Introduction

The Terrapin attack is a cryptographic attack on the commonly used SSH protocol that is used for secure command-and-control throughout the Internet. The Terrapin attack can reduce the security of ssh by using a downgrade attack via man-in-the-middle interception.

SSH is an internet standard that provides secure access to network services, particularly remote terminal login and file transfer within organizational networks and to over 15 million servers on the open internet.

Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it.

More about the Terrapin attack at:   https://terrapin-attack.com/

Terrapin Vulnerability Scanner

The Terrapin Vulnerability Scanner is a small utility program written in Go, which can be used to determine the vulnerability of an SSH client or server against the Terrapin Attack. The vulnerability scanner requires a single connection with the peer to gather all supported algorithms. However, it does not perform a fully fledged SSH key exchange, will never attempt authentication on a server, and does not perform the attack in practice. Instead, vulnerability is determined by checking the supported algorithms and support for known countermeasures (strict key exchange). This may falsely claim vulnerability in case the peer supports countermeasures unknown to this tool.

Head over to Github for the Terrapin scanner  https://github.com/RUB-NDS/Terrapin-Scanner/releases/tag/v1.1.0.  where you will find versions for Linux, Windows and Mac platforms.

A Python-based project revolving around Acidanthera's OpenCorePkg and Lilu for both running and unlocking features in macOS on supported and unsupported Macs.
Our project's main goal is to breathe new life into Macs no longer supported by Apple, allowing for the installation and usage of macOS Big Sur and newer on machines as old as 2007.

Noteworthy features of OpenCore Legacy Patcher:

• Support for macOS Big Sur, Monterey and Ventura
• Native Over the Air (OTA) System Updates
• Supports Penryn and newer Macs
• Full support for WPA Wi-Fi and Personal Hotspot on BCM943224 and newer wireless chipsets
• System Integrity Protection, FileVault 2, .im4m Secure Boot and Vaulting
• Recovery OS, Safe Mode and Single-user Mode booting on non-native OSes
• Unlocks features such as Sidecar and AirPlay to Mac even on native Macs
• Enables enhanced SATA and NVMe power management on non-Apple storage devices
• Zero firmware patching required (ie. APFS ROM patching)
• Graphics acceleration for both Metal and non-Metal GPUs

Note: Only clean-installs and upgrades are supported. macOS Big Sur installs already patched with other patchers, such as Patched Sur or bigmac, cannot be used due to broken file integrity with APFS snapshots and SIP.

• You can, however, reinstall macOS with this patcher and retain your original data

Note 2: Currently, OpenCore Legacy Patcher officially supports patching to run macOS Big Sur through Ventura installs. For older OSes, OpenCore may function; however, support is currently not provided from Dortania.

• For macOS Mojave and Catalina support, we recommend the use of dosdude1's patchers

https://github.com/dortania/OpenCore-Legacy-Patcher

 
Last updated for macOS Ventura macOS is fortunate to have access to the huge arsenal of standard Unix tools. There are also a good number of macOS-specific command-line utilities that provide unique macOS functionality. To view the full documentation for any of these commands, run man <command>.

