Click to edit Master title Understanding Data Remanence … · 2019. 7. 16. · Click to edit...

Click to edit Master title Click to edit Master title

stylestyle

•• Click to edit Master text stylesClick to edit Master text styles

•• Second levelSecond level

•• Third levelThird level

•• Fourth levelFourth level

•• Fifth levelFifth level

1

1

1

Understanding Data Remanence Management and What It Means to You

ACSAC Tucson Session 3:30 pm 6 DEC 2005

Understanding Data Understanding Data Remanence Management Remanence Management and What It Means to Youand What It Means to You

ACSAC Tucson ACSAC Tucson Session 3:30 pm 6 DEC 2005Session 3:30 pm 6 DEC 2005

Presented By

STEVEN SKOLOCHENKO CISSP, CISM, CISA

Booz | Allen | Hamilton

Presented By




stylestyle






2

2

2

Managing

Data Remanence

Managing Managing

Data RemanenceData Remanence

•• Intended for those who have information Intended for those who have information technology security responsibilities.technology security responsibilities.

•• Goal: Provide participants with Goal: Provide participants with information on managing data remanence to information on managing data remanence to protect the confidentiality of data remanence protect the confidentiality of data remanence on storage media. on storage media.


stylestyle






3

3

3

ObjectivesObjectivesObjectives

Upon completion of this session you Upon completion of this session you will be able to:will be able to:

•• Identify the terms used to discuss and Identify the terms used to discuss and describe data remanence.describe data remanence.

•• Identify remanence management issues.Identify remanence management issues.

•• Discuss sanitization techniques for various Discuss sanitization techniques for various types of types of media.media.


stylestyle






4

4

4

A News Story About Data Remanence

A News A News StoryStory About About

Data RemanenceData Remanence

By Karen Hensel of the News 8 I-Team (Indiana) Aug. 2002- An Indiana congressman is demanding answers after a security

breach at a local hospital was uncovered by the News 8 I-Team. What was most disturbing was where the I-Team's Karen Henseluncovered the information and at what price.-Used computers are cheap and easy to find. The News 8 I-Teamfound three at the very first thrift store they shopped at. All threewere tested with the help of computer forensics expert Dan Cavalliniof 20/20 Investigations. His reaction? "I was really surprised to seesome of this in there."-Within minutes the News 8 I-Team found hospital patient records,patient's social security numbers, along with their home addressesand home telephone numbers. News 8 I-Team also found page afterpage of credit card numbers. Cavallini said "identity theft is the firstthing that comes to mind."

By Karen Hensel of the News 8 IBy Karen Hensel of the News 8 I--Team (Indiana) Aug. 2002Team (Indiana) Aug. 2002-- An Indiana congressman is demanding answers after a securityAn Indiana congressman is demanding answers after a security

breach at a local hospital was uncovered by thbreach at a local hospital was uncovered by the News 8 Ie News 8 I--Team. Team. What was most disturbing was where the IWhat was most disturbing was where the I--Team's Karen HenselTeam's Karen Henseluncovered the information and at what price.uncovered the information and at what price.--Used computers are cheap and easy to find. The News 8 IUsed computers are cheap and easy to find. The News 8 I--TeamTeamfound three at the very first thrift store thefound three at the very first thrift store they shopped at. All threey shopped at. All threewere tested with the help of computer forensicwere tested with the help of computer forensics expert Dan Cavallinis expert Dan Cavalliniof 20/20 Investigations. His reaction? "I waof 20/20 Investigations. His reaction? "I was really surprised to sees really surprised to seesome of this in there."some of this in there."--Within minutes the News 8 IWithin minutes the News 8 I--Team found hospital patient records,Team found hospital patient records,patient's social security numbers, along with patient's social security numbers, along with their home addressestheir home addressesand home telephone numbers. News 8 Iand home telephone numbers. News 8 I--Team also found page afterTeam also found page afterpage of credit card numbers. Cavallini said "page of credit card numbers. Cavallini said "identity theft is the firstidentity theft is the firstthing that comes to mind."thing that comes to mind."


stylestyle






5

5

5

A News Story About Data Remanence

A News Story About A News Story About Data RemanenceData Remanence

Federal BytesDumb-criminals filesWhile the FBI is loathe to reveal detailsof its investigations, we had to chuckleat a recent tidbit gleaned from ameeting of the Computer SystemSecurity and Privacy Advisory Board, According to Susan Koeppen, a trialattorney with the Justice Department’sComputer Crime and IntellectualProperty section, the FBI recentlyinvestigated an extortion threat directedat Microsoft Corp.s’ Bill Gates.

