Forgot your password?
typodupeerror
Security

Passwords Can Sit on Hard Disks for Years 449

Posted by CmdrTaco
from the my-password-is-31337 dept.
CygnusXII writes ""As people spend more time on the web and hackers become more sophisticated, the dangers of storing personal information on computers are growing by the day, security experts say. There are some obvious safeguards, such as never allowing your computer to store your passwords. But even that is no guarantee of security." "
This discussion has been archived. No new comments can be posted.

Passwords Can Sit on Hard Disks for Years

Comments Filter:
  • by Paulrothrock (685079) on Tuesday June 08, 2004 @10:04AM (#9365383) Homepage Journal
    Run for the hills! There's no guarantee of security! Everyone stop using your computers right now!
    • I was going to say! My computer is perfectly safe! I unplug it from the internet between pageloads.
    • by harrkev (623093) <kfmsdNO@SPAMharrelsonfamily.org> on Tuesday June 08, 2004 @10:23AM (#9365632) Homepage
      Of course there is a guarantee...

      Just buy a boatload of ram and disable virtual memory. Problem solved.

      Of course, you could always use Knoppix or something similar whenever buying on-line. This would also solve the problem for the truly paranoid.
      • by LookSharp (3864) on Tuesday June 08, 2004 @01:04PM (#9367720)
        Of course, you could always use Knoppix or something similar whenever buying on-line. This would also solve the problem for the truly paranoid.

        Of course, because everyone knows that retailers all use crackerjack security and are completely impenetrable by malicious forces. :)

        (Everyone always forgets that these are two-party-- or more-- transactions.)
  • Yikes! (Score:4, Funny)

    by mogrinz (548098) on Tuesday June 08, 2004 @10:04AM (#9365391)
    I've got to stop using c:\windows as my password!
  • Hehe (Score:5, Funny)

    by mgs1000 (583340) on Tuesday June 08, 2004 @10:05AM (#9365401) Journal
    It looks like some reporter just discovered the page file. :)
    • Re:Hehe (Score:5, Interesting)

      by Reziac (43301) on Tuesday June 08, 2004 @10:21AM (#9365596) Homepage Journal
      That was my thought too...

      Back in the Win3.1x era, when the typical swapfile was still small enough to peruse with a hex editor, I cruised through my permanent swapfile with LIST, just to see what was being dumped out of RAM. I found data in there that was identifiably over 3 years old. And therein, I also found some passwords archived -- as plaintext.

      Not to mention logfiles; I have some that stretch back several years, and I'm sure I'm not alone.

      So I don't find this exactly "news" either. Then again, I could turn this into a rant on the "expertise" of the typical tech journalist... (one of my PC maintenance clients is one. Regular exposure has given me a complete lack of respect for the breed.)

      • Re:Hehe (Score:5, Insightful)

        by Mortoc (786452) on Tuesday June 08, 2004 @11:18AM (#9366393)
        The fact that a password can sit on a hard drive is really irrevelent. If someone has access to your hard drive, they might as well just set up a keylogger and wait till you access a bank account or something, that would be much easier than wading through hundreds of megabytes of swap. This security hole is almost completely irrevelent, the only time that I would worry about something like that is when throwing away a a computer (which should be recycled anyway). Someone interested enough could go through your trash, removed an old hard drive and start snooping around.
        • Re:Hehe (Score:3, Interesting)

          by Reziac (43301)
          Yep, pretty much. If someone's that fascinated with your current personal stuff, there are easier and less-chancy ways to access the data. And if you're worried, use a wipe utility on that old HD before you trash it or donate it. Or if your tinfoil hat fits really tight, take the platters out and expose them to a hammer and a blowtorch.

          IOW, tho the security issue exists, it's not exactly something to lose sleep over -- because if someone wants to compromise your security, why not get current data right fro
          • Re:Hehe (Score:4, Informative)

            by lone_marauder (642787) on Wednesday June 09, 2004 @08:21AM (#9375702)
            IOW, tho the security issue exists, it's not exactly something to lose sleep over -- because if someone wants to compromise your security, why not get current data right from today's data input, instead of possibly-obsolete data of unknown relevance!

            Because that Asian rape spam that popped up into your preview pane 2 years ago may not be a daily occurence. The FBI loves pulling up ancient JPG fragments from swap in their ongoing efforts to protect children.

            Despite what you may have heard, the legality of pornography is of no relevance to prosecutors and judges; the first time the question of age comes up with regard to the subject of any particular photograph is when the jury is looking at poster size blowups of whatever they scraped off your hard drive.

