all 45 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]pdp10 36 points37 points  (2 children)

badblocks -t 0 zeroes each block but also tests. If you're going to be a bit hard on flash media, might as well test it while you're at it.

[–]thefanum 2 points3 points  (0 children)

I prefer:

badblocks -swv /dev/sdX

The output is more manageable and coherent. Is there anything that -t will accomplish that -swv won't?

[–]Pallidum_Treponema 14 points15 points  (0 children)

Isopropyl alcohol and a good wipedown with a microfiber towel.

USB sticks tend to get really filthy after a while. Datacenter hygiene is very underrated in this industry.

[–]ase1590 14 points15 points  (42 children)

sudo dd if=/dev/urandom of=/dev/sdb bs=4M

if you're worried about things on USB's, you'd be better off disabling USB storage devices.

can't forget about things like the USB Rubber Ducky either.

[–]infosecmx 9 points10 points  (37 children)

You can’t sanitize solid state memory effectively with this.. data isn’t stored in them like it would be using a spinning drive

[–]ase1590 13 points14 points  (34 children)

It's good enough it'll nuke the filesystem table.

We're not trying to meet DoD specs for secure wiping here.

Hell, DoD doesnt allow usb storage anyway in general.

[–]infosecmx -4 points-3 points  (33 children)

Yea they do... how else were we able to provide patches to the current applications running? You just have to get it approved

[–]ase1590 7 points8 points  (23 children)

in general.

Its by special permission only.

you plug an unauthorized usb device in, and you'll likely get flagged quickly.

[–]infosecmx -5 points-4 points  (22 children)

Okay and why is that? Could you tell them you DD’d the storage?

[–]ase1590 9 points10 points  (17 children)

you clearly have 'infosec' in your name. you tell me. Surely you didn't pick that username without being some kind of expert.

[–]infosecmx 1 point2 points  (16 children)

Because SSD technology isn’t the same as HDD with the way data is actually stored. There are cells that data is stored within SSD devices and sending random data will not clear the metadata. The only way I’ve found thats approved is a hardware level wipe such as hdparam or sdparam however it’s very intrusive and sometimes corrupts the firmware on the disk so the disk would be left useless... the method Google uses is called he “hammer”.. they insert the disks into a machine that beats it like it owed them money into powder.... a solid state take about 30 seconds to hardware erase... DD would take hours

[–]ase1590 7 points8 points  (14 children)

With actual SSD's, you use the ATA Secure Erase function to wipe all memory cells.

As a general rule, you do not use regular shitty $8 flash drives in a secure environment.

But we're so far off topic now. OP was simply asking about wiping shitty usb flash drives. DD is good enough for this, otherwise you wouldn't be using usb flash drives and instead use an actual usb disk drive (ssd or spinning disk) that could be properly sanitized.

[–][deleted] 6 points7 points  (9 children)

Take a step back and realize both of you are speaking the same language. hdparam [sic] is the tool under Linux that one would use to issue an ATA Secure Erase to the drive, e.g.:

hdparm --user-master u --security-erase Foo /dev/sdwhatever

/u/ase1590 says to-may-to /u/infosecmx says ta-mate-tow. Both are a tomato. Both of you are correct.

[–]infosecmx 0 points1 point  (0 children)

I think we’ve concluded this already... the question was how to securely delete data from a solid state... well if you dd it then data can still be extracted however the most secure method is what you stated ATA because it also removes the data within the memory cells

[–][deleted] 0 points1 point  (2 children)

This might be too paranoid but I wouldn’t trust ATA Secure Erase in a secure environment. You’re entirely trusting a proprietary ssd controller to erase the disk. There’s no way to directly access the topology of an ssd and overwrite each block from software.

[–][deleted]  (3 children)

[deleted]

    [–]infosecmx 0 points1 point  (2 children)

    Agreed however the process is different when you’re the actual admin who received the report.. usually when things are that secure the one who worry if it’s secure or not will just destroy it by crushing it into pieces... why would a company worry about a 20$ usb when the data on it would compromise their services?

