Tech Bitch

Before you dispose or replace your computer’s hard disk drive (HDD), remember that all the data you saved on it - credit card numbers, business data, e-mail address book/contact list, e-mail conversations, financial data, legal documents, passwords, software license keys, personal photos of friends and family, and even your Web browser’s history - is recoverable. Did you not know that deleting a file does not erase it from your HDD, or that formatting a drive does not erase it fully? It’s possible - and sometimes quite easy using the right software tools - for someone else to recover your files if you don’t dispose of them properly.

Think of WiebeTech’s Drive eRazer like a digital shredder for HDDs. It works independently from your computer, wiping hard disk drives clean of all data. This lets IT managers redeploy or dispose of drives without fear of confidential data escaping your organisation. It’s also perfect for individuals looking to recycle their old PCs, or to donate to charities and schools.

Drive eRazer is an ingeniously simple and secure answer to complete data removal from HDDs. From the makers of the ToughTech XE Mini, the Drive eRazer doesn’t even need to be connected to your computer to run - simply connect the blue aluminium box to a HDD removed from your computer, power it using the supplied AC adapter, and then flip a switch. The downside is speed - erasing a drive at an average speed of 35MB/s means a 250GB drive will be erased in about 2 hours.

At the time of purchasing the Drive eRazer you’ll have to decide on a number of models, each of which supports different HDD interfaces. For instance, the DRZR-1 is the entry-level model (£59) supporting 3.5-inch IDE/PATA drives. Next up is the DRZR-2 Pro (£89) for 3.5-inch IDA/PATA drives, followed by the DRZR-3 for 2.5-inch IDE/PATAs drives (£89). Unfortunately, even the top-of-the-line DRZR-2-VBND (£11 only supports either 2.5-/3.5-inch SATA or IDE/PATA HDDs - there’s currently not a single boxed solution for all HDD types. Having said that, used with WiebeTech’s optional v4 Combo Adapters (from £29.99), the DRZR-1 and DRZR-2 can be used with many drive types, such as most flash drives, PCMCIA, ZIF drives and DOM drives.

The unit works by writing ‘zeros’ over every bit of your drive. After it’s done, there’s nothing left to recover. For those who want even more assurance, the Pro model is capable of more than one pass with different characters, ending with a complete zero of the drive. Using the Single-Pass Mode (Standard and Pro models) a single data pattern is written once across the whole disk, deleting blocks including partitions and Host Protected Areas. Verification is also done after a single pass.

Using Multi-Pass Mode (Pro model only) almost totally eliminates ways of recovering bits of data even after completely overwriting everything on the drive - so much so that Wiebetech believes the laboratory cost required to actually pull off such a feat would cost millions of pounds. However, if you must convince someone that there’s no way data can be recovered, the Pro model with the multi-pass feature is for you. Multi-Pass mode deletes all blocks including partitions and Host Protected Areas, even ones normally invisible to operating systems. It also automatically checks for and removes DCOs, as well as writes to every sector of the disk using different data each pass and verifies after the last pass that the last pattern was successfully written across the disk.

For further piece of mind, the U.S. Department of Defence (DoD) recently (June 28, 2007) updated its specifications regarding sanitisation and the Drive eRazer meet all requirements for ‘clearing’ a ‘Non-Removable Rigid Disk.’ The specification requires destruction of a HDD containing government-classified data. As far as the DoD is concerned, Drive eRazer is as good as it gets without a degaussing machine or other destructive methods. Another benefit is that the Drive eRazer only destroys the data on a drive, allowing you to use the drive again or safely sell it on. It erased Mac, Windows, Linux, already blank, as well as home-brew formatted disks equally well in our tests.

Most people are comfortable simply clicking ‘Empty Trash’. The problem is that this data isn’t properly deleted, and can be recovered by a determined individual and forensic firm. Wiebetech’s Drive eRazer is a brilliantly compact solution for IT folks that de-commission a lot of drives. It’s a completely stand-alone solution, does not require a computer, is a snap to use, and is amazingly effective. It’s slow on larger drives, plus getting all the add-on interface adapters could prove expensive, but it’s an excellent solution to a growing problem. [9]

We’re all being warned to protect our data at all costs following news that the Cult of the Dead Cow hacking group has released Goolag Scan, a hacking utility overlay for Google. Lock up your daughters and head for the hills …

Advanced Google searching has been known about in security circles for some time, but it has been a highly specialised and technical topic that is definitely not for non-programmers. What Goolag Scan does is to allow even a novice to scan Google for interesting and normally hidden Web-based data, using more than 1500 customised Google search routines. Data which can be revealed by the Windows-based application reportedly includes passwords on application servers, credit card numbers and allied databases held on Web-accessible portals, company e-mail records and audit logs, and a variety of other company confidential information.

Companies protect their Web-based and Internet gateway - accessible data using ID and password systems - but the actual data pages are often unprotected. Even though the pages are not indexed in the standard sense, Goolag Scan can prise the data out into the open and allow standard keyword searching on those pages. While some security sources have played down the importance of Goolag Scan’s development, it shows the increasing sophistication of hackers and really proves the point that geeks can’t get laid - othwise they’d have much better things to be doing with their time!

Advanced hackers can now pass on their abilities to novice or newbie hackers using quite complex applications. The bad news (depends on how you look at it I suppose) is that the altruistic nature of the non-criminal hacking community is such that these applications are being offered for free.