Forwarded From: phreak moi <hackerelite@deathsdoor.com>
http://www.nytimes.com/library/tech/98/10/circuits/articles/08driv.html
What's on Your Hard Drive?
If You Want Privacy, It Pays to Find Out What Data Your Computer Saves And
How to Erase Information That the Delete Button Hardly Touches
By PETER H. LEWIS
For computer users, some of the more startling revelations in the Starr
report have nothing to do with sex.
Footnotes in the report from the Office of the Independent Counsel include
such phrases as "document recovered from Ms. Lewinsky's home computer,"
"e-mail retrieved from Catherine Davis's computer" and "deleted file from
Ms. Lewinsky's home computer."
One of the ways Kenneth W. Starr's investigators peered into the private
lives of their subjects was to peer into their computers. What they were
able to find, and the ease with which they found it, may prompt computer
users to re-evaluate their computer practices.
Word processing software, Web browsing software and electronic mail have
become integral to all sorts of communications, both professional and
personal. As a result, many people have files on their hard disks that
they wish to keep private, like love letters, confidential business
documents or financial data.
And many people have sensitive, confidential and potentially embarrassing
files in their computers that they do not know are there, either because
they think that the files have been erased or because they are unaware
that certain common programs on the computer automatically keep a log of
what the user does.
"Recovering files that were deleted from a computer directory is a trivial
process," said Joel R. Reidenberg, a professor at the Fordham University
School of Law in New York who specializes in privacy issues. He said a
related issue was the computer's creation of sensitive files that the user
often did not know were there in the first place.
"The user's Web browser will create files, unbeknownst to the user, that
record all their interactions," Professor Reidenberg said. "Many people
today know about cookie files, but the browser creates a history file as
well that keeps a record of the Web sites the user visits. And then
there's a cache file that sometimes even keeps copies of the pictures that
have been downloaded."
More obscure are the temporary files created by word processors, for
example, and the so-called swap files that an operating system creates as
a way to manage computer memory. These files often remain readable even if
the original files are erased.
In computers, being safe can sometimes lead to being sorry, as Oliver L.
North discovered in the Iran-contra investigation in the Reagan
Administration, when incriminating files he thought had been deleted were
later resurrected from network backup tapes. In the current Justice
Department investigation of the Microsoft Corporation, e-mail messages and
memorandums from long ago are being resurrected from computer disks and
cited as crucial evidence.
The great majority of computer users have little reason to believe that
their computer files will be scrutinized by law-enforcement agents,
corporate and government spies, or even special investigators. But what
about unscrupulous co-workers or curious children or computer thieves?
What confidential information resides on the hard disk of the computer
that was donated to charity, sold at a yard sale or accidentally left on
the commuter train?
Examples abound of sensitive information going out the door when
government agencies, pharmacies, doctors' offices and other businesses
donate or sell used computers without erasing the computers' memories.
Last year, for example, a woman in Nevada bought a used computer from an
Internet auction company and was surprised to find that it contained
names, addresses, Social Security numbers and prescription information for
2,000 people, including people being treated for AIDS, alcoholism and
mental illnesses. A pharmacy had failed to erase the information when it
sold the computer.
The rise in the number of computer thefts and the increased sharing of
computers in the home are confronting consumers with security issues that
in the past were issues only for big corporations, banks, the military and
government agencies, said Steve Solomon, chief executive of Citadel
Technology Inc., a security software company in Dallas whose products
include Winshield and Folderbolt. "It's moving down into the small office
and home office markets, to schools and to home computer users," he said.
How does one keep confidential information private? And when the
information is no longer needed, how does one make sure that it is
completely erased? Both questions involve a combination of good computer
security policies and good security software.
The software is the easy part. Creating and sticking with good security
habits is the hard part.
"Technology exists today to protect individual privacy for as long as the
individual chooses to keep the information private," said Scott Schnell,
senior vice president of marketing at RSA Data Security of San Mateo,
Calif.
Computer users today have access to inexpensive software tools that can
encrypt the contents of a file (including images), an e-mail message or
even the entire contents of a computer so thoroughly that it can never be
read by someone else in our lifetimes. Other programs can shred unwanted
files so completely that no one can recover them. But very few people use
such security tools.
Computers are good at keeping secrets. Too good, in fact. The secrets can
reside on a computer, and on a computer network, long after the user
deletes them. The files are forgotten, but not gone.