            To prevent fascism (or at least thwart it), do the following. Set the not-commonly-known "clear swapfile at shutdown" windows registry key:
            HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown to 1
            Wipe your empty space and slack space regularly with something like eraser [tolvanen.com]. (Interestingly, I don't know of a way to accomplish these things when using Linux as a desktop OS. If anyone knows of a way to clear the swap partition on shutdown or to clear not only free space on the hard drive, but also cluster tips (file slack), please let me know.) When finished using a hard drive, or any time you have cause to format it, boot up to rescue mode from any Linux distro's boot CD and dd if=/dev/zero of=/dev/hda (or whatever device your hard drive happens to be).

            I have had access to the tools the bad guys (FBI, et. al.) use to extract evidence from your hard drive, and have seen that these procedures work brilliantly. Of course, I've also seen prosecutors derive character witness testimony from the very fact of using a program like eraser (only bad guys know this much about how to hide computer evidence!), so YMMV.

            If you don't happen to live in the United States, treasure your freedom and fight to protect it.
    • Re:Hehe (Score:5, Informative)

      by Jokkey (555838) on Tuesday June 08, 2004 @10:38AM (#9365828)
      The article does go into a bit more detail than that... They use a program called TaintBochs (probably hacked from the open source emulater Bochs) to track sensitive data and find out where exactly it goes and how long it's there. This sounds to me like a nifty hack, and they're actually doing research to come up with quantitative results on how long data sticks around, instead of just saying, "Um, yeah, stuff gets swapped out."
    • Eraser will help (Score:5, Interesting)

      by stecoop (759508) * on Tuesday June 08, 2004 @10:45AM (#9365934) Journal
      Go download Eraser [heidi.ie]. It will erase empty space and swap files using DoD mil quality and even higher. It will erase empty space on your drive while you sleeping swiping it clean of bits 32 times over. On shutdown it will erase the swap file with the same quality. You can also get the source code and make it better if you want.

      I have mine run once a week. I'm more concerned of my hard drive failing having to returning it under warranty and someone else receiving that drive they could then retrieve my data.
    • Re:Hehe (Score:5, Informative)

      by operagost (62405) on Tuesday June 08, 2004 @11:34AM (#9366603) Homepage Journal
      Too bad he didn't discover the setting in Windows XP that clears the pagefile on shutdown. Instead, he plays programmer and suggests that only a few measly lines of code will fix the problem; and no one will mind the huge performance hit because computers are so fast already.

      Even if you aren't running Windows, other OSes like OS/2 will recreate a fresh pagefile on every boot.

  • Zero the data (Score:5, Informative)

    by Lord Grey (463613) * on Tuesday June 08, 2004 @10:06AM (#9365412)
    One way to achieve this is for all data in RAM to be automatically turned into a string of zeros once it is finished with - something he [Tal Garfinkel] says could be done with just a few extra lines of code in application programs.
    My company worked on a project a few years ago that required this very thing. It wasn't just passwords, though: The customer demanded that all data passing through the applications be wiped as soon as possible.

    The project was written in C++. We started out using a custom string class that performed its own memory management (with zeroing the buffer on deallocation), but then promptly ran into problems with the STL. We wound up writing a memory allocator that also cleans up after itself. Those two solutions took care of the vast majority of the data leakage "problem" -- the only thing left was reinitializing stack variables within functions.

    Perhaps the ultimate solution would be to encrypt data as it is entered, before it is saved into RAM, and arrange for programs that use it to decrypt it first.
    The same customer actually requested this first. The problems associated with it were were terrible, especially in a multithreaded application. Plus, performance basically sucked. Wiping the data afterwards seemed to have the same end result, the performance was still good, and the customer was happy.

    BTW, the memory allocator and string class both made their way into the company's downloadable core library [bti.net] (MIT license).

    • Re:Zero the data (Score:3, Interesting)

      by Krach42 (227798)
      Perhaps the ultimate solution would be to encrypt data as it is entered, before it is saved into RAM,

      Not to mention when you look at how the data is entered, it passes through RAM as one of its very first stages.

      This would literally require a kernel patch.
  • by belgar (254293) on Tuesday June 08, 2004 @10:06AM (#9365413) Homepage
    Computers not secure? What a relief all my passwords are on stickies stuck to my monitor. I'm set!
  • My favorite MacGyver episodes were the ones where he used fingerprinting dust to read the numbers on a keypad. Of course, anyone using the keypad for a password is only going to press the keys involved in the password.

