Dirty Disks Done Dirt Cheap

Content Information security has a nice writeup of tests they performed on a few cloud security providers.

What happens when you delete a virtual server in the course of its lifecycle?   At some point you’ll leave a provider, turn down a server, or just get moved to another server.

On the computers you have control over, hopefully you’re already running some sort of disk wiping.  What about the computers you don’t control?

As any forensicator will tell you, deleted files aren’t necessarily gone.   The table of contents telling you where the file is may be gone but the data is there until it is overwritten.    It turns out that due to some process problems, old servers weren’t overwritten and they were able to access data with a simple dd command on their newly provisioned virtual server.

When the data goes to the cloud you  give up a measure of control.   When you’re at least aware of what can go wrong, you can ask the right questions.

Do check out the article http://www.contextis.com/research/blog/dirtydisks/
Hat tip to Office of Inadequate Security