[macmac]

So after 4 months with my MBP and over a dozen calls to Apple help, they have decided my MBP is a lemon. They want me to send it in so they can swap out the logic board, hard drive, super drive, and the battery that is swollen and cracking from the extreme heat (causing the computer to die after 2 minutes without an a/c adapter).

I transferred all my data and booted off an external drive in order to use disk utilities to wipe the drive. In disk utilities I have an option to "zero all data" or do a "7 time zero" or even a "35 time zero". This is my question... Is 7 or 35 time zero that much safer? I thought once it was written over once it was all gone. Is it really worth it to do a 7 or 35 time write over or will that just wear out the drive sooner? How many times must it be wiped for it to be gone for good?

[PB PM]

Unless you have something you are really worried about one zero over should be enough.

[Barto]

Zero all data will stop ordinary users from retrieving the data (that is, it won't be recoverable with any software). It will still be retrievable by specialist data-retrieval places (that is, it will be recoverable with special hardware).

To stop that, you'll need to use 7-pass overwrite (35-pass is silly overkill).

Myself, I used to use 7-pass. Now I just all-zero drives.

[macmac]

Thanks for the info. I did a 7 times pass and I'm sending it in. I was just curious as to how many times it takes to wipe it beyond recovery or is there something crazy that could recover it no matter what. The 35 times pass seemed like an overkill, but then again, why offer it if it was not needed for some reason.

[alcimedes]

I overwrite my drives 99 times then shred them. Then I pee on the scraps and light the whole mess on fire with a quarter gallon of gas.

YMMV.

[macmac]

Quote:

Originally Posted by alcimedes I overwrite my drives 99 times then shred them. Then I pee on the scraps and light the whole mess on fire with a quarter gallon of gas. YMMV.

Are you sure that works? I need to know for sure!!! Seriously, my girlfriend can never find out about my wife.

anyway... what hardware can recover after 7 times? any good links I can read up on?

[alcimedes]

Unless you're worried about the CIA, or you have an arch enemy at OnTrack who might get their hands on your drive, a 7x wipe will be fine. Your porn will never see the light of day again.

[digitalAngel]

Quote:

Originally Posted by macmac So after 4 months with my MBP and over a dozen calls to Apple help, they have decided my MBP is a lemon. They want me to send it in so they can swap out the logic board, hard drive, super drive, and the battery that is swollen and cracking from the extreme heat (causing the computer to die after 2 minutes without an a/c adapter).

wouldn't it be easier for them to just send you a new MBP? i mean, with what they're replacing, what is left.. the case? i bet the case costs as much as shipping it to apple and back to you. seems silly to me but anyway, glad they're finally gonna fix it!

[macmac]

Quote:

Originally Posted by digitalAngel wouldn't it be easier for them to just send you a new MBP? i mean, with what they're replacing, what is left.. the case? i bet the case costs as much as shipping it to apple and back to you. seems silly to me but anyway, glad they're finally gonna fix it!

Even if they sent me a new one they would want the old one back first, so shipping is a wash. They did send me a very nice box with lots of padding so it should stay safe. Who knows, maybe they do just send a new one back, will let you know. It took about a dozen calls but I think the fact that the battery finally cracked from the heat and it would no longer work without the a/c adapter finally convinced them. Sucks, been using macs for 10 years and this is the first real problem I've had. I'm writing all this from my PowerBook G4 thats 3 years old and will still smoke that MBP.

[Enki]

Quote:

Originally Posted by Barto Zero all data will stop ordinary users from retrieving the data (that is, it won't be recoverable with any software). It will still be retrievable by specialist data-retrieval places (that is, it will be recoverable with special hardware). To stop that, you'll need to use 7-pass overwrite (35-pass is silly overkill). Myself, I used to use 7-pass. Now I just all-zero drives.

The theory of reading "in-between" bits left over after a zeroing pass is just that a theory. The only person to reliably illustrate the technique did so with previously known data on the drive. So the process of finding little random bits in between tracks on repeated reads and custom processed back into coherent data was only reliably done when the data was already known because the variations if the start position is off by even one bit make the problem all but intractible.

If you aren't doing anything illegal, storing the codes to authorize nuclear launches or whacked-out spy-novel stuff, a single write to zero's will obfuscate your data well enough. Only the folks interested in the previous stuff have enough compute power to even consider trying to read between tracks on peviously unknown data, and even they are only interested in very specific drives. The fact you are posting about this shows your drive isn't on their list, relax!

[Barto]

Thanks for the insight, Enki.

[Banana]

Would it be quicker to insert a hard drive in a capactitor bank capable of generating 10 tesla and flip the switch?

[ghoti]

Sure, but that would probably mechanically destroy the harddisk.

There's really no reason to be overly paranoid. For normal data, zeroing once is more than sufficient (lest somebody at Apple have a lot of time to sift through deleted data on harddisk that gets sent in). If you have really valuable data, or data that could put people at risk if it got into the wrong hands (like the names and addresses of hundreds of thousands of people serving in the military and their relatives, say), zeroing seven times removes any traces of the data for practical purposes. Sure, if you were to go after the disk with an electron microscope, you might in theory still be able to pick out the odd bit. But in practice, it's simply impossible.

Getting access to interesting data is much easier through social engineering or carelessness than using some supposed high-tech recovery methods.

[chucker]

FYI, it is often standard support procedure to replace hard drives regardless. So even if they were to send you back the same MacBook Pro, they'll probably put a new hard drive in first and refurbish (presumably including a thorough data wipe) your previous one.

[Banana]

Quote:

Originally Posted by ghoti Sure, but that would probably mechanically destroy the harddisk...snip....Getting access to interesting data is much easier through social engineering or carelessness than using some supposed high-tech recovery methods.

Apparently my tongue-in-cheek post was a tad too subtle. (For starter, where would one find such device capable of generating 10 Tesla field? Certainly not your 7-11 convenience store!)

[ghoti]

How do I know you're not working in some research lab, or have access to an MRI?

[Banana]

Oh, sure!

"Hey, after we're done with Ms. Green scan, I've got this hard drive I want to wipe"

"All right! I love to see one of those babies fry in this MRI!"

"Yeah! Ain't working at MRI loads of fun!"

"Word, dude!"

[alcimedes]

Actually, we have access to such hardware at my work in the magnetic research areas. We use it to destroy HD data regularly, so it's a somewhat legit concern.

[Banana]

But just wait until the next patient comes in and ask what is this smell in MRI room.

[PKIDelirium]

[spotcatbug]

Quote:

Originally Posted by Banana Oh, sure! "Hey, after we're done with Ms. Green scan, I've got this hard drive I want to wipe" "All right! I love to see one of those babies fry in this MRI!" "Yeah! Ain't working at MRI loads of fun!" "Word, dude!"

Don't mock. I was a software engineer at a medical center for 5 years. My first office was in a lab directly next to the room that had the MRI machine. We had to align our computer monitors to the magnetic field to keep them looking somewhat normal (you get used to it).

Anyway, we used to do fun things in the MRI room. Well, actually, it gets boring pretty fast. I remember coat hangers... and, um, hmmm. One time the director took an unloaded gun in the room to see if the field would pull the trigger (it did!). Never tried to wipe a drive, though.

[ghoti]

Ah, the fun you can have with just a few millions worth of highly sensitive medical equipment ...

I've never been near an MRI, but I worked for a radio station for some time. They had this "device" the size of a fridge for erasing reel tapes that seemed to consist of a large magnet that would be dropped when you pushed the button (after inserting the tape roll into a slot). There were warning signs all around it not to go near it with a credit card or floppy disk ... that thing may not have created anything close to 10T, but it probably would have been plenty to thoroughly erase a harddisk.

[bassplayinMacFiend]

Quote:

Originally Posted by chucker FYI, it is often standard support procedure to replace hard drives regardless. So even if they were to send you back the same MacBook Pro, they'll probably put a new hard drive in first and refurbish (presumably including a thorough data wipe) your previous one.

I bought some 'refurbished' floppy disks in the 90s that weren't completely erased. By pouring through the 50 disks I bought I came up with a 6 disk install set for the Borland office suite. You never know what you can find on these things.

You don't need specialized hardware either. There are military programs with data detection algorithms that will extract data from zeroed drives. This is why the DoD sets a standard for data elimination, which happens to be 35 passes of cryptographically random data.

35 passes of the same data will leave pockets of old information stored on the hard drive simply because one bit != one magnetic particle on the hard drive. One bit of information is stored in a cluster of magnetic particles. If you try to write zeroes over and over again, the hard drive won't wipe out the entire cluster of particles because if the whole hard drive read zero then it would be very difficult to tell one sector from another.

[macleod]

Quote:

Originally Posted by macmac what hardware can recover after 7 times? any good links I can read up on?

I would also be interested in some information on recovery. If anyone has some information on it or links to software or articles please share!

[Enki]

Quote:

Originally Posted by bassplayinMacFiend You don't need specialized hardware either. There are military programs with data detection algorithms that will extract data from zeroed drives. This is why the DoD sets a standard for data elimination, which happens to be 35 passes of cryptographically random data.

No, none of those programs available. It's labor intensive, painstaking and takes an interminable long time to forensically get anything useful off a zeroed drive. Most idiots think reformatting zeroes the drive, but it just wipes the directory, all the data is still there in all it's glory. There are a few programs around that will read that stuff pretty readily, but you still have to stitch the files together out of diconected blocks which takes plenty of time itself.

The 35 passes BS was all developed based on the 27 zeroing passes necessary to statistically "erase" the drive as claimed by the gent that used the known contents drive in the first place. He claimed he needed 27 passes to not find any recognizable trace of his pre-known data in known locations on his control drive. The drives used at the time the research was done were very old technology compared to today's drives. Head movements are on the order of 100x finer now than they were 5-7 yerars ago when this nonsense was first published. The head positioning sloppiness over the previously wide inter-cylinder spacing is what supposedly required all the extra writes, now those physical issues are pretty much a thing of the past, making the 27+ overwrites even more ludicrous.

Yes, the ultra paranoid standard necessary for a very small number of drives may say 35 passes, but that crap is written by knuckleheads that can't even figure out how to use Word to create a table of contents or how to use tabs instead of a bizillion spaces! The paranoid non-technical supervisors hear some ya-hoo showed off something at a security conference and then have some other non-technically adept ya-hoo write an instruction to surpass the worst case estimates, regardless of whether there is any real technical need or not.

I used to work with knuckleheads like that every day.

[ghoti]

Quote:

Originally Posted by bassplayinMacFiend 35 passes of the same data will leave pockets of old information stored on the hard drive simply because one bit != one magnetic particle on the hard drive. One bit of information is stored in a cluster of magnetic particles. If you try to write zeroes over and over again, the hard drive won't wipe out the entire cluster of particles because if the whole hard drive read zero then it would be very difficult to tell one sector from another.

That's why harddisks use run length encoding, instead of writing the data directly. So they won't have to rely on some traces of magnetic flux from not really writing the data (which would be incredibly unstable), but can maintain good tracking no matter what data you write.

[alcimedes]

Actually, most sensitive data is required to be shredded now. Erased isn't good enough.

[Enki]

True enough. But that has more to do with humans who screw up and don't actually erase anything but think they do. On the flip side of that, even an idiot can physically destroy or shred something enough to render it's data unretruevable.