https://saurabhs.org/advanced-macos-commands

caffeinate - set Mac sleep behavio rRunning caffeinate with no flags or arguments prevents your Mac from going to sleep as long as the command continues to run.
caffeinate -u -t <seconds> prevents sleep for the specified number of seconds.
Adding the -d flag also prevents the display from going to sleep.
Specifying an existing process with -w <pid> automatically exits the caffeinate command once the specified process exits.
Passing a command with caffeinate <command> starts the given command in a new process and prevents sleep until that process exits.
pbcopy, pbpaste - interact with system clipboard<command> | pbcopy copies the output of the command to the clipboard.
pbpaste outputs the contents of the clipboard to stdout.
networkQuality - measure Internet speedRun networkQuality to run an Internet speed test from your Mac.
Add the -v flag to view more detailed information.
Use the -I flag to run the network test on a specific network interface.
sips - image manipulationsips -z <height> <width> <image> resizes the specified image, ignoring the previous aspect ratio.
sips -Z <size> <image> resizes the largest side of the specified image, preserving the aspect ratio.
sips -c <height> <width> <image> crops the specified image to the given dimensions (relative to the center of the original image).
sips -r <degrees> <image> rotates the image by the specified degrees.
By default, sips will destructively overwrite the input image. Use the -o flag to specify a different output file path (which must have the same file extension as the input image).
open - open files and applicationsopen -a <app> <file> opens the given file with the specified application.
Add the -g flag to open the file in the background, without losing focus from the current application.
open . opens the current directory in a new Finder window.
open -R <file> reveals the given file in a new Finder window.
textutil - document file convertertextutil can convert files to and from Microsoft Word, plain text, rich text, and HTML formats.
textutil -convert html journal.doc converts journal.doc into journal.html.
The possible values for -convert are: txt, html, rtf, rtfd, doc, docx.
mdfind, mdls - search with Spotlightmdfind <query> performs a keyword-based Spotlight search with the given query.
mdfind kMDItemAppStoreHasReceipt=1 finds all apps installed from the Mac App Store.
mdfind -name <name> searches for all files matching the given name.
The -onlyin <dir> flag restricts the search to the given directory.
mdls <file-path> prints all Spotlight metadata associated with the given file.
screencapture - take screenshotsscreencapture -c takes a screenshot and copies it to the clipboard.
screencapture <file> takes a screenshot and saves it to the given file.
Add the -T <seconds> flag to take the screenshot after the given delay in seconds.
taskpolicy - control scheduling of processestaskpolicy -b <command> starts executing the given command in the background. On Apple silicon Macs, the process will only run on the efficiency cores.
taskpolicy -b -p <pid> downgrades an existing process to run in the background.
taskpolicy -B -p <pid> removes the specified process from running in the background. On Apple silicon Macs, the process may now run on the efficiency or performance cores. Note that this only works on processes that have been downgraded to the background, and not processes that started in the background.
taskpolicy -s <command> starts the given command in the suspended state. This is useful to allow a debugger to attach to the process right at the start of execution.
say - text-to-speech enginesay <message> announces the given message.
say -f input.txt -o output.aiff creates an audiobook from the given text file.
pmset - configure power managementpmset -g prints all available power configuration information.
pmset -g assertions displays information about power-related assertions made by other processes. This can be useful for finding a process that is preventing your Mac from going to sleep.
pmset -g thermlog displays information about any processes that have been throttled (useful when running benchmarks).
pmset displaysleepnow immediately puts the display to sleep without putting the rest of the system to sleep.
pmset sleepnow immediately puts the entire system to sleep.
networksetup - configure network settingsnetworksetup -listnetworkserviceorder prints a list of available network services.
networksetup -getinfo <networkservice> prints information about the specified network service.
networksetup -getdnsservers <networkservice> prints the DNS servers for the specified network service.
networksetup -setairportnetwork <device> <network> [password] joins the specified Wi-Fi network. (In most cases, the <device> argument should be "en0".)
softwareupdate - manage OS updatessoftwareupdate --list prints out available software updates.
sudo softwareupdate -ia installs all available updates.
softwareupdate --fetch-full-installer --full-installer-version <version> tries to download the full installer of the specified macOS version to /Applications.
system_profiler - view system informationsystem_profiler by default prints all available system information, which is usually overwhelming.
system_profiler <datatype> only prints information about the given sub-system.
system_profiler -listDataTypes lists all available sub-systems to get information from.
Some particularly useful ones:
system_profiler SPHardwareDataType prints an overview of the hardware of the current machine, including its model name and serial number.
system_profiler SPSoftwareDataType prints an overview of the software of the current machine, including the exact macOS version number.
system_profiler SPPowerDataType prints power and battery information, including the current AC wattage and battery cycle count.
system_profiler SPDeveloperToolsDataType prints the currently active version of the Xcode developer tools and SDK.

It turns out that Google have lots of free  and paid courses on different subject matter, some with certification.  

