Feeds

Take a hammer to your hard drive, shrieks Which?

Wiping-tech confidence collapse insanity

Internet Security Threat Report 2014

Which? Computing has lost faith in wiping technology and advised punters to take a hammer to hard discs they intend to get rid of. Reg readers and experts have slammed the advice as misguided and irresponsible.

The possibility that dodgy sorts might be able to recover deleted data with the help of specialist software from PCs or hard discs flogged through auction sites or even "disposed" of through council rubbish dumps is real enough, and something we've covered several times on El Reg, going back ten years to the incident when Paul McCartney's banking details turned up on a carelessly discarded PC.

Still, getting medieval on computer kit, while it might be emotionally satisfying, carries a risk of potential eye injury through shrapnel, for example, and is generally a dumb idea. A better approach would be to wipe data securely before getting rid of it or, better still, donating it to charities such as Computer Aid International so that up-to-date second-hand kit can be given a second lease of life in the third world.

Which? Computing reckons wiping has become unreliable, but experts dismiss this view. "There's lots of software out there that does wiping very well, such as Blancco Data Destruction, and it doesn't cost much," said Harlan Simpson, director of Disklabs.

Appetite for destruction

Which? Computing bought eight second-hand hard drives from eBay. Unsurprisingly it found potentially confidential data on these drives. Even after using an unspecified and free data destruction package, the computer magazine was "able to recover 22,000 'deleted' files, including images, music files and spreadsheets", it reports.

Having lost faith with data destruction, on the basis of its experience with one wiping tool, Which? Computing goes on to advise that "if you want to be absolutely sure your files are deleted, remove the hard drive from your PC and destroy it with a hammer".

"It sounds extreme, but the only way to be 100 per cent safe is to smash your hard drive into smithereens," said Sarah Kidner, editor of Which? Computing.

Disklabs' Simpson acknowledged that consumers need to be careful about the capability of data destruction products but nonetheless dismissed the Which? Computing advice out of hand. "As long as consumers use a certified and approved product they'll be fine. Which? Computing is sending out the wrong message," he added.

Reg reader Dave Compton is even more dismissive about the initial Which? Computing "study" as well as the BBC's decision to uncritically report on its findings, alongside a how to box-out.

"Imagine the injuries people will sustain (especially with shattered glass platters), not to mention the waste of good hardware," Compton said.

Which? is published by the Consumer Association and has a long history of offering sensible advice on everything from car maintenance to home finance and computers. Its latest advice - particularly with the risk it poses of personal injury - is therefore all the more puzzling. A helpful spokeswoman acknowledged we might have a point about the personal injury risk and said it would always advise the use of protective kit - something not actually mentioned in its press release. ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.