@nixCraft

Rules followed, compliance met, security insecure

@nixCraft
Took me a while to understand what I was looking at... Yeah okay they take a lot less physical space cos they are SSDs but they are in a 3.5" hardware frame. :blobcat_owo: oh no...

@nixCraft I worked with a piece of military kit many years ago that didn't have a built-in secure erase (or zeroise, as we used to call it). Instead, there was a red sticker on the back of it and users were instructed to apply the muzzle of a pistol to the red dot and fire one round directly through the flash chip.

@nixCraft
Cyberpunk remake of The Very Hungry Catapillar.
@djsundog

@nixCraft I'm surprised SSDs are so empty. How is 2.5" still the standard?

@nixCraft 😂

@nixCraft It looks like empty space, but that's actually where the data is stored: it's filled with cloud particles. Drilling a hole allows the data to escape. :meow_googlytrash:

@nixCraft

@nixCraft lmao wow.

@nixCraft My "favorite" (reason to want to commit murder) is when a person or corporation is trying to destroy their data before selling a laptop, so they just drill random holes through the entire laptop. Only to still miss the hard drive half the time, leaving it ironically the only salvageable part.

@nixCraft ... which is why using a drive shredder is better!

@nixCraft Er, NIST says "Shred, Disintegrate, Pulverize, or Incinerate by burning the device in a licensed incinerator" to destroy an SSD. This is hilarious but compliance isn't *as* terrible IF the standards aren't bullshit. https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-88r1.pdf

@nixCraft I prefer to use something more subtle, like a sledgehammer

Just today I saw screenshots of a ebay listing for a MacBook with holes drilled through the soldered-down flash chips and the motherboard underneath them. But at least all other parts work I suppose? And it might even still be able to boot from external storage.

@nixCraft No no no no no, Those should go into the paper shredder. A REALLY powerful paper shredder.

@nixCraft

@nixCraft compliance has almost nothing to do with security.

@nixCraft@mastodon.social this is especially frustrating since the secure erase command for SSDs is pretty much anti forensic

@nixCraft EDIT: Been answered.

I would imagine even if they had hit the board if they miss the chip itself they risk that some expert could recover data from it anyway.

I don't know much about it, but isn't the old fashioned write 10x or so still effective even on SSDs? I know things get remapped and wear cycling even has reserved parts, but enough writes of random data should fully clear it eventually, right? (Though not sure if 10x is right or not with SSDs. That's from magnetic media.)

@nixCraft The only way to be 100% sure the data is destroyed is to eat the drives. Eat them.

@nixCraft I cut all mime in half with my plasma cutter 😁

@nixCraft i will send my application for IT forensic specialist... (:

@nixCraft
Horrible waste of usable equipment.

@nixCraft
@nixCraft
Mea Maxima Culpa. For years, I told people to remove the HDDs and to drill a hole through them, so they could be safely disposed.

I explained that no amount of erasing or formatting will do, but after drilling, the drives could be safely disposed of. I never explained what exactly makes the hole so secure. I never told them that things may work differently twenty years later 🤔

@nixCraft

I would not trust that if one is a criminal.

A lot of data could potentially be recovered.

@nixCraft

When Fujitsu had HDD issues around 2000, and a lot were returned under warranty, they had a guy sitting in the parking lot hitting them with a hammer and throwing them in a big skip bin.

Sure, the circuit board were cracked, but they could be changed quickly. The data on the platters was still intact.

@nixCraft

Aren't there shredding services made specifically for harddrives? But lemme guess, OP's company is too cheap for even that.

@nixCraft Hmm.. couldn't they get a second life using nwipe?

@nixCraft No need to recover: they have never been even lost!

@nixCraft

My first thought: Don't you need to drill ALL of the chips?

My next thought: Don't you need to drill ANY of the chips?!

@nixCraft I've destroyed disks in my log burner in the past. The thing easily gets hot enough to melt aluminium so data destruction is assured :)

@nixCraft 😂 😂 😂 👍

@nixCraft that procedure isn't for destroying data, it's to prove to the manufacturer that you've destroyed the SSD so that you receive an RMA replacement but keep the drive. Destruction happens afterwards.

@nixCraft Missed it by this 🤏 much.

@nixCraft

Might work as an anti-theft measure for stored drives. Thief sees hole, assumes is bad, leaves in drawer.

@nixCraft what did the punching hear?

@nixCraft 😂​

@nixCraft @the_smoking_gnu most funny picture of this week

@nixCraft This is why I use pliers to break the NAND in half (yes I skip the RAM and controllers and I know for sure what's what).

