Security Watch

Fail-Safe Magnetic Storage Erasing

Georgia Tech researchers develop fail-safe magnetic data erasure techniques, Visa USA's ATM breaches, a community crime watch Web site and more.

Physical Security
Protecting Sensitive Data: Georgia Tech Research Institute Researchers Develop Fail-Safe Techniques for Erasing Magnetic Storage Media
A three-year project has yielded magnetic erasure techniques and equipment capable of erasing data beyond recovery; even through the hard-disk cases. The project was prompted by a U.S. intelligence-gathering aircraft crash in China where the crew was unable to erase the sensitive data they had on board.

The group has developed a 125-pound magnet as part of this project. Upon hearing that, our first thought was that they were simply dropping the magnet on the hard disk, thus smashing the disk. All levity aside, their requirements were for far better erasure success than could be achieved by simply smashing a disk platter...given that a smashed disk platter could be reassembled and/or scanned for data fragments. They set their goal at achieving nothing but a randomized pattern on the erased media, akin to a blank disk. This, they claim, they've achieved.

The next problem is how to put such a device in a modern plane and avoid disrupting the plane's electronics.

Human Factors
Visa ATM Security Breach Indicates Systematic Problem?
Visa USA recently confirmed that a "security breakdown" with an ATM contractor in February 2006 has led to some bank's issuing new debit cards to their customers. No further details were provided.

There clearly appears to be some sort of systemic problem relating to ATM cards which the card issuers won't -- or can't -- talk about. We suspect the involvement of the FBI is preventing more information from being available regarding this problem. We do not believe these problems are solely related to some rogue processor.

The issue brings to mind the SCADA problem, where highly sensitive systems should not be connected, or co-mingled, with systems which have connectivity with the general public Internet. Be it Visa or their processing partners, it would appear that some more formal separation is needed as one way to reduce these breaches.

Crime Alerts Ripe for False Reports?
Boston has become the latest city to sign up with CitizenObserver.com to provide a way for police, businesses, and citizens to receive notifications regarding crime in their area. After registering, notification can be sent by e-mail, SMS or fax.

Want More Security?

This column was originally published in our weekly Security Watch newsletter. To subscribe, click here.

This is certainly a new way to involve the community in policing efforts, but unfortunately there doesn't appear to be an explanation on the Citizen Observer Web site about how it will prevent false alerts being sent over the various mechanisms the alerts are delivered by. SMS, for example, is difficult to visually verify let alone authenticate. There are more than a few bad things that can happen if the subscribed community receives a false alert. If I’m told about some significant issue via TV or radio, I can at least trust that the media outlet is who they claim to be and will be held accountable for mistakes.

Black Helicopter 1: Let the Conspiracy Theories Begin...
According to speculation provided by the Wayne Madsen Report (WMR), the recent rash of data thefts in the U.S. is attributable to covert U.S. National Security Agency and U.S Department of Homeland Defense efforts to catalog as many Americans as possible.

I had to look at the calendar to verify it wasn't April 1st after reading this speculative romp. However ridiculous, this report does show how any random array of dots can have lines drawn between them to present any picture you might want.

About the Author

Russ Cooper is a senior information security analyst with Verizon Business, Inc. He's also founder and editor of NTBugtraq, www.ntbugtraq.com, one of the industry's most influential mailing lists dedicated to Microsoft security. One of the world's most-recognized security experts, he's often quoted by major media outlets on security issues.

comments powered by Disqus
Most   Popular