Identity theft and copy machines

oh SNAP. I had no idea those things had hard drives. I wonder if any manufacturers implemented encryption, but I doubt many did.

Still watching it, will comment more in a sec...

I doubt they use any form of hardened encryption as the guy was able to use off the shelf file recovery software to collect the imaged documents.

There should be a clean and wipe routine for these drives when someone gets ready to ditch them.

They have it, you see the guy in the video. It cost and extra $500, which is a ripoff. It should be a default option (and encryption) since these are basic security features.

That's like selling you Windows without the ability to enforce login accounts.

Okay, I've just finished the video, which stated that every major company claimed to encrypt the data on their copiers drives, but...

Assuming that claim to be true, it seems to me that any encryption method has a shelf life relative to the power of the most current processors and software. Technology moves fast and it's not out of this world to guess that a high percentage of the encryption methods these companies are using could be easily broken well within ten years (being generous). That's totally within the lifespan of a person who uses copiers for their sensitive data. I'm by no means any kind of expert in data security, though, so I might be wrong.

Secondly, Sharp says they have an option that "erases" the data on the drive, but depending on how they specifically remove the information, it may still be recoverable.

Also, how responsible is this journalism? There's no way to mitigate thousands upon thousands of copiers already released into the wild, and there's no way to trace the information back to the specific copier! I bet you data thieves are already jumping on this opportunity as a result of this broadcast.

Some encryption is better than no encryption. Some encryption algorithms would require a pretty revolutionary change in computing to be broken, so this is no excuse.

I think it's pretty responsible that they aired this, I don't believe in "security through obscurity". Now people will be demanding that companies be doing this, and everybody will be aware of the problem. It's not their responsibility to hide defects perpetuated by that industry, their job is to warn their viewers/public.

Some of the recent encryption methods such as AES 256 and twofish are estimated to take more effort to crack than all the sand in the world made into processor chips working for 20+ years. Or something like that.

Of course there are easier methods to get around brute forcing the raw encrypted data.

Unfortunately, I just don't know that much right now about the shelf life of encryption. But I think Capitan is right that something is better than nothing.

I have to disagree that this is an example of responsible journalism. Security through obscurity is actually a pretty big part of computing, the way I understand things. This is why companies that discover security flaws in major software suites usually release the information to the gurus before it hits the public. I mean, how much worse is this than a zero day exploit in Internet Explorer? Apparently there's whole warehouses full of potentially (lets face it, likely) sensitive information out there.

In my opinion (again, not expert), by the time anyone gets worked up over this or even thinks about beginning to implement some kind of strategy for this problem, a lot of people's information are going to be in some pretty unscrupulous hands as a direct result of this report. This is pretty much an information disaster.

confidential paperwork is one thing but what is doubly disturbing about this is that somewhere out there someone could be using an image of your ass without your knowledge/approval

Stop the presses. Stop the presses!



Are you saying someone could be stealing my ass copies from the AssJet?

Holy crap guys.

Now I gotta worry about someone making a fake assdentification with my posterior.