Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Memories of a Media Card

kdawson posted more than 7 years ago | from the embarassing-moments dept.

Security 266

twistedmoney99 writes "Anyone who has upgraded their digital camera probably has a few older, incompatible media cards lying around — so why not post them on Ebay? Well, if you do, be sure to properly wipe them because the digital voyeurs are watching. Seth Fogie at InformIT.com purchased a bunch of used cards from Ebay and found recoverable data on most of them. Using the freely available PhotoRec application, he was able to extract pictures, movies, and more from apparently formatted cards. The picture is clear — wipe anything that can store digital data before getting rid of it."

Sorry! There are no comments related to the filter you selected.

I don't even bother to erase mine. (5, Funny)

Anonymous Coward | more than 7 years ago | (#17436918)

It adds to the value on auction sites. A lot of people are willing to pay a fortune to see images of my dick.

Re:I don't even bother to erase mine. (5, Funny)

DaveM753 (844913) | more than 7 years ago | (#17437076)

You should try using a zoom lens.

(Just kidding!)

Re:I don't even bother to erase mine. (4, Informative)

MS-06FZ (832329) | more than 7 years ago | (#17437616)

You should try using a zoom lens.
 
(Just kidding!)
<sigh>
He'd need a zoom lens if he were very tall - or if otherwise his dick or parts of it were very distant from the camera.

If it were small, he'd want a macro lens.

Re:I don't even bother to erase mine. (5, Funny)

baldass_newbie (136609) | more than 7 years ago | (#17437666)

If it were small, he'd want a macro lens.

You seem to speak from experience...

Re:I don't even bother to erase mine. (1)

The_Rook (136658) | more than 7 years ago | (#17437996)

You should try using a zoom lens.


or a magnifying glass.

Re:I don't even bother to erase mine. (2, Funny)

User 956 (568564) | more than 7 years ago | (#17437174)

A lot of people are willing to pay a fortune to see images of my dick.

Do they fight over the microscope as well, or is it usually pretty orderly?

Re:I don't even bother to erase mine. (1)

MobileTatsu-NJG (946591) | more than 7 years ago | (#17437290)

"A lot of people are willing to pay a fortune to see images of my dick."

The joke's on them. AC's camera was only 2 megapixels!

Re:I don't even bother to erase mine. (1)

Shadyman (939863) | more than 7 years ago | (#17437520)

But who would pay to see something only 2 pixels long?

Re:I don't even bother to erase mine. (0)

Anonymous Coward | more than 7 years ago | (#17437542)

Well, obviously, you don't have to bother. But other people actually have something to show there.

Re:I don't even bother to erase mine. (1)

Amazing Quantum Man (458715) | more than 7 years ago | (#17437736)

This is digital pix, not microfilm.

Re:I don't even bother to erase mine. (3, Funny)

Stephen Tennant (936097) | more than 7 years ago | (#17437822)

Even better is, tucked in with dull vacation and random photos, a blurry close up of your balls, which invariably requires closer scrutiny, a "What's that?" from the viewer, and, finally - Huzzah! - rapid recoil and disgust!

same old story (2, Insightful)

born4fun (1045582) | more than 7 years ago | (#17436936)

Hm, haven't we had this story already with hard disks, some time ago?

Re:same old story (1)

garcia (6573) | more than 7 years ago | (#17437362)

While I don't remember the one about HDDs, I do remember the one about mobile phones [slashdot.org] (there may be more but this is the first one I found).

speaking of wiping data (1)

the-amazing-blob (917722) | more than 7 years ago | (#17436948)

What are the best methods for removing almost any record of data? Recently moving to ubuntu, I've found shred is rather exciting, but I still use many windows-only things. What would work best there?

Re:speaking of wiping data (2, Informative)

Anonymous Coward | more than 7 years ago | (#17436978)

dd from /dev/urandom onto the media multiple times ( in excess of 20 times if you are paranoid )

Re:speaking of wiping data (5, Informative)

croddy (659025) | more than 7 years ago | (#17437286)

Better (and more convenient) than dd'ing from /dev/urandom is wipe(1). It will, at your option, overwrite the disk using 34 different byte patterns, 8 of which are random.

Its man page is also the only one I know of that uses the phrases "rising totalitarianism", "Department of Homeland Security", and "THIS IS AN EXTREMELY DANGEROUS THING TO DO".

Where have I seen those before? (2, Funny)

Anonymous Coward | more than 7 years ago | (#17437394)

> Its man page is also the only one I know of that uses the phrases "rising totalitarianism", "Department of Homeland Security", and "THIS IS AN EXTREMELY DANGEROUS THING TO DO".

