Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Secure Delete for Windows

from [bkfsec] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Secure Delete for Windows
Date: Wed, 18 Jan 2006 15:09:28 -0500 
J.A. Terranson wrote:



(1) I do have something "useful to say".  The exact same thing every other
security conscious person is saying:

No source?  An exe?  Baaaaaddddd newwwwwssssss....

Publicly released "tools" are only safely released through open source
(or, "full disclosure" if you prefer).  Without source, it's you who
should be taking a turn at stfu.



I'm going to back up the general point of J.A.'s statement.

People who don't care about security and could care less about transparency don't, by and large, use "file shredders". A handful of paranoid users might, but I think that these people are few and far between. Ensuring that files are deleted represents a willfulness amongst the user to be detailed (or paranoid, perhaps, depending on their motives and intentions).

As such, I think that the same kinds of people who might be interested in a tool like this would be interested in reviewing the source code, for two reasons:

- Verification that the code is not a trojan.
- Ensuring that the methods used in the secure deletion utility are sound. (Which is perhaps more important for the detail-oriented.)

In the end, it's easy to see the value of transparency, particularly in a product like this. There really is no sound argument for proprietization anymore. Code is so heavily commoditized that most programs are reinventions of older concepts. That isn't to say that there isn't some innovation going on, but the reality is that the only argument that can be used for proprietization is profit, and that's an argument that has been getting progressively less enticing as more commoditization occurs and as more code projects are shipped off to offshore workshops, the draw of proprietization is decreased - I would even say antiquated. Interestingly, people continue to proprietize code even in the face of that. I guess that that green aura is somewhat blinding. :)

(Not flaming anyone, just making some observations.)

               -bkfsec


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Question for the Windows pros, Frank Knobbe
Next by Date:  Re: [Full-disclosure] Re: Security Bug in MSVC, Jason Coombs
Previous by Thread:  Re: [Full-disclosure] Secure Delete for Windows, J.A. Terranson
Next by Thread:  Re: [Full-disclosure] Secure Delete for Windows, virus
Indexes:  [Date] [Thread] [Top] [All Lists]