|
|
|
|
|
|
by mikeash
4559 days ago
|
|
|
There is a vast difference between writing out zeroes to the SSD but still having some of the original data potentially persist on the SSD but unreachable without special techniques, and not zeroing out the SSD and giving the device to a new VM and letting it trivially access everything that was previously there. If I can provision a new VM and cat /dev/vda and see data from the VM that previously occupied that spot, then you are doing it horribly, horribly, horribly wrong. That zeroing out the data leaves open a different and vastly more difficult attack path doesn't make that any less true. |
|
|