[NBLUG/talk] Best way to dispose of a working computer

S. Saunders sms at sonic.net
Mon Aug 14 15:14:32 PDT 2006


On Mon, August 14, 2006 13:55, Lincoln Peters wrote:

> On Sunday 13 August 2006 18:57, S. Saunders wrote:
> >
> > For 99% of legitimate use...
>
> I would put the whole security policy through a cost-benefit analysis
> (more precisely, the cost-benefit analysis that your enemies might
> go through):

<nod>


> * Are you guarding against identity theft?
<SNIP>


> * Are you worried about small- or medium-scale invasions of privacy
<SNIP>


> * Are you worried about a totalitarian police state, or an organization of
> comparable power?
<SNIP>

Yeah.  If you're a multi-billionaire, your PC might very WELL be worth the
thousands of dollars it would take to recover from "naive" disk-erasure
measures.  Even one good hit with the credit line of Larry Ellison or Bill
Gates could net millions; their used PC's could be worth that cost effort.

Similarly, if you're a key player in some criminal activity, recovering
your PC's data *IS* worth the effort for law enforcement.

For most of us "mere mortals" however, "ordinary" measures entirely
suffice.  Not that all of us "mere mortals" restrain ourselves to such
ordinary measures (q.v. "shred" and other 25x-and-more rewrite utilities).


> and just in case someone tries to steal a working hard drive, use strong
> disk encryption (e.g. AES), use a different password for everything you
> do, make all your passwords at least 10 characters with a combination
> of letters and numbers (maybe even Unicode characters), rig your
> computer with explosives, etc.

Note that a pinhole-cam installed upstairs, with a pinhole drilled over
your computer, is liable to circumvent all your password protection.

You REALLY need biometrics, here; IIRC, iris-recognition has some recent
commercial advances.

Also, you probably need some sort of time restraints -- e.g. access
attempted after 11pm (or whatever) and before 6:45am (or whatever) are
flatly denied, so that covert ops can't perform a physical penetration
to hack your own console while you asleep...

And, of course, your system is STILL not Tempest-hardened...
};-D>


- Steve S.





More information about the talk mailing list