Slashback: Compromise, Bugs, Slag

Slashback with more on Bill Gates' comments on bugs in Microsoft's code, the recent compromising of millions of credit card numbers, more .uk domain waffling, and more, including a foolproof way to stop anyone from reading data off of your discarded hard drive's platters.

Let me just slide your card a few dozen more times ... Any Web Loco writes "Following on from this piece on /., this story in the Sydney Morning Herald tells us that the company that got hacked (exposing up to 8 million credit card numbers) was Data Processors International. Not much to the story, but we now know who it was."

Another reason to be cautious about domains with "uk" in them. An anonymous reader writes "The Register reports that Nominet has looked at opening .net.uk up or killing it off and then decided it can't decide. The chair of sub-committee responsible, Clive Feather, is currently standing for re-election to Nominets Policy Advisory Board. The sub-committee he chaired had suggested shutting down net.uk entirely, which the main board rejected. His position must surely be under scrutiny by the internet community."

Interesting bugs are in the teeth of the beholder. dvdweyer writes "I myself do remember having read the whole interview with Bill Gates in Focus, a German weekly news magazine (their online service now seems to be part of MSN *yuck*). There are however resources online which provide full sources, in English, most notably RISKS in issue 17.43 (not 17.42) with a follow-up in issue 17.44."

When fan-subs just aren't what you want. May Kasahara writes "Studio Ghibli fansite Nausicaa.net now has official release dates for Region 1 DVDs of Kiki's Delivery Service , Laputa: Castle in the Sky , and Spirited Away , as well as official preview artwork of the disks and packaging. As a side note, the site now has a page up for Miyazaki's upcoming Howl's Magic Castle . See you at the video store on April 15!"

Fonts make your terminal much more useful. Russ Nelson writes "The Bitstream Vera fonts are available for trial use. Bitstream is still tweaking them, so they're under the provisional "no redistribution" license. You can download them yourself, though, and in about a month, put them in your software distribution. Kudos to X co-creator Jim Gettys for finally getting X some professional-quality fonts."

Dear Mr. Ashcroft: I hope you find this slag useful. eecue writes "Due to the recent MIT study concerning data recovery from old hard drives, we decided that the only foolproof means of data removal was complete destruction."

netcraft survey says...

[Anonymous Coward]

The site www.dpicorp.com is running Microsoft-IIS/5.0 on Windows 2000.

Sometimes...

[awx]

...I hate paranoid companies. I have a pdp11 that used to control an experimental blast furnace at British Steel. Guess what the obvious thing to do with a disk rack full of company when the experiment was ended... :(

.uk

[geekoid]

Is supposed to be .gb.

If the people in Great britian complain we don't use metric, that I'm sure as hell going to complain that they don't conform to the Domain standard. Take that!

no wonder DPI got hacked!?!?!

[netnerd.caffinated]

check out netcraft [netcraft.com]

Data Wiping

[tarnin]

Seems to me that writing 0's to the drive is pretty sufficiant for most peoples needs. As it is its near impossible to impossible to retreive data from a disk that way. Turning one into slag after demag and what not is probalby pointless rite now. Of course, if you are thinking long term and have really sensative data that you are storing on a disk somewhere, then slaging is always an option. On the the writing of 0's to the disk. Best that I have come up with for windows is a bootable floppy/cdrom that had any type of program with the ability to write 0's block by block to the drive. This has worked 100% of the times that I have used it. Of course I havent done the extensive work of the MIT students but from the few programs that I've tried to use for recovery, I have come up blank which for what I keep on my drives is good enuf.

Hard Drive Destroyed

[TedTschopp]

For those of you without the tools necessary in the pictures above. A Road flare works wonders.

This from personal experience. I work for a rather large company. When we were upgrading from Windows 95 to 2000, many of the exec. at the company expressed concerns about the confidential data on their old machines. We Assured them that the data would be deleted.

We took the hard drives out to the parking lot broke open the drive, started up a road flare and proceeded to melt down the platters. We left the drive 'cool' down and took them back into our exec. and showed them to him. He was quite happy with the procedure. He asked that all exec.'s hard drive be treated the same. We decided at that point our supply of flares would not last so one tech mentioned that he had a blow torch at home. Next morning he returned with 10 nicly blown hard drives.

On another note, I've heard (someone please verify) that the military uses explosives to take care of old hard drives and storage media.

Ted

Re:Wow...fonts

[questionlp]

I know your being a bit sarcastic or fecitious, but many of the free TrueType or OpenType fonts available on the Internet aren't exactly the best fonts, primarily when printing or used in any high-resolution, anti-aliased, and/or large font size scenarios. It all has to do with how the fonts are hinted, constructed, tweaked and tuned. It's a painful process, even for professionals who spend their work hours producing fonts.

I personally think it's great that they are providing high-quality fonts that can pretty much be free to distribute or hacked... mostly being a free (gratis) replacement for Verdana (and a couple of other fonts Microsoft includes in Windows and Office).