@nixCraft why are they large like that but only have small actual space

@nixCraft *deep breath* oh fuck

@nixCraft kill it with fire, it’s the only way to be sure ;-)

@nixCraft@mastodon.social just belt sand them smh

@nixCraft I am now curious whether you can swap controller PCBs between chassis.

@nixCraft ahh that’s why they shred

@nixCraft also hard drives ..

@nixCraft
Still, if you made a hole in the PCB, correct me if I am wrong. Wouldn't desoldering memory chip and soldering it on a working PCB would let you recover the data anyway?

@nixCraft
Will it Blend? (yes, it will)
https://youtu.be/XHu_EJVZm58

@nixCraft If you watched Mr Robot another good approach is to disassemble pry off the memory chips and throw them in the microwave, i typically disassemble use a hammer and sandpaper for platter disk based drives

@nixCraft The only safe way to destroy data storage devices! 💣

@nixCraft what if you missed the cheap USB thumb drive with the drill hole?

@nixCraft ah, free storage.

@nixCraft This how you get the San Diego scene in Blade Runner 2049.

@nixCraft destroying perfectly good hardware should be illegal.

@nixCraft I mean... if you don't specifically destroy the flash chip, can't you recover the data by desoldering it and moving it to a new motherboard?

@nixCraft I thought during a second that you were shooting your SSD. 😂

@nixCraft some see the SSD half-empty, others see it full

@nixCraft
Security by Cargo Cult.

@nixCraft don‘t you own a …

@nixCraft dd works too

@nixCraft@mastodon.social bruh

Ive said it before and ill say it again: thermite is the way to destroy data

@nixCraft Lessons learned: drill at several places, best near the connector - at least for this type.

@nixCraft

Old boss, years ago, told people to destroy old CDs by scratching the back with a knife.

Like that was going to help. They weren't LP 33 1/3rds

I even showed him that the computer read the data just fine afterwards. Wouldn't listen.

@nixCraft 😂😂 Absolutely nothing destroyed except the case...😂

@nixCraft
A lot of 2.5's ssds have tiny nand chips situated right behind the controller board... You might want to open up one of these to check you actually hit the chips

@nixCraft

Augen auf bei der Vernichtung von Datenträgern (siehe oben 👆 )

#ITSicherheit #Datenschutz

@nixCraft Encryption is not security: not because it's technically insurmountable, but because there's usually someone holding a gun to your head asking for your password. So destruction makes sense...

However, m.2 are easier to destroy: lining them up on train tracks might be a solution. One warning. Do not try this at home!

@nixCraft Drilling a HDD makes sense. (Taking them apart and stripping the magnets is so much more fun though)

But drilling an SSD?????

That sounds like a typical german thing to do. "We've done it always like that"

@nixCraft Fortunately I have access to facilities that permit the "Give 'em both barrels!" approach.

@nixCraft destroy hardware for compliance is part of the programmed obsolescence strategy from OEMs.

@nixCraft Why do you want to destroy such valuable equipment?! Why don't you just encrypt them, and throw away the encryption key afterwards? Decrypting afterwards is practically impossible. Producing this equipment took a lot of energy and CO2, which is wasted if you just destroy it.

@nixCraft Why do you want to destroy such valuable equipment?! Why don't you just encrypt them, and throw away the encryption key afterwards? Decrypting afterwards is practically impossible. Producing this equipment took a lot of energy and CO2, which is wasted if you just destroy it.

@nixCraft great

@nixCraft Drilling? Here in rural Bavaria we rely on tools without a power plug. 😎😂

@nixCraft :/

@nixCraft ROFLMAO!

The only safe method is to fully encrypt all SSDs from the start of the use and then use
shred -f -n 1 -v -z /dev/$device
to wipe them.

Like this:
https://github.com/kkarhan/misc-scripts/blob/2999339de4df13457f3a43cbb13beba9e55268ba/bash/wiper.sh#L44

@nixCraft 😭

@nixCraft
I hope them had loots' of tasty salvageable data to analyze)

@nixCraft @bedast I used to have to shred CD-ROMs and the microwave oven sure was a fun way to do that. Lights off in the kitchen.

@nixCraft Sorcerer's apprentice.

@nixCraft I heard degaussing might help in this case?

@nixCraft the replies to this are the worst thing I’ve seen in a while.

@nixCraft

Fatality.

@nixCraft i would have thought putting a SDD into a microwave would be easier.

@nixCraft What's the bet this was a drill in a jig set up for a traditional hard drive?

@nixCraft you get better cooling tho

@nixCraft

@nixCraft
Peak destruction

@nixCraft haha @ticky

@nixCraft@mastodon.social LMAO what the fuck 😂

@nixCraft I’m saving this for an internal presentation.