-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/01/2011 07:25 AM, Bruno Wolff III wrote:
On Fri, Sep 30, 2011 at 21:04:13 -0700, Linda McLeod lindavaldeen@fastmail.fm wrote:
My IP and OS are a vandalism target of mindless childish hellbound kooks hellbent on causing me grief to appease their delusions that I'm in any ways like them, and that I might somehow want to help them solve their useless bullyish lives.. is why I find it best to "DBAN" compromised OS's, to make hd's totally clean for new installs...
I think having a DBAN CD is a better idea. Otherwise it would be too easy for an inexperienced user to wipe their disk by mistake.
DBAN is used when you are going to lose control of the media (because you are selling it or throwing it out) to prevent people from recovering your data. It isn't needed to prevent you from accidentally running code looking at data left behind after a compromise. A reinstall (including rewriting the MBR and repartitioning) is good enough.
Also related to this is that hdparm will let you use the secure erase feature of disk drives that support that feature.
You may not be able to do this if the drive is in the computer when you boot. It is a "feature" of the BIOS that disables this option at boot.
Mikkel - --
Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup!