Comments on: Windows File Deletion: Going, Going, Still There http://storefrontbacktalk.com/securityfraud/windows-file-deletion-going-going-still-there/ Techniques, Tools and Tirades about Retail Technology and E-Commerce Thu, 24 May 2012 13:07:30 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Cranston Snoard http://storefrontbacktalk.com/securityfraud/windows-file-deletion-going-going-still-there/comment-page-1/#comment-64245 Cranston Snoard Mon, 14 Dec 2009 22:37:46 +0000 http://www.storefrontbacktalk.com/?p=4382#comment-64245 Ah, but perhaps one day (one can always hope, can't one?) PCI might catch up with the late 20th century and then think about moving into reality. Meantime, this only serves to heap on more evidence of how "useful" PCI really is... Ah, but perhaps one day (one can always hope, can’t one?) PCI might catch up with the late 20th century and then think about moving into reality. Meantime, this only serves to heap on more evidence of how “useful” PCI really is…

]]> By: PCI Guy http://storefrontbacktalk.com/securityfraud/windows-file-deletion-going-going-still-there/comment-page-1/#comment-64240 PCI Guy Mon, 14 Dec 2009 06:26:11 +0000 http://www.storefrontbacktalk.com/?p=4382#comment-64240 This problem has been around for a long time, perhaps 20 years or more, and is present in earlier versiond of Windows, too, including Windows XP. Sadly, the clueless folks at the PCI Security Council don't understand how modern file systems work, and they have been stupidly requiring software developers to "securely delete" sensitive data. The thing is, that's not really possible, and the old technique of overwriting confidential data multiple times simply generates a few more allocated disk sectors, while leaving the original "confidential" data untouched. This problem has been around for a long time, perhaps 20 years or more, and is present in earlier versiond of Windows, too, including Windows XP. Sadly, the clueless folks at the PCI Security Council don’t understand how modern file systems work, and they have been stupidly requiring software developers to “securely delete” sensitive data. The thing is, that’s not really possible, and the old technique of overwriting confidential data multiple times simply generates a few more allocated disk sectors, while leaving the original “confidential” data untouched.

]]>