billso.com

The Seattle Times reported yesterday that most digital photocopiers save images to their hard drives.

These copies are more commonly seen in large offices, but as their pricing drops, small offices and shops have been installing these digital models.Now that I think about it, it actually makes sense that the new generation of copiers use hard drives to make the copying process faster.

After all, these copiers work like a computer. The copier takes a massive digital picture of a document, and then uses a laser printer to output a paper copy that’s much clearer than older copying systems.

The hard drive reduces the cost of the digital copier. It would be expensive to store the digital picture in RAM. Hard drives tend to be more durable than RAM, also.

This copying method is also used in the small “all-in-one” units that I’ve seen in many homes. The scanner/printer uses the computer’s hard drive to store the image. For many home users, this method is very convenient, and less expensive than going to Kinko’s or using their office’s copier.

This technique is also handy in high-volume commercial copiers - the kinds large businesses use to produce dozens or hundreds of copies.

While Sharp has rolled out a kit that will wipe or encrypt its’ copier hard drives, most manufacturers haven’t done the same with their models. So a clever identity thief could open a copier, grab the hard drive, and have access to hundreds or thousands of old copies.

If any of these copies show a birth certificate, passport number, or account number, the identity thief can use that information.

Better yet, a police investigator could take an unencrypted hard drive and search it for evidence in a case.

As I’ve said before, the only method I know for removing data from a hard drive is to remove the drive, grab a big hammer and beat the drive into a mangled mess of metal.

This article was first posted on my old blog at http://www.bloglines.com/blog/wsodeman?id=285

http://www.wired.com/news/columns/1,72458-0.html

Bruce Schneier discusses how password crackers work, and how users can create more secure passwords that will resist these attacks.

His earlier analysis of 34,000 MySpace passwords was alarming. Many MySpace users have passwords that are easy to crack or guess. The most popular choice was password1

http://www.wired.com/news/culture/0,72300-0.html

This article was originally posted on my blog at http://www.bloglines.com/blog/wsodeman?id=217

http://www.tomsnetworking.com/2005/03/31/the_feds_can_own_your_wlan_too/

FBI agents in Los Angeles recently demonstrated how they can hack into a wireless network in under 10 minutes.

This demonstration used publicly available tools to set up a fake wireless access point (WAP) and then harvest enough information from a Windows XP computer to crack or decode a WEP key.

About 30% of wireless access points use Wired Equivalent Privacy (WEP) for encryption. Another 10% use a newer standard called Wi-Fi Protected Access (WPA), which requires more time and trouble to hack.

If you’re in the 60% of wireless network users who haven’t encrypted their access point at home, this article has some good tips for you.

USA: Cryptome is monitoring potential security issues at the Republican National Convention, arguing that these problems are public knowledge, and the government needs to fix the issues before the event. There’s pictures of sagging walkways in Manhattan. These will be used by the press and conventioneers to move around the site. There’s also a NYT article on the same page corproate security spending. It’s actually down, as the post-9/11 Terorism Insurance Law actually underwrites corporate losses at taxpayer expense.

USA: Yahoo! News - Uncle Sam Mothballs Screening Program: You should also see Bruce Schneier’s comments on false security. “Electronic Frontier Foundation senior staff attorney Lee Tien said in a statement: ‘Finally, the Department of Homeland Security has recognized what EFF has been saying all along: the proposed CAPPS II system would be an ineffective, expensive, and unnecessary invasion of travelers’ privacy.’ David Sobel, general counsel for the Electronic Privacy Information Center, told The Washington Post: ‘The effectiveness was never demonstrated, and we always thought it was likely to provide a false sense of security and divert resources.’”