Quick Hits

Here are a few quick computer and security news articles from this week:

  • Mother sues Apple over exploding iPod Touch Supposedly the iPod was in her child’s pocket in the off position. The kid felt a hotness from his pocket, looked down and was on fire. The mother is suing Apple and 10 Apple store employees for damages.
  • Army database compromised The US Army discovered a possible security breach on a web application containing personal information of about 1600 soldiers
  • Cyber crime goes SaaS Want to buy a toolkit for attacking computers? No problem? Don’t have the expertise to run it yourself? No Problem, they’ll host it for you! Seems like this would make it easier to shut the attackers down since they have a common source.
  • Rigged podcasts can leak your iTunes username/password Hackers can create malicious podcasts to hijack usernames and passwords from Apple’s iTunes software. iTunes 8.1 fixes “feature”

English Trashmen equipped with Computers, GPS

From the Across the Pond department: Waste collection crews in England are being equiped with computers and GPS in order to build “rubbish profiles” on residents. These computers will feed crewmembers up-to-the-minute information on the houses they are servicing.

In addition, information will be collected and provided to local authorities so they can issue recycling advice, or fines for residents that fail to obey recycling rules.

These processes are part of a government strategy to increase recycling to 40% of trash collected by 2010, and 50% by 2020.

While I’m in favor of increased recycling, the very idea of automatic fines seems like something out of science fiction movies like “Demolition Man” or “The Fifth Element”.

Data Destruction: Is One Pass Overwriting Enough?

There is some controversy regarding data destruction in the IT industry, some vendors claim that no software writing solution is secure, and only firmware level erasing, like Secure Erase, is certifiable. Others go further and say that only physical destruction is enough. The DoD spec calls for either a 3 pass or a 7 pass wipe, and NIST has stated:

Studies have shown that most of today’s media can be effectively cleared by one overwrite.

Popular TV shows like Numb3rs show scientists able to recover data from drives even after they have been wiped. There are probably as many standards to wipe data from hard drives as there are companies providing solutions. When is it enough? EPC as a company has standardized on the 3 pass DoD wipe as it is well recognized in the IT industry and it is a relatively fast process. Read more