lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050512161802.17959.qmail@www.securityfocus.com>
Date: 12 May 2005 16:18:02 -0000
From: Thor Arne Johansen <thorj@...s.no>
To: bugtraq@...urityfocus.com
Subject: Re: Commonly used disk imaging and wiping tools can be tricked to
    miss parts of a disk


In-Reply-To: <4281CC45.3030608@....se>


>
>Another really bad thing is that disk wipe tools do not wipe a disk with 
>a DCO set on it. For example, the very common tool ExpertEraser 2.0 from 
>IBAS can be tricked into wiping as little of a disk as wished by setting 
>a DCO on the disk before the wipe.
>

Hello, 

I hope this is not considered spamming the group. I just want to make sure the community has the correct information regarding our product ExpertEraser.

It is true as Vidström claims that EE version 2.0 lack support for DCO (as do most competing products).

When we became aware of this weakness (26.04.2005) we investigated, and corrected the problem. All versions shipped after this friday (13.05.2005) will support DCO.

Now one could (and should) argue that we should have known about DCO from the moment it was proposed in the t13 commitee. Our response to that is that we are not happy with allowing this miss to happen. In fact we are downright embarressed, and will make every effort to prevent anything similar from happening in the future.

So, even though we are not proud of our DCO miss, the fact is that ExpertEraser now supports DCO.

--

Thor Arne Johansen
Technical Director & CTO
Ibas AS


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