|
|
| |||||||
| From | Message | ||||||
|---|---|---|---|---|---|---|---|
|
 IT and ICT SecurityIT is Information technology, and ICT is the abbreviation for Information Communication Technology. There is a difference. So today, I have a problem with hard drives on the BizHub machines. In our environment we have a lot of extremely sensitive and classified information, that are being printed from, and copied on, the BizHub machines. These machines all have hard drives, which store a copy of these documents until the hard drive runs out of space and starts to overwrite the oldest information. So, the contracts for our BizHub machines are nearing the end dates, and I need to ensure that the information doesn't leave the environment. What to do? Apparently the hard drives are on-board, so I doubt that it can be removed. I can't degauss it on the machine, and I am told the contracts doesn't allow me to damage the hard drives, because the machines need to leave in working condition. Is there anybody out there with some advice? Anybody with a similar problem or situation? |
||||||
|
(eg www.copytechnet.com) However, I'm not sure that an expect wouldn't still be able to recover data. If you have a strict ISMS policy (and it sounds as though you should have), would it not require the hard drives to be drilled as well? That would leave you a bit stuck though if your contract doesn't allow it. |
||||||
|
|
||||||
|
Do Google and youtube search first. I have a very little computer knowledge. I can give you some advice but I cannot guarantee you that it may ruin your Bizhuz machines because of my advice. If so, be careful of my advice. I have a lot of curiosity in the machines even if curiosity can kill the cat. Especially, when you have an extra virgin machines, you want to probe and see what is inside. At one time, I probe and tweak inside the engine of an old car. Aftermath, it will never start again. I have to send the car to the old junk yard. Bizhub machine appears to be a printer with computer system that I have checked in the youtube video above. Please check the make, model and number of your Bizhub machines and type in at the search engine of Google and youtube. Google search will show you where the machines are made or the vendor. Usually when you get their phone number, you can call and find out technical support at those sites and get their advice. At youtube you can also find technical support plus how to do it yourself. I believe you can open the machines and look inside to see where the hard drives are located. Before you mess up with the hard drives, think twice about my junked car. Hillary Clinton, the former presidential candidate did a wonderful job of deleting 30,000 emails without any trace from her computer before FBI confiscated it. Hunter Biden was very stupid. He forgot to pick up his laptop computer at the repair shop. Father and son corruption scandals are well documented and caught red handed in the hard drive. Learn the lessons from them. Please let me and other GK members know how things are going after google and youtube search. |
||||||
|
What do the experts say? What do your Department's IT experts say? And if they don't know, why haven't they asked someone who does? That's what I do when confronted with an IT problem; I ask someone who knows. Perhaps there is no answer within the terms of the contract that require "the machines need to leave in working condition." In that case, you might need to negotiate a variation to your contract. If all else fails, you could dismantle the machines, remove and completely wipe the drives of all residual data (not just the directory), and re-build the machines. |
||||||
|
Riaan |
||||||
|
Riaan 1. Are your machines at the end of life and therefor it will be trashed ? Before it is trashed, do you want to take out the hard drives from the machines and destroyed it so that unscrupulous people will not get top confidential secrets from HD. If so, Thumper's message is the answer. 2. The machines are still usable but you need to exchange with the new hard drives and destroyed the old full hard drives with confidential information. The problem now is that if the old HD contains operation instructions in order the machine to work, you need to copy the instructions first before you destroy the old HDs. 3. If your machines use windows 7 or 10 software, I can show you how to copy the old information in HD to new bigger HD. Please also check what kind of interface, IDE, SATA 3, PCIE. etc. It is little bit strange to hear that the printing machine contains sensitive data and confidential information because the printer is usually controlled by the computer which contains HD with a lot of information. |
||||||
|
riaan High security facilities have specific protocols for old hard drives, but i suppose you could try overwriting the security data with worthless material such as trump tweets, the Wall Street Journal or a few hundred hard rock videos, etc. Also --- As Ace suggested: You can simple remove the old HDs and replace them if that works for the equipment provider, Hard Drives are notably less expensive these days. Finally: Your vendor (Minolta?) should be able to dhow show you to wash the drive. Printers are generally designed to not hold old print data because if they did they would be almost unmarketable to even low security firms. |
||||||
|
