impact on my business. NOTE: I know of a local case where some people were caught recovering data from hard drives looking for personal information (they were prosecuted for blackmail) - they went to the local tip just after Xmas and filled they're boot with scavenged hard drives. They were caught and chased off by workers at the tip who gave the license plate to police. Turned out they'd been doing it for sometime - kind of a side benefit to their main business of selling second-hand computer parts. Cheers -- "Always question authority, and demand the truth." — Bill Hicks -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4e77f90a.8050...@gmail.com