Doesn't "man woman" also use those phrases? And for good reason, too...

unnecessary (2, Informative)

oohshiny (998054) | more than 7 years ago | (#17437586)

Something like "wipe" is needed for rotational magnetic media. For flash, a simple cat /dev/zero > /dev/sd... is sufficient.

Re:speaking of wiping data (1, Informative)

Anonymous Coward | more than 7 years ago | (#17436992)

Eraser

http://www.heidi.ie/eraser/ [heidi.ie]

Re:speaking of wiping data (2, Informative)

udderly (890305) | more than 7 years ago | (#17437772)

I've been using Eraser for years. What more could you want? DOD & better wipe capability, secure move, right click context menu, erasing report and all for the low, low price of FREE!

Re:speaking of wiping data (1)

morgan_greywolf (835522) | more than 7 years ago | (#17437000)

As root:

dd bs=1024 if=/dev/random of=/dev/sda1
Do that a 3 or 4 times, and anything on sda1 (or whatever other block device) will be completely unrecoverable.

Re:speaking of wiping data (1)

whoever57 (658626) | more than 7 years ago | (#17437052)

dd bs=1024 if=/dev/random of=/dev/sda1
That's going to take a very long time. In most circumstances, it is probably acceptable to use /dev/urandom instead.

Re:speaking of wiping data (5, Insightful)

timeOday (582209) | more than 7 years ago | (#17437202)

dd bs=1024 if=/dev/random of=/dev/sda1
That was my system boot partition, you insensitive clod!

As for erasing solid state media, I'd feel perfectly safe simply overwriting it with zeroes, one time over.

I realize years ago magnetic media were written sparsely (inefficiently) with sloppy positioning mechanisms, but those days are long gone. I'd be really impressed to see somebody recover overwritten data on a hard drive instead of just talking about it.

As for flash memory, I'll believe it when I see it.

As for leaking information through discarded camera memory cards in the first, place, it's about the 1000th thing down my list of privacy concerns, way down below "binoculars." If you want to see pictures of random people's snapshots of each other, they're all over the web. How many of us really use our digicams to capture super-secret info? I just can't bring myself to care when I know databases of thousands of credit card numbers and SSNs are being bought and sold on the black market.

Re:speaking of wiping data (1)

Qzukk (229616) | more than 7 years ago | (#17437680)

As for flash memory, I'll believe it when I see it.

I don't think any magic whizbang stuff is needed, the vast majority of these devices are FAT filesystems where undelete.exe can recover deleted files. Or they do "fast formats" which just write out a new file allocation table without actually erasing any of the data (Not sure if the "full format" actually writes over data either, Microsoft's KB says the difference is that the full format scans for bad sectors).

Re:speaking of wiping data (4, Informative)

Nazlfrag (1035012) | more than 7 years ago | (#17437800)

Secure Deletion of Data from Magnetic and Solid-State Memory [auckland.ac.nz] is a good insight into magnetic memory issues, and his followup paper [cypherpunks.to] covers solid state devices. It's by Peter Gutmann, Department of Computer Science, University of Auckland. His homepage [auckland.ac.nz] has more good info.

In a nutshell, for hard drives, "If commercially-available SPM's are considered too expensive, it is possible to build a reasonably capable SPM for about US$1400, using a PC as a controller". So it is in the reach of the hobbyist to recover up to around the last 20 items recorded on any magnetic media (easier for floppies, harder as drives become denser). On solid state memory, I believe an electron microscope is needed for analysis. Still, data that has been in one location in RAM for more than five minutes is in theory recoverable.

Re:speaking of wiping data (1)

afidel (530433) | more than 7 years ago | (#17437236)

Nope, not completely unrecoverable, just difficult. Using an SEM anything written to a modern (mid 90's or later) HDD can be recovered even after many passes with "secure" delete patterns. Peter Gutmann wrote [sourceforge.net] about the problem years ago. Although he doesn't specifically mention flash ram I would imagine the problems facing DRAM and SRAM would be even more prevalent with flash due to wear leveling and other protection techniques meant to keep data safe on the flash device. When the data really needs to be secure physical destruction is the only way to go =)

Re:speaking of wiping data (0)

Anonymous Coward | more than 7 years ago | (#17437282)

There's theory, and then there's practice. I've NEVER heard of a hard drive actually having data recovered from it when it's been wiped. Not even in high profile crime cases.

