I have commented before on this issue and a recent blog post forwarded to me has dredged up the topic again.
If you want to get rid of a drive after retiring a server or getting indicted then most of the things you can think to do to that drive will not remove the data. You can rewrite the drive over and over, you can shatter the platters with a hammer and as we see in the link above you can even roast the drive and it is still possible to get at some of the data if not all of it.
For my money the only way to go is acid bath. If you don’t remove the surfaces of the platters then someone will figure out how to get the data.
Monthly Archives: October 2006
Code Camp 6 in Waltham, MA
Code Camp 6 is tomorrow at the MS office in Waltham and this is the first one since the original world premier Code Camp that I am going to miss.
With Thom Robbins moving on to Redmond and the rush of business that everyone seems to be seeing, this 6th edition didn’t come together nearly as early as previous editions.
I apologize for not making it, but since it is slimmed down to a single day this time and I specifically have a conflict tomorrow, I won’t be there.
I expect we will do a better job for Code Camp 7 and provide much more advanced warning and I will do my best to defend the date 
FUD
Sometimes the Fear, Uncertainty and Doubt (FUD) argument is very well disguised. In an article the Chief Scientist at McAfee is decrying some of the new features that MS is putting into Vista to try and stop virus infection and the spread of spyware. This is terribly self serving as in my opinion his argument is that you can’t sell people better doors for their house because then they not only won’t need my security system, but the doors will keep the police out when a criminal arrives.
Everyone is entitled to their opinion and the comments under the article show that alot of people who read this opinion, share mine.
Disabling Vista’s UAC feature
As Vista nears launch there are some things you will want to know. Will it support your hardware? Where are the secret buttons that make it usable?
Today’s post helps answer that second one.
By all reports UAC (User Account Control) can drive even the most security minded user insane with death of a thousand dialogs.
While I don’t recommend just shutting off any feature that is designed to increase security in the OS (as UAC is), still we have to get work done and it might help you navigate so that you can reenable it once your system is as you like it.
Having said that, Steven Smith of ASPAlliance.com pointed me at this article that shows several ways to shut UAC off.
Mandatory Integrity Control in Vista
Steve Riley had a good long post on his blog about Mandatory Integrity Control as it is implemented in Vista that drew even longer comments.
Great concept, as you will see from several of the comments, this isn’t the first implementation, but I expect it will be the first to get nearly universal distribution
The big concern is whether the bugs will be worked out for release. I am betting yes, though I expect a Service Pack will come someday to bring the real value of this home.
Do you believe everything you read?
My prolific friend Phil forwarded me a story about Chinese hackers trying to do in the US Commerce Department.
There are a couple of interesting points in this story:
1. Why would you need to take Internet access away from users? Aren’t they behind firewalls? Were the hackers luring them to specific sites to hack them?
2. With over 1,100 laptops missing, I just buy that no data was compromised. Even if it was an ex-employee the data is compromised. And if the theft occurred in 2001 then I find it even harder to believe.
I hope the CIO at the Commerce Department isn’t gullable enough to believe this obvious spin.
Specifications
Having been involved in many software projects, some commercial, some consulting, some disasterous, I have noticed some trends that I would like to share.
If you are commissioning (read paying or betting your job) a development project, you have to avoid being wishful. If you just trust that the developers you hired are professionals and will keep you out of trouble it might actually happen that way, but you are playing Russian Roulette. Even some of the best developers get overtaxed or lazy or stupid or all of these things at once. If you don’t get very explicit in what you want you will pay for it.
To avoid some of this I recommend that you:
– Specify the system in as much detail as possible
– Provide statements relative to how the system will be used and the intent of the project
– Emphasis should be placed on what YOU define to be acceptable. Define terms up front such as “commercial quality” and “easy to use”
The less you leave up to the imagination the better. Also insist on frequent demos throughout the process with opt out options if things are just too off track.
Always remember that consulting is based on who takes the risk. In a fixed bid engagement the developer takes most of the risk and therefore the price is uplifted accordingly. In a time and materials engagement it is the buyer who takes all the risk and often it is the buyer who must ensure things are proceeding according to plan.
In the end it is the specification that will decide if the developers did their job or not…
Command Prompts and other security nightmares
The topic of the AT command and the command prompt came up on an internal list I am on with Microsoft the jist of which was, “How do I securely turn this junk off”.
The answer is that to some degree the command prompt and especially when coupled with the Task Scheduler is a security hole that is closable, but not trivially. You can patch it using things like this http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/93465.mspx?mfr=true
and you if you really want to wipe out the user’s option you should reset the task scheduler service to use a low / no priv account and disable it (I am paranoid, but I have my reasons). The problem is that the perspective of most that come up against this is that you shouldn’t have to do this, but the reality is that you do.
For a scary look at why simply taking the RUN command off the Start menu is not enough try the following:
Open up “Help and Support” from the Start menu and seach for “command”.
Select the entry that describes how to “Test a TCP/IP configuration using the ping command”
You will see that there is a link that will open up a command prompt (it doesn’t run as System, but it runs).
That is the XP version.
The Windows 2003 Server one takes more searching, but it is there.
The issue is not that the functionality exists, we all want functionality. The problem is when it is hard (or impossible) to shut something off effectively it is maddening and often leaves people dismayed.
Time for an analogy:
I have doors on my house that I leave unlocked all the time. The dogs and other things in the house keep it secure (if you know me then you know what I mean), but if I wanted to secure those doors and found that I could lock them, but the manufacturer set them up so that the hinges were on the outside and manipulatable by an intruder then I would be unhappy. Most security outrage and dismay comes from features that just didn’t take security into consideration for the times when I don’t want the user to do anything except what the user is told they can do.
This will always be an arms race. If one of our professional security gurus such as Duane Laflotte wants to get in and has physical access to a workstation or server then he can get in, but there is a point where I will say, yes I accept that there are some things I can’t defend against. If you use a tank to blow in my front door, I won’t moan to the manufacturer about them not being tank proof, that is what the mines are for
Is Vista the solution to all security problems? I doubt it. I expect that there will be improvement based on features I already know are in the most recent builds, but I won’t judge the security of Vista until after it ships (and won’t pay all that much attention to it until then either) since the devil is in the details and the truth is in the final bits. Submarines either leak or they don’t. The OS will be judged in much the same way in regards to security.
Ultimately information is power. Nowhere is that more true than in the realm of security. I suggest that you learn all you can and I will do what I can to help.
Phishing getting worse
If you want to keep track of how prevelent phishing attacks are from month to month (and I do) then you should check AntiPhishing.org. The site is pretty meager in most regards, but the front page has a bar chart that is pretty staggering when you realize that they are only measuring people who have actually figured out that there is a phishing attack in progress (a fraction of the population I am sure) and further restricted by the fact that those astute people had to know about and be willing to take the time to report it to AntiPhishing.org.
I find these statistics interesting to have as spin seems to creep into everything nowadays. I like to lay my hands on hard numbers and make up my own mind.