Secure IT Disposal



  • @EncoreSpod said:

    It was such a WTF deal from the start, they took our stuff away, charged us to take it away then wherever possible sold it on and were completely up front about it. They even had to nerve to bullshit the boss with "Thats why our service is so cheap, because we can pay for some of the disposal using the profits from refurbishing old machines."

    I like that business model. Recently there have been a lot of empty property management companies springing up with a very similar model: you pay us to look after your empty property, and then we'll rent it out at market rates. Again, the only thing they provide is a guarantee.



  • @EncoreSpod said:

    But the man had to have his certificate, from an 'approved' supplier, of which there was only one.

    Then I'd refrain from scrubbing/touching any of the HW, on the grounds that this the "approved" supplier's responsibility.

    And if any precious data is found to have been lost out in the wild, then you've got a certificate identifying the person responsible...



  • @EncoreSpod said:

    they shred the hard disks for you and dispose of
    ...
    The boss then asked me to stop taking parts out of old scrap kit because the disposal firm was actually complaining that some of the computers were incomplete and couldn't be sold on, instead we ending up buying new parts to repair old machines.

    Am I the only one who heard the warning bells when reading this? You'd take a hard disk out of a dead machine (where it was supposed to be shedded anyway), and they'd complain because the machine couldn't be resold without one?



  • Yup - which is why I queried their organisation name of "disposal" versus "reseller". They're not actually disposing of the kit, they're just a "collection for repurposing" bunch.

    Ender: what's with your tags? I see some detritus all over your post.



  • @fterfi secure said:

    Oh, and they've only recently agreed that monitors cannot contain proprietary information once unplugged, regardless of how confidential the information they were displaying was, so up until recently they were keeping old monitors too.
     

    There's TRWTF. Have they never heard of [url="http://en.wikipedia.org/wiki/Screen_burn-in"]Screen Burn-In?[/url]  Those CRT are a treasure trove of information just waiting to be stolen. After all, it's the information that's on the screen for the longest period of time that gets burned in, and it's the largest clients who are on screen the most. Someone is going to steal all the big clients-- you know, the ones that matter and that can sue!

    Put this in a power point, add a few bar graphs, and you can convince the suits to permanently store CRT monitors. They can add a nice, huge number on the books that say "Income: Prevented privacy lawsuits". They won't notice the actual, real huge number on the other side of the books that say "OMFG paying for storage!". You just might drive them out of business.

    For bonus points, you can sell them the method to securly destroy information that may have been burned onto the screen, which is, of course, displaying an ultra-bright white image until the entire screen is burnt in. Can you imagine it? The entire dodgy basement alight in a sea of humming, flickering white light from below. And they must be left running 24/7 until ever bit of secure data is gone-- all running off the bank's electricity, of course. It might be too much of a drain on the grid. Get them to build their own nucular power station just to support it. No pixel left unscorched.

    Depending on the spectrum those CRTs put out, you might be able to rent out the basement as an light-therapy room. Or a tanning salon. Or both.

    If they complain about the heat, start a "greening initiative" company. Sell them on heat reuse to save the environment. After your large consulting fee, and "green premium" service, go in and spend 10 quid to run a vent into the air intake system. Instant heating in the winter! Fold the company by summer.



  • @irreal said:

    Since we're on the topic of disposal, i once happened to be enjoying a snack in the break area when the cleaning crew arrived to empty the bins. They casually took all the different recycling bins one by one and poured all the contents into one big bag.
    Needless to say, I haven't been paying much attention to what i throw away in which bin since...

    I saw the same thing happen at our break room.  Cleaning lady dumped the trash into a big bin, and then moved on to the recycling bin and dumped it into the same big bin.  I was laughing so hard on the inside, because less than a week earlier I threw a cardboard container for my lunch into the trash and a coworker reached into the trash and pulled it out and dropped it into the recycling.  He then gave me the look like I had just killed a puppy.

    Back on topic... I fully understand wiping hard drives before passing them on for destruction.  We had one server room that contained sensitive personally identifiable information on it and the client had specific requirements with proper usage and storage of said data, so we had to wipe all the hard drives before they could even leave the server room and go to destruction.  As for that other stuff if that company just changed their job description from disposal to repurposing/selling I would be ok with it, but they are obviously misadvertising their type of work which aggrevates me, and if they are selling the stuff then they should be paying you for the stuff.