    The most dangerous thing to security is people. Why go routing around on a hard drive when you can just ask someone what the password is, and they'll probably tell you anyways?
  • by desplesda (742182) on Tuesday June 08, 2004 @10:07AM (#9365422) Homepage
    Let's just do a brain scan of everyone. I mean, you can forge fingerprints, voice prints, etc, but you can't beat a mind probe!
  • Untrue (Score:5, Funny)

    by frs_rbl (615298) on Tuesday June 08, 2004 @10:08AM (#9365427) Journal
    Passwords don't sit on hard disks. It's more like under mouse pads

    talk about hacker sophistication...

  • P2P (Score:5, Insightful)

    by Anonymous Coward on Tuesday June 08, 2004 @10:08AM (#9365430)
    It's amazing how easy it is to find people's password files shared on P2P apps like DirectConnect, Gnutella, etc. There's everything - Total Commander (FTP), WS FTP, mail clients, you just have to search for the proper file name.
  • Sir? (Score:5, Funny)

    by The Ultimate Fartkno (756456) on Tuesday June 08, 2004 @10:08AM (#9365435)

    I'd really like to sell you my old computer since this is a yard sale and all, but I see that you're wearing a mask, carrying a saber, and have a black hat on that says "l33t h4x0r!" I can't help but think that you might somehow be up to some nefarious shenanigans!

  • by ciroknight (601098) on Tuesday June 08, 2004 @10:09AM (#9365437)
    I've still got a three year old password on a postit note on the side of my monitor. It just goes to show you that passwords can sit anywhere.

    The real question is, if a password's that old, what use SHOULD it still have? Hopefully, people adopt policies where they update passwords every month, or few months, especially if it's dealing with anything financial/uber personal (doctor's records.. etc).

    Get real, stop trying to scare us with your security warnings; just educate people to change their passwords.
  • Passwords have been on hard drives for many many years. No matter if you are using M$ operating system or a linux there are passwords on the machine. If people don't know how to protect their computers than many they should just give their ATM card password to the public domain.
  • by Anonymous Coward
    with that, all my passwords are automatically filled in by Gator.....
  • by rickthewizkid (536429) on Tuesday June 08, 2004 @10:10AM (#9365460)
    ... and nobody's figured it out yet. I actually use several passwords, depending on the level of security. The "lowest" password, "password", is used for signing up to things like mailing lists, etc where there's little chance of me returning. The mid-level password, a pair of words with numbers in them, is used for mid-level security, such as my email, etc. The highest level password, a random collection of numbers, letters, and symbols, is used for the most secure information, such as my bank account, slashdot login and my pr0n encryption key.

    Now if I could only remember the combination to my safe.....

    Just my 46fctfj6&*23's worth....
    -Rick the WizKid
    (oooops...)
  • Mac OS X and Pastor (Score:5, Informative)

    by andy55 (743992) * on Tuesday June 08, 2004 @10:10AM (#9365462) Homepage
    Ah, funny this story was posted--I just had to address this issue the other day. I run Mac OS X and I happened to be doing a fresh install, moving all my data over from an old HD. Before this, I had always stored my slew of account info in a text file in an obscure and unlabeled file (I know, I know--very careless of me--that's way I was ready to change my ways!).

    Mac OS X's built-in "Keychain" services/util isn't streamlined for repeated user use, not to mention it doesn't have several auxiliary/free-form fields (that are also fully encrypted with the password field). After some research and trying a few of the freeware and shareware apps out there, I came across Pastor [versiontracker.com], a freeware, super-lightweight and user-friendly app that basically lets you maintain a catalog of username, pass, and about 6 auxiliary fields, stored in an encrypted file (when you go to open a file, it prompts you for the password and decodes it on the fly). If for some reason you don't dig this particular app, there's a couple others like it as well with increasingly levels of features (I happen to prefer lightweight).

    So I went w/ this model and it's had great payoffs--when I need a particular login, I click on an alias to my main password (Pastor) file, enter the file's password to decrypt it, look for what I need (it alphabetizes), and I'm all set--meanwhile, there's absolutely no risk of security--I love it.
    • I know you said you don't like the Keychain, but by using it, you surf to the webpage and... it's already filled in from an encrypted database. Why reinvent the wheel, especially for web logins and such?
      • by andy55 (743992) *
        I know you said you don't like the Keychain, but by using it, you surf to the webpage and... it's already filled in from an encrypted database. Why reinvent the wheel, especially for web logins and such?

