LISTSERV - VICUG-L Archives - LISTSERV.ICORS.ORG

VICUG-L Archives

Visually Impaired Computer Users' Group List

VICUG-L@LISTSERV.ICORS.ORG

	LISTSERV Archives
	VICUG-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Hard to get rid of secrets on computer
From:	Kelly Pierce <[log in to unmask]>
Reply To:	Kelly Pierce <[log in to unmask]>
Date:	Thu, 30 Jan 2003 10:19:51 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (81 lines)

I post this for those considering donating or selling an old PC.

Kelly


    Hard to get rid of secrets on computer
Chicago Sun Times

    January 16, 2003

    BY JUSTIN POPE

    CAMBRIDGE, Mass.--So, you think you cleaned all your personal files
from that old computer you got rid of?

    Two MIT graduate students suggest you think again.

    Over two years, Simson Garfinkel and Abhi Shelat bought 158 used
hard drives at secondhand computer stores and on eBay. Of the 129 drives
that functioned, 69 still had recoverable files on them and 49 contained
''significant personal information''--medical correspondence, love
letters, pornography and 5,000 credit card numbers. One even had a
year's transactions with account numbers from an Illinois ATM.

    About 150,000 hard drives were ''retired'' last year, according to
the research firm Gartner Dataquest. Many end up in the trash, but many
also find their way back onto the market.

    Over the years, stories have surfaced about personal information
turning up on used hard drives, raising fears about privacy.

    Last spring, Pennsylvania sold used computers that contained
information about state employees. In 1997, a Nevada woman bought a used
computer and discovered it contained prescription records on 2,000
customers of an Arizona pharmacy.

    Garfinkel and Shelat, who reported their findings in an article to
be published Friday in the journal IEEE Security & Privacy, said they
believe they are the first to take a more comprehensive look at the
problem.

    On common operating systems such as Microsoft's Windows, simply
deleting a file, or even following that up by emptying the ''trash''
folder, does not necessarily make the information irretrievable. Those
commands generally delete a file's name from the directory. But the
information itself can live on until it is overwritten by new files.

    Even reformatting a drive, or preparing the hard drive all over
again to store files, may not do it. Fifty-one of the 129 working drives
in the MIT study had been reformatted, and 19 of them still contained
recoverable data.

    The hard-to-erase quality of hard drives is seen as a good thing by
some. Many users like believing that, in a pinch, an expert could
recover their deleted files. Police can examine a computer and lift
incriminating e-mails or porn images from the hard drive.

    The only sure way to erase a hard drive is to ''squeeze'' it:
writing over the old information with new data--all zeros, for
instance--at least once, but preferably several times. A one-line
command will do that for Unix users, and for others, inexpensive
software from companies such as AccessData works well.

    Garfinkel has learned his lesson. As an undergrad at MIT in the
1980s, he failed to sanitize his own hard drive before returning a
computer to his father. His father was able to read his personal
journal.

    On the Web: www.hq.nasa.gov/office/oig/hq/identity.html

    AP


VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask]  In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
 VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG