Secure erase HDDs in Hong Kong (OpenBSD/Linux)

John Miles jmiles242-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Fri Apr 16 19:42:51 UTC 2010 

Thanks everyone!

The remote KVM wasn't an option unfortunately.
I am going to experiment using the second OS option.
Most of our OpenBSD machines have been converted, or replaced by Ubuntu
machines, so this is a good task for an ongoing project.

What I am going to do is:
- securely wipe all but the OS disks
- install a "temporary" Linux OS on the machine with my open VPN tunnels
running on boot.
      - for this I am thinking that something like the SystemrescueCD (I
could even run with the "docache" option).
      - probably best to just work with Ubuntu for now though.
- use the "shred" application on all the files on the former OS drive
      - I could actually log/watch any particularly sensitive files be
erased.
- and finally dd the disks

Interestingly, I just had a thought - perhaps I ought to just mail a
customized Ubuntu CD, tell them to pop it in and boot up the machine with
it.

:)

JohnM


On Fri, Apr 16, 2010 at 1:45 PM, Christopher Browne <cbbrowne-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>wrote:

> On Fri, Apr 16, 2010 at 12:47 PM, D. Hugh Redelmeier <hugh-pmF8o41NoarQT0dZR+AlfA at public.gmane.org>
> wrote:
> > Perhaps you could install a new bootable system with nothing that you
> care
> > about (e.g. only throw-away ssh keys).  Then use that as a secure base
> > from which to wipe everything else.
>
> If the goal is to eliminate secret data from the system, that seems
> like a fine way to transform a possibly-intractable problem into one
> that you can solve.
>
> Thus...
>
> - Wipe *a* partition
> - Install something that's not secret that can do "wiping" onto that
> partition
> - Boot off that little island, and, from that island, wipe everything else.
>
> At that point, while the little partition may still be bootable, it
> doesn't contain any data that is of any value.
>
> There's still the problem that if the disk drives do smart things
> behind your back (e.g. - bad sector remapping), you may not be able to
> *actually* wipe the whole disk drive, and this remapping may even
> resist "attack" should you have direct physical access.
>
> But if it's resisting you successfully, it's quite likely to be
> challenging to would-be opponents :-).
> --
> http://linuxfinances.info/info/linuxdistributions.html
> --
> The Toronto Linux Users Group.      Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20100416/547e20ce/attachment.html>

More information about the Legacy mailing list