        Keychain expects/assumes that all the stuff you store in there is conventional logins at certain URLs, etc. A lot of the entries I store don't fit that mold: my local router login/pass, my credit card pins, and some server logins that have unconventional fields. Most importantly, I want all those fields
        • by davesag (140186)
          I use the keychain and keychain access software daily and it's fine. Not fantastic granted - but fine. I have a keychain in my Documents folder on my iDisk called 'personal' and my keychain access knows to lookup keys from that chain. so home and work common passwords etc can all stay there.

          i have a mail certificate (free from thawte - neat) and have installed gpg so have a number of high grade gpg keys which i use to correspond with my ol' dad back home about bank statements etc.

          you say that the keych

    • There is still a security risk. What if someone gets you Pasotr password. Then they can have them all.
      • by andy55 (743992) *
        ...must...not...feed....the trolls.....

        ...breaking down....

        There is still a security risk. What if someone gets you Pasotr password. Then they can have them all.

        You must be new here. You can *always* use that argument. Someone can *always* install a key recorder or watch you type in your password. Security is about raising barriers, not about thinking/searching for somthing that will solve the impossible.
      • by Abcd1234 (188840)
        Easy. Do what I do. Use a 4096-bit public/private key pair, and keep the private key on a USB dongle on your (physical) keychain. *shrug* Of course, you probably want to back on your key on another device (CD-ROM in a physically secure location, for example), in case the USB drive goes kaput.
    • There is still a risk. The whole point of the article was that when memory is cached on disk, it is accessable from disk for an indeterminate period of time - possibly years before its overwritten. So when your Pastor program un-obfuscates your data, where is it? In RAM? In cleartext? Maybe Mac's don't have this problem (though I doubt it).
  • by LBArrettAnderson (655246) on Tuesday June 08, 2004 @10:11AM (#9365476)
    There's no way to be 100% secure with passwords and the likes, but there are some things everyone should do. 1.) don't have the same password for everything! The website admins to every site you use a password for have access to it (and no one can trust a slashdot editor!). 2.) change your password often. The more often the better. This won't always work since most people, when they get a password, will do their damage immediately... but you never know. Another advantage here is OLD websites that you visitted a long time ago may change and new administrators will have access to your password.

    pretty redundant stuff, but good advice that most people are too lazy to follow.
  • by diamondsw (685967) on Tuesday June 08, 2004 @10:12AM (#9365488)
    Just put your swap on another partition and zero it every so often (any way to do this automatically during shutdown, after VM is suspended?) - that takes care of your passwords in memory. As for programs that store them on disk, they better be encrypted, ala Apple's Keychain.
  • by Nuclear Elephant (700938) on Tuesday June 08, 2004 @10:14AM (#9365513) Homepage
    Store all your passwords on a burned CD, that way they'll have a shelf-life of 3-5 years tops.
  • by Audigy (552883) on Tuesday June 08, 2004 @10:14AM (#9365514) Homepage Journal
    and I did RTFA, and realize they're talking about the swap file... ...but I have 1.5GB of RAM, and I have a 20MB swap file that's overwritten each time I reboot my PC.

    Most Windows systems use the default setting for virtual memory, which is "windows managed" -- which means it's overwritten each time the system is rebooted. What's the big deal?

    Has anyone here actually hex edited a swap file before? How is the data actually stored? For the reasons mentioned in the article, I imagine it would at least... not store data transmitted via SSL in plain text (why the heck would form data stick around in RAM anyway?)

    Sounds like a neat project for after work today. :)
    • I think it is because each time the swap file is allocated, it doesn't necessarily use the same inodes and blocks on the hard drive. Therefore, your hard drive has reminants of old swap files all over it.

      Windows could just be set to not use a swap file at all. I'm not sure how far that would go towards solving the problem. Perhaps Garfinkel's USENIX paper will explain.
  • Whew (Score:4, Funny)

    by thedillybar (677116) on Tuesday June 08, 2004 @10:14AM (#9365515)
    And everyone laughed at me when I put 2GB of RAM in my computer, allocated 1GB as a RAM disk, and pulled the harddrive out. None of those security issues here!
  • Repairs (Score:5, Informative)

    by pubjames (468013) on Tuesday June 08, 2004 @10:14AM (#9365517)

    One thing that worries me is sending machines away to get repaired.

    I have a Sony Vaio laptop which I had to send to be repaired. I phoned the support number to tell them I was going to take the hard disc out before sending it. They said that if I did I would be charged for a new hard disc (at a hugely inflated price) and they wouldn't repair it without one.