ace-of-aces, the video does help, thank you. But thinking about your car- maybe I should not! The embarrassment of recovered hard drives are exactly what we want to avoid. bobspringett, the problem is that our IT department developed the policy with no input from us. It is a policy that we were in process of developing (meaning myself) in cooperation with other intelligence agencies, both national and foreign. FIS (Foreign Intelligence Services) has just as much interest as ourselves for the information to remain intact and not compromised. So almost every embassy specialist I approached had had some positive input in the document that I had been compiling. So the IT division compiled a document that is fairly ell written, but not always practical. And now that the pumpkin has hit the fan, they bump the problem off to us, rightly, but we cannot comply with all the requirement because of a severe shortage of manpower and resources. Seeing the problem, Treasury has now adapted the regulations and the new contracts will include the provision for the removal of hard drives into our care. The problem are the old contracts expiring now. ace-of-aces, the machines are still serviceable and will be redeployed in businesses unknown after a service. We don't have the money, manpower or resources to remove old hard drives and replacing them. Copying the data is not a problem technically- the objections are again money, manpower and resources. mo-one, we deal with Konica-Minolta, Sharp, Brother and Canon. None of them are willing to go to the extra expense of removing and replacing the hard drives for us, and the SAPS as an organization doesn't have the budget to it, especially after all the cutbacks to provide for emergency services in connection with COVID-19. And my unit in particular doesn't have the manpower- we are supposed to be at least 14 members at Head Office, but there are only 3 of us left. I don't trust the service providers to remove and destroy the hard drives for me (I am paid to distrust them!) and by law they are not mandated to handle such critical data. Very few people in SA are allowed to do that- cryptographers, crypto custodians, and heads of Counter Intelligence departments throughout the Intelligence Services here. In total maybe 150 individuals, if that many. In the SAPS we are only 21 throughout the country. As for junk data- I have 250 TB of random data specifically designed to be used for junk. It is just a series of randomly generated machine code. My software uses random sectors of it, so that it can never be predicted. |
||||||
|
riaan |
||||||
|
Riaan 02:07 |
||||||
|
I don't know who Stormy Daniels is, but I suspect it is political and I don't want this thread to go into that direction. |
||||||
|
And, yes. The issue of latent data on a "washed" hard drive is quite real --- that's why cremation is the best solution. Also: When I was with Xerox, am issue popped-up where latent images were retained on the photo receptor --- mirror images. |
||||||
|
|
||||||
|
It depends on the (intermediate) photo receptor chemistry, but a strong white light (white paper on the glass if the machine is also a copier) and a good cleaning (buffing ) will usually do the trick --- the receptor will also electrostatically discharge while you're running the blank copies |
||||||
|
|
||||||
|
Cybermap cybermap.kaspersky.com |
||||||
|
How to work from home: what do you need for remote working? Picking the best mouse for your needs when working from home is important, as it's one of the most common ways of interacting with your PC or laptop. You can spend hours using your mouse when working from home, so you need to make sure you have one that's comfortable to hold, as well as being fast and responsive. Even if you have a laptop with a touchpad, you may find getting a mouse will make things more comfortable. Try a wireless mouse that doesn't impede you with cables lying in the way. As with mice, having the best keyboard for working from home is also important. You'll want something nice and comfortable, as again, you'll be using it for long periods of time. Personally I prefer an external wireless keyboard. If you're one of the lucky few who enjoys a multiple-monitor set-up in the office, you may be feeling a little short-changed in home working from home has minimised your screen options. Luckily, adding an extra monitor is easier than ever these days, particularly if you have a docking station alongside your work laptop. Most external monitors can now be connected via HDMI, USB-C or DP ports. When working from home, you'll probably find you're holding just as many meetings – if not more – via video conferencing services. With these meetings, it's important to have a good quality webcam. Working from home can sometimes feel a little isolating, and video conferencing can give you some much needed human interaction. While laptops usually come with webcams built-in, if you're using a desktop PC, you'll want to invest in the best webcam you can. Laptop owners may also want to buy a standalone webcam, as the one included in their machines might not be up to scratch. If you're now working from home, one of the devices you may find you miss the most is the office printer. They're not the most glamorous of devices, but if you need to print off documents or labels, you'll soon get frustrated if you don't have a printer. The good news is that you don't need to spend a lot of money on a great printer for day-to-day work. If you're really serious about getting the best working from home setup, then you may find you want to purchase a new laptop. After all, if you're using it all day, every day, then you'll want something that is powerful, dependable and comfortable to use. USB Hub. I found that I rapidly run out of USB ports, as I connect flash drives, external hard drives and other peripherals like a bio-metric scanner to my laptops. I usually get four port USB 3 Hubs from a local supplier. If your home office is a bit too far away from your home router, you might benefit from a Wi-Fi extender, which can boost the signal across the rest of your house. These are important as when working from home, your internet connection is essential. If you struggle to get a dependable network connection where you work, then you'll soon get very frustrated. A Wi-Fi extender, or powerline adapter, is an easy way to fix this. It may sound obvious, but having the right office set-up can make all the difference to your working from home productivity - and this can start with your chair and desk. Making sure you're comfortable whilst your work isn't just a good idea for your fitness and general well-being, but will also make it less of a chore to sign in every morning - and help you stave off the temptation