Re: *nix data wipe tools

From: Thomas C. Greene (thomas.greene_at_theregister.co.uk)
Date: 12/17/04

  • Next message: cees-bart: "Re: DJB's students release 44 *nix software vulnerability advisories" 
    To: David Cannings <lists@edeca.net>, bugtraq@securityfocus.com
Date: Fri, 17 Dec 2004 04:24:24 -0500

    BCWipe for *nix is a bit complicated for novices. AFAIK, it does not
    automatically do swapoff, mkswap & swapon, so some users will either not wipe
    their swap device (most likely), or will wipe it and fail to get it working
    again. My humble WipeSwap script -- all eleven lines of it -- will
    automatically detect the swap device, turn it off, wipe it, re-create it, and
    turn it back on for you. Because it's easy to use and safe, more users will
    be encouraged to clean out that rat's nest of data traces now and then.

    Also, BCWipe can be dangerous in some hands: a simple typo, and there goes a
    working disk volume. My scripts are separate and clearly labeled. It's
    impossible to destroy data with the WipeSwap or WipeFree scripts. Only the
    WipeAll script will do that, and it's disabled by default. Thus, unless you
    are at least an experienced user, you will have to read the README to get
    that one working.

    Furthermore, my scripts (http://basicsec.org/tools.html) are incredibly simple
    and totally transparent. Almost anyone can understand what they do. You
    don't have to take my word for *anything*.

    OTOH, BCWipe uses a more secure wiping routine, they say. But once you've
    gone from merely deleting to filling with several passes of random data,
    there is little more to get out of a software solution, except a false sense
    of security. The next logical level, really, is physical destruction.

    Still, there is always room for improvement, and several list members have
    made excellent suggestions for improving the scripts. I'll be posting
    updated versions in a few weeks' time, as soon as i get them all tested on
    enough different systems.

    chrz,
    t.

    On Thursday 16 December 2004 15:06, David Cannings wrote:
    > Is there any specific advantage of these scripts over bcwipe?
    >
    > http://www.jetico.com/index.htm#/bcwipe_unix.htm
    >
    > David

  • Next message: cees-bart: "Re: DJB's students release 44 *nix software vulnerability advisories"

    Relevant Pages

    • Re: need to wipe a NAS and be DoD compliant
      ... One tool used when "authorized" is BCWipe. ... DoD 5200.28-STD. ... I strongly recommend checking with your local command and its ... policies before attempting to wipe any system. ...
      (Security-Basics)
    • Re: Dug myself into several deep holes
      ... run scripts. ... > behavior was caused by the admin, the admin should be able to put things back ... it takes me 30 minutes to do a scripted install and 2 minutes to ... I've got all my dotfiles saved, so after I wipe, I have to do *zero* ...
      (Debian-User)
    • Re: [Full-Disclosure] *nix data wipe tools
      ... > intended as substitutes for the wipe and shred utilities, ... > will easily and securely wipe large areas of the disk that might contain data ... > The scripts are meant to clean large disk areas safely and conveniently while ... > appear to work safely and effectively on a variety of Unix, BSD and Linux ...
      (Full-Disclosure)
    • Re: New Data Wipe Tools
      ... file so that users won't expect too much of the scripts. ... Subject: New Data Wipe Tools ... from the swap partition, wipe unused disk space on the root partition, or ...
      (Bugtraq)
    • Re: Trigger Status Question
      ... IME - this is caused by tasks / scripts initiated and written by a user. ... usually the reason for "temporarily" disabling them. ... > doing a DELETE against all the tables to wipe it clean. ... > triggers will occasionally stop working. ...
      (microsoft.public.sqlserver.server)