Re:speaking of wiping data (1)

afidel (530433) | more than 7 years ago | (#17437402)

Since the NSA has a patent [purdue.edu] on a technique I think it's a little more than theory =)

Re:speaking of wiping data (1)

networkBoy (774728) | more than 7 years ago | (#17437814)

In the case of flash a simple overwrite pattern of 0000 followed by an erase back to FFFF is sufficent to ensure complete erasure.
Should the memory not have single bit writability, then an erase to FFFF followed by a write to 0000 and an erase back to FFFF is sufficent. This is because the data is not stored in magnetic domains, so simply ensuring all cells are written makes the charges on the cells fairly equal, the following erase operation and post erase repair that happens will obfscuate any remaining charge enough to have no recoverability.

Remember the flash cell is simply a very high performance cap formed between two SiO2 insulators.
-nB

Re:speaking of wiping data (1)

goarilla (908067) | more than 7 years ago | (#17437254)

what's wrong with zeroing everything out
as root:
dd if=/dev/zero of=/dev/sda1

can enlighten me if this is equal to using random or not in terms of drive unrecoverability

Re:speaking of wiping data (0)

Anonymous Coward | more than 7 years ago | (#17437020)

If you read to the bottom of that article, it tells you how to do it with the commandline in Windows, and mentions a GUI program named Eraser

Re:speaking of wiping data (1)

Metasquares (555685) | more than 7 years ago | (#17437098)

There's an opensource app called "wipe" that I just used to wipe my drive before sending it in for repair. It's in portage if you're using Gentoo.

It's slow, but probably not much slower than using dd manually.

Re:speaking of wiping data (1)

DaveM753 (844913) | more than 7 years ago | (#17437210)

At my last job, we used "Darik's Boot and Nuke", available at dban.sourceforge.net. You boot off the floppy, type "dod" and it wiped the drive according to Dept of Defense standards. It worked great (I hope)!

Re:speaking of wiping data (2, Informative)

Blkdeath (530393) | more than 7 years ago | (#17437596)

At my last job, we used "Darik's Boot and Nuke", available at dban.sourceforge.net. You boot off the floppy, type "dod" and it wiped the drive according to Dept of Defense standards. It worked great (I hope)!

{sigh} This has been discussed before. The DoD's standards for highly classified computers amounts to a very large hole-punch and an incinerator. The "standards" you refer to amount to the wiping they do on receptionist and non-classified computers.

Re:speaking of wiping data (2, Funny)

DaveM753 (844913) | more than 7 years ago | (#17437770)

Maybe that's why they laid me off two weeks ago. :-(

Re:speaking of wiping data (1)

afaik_ianal (918433) | more than 7 years ago | (#17437842)

The "standards" you refer to amount to the wiping they do on receptionist and non-classified computers.

Remind me never to take a job as a receptionist at the DoD. :P

Re:speaking of wiping data (4, Funny)

Sylver Dragon (445237) | more than 7 years ago | (#17437274)

If it's data you care about someone else getting a hold of, I would recommend using Thermite [wikipedia.org] . It's a wonderful, all purpose, cleanser of just about everything.

Re:speaking of wiping data (5, Funny)

phalse phace (454635) | more than 7 years ago | (#17437376)

"What are the best methods for removing almost any record of data?"

Have Chuck Norris give it a roundhouse kick.

Re:speaking of wiping data (1)

creimer (824291) | more than 7 years ago | (#17437396)

A sledgehammer works just fine.

Strong encryption with a 1-time key (1)

winkydink (650484) | more than 7 years ago | (#17437522)

Who cares what's on there? If you used a strong, 1-time key, you're done.

To your health. (0)

Anonymous Coward | more than 7 years ago | (#17436950)

"The picture is clear -- wipe anything that can store digital data before getting rid of it.""

And people worry that their data will not last until the next century.

Re:To your health. (2, Funny)

ScrewMaster (602015) | more than 7 years ago | (#17437656)

Modern storage systems either forget what they're supposed to remember, just when you need it the most ... or they remember it long after it is best forgotten.

what do i care (0)

Anonymous Coward | more than 7 years ago | (#17436962)

I take pictures, post it on my website, post it on flickr and hardly anybody sees it. What do I care :(

new hobby (0)

Anonymous Coward | more than 7 years ago | (#17436968)

data scavenger hunting on ebay! bound to be odds of getting SOME pr0n after spending $300 on used memory cards!

Duh (1)

J3M (546439) | more than 7 years ago | (#17436976)

Subject says it all, really.

I have a water damaged Razr phone that I haven't sold yet because of this very reason (they sell for around $50 on eBay). On the internal memory are all of my numbers, text messages, etc. I'm not sure how to wipe the phone though (it powers up but complains about the sim card not being present). Any suggestions?