to slope off to the sofa after lunchtime. I have two custom built ergonomic chairs, one at the office and one at home. And then we come to software. There could be much debate, and people who prefer some operating systems over others. Let us stick to the the most used Windows software. Let us assume the operating system is WinX (Windows Ten), and build from there. Video conferencing software. There are many options available on the commercial market these days. I don't want to punt one over the other. Make sure that the option you (or your company) chooses have the security well in mind, especially if you are going to be sharing trade secrets, personal information of yourself, employees and clients, and any other sensitive information that can be used to cause embarrassment, discrimination or trade advantages. The 2016 MS Suit has been replaced with Office 365. Although the different programs are all backwards compatible, the capability, functions and most of all, security, of Office 365 has been beefed up considerably. If you use another product, make sure it is compatible with Office 365, because that is the most popular at the moment. Malware-, web-, personal- and family-, data- and network protection. There are really great companies from all over the world that provide absolutely top class protection. Do not evaluate these companies at the face value put upon them by politicians. (I'm not going further into that discussion!) Use online evaluations from reputable and well known technical magazines. Compare the products and what they offer. Some are stronger in one area, or more adaptable to family situations. Other offer a password safe which stores all your online passwords. Others still create complex passwords for the user. Some may even provide a Virtual Private Network (VPN) which should increase the level of protection while online. Depending on your need, price range, specifications of the OS and hardware, find a solution that is most compatible with your situation. |
||||||
|
Public platforms The truth is, ALL public platforms have weak points and can be breached. There are several attacks that can put a user in danger: spoofing, man-in-the-middle, attacking the host server, interception, breaching the device itself..... too many to mention here. The rule is the following: never trust a free, public platform. As Abraham Lincoln said: there is no such thing as a free lunch. All the platforms come at a price. The only platform that can safely be used is a proprietary platform, with a proprietary algorithm, reviewed by impartial and ratified security specialists to have no vulnerabilities, and security always comes at a hefty price. |
||||||
|
Unsolicited email, texts and suspect websites Here are some websites that can help you look up unknown websites before you access them. These websites can assist to identify spam-, spoof-, phishing- and spearphishing attacks. who.is lookup.icann.org www.wappalyzer.com Be safe out there, don't click on unknown links, and report malicious texts, emails and websites to your local authorities! In South Africa we have two major organizations who track down and close such websites, telephone numbers and domains. Other countries have similar entities, some government sanctioned, others from laboratories such as Dr Watson, Bitdefender, Symantec and Norton, and there are some private groups who try to do their civic duty as well. be careful of vigilante types, though, as they can get you into trouble. |
||||||
|
Difital footprints A "passive digital footprint" is a data trail you unintentionally leave online. For example, when you visit a website, the web server may log your IP address, which identifies your Internet service provider and your approximate location. While your IP address may change and does not include any personal information, it is still considered part of your digital footprint. A more personal aspect of your passive digital footprint is your search history, which is saved by some search engines while you are logged in. An "active digital footprint" includes data that you intentionally submit online. Sending an email contributes to your active digital footprint, since you expect the data be seen and/or saved by another person. The more email you send, the more your digital footprint grows. Since most people save their email online, the messages you send can easily remain online for several years or more. Publishing a blog and posting social media updates are another popular ways to expand your digital footprint. Every tweet you post on Twitter, every status update you publish on Facebook, and every photo you share on Instagram contributes to your digital footprint. The more you spend time on social networking websites, the larger your digital footprint will be. Even "liking" a page or a Facebook post adds to your digital footprint, since the data is saved on Facebook's servers. Everyone who uses the Internet has a digital footprint, so it is not something to be worried about. However, it is wise to consider what trail of data you are leaving behind. For example, understanding your digital footprint may prevent you from sending a scathing email, since the message might remain online forever. It may also lead you to be more discerning in what you publish on social media websites. While you can often delete content from social media sites, once digital data has been shared online, there is no guarantee you will ever be able to remove it from the Internet. Types of digital footprints: Passive digital footprints can be stored in various ways depending on the situation. A footprint may be stored in an online database as a "hit" in an online environment. The footprint may track the user's IP address, when it was created, where it came from, and the footprint later being analyzed. In an offline environment, administrators can access and view the machine's actions without seeing who performed them. Active digital footprints can also be stored in a variety of ways depending on the situation. A footprint can be stored by a user being