    I once sent a PC for repair and the teenage dork who repaired it actually said I had some great games on my machine and that he had played them. In another case in the UK, some padeophile was caught (was it Garry Glitter?) when he sent his PC in for repair. Now, I'm all for catching kiddie fiddlers, but that is not the way to do it.

    I don't want the repair staff looking through the stuff on my hard disc. There should be a standard industry guarantee that this won't happen, or a privacy law about it or something.
    • Re:Repairs (Score:4, Interesting)

      by Woy (606550) on Tuesday June 08, 2004 @10:48AM (#9365981)
      I have a computer services company, and a client of ours, a lawyer, never ever lets his computer out of his office. All repairs, no matter what, are done in his office, under his scrutiny. He has no problems paying for it, he says he is required by law (we are in Spain) to be sure that his clients' data is safe at all times. There just isn't another option.

    • Re:Repairs (Score:3, Insightful)

      by Reziac (43301)
      I've had people ask me what I do about the fact that I can see all my clients' sensitive data (and in some cases have their backup archives stored on one of my everyday work machines):

      Even tho in the course of sorting out a mess, I may need to use your passwords and look through your files, the *content* goes in one eyeball and out the other. I just don't CARE what's on your hard disk. Your personal life isn't that interesting. I have a million files and passwords and accounts of my own; I don't need to be
    • Re:Repairs (Score:3, Interesting)

      by evilviper (135110)

      One thing that worries me is sending machines away to get repaired.

      I have the same concerns, but there are simple solutions...

      #1. Backup all your data, and re-format your hard drive.

      or

      #2. Leave the original hard drive alone, remove it, and insert your own. Then when you need to send it in, remove your drive, and reinsert the original.

      I do this myself because notebook manufacturers charge hundreds of dollars extra when you choose the same notebook with a larger hard drive. Screw them, I'll buy the c

  • Encrypt your disk (Score:5, Informative)

    by PSUspud (7236) on Tuesday June 08, 2004 @10:15AM (#9365523) Homepage
    When I read the headline, I was alarmed. But
    then I read the article, and all my worries went away.
    I encrypt my swap partition, and that fixes the problem.

    It's not hard, and since it's swap (i.e., data
    you don't need for very long), you don't even need
    to remember a password (your computer uses a random
    one every time is sets up the swap). Really, it's
    pretty easy -- see the HOWTO at http://www.tldp.org/HOWTO/Disk-Encryption-HOWTO/
    and keep your goatsex links and pictures confidential.
  • Why go to the trouble?
    We all know that 70% of people will give you their passwords for chocolate [tinyurl.com].

    And I'm fairly sure that the other 30% will give it to you for sex. And then probably change it, but, you can take that chance.
  • Stupid (Score:2, Insightful)

    by barcodez (580516)
    I've always found it stupid that you can log on to a windows domain without being connected to the network assuming you have sucessfully logged onto the domain with that machine.

    I'm assuming that a windows machine keeps a copy of every username and a passord hash (NTLM?) used to log in to any domain locally somewhere on the harddrive.

    That is scary news really especially in hotdesk/shared desktop environments.

    Isn't there something along the lines of "Client side security is no security at all" in Mi
  • dangers of storing personal information on computers are growing by the day, security experts say

    Which is directly proportional to the growth of access and availability to PCs worldwide, and the danger is not growing, stolen passwords are stolen passwords, today or 5 years ago. And the "hacks" they speak of have been around

  • I keep my passwords on my computer, but in an encrypted database. I don't know of any safer way to manage my passwords and user accounts for countless web sites and pieces of software.

    The only potential downsides to this threat are two-fold. One, a hacker could install a keylogger on my machine. I find that unlikely as I keep my anti-virus software up to date and I don't receive any spam or virus emails since they are all filtered. It is possible that one could install via a worm, but unlikely that it
  • by austad (22163)
    I have no swap partition.
  • The comment that 'operating systems such as windows and linux' have no way to stop RAM getting paged to disk is just wrong. The mlock(2) call does exactly that - the problem is people not using it. I would guess win32 has a similar API call.
    • Re:Just plain wrong (Score:2, Informative)

      by flipdaddy (33521)
      Yep. From MSDN: "The VirtualLock function enables a process to lock one or more pages of committed memory into physical memory (RAM), preventing the system from swapping the pages out to the paging file"
  • by Drunken_Jackass (325938) on Tuesday June 08, 2004 @10:21AM (#9365607) Homepage
    You'd be amazed what you can find on Kazaa when you search for documents with password or resume or account as the keyword. People don't realize that you don't need to be a hacker to break into your machine - just someone with access to the folder you share on and P2P network...which, if it happens to be your My Documents folder....look out.
  • Well RAM overuse will end up using (and temporarily staying) your hard disk, but the real issues have to do with no letting someone get onto your machine in the first place. Stay patched, keep ports closed, etc.

