Security News > 2005 > September > Data dangers dog hard drive sales
http://news.bbc.co.uk/2/hi/technology/4229550.stm 12 September 2005 Many people are taking risks with data on hard drives and memory cards which they are selling via eBay, say experts. Letters, resumes, spreadsheets, phone numbers and e-mail addresses were all found on storage hardware bought and analysed by forensics firm Disklabs. Also recoverable were temporary files from net browsers which contained login details and passwords for websites and even online bank accounts. The problems arose because sellers were only taking basic steps to delete data. Key change In its test of how good users were at destroying data, Disklabs bought 100 hard drives and 50 memory cards - which included SD cards, flash drives, sim cards and memory sticks - from the auction site. Simon Steggles, director of Disklabs, said the drives and memory cards were probably being sold by people upgrading home PCs or changing their mobile phone. "Most people made only cursory attempts to erase the data," said Mr Steggles, "and some had not done even that." During its investigation, Disklabs found large amounts of personal and confidential business data on storage hardware. Most worryingly, said Mr Steggles, it was possible to extract the temporary files that Microsoft's Internet Explorer browser uses to keep track of what people do when they are using the web. With a little work, it was possible to reconstruct almost everything that some users did online, and to grab cookies and login details for sites they visited. "With not a massive amount of work we could go in there and help ourselves to whatever we want," he told the BBC website. In many cases, only the delete key was used to remove data. However, in PCs and many other digital devices all this does is apply a label that says these sections of storage can be over-written. On large disk drives this can mean the supposedly deleted data remains intact for a long time. In such cases, said Mr Steggles, recovering data is very straight-forward for forensic firms and, perhaps, technically-aware thieves. What users needed to realise, he said, was how hard it was to destroy data. Even formatting hard drives and other memory cards would not irrevocably remove information stored on them. If users were worried about potentially sensitive data, said Mr Steggles, they should use a professional forensics firm to erase it "Alternatively," he said "they could smash it to bits." _________________________________________ Attend ToorCon Sept 16-18th, 2005 Convention Center San Diego, California www.toorcon.org
News URL
http://news.bbc.co.uk/2/hi/technology/4229550.stm