Find more here:

​https://learndigital.withgoogle.com/digitalgarage/courses

To make things even easier for you, these guys have compiled a list of all the Google lists that is even richer in content.  "In total, we found over 700 courses, covering topics such as digital marketing, Google Analytics, and Google Cloud."

https://www.classcentral.com/report/free-google-certifications/

It’s been a while (well, years) since I rotated my GPG keys, and to be honest, now that I know better how to handle a GPG key pair in order to avoid master key rotation, I think it’s the time to get a new pair.
This tutorial will show you the steps I followed with explanations on what we are achieving in every step.

https://danielpecos.com/2019/03/30/how-to-rotate-your-openpgp-gnupg-keys/


GPG key rotation notesEDITCreated 10/10/2018, updated 9/21/2022Executive summary

• Have one primary key per "identity". That generally means one tied to your personal email address and one tied to your work address. (We want the work one separate so it can be revoked if you leave your job.)
• Keep an expiry date on your primary key(s). This is a "dead-person switch"; you can change the expiry date at will — there is no need to generate a new key.
• Keep the primary key(s) "offline". As in, keep them in 1Password, and keep only the subkeys on your system(s).
• It’s ok to have your subkeys on multiple machines. If you must revoke a key, do it. You will need to put a new subkey on all machines. That’s ok. Don’t try to use a separate identity for each machine; use your personal identity on all personal machines and your work identity on all work machines.
• Use the default encryption subkey. GPG will make an encryption subkey by default when you create your primary key; just use that. When the subkey expires, then you will create a new encryption subkey.
• Create a signing subkey if you need to. A primary key is a signing key, but because you’re storing it offline, you need to generate a signing subkey if (and only if) you need to sign things. Like encryption subkeys, this should have an expiry date; you can periodically issue a new signing subkey.[1]
• Synchronize expiry dates to reduce maintenance burden. Line up the expiry dates on all the keys so that you can refresh them all at the same time. That generally means updating the expiry on your personal and work primary keys, and generating new encryption (and possibly signing) subkeys. 2 years is a good expiry interval (not too often to be burdensome, not so infrequent that you forget how to update.)

https://wincent.com/wiki/GPG_key_rotation_notes

A curated list of shell commands and tools specific to macOS.
“You don’t have to know everything. You simply need to know where to find it when necessary.” (John Brunner)
​
https://git.herrbischoff.com/awesome-macos-command-line/about/#dark-mode

Visualize a user's current internet hygiene level, and see how to improve it
https://danielmiessler.com/blog/casmm-consumer-authentication-security-maturity-model/​

A small collection of potentially useful contract templates for code auditors, IT security specialists & penetration-testers - or people wanting to contract with the aforementioned and look for inspiration how to set up necessary paperwork.

https://github.com/cure53/Contracts

​

What is this?This is a small collection of contract templates that might be useful in case you are planning to hire a penetration-testing team or, vice versa, are a penetration-tester yourself but don't have any fitting contract templates handy.
All files are presented as ODT so you can use open-source software to view and edit them.
There are currently three files in this repository:

• A Mutual Non Disclosure Agreement template NDA-en.odt
• A Master Service Agreement template MSA-en.odt
• A Data Protection Addendum template DPA-en.odt

There is lots of online coverage of this exploit this morning, band looking into it you can see why.  A secondary login pop up window that looks just like the real thing, but it plumbed into a server that collects your credentials.

When we teach people how to avoid falling victim to phishing sites, we usually advise closely inspecting the address bar to make sure it does contain HTTPS and that it doesn’t contain suspicious domains such as google.evildomain.com or substitute letters such as g00gle.com. But what if someone found a way to phish passwords using a malicious site that didn’t contain these telltale signs?

One researcher has devised a technique to do just that. He calls it a BitB, short for "browser in the browser." It uses a fake browser window inside a real browser window to spoof an OAuth page. Hundreds of thousands of sites use the OAuth protocol to let visitors login using their existing accounts with companies like Google, Facebook, or Apple. Instead of having to create an account on the new site, visitors can use an account that they already have—and the magic of OAuth does the rest.

