Tag: Security

Hard drive platter spinning

Don’t destroy used hard drives! Wipe them and reuse or sell them with confidence!

The advice to not use a hard drive from eBay is not the best advice. You should fully wipe the drive (a zero fill will do) and then install a new OS on it. The old data will be 100% unrecoverable and you won’t unnecessarily destroy a perfectly good piece of equipment. Please don’t advocate for this kind of wasteful drive destruction.

Yes, a zero fill is more than enough. The “DoD secure wipe” was designed for hard drives from the 80s and early 90s that used FM/MFM/RLL data modulation. Today, drives use [E]PRML and other advanced techniques instead.

Yes, Peter Guttmann wrote a paper about recovering data from hard drives that said you could easily do so, but that was in the era of widespread MFM/RLL drives, and Guttmann himself later walked back his recommendations:

“In the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data. In fact performing the full 35-pass overwrite is pointless for any drive since it targets a blend of scenarios involving all types of (normally-used) encoding technology, which covers everything back to 30+-year-old MFM methods (if you don’t understand that statement, re-read the paper). If you’re using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes. For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do. As the paper says, “A good scrubbing with random data will do about as well as can be expected”. This was true in 1996, and is still true now.”

Hard drive platter and arm
It’s a miracle that these things work at all.

Quoting Donald Kenney:

“PRML uses a different approach to improving storage density. To permit greater data density, recorded data amplitude is reduced and bits are packed together more closely. The digital signal is then recovered using digital signal processing techniques on the analog data stream from the drive. PRML achieves a 30-40% improvement in storage density over RLL modulation without PRML. EPRML modifies the algorithms used in PRML to achieve additional improvements claimed to be 20-70%.”

The extremely low magnetic amplitude in [E]PRML modulation puts the analog data signal on the platter so close to the noise floor that a DSP is required to apply filters to the noise to recover the data signal. A simple zero fill will push the previous (very weak) signal firmly back into the noise floor. Snatching data from an MFM drive using a scanning tunneling electron microscope relied on the strong amplitude of the data writes being “messy,” as in the magnetic domains of previous writes (sometimes multiple layers of them) would still be detectable “around” the current writes because so much of the surface was influenced by the previous writes that unnecessary “leakage” of the magnetic domains would occur, and subsequent writes wouldn’t necessarily be able to “reach” all of the affected areas.

PRML techniques massively boost data density; doing so makes the margins in which you’d locate this “leaked” data so tight that there isn’t much room for it to exist in the first place, but on top of that, the strength of the write is an order of magnitude weaker. It’s frankly a miracle of modern science that the data so close to the noise floor and with such an insanely tiny amount of surface area can be read back at all. One simple overwrite pass will destroy the data beyond even the abilities of any given three-letter agency to get it back.

So, in short, a one-pass zero-fill of the drive is enough to “sanitize” the data therein. Please don’t throw away or destroy hard drives just because someone else used them before, and if you’re selling a computer, just wipe the drive completely and your now-destroyed data is perfectly safe from prying eyes.

Gab’s Dissenter receives your entire browsing history; bonus: it can be tied to your unique user ID

I fully support the intent behind Gab’s Dissenter platform. The ability to comment on any website is a wonderful move for free speech. What I can’t get behind is the major privacy problem it poses, a problem which unfortunately is very hard to avoid in any “comment on any site” concept.

Gab’s Dissenter stores and retrieves comments by URL. This requires Dissenter to send EVERY URL YOU VISIT out to the Dissenter platform to check for user comments for that URL, and obviously to submit your own comments as well. Since you’ll probably be logged in to Gab to use Dissenter, these URLs may also be sent with your Gab user ID which easily ties them all together. Regardless of what the Terms of Service may say about their data collection and retention policies, there is the possibility that Gab is effectively collecting and storing your entire browsing history while using the Dissenter extensions or app.

Even if they say that they don’t do this sort of collection and retention, you must choose whether or not to trust them. Consider a similar privacy-protecting service: VPNs. Several VPN service providers that claimed to be “no-log VPNs” (meaning they don’t store any information about your activities on their services) have been caught storing logs once police subpoenaed them for logs and they were forced to comply. It’s even possible for data to be retained in places not specifically meant to retain that data; for example, a server debugging log may contain all user requests made during the time period that the debug data was enabled, and that log is then readable to computer hackers/crackers or to law enforcement through a lawful subpoena.