Re:hard drive destruction

[Anonymous Coward]

Very true. I have a friend who works for a large think tank up here in Massachusetts, and they had some critical data from a few years ago that they had to get off of a drive that had since been reformatted with a couple of different file systems and used for multiple different OSs in different workstations. (How the hell they ever figured out where the data was in the first place, I'll never know, but anyway :)

They took it to a commercial data recovery service and for about $500 they'll put it through one of those devices that reads weak quantum residues and get you back whatever data it was that you were looking for. Of course, the drive is in itty-bitty irradiated pieces, so you can never use it again, but it works :)

Re:Hard Drive Destroyed

[il dus]

On another note, I've heard (someone please verify) that the military uses explosives to take care of old hard drives and storage media.

Nope, sorry to disappoint, but we don't do anything like that, though it would be pretty cool. The destruction process is so thoroughly regulated that it's often easier to just lock them in a safe and forget about them. In fact, in my office we have several ten year old hard drives. No one knows what's on them, just that they're sensitive, so they'll probably still be there ten years from now.

Re:Data Wiping

[Anonymous Coward]

LOL.. you think some piece of $50 "recovery" _software_ is going to get anything off a drive? You're lucky it can read data that hasn't been overwritten at all.

It's a trivial matter to recover data that has been "erased" by writing 0's over it. TRIVIAL. It's a little more difficult if you write true random data mixed with alternating 0/1 bits (overwriting several times, in several passes), but recovery is almost always possible with the right equipment. Complete destruction is the only sure way.

This got modded up, why???

Slashbot morons.

Re:Hard Drive Destroyed

[PeterT]

When I was on active duty in the Navy (back in the dark ages) we just torched the drive with a standard oxy-acetaline cutting torch. 20 inch platters would slag in about 15 seconds. The whole platter would be gone in under a minute. Great Fun!!!

We used thermite grenades for 'emergency' destruction.

Re:Insecure Hard Drives - ZERO IT!

[Anonymous Coward]

In the heavy duty real world where real work gets done things aren't necessarily this simple. For example I work with some monsters that are called StorageTek virtual arrays... essentially a box that can look like any kind of disk you want and how ever many you might want. All disks that look real to the os are actually virtual concerning the box. Tracks are compressed by the hardware and are always written to a new location on one of the physical disks. The old location will eventually be freed.

This means you could write zeros over each and every track and all the original data could still be there. Try explaining this shit to an auditor!!

fl0ydz

Why not?

[zogger]

Why not just ask him? Couldn't slashdot officially do one of their interviews? It's not like he's unaware of slashdot. He's got a binary choice, he can accept or decline. The editors and mods pick the questions anyway, might as well try.

Diana Wynne Jones

[mcc]

I'm not sure if anyone else noticed this, but.. good lord, Miyazaki is making Howl's Moving Castle into a movie?? That's *awesome*.

I don't really have a comment here. I'm just curious whether i'm the only person on Slashdot who's heard of Diana Wynne Jones. She was, like, one of my favorite authors all the way through junior and high school, but not a lot of people in america seem to have heard of her (she's apparently mostly known in Britain.. apparently Neil Gaiman is a big fan, or something). I randomly wound up running across and subsequently buying a bunch of her books in paperback last week, after not having really thought about them for years, and now i see that Studio Ghibi is making one of her books into a movie. That's kind of random.

Anyway, DWJ writes this very very well-realized sf/f that is pretty clearly aimed at a "younger audience". but doesn't seem any shallower now that i'm a bit older. Am I the only fan of hers around here? Just curious.

Re:Wow...fonts

[ChaosDiscord]

...many of the free TrueType or OpenType fonts available on the Internet aren't exactly the best fonts, primarily when printing or used in any high-resolution, anti-aliased, and/or large font size scenarios. It all has to do with how the fonts are hinted, constructed, tweaked and tuned. It's a painful process, even for professionals who spend their work hours producing fonts.

Actually, high resolution, anti-aliasing, and large font sizes are extremely forgiving of low quality. The only thing that making a font really big might reveal is that the creator didn't make lines quite horizontal or vertical. Given the ease of making exactly horizontal or vertical lines in any font editing program, this isn't a real issue.

As you point out, the devil is in the hinting. Hinting really only matters when you need to display a character in as few pixels as possible. Typically on screen in small font sizes, but also on low resolution printers (is anyone really using dot matrix anymore), or for very small fonts (on a typical low end 300 dpi laser printer we're talking smaller than about 6 point). As screen resolutions improve hinting will become less important.

Because of all this, free fonts on the web (or the cheapo font knockoffs you can buy) are perfectly fine for use in printed materials or for large font use. It's when you're trying to read body text in a poorly hinted font that you really appreciate what you get with a higher quality font.

Interestingly hinting is largely irrelevant for X users. Hinting in TrueType is patented. Every distributor (including FreeType themselves) disables hinting support as a result. Unless you're willing to build a patent infringing copy of FreeType yourself (it's a simple change), you'll never benefit from high quality hinting information. If you don't mind anti-aliased fonts it's probably not a big deal, between FreeType's non-infringing auto-hinting and anti-aliasing support it's a minimal drop in quality.

Slagging vs.Naval Jelly

[the eric conspiracy]

My inclination as a chemist would be to pry the cover off of the drive, remove the platters and then soak them in a tub of rust remover aka Naval Jelly. That should pretty much take care of any data and/or media capable of retaining data. Once done some baking soda will do a nice job of neutralizing the mess.