Blunder Dome Sighting  

Hangout for experimental confirmation and demonstration of software, computing, and networking. The exercises don't always work out. The professor is a bumbler and the laboratory assistant is a skanky dufus.

Click for Blog Feed
Blog Feed

Recent Items
Uh, lemme see, I'm gonna hack my router and expose...
Flaws in Genuine Software Still Exploitable in Tru...
A Secure RFID-Identification Protocol?
How Effective Is Your Software QA?
An Entirely New Way of Designing Systems?
Trust Points and Trust Issues
How Do We Safely Orient for Aspects?
Conquering the Business-Application Life Cycle
FLINT for bug-free, secure, and reliable software....
TRUST 2: Proliferation of COTS in Critical Infrast...

This page is powered by Blogger. Isn't yours?

Locations of visitors to this site
visits to Orcmid's Lair pages

The nfoCentrale Blog Conclave
Millennia Antica: The Kiln Sitter's Diary
nfoWorks: Pursuing Harmony
Numbering Peano
Orcmid's Lair
Orcmid's Live Hideout
Prof. von Clueless in the Blunder Dome
Spanner Wingnut's Muddleware Lab (experimental)

nfoCentrale Associated Sites
DMA: The Document Management Alliance
DMware: Document Management Interoperability Exchange
Millennia Antica Pottery
The Miser Project
nfoCentrale: the Anchor Site
nfoWare: Information Processing Technology
nfoWorks: Tools for Document Interoperability
NuovoDoc: Design for Document System Interoperability
ODMA Interoperability Exchange
Orcmid's Lair
TROST: Open-System Trustworthiness



How Do You Know Your Discarded Disk Is Unreadable?

ACM News Service: Skeletons on Your Hard Drive.  This blurb is a great reminder of how much we put faith in two things: What people tell us their service or disk wiper software provides, and what we believe because we don’t know how to read the wiped data ourselves.  We tend to forget that a culprit out for your information or simply opportunistically scanning for anyones goodies and private files is going to attempt things we aren’t equipped to verify ourselves.

This is distressing for me because I am a big advocate of arrangements that I term “confirmable experience.”  Confirmable experiences, such as two end parties having the tools they need to figure out why an e-mail communication is failing, have a strong cooperative component—the willingness to arrange, use, and exchange confirmatory findings.  You and I may successfully arrange to run the same tests at a distance, or tolerate failures in ways that the defect can be discovered.  More than that, I am able to communicate what I am seeing to the other party so that the end-to-end picture can be pieced together.  That’s completely different than the situation where someone is willfully seeking an exploit and has no interest in my awareness of it, let alone confirming it with me.

So here we are having to think about the unseen and putting faith that its invisibility to us means it is truly inaccessible.  It’s one of those moments that brings William Kingdon Clifford’s challenging “The Ethics of Belief” sharply into recall.

Matt Hines’ 2005-04-20 CNet article provides more details and information about how to wipe disks properly if you’re going to rely on such techniques. 

All of this is of little help for ordinary theft of a laptop.  There you have a pristine hard drive with what the user wants to be there, in all its glory.  Not only am I bothered by it apparently being quite easy for my laptop to be reset to an insecure default startup configuration, with physical access to the machine a thief can simply remove the hard drive and examine it at leisure using a different machine, so I have to protect the data on the drive in a direct way.  Mostly, I don’t want anyone else to be able to use the machine with my hard drive in it, and I’d rather the thief be discouraged in trying to use anything that is on that drive, especially the operating system itself.  A determined perpetrator won’t be dissuaded, but I’d like to cut down on the hazards of ordinary theft of a mobile device. 

If encryption is the answer, how do I rely on that, and whose product can I trust?  How does it impact my day-to-day ability to operate?  I have no idea.  What I know is that I have little way of telling whether the safeguards are really working as claimed, just as I have to rely on my antivirus software being benign, on my software firewall really protecting my system, and my residential router actually being impenetrable from the net, especially with a DSL modem in front of it.  I am left with Clifford’s challenge: What right do I have to believe that I am protected by these measures?

Construction Structure (Hard Hat Area) You are navigating Orcmid's Lair.

template created 2004-06-17-20:01 -0700 (pdt) by orcmid
$$Author: Orcmid $
$$Date: 10-04-30 22:33 $
$$Revision: 21 $