How far are you willing to trust Gab with the data they necessarily must receive from you to keep their service working? It’s your choice. All I want is for you to make an informed choice, not an ignorant one.

It occurred to me shortly after writing this that there is one other possibility, but it’s not really much better. The only other way to do it without sending the URLs directly would be to hash the URL on the client side and send the hash instead, but unlike passwords, an unsalted hash of a (probably public) URL is fairly easy to come up with. Law enforcement, for example, could easily ask Google to provide a hash list of every URL in their database and it’d take Google less than a day to generate such a list. Even a casual hacker could build a simple web spider that follows URLs and hashes them to build that list. It’d be sort of like copy protection: it protects against completely ignorant users making copies, but hackers and pirates will break the protection easily and do as they please. Likewise, any method to conceal the URLs sent to Gab’s Dissenter would only count as obscuring the URL and could be easily cracked. If you think about it, there’s simply no other way to do it: how else can Dissenter know what comments to store and retrieve?

Service providers that store user data need to GIVE USERS THE KEYS!

Comments on this post are welcome and strongly encouraged.

Service providers such as Gmail, Yahoo, Facebook, Twitter…all of these, they need to offer users a data encryption option that does the following:

  1. It disables the password recovery system, so that no one else can exploit it or any weak links to it to get into our accounts, but if we “forget” our password then we can’t either; and
  2. Our passphrase encrypts a larger key which encrypts our non-public data on their servers with 256-bit AES encryption.

In light of the fact that General Petraeus was brought down by someone other than him and a personally trusted party accessing the data in his Gmail account, I think the users need to be handed the keys to our accounts and service providers need to give them up. By far the largest method for hackers to steal highly important or sensitive data is the “forgot password?” link at any given website.Our email accounts are almost universally used as a skeleton key to our other accounts. Mat Honan’s Gmail, Twitter, and Apple ID accounts were all hacked into in the space of an hour this way, and the hackers deleted all of the data on his MacBook, iPhone, and iPad when they got in.

For services that offer this encryption option, there should be an additional option to unlink all email accounts as well. There are some services that exist already which allow you to open an account for which an email account is optional, but they’re not very common and typically are also obscure and small.

Obviously, this is something that won’t do much with services like Facebook and Twitter, because in order for the service to show tweets or posts to anyone else, they have to be readable by the service provider itself. However, if you’re on Facebook and change a post or picture to be visible to “only me,” the media should be encrypted with your encryption key, then all unencrypted copies deleted from the provider’s servers, including its content delivery network.

Another feature that absolutely needs to be in place is for all mail service providers to support mail delivery and hopping over SSL or TLS, so that plaintext email does not go over the wire without any encryption. If email is encrypted on Gmail and encrypted on Yahoo! Mail, then the end-to-end link between them also needs to have encryption. Ultimately, the amount of time an email spends stored or transmitted as plaintext should be minimized. It would also be nice if mail applications such as Mozilla Thunderbird had built-in encryption for the entire user profile (stored/locally cached mail, stored account passwords, configuration settings, etc.) utilizing a master password, though it seems that most people point to workarounds that don’t ask Mozilla to add such support directly into Thunderbird. (What if I don’t want to install full disk encryption software, or can’t do so, or want to use Thunderbird in a portable fashion on a flash drive?)

Yet another feature that would be very nice to have is a “lockdown” feature, where you can log into your encryption-enabled account on a service like Facebook or Twitter, go to some sort of security settings page, press a button called “lock down account,” confirm that you really meant to lock down the account, and all media that is stored in your account automatically gets changed to “only me” privacy and encrypted in one shot, plus any attached “escrow” methods of password retrieval such as cell phones or email addresses are rendered unusable. If you have reason to believe that your data needs to be locked down quickly, having a feature like this is critica

The biggest downside to this system is that if you lose or forget your password, you lose everything. The most common response to this “downside” will be “that’s a great feature to have!” and I strongly agree: if I don’t want anyone accessing my account, I desperately need to be able to lose the password with no means of recovery. However, another downside is that if someone gains access to your account, they can lock you out of your own data in the same way that you can lock others out. The most obvious answer to this would be some form of two-factor authentication, but adding TFA to the mix would imply such things as if you lose your second factor, you can’t lock down your account or change your encryption password, so it’s a bit of a double-edged sword.

