Recycle Safely

Posted in: Security, blog by Jack on 30 December 2009 | No Comments

Image via Wikipedia

Did Santa bring you a new fax machine or computer for Christmas? Are you planning on recycling or donating your old machine?

Here are a couple of security-related issues for your consideration.

Fax machines that use a film, as opposed to an ink or toner cartridge, retain an image of every fax the machine has reproduced. Think of the film as a long roll of carbon paper (those of you, like me, old enough to remember carbon paper). A perfectly readable image of every received fax is preserved on that roll of film. A discarded fax film is a goldmine for identity thieves.

We strongly recommend you destroy the used fax film. However, we have not yet identified the most effective way to do that. I’m not sure that feeding it through a paper shredder would work; in fact it may jam the cutting teeth of the shredder. Burning it is probably not an option, at least in the incorporated parts of San Diego. If your business uses the services of a document destruction company, I would suggest adding your fax roll to the bags of documents awaiting destruction. If that is not an option, perhaps soaking the roll of film in a can of gasoline or bleach will make it unreadable.

If anyone can offer a better or more practical solution, please let us all know in the comments.

It is perhaps more obvious that if you plan on recycling your old computer, you should first remove and then destroy the hard drive, unless you plan on using that drive again in your new computer or as an external drive (cases for this can be purchased from retailers like geeks.com for less than $20).

What may not be as obvious is that simply deleting the content on your hard drive isn’t sufficient. It’s not all that hard to reconstruct deleted data from a hard drive.

This is because when you delete something, you aren’t actually erasing that content. You’re merely erasing the marker that tells the operating system where to find that data on the disk. It’s as if you removed all the house numbers from a block of houses. The houses are still there but an individual house would now be hard to find if all you had to go on was the address. Forensic software can even recover data that has been over-written. There are software companies that sell applications that promise to delete your data “to military specifications”. Sounds pretty good, but the military doesn’t have a single set of specifications for data destruction.

• Clearing: Eradicating data to the extent that information cannot be retrieved through normal operation but may be salvaged in a laboratory.

•Sanitizing/purging: Removing data to a degree that it is beyond the reach of all ordinary and most laboratory recovery methods. This includes degaussing, which employs a special coil tool to demagnetize a drive’s magnetic media, scrambling all contents in the disk.

•Destroying: Disintegrate, incinerate, pulverize, shred, or melt.

Software and/or hardware can perform either of the first two types of deletion, but why spend $30 or more when you can perform that last type of data destruction yourself? All you need is a hammer. The other advantage to this technique is that it’s a great stress reliever. Remove the hard drive from the computer, place it on concrete or some other resistant material and smash the case as much as you can. Your goal is to break the disks inside the case. That should make the drive completely unreadable by even the most advanced forensic software. Then the drive should be safe to recycle with other electronics.

One last suggestion for protecting your information as 2010 rolls around: I know several people who celebrate New Years by shredding all their old paperwork, receipts, bills and correspondence. They keep 3-5 years of archived paperwork and everything older gets shredded. But even shredded paper can be reconstructed by someone determined to do so. If you throw shredded documents out in the trash, consider pouring some liquid into the bag with it to cause the ink to run and make each strip harder to read, or use that bag for used kitty litter. Put the trash out just before pickup to deny someone the chance to get access to it. In most states, once you put your trash can on the curb you no longer have property rights over it. Anyone can go through your trash looking for personal data that will let them borrow your identity.

Related articles by Zemanta

• Grab Your Old Statements, We’re Going To The Shred-A-Thon! [Identity Theft] (consumerist.com)
• PostNet partners with Shred-it to provide industry-leading document destruction business solutions (newswire.ca)

Malware alert: Gumblar

Posted in: Security, blog by Jack on 4 June 2009 | 1 Comment

More than 1,500 Web Sites have been Attacked.
Severity: High Risk

What is it?
Gumblar is currently targeting users of IE and Google search, delivering malware through compromised sites that infect a user’s PC and subsequently intercepts traffic between the user and the visited sites. This means that once infected, anything the victim types could be monitored and used to commit identity theft, such as stealing credit card numbers, passwords or other sensitive data. Visitors encountering the compromised website also risk having their subsequent search results replaced with links that point to other malicious websites. The malware can also steal FTP credentials from the victim’s computer and use them to infect more sites, thus increasing the spread of this threat.

Who is at risk?
Users of Internet Explorer and Google’s search engine.

Prevention
Make sure you anti-virus definitions are up-to-date and practice caution when sharing your personal information online. Make sure you only do so on secure sites (https://)

(information courtesy of Zone Alarm via Gmail)

Related articles by Zemanta

• Managing your Passwords: Protection from Phishing / Identity Theft (chris.pirillo.com)
• Google serves up the Top 10 sites to avoid at all costs (thenextweb.com)