Security
Erasing old data, the easy way
So I got this new shiny laptop for work, which happens in cycles of 3 years – and now, I need to exterminate all traces of what I did on the old laptop before it goes back to the hardware pool or, even worse, out to someone who doesn’t belong to the company.
Up to today, I’ve always been horrified by the amount of work that was involved in erasing a HD properly – get a Linux ISO, burn it, boot, shred – it was always pretty stupid to waste a CD and lots of time. BUT: I learned how to speed this up today.
There’s a nifty tool called UNetbootin that allows you to quickly create a bootable USB stick. You can pick neat distros like Mint 9 Live (and even Mint back to version 3 or so), lots of Ubuntu editions, DamnSmallLinux, a couple of antivir rescue images, boot loader images, and so on – then, you only need to click a button and your USB stick will be prepared with the selected image. Cool.
I picked Mint 9 Live for my task because a) I wanted to see how fast it would be, running from a USB stick, and b) I wanted some eyecandy for this emotionally draining task of erasing beloved data.
I recommend using a reasonably “new” USB stick, because old ones are often very slow and/or buggy. So now I have this really nice Mint Live USB stick, and the old laptop is shred’ding away /dev/sda – as soon as it’s done, I’ll create a new partition, format it a couple of times using different fs types, and then return the laptop to the company’s hardware pool. :)
honeyblog
I’m heavily interested in IT security and I would like to get a Master of Science degree in that field. Sometimes, I randomly search for security-related websites and blogs, and this is the latest blog I ran into:
There, Thorsten Holz blogs about honeypots/-nets, talks and related activities. I think both the blog and Thorsten’s university profile page contain very interesting information, so if you’re interested in those topics, go there :-)
Data shredding
I recently cleaned out my hardware collection and found a couple of old hard disks that have been out-of-use for quite some time. I decided to backup any interesting data and then clean the disks. The normal formatting approach seemed too insecure to me, so I tried this first:
$ dd if=/dev/urandom of=/dev/hda & pid=$! $ watch -n 30 kill -USR1 $pid
Sending USR1 to dd prints IO statistics and then resumes copying. I saw that the throughput was at about about 30MB/min which would have taken 5.5 hours for a 20GB disk.
I then remembered “shred”, which overwrites the target file with random data, optionally performing multiple passes. I ended up doing
$ shred -n 10 -v /dev/hda
which is way faster and more secure. So far, the first pass has written random data to the disk, the second pass is writing 0×6db6db chunks. 10 passes should be enough to render the old data unrecoverable to a reasonable degree :-)
Openswan fun
I’m currently trying to build a VPN tunnel to a work-related ISP in order to have transparent VPN access instead of using the Cisco VPN client. So far, I have managed to build the ipsec module for a 2.6 kernel, going “back to the roots” because the standard Debian ways of building modules wouldn’t work with the provided source code packages. In the end, I downloaded the Openswan source code and compiled it directly, ignoring the usual Debian way. This worked out fine and I have a loadable ipsec kernel module now. Right now, I’m working on the ipsec configuration, trying to get the tunnel initiation work over NAT. I’ll keep posting on this topic in order to describe progress and pitfalls.
OpenVPN vs. Vista
Being a happy XP user, I am glad that this problem does not affect me. However, should you run into trouble using OpenVPN on Vista, read that article :)