The major reason that “encrypt everything” has not been adopted by knowledgeable users is that it’s not available as an option, and where it is available, you have to jump through ridiculous hoops to get it set up and working. Things like the HTTPS Everywhere extension and Google switching its services to use HTTPS by default are steps in the right direction. The fact that anyone can get online and dig up your maiden name, social security number, city you were born in, first vehicle you owned, and much more within minutes and for small fees means that password recovery options with security questions and whatnot are the equivalent of locking your five deadbolts and leaving the key under the WELCOME mat. Furthermore, if the FBI, CIA, NSA, or some other three-letter agency decides they want to read your mail without your knowledge, there’s nothing at all stopping them from doing so.

One of the big arguments against encryption is that it allows bad people to hide bad things. News flash: bad people can use encryption even if you DON’T allow it. The only thing that happens when you don’t have encryption available is that GOOD people can’t protect themselves and their privacy so easily, but the bad guys have an extraordinary motivation to jump through the extra hoops required and certainly will do so to avoid being caught. This argument against providing encryption has no substance in a practical world.

In summary: Service providers need to give us the keys to our data.

Did your ISP forward you a DMCA copyright infringement notice?

Final Update

I have canceled the copyright-infringement-notice.com domain name and archived the text elsewhere on this blog. All of this content was written in 2012 and hasn’t been updated in years. I am keeping the post you’re currently reading for historical and entertainment purposes. If you follow any outdated advice or information given below, you do so entirely at your own risk. I am not a lawyer and only a fool would take anything I write as legal advice.


HUGE FAT WARNING: I AM NOT A LAWYER. If you need legal advice, GET A REAL LAWYER.

I have a dedicated site for my guide on what to do if you receive a DMCA complaint or copyright infringement notice/settlement “offer” threat from your ISP. [Note: domain canceled, link goes to archived version.]

Update 5, 2012-12-06: I’m working out the details of a next-gen P2P file sharing program that should fix up most of the problems with P2P file sharing today, including the IP address issue.

Update 4, 2012-10-18: Added a rambling post containing my thoughts on why it’s impossible to prove that individuals infringed over the Internet without their own confession to doing so.

Update 3, 2011-11-02: Added a new post with an analysis and the actual text of one of these notices.

Update 2, 2011-11-02: My little site at http://copyright-infringement-notice.com/ has been massively updated, including a guide for people who are panicking and feel a need to do immediate damage control.

Update: This is one of the most popular pages on my entire blog now…so, I’m now running a small website that provides information about copyright infringement notices. Check it out at http://copyright-infringement-notice.com/ and give me additional ideas, suggestions, or information to make it better!

I generally keep myself aware of what’s going on with the whole peer-to-peer file sharing scene, particularly because the case law it generates changes the nature of copyright law in this country, and as someone who writes software, I need to know about such changes.  Additionally, because I download a good number of legitimate files from BitTorrent trackers (i.e. Linux distribution CD images), I want to know what I’m stepping in.  I’ve noticed a very disturbing trend over time which concerned me enough to finally write a whole blog post:

“Copyright cops” who threaten users of BitTorrent trackers frivolously pursue anyone whose IP appears on their radar and their evidence would not stand up to even the most trivial review.

That’s right, companies such as BayTSP, Copyright Enforcement Group, U.S. Copyright Group, and other paid agents of large media companies are bringing claims against torrent users without even collecting evidence of infringement.  For example, the University of Washington was able to trigger a DMCA copyright infringement cease-and-desist notice being sent to their technical department.  The copyright cops caught the user at this UW IP address RED-HANDED, INFRINGING ON THEIR COPYRIGHT!

The IP address being accused of BitTorrent-based copyright infringement belonged to a network printer.

No, I’m not kidding.  The recording/movie/television industry copyright “enforcement” corporations accused their network printer of stealing movies.  That’s how easy it is to be wrongly accused.  But what else?  There’s another experiment from 2007 which was performed with a specially written BitTorrent client which explicitly did not download nor upload any material, only jumped on a tracker and added itself to peer lists.  This client, which was designed to be incapable of actually infringing copyrights, generated copyright infringement notices from BayTSP despite the fact that such infringement was simply not possible with that application!