logged into a site when making a post or change, with the registered name being connected to the edit in an online environment. In an offline environment, a footprint may be stored in files when the owner of the computer uses a keylogger. Logs can show the actions performed on the machine and who performed them. One feature of the keylogger monitors the clipboard for any changes. Though, this may be problematic if the user intends to copy passwords or take screenshots of sensitive information, which is then logged. Build a positive digital footprint: The negative impact of a digital footprint could be daunting and make one flee from social media to not have a digital footprint at all, yet this can be beneficial if these are considered carefully and not carelessly. Experts suggest people not to delete their accounts in an attempt to go off the map;[43] instead, experts advise doing the following actions to create an appealing digital footprint: Research yourself. By doing this, one can see what type of information follows them and is a part of their digital footprint. Think before posting: This will allow for time to consider whether this should be a part of one's digital footprint. Sources say that those who do not consider all possible implications of what they post on the internet may be negatively affected when looking for employment. Highlight attractive traits and qualities: Using the Internet and social media outlets to highlight one's greatest attributes and qualities will allow the person to be seen positively. Since it is already known that digital footprints are evaluated by potential job employers and universities in the application process, then applicants should use that to their benefit and make them look attractive. Are we allowed to post links to such software that will do the job for us? joindeleteme.com support.google.com uk.norton.com (This is my favorite website for security issues) www.getapp.com |
||||||
|
Degaussing machine |
||||||
|
www.atlanticcouncil.org Cyber partisans target Russian army in Belarus amid Ukraine war fears A group of anonymous cyber activists known as the Belarusian Cyber-Partisans claim to have hacked into the Belarusian Railways computer system this week in a bid to sabotage the deployment of Russian military units in the country. The moves comes amid mounting fears that Belarus may play a crucial role in a possible full-scale Russian invasion of Ukraine. The Belarusian Cyber-Partisans group says it has accessed and encrypted Belarusian Railways databases in an effort to cause delays and hamper the movement of trains carrying Russian troops and military equipment towards the Belarusian border with Ukraine in the south of the country. “At the command of the terrorist Lukashenka, Belarusian Railways allows the occupying troops to enter our land,” the hacktivist group stated in a January 24 social media post. “We encrypted some Belarusian Railways servers, databases, and workstations to disrupt its operations.” A representative of the Belarusian Cyber-Partisans told the UK’s Guardian newspaper that the hack attack was in direct response to the recent arrival of large numbers of Russian troops in Belarus. While this presence is ostensibly tied to joint military exercises which are scheduled to take place in February, many have viewed the deployment as part of the Kremlin’s intensifying encirclement of Ukraine ahead of a potential invasion of the country in the coming weeks. “We don’t want Russian soldiers in Belarus since it compromises the sovereignty of the country and puts it in danger of occupation,” the unnamed Belarusian Cyber-Partisans representative commented. “It also pulls Belarus into a war with Ukraine. And probably Belarusian soldiers would have to participate in it and die for this meaningless war.” Here is a link to the Stuxnet incident. It is very interesting and makes a good read: en.wikipedia.org Linking back to the thread "Question for Stalh." the ability to halt the communication communication of enemy forces are crucial when planning an invasion or attack, and today not all battles are fought with artillery and on the field of battle. Most battles are fought in Cyberspace. We can refer back many years where these battles were fought: jsis.washington.edu www.justice.gov www.nbcnews.com These cyber attacks seem like the prelude to ground forces occupying the Crimea and an invasion of Ukraine. Just some food for thought. If we read the signs correctly, we can make an accurate prediction of the near future. |
||||||
|
stalhandske 27-Jan-22, 02:19 |
Degaussing machine www.youtube.com |
||||||
|
www.youtube.com |
||||||
|
stalhandske 13-Oct-22, 03:05 |
|
||||||
|
archive.ph |
||||||
|
Safe alternative for WhatApp/Telegram/Signal/Line Have a look at this: en.wikipedia.org If there is anybody willing to help me test this app, I will be very thankful. It can be installed on iOS as well as Android. So far it seems that there is no significant reduction in battery life on an iPhone 14 ProMax 256GB, no influence on other software and apps, communication is instantaneous and seamless, and functionality as similar to Telegram and WhatsApp. I tried Signal when it was first released, but it ate into battery life of the iPhone 10 128GB, significantly reducing battery life. I have since read that the problem has been solved, but haven't tried the new version yet. At the moment I prefer Line and Telegram due to efficiency and ease-of-use, although Telegram has some issues one should be aware of when sending media and multi-media. Line affords one the ability to stay totally anonymous as well, but security is an issue as the app is vulnerable to man-in-the-middle attacks. threema.ch |
||||||
|
Microsoft support Worst of all: my problem has not been soved! |
||||||
|
Riaan That doesn't sound like you were talking to Microsoft, Riaan. Microsoft techs are real pros in my experience, but it's very common to find yourself talking to a notably less than pro "authorized" contractor when you think you're talking to Microsoft. |
||||||
| |||||||