Pop-Up Login Windows

​Quite often when we authenticate to a website via Google, Microsoft, Apple etc. we’re provided a pop-up window that asks us to authenticate. The image below shows the window that appears when someone attempts to login to Canva using their Google account....

​see more here

You could do worse than to start with this body of work.  

The document lays out the cybersecurity threats posed by Russia, China, Iran, North Korea and transnational criminal organizations.

Annual Threat Assessment of the US Intelligence community.

https://docs.house.gov/meetings/IG/IG00/20220308/114469/HHRG-117-IG00-Wstate-HainesA-20220308.pdf

This advisory provides information on cyber actor tactics, techniques, and procedures (TTPs) obtained from a sample of BlackMatter ransomware analyzed in a sandbox environment as well from trusted third-party reporting. Using embedded, previously compromised credentials, BlackMatter leverages the Lightweight Directory Access Protocol (LDAP) and Server Message Block (SMB) protocol to access the Active Directory (AD) to discover all hosts on the network. BlackMatter then remotely encrypts the hosts and shared drives as they are found.
Ransomware attacks against critical infrastructure entities could directly affect consumer access to critical infrastructure services; therefore, CISA, the FBI, and NSA urge all organizations, including critical infrastructure organizations, to implement the recommendations listed in the Mitigations section of this joint advisory. These mitigations will help organizations reduce the risk of compromise from BlackMatter ransomware attacks.

.PDF download of the advisory here.

​

https://media.defense.gov/2021/Sep/28/2002863184/-1/-1/0/CSI_SELECTING-HARDENING-REMOTE-ACCESS-VPNS-20210928.PDF
​
Virtual Private Networks (VPNs) allow users to remotely connect to a corporate network via a secure tunnel. Through this tunnel, users can take advantage of the internal services and protections normally offered to on-site users, such as email/collaboration tools, sensitive document repositories, and perimeter firewalls and gateways. Because remote access VPN servers are entry points into protected networks, they are targets for adversaries. 

This .pdf provides plenty of insight into how to harden a VPN if you happen to be setting one up.

We love this and we think you will too.
Context:
Before I got into reverse engineering, executables always seemed like black magic to me. I always wondered how stuff worked under the hood, and how binary code is represented inside .exe files, and how hard it is to modify this ‘compiled code’ without access to the original source code.
But one of the main intimidating hurdles always seemed to be the assembly language, it’s the thing that scares most people away from trying to learn about this field.
That’s the main reason why I thought of writing this straight-to-the-point article that only contains the essential stuff that you encounter the most when reversing, albeit missing crucial details for the sake of brevity, and assumes the reader has a reflex of finding answers online, looking up definitions, and more importantly, coming up with examples/ideas/projects to practice on.
The goal is to hopefully guide an aspiring reverse engineer and arouse motivation towards learning more about this seemingly elusive passion.

https://0x41.cf/reversing/2021/07/21/reversing-x86-and-c-code-for-beginners.html

    Credential stuffing attacks are becoming a frequent threat as companies such as PCM, Sky,  Dunkin’ Donuts, State Farm and last week Transport for London (TFL) learned with their Oyster cards.   
    So what are they?  Wikipedia says, "Credential stuffing is a type of cyberattack where stolen account credentials typically consisting of lists of usernames and/or email addresses and the corresponding passwords (often from a data breach) are used to gain unauthorized access to user accounts through large-scale automated login requests directed against a web application.  The attacker automates the logins for thousands to millions of previously discovered credential pairs using standard web automation tools like Selenium, cURL, PhantomJS or tools designed specifically for these types of attacks like Sentry MBA".
    What can you do to prevent becoming a victim to this type of attack?  Figure out a system for yourself where you have a different password for all the websites you visit.  "What?  I could never remember all that" ... you won't need to.  Let me explain.
    First:  Consider creating a unique e-mail address not containing your username ... and a unique password that can be used with each account.  
    next:  Start with a new Gmail account.  As an example. I might create an account called [email protected] and use it as a name at various sites with the website name or the first 3 letters of the site name appended to the end.  For AWS it becomes [email protected].  Gmail drops anything after the + so it's still [email protected] and any mail going to that account can be forwarded from that account to my primary account, but it's unique as a username.  (Just remember that Google tracks purchases by reading your e-mails as covered in a previous weekly update.)
    Next consider a similar scheme for your passwords.  These can be tracked in something as simple as a password manager or an encrypted spreadsheet.  Put 2-factor/multi-factor authentication in place for every website that supports it.  Even SMS beats just a password and authenticator mechanisms like Google Authenticator, Authy or the new open source andOTP are better options.  When a website is compromised (plan on that happening these days) You won't have to worry about your other accounts being compromised too!

