Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

10/31/2008
02:21 PM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%

Recycled Storage Media Includes Confidential Data

We've said it before and often: if it's ever held data, don't throw it away no matter how sure you are it's been wiped clean. Now there's evidence that you shouldn't recycle old media either.

We've said it before and often: if it's ever held data, don't throw it away no matter how sure you are it's been wiped clean. Now there's evidence that you shouldn't recycle old media either.Imation, which makes storage tapes, has announced findings that indicate what many have long suspected: there's next to no way to remove all data from a tape (or other medium.)

Which makes re-using the tapes nearly as problematic as throwing them away. (And in most ways more problematic: recycled media remains in use and accessible; at least materials thrown in the trash have a chance of clogging our landfills instead of being mined for unerased data.)

Imation's case rests on the sheer capacity of modern backup media: if even a fraction of a percent of the material on a half-terabyte tape persists after "cleaning," that's multi-megabyte confidential business or personal information headache (or worse) waiting to happen.

The company purchased an assortment of recycled (and supposedly wiped) tapes from the recycled media market, tested them, and found everything from hospital patient records to bank audit information, credit card numbers and more.

Just as Maxell's Halloween backup promotion covered here yesterday recommended using only pristine media, Imation is in the storage media business: both companies are doing business.

But both are also making sound recommendations about storage media re-use, recycling and disposal.

The most dramatic reminder of the persistence of data is also the saddest: a hard disk recovered from the Space Shuttle Columbia disaster yielded readable information.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26890
PUBLISHED: 2020-11-24
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the r...
CVE-2020-28348
PUBLISHED: 2020-11-24
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.
CVE-2020-15928
PUBLISHED: 2020-11-24
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal.
CVE-2020-15929
PUBLISHED: 2020-11-24
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution.
CVE-2020-28991
PUBLISHED: 2020-11-24
Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.