    I was told a funny story once from a guy who had Secret clearance, about one of his idiot coworkers who decided to plug his ipod into a Secret level work station so he could charge it.  Needless to say the guy siezed his coworkers ipod and slapped a Secret label on it and had it flagged for disposal.  The coworker was pissed and winey about losing his ipod, but when the boss pointed out everything he could do to him, the idiot became much more cooperative.



  • @Anketam said:

    I was told a funny story once from a guy who had Secret clearance, about one of his idiot coworkers who decided to plug his ipod into a Secret level work station so he could charge it.  Needless to say the guy siezed his coworkers ipod and slapped a Secret label on it and had it flagged for disposal.  The coworker was pissed and winey about losing his ipod, but when the boss pointed out everything he could do to him, the idiot became much more cooperative.

    Sounds reasonable. I'll bet the document disposal guys got a kick out of burning the iPod. For more fun, convince more gullible cow-orkers that the stuff in the hole punch and the crap in the vacuum cleaner must be disposed of as classified waste.



  • @Anketam said:

    ..secret ipod...

    For the queen !!



  • @Lorne Kates said:

    There's TRWTF. Have they never heard of Screen Burn-In? 

    There are two WTFs there, actually. The first is that as far as I know that's where they got the idea in the first place. The second is that these were first-gen TFTs, not CRTs.



  • @irreal said:

    Since we're on the topic of disposal, i once happened to be enjoying a snack in the break area when the cleaning crew arrived to empty the bins. They casually took all the different recycling bins one by one and poured all the contents into one big bag.

    Our recycling company does that, they have a mechanical sorter which (apparently) smooshes everything into tiny bits, then can sort out the different materials from the pile of bits. Our local government actually got rid of the 3 recycle container system and just replaced it with one.

    Not necessarily a WTF, in other words.



  • @blakeyrat said:

    Not necessarily a WTF, in other words.

    Okay, I'll accept that, but then what's the point of having separate bins? Get a single large one, or leave the three that we now have but drop the labels and instructions that demand you put the right trash in the right bin.


    BTW, I'm not really complaining about this hard, just thought it was interesting and remotely relevant to the topic.

    Compared to my last job, this place is a heaven and surprisingly lacks any major WTFs so far. The biggest WTF yet is calling TrueUp Report Data TURD. That's pretty low on the WTF scale, especially seeing as it's a fortune 100 company. Then again, chances are I just haven't been around long enough to discover horrifying stories.



  • @irreal said:

    Since we're on the topic of disposal, i once happened to be enjoying a snack in the break area when the cleaning crew arrived to empty the bins. They casually took all the different recycling bins one by one and poured all the contents into one big bag.

    Needless to say, I haven't been paying much attention to what i throw away in which bin since...

    I always get a chuckle watching everyone meticulously separate their garbage into several different recycling bins in the break room. Every once in a while I point out to someone that we only have a cardboard bin in the back, so the janitors are just picking out the aluminum cans for themselves and dumping everything else in the trash.



  • @fterfi secure said:

    @EncoreSpod said:
    There are companies that exist to do exactly this kind of thing, you chuck anything electrical in a locked room, tell them to come and pick it up, they shred the hard disks for you and dispose of, re-use or recycle the electronics properly.
    I know of at least one major bank which has half the basement of their London office full of kit waiting for secure disposal. For obvious reasons it has to be disposed of properly, but for non-obvious reasons they've decided that it can't leave their building until it has been securely destroyed. Since no-one with appropriate certification is willing to come and do the work in the basement/boiler-room/rubbish store/underground car-park, there it sits - several years' worth at a minimum.

    The space the kit sits in could be rented out for maybe a quarter of a million quid a year, but that's only the start. Every machine there gets the usual PAT checks, inventorying, and so-on. Since the bank still owns them, they get included on support contracts. They paid to move them all from one building to another a couple of years ago. Oh, and they've only recently agreed that monitors cannot contain proprietary information once unplugged, regardless of how confidential the information they were displaying was, so up until recently they were keeping old monitors too.

    The best bit? That despite all that, the security is so loose that I nicked various gubbins from the store, including hard disks - and I'm far from alone. Yes, this is one of the banks which received a particularly large bail-out...

    Perhaps they could save some money by simply burning the building down?



  • All confidential information is always encrypted. So I don't care who gets the drives when I'm done with them.



  • @morbiuswilters said:

    All my confidential information is always encrypted. So I don't care who gets the drives when I'm done with them.

    FTFY



  • @Anketam said:

    the boss pointed out everything he could do to him

    What would that be?



  • @toon said:

    @Anketam said:

    the boss pointed out everything he could do to him

    What would that be?

    Fire him and/or have his clearance revoked.  It would be impossible for him to ever get any kind of clearance again.  Getting another job would also likely be difficult, depending on how long he was there (the longer the gap, the harder it is to explain away in an interview).



  • @toon said:

    @morbiuswilters said:
    All my confidential information is always encrypted. So I don't care who gets the drives when I'm done with them.

    FTFY

    Wow, did you just learn how to read or something? Thanks for pointing out the obvious.



  • @morbiuswilters said:

    All confidential information is always encrypted. So I don't care who gets the drives when I'm done with them.

    Wait, so you're telling me "Recycle Bin" on my "Desktop" isn't a secure means of information disposal?  Shit, I gotta make a few calls...



  • @C-Octothorpe said:

    @toon said:

    @Anketam said:

    the boss pointed out everything he could do to him

    What would that be?

    Fire him and/or have his clearance revoked.  It would be impossible for him to ever get any kind of clearance again.  Getting another job would also likely be difficult, depending on how long he was there (the longer the gap, the harder it is to explain away in an interview).

    Ah, I didn't gather that from the original comment. To me it sounded like a guy with security clearance slapped the sticker on a clueless coworker with no clearance at all... Makes much more sense. :)



  • @morbiuswilters said:

    @toon said:
    @morbiuswilters said:
    All my confidential information is always encrypted. So I don't care who gets the drives when I'm done with them.

    FTFY

    Wow, did you just learn how to read or something? Thanks for pointing out the obvious.

    No sir. I was quoting someone who was trying to point out that information that's secure should always be encrypted or it's their own fault. The thought that it might be a typo hadn't occurred to me. (not being sarcastic; it honestly hadn't.)



  • @toon said:

    @morbiuswilters said:
    @toon said:
    @morbiuswilters said:
    All my confidential information is always encrypted. So I don't care who gets the drives when I'm done with them.

    FTFY

    Wow, did you just learn how to read or something? Thanks for pointing out the obvious.

    No sir. I was quoting someone who was trying to point out that information that's secure should always be encrypted or it's their own fault. The thought that it might be a typo hadn't occurred to me. (not being sarcastic; it honestly hadn't.)

    It wasn't really a typo, the "my" was implied.



  • If you want a recycling WTF, check out what happens to recycled glass. A large proportion of it gets ground up into sand so we can say it's been recycled, even though that takes much more energy than chucking the glass in a hole in the ground and digging out some more sand.



  • @Lorne Kates said:

    There's TRWTF. Have they never heard of Screen Burn-In?  Those CRT are a treasure trove of information just waiting to be stolen. After all, it's the information that's on the screen for the longest period of time that gets burned in, and it's the largest clients who are on screen the most. Someone is going to steal all the big clients-- you know, the ones that matter and that can sue!

    Put this in a power point, add a few bar graphs, and you can convince the suits to permanently store CRT monitors. They can add a nice, huge number on the books that say "Income: Prevented privacy lawsuits". They won't notice the actual, real huge number on the other side of the books that say "OMFG paying for storage!". You just might drive them out of business.

    For bonus points, you can sell them the method to securly destroy information that may have been burned onto the screen, which is, of course, displaying an ultra-bright white image until the entire screen is burnt in. Can you imagine it? The entire dodgy basement alight in a sea of humming, flickering white light from below. And they must be left running 24/7 until ever bit of secure data is gone-- all running off the bank's electricity, of course. It might be too much of a drain on the grid. Get them to build their own nucular power station just to support it. No pixel left unscorched.

    Depending on the spectrum those CRTs put out, you might be able to rent out the basement as an light-therapy room. Or a tanning salon. Or both.

    If they complain about the heat, start a "greening initiative" company. Sell them on heat reuse to save the environment. After your large consulting fee, and "green premium" service, go in and spend 10 quid to run a vent into the air intake system. Instant heating in the winter! Fold the company by summer.


