Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/tychotithonus/statuses/113807618937285494">Royce Williams (tychotithonus@infosec.exchange)'s status on Saturday, 11-Jan-2025 13:03:27 JST</a><a href="https://infosec.exchange/@tychotithonus" title="tychotithonus@infosec.exchange"><img src="https://gnusocial.jp/avatar/92920-48-20240902162501.webp" width="48" height="48" alt="Royce Williams" style="position: absolute; left: 0; top: 0;">Royce Williams</a></section><article><p>Recently, I learned that Western Digital has decided to only partially implement the ATA Secure Erase featureset for initial price points for some storage products.</p><p><a href="https://www.westerndigital.com/en-us/solutions/data-security/data-protection" rel="nofollow noreferrer">https://www.westerndigital.com/en-us/solutions/data-security/data-protection</a></p><p>Specifically, they are withholding the near-instantaneous "Crypto Erase" option (encrypt the entire drive with a strong key, and then discard the key) from some products, offering only "Sanitize Block Erase" (overwrite everything) at the entry-level price point.</p><p>Technically, Block Erase does comply with NIST 800-88 "Purge" level for SSDs, per Table A-8. But it wastes [size-of-drive] writes. And on modern drives, it can take a looong time to overwrite an entire HDD.</p><p>I understand the need to stratify pricing. But just like the "SSO tax" ... making security harder is never better for the ecosystem. </p><p>And by the time most people realize they wanted the better option ... the purchases will have been made (maybe years before), and the folks making the purchasing decision will likely be far removed (in time, org structure, and technical awareness) from the personnel suffering the consequences.</p><p>Bad form.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4352870#notice-8512078">In conversation</a><time datetime="2025-01-11T13:03:27+09:00" title="Saturday, 11-Jan-2025 13:03:27 JST">about 5 months ago</time> <span>from <span><a href="https://infosec.exchange/@tychotithonus/113807618937285494" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@tychotithonus/113807618937285494">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Royce Williams (tychotithonus@infosec.exchange)'s status on Saturday, 11-Jan-2025 13:03:27 JST Royce Williams
Recently, I learned that Western Digital has decided to only partially implement the ATA Secure Erase featureset for initial price points for some storage products.
https://www.westerndigital.com/en-us/solutions/data-security/data-protection
Specifically, they are withholding the near-instantaneous "Crypto Erase" option (encrypt the entire drive with a strong key, and then discard the key) from some products, offering only "Sanitize Block Erase" (overwrite everything) at the entry-level price point.
Technically, Block Erase does comply with NIST 800-88 "Purge" level for SSDs, per Table A-8. But it wastes [size-of-drive] writes. And on modern drives, it can take a looong time to overwrite an entire HDD.
I understand the need to stratify pricing. But just like the "SSO tax" ... making security harder is never better for the ecosystem.
And by the time most people realize they wanted the better option ... the purchases will have been made (maybe years before), and the folks making the purchasing decision will likely be far removed (in time, org structure, and technical awareness) from the personnel suffering the consequences.
Bad form.
In conversationabout 5 months ago from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice