On Thu, 03 Jan 2008 16:08:08 -0800, "Marco S Hyman" <[EMAIL PROTECTED]> said: > "Brad Tilley" writes: > > performed from the OpenBSD 4.2 install CD. I'll send it to the one > > 'ISO Certified' company that agreed to examine it. If they cannot > > You keep throwing around the 'ISO Certified' tag as if it had some > special meaning. Certified to what standard? It makes a difference. > If they are certified to the 9001 standard, for example, all it means > is that they have written procedures and they follow them. That's > all it means. > > ISO 9001 certification is actually pretty easy to get. The companies > that fail to get it are trying to hard. They come up with procedures > that sound great but are impossible to follow. That's not what > certification means. > > If I have a software company and write up a procedure that says > "all code will be developed on a laptop while sitting in a Starbucks" > and actually follow that procedure, then I can be an "ISO Certified" > company. > > As for disk destruction... I don't know nor pretend to know what can > and can not be recovered. Take a look at > > https://www.dss.mil/portal/ShowBinary/BEA%20Repository/new_dss_internet/isp/odaa/documents/clear_n_san_matrix_06282007_rev_11122007.pdf > > The DSS (Defense Security Service, part of the DoD) calls what you have > done "clearing" the disk. It does not "sanitize" the disk. To sanitize > you need to either degauss or destroy the disk.
You throw out this document like it proves anything. I was in the military. I was in Military Intelligence (yes, I know. Hold the jokes) I also had some experience with the degaussing and destruction of disks. This does not prove *anyone* not even a government can recover the data from a completely overwritten disk. Not everything the government or the military does is necessary. Sometimes precautions are taken well above what anyone might even imagine might be possible. Sorry if I sound in any way confrontational. I just would really like to know.
