Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Data dangers dog hard drive sales

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Data dangers dog hard drive sales
Date: Wed, 14 Sep 2005 03:30:01 -0500 (CDT) 
http://news.bbc.co.uk/2/hi/technology/4229550.stm

12 September 2005

Many people are taking risks with data on hard drives and memory cards
which they are selling via eBay, say experts.

Letters, resumes, spreadsheets, phone numbers and e-mail addresses
were all found on storage hardware bought and analysed by forensics
firm Disklabs.

Also recoverable were temporary files from net browsers which
contained login details and passwords for websites and even online
bank accounts.

The problems arose because sellers were only taking basic steps to
delete data.

Key change

In its test of how good users were at destroying data, Disklabs bought
100 hard drives and 50 memory cards - which included SD cards, flash
drives, sim cards and memory sticks - from the auction site.

Simon Steggles, director of Disklabs, said the drives and memory cards
were probably being sold by people upgrading home PCs or changing
their mobile phone.

"Most people made only cursory attempts to erase the data," said Mr
Steggles, "and some had not done even that."

During its investigation, Disklabs found large amounts of personal and
confidential business data on storage hardware.

Most worryingly, said Mr Steggles, it was possible to extract the
temporary files that Microsoft's Internet Explorer browser uses to
keep track of what people do when they are using the web.

With a little work, it was possible to reconstruct almost everything
that some users did online, and to grab cookies and login details for
sites they visited.

"With not a massive amount of work we could go in there and help
ourselves to whatever we want," he told the BBC website.

In many cases, only the delete key was used to remove data. However,
in PCs and many other digital devices all this does is apply a label
that says these sections of storage can be over-written.

On large disk drives this can mean the supposedly deleted data remains
intact for a long time.

In such cases, said Mr Steggles, recovering data is very
straight-forward for forensic firms and, perhaps, technically-aware
thieves.

What users needed to realise, he said, was how hard it was to destroy
data. Even formatting hard drives and other memory cards would not
irrevocably remove information stored on them.

If users were worried about potentially sensitive data, said Mr
Steggles, they should use a professional forensics firm to erase it

"Alternatively," he said "they could smash it to bits."



_________________________________________
Attend ToorCon 
Sept 16-18th, 2005
Convention Center
San Diego, California
www.toorcon.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Data dangers dog hard drive sales, InfoSec News <=
Previous by Date:  [ISN] Computer worm suspect in court, InfoSec News
Next by Date:  [ISN] The Next 50 Years of Computer Security: An Interview with Alan Cox, InfoSec News
Previous by Thread:  [ISN] Computer worm suspect in court, InfoSec News
Next by Thread:  [ISN] The Next 50 Years of Computer Security: An Interview with Alan Cox, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]