compiled by Catalin Cimpanu:   Roughly 60 percent of the top free mobile VPN apps returned by Google Play Store and Apple Play Store searches are from developers based in China or with Chinese ownership, raising serious concerns about data privacy, a study published today has revealed.

Data exchanged via these VPNs, some of which may be company trade secrets, may end up being logged, and in the worst case scenario logged on Chinese servers, where it may be at the disposal of Chinese authorities, which have a long and well-documented history of hacking, favoring, and helping local businesses at the expense of foreign competitors. 
Well, now you know.

Why is computer security important?
Because computers play such critical roles in our lives, and because we input and view so much personally identifiable information (PII) on them, it’s imperative to implement and maintain computer security. Strong computer security ensures safe processing and storage of our information.

How can I improve my computer’s security? The following are important steps you should consider to make your computer more secure. While no individual step will eliminate all risk, when used together, these defense-in-depth practices will strengthen your computer’s security and help minimize threats.

• Secure your router. When you connect a computer to the internet, it’s also connected to millions of other computers—a connection that could allow attackers access to your computer. Although cable modems, digital subscriber lines (DSLs), and internet service providers (ISPs) have some level of security monitoring, it’s crucial to secure your router—the first securable device that receives information from the internet. Be sure to secure it before you connect to the internet to strengthen your computer’s security. (See Securing Your Home Network for more information.)
• Enable and configure your firewall. A firewall is a device that controls the flow of information between your computer and the internet. Most modern operating systems (OSs) include a software firewall. The majority of home routers also have a built-in firewall. Refer to your router’s user guide for instructions on how to enable your firewall and configure the security settings. Set a strong password to protect your firewall against unwanted changes. (See Understanding Firewalls.)
• Install and use antivirus software. Installing an antivirus software program and keeping it up-to-date is a critical step in protecting your computer. Many types of antivirus software can detect the presence of malware by searching for patterns in your computer’s files or memory. Antivirus software uses signatures provided by software vendors to identify malware. Vendors frequently create new signatures to ensure their software is effective against newly discovered malware. Many antivirus programs offer automatic updating. If your program has automatic updates, enable them so your software always has the most current signatures. If automatic updates aren’t offered, be sure to install the software from a reputable source, such as the vendor’s website. (See Understanding Anti-Virus Software.)
• Remove unnecessary software. Intruders can attack your computer by exploiting software vulnerabilities, so the fewer software programs you have installed, the fewer avenues there are for potential attack. Review the software installed on your computer. If you don’t know what a software program does, research the program to determine whether or not the program is necessary. Remove any software you feel isn’t necessary after confirming it’s safe to remove. Back up important files and data before removing unnecessary software to prevent accidentally removing programs that turn out to be essential to your OS. If possible, locate the installation media (e.g., CD) for the software in case you need to reinstall it.
• Modify unnecessary default features. Like removing unnecessary software, modifying or deleting unnecessary default features reduces attackers’ opportunities. Review the features that are enabled by default on your computer, and disable or customize those you don’t need or don’t plan on using. As with removing unnecessary software, be sure to research features before modifying or disabling them.
• Operate under the principle of least privilege. In most instances of malware infection, the malware can operate only using the privileges of the logged-in user. To minimize the impact of a malware infection, consider using a standard or restricted user account (i.e., a non-administrator account) for day-to-day activities. Only log in with an administrator account—which has full operating privileges on the system—when you need to install or remove software or change your computer’s system settings.
• Secure your web browser. When you first install a web browser on a new computer, it will not usually have secure settings by default, you will need to adjust your browser’s security settings manually. Securing your browser is another critical step in improving your computer’s security by reducing attacks that take advantage of unsecured web browsers. (See Securing Your Web Browser.)
• Apply software updates and enable automatic updates. Most software vendors release updates to patch or fix vulnerabilities, flaws, and weaknesses (bugs) in their software. Intruders can exploit these vulnerabilities to attack your computer. Keeping your software updated helps prevent these types of infections. (See Understanding Patches and Software Updates.) When setting up a new computer, go to your software vendors’ websites to check for and install all available updates. Many OSs and software programs have options for automatic updates. Enable automatic updates if they are offered; doing so will ensure your software is always updated, and you won’t have to remember to do it yourself. Only download software updates directly from a vendor’s website, from a reputable source, or through automatic updates.