    Practice safe-sex security measures on your box and you'll not need to worry about swap files, browser caches, and even that set of nude photos you and your wife took of each other last evening after a bottle of champagne ;-)

    Pointing out the things someone can get on your machine once they've ha

  • From the article:

    Perhaps the ultimate solution would be to encrypt data as it is entered, before it is saved into RAM, and arrange for programs that use it to decrypt it first.

    Huh? Does this make any sense to anybody? After all, once you've decrypted the text, you probably have it in RAM anyways, so you still have to deal with it in the same way.

  • ...on a site asking for registration. Just use bugmenot.com [bugmenot.com] (the Firefox extension is useful). That way, you can limit what your password is used for (if you only use one password) and avoid having to memorize 50 different passwords (if, for security reasons, you use different passwords at different sites).
  • OpenBSD (Score:5, Interesting)

    by GlobalEcho (26240) on Tuesday June 08, 2004 @10:23AM (#9365630)
    OpenBSD encrypts the swap space by default, specifically to avoid these problems. I would hazard a guess somebody has hacked Linux to do the same, but I haven't seen it.

    Of course, if you have so much RAM that you never swap, this is less of an issue.
    • Re:OpenBSD (Score:3, Informative)

      by Big Jason (1556)
      Umm, no.

      vm.swapencrypt.enable is set to 0 (zero) by default, take a look at your /etc/sysctl.conf
  • by arevos (659374) on Tuesday June 08, 2004 @10:23AM (#9365638) Homepage
    Correct me if I'm wrong, but if an attacker has the permissions to trawl through the swap, then couldn't they just insert a keylogger, instead? That seems to be considerably simpler, to me.

    I suppose there's an argument about someone getting the passwords off old machines that have been thrown out. But even then, surely any respectable business will use some software to scrub out all the last traces of sensitive data on any hard drives they're dumping.

    An encrypted hard drive wouldn't protect against a key logger. It would protect sensitive data against physical theft, I suppose. But I wouldn't call that "hacking".
  • Panther, Mac OS 10.3, has a nifty tool that encrypts your user directory on a hard drive every time you log out; then it decrypts it when you login. Although I am not paranoid, I will use it in case my laptop has to go for repairs because I simply do not trust technicians.

  • by Zog The Undeniable (632031) on Tuesday June 08, 2004 @10:25AM (#9365659)
    1) Set the pagefile to be automatically wiped on shutdown. Windows will do this for you.

    2) To delete things properly, turn off paging and disk caching, reboot, then run something like Mutilate to fill all the unused disk space with rubbish. Remember to turn paging and caching back on afterwards or performance will be slooooow.

    3) If you're disposing of a PC and you want to sell it with the HDD, it's usually easiest to reformat the HDD in another PC (as a slave) then run a file wiper as above.

    4) Running a good file wiper once is perfectly adequate. Physical data recovery techniques using misaligned drive heads to pick up "ghost" images may or may not exist (hence the occasional recommendation to wipe 9 times) but the cost of doing so is so high that it would have to be a matter of national security. Commercial data recovery/forensic services do NOT use physical recovery techniques, they just go for deleted files and slack space.

    • When I had a disc that was failing under warranty, I used a bootable hard disk wiping utility as the final step before sending the drive back.

      Autoclave [washington.edu] is the one I used. It is quite nice, fits on a bootable floppy. I felt better sending my drive in for warranty replacement after using this program.

      Also see:
      UBCSwipe [bris.ac.uk]
      Darik's Boot and Nuke [sourceforge.net]

      Jim
    • by evilviper (135110) on Tuesday June 08, 2004 @01:36PM (#9368081) Journal
      2) To delete things properly, turn off paging and disk caching, reboot,

      And unless you have massive ammounts of RAM, your system will refuse to do anything...

      I turned off the swaping on a Windows 2000 system that had 256MB of RAM, and rebooted, only to find that I couldn't do anything at all. The system started-up, but no programs could be opened. I could even get to the command-prompt, or the control panel to turn the page-file back on. Result, one completely destroyed and unsavable Windows system.

