Security Watch
Fail-Safe Magnetic Storage Erasing
Georgia Tech researchers develop fail-safe magnetic data erasure techniques, Visa USA's ATM breaches, a community crime watch Web site and more.
Physical Security
Protecting Sensitive Data: Georgia Tech Research Institute Researchers Develop
Fail-Safe Techniques for Erasing Magnetic Storage Media
A
three-year
project has yielded magnetic erasure techniques and equipment capable
of erasing data beyond recovery; even through the hard-disk cases. The project
was prompted by a U.S. intelligence-gathering aircraft crash in China where
the crew was unable to erase the sensitive data they had on board.
The group has developed a 125-pound magnet as part of this project. Upon hearing
that, our first thought was that they were simply dropping the magnet on the
hard disk, thus smashing the disk. All levity aside, their requirements were
for far better erasure success than could be achieved by simply smashing a disk
platter...given that a smashed disk platter could be reassembled and/or scanned
for data fragments. They set their goal at achieving nothing but a randomized
pattern on the erased media, akin to a blank disk. This, they claim, they've
achieved.
The next problem is how to put such a device in a modern plane and avoid disrupting
the plane's electronics.
Human Factors
Visa ATM Security Breach Indicates Systematic Problem?
Visa USA recently confirmed that a "security breakdown" with
an ATM contractor in February 2006 has led to some bank's issuing new debit
cards to their customers. No further details were provided.
There clearly appears to be some sort of systemic problem relating to ATM cards
which the card issuers won't -- or can't -- talk about. We suspect the involvement
of the FBI is preventing more information from being available regarding this
problem. We do not believe these problems are solely related to some rogue processor.
The issue brings to mind the SCADA problem, where highly sensitive systems
should not be connected, or co-mingled, with systems which have connectivity
with the general public Internet. Be it Visa or their processing partners, it
would appear that some more formal separation is needed as one way to reduce
these breaches.
Crime Alerts Ripe for False Reports?
Boston has become the latest city to sign up with CitizenObserver.com
to provide a way for police, businesses, and citizens to receive notifications
regarding crime in their area. After registering, notification can be sent by
e-mail, SMS or fax.
Want
More Security? |
This
column was originally published in our weekly Security Watch
newsletter. To subscribe, click here. |
|
|
This is certainly a new way to involve the community in policing efforts, but
unfortunately there doesn't appear to be an explanation on the Citizen Observer
Web site about how it will prevent false alerts being sent over the various
mechanisms the alerts are delivered by. SMS, for example, is difficult to visually
verify let alone authenticate. There are more than a few bad things that can
happen if the subscribed community receives a false alert. If I’m told
about some significant issue via TV or radio, I can at least trust that the
media outlet is who they claim to be and will be held accountable for mistakes.
Black Helicopter 1: Let the Conspiracy Theories Begin...
According to speculation
provided by the Wayne Madsen Report (WMR), the recent rash of data thefts
in the U.S. is attributable to covert U.S. National Security Agency and U.S
Department of Homeland Defense efforts to catalog as many Americans as possible.
I had to look at the calendar to verify it wasn't April 1st after reading this
speculative romp. However ridiculous, this report does show how any random array
of dots can have lines drawn between them to present any picture you might want.
About the Author
Russ Cooper is a senior information security analyst with Verizon Business, Inc.
He's also founder and editor of NTBugtraq, www.ntbugtraq.com,
one of the industry's most influential mailing lists dedicated to Microsoft security.
One of the world's most-recognized security experts, he's often quoted by major
media outlets on security issues.