In researching a friends’ question about securely(wiping) files in osX, with which I have very little familiarity, I found that recent versions offer the option to wipe/shred files as they are emptied from the Trashcan.
I looked about a bit, see no obvious implementations of this capability in Linux.
It seems to be an interesting idea.
Anyone seen hacks or other implementations to replace simple file deletions with wipe or shred when clearing the Trash?
Thanks
cmcgrath5035 wrote:
> In researching a friends question about securely(wiping) file in osX,
> with which I have very little familiarity, I ‘found’
> (http://tinyurl.com/37u3cgh) that recent versions offer the option to
> wipe/shred files as they are emptied from the Trashcan.
>
> I looked about a bit, see no obvious implementations of this capability
> in Linux.
> It seems to be an interesting idea.
>
> Anyone seen hacks or other implementations to replace simple file
> deletions with wipe or shred when clearing the Trash?
http://www.cyberciti.biz/tips/linux-how-to-delete-file-securely.html
http://linux.die.net/man/1/wipe
The man page for wipe is particularly interesting because it explains
how futile such efforts are.
Hmmm, thanks, I guess, djh for highlighting the error in believing that a wiped or shredded file is truly “securely deleted”.
I Googled about a bit after reading your references, with particular focus on ext4 which I use by default.
Securely deleting files from ext4 filesystems [LWN.net]
These seem to imply that shred works OK, with limitations, sort of , with ext4
shred - Securely delete files in Linux | Linux Poison
[SOLVED] shred and ext4 filing system [Archive] - Ubuntu Forums](http://ubuntuforums.org/archive/index.php/t-1662936.html)
The clear consensus appears to be use encryption at the file or partition level, with a really good key, of course.
A sobering set of discussions when one contemplates that today’s NSA analyst is next years primary school hacker somewhere in the world.
cmcgrath5035 wrote:
> Hmmm, thanks, I guess, djh for highlighting the error in believing that
> a wiped or shredded file is truly “securely deleted”.
Thanks for not shooting me for bearing bad news 
> A sobering set of discussions when one contemplates that today’s NSA
> analyst is next years primary school hacker somewhere in the world.
this has all been discussed for years and years…as far as i know if
you need to hide your secrets from the NSA then you need to consider
total physical destruction of the individual platters of the drive with
secrets…
this video will pretty much do it for you, consistently and reliably
exceeding US military security wipe requirements:
http://www.youtube.com/watch?v=k-ckechIqW0
–
dd
On Tue, 17 Jul 2012 18:06:04 +0000, cmcgrath5035 wrote:
> I looked about a bit, see no obvious implementations of this capability
> in Linux.
> It seems to be an interesting idea.
There is “shred” in the coreutils package, but it is a command line
utility. However, read the “caution” notice in the man page, because
there are concerns about its utility nowdays
–
Cheers / Saludos,
Carlos E. R.
(from 11.4 x86_64 “Celadon” (Minas Tirith))
On Wed, 18 Jul 2012 09:38:46 GMT, Dave Howorth
<djh-novell@no-mx.forums.opensuse.org> wrote:
>cmcgrath5035 wrote:
>> In researching a friends question about securely(wiping) file in osX,
>> with which I have very little familiarity, I ‘found’
>> (http://tinyurl.com/37u3cgh) that recent versions offer the option to
>> wipe/shred files as they are emptied from the Trashcan.
>>
>> I looked about a bit, see no obvious implementations of this capability
>> in Linux.
>> It seems to be an interesting idea.
>>
>> Anyone seen hacks or other implementations to replace simple file
>> deletions with wipe or shred when clearing the Trash?
>
>http://www.cyberciti.biz/tips/linux-how-to-delete-file-securely.html
>
>http://linux.die.net/man/1/wipe
>
>The man page for wipe is particularly interesting because it explains
>how futile such efforts are.
Nothing can stop any interested Government from snooping you, me, or
anybody rather thoroughly. Or the Mafia or a less than decent corporation
that has some money and the will. Even a talented cracker-hacker can
snoop anyone at will. No real need to dumpster dive for your discarded
hard disks. The real point of shredding files and drives is to avoid
giving away private information for free. If the data that is on the
drive is that important, destroy the drive and physically shred the
platters, then melt them. Same with SSD and other flash media.