Re:Duh (2, Interesting)

Akaihiryuu (786040) | more than 7 years ago | (#17437056)

Don't quote me on this (I haven't gotten my RAZR yet, still waiting on UPS)...but from the specs I read, the memory card on the RAZR is removable, and the site said it also came with an SD adaptor so you can put the card in anything that can read SD cards. Currently the only thing I have with an SD reader is my Wii, so I can't really test this out even after I get my phone until I get an SD reader. Might be worth a shot though.

Re:Duh (1)

J3M (546439) | more than 7 years ago | (#17437164)

The damaged razr is one of the earlier phones. I replaced it with a v3i which does indeed use a microSD card. I can find no easy access to any form of memory card in the old one.

Not a huge deal, but once I found that damaged Razr phones sold for so much, well, I wouldn't mind cleaning the phone out and selling it.

Duh (1, Insightful)

NineNine (235196) | more than 7 years ago | (#17437118)

Well, duh. Smash it with a hammer and throw it in the trash. Is it really worth your time to take more time trying to wipe it, then jump through the eBay hoops to post the damn thing, have them take out their exorbitant fees, deal with shipping it, etc. for $50? Just dump it, buddy.

Re:Duh (1)

J3M (546439) | more than 7 years ago | (#17437204)

$50 might not be much to you, but I've sold items for less. Why not let someone snag a few parts out of it rather than just tossing it? That is, of course, that I find a way to keep my information stored on it safe.

Re:Duh (0)

Anonymous Coward | more than 7 years ago | (#17437198)

Suggestions? Sell it to your friendly neighbourhood stalker. Because there is probably nothing on there s/he doesn't know anyways. Not the stuff about your son's adventures with your police friends, nor your girlfriend's fake love for Firefly...

(time to freak out!)

Re:Duh (2, Interesting)

drinkypoo (153816) | more than 7 years ago | (#17437672)

If you can't boot the phone you can't clear it. Motorola phones have two settings, a MASTER RESET and a MASTER CLEAR that collectively clear all data and settings from the phone. The memory card in the V3i is used only for ringtones, video and such - phone numbers are still stored to SIM or Phone.

Time to use Eraser! (2, Insightful)

PurifyYourMind (776223) | more than 7 years ago | (#17436988)

I'm not entirely certain it'd work on memory cards, but it works great on hard drives. You can overwrite clustertips, free space, etc. with many passes of psuedo-random data. I think the new version is commercial, so here's a link to an older version: http://www.tolvanen.com/eraser/ [tolvanen.com]

Re:Time to use Eraser! (0)

Anonymous Coward | more than 7 years ago | (#17437260)

No, it's still free and open sourced; everything else from that company/site isn't though.

Eraser Main Site [heidi.ie]
Eraser Sourceforge page [sourceforge.net]

Re:Time to use Eraser! (1)

rbanzai (596355) | more than 7 years ago | (#17437728)

Eraser can (and will) destroy your install even if you do everything properly. Please check their support forum before using this software, it is hideously buggy and destructive.

anyone anyone (0)

Anonymous Coward | more than 7 years ago | (#17437012)

I for one welcome our ...... overloards. anyone anyone

George W. Bush: War Criminal +10, Patriotic (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17437054)


Impeach the World's Biggest War Criminal [whitehouse.org] .

Thanks for your patriotism.

Sincerely,
K. Trout, ACTIVIST

Memory effect (5, Informative)

Anonymous Coward | more than 7 years ago | (#17437074)

Memory cards do not have nearly as strong of a memory effect as hard drives. With a hard drive you can write and rewrite multiple times and still have data recovered by someone willing to spend the time, effort, and money. But memory cards are much harder. You could be relatively sure of safety if you just:

1. Delete everything on the card.
2. Fill the card with something not private (maybe a text file that just repeats the same character).
3. Delete everything on the card.
4. If you're paranoid do 2 and 3 again.

If you don't have a computer handy, you can accomplish step 2 by taking photos of a blank sheet of paper or a lenscap or something of that sort.

Re:Memory effect (-1, Flamebait)

DigiShaman (671371) | more than 7 years ago | (#17437568)

With a hard drive you can write and rewrite multiple times and still have data recovered by someone willing to spend the time, effort, and money.


BULLSHIT! If you write all zeros, then ones, and back to zeros again accross the entire drive (technically a mid-level format, a true low-level erases the servo tracks and renders the drive useless), you can NEVER, NEVER, EVER recover the data.

Please, stop spreading this myth. It's BS!