It seems a not-so-clever criminal senta diskette to Gates with an attachedimage containing the terms of thethreat. The extortionist may have beentrying to save a bit of money: instead ofbuying a new diskette to carry out hisscheme, he simply erased files on adiskette he already had.

His thriftiness cost him, however,because the FBI was able to recover thedeleted files from the disk. One ofthese files contained the name andaddress of the man, whom federalagents quickly arrested.Source: Federal Computer Week, Sept. 22, 1997.


stylestyle






6

6

6

AgendaAgendaAgenda

• Concepts and Terms

• Situation Assessment

• Attacks and Protection

• Media

• Media Destruction

Remanence:Deleted or erased,but not really gone!


stylestyle






7

7

7

•• Workstations donWorkstations don’’t last forevert last forever

•• Storage media degrades over timeStorage media degrades over time

•• New technologies make some media obsoleteNew technologies make some media obsolete

•• A disk crash doesnA disk crash doesn’’t destroy all data on a disk, but it t destroy all data on a disk, but it denies easy access to the datadenies easy access to the data

Why is Remanence Management of concern?

Why is Remanence Why is Remanence Management of concern?Management of concern?

When systems and media are taken out of service, care must be taken to ensure the confidentiality of the information that is/was on the internal/removable storage of the system.

When systems and media are taken out of service, care must be taken to ensure the confidentiality of the information that is/was on the internal/removable storage of the system.


stylestyle






8

8

8

How Often Are Hard Drives Reused?

How Often Are Hard How Often Are Hard Drives Reused?Drives Reused?

•• A report by market research firm IDC A report by market research firm IDC estimates the 257 million hard drives will be estimates the 257 million hard drives will be shipped for use in PCs or laptops in 2004.shipped for use in PCs or laptops in 2004.

•• Estimates are that seven drives will be retired Estimates are that seven drives will be retired for every 10 shipped. for every 10 shipped.


stylestyle






9

9

9

HistoryHistoryHistory

•• Problem recognized in 1960Problem recognized in 1960

•• Issue addressed in DOD 5200.28Issue addressed in DOD 5200.28--M, 1973 M, 1973

•• Watergate tapes brought attention to itWatergate tapes brought attention to it

•• DOD studies, IL Inst. of Tech, 1981DOD studies, IL Inst. of Tech, 1981--8282

•• NBS issues NBS Special Pub. 500NBS issues NBS Special Pub. 500--101, 101, Care and Handling of Magnetic Media, 1983Care and Handling of Magnetic Media, 1983

•• DOD Magnetic Remanence Security Guideline, 1985DOD Magnetic Remanence Security Guideline, 1985

•• NCSC Pub. A Guide to Understanding Data Remanence in Automated NCSC Pub. A Guide to Understanding Data Remanence in Automated Information Systems, 1991Information Systems, 1991

•• NSA/CSS Manual 130NSA/CSS Manual 130--2, Use in Conjunction w/ Operational Computer 2, Use in Conjunction w/ Operational Computer Security Manual, 130Security Manual, 130--11

•• Peter Gutmann paper at USENIX,1996Peter Gutmann paper at USENIX,1996

•• NIST SP 800NIST SP 800--88 ~Summer 200688 ~Summer 2006


stylestyle






10

10

10

Basic TermsBasic TermsBasic Terms

•• CoercivityCoercivity is a measure of signal strength that is a measure of signal strength that is required to alter magnetic storage media.is required to alter magnetic storage media.