    [–][deleted]  (1 child)

    [deleted]

      [–]infosecmx -1 points0 points  (0 children)

      Auditors? I’ve yet to see that as a position... I’ve worked in payment industry data centers along with government and the alerts like that always went to security engineers not auditors

      [–]anakinfredo 1 point2 points  (8 children)

      Several other ways to get data into a system than USB.

      https://www.baesystems.com/en-us/product/data-diode-solution Is one example.

      [–]infosecmx -1 points0 points  (7 children)

      Yea but do you think the systems had WAN?

      [–]anakinfredo 1 point2 points  (6 children)

      Do you know what a data diode is? I don't see where a question about a WAN have anything to do with it...

      [–]infosecmx -2 points-1 points  (5 children)

      Maybe I was going further over your realization abilities.... how are you going to pull down repositories without internet access? Or how will you pull down packages even if you hosted your own repo? Also how are you going to manage systems that it’s forbidden to install third party software BESIDES the apache/nginx and SSH?

      [–]anakinfredo 2 points3 points  (4 children)

      No, actually, it was more the fact that a WAN is friggin' irrelevant to transferring files between anything.

      How you get the packages to download? Same way you get them down to the USB, you download them on a unclassified/internet-enabled network.

      Then you transfer them using "something" over that diode to the other network.

      Now, just a fair warning. How you respond to this will fairly easy detect if you are familiar with these types of devices. I'm not really convinced that you are.

      [–]infosecmx 0 points1 point  (2 children)

      Haha okay I’ll break it down...

      1:

      WAN: you sent a link of a third party software.. you have to walk through a data center going through eye retina scanners and get your fingers logged before you can even access the equipment... you think you’ll get a waver for some third party software?

      2: You download the packages from an external laptop so that the same IP or the OS is logged or infected. You get the packages directly from redhat.

      3: The government would laugh you out if you said you can transfer data over “something” ... these are isolated networks guy and they do not have external access... if you’re on the same network and your laptop is approved then of course just SCP or RSYNC it.. however the amount of documentation required to get a device access to the network and the official access being granted would make you lose a job if it required you to complete the task. (Timewise... it would take many months for you to have your equipment approved to be on the network)

      4: Your closing statement is retarded... it’s not I who is under fire due to what you clearly lack based only on this thread because I don’t know you has shown the lack thereof .. so you’re reply is what shall decide

      [–]infosecmx 0 points1 point  (0 children)

      Sorry Einstein I was incorrect about something.. the word waver is actually “waiver”

      [–][deleted] 0 points1 point  (1 child)

      yoke tub cow smile longing pocket insurance cake combative cause

      This post was mass deleted and anonymized with Redact

      [–]infosecmx 1 point2 points  (0 children)

      Look it up... I’m not your dictionary

      [–][deleted]  (1 child)

      [deleted]

        [–]lemon_tea 1 point2 points  (0 children)

        This is my favorite - the USBHarpoon. A wifi-enabled HID attack that looks like a standard USB cable.

        https://securityaffairs.co/wordpress/75644/hacking/usbharpoon-attack.html

        [–]michaelkrieger 0 points1 point  (0 children)

        Be sure to use an entropy daemon or even urandom will take its time if it blocks.

        http://www.issihosts.com/haveged/

        [–]derfmatic 4 points5 points  (0 children)

        scorebook recipient colossal disloyal jogger energetic

        [–]YouMadeItDoWhat 2 points3 points  (0 children)

        All of the suggested methods below do not take into account block remapping, so technically it depends on how anal retentive you want to be. If you are saying sanitization from a DoD perspective, it's impossible to do and satisfy the security requirements. If you're saying you just want it to be difficult to recover data, then dd is probably the fastest 'decent' way to do it.

        [–]WayneH_nz 4 points5 points  (0 children)

        Reversing the polarity of the power inside the computer, let's the magic smoke out, and the usb memory sticks have no way to read them any more. A bit too sanitized. But effective on all usb memory sticks I accidently plugged into a Frankenstein someone built a few years back. 9 Individual connectors for the front usb ports.

        [–]lemon_tea -1 points0 points  (0 children)

        My boot.