Deleting a file does not really delete the file. It merely hides it from
view so it no longer shows up in a directory of files. It's like getting
an unlisted telephone number. The listing may not appear in the phone
directory, but the phone can still ring if someone knows the right number.
When a user deletes a file, the computer stops listing it in the file
directory and marks the disk space as available for reuse. Another file
may eventually be written atop the same space, obliterating any traces of
the original. But as hard disk capacities swell into the gigabytes, the
space may not be overwritten for a long, long time.
In that limbo period when the deleted file is undead, any moderately
skilled computer user can locate, restore and read the deleted file by
using such commands as "undelete" or "unerase," which are common features
of many software utilities.
The computer's ability to remember deleted files is most often a good
thing, especially when important files have been deleted by accident.
Every day, computer technicians get frantic calls from people who have
inadvertently erased the boss's speech or the big presentation due the
next morning, or who have children who have erased those boring Quicken
folders to make room on the disk for games.
At those moments, being able to resurrect the files from the dead seems
like a miracle.
There are a number of utility programs available that have an "unerase"
capability, to be used both in emergencies and as a precaution against
accidents. Examples include Norton Utilities from the Symantec
Corporation.
But as with most tools, "unerase" programs can be dangerous in the wrong
hands.
To truly erase a file and prevent it from being recovered, one must write
over it, or wipe it.
There are several utility programs available that enable the user to
overwrite a single file or the entire disk, or anything in between. Such
programs typically have apocalyptic names, such as Shredder, Flame File
and Burn. Similar disk-wiping tools are often included in PC utility
programs and encryption programs, but others are available for downloading
without charge from the Internet.
These programs typically hash over the designated disk space with
meaningless patterns of ones and zeroes, instead of the meaningful
patterns of ones and zeroes that represent the original information. That
process renders the deleted file unreadable in most cases.
The key phrase is "in most cases." Just as with encryption, there are
people working just as hard to recover wiped files as there are people
working to wipe them. Law-enforcement agencies and spies have developed
ways to reverse a simple, one-pass wipe with ones and zeroes and retrieve
the original file. So the Federal Government requires that sensitive files
be wiped many times with random characters, which, in theory, obliterates
the original file and makes it unrecoverable.
Unless, of course, the file has already been copied onto backup tapes. In
the digital world, the original file may be shredded, while one or more
perfect copies can exist elsewhere.
An even more bulletproof way to render files unreadable is to encrypt
them.
Encryption scrambles a disk or file, including pictures (or a telephone
conversation, or a credit card sent over the Internet) so it can be opened
and read only by the person holding the proper key, or password. The
strength of the encryption is often measured by the length of the key,
which is in turn measured in bits. In general, each additional bit of key
length doubles the amount of effort needed for unauthorized users to break
the key.
Even weak encryption (with a 40-bit key length, for example) is sufficient
to deter most casual snoops. Breaking a 56-bit key requires computing
resources that are beyond the reach of all but the most determined code
breakers, and even then it can require days of sustained attacks by a
supercomputer just to crack one e-mail message. (The Government's National
Security Agency, by far the most formidable group of code breakers on the
planet, is thought to be able to break 56-bit keys in a much shorter time,
said Enrique Salem, a chief technology officer at Symantec, whose products
include Disk Lock, Norton Your Eyes Only, and Norton Secret Stuff.
Some encryption programs available today use 128-bit keys, which are
"infinitely unbreakable, at least in our lifetimes, even taking into
consideration the predictable advances in computing power," said Schnell
of RSA. In other words, it is more secure than the strongest physical
vault ever built. Not even the National Security Agency is believed to
have the ability to break a 128-bit key.
And then there is e-mail. People type all sorts of embarrassing,
confidential or intemperate words in e-mail in the mistaken belief that
such messages are private. In reality, messages sent by e-mail are less
secure than messages scribbled on a postcard.
The way the Internet mail system works, an e-mail message passes through
several exchange points, or nodes, on its way to the recipient's computer.
The system administrator at each handoff point can in theory read the
message, copy it, reroute it or tamper with it. If the message originates
or terminates in a corporate computer system, chances are high that a copy
will persist in the company's backup tapes or disk for days, at least.
In the end, there are only two ways to keep information confidential in
the digital age. One is to use strong encryption. The other is never to
write it down or speak it in the first place.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Sat Oct 10 07:46:29 1998