      Don't recomend doing things that you've never done yourself and/or don't know enough of the details about how it works...
  • Protective measures (Score:5, Interesting)

    by Woogiemonger (628172) on Tuesday June 08, 2004 @10:26AM (#9365676)
    Some basic tips that not enough people know, in no particular order:

    1. Make sure you have a firewall configured to allow incoming connections from only ports you need open. You might be able to do just fine with no incoming connections allowed at all.
    2. Have an updated virus checker.. Norton or Mcafee. By updated, I mean having it auto-update for you. Have it check every file accessed on media accessed by the computer, and email. At the very least, all the incoming media and email should be scanned on the fly, but outgoing is a good idea too.
    3. Use Spybot or Ad Aware at least once a month to scan for spyware. Also keep these updated. I forget if they auto-update, but just be sure it checks for updates before you run them.
    4. Only use credit cards that keep you free of liability for any fraud.
    5. Buy a separate unnetworked little organizer with a keyboard to store hints to remember your passwords. Don't store the actual password.
    6. Cancel credit cards you don't use.
    7. Photocopy the backs and fronts of all the credit/debit cards you use and whatever else you keep in your wallet. Write in the customer service phone numbers if they're not clear.
    8. Have Windows auto-update and auto-install all critical patches, or keep your Linux distro updated.
    9. Don't open email attachments that you have no reason to trust, and certainly not until you have antivirus software checking incoming emails.
    • by evilviper (135110) on Tuesday June 08, 2004 @01:31PM (#9368014) Journal
      4. Only use credit cards that keep you free of liability for any fraud.

      Despite the FUD TV ads the credit-card companies want you to believe, THERE ARE NO OTHER KINDS OF CREDIT CARDS IN THE USA. It is federal law that you cannot be held liable for unauthorized charges on your credit card. Actually, I believe you may be required to pay up to $50, but that is really a trivial ammount.

      So, don't believe the hype.
  • And sometimes, they just sit on the front page of Slashdot [slashdot.org].
  • by spidergoat2 (715962) on Tuesday June 08, 2004 @10:32AM (#9365744) Journal
    Passwords are written on little yellow sticky paper, then they sit on the side of the monitor.
  • by laigle (614390) on Tuesday June 08, 2004 @10:36AM (#9365799)
    That a hacker will necromance your password off the hard drive, or that you'll get a keylogging spyware installation? To avoid the first you need to never store your password, to avoid the second you need to always store it. Sure, we could all go to scratch pads couple with retinal scans, but nobody's going to pay for that infrastructure.

    Bottom line, patch your software, get a firewall, be carfeul about opening email, don't use IE or Outlook, and do virus/spyware scans regularly. You'll be safe from all but the most determined hackers, and they don't care about your password.
  • Rubbish! (Score:5, Informative)

    by arvindn (542080) on Tuesday June 08, 2004 @10:46AM (#9365959) Homepage Journal
    Article says:

    Operating systems such as Windows and Linux have no facility for stopping data being written to the hard drive.

    That's a flat out lie.

    $ man mlock

    MLOCK(2) Linux Programmer's Manual MLOCK(2)

    NAME

    mlock - disable paging for some parts of memory

    SYNOPSIS

    #include

    int mlock(const void *addr, size_t len);

    DESCRIPTION

    mlock disables paging for the memory in the range starting at addr with length len bytes.

    OpenSSH uses paging protection. It also zeroes out the password in memory. Immediately upon hashing it. I've seen the code.

    Authors are at Stanford? Paper at USENIX? Can't believe this shit.

    • Re:Rubbish! (Score:4, Insightful)

      by julesh (229690) on Tuesday June 08, 2004 @11:58AM (#9366899)
      Operating systems such as Windows and Linux have no facility for stopping data being written to the hard drive.

      That's a flat out lie.

      $ man mlock

      MLOCK(2) Linux Programmer's Manual MLOCK(2)

      NAME

      mlock - disable paging for some parts of memory


      Indeed, and under Windows (quoted from msdn.microsoft.com):

      The VirtualLock function enables a process to lock one or more pages of committed memory into physical memory (RAM), preventing the system from swapping the pages out to the paging file.
    • Re:Rubbish! (Score:5, Informative)

      by evilviper (135110) on Tuesday June 08, 2004 @01:25PM (#9367950) Journal
      Operating systems such as Windows and Linux have no facility for stopping data being written to the hard drive.


      That's a flat out lie.

