{"id":913,"date":"2009-02-13T02:29:21","date_gmt":"2009-02-13T10:29:21","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/?p=913"},"modified":"2009-02-13T02:35:51","modified_gmt":"2009-02-13T10:35:51","slug":"private-information-like-new","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2009\/02\/13\/private-information-like-new\/","title":{"rendered":"Private information ***LIKE NEW***"},"content":{"rendered":"<p class=\"MsoNormal\"><!--[if gte mso 9]&gt;  Normal 0   false false false        MicrosoftInternetExplorer4  &lt;![endif]--><!--[if gte mso 9]&gt;   &lt;![endif]--> Ever considered \u2018recycling\u2019 your computer without thoroughly wiping your hard drive first? Don\u2019t. <a href=\"http:\/\/computerworld.com\/action\/article.do?command=viewArticleBasic&amp;taxonomyName=Privacy&amp;articleId=9127717&amp;taxonomyId=84&amp;pageNumber=1\">A recent study<\/a> suggests that up to 40% of hard drives that end up on eBay and aren\u2019t explicitly marked as erased may contain easily recoverable data from previous owners.<\/p>\n<p class=\"MsoNormal\">\n<p class=\"MsoNormal\"><!--more-->Experts at <a href=\"http:\/\/www.investigation.com\/index.asp\">Kessler International<\/a> purchased 100 hard drives from eBay over a six month period, and 40 of those hundred contained data that could be recovered either by using forensic software or by simply plugging in the drive. Financial information and emails composed over 50% of the data they discovered, but they also found identifying information for many of the hard drives\u2019 previous owners. They even stumbled upon a juicy cache of information that fueled a previous owner\u2019s foot fetish.<\/p>\n<p class=\"MsoNormal\">\n<p class=\"MsoNormal\">The article then provides a few examples of known incidents where private corporate data has shown up on hard drives sold on eBay.<\/p>\n<p class=\"MsoNormal\">\n<p class=\"MsoNormal\">This sort of thing happens because people don\u2019t know what they\u2019re doing. So: how can you prevent other people from recovering your data, should they happen to acquire one of your old hard drives? Well, there are two ways really. You could keep all of the hard drives you ever use. Or, before you send your old hard drives away, you could be sure to use a <a href=\"http:\/\/www.qsgi.com\/usdod_standard_dod_522022m.htm\">DoD-grade<\/a> piece of software or hardware (the recommended techniques are overwriting and degaussing) to remove all of the evidence that you once had a thing for people popping bubble wrap with their teeth while covered in chocolate syrup. You could also use full-disk encryption, if you want to challenge those who would access your data. But really it\u2019s best to just completely obfuscate and obliterate anything that was once there with that DoD-grade sanitizer.<\/p>\n<p class=\"MsoNormal\">\n<p class=\"MsoNormal\">No one but owners of the data can prevent unwanted data recovery, and only then by acting before it goes out into the free market. Ebay can\u2019t do anything about it, nor should they. It isn\u2019t eBay\u2019s job to monitor all the used junk vendors sell that could harm the original owners if those owners didn\u2019t take the necessary precautions. That said, I\u2019m surprised that company data ends up as part of the information found. Companies really should know better, and should already be employing the preventative techniques above.<\/p>\n<p class=\"MsoNormal\">\n<p class=\"MsoNormal\">Wait, what am I saying? No they shouldn\u2019t. I\u2019m opening eBay even as I type this. Hmm, I wonder what the chances are of finding a pre-release version of the next big Adobe product on one of these.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ever considered \u2018recycling\u2019 your computer without thoroughly wiping your hard drive first? Don\u2019t. A recent study suggests that up to 40% of hard drives that end up on eBay and aren\u2019t explicitly marked as erased may contain easily recoverable data &hellip; <a href=\"https:\/\/secblog.cs.washington.edu\/Security\/2009\/02\/13\/private-information-like-new\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":90,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,13,9],"tags":[],"class_list":["post-913","post","type-post","status-publish","format-standard","hentry","category-current-events","category-physicalsecurity","category-privacy"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/913","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/90"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=913"}],"version-history":[{"count":8,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/913\/revisions"}],"predecessor-version":[{"id":920,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/913\/revisions\/920"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=913"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=913"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=913"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}