What are some additional best practices I can follow?There are other simple practices you can follow to improve your computer’s security.

• Use caution with email attachments and untrusted links. Malware is commonly spread by users clicking on a malicious email attachment or a link. Don’t open attachments or click on links unless you’re certain they’re safe, even if they come from a person you know. Be especially wary of attachments with sensational names, emails that contain misspellings, or emails that try to entice you into clicking on a link or attachment (e.g., an email with a subject that reads, “Hey, you won’t believe this picture of you I saw on the internet!”). (See Using Caution with Email Attachments.)
• Use caution when providing your information. Emails that appear to come from a legitimate source and websites that appear to be legitimate may be malicious. An example is an email claiming to be sent from a system administrator requesting your password or other sensitive information or directing you to a website that requests your information. Online services (e.g., banking, ISPs, retailers) may request that you change your password, but they will never specify what you should change it to or ask you what it is. If you receive an email asking you to change your password, visit the site yourself instead of clicking on any link provided in the email. (See Avoiding Social Engineering and Phishing Attacks.)
• Create strong passwords. Use the strongest, longest password or passphrase permitted. Don’t use passwords that attackers can easily guess, like your birthday or your child’s name. Attackers can use software to conduct dictionary attacks, which try common words that may be used as passwords. They also conduct brute force attacks, which are random password attempts that run until one is successful. When setting security verification questions, choose questions and answers for which an internet search would not easily yield the correct answer (e.g., your pet’s name). (See Choosing and Protecting Passwords.)

Further relevant news from the DHS:

Why is it important to dispose of electronic devices safely?In addition to effectively securing sensitive information on electronic devices, it is important to follow best practices for electronic device disposal. Computers, smartphones, and cameras allow you to keep a great deal of information at your fingertips, but when you dispose of, donate, or recycle a device you may inadvertently disclose sensitive information which could be exploited by cyber criminals.
Types of electronic devices include:

• Computers, Smartphones, and Tablets — electronic devices that can automatically store and process data; most contain a central processing unit and memory, and use an operating system that runs programs and applications.
• Digital Media — these electronic devices create, store, and play digital content. Digital media devices include items like digital cameras and media players.
• External Hardware and Peripheral Devices — hardware devices that provide input and output for computers, such as printers, monitors, and external hard drives; these devices contain permanently stored digital characters.
• Gaming Consoles — electronic, digital, or computer devices that output a video signal or visual image to display a video game.

What are some effective methods for removing data from your device?There are a variety of methods for permanently erasing data from your devices (also called sanitizing). Because methods of sanitization vary according to device, it is important to use the method that applies to that particular device.
Methods for sanitization include:

• Backing Up Data. Saving your data to another device or a second location (e.g., an external hard drive or the cloud) can help you recover your data if your device is stolen. Options for digital storage include cloud data services, CDs, DVDs, and removable flash drives or removable hard drives (see ST08-001 Using Caution with USB Drives and ST04-020 Protecting Portable Devices: Data Security for more information). Backing up your data can also help you identify exactly what information a thief may have been able to access.
• Deleting Data. Removing data from your device can be one method of sanitization. When you delete files from a device—although the files may appear to have been removed—data remains on the media even after a delete or format command is executed. Do not rely solely on the deletion method you routinely use, such as moving a file to the trash or recycle bin or selecting “delete” from the menu. Even if you empty the trash, the deleted files are still on device and can be retrieved. Permanent data deletion requires several steps.
  • Computers. Use a disk cleaning software designed to permanently remove the data stored on a computer hard drive to prevent the possibility of recovery.
    • Secure erase. This is a set of commands in the firmware of most computer hard drives. If you select a program that runs the secure erase command set, it will erase the data by overwriting all areas of the hard drive.
    • Disk wiping. This is a utility that erases sensitive information on hard drives and securely wipes flash drives and secure digital cards.
  • Smartphones and Tablets. Ensure that all data is removed from your device by performing a “hard reset.” This will return the device to its original factory settings. Each device has a different hard reset procedure, but most smartphones and tablets can be reset through their settings. In addition, physically remove the memory card and the subscriber identity module card, if your device has one.
  • Digital Cameras, Media Players, and Gaming Consoles. Perform a standard factory reset (i.e., a hard reset) and physically remove the hard drive or memory card.
  • Office Equipment (e.g., copiers, printers, fax machines, multifunction devices). Remove any memory cards from the equipment. Perform a full manufacture reset to restore the equipment to its factory default.
• Overwriting. Another method of sanitization is to delete sensitive information and write new binary data over it. Using random data instead of easily identifiable patterns makes it harder for attackers to discover the original information underneath. Since data stored on a computer is written in binary code—strings of 0s and 1s—one method of overwriting is to zero-fill a hard disk and select programs that use all zeros in the last layer. Users should overwrite the entire hard disk and add multiple layers of new data (three to seven passes of new binary data) to prevent attackers from obtaining the original data.
  • Cipher.exe is a built-in command-line tool in Microsoft Windows operating systems that can be used to encrypt or decrypt data on New Technology File System drives. This tool also securely deletes data by overwriting it.
  • Clearing is a level of media sanitation that does not allow information to be retrieved by data, disk, or file recovery utilities. The National Institute of Standards and Technology (NIST) notes that devices must be resistant to keystroke recovery attempts from standard input devices (e.g., a keyboard or mouse) and from data scavenging tools.
• Destroying. Physical destruction of a device is the ultimate way to prevent others from retrieving your information. Specialized services are available that will disintegrate, burn, melt, or pulverize your computer drive and other devices. These sanitization methods are designed to completely destroy the media and are typically carried out at an outsourced metal destruction or licensed incineration facility. If you choose not to use a service, you can destroy your hard drive by driving nails or drilling holes into the device yourself. The remaining physical pieces of the drive must be small enough (at least 1/125 inches) that your information cannot be reconstructed from them. There are also hardware devices available that erase CDs and DVDs by destroying their surface.
  • Magnetic Media Degaussers. Degaussers expose devices to strong magnetic fields that remove the data that is magnetically stored on traditional magnetic media.
  • Solid-State Destruction. The destruction of all data storage chip memory by crushing, shredding, or disintegration is called solid-state destruction. Solid-State Drives should be destroyed with devices that are specifically engineered for this purpose.
  • CD and DVD Destruction. Many office and home paper shredders can shred CDs and DVDs (be sure to check that the shredder you are using can shred CDs and DVDs before attempting this method).

For more information, see the NIST Special Publication 800-88 Guidelines for Media Sanitization.
How can you safely dispose of out-of-date electronic devices?Electronic waste (sometimes called e-waste) is a term used to describe electronics that are nearing the end of their useful life and are discarded, donated, or recycled. Although donating and recycling electronic devices conserves natural resources, you may still choose to dispose of e-waste by contacting your local landfill and requesting a designated e-waste drop off location. Be aware that although there are many options for disposal, it is your responsibility to ensure that the location chosen is reputable and certified. Visit the Environmental Protection Agency’s (EPA) Electronics Donation and Recycling webpage for additional information on donating and recycling electronics. For information on recycling regulations and facilities in your state, visit the EPA Regulations, Initiatives, and Research on Electronics Stewardship webpage.