?-)
Well, actually… these days the value of Security practices and Crypto has shifted from the (somewhat persistent) Cold War attitudes to which we older folks all tend to default. “Back in the day” it was advice like “memorize your passwords” - under the tacit assumption that spies would be stealing your secrets. Nowadays we’re trying to defend against a massively increasing cybercrime market. Hundreds of thousands of credentials are being stolen. Well over a hundred billion dollars are being fleeced out of the economy - this is a pretty big deal, because when people are hit, they are hit hard.
The issue is that RAT tools like dark comet come pre-configured to search a complicated operating system and find credentails. So the new enemy is not the CIA or totalitarian governments, but organized, corporate hackers. (being “botted” into a botnet is a whole separate issue)
How can we secure our systems against RATs, trojans, and other forms of hacking, especially since our cell phones now effectively make our LANs internet-facing via the cellular network?
What seems to be coalescing to enable this is the use of Master Passwords protecting our (growing) list of personal passwords (current best advice: never reuse a single password on multiple Domains!!). This means you need a Master Password File (unless you have an amazing memory). But this file has to be portable because you don’t carry your desktop everywhere. So that forces the use of encrypted (master password) files which you carry around, and which are opened often and edited sometimes, and a way to securely delete these files. The only portable way to do this which I’ve found are sourceforge compression apps which support, say, AES256. GPG is OK, but it’s a stream cypher, so you need to securely delete the old version and encrypt a fresh new version after editing.
What I don’t know is just how secure our cell phones are for providing a portable, convenient way to access our passwords files. I know apps exist, such as kwallet, but Android seems so new and so heavily invested in the capitalist community that I think it’s the likely weak link in securing one’s credentials.
Hardware like secret areas of hard drives are too static for cybercriminals (hard drives live a decade while the cybercrime market changes in months). But I imagine a RAT tool would certainly check the swapfile, and would have built-in software to search for deleted-but-still-intact files. It would certainly check browser-stored credentials…
Thoughts? I really think we need a Security Forum on Opensuse Forums!
Best,
Patricia
I use an encrypted partition, so that I don’t worry much about deleted files.
More specifically, I use an encryted LVM, with “/”, “/home” and swap all in the LVM. Only “/boot” is unencrypted, and there isn’t anything there with privacy concerns.
Additionally, I use an “ecryptfs” private directory. I keep the most sensitive data there, though the extra layer of encryption probably doesn’t do much.
I have another encrypted partition which I share over the network with Windows boxes. That allows keeping sensitive Windows data on an encrypted file system, without having to deal with Windows “bitlocker”.
I keep passwords in a gpg-encrypted file. While editing, the un-encrypted version is in my “ecryptfs” private directory.
I use a master password with firefox, to handle saved passwords.
I am never sure of Android. I have avoided using it to visit bank sites and similar. I’ll stick to my desktop and/or laptop for that.
For system backups, I use “dar”, which allows me to have the archive encrypted. The archive itself is on an external drive, and I do not encrypt the external drive. But the encrypted “dar” archive should be sufficient. I use “acronis” for Windows backups, and I have it encrypt the backup image.
If you are using a modern laptop, they already know everything you are doing before you ever put it into a file, never mind after you delete it.
Do you see that round piece of glass just above the laptop screen? That is a special “Mind Reading Device”.
To fix this problem, go to your kitchen cupboard, get out a length of tinfoil, and wrap it around your head. This will block the mind-waves. It works best if you attach a small, plastic model airplane propellor to the top.rotfl!
On 2015-01-10 21:16, nrickert wrote:
> I keep passwords in a gpg-encrypted file. While editing, the
> un-encrypted version is in my “ecryptfs” private directory.
You can use emacs, and edit directly the file in memory, with never a
clear text copy (I think). At least, I have not been able to locate a
temporary file while editing it. Vi also has a GPG file mode.
–
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)