Technical Tidbits™

Posts Tagged ‘rewrite’

Here at MICE, we don’t publicly advertise our security clients because it’s an open invitation to hackers.

However, I do need to tell you that I was recently hired to look over a self-hosted WordPress blog site that had been hacked.  I didn’t get to see the actual hacked message, but the client described it as a defacement of the main blog page saying, “You’ve been hacked.”

I am still trying to find out from the blog owner a few minor details to determine how it was actually done, but the .htaccess file had been modified giving the hacker permission to rewrite to all the files on the blog.

As soon as I find out the remaining information, I will post more details including screen shots of the website that the file redirected to.

I am blocking the actual redirect website with Xs in the line I found in question in the .htaccess file because I don’t want anyone going there, but if you see this code, delete it and re-upload the file.

RewriteRule .* http://xxx-xxxxx.xx/xx.cgi?4&parameter=ku [R,L]

The R stands for Redirect and the L means Last so it stops processing the rule after the condition is matched.

You can open the .htaccess file in a textpad or notepad document if you right mouse click and choose open with.

More later but this your heads up!

So, this holiday season you received a brand spanking new computer and it’s time to dispose of the old one.

You’ve heard the horror stories. Old PCs recycled with data still on the hard drive and the ensuing identity theft and credit card fraud that follows it.  What’s the right way to remove data from a drive and guarantee your security?

First, let me say congratulations to you if you are reading this post! That means that you are actually concerned about your security and data and you are taking a proactive role in managing it!

Now, to answer the question.

How you choose to dispose of your old data depends upon how much you want to be involved with the process.

If you want to wipe the drive yourself, you will need to have a program that reformats the drive several times over and then writes Xs and/or Os across the drive rendering everything unreadable. This is actually the government standard for wiping drives.

Department of Defense 5220.22-M recommends overwriting the drive sectors three times with specific, different characters, which constitutes one pass. Many experts recommend seven such passes to render the data completely unrecoverable.

If you do not have any top secret documents or data that is highly confidential, you of course, do not need that high of a level of rewriting. But, you should do more than just reformat.

Note: Just reformatting the drive using an older Windows boot disk and the format function, will not remove all the data. The drive can still be read!

But there are some free and paid for solutions to help you.

First, there is Summit Computer Networks Hard Disk Scrubber. I have used this and found it very effective! It’s free, effective and overwrites with 1s and 0’s.

Next, there is Darik’s Boot And Nuke. It’s free to download, the program doesn’t hold you hostage until you buy, and it’s effective.

A recommendation from PC World – but I have my doubts and a few suspicions about it – is Active@ Kill Disk.  I can’t put my finger on why this one makes me nervous, but it does. Maybe I might have tried it before? Not sure. But again, it’s free.

Some paid versions are Jerico’s BCWipe for Windows, Linux, and Unix.  I tried the trial download once upon a time, and if I remember correctly, this one didn’t do much unless you purchased the product. So it was very hard to evaluate it without putting up the cash to test it properly.

This paid version by White  Canyon Software called WipeDrive⁵ has an impressive list of customers scrolling on the left! Although I’ve never used it, for $39.95 it’s not a bad price considering the list of customers they are claiming to use it! There are also several licensing options available if you are a techie or in the business of wiping drives.

Now, there’s another couple of options you have that do not include wiping the drive yourself.

If you are handy with tools, open the case and remove the hard drive before you recycle the unit.

From there, you can also open the the hard drive, remove the actual hard disk inside and have that destroyed by someone that has a metal cutter. If the metal saw or cutter is strong enough, you can actually slice through the entire drive without removing the hard disk. (Done that!)

But keep in mind, this should be done by a professional. A friend of mine owns a factory with this type of equipment and you must wear safety goggles and operate the machinery appropriately. This is not a solution for the average person!

You can also remove the drive and ship it to us for destruction. We will send you a written guarantee that we have wiped or destroyed the drive according to government standards. The service is free unless you want the drive back wiped. There is a $50 charge for that service.

You can ship it to us at our snail mail address available on our Contact Page.

We have wiped drives successfully for our clients including private individuals, law firms, doctors offices, and construction companies, to name a few.

But whatever road you take, be sure that the drive is completely erased and unreadable before you recycle it.  You may have forgotten that you had written letters to your insurance company or credit bureau that contains sensitive and personally identifying information!