Blunder Dome Sighting  
privacy 
 
 
 

Hangout for experimental confirmation and demonstration of software, computing, and networking. The exercises don't always work out. The professor is a bumbler and the laboratory assistant is a skanky dufus.



Click for Blog Feed
Blog Feed

Recent Items
 
Uh, lemme see, I'm gonna hack my router and expose...
 
Flaws in Genuine Software Still Exploitable in Tru...
 
A Secure RFID-Identification Protocol?
 
How Effective Is Your Software QA?
 
An Entirely New Way of Designing Systems?
 
Trust Points and Trust Issues
 
How Do We Safely Orient for Aspects?
 
Conquering the Business-Application Life Cycle
 
FLINT for bug-free, secure, and reliable software....
 
TRUST 2: Proliferation of COTS in Critical Infrast...

This page is powered by Blogger. Isn't yours?
  

Locations of visitors to this site
visits to Orcmid's Lair pages

The nfoCentrale Blog Conclave
 
Millennia Antica: The Kiln Sitter's Diary
 
nfoWorks: Pursuing Harmony
 
Numbering Peano
 
Orcmid's Lair
 
Orcmid's Live Hideout
 
Prof. von Clueless in the Blunder Dome
 
Spanner Wingnut's Muddleware Lab (experimental)

nfoCentrale Associated Sites
 
DMA: The Document Management Alliance
 
DMware: Document Management Interoperability Exchange
 
Millennia Antica Pottery
 
The Miser Project
 
nfoCentrale: the Anchor Site
 
nfoWare: Information Processing Technology
 
nfoWorks: Tools for Document Interoperability
 
NuovoDoc: Design for Document System Interoperability
 
ODMA Interoperability Exchange
 
Orcmid's Lair
 
TROST: Open-System Trustworthiness

2005-05-03

 

How Do You Know Your Discarded Disk Is Unreadable?

ACM News Service: Skeletons on Your Hard Drive.  This blurb is a great reminder of how much we put faith in two things: What people tell us their service or disk wiper software provides, and what we believe because we don’t know how to read the wiped data ourselves.  We tend to forget that a culprit out for your information or simply opportunistically scanning for anyones goodies and private files is going to attempt things we aren’t equipped to verify ourselves.

This is distressing for me because I am a big advocate of arrangements that I term “confirmable experience.”  Confirmable experiences, such as two end parties having the tools they need to figure out why an e-mail communication is failing, have a strong cooperative component—the willingness to arrange, use, and exchange confirmatory findings.  You and I may successfully arrange to run the same tests at a distance, or tolerate failures in ways that the defect can be discovered.  More than that, I am able to communicate what I am seeing to the other party so that the end-to-end picture can be pieced together.  That’s completely different than the situation where someone is willfully seeking an exploit and has no interest in my awareness of it, let alone confirming it with me.

So here we are having to think about the unseen and putting faith that its invisibility to us means it is truly inaccessible.  It’s one of those moments that brings William Kingdon Clifford’s challenging “The Ethics of Belief” sharply into recall.

Matt Hines’ 2005-04-20 CNet News.com article provides more details and information about how to wipe disks properly if you’re going to rely on such techniques. 

All of this is of little help for ordinary theft of a laptop.  There you have a pristine hard drive with what the user wants to be there, in all its glory.  Not only am I bothered by it apparently being quite easy for my laptop to be reset to an insecure default startup configuration, with physical access to the machine a thief can simply remove the hard drive and examine it at leisure using a different machine, so I have to protect the data on the drive in a direct way.  Mostly, I don’t want anyone else to be able to use the machine with my hard drive in it, and I’d rather the thief be discouraged in trying to use anything that is on that drive, especially the operating system itself.  A determined perpetrator won’t be dissuaded, but I’d like to cut down on the hazards of ordinary theft of a mobile device. 

If encryption is the answer, how do I rely on that, and whose product can I trust?  How does it impact my day-to-day ability to operate?  I have no idea.  What I know is that I have little way of telling whether the safeguards are really working as claimed, just as I have to rely on my antivirus software being benign, on my software firewall really protecting my system, and my residential router actually being impenetrable from the net, especially with a DSL modem in front of it.  I am left with Clifford’s challenge: What right do I have to believe that I am protected by these measures?

 
Construction Structure (Hard Hat Area) You are navigating Orcmid's Lair.

template created 2004-06-17-20:01 -0700 (pdt) by orcmid
$$Author: Orcmid $
$$Date: 10-04-30 22:33 $
$$Revision: 21 $