•• SanitizationSanitization is a general term that refers to is a general term that refers to actions taken to ensure unactions taken to ensure un--needed data on needed data on media are difficult to recover or virtually media are difficult to recover or virtually unrecoverable.unrecoverable.


stylestyle






11

11

11

Coercivity ValuesCoercivity ValuesCoercivity Values

• Diskette, 5.25”, 720 Kb 300 Oe• Diskette, 3.5” , 1.44 Mb 660 Oe• Diskette, 3.5”, 120 Mb 1,500 Oe• Tape, 8mm, DAT 1,650 Oe• Hard Drive, 20 GB 2.500 Oe• Hard Drive, 50+ GB 3,000 Oe

• Diskette, 5.25”, 720 Kb 300 Oe• Diskette, 3.5” , 1.44 Mb 660 Oe• Diskette, 3.5”, 120 Mb 1,500 Oe• Tape, 8mm, DAT 1,650 Oe• Hard Drive, 20 GB 2.500 Oe• Hard Drive, 50+ GB 3,000 Oe


stylestyle






12

12

12

P-list and G-listPP--list and Glist and G--listlist

•• PP--list: A permanent list of defective memorylist: A permanent list of defective memory–– Originates from manufacturerOriginates from manufacturer’’s media testing s media testing

processprocess–– Itemizes defective or marginal regionsItemizes defective or marginal regions

of mediaof media•• GG--list: A grown list of defective memorylist: A grown list of defective memory

–– Identifies memory locations that Identifies memory locations that become unusable over time become unusable over time

–– Lists defective regions with SCSI Lists defective regions with SCSI ““Format UnitFormat Unit””cmdcmd

–– Drive firmware usually handles Drive firmware usually handles grown defectsgrown defects

P-listG-list


stylestyle






13

13

13

• Memory scavenging refers to the process of recovering data from media that has not been sanitized properly.

•• Keyboard attacksKeyboard attacks occur when an occur when an unauthorized person uses commands, unauthorized person uses commands, utilities, and tools from a standard utilities, and tools from a standard workstation to discover the contentsworkstation to discover the contentsof memory locations on media that of memory locations on media that they are not authorized to access.they are not authorized to access.

•• Laboratory attacksLaboratory attacks occur when an occur when an unauthorized person uses advanced unauthorized person uses advanced signal processing equipment to signal processing equipment to recover data from media.recover data from media.

Types of AttacksTypes of AttacksTypes of Attacks


stylestyle






14

14

14

•• SanitizationSanitization is the process of making information on is the process of making information on the media difficult or virtually impossible to recover.the media difficult or virtually impossible to recover.

•• OverwritingOverwriting is a multiis a multi--step sanitization process that step sanitization process that writes 0s, 1s, and random binary strings into every writes 0s, 1s, and random binary strings into every memory space on the media. memory space on the media.

•• DegaussingDegaussing is a sanitization technique for destroying is a sanitization technique for destroying the electromagnetic image on magnetic media by the electromagnetic image on magnetic media by submitting the media to an extremely powerful submitting the media to an extremely powerful magnetic field .magnetic field .

SafeguardsSafeguardsSafeguards


stylestyle






15

15

15

•• ClearingClearing is the process of removing is the process of removing data from media to protect information data from media to protect information from keyboard attack.from keyboard attack.

•• Erasing/DeletingErasing/Deleting is the process of is the process of altering the directory structures and altering the directory structures and pointers to remove knowledge pointers to remove knowledge of a file and its location.of a file and its location.

•• PurgingPurging is the process of removing is the process of removing data from the media such that is data from the media such that is virtually unrecoverable.virtually unrecoverable.

Overwriting TechniquesOverwriting TechniquesOverwriting Techniques


stylestyle






16

16

16

•• RemanenceRemanence refers to those data refers to those data that are still recoverable from media that are still recoverable from media after it has been sanitized.after it has been sanitized.

•• RemnantsRemnants is the term is the term used for scraps of carpet used for scraps of carpet or fabric.or fabric.

Last But Not LeastRemanence vs. Remnants

Last But Not LeastLast But Not LeastRemanence vs. RemnantsRemanence vs. Remnants


stylestyle






17

17

17

AgendaAgendaAgenda




• Media




stylestyle






18

18

18

Remanence Management Situation Assessment

Remanence Management Remanence Management Situation AssessmentSituation Assessment

1. Determine data storage media sensitivity1. Determine data storage media sensitivity

2. Determine the type of medium2. Determine the type of medium

3. Determine the operational condition3. Determine the operational condition

4. Determine future uses4. Determine future uses

5. Determine future protection5. Determine future protection


stylestyle






19

19

19

Other Assessment Considerations

Other Assessment Other Assessment ConsiderationsConsiderations

•• Disks can be used as virtual memoryDisks can be used as virtual memory

•• Many applications create temporary filesMany applications create temporary files