Re:Memory effect (1)

Blkdeath (530393) | more than 7 years ago | (#17437654)

With a hard drive you can write and rewrite multiple times and still have data recovered by someone willing to spend the time, effort, and money.


BULLSHIT! If you write all zeros, then ones, and back to zeros again accross the entire drive (technically a mid-level format, a true low-level erases the servo tracks and renders the drive useless), you can NEVER, NEVER, EVER recover the data.

Please, stop spreading this myth. It's BS!

Sure. Write something incriminating to a hard drive, perform your procedure of choice then hand the drive off to your local neighborhood police data recovery lab. If you're in the neighborhood, hand one off to your local federal branch of investigators and have them give it a whirl.

Make sure your first phone call has access to a computer so they can let us know how it went.

Re:Memory effect (0, Troll)

DigiShaman (671371) | more than 7 years ago | (#17437956)

Sure. Write something incriminating to a hard drive, perform your procedure of choice then hand the drive off to your local neighborhood police data recovery lab. If you're in the neighborhood, hand one off to your local federal branch of investigators and have them give it a whirl.

Make sure your first phone call has access to a computer so they can let us know how it went.


Sure, I'll put my money where my mouth is. Question however... How do I PROVE to you and the rest of the Slashdot crowd that I didn't give the local police department (or FBI) a bogus drive that never had anything on it in the first place?

I'm sorry, but I don't have any way of publicly contesting this argument and still seem credible. And no offence, but even if I put forth the effort to satisfy your curiosity and yours alone (IE, can it be recovered, or is the data gone)...I feel my time would have been wasted. I'm sure if the tables were turned, you feel the same way.

Again, no offence to you...

Re:Memory effect (1)

grahamsz (150076) | more than 7 years ago | (#17437710)

Do you have a source for this?

Why do so many industry professionals seem to suggest you need 7 passes?

Utlimately the hard drive is an analog device. When you write to it, you change the magnetic charge on small areas of the platter. I find it hard to believe that there wouldn't been some residual charge left from the previous data.

Recoving it wouldn't be easy, but i would think you could turn of error correction and repeatedly read the area looking for any statistical anomoly. The other obvious solution would be to see if you could realign the heads to read slightly to the side of the track where the wipe may not have taken.

You could also of course mount the platter in a much higher resolution drive and try to create an image where you have 4 or 8 tracks in the space where you previously had one.\

I'm not suggesting that the average tech guy could pull this off, but i'd be surprised if intelligence agencies could not.

Re:Memory effect (1)

DigiShaman (671371) | more than 7 years ago | (#17437852)

You could also of course mount the platter in a much higher resolution drive and try to create an image where you have 4 or 8 tracks in the space where you previously had one.\

I'm not suggesting that the average tech guy could pull this off, but i'd be surprised if intelligence agencies could not.


You're talking about the magnetic fields being out of phase of each other. While they can in theory overlap, most of the time, the adjacent "out-of-phase-bit" gets knocked back toward in relation of the "true magnetic bit". Anyways, that's what the servo tracks are for. They keep tracks and bit spacing in check, and leave little room for overlap, let alone 4 or 8 out-of-phase tracks.

And no, an intelligence agency couldn't reconstruct data once a drive has been properly mid-level formatted. All they can do is pull data off a drive if there is a head-crash or some other hardware failure. Or, of someone does a quick-format and/or just deletes a file name-your-OS, they can pull the files without needing the index pointer.

Re:Memory effect (1)

izomiac (815208) | more than 7 years ago | (#17437700)

Or, if you're lazy...

1. Delete everything on the card.
2. Fill the card with images from certain sites every slashdotter knows about.

I highly doubt anyone will have the desire to recover anything after that.

shred for Linux users (1)

massysett (910130) | more than 7 years ago | (#17437834)

Shouldn't shred [die.net] used on the device (/dev/sdc or whatever) work fine for Linux users?

dd /dev/random (3, Informative)

ettlz (639203) | more than 7 years ago | (#17437112)

I've recovered photos by hand for family members who've accidentally nuked their memory cards (did it the hard way with a hex editor, dd and cut). So wouldn't dd if=/dev/random of=/dev/ memory-card bs=1K count= card-size-in-kib suffice?

Re:dd /dev/random (3, Informative)

ewhac (5844) | more than 7 years ago | (#17437252)

I wouldn't use /dev/random; it depletes the entropy pool far too quickly. Use /dev/zero instead:

dd if=/dev/zero of=/dev/mem_card_node bs=256k

If you want to be extra-friendly to the card's buyer, write a new partition table to the card after wiping it and format it for FAT32.

