Shostack + Friends Blog Archive


Never Say Never

Over at Security Incite, Mike Rothman discusses the recovery of the VA laptop:

In other good news, they found the missing VA laptop, evidently with all the data intact. That really is great news, but I guess we’ll never get to test Adam Shostack’s contention (link here) that identity thieves could get to all 26 million records. Both Pete Lindstrom and I came out pretty strongly to say there was no way even a band of thieves could legitimately process that many records. But thankfully, we’ll never know.

I hope that he’s right about that, but note that a number of tapes with upwards of a million SSNs are still floating around. If you don’t like my estimates, don’t worry, more opportunities to measure will be available shortly.

Incidentally, we believe that the laptop wasn’t booted because Windows logs all sorts of stuff at boot. Taking hard drives out of laptops and copying data is a bunch of work. Apple has this really cool feature, where you can boot a machine in “firewire target mode” If it had been a Mac, and booted as an expensive disk housing, would we know?

3 comments on "Never Say Never"

  • Alex Hutton says:

    You’ve been a MicroSerf for all of, what, two weeks now and you’re already bashing Apple?

  • Taking hard drives out of laptops and copying data is a bunch of work.

    Depends on the laptop, but taking a hard drive out of a laptop, putting into an external USB enclosure ($25-$55) designed for exactly this use, plugging the USB cable in and dragging some files across is often very easy. Might not even need a screwdriver. For more advanced users you might make it read-only so that file access times don’t get updated.
    I know plenty of people that have basically done exactly that when retiring an old laptop in the process of upgrading to a new one.
    Or you could boot off the CD drive; a live linux or live windows disc is easy enough to get, then copy stuff over the network… Knoppix, for instance, defaults to read-only when doing this, so file access times wouldn’t change.

  • adam says:

    Eric–I didn’t say it was hard work, only more work than simply booting, or even holding down apple-T

Comments are closed.