[Faccus] [Sec-wg] Hard drive degausser

Paul Ludwig pludwig at uwaterloo.ca
Tue Jan 31 14:00:27 EST 2012


Do not believe that from WD. We just got a replacement drive from WD for a dead
drive. The drive was a 2TB hard drive. It was full of movies and data files from the
last client, not a UW person. It was not the drive we sent them.

We in ECE open each hard drive we are getting rid of and scratch the drives platters.
This is the only way we can guarantee the data does not flow off campus. 

Thanks
Paul James Ludwig 
Computer Support Manager
Electrical and Computer Engineering 
Room: EIT 4176 
University of Waterloo 
200 University Avenue 
Waterloo, Ontario, Canada, N2L 3G1 
Phone: (519) 888-4567 ext. 32847 
Fax: (519) 746-7260


-----Original Message-----
From: sec-wg-bounces at lists.uwaterloo.ca [mailto:sec-wg-bounces at lists.uwaterloo.ca] On Behalf Of Matt Cooper
Sent: January-31-12 12:25 PM
To: Robyn Landers; sec-wg at lists.uwaterloo.ca
Cc: faccus at mailman.uwaterloo.ca
Subject: Re: [Sec-wg] [Faccus] Hard drive degausser

The claim from WD is that when you return a drive, the device they use to check the drive actually wipes it clean as they're testing it.
http://community.wdc.com/t5/Desktop/Data-on-returned-hard-drive/td-p/1959

Are there other Universities that people have contacts with who have had similar incidents?  Maybe reaching out can provide some sense of proper protocol.

Matt Cooper

Client Support Specialist
Institute for Quantum Computing
University of Waterloo

RAC 1004
519-888-4567 x38607


-----Original Message-----
From: faccus-bounces at lists.uwaterloo.ca [mailto:faccus-bounces at lists.uwaterloo.ca] On Behalf Of Robyn Landers
Sent: January-31-12 11:45 AM
To: sec-wg at lists.uwaterloo.ca
Cc: faccus at mailman.uwaterloo.ca
Subject: Re: [Faccus] [Sec-wg] Hard drive degausser

> Otherwise, from what we are seeing, kiss your warranty coverage
> goodbye.   If you can't wipe the drive through software and if
> degaussing voids your warranty, you have no redress.  If you do not 
> have your Policy 8 "Confidential" data encrypted on the drive using 
> whole disk encryption, your options appear limited-- the drives must 
> be securely destroyed[2].


So now I have to tell researchers that they will not be allowed to use the hardware maintenance contracts they buy for their RAID arrays to cover disk failures, they have to buy new disks.
Who is going to pay for those?

And internally we will not be allowed to use our hardware maintenance contracts with NetApp to replace failed drives, we'll have to buy
new ones.   Who's going to pay for those?


Robyn
_______________________________________________
Faccus mailing list
Faccus at lists.uwaterloo.ca
https://lists.uwaterloo.ca/mailman/listinfo/faccus

_______________________________________________
Sec-wg mailing list
Sec-wg at lists.uwaterloo.ca
https://lists.uwaterloo.ca/mailman/listinfo/sec-wg



More information about the Faccus mailing list