Schwab

Re:dd /dev/random (5, Funny)

Anonymous Coward | more than 7 years ago | (#17437438)

Bols, I don't get it: are you actually saying there's NOT ENOUGH randomness out there?

Here, have some of mine: ldjaofp9 bpm ]ak e]-07

Re:dd /dev/random (1)

gardyloo (512791) | more than 7 years ago | (#17437562)

Bols, I don't get it: are you actually saying there's NOT ENOUGH randomness out there?

Here, have some of mine: ldjaofp9 bpm ]ak e]-07


    Huh. Somehow I *knew* you'd write that.

Re:dd /dev/random (1)

drinkypoo (153816) | more than 7 years ago | (#17437510)

If you want to be extra-friendly to the card's buyer, write a new partition table to the card after wiping it and format it for FAT32.

Only cards over 2GB should be formatted FAT32. FAT16 supports partitions up to 2048MB and most devices will not read a FAT32 filesystem - typically, though, anything that supports devices larger than 2GB can and does use FAT32.

Re:dd /dev/random (1)

xantho (14741) | more than 7 years ago | (#17437954)

Yeah, by "friendly", I think the GP means "not friendly". Because a lot of recent cameras can't use cards with FAT32 filesystems.

Re:dd /dev/random (1)

opk (149665) | more than 7 years ago | (#17437326)

/dev/zero would be just as good. Trouble with doing that is that you then need to reformat the memory card. For some reason, I find reformatting memory sticks/cards tends to result in very slightly lower capacity than they started with.

RE: you then need to reformat the memory card (1)

tylernt (581794) | more than 7 years ago | (#17437944)

Nah, just delete your files and then write one big file that fills the existing filesystem:

dd if=/dev/zero of=/mnt/sdcard/bigfile bs=1M; rm /mnt/sdcard/bigfile
I do this all the time when I want to save an image of a partition using Ghost in sector-copy mode. I have an equivalent utility I wrote in Batch for Windows. All those zeroes compress quite well. ;)

Anyway, analysis of the remaining FAT may reveal some of your old filenames, but not the data in them.

Re:dd /dev/random (1)

cbraga (55789) | more than 7 years ago | (#17437534)

A normal person would copy a few large, useless files (such as MP3s) until the card was full.

Re:dd /dev/random (1)

FormulaTroll (983794) | more than 7 years ago | (#17437868)

And risk the wrath of the RIAA?!?

Stolen? (3, Insightful)

monkeyboythom (796957) | more than 7 years ago | (#17437120)

The evidence suggests that people are not aware that their privacy is at risk. In addition, the fact that some of the cards contained undeleted images is a bit disconcerting. At a bare minimum media card owners should have deleted the viewable images.

After reading the article, I wondered how many of these cards are actually stolen?

And I don't mean Pamela Anderson and Tommy Lee stolen either.

My dead hard drive... (3, Funny)

DaveM753 (844913) | more than 7 years ago | (#17437142)

I had a 4-month-old 250gb hard drive die of heatstroke within a fanless drive enclosure. The drive had, shall we say, material of an "educational" nature. (ahem)

Anyway, I didn't want to release said material to the general public at [insert HD manufacturer here], so I abandoned any warranty recovery and just physically destroyed the drive. So much for that $100.

even works on floppies (0)

Anonymous Coward | more than 7 years ago | (#17437152)

I had a hard time finding this program on ubuntu and debian because it's included in a package called testdisk, well that is a fairly generic name. Anyways it works great, my sister has a sony mavica that saves to floppies and she accidently formatted her disk, oops. I think the PhotoRec should be packaged seperately in order to more easily find it. It's a life saver.

Been there, done that... (0)

Anonymous Coward | more than 7 years ago | (#17437218)

My CF cards I don't worry about so much. Most of the pictures on them are worth zilch to everybody but me. I have to admit, I've already considered what this article talks about though. A buddy of mine borrowed my camera one weekend for some semi-legit reason, and when it got returned I noticed the flash was erased. I realized his girlfriend had been in town that weekend as well, and with a few minutes of flash recovery software, I'll never think of his now-wife in quite the same way again. :)

It's also why any media containing sensitive data has never left my house, aside from backups which are stored securely offsite. If I can't reuse a hard drive for some reason (most get reused initially in other machines), it gets obliterated. Usually it's just a 10 pound sledge until nothing recognizable remains, but sometimes the experience has been known to involve fire, driven by charcoal and a big, big blower. Depends on how destructive I feel. Thermite is fun, too. Put a bunch in a flowerpot above the drive, light it off, and watch the molten metal eat right through it. Did that once in college, fun fun fun...