      $ man mlock

      And if I remember correctly, you need root access to use mlock(). Now then, how do you feel about running Mozilla/Firefox as root? Mozilla and any other applications you might possibly type a password into... GPG has the same issue: http://www.gnupg.org/documentation/faqs.html#q6.1 [gnupg.org]



      Meanwhile, for quite some time, OpenBSD has had the "swapencrypt" sysctl option, which causes everything swapped to disk to be encrypted with a random key that is stored only temporarily in RAM, never on disk... thereby taking away any possibility of getting usable data out of the swap partition.

      For more info: click here. [216.239.53.104]
  • by nsayer (86181) <nsayer@k[ ]com ['fu.' in gap]> on Tuesday June 08, 2004 @10:58AM (#9366115) Homepage
    The problem of swap containing sensitive data from running programs was addressed some time ago by OpenBSD. They generate a random key at boot time and use it to encrypt reads and writes to swap. By definition, you are not interested in the contents of swap the next time you boot up, so you can start with a brand new key. Not only is swap space secure against fishing expeditions like in TFA, but it's also secure against someone getting read privileges on the raw disk (unless they also get permissions on kernel memory and can go look up the key).

    Too bad more systems don't embrace the idea.
  • by Waffle Iron (339739) on Tuesday June 08, 2004 @11:02AM (#9366171)
    Here are a few security tips that I use to help keep my passwords secure:

    • Don't impress your passwords into soft clay tablets then bake them and leave them in the ruins of your civilization.
    • Never glaze your passwords onto pottery. Even breaking the pottery into shards is not a secure way to dispose of them.
    • Do not write your passwords onto parchment then leave them rolled up in caves in a desert environment.
    • Remember, security through obscurity doesn't work. Even if you keep your passwords in a totally hidden chamber under thousands of tons of stone, determined hackers will still be able to find them.
  • mlock (Score:3, Informative)

    by 42forty-two42 (532340) <bdonlan@nOSPaM.gmail.com> on Tuesday June 08, 2004 @11:57AM (#9366886) Homepage Journal
    Operating systems such as Windows and Linux have no facility for stopping data being written to the hard drive. So Garfinkel reckons the best strategy is to ensure that data is kept on RAM for the shortest possible time.
    NAME
    mlock - disable paging for some parts of memory

    SYNOPSIS
    #include <sys/mman.h>

    int mlock(const void *addr, size_t len);

    DESCRIPTION
    mlock disables paging for the memory in the range starting at addr with
    length len bytes. All pages which contain a part of the specified mem-
    ory range are guaranteed be resident in RAM when the mlock system call
    returns successfully and they are guaranteed to stay in RAM until the
    pages are unlocked by munlock or munlockall[...]
    Sheesh, whatever happened to checking one's facts?
  • USENIX (Score:3, Interesting)

    by kscguru (551278) on Tuesday June 08, 2004 @03:34PM (#9369267)
    To all the clowns posting here about problem X, Y, and Z in the article, and about how the reporter just discovered the page file...

    This is the media version of an academic paper for USENIX Security '04. It glosses over a lot of details.

    Examples:
    - mlock(). Available to root only under Linux, so useless outside of setuid programs - and we all have so many of those we trust, right?
    - VirtualLock()/VirtualUnlock(). Win32 versions of mlock(). Not implemented in the 9x series, advisory in a few other Windowses (I can't find the docs on where, but it's in the original paper).
    - zeroing memory. Oops, your optimizing compiler just optimized away that memset() call as dead code. This was a known flaw in some crypto libraries a few years ago.

    The system described is a whole-system simulator, it traces bytes of input from the moment they pass the keyboard through the kernel, into the user-mode applications that use the bytes (e.g. kernel to X server to Mozilla), and how long those bytes hang around in the physical RAM of the machine.

    This does not necessarily describe a highly practical attack, but more a quantification of how vunerable systems are to such an attack. In fact, the original paper is about data lifetime information.

    - Did you know the most recent 4K keystrokes (passwords included) are stored in the kernel's tty buffer?
    - Did you know several dozen of your keystrokes are stored in the Linux kernel's entropy buffer (for random number generation)? They aren't actually consumed for as long as several hours.

  • Encrypt the swap (Score:3, Informative)

    by mi (197448) <slashdot-2012@virtual-estates.net> on Tuesday June 08, 2004 @06:26PM (#9371369) Homepage
    OpenBSD can encrypt the swap [openbsd.org]. FreeBSD, -- in even more generic way -- can encrypt any partition [freebsd.org] -- including, what you'll then use for swap.

    For everything else, there is KWallet.

I'm all for computer dating, but I wouldn't want one to marry my sister.

Working...