    Does anyone know whether Simon Travaglia reads TDWTF?



  • @pjt33 said:

    Does anyone know whether Simon Travaglia reads TDWTF?
     

    Since his best stories are from the olden days (1990s) he pre-dates TDWTF! Here's your 4MB home space!



  • @Zemm said:

    Since his best stories are from the olden days (1990s) he pre-dates TDWTF!


    Indeed, but El Reg are still publishing his new material, and this is better than a lot of it. Maybe Lorne could moonlight as his ghostwriter.



  • @fterfi secure said:

    The second is that these were first-gen TFTs, not CRTs.

    My old TFT (Hansol H530) had a nice burn-in of the minimize/maximize/close buttons in the top-left corner, though that did go away after a few months when I repurposed it for my (text-only) Linux server.



  • @blakeyrat said:

    @irreal said:
    Since we're on the topic of disposal, i once happened to be enjoying a snack in the break area when the cleaning crew arrived to empty the bins. They casually took all the different recycling bins one by one and poured all the contents into one big bag.

    Our recycling company does that, they have a mechanical sorter which (apparently) smooshes everything into tiny bits, then can sort out the different materials from the pile of bits. Our local government actually got rid of the 3 recycle container system and just replaced it with one.

    Not necessarily a WTF, in other words.

     

    Right, the recycling bins here, you can put anything recyclable in, and don't have to worry about differentiating. (Except glass, not because they can't sort it from the other stuff, but because broken glass is a health and safety risk.) Seems like a better option than making people split, to me.

     



  • OP:  So, the real WTF is that you're bosses are adament on spending money on a private firm specializing in secure computer disposal, of which you and your bosses are openly distrustful of, which does the same things your internal IT does, to the point that they give you orders to condition junked PCs for the firm so they don't complain, just so you can get a certificate from them, a company you openly distrust?

    I swear, if I ever run a huge company, and I hear about anything like this ridiculous crap costing us even one penny, people are getting fired.



  •  yeah :D



  • Here is what you should do. After you erased the disk, install an image with some autorun program that will phone home by sending an HTTP request to your server, or like that.



  • @Lorne Kates said:

    @fterfi secure said:

    Oh, and they've only recently agreed that monitors cannot contain proprietary information once unplugged, regardless of how confidential the information they were displaying was, so up until recently they were keeping old monitors too.
     

    There's TRWTF. Have they never heard of Screen Burn-In?  Those CRT are a treasure trove of information just waiting to be stolen. After all, it's the information that's on the screen for the longest period of time that gets burned in, and it's the largest clients who are on screen the most. Someone is going to steal all the big clients-- you know, the ones that matter and that can sue!

    Put this in a power point, add a few bar graphs, and you can convince the suits to permanently store CRT monitors. They can add a nice, huge number on the books that say "Income: Prevented privacy lawsuits". They won't notice the actual, real huge number on the other side of the books that say "OMFG paying for storage!". You just might drive them out of business.

    For bonus points, you can sell them the method to securly destroy information that may have been burned onto the screen, which is, of course, displaying an ultra-bright white image until the entire screen is burnt in. Can you imagine it? The entire dodgy basement alight in a sea of humming, flickering white light from below. And they must be left running 24/7 until ever bit of secure data is gone-- all running off the bank's electricity, of course. It might be too much of a drain on the grid. Get them to build their own nucular power station just to support it. No pixel left unscorched.

    Depending on the spectrum those CRTs put out, you might be able to rent out the basement as an light-therapy room. Or a tanning salon. Or both.

    If they complain about the heat, start a "greening initiative" company. Sell them on heat reuse to save the environment. After your large consulting fee, and "green premium" service, go in and spend 10 quid to run a vent into the air intake system. Instant heating in the winter! Fold the company by summer.

    You should go work for the US Department of Defense. Instead of "income" you can just call your central figure "deficit reduction."

    The DOD has plenty of money to spend on that kind of crap. They stole it from my children.



  • @bridget99 said:

    You should go work for the US Department of Defense. Instead of "income" you can just call your central figure "deficit reduction." The DOD has plenty of money to spend on that kind of crap. They stole my children.

    MICFY


Log in to reply

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.