Friday, April 21, 2023

Purveyors of used data

This is not surprising at all:

You know that you're supposed to wipe your smartphone or laptop before you resell it or give it to your cousin. After all, there's a lot of valuable personal data on there that should stay in your control. Businesses and other institutions need to take the same approach, deleting their information from PCs, servers, and network equipment so it doesn't fall into the wrong hands. At the RSA security conference in San Francisco next week, though, researchers from the security firm ESET will present findings showing that more than half of secondhand enterprise routers they bought for testing had been left completely intact by their previous owners. And the devices were brimming with network information, credentials, and confidential data about the institutions they had belonged to.

The researchers bought 18 used routers in different models made by three mainstream vendors: Cisco, Fortinet, and Juniper Networks. Of those, nine were just as their owners had left them and fully accessible, while only five had been properly wiped. Two were encrypted, one was dead, and one was a mirror copy of another device.

Like I said, not particularly surprising.  If you get rid of a device, you really should at the minimum do a factory reset.

7 comments:

Matthew W said...

FIL just updated his 20 year old XP tower and asked what he should do with it.
I took it home and took out the HDs and he's going to take the rest of it to an electronic recycling event.
Always thought it would be "fun" to buy some of those used computers at Goodwill, thrift stores etc just to do an experiment like your post described.

Mind your own business said...

FYI, the same can be said for copier machines ... which have memory storage and can retain electronic copies of tens of thousands of documents that someone made copies of or scanned at some point in time.

So whether your business rents a copier or owns its own, remember that when it comes time to replace it.

Rick T said...

Pull the drives and either take them to the range or pull out a tack hammer and whale away for until it jingles when you shake it.

danielbarger said...

When I want to wipe a drive I simply take it into the MRI Suite and wave it inside the bore for a moment. Drive is dead, instantly and permanently. Few things are as efficient at wiping a drive as a 1.5-3 Tesla magnet.

Richard said...

I have shot drives before but this technique should be used only if you don't have access to explosives. I did like the MRI technique but I don't have access to one of those either.

Old NFO said...

Copiers are even worse! Every document is on the hard drive in them!!!

Ken said...

When I recycled my old Surface Pro 3 I used a cutoff wheel on my Dremel to extricate the hard drive.