Re:Been there, done that... (0)

Anonymous Coward | more than 7 years ago | (#17437380)

Please Post pix. Thanks in Advance.

Re:Been there, done that... (3, Funny)

tylernt (581794) | more than 7 years ago | (#17438004)

Please Post pix. Thanks in Advance.
Yes, I'd love to see thermite destroy a hard drive.

For The Pervs (1)

nate nice (672391) | more than 7 years ago | (#17437228)

So, if you're a pervert who enjoys walking around in a trench coat naked underneath, is this a good way to make money and satisfy the urge and make a few bucks?

I'm wondering what a card will go for if it's advertised to *still* have pictures and data on it?

Kind of like a mystery grab bag?

Refer to my First Post. (0)

Anonymous Coward | more than 7 years ago | (#17437324)

Thank you.

Re:For The Pervs (2, Funny)

drawfour (791912) | more than 7 years ago | (#17437456)

So, if you're a pervert who enjoys walking around in a trench coat naked underneath
You know, we're all naked beneath our clothes.

Re:For The Pervs (1, Funny)

Anonymous Coward | more than 7 years ago | (#17437536)

Shhhh, don't let the christians hear that

Card not wiped because people don't care (4, Insightful)

syousef (465911) | more than 7 years ago | (#17437268)

I'm sure a lot of people don't wipe the camera cards because they don't care if someone gets photos of their pets or disney vacation or drunken stupor. They figure most people - ie. those not interested in writing an alarmist privacy article - will simply wipe and use the card. Unless you're a celebrity, or have a stalker why would you care? You're probably photographed more by traffic cameras these days anyway.

Re:Card not wiped because people don't care (3, Insightful)

Kelson (129150) | more than 7 years ago | (#17437544)

There's also the possibility that they might not have a way to delete it. If, for instance, the only thing they have that reads the card is the camera itself (and they've been retrieving images via USB), and the reason they're discarding the card is that the camera itself is broken, and their new camera uses different media...

I can see the thought process going from "crap, I left some photos on there" to "eh, they're already on Flickr anyway." Unless there are photos that they haven't already downloaded, there's less motivation to track down something that will read (and erase) the card.

Re:Card not wiped because people don't care (0)

Anonymous Coward | more than 7 years ago | (#17437798)

I'm sure a lot of people don't wipe the camera cards because they don't care if someone gets photos of their pets or disney vacation or drunken stupor.

Yeah, and people used to leave their doors unlocked, not use anti-virus software, and a whole bunch of "but I didn't think anyone would (blank)!" type of stuff.

Personally I have the opposite thought process: "I can't remember if there's something important on there or not. I better just wipe the card.".

Pictures of kids? Picture of expensive possessions? Picture of house? Picture of wallet content (I do this once or twice a year, it's easier than writing down all the numbers to cancel)? Picture of a big check I wrote (quicker than photocopy)? I can't remember what exactly might be on the card, so I just wipe it before throwing it away or selling it!

cipher.exe is overkill for flash memory (0)

Anonymous Coward | more than 7 years ago | (#17437298)

There was an article ages ago on the old technocrat.net that talked about files not going away on flash memory devices. I asked what needed to be done to wipe flash (whether it had "memory" like magnetic drives) and Bruce Schneier responded that there's no need to do multiple writes like on a regular hard drive. Just filling the whole thing with junk once will work.

Re:cipher.exe is overkill for flash memory (2, Informative)

RvLeshrac (67653) | more than 7 years ago | (#17437642)

http://www.zdelete.com/dod.htm [zdelete.com]

The DOD already answered this question.

Whenever there's any doubt, DOD standards are the way to go.

Testing the best erase method? (2, Interesting)

GrumpySimon (707671) | more than 7 years ago | (#17437382)

There are ten or fifteen posts here with people suggesting that people should use dd, or wipe to write over these removable media to stop people recovering the data. Most people seem to be suggesting doing a dd from /dev/random TWENTY times.

What I would like to know is what the most effective method is. Someone should take a bunch of these cards (and harddrives etc) and do a little controlled test to see how much of a photo/file is recoverable after one round of dd, after 10 rounds of dd, etc. In short - what's the most effective (time v.s. security) method for cleaning these things?

Re:Testing the best erase method? (1)

D4rk Fx (862399) | more than 7 years ago | (#17437508)

It's flash memory. It will suffice to just write over all the bits a single time. It doesn't have a pushover area like magnetic media does.

