Who's looking on your harddrive?

[Jerry]

Two MIT Grads purchased 158 used  harddrives, mostly off of ebay, to see how well people erased their information.

They found 5,000 credit card numbers, personal emails, medical records, and a lot of porn. Apparently one drive came out of an ATM which had bank statement information including account numbers.

The full report can be found here: http://www.simson.net/clips/2002.IEEE.DiskDriveForensics.pdf

[Michael Kennedy]

Yeow.  That's why I've NEVER sold a used harddrive to anyone else.  I have a hige cache of my personally used drives that won't go to anyone under any circumstances.  Of course, I don't mind trading drives around that came from other people's PCs...  :)

This is part fo the reason why Best Buy would rather trash whole PCs rather than donate the floor models.  They got sued by a school (I think it was a school) because a donated PC had recoverable porn on the drive (from loser customers, I guess).  It pains me to hear how they throw away P3 systems and all that cool hardware...

[Stiffler]

People need to do their homework. A software company called iolo makes a program called DriveScrubber, which creates a boot disc. This boot disk can erase the entire contents of a drive so thoughly that even the DoD cannot scan the magnetic residue on the platters to get your data.  :-D

In fact, I am using this proggy on one of my spare computers that I think I mike sell to Grim. Not that I don't trust him or anything...But you can never be too careful. It's an easy prog to use, BTW.

Jon

[Peter Motyka]

I can't help but ask.. but what are people storing on thier computer that requires such drastic measures to purge?  I understand the credit card information and other financial data, but are you not more likely to accidently misplace this information via resturant recipes and other insecure paper trails?  In my opinion, a good ol' zero fill, usually provided on a hard disk manufactuers utiliy disk, provides an adequate level of security.  Perhaps I am naive, but paranoia about identity theft and personal data security seems to be horribly sensationalized by the media.  A shrewd computer user with common sense should be capable of keeping thier data secure without having to buy expensive tools to gain piece of mind.

Peter

[Chris Swingler]

Plus, for those people who are paranoid _and_ cheap, the article points out serveral free alternatives for cleaning your hard drive.

And yeah, I'm as lazy as Peter, a good 'ol zero-write is enough for me (though I have yet to have a used hard drive go anywhere than get handed down through my family, and none of them have the expertise to recover anything off of the drive.  :-) )

--Beanie

[Michael Kennedy]

Well, I'm no hardd rive expert, but I've heard that zero fills are even recoverable.  I've heard that the recommended 3 zero fills can still even be broken.

I have some data from a while back that I'd greatly prefer that people never get ahold of.  Personally, that gets stored on CD-Rs that are even locked up, but I'd be in some legal trouble if it was ever found.  Nuff said on that.

Also, I've noticed that paranoia seems to come with increased computer knowledge and I'm no exception to that.  :)  Old HDDs that I've used for email checking, etc will never leave my house.  :)