•• Applications create automatic backupsApplications create automatic backups

•• Saves do not always write over same memory spaceSaves do not always write over same memory space

•• Slack space in blocksSlack space in blocks

•• Instant on feature writes clear textInstant on feature writes clear textinformation to diskinformation to disk


stylestyle






20

20

20

Object ReuseObject ReuseObject Reuse

•• Who remembers?Who remembers?


stylestyle






21

21

21

AgendaAgendaAgenda




• Media




stylestyle






22

22

22

Keyboard AttackKeyboard AttackKeyboard Attack

•• How is it conducted?How is it conducted?

•• Who can do it?Who can do it?

•• What are the tools?What are the tools?


stylestyle






23

23

23

Keyboard Attack ToolsKeyboard Attack ToolsKeyboard Attack Tools

•• Norton UtilitiesNorton Utilities•• Fixit UtilitiesFixit Utilities•• Nuts & BoltsNuts & Bolts•• PC MedicPC Medic•• PPIRTPPIRT•• Various Forensic Various Forensic

ToolsTools


stylestyle






24

24

24

FORENSIC TOOLSFORENSIC TOOLSFORENSIC TOOLS

•• Google search on Google search on ““Forensic toolsForensic tools””resulted in a listing of over 500,000 resulted in a listing of over 500,000 entries.entries.

•• Entries covered PCs, PDAs, even Entries covered PCs, PDAs, even ““Mainframes.Mainframes.””


stylestyle






25

25

25

Clearing MediaClearing MediaClearing Media

•• What happens when we write on What happens when we write on media?media?

–– PP--ListList

–– GG--ListList

–– Why is coercivity important?Why is coercivity important?

•• Head Alignment, is it important?Head Alignment, is it important?

–– What is head alignment ?What is head alignment ?

–– What can alter head alignment?What can alter head alignment?

Clearing Media


stylestyle






26

26

26

Common Commands for Clearing Data

Common Commands Common Commands for Clearing Datafor Clearing Data

•• EraseErase

•• DeleteDelete

•• FormatFormat

••Erase Erase••Delete Delete••Format Format••Object Object

Reuse Reuse


stylestyle






27

27

27

Overwriting Used for Clearing (1 of 2)

Overwriting Used Overwriting Used for Clearingfor Clearing (1 of 2)(1 of 2)

•• Program should write specific data patternProgram should write specific data pattern

•• Pattern should be written Pattern should be written to all data storage to all data storage locationslocations

•• Program should check Program should check to see that the pattern to see that the pattern has been writtenhas been written

•• How much overwriting is enough?How much overwriting is enough?

Overwritein progress…


stylestyle






28

28

28

Overwriting Usedfor Clearing (2 of 2)Overwriting UsedOverwriting Usedfor Clearing for Clearing (2 of 2)(2 of 2)

•• Very slow for floppiesVery slow for floppies

•• Even more time for today's hard Even more time for today's hard drivesdrives

Current computer takes about 15 Current computer takes about 15 mins to overwrite and verify one mins to overwrite and verify one gig, one passgig, one pass

•• For most current drives one For most current drives one pass is sufficient, provided it is pass is sufficient, provided it is specific and verifiedspecific and verified


stylestyle






29

29

29

Purging MediaPurging MediaPurging Media

•• Protection from Protection from laboratory attacklaboratory attack

•• How are media How are media purged?purged?–– OverwritingOverwriting

–– DegaussingDegaussing


stylestyle






30

30

30

Overwriting Usedfor Purging

Overwriting UsedOverwriting Usedfor Purgingfor Purging

•• Same technique as Same technique as clearingclearing

•• There are more overwrites There are more overwrites to purgeto purge


stylestyle






31

31

31

Overwriting Tools for Clearing and Purging Media

Overwriting Tools for Overwriting Tools for Clearing and Purging MediaClearing and Purging Media

•• UniShred ProUniShred Pro--Los Altos Technologies, Inc.Los Altos Technologies, Inc.

•• Norton UtilitiesNorton Utilities--Symantec, Symantec, ““WipeWipe””

•• UNIXUNIX

•• ISTAC Security Utilities ISTAC Security Utilities (US Gov. & Contractors)(US Gov. & Contractors)--CIACIA

•• PC Safe & SecurePC Safe & Secure--Boomerang SoftwareBoomerang Software

•• BlackoutBlackout--Kintech SoftwareKintech Software

•• BC WipeBC Wipe--JeticoJetico

Overwrit

ing

Tools


stylestyle






32

32

32

DegaussingDegaussingDegaussing

•• This is the most effective This is the most effective purging techniquepurging technique

•• Media coercivity dictates the Media coercivity dictates the type of Degaussing device that type of Degaussing device that is required for effective is required for effective destruction of the datadestruction of the data


stylestyle






33

33

33

Degausser Products ListDegausser Products ListDegausser Products List

•• Published twice a year by the: Published twice a year by the: Media Technology Center, NSA9800 Savage RoadFt. Meade, MD 20755-6000


stylestyle






34

34

34

AgendaAgendaAgenda




• Media




stylestyle






35

35

35

Magnetic TapesMagnetic TapesMagnetic Tapes

•• Magnetic Tape, types I, II, IIIMagnetic Tape, types I, II, III–– Type I, Coercivity of 0Type I, Coercivity of 0--350 Oe350 Oe

–– Type II, Coercivity of 351Type II, Coercivity of 351--750 Oe750 Oe

–– Type III, Coercivity of 751+ OeType III, Coercivity of 751+ Oe

•• Examples of magnetic tape typesExamples of magnetic tape types–– 4 MM, DAT, Coercivity 1650 Oe4 MM, DAT, Coercivity 1650 Oe

–– 8MM, Cartridge, Coercivity 650 Oe8MM, Cartridge, Coercivity 650 Oe

–– Cartridge, SQ 400, Coercivity 950 OeCartridge, SQ 400, Coercivity 950 Oe


stylestyle






36

36

36

DisksDisksDisks

•• 3.53.5””, 1.4 MB, Coercivity 700 Oe, 1.4 MB, Coercivity 700 Oe

•• 3.53.5””, 120 MB, Coercivity 1500 Oe, 120 MB, Coercivity 1500 Oe

•• Atlas III, HD, 10 GB, Coercivity 2300 OeAtlas III, HD, 10 GB, Coercivity 2300 Oe

•• Hard Drives 50+ GB, Coercivity 3000+ Hard Drives 50+ GB, Coercivity 3000+


stylestyle






37

37

37

Other MediaOther MediaOther Media

•• UVPROM/EPROMUVPROM/EPROM

•• MagnetoMagneto--Optical Read Only Optical Read Only (ROM and Worm) CD/DVD(ROM and Worm) CD/DVD

•• EAROM and EEPROMEAROM and EEPROM

•• etc.etc.


stylestyle






38

38

38

UVPROM/EPROMUVPROM/EPROMUVPROM/EPROM


stylestyle






39

39

39

Magneto-OpticalMagnetoMagneto--OpticalOptical

•• Read Only Memory (ROM)Read Only Memory (ROM)

•• Write Once Read Many (Worm)Write Once Read Many (Worm)


stylestyle






40

40

40

EAROM, EEPROMEAROM, EEPROMEAROM, EEPROM


stylestyle






41

41

41

FLASHFLASHFLASH


stylestyle






42

42

42

FLASHFLASHFLASH


stylestyle






43

43

43

Perpendicular RecordingPerpendicular RecordingPerpendicular Recording

•• What is it?What is it?

•• The superparamagnitism limitThe superparamagnitism limit

•• Coercivity of 10,000 OeCoercivity of 10,000 Oe

•• Density of 100 Gbits/Sq inchDensity of 100 Gbits/Sq inch

•• 3 3 ½½ inch floppy to store 1 Tbit of datainch floppy to store 1 Tbit of data

•• Seagate & Maxtor may have drives out Seagate & Maxtor may have drives out in 2006, est.in 2006, est.


stylestyle






44

44

44

etc.etc.etc.

•• Researchers at Syracuse University have Researchers at Syracuse University have developed a recording medium that suspends developed a recording medium that suspends a bacterial protein in a gela bacterial protein in a gel

•• The molecular medium stores information in The molecular medium stores information in threethree--dimensional neural architectures when dimensional neural