Re:Testing the best erase method? (1)

scdeimos (632778) | more than 7 years ago | (#17437870)

Except for that 5% slack space behind the scenes used for wear-levelling (it's done in hardware now, no need for file systems like JFFS). I guess if someone was keen enough they could decapsulate the card and scrutinize the memory chip under an electron microscope to try to image what's been previously written in that 5% but who'd actually bother?

C'mon people, this is just an alarmist article. It's not like the military is going to put something sensitive like Launch Codes on memory cards and then sell them on eBay.

If you're super-paranoid like some of the tinfoil hat-wearing ones around here there's always shred -n 16 -z /dev/sdX optionally followed by a mkfat for the next lucky customer's convenience.

Re:Testing the best erase method? (1)

Kelson (129150) | more than 7 years ago | (#17437572)

what's the most effective (time v.s. security) method for cleaning these things?

That depends on whether you want the card to be usable afterward...

Re:Testing the best erase method? (0)

Anonymous Coward | more than 7 years ago | (#17437824)

"What I would like to know is what the most effective method is."

A blowtorch.

Re:Testing the best erase method? (1)

rrohbeck (944847) | more than 7 years ago | (#17437844)

Every bit cell on a Flash or EEPROM is a capacitor. Since it doesn't have remanence in spaces that may not see a flux change and the possibility of offtrack writes like a hard drive, overwriting with random data is unnecessary - better write 0x00, then 0xff, a few times.

Writing a word or block in one of those devices means:
- Erase the word/line/block to 0xff if necessary (i.e. if there are bits that need to be flipped to 1)
- For each bit that is to be set to 0,
-- bang on it with a pulse until it turns 0
-- bang on it a little more to make sure the bit sticks

So, by writing all 0xff every cell gets erased, and you could theoretically argue that with changing device characteristics (aging), the voltage level of older 1's could be different than what you just wrote. Same thing for 0's, but if you do this twice or so all traces of old data should be gone. There's no nooks and crannies like on a disk platter, only an array of capacitors.

NASA's methodology (3, Interesting)

Audacious (611811) | more than 7 years ago | (#17437546)

When I first started at NASA the methodology was to use something like Norton's Erase, put it on Government Erase (three passes of writing first all ones, then all zeros, then all ones again, then doing half tracks). When Windows 98 came along we still used Norton's Erase but it had a different algorithm which was quite good too. When Windows 2000 came along we were no longer trusted to erase everything properly and we had to send the disk drives to a centralized location where they were wiped before being sold. When Windows XP came along we were told to just take a hammer to them. This was because the government had made so many cutbacks that there wasn't any money to properly erase the disk drives.

On a side note: When I first started working at NASA we had a budget of well over a million dollars. We got rid of all of the really big mainframes, and minis, and went to micros. Our budget was reduced to somewhere around $500,000.00 a year (about a third of what we originally were given each year). What I'd like to know is - whatever happened to all of that money? We certainly never go pay raises which equaled the amount of money lost. So where did it go? The answer might be a bit more surprising than anyone really wants to know about. :-/

Who cares? (1)

CarnageAsada (740519) | more than 7 years ago | (#17437576)

Perhaps many people really dont care if someone else see's the pictures or movies as the original owner views them as irrelavent/ usless if seen?

Why not post them on eBay? (2, Insightful)

frdmfghtr (603968) | more than 7 years ago | (#17437806)

Why would I not post them on eBay, even if wiped?

Aren't there data recovery services that recover data from supposedly wiped media (hard drives, memory cards, etc.)?

Besides, how likely are you to to make back the listing fees on used media? Given how the prices are coming down, why would you buy used when you can buy new for only a little more? Brand new 1 GB CF is going for $10, why buy used?

I would be worried that I would lose money selling used memory media on eBay; it would make more sense moneywise to just smash them with a hammer; get some exercise, and anything that was on them is now unrecoverable.

Who cares? (2, Insightful)

ErikTheRed (162431) | more than 7 years ago | (#17437810)

I mean seriously, the discussion shouldn't be about "proper erasure techniques that 99.999% of the public couldn't understand if they tried", it should be about not being such a tight-ass cheap fuck that you have to sell your old drives (flash / hard / whatever) on E-Bay. I mean, seriously, do you need to spend that much effort to net yourself an extra $5 or $10?

I erase my old media with a sledgehammer. Try to recover that, bitch.

Re:Who cares? (4, Insightful)

ivan_13013 (17447) | more than 7 years ago | (#17438008)

Throwing away or destroying manufactured items when they are working and reusable is irresponsible, because it does not attempt to minimize environmental impact.

Used items that are still in demand should be reused as much as possible, to reduce the demand for manufacturing these items (with all the power and waste involved in that) and the size of landfills.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?