I find this to be absolutely ridiculous, particularly because of the nature of these notices.  Many of them are also legal threats.  Regardless of innocence or guilt, any filing of a lawsuit against you costs money to handle, and if it’s so easy for these automated copyright scanning processes to both target the wrong person entirely AND target people who didn’t provably upload or download file data at all, that doesn’t bode well for any of the parties involved.  It’s fairly obvious that the “copyright cop” companies are basing their claims of infringement solely on the population of BitTorrent trackers’ peer lists.  They don’t actually download the entire file from you and keep logs that show they did so as evidence that you indeed infringed on their copyright; they merely see your address in a particular list and send off the notice.

Study 1:  http://dmca.cs.washington.edu/

Study 2:  http://bmaurer.blogspot.com/2007/02/big-media-dmca-notices-guilty-until.html

TechDirt article on this topic:  http://www.techdirt.com/articles/20100401/0846028831.shtml

What’s even more outrageous to me is that these companies advertise their services as being unethical right off the bat.  They resort to legal threats and mass lawsuits against “infringing parties” but they advertise it to content owners and rights holders this way:  “Monetize copyright infringement!  We can bring you income from a surprising source: people who download your content illegally!”  It’s not even about doing the right thing, it’s about the bottom line, meaning they have no reason to care about innocent people being caught in the dragnet.

Despite the risk of a lawsuit, if you happen to receive a DMCA copyright infringement notice which is forwarded by your ISP, either by email or regular mail, here’s my advice:

  1. DO NOT EVER CLICK ON ANYTHING IN AN EMAIL, VISIT ANY WEBSITE IN A LETTER OR POSTCARD, OR OTHERWISE REPLY OR MAKE CONTACT IN ANY WAY WHATSOEVER! You run a plethora of risks if you respond in any way, even indirectly such as by visiting the “copyright cops” website out of curiosity.  They can fingerprint your computer, you may be implicitly admitting guilt even if you’re innocent, you could hand them personal information such as your full name by accident…the list goes on.  DON’T DO IT.
  2. Read the studies above, as well as any other relevant material you find online such as articles on p2pnet.net [note: this site has been gone for a while now], just in case anything happens.  If you end up in a bad situation, you need to be able to educate your lawyer on how their infringement detection tactics are grossly flawed.  Be prepared, JUST IN CASE.
  3. If you really did infringe on someone’s copyright, do the right thing. That means disposing of the things you’ve downloaded and putting yourself in a position where you’re less likely to end up with more infringement notices.  That doesn’t mean admitting guilt. Don’t ever admit guilt in any way, just delete the downloads, stop downloading stuff you shouldn’t be, and shut up about the whole thing.  Admitting ANYTHING is just plain begging for a lawsuit.
  4. If you’re truly paranoid, back up your data, zero out your hard drive using something like the Tritech Service System (running “dd if=/dev/zero of=/dev/sda” will do it on almost any computer out there), and reinstall clean so there’s no evidence left behind.  If you get in a legal fight and your computer gets subpoenaed for discovery, you can’t do this, but there’s nothing stopping you from doing as you please with your hard drive before receiving a subpoena.
  5. Most ISPs won’t kick you off their service for this.  Don’t respond to the ISP unless you receive direct threats from them.  If your ISP threatens to disconnect your service, use the information in the experiments above to explain to them that these people are making claims for which they have no real proof, and that you are not infringing on anyone’s copyrights.  Remember that the ISP has no reason to boot you unless you’re a very egregious media thief, and if that’s the case you probably can’t read this by now anyway.

As a creator of copyrighted works, I can’t condone the piracy of copyrighted material, but I also feel that the major media industry corporations have gone way too far with their “sue them all” tactics.  If someone pirated my creation and I found out, I wouldn’t threaten them or demand a settlement payment so quickly; I’d ask them to do the right thing and just pay up for it if they liked it (or toss it if they didn’t and tell me why so I could make it better.)

Don’t steal stuff, but don’t let big companies steal from you for something you didn’t do either.

It would be nice to hear from a real copyright lawyer on this issue.  Feel free to comment, especially if you’re a lawyer.  I don’t post email addresses, your comment will be as anonymous as you name it to be.

Antivirus 2009

One of these days, I’ll find the guy who writes this stuff and leave his rotting carcass in a ditch.

How is it that people get more of these fake security programs than even actual viruses?

I’m becoming an expert at getting rid of stuff that’s just nagware, not even a real virus, and it’s getting quite old.  If I hunt the guy down that’s making the money off this thing (and I’m sure it can be done) perhaps I can spend my time helping customers with real issues instead of removing this trash from machines!

*sigh*

Anyone want to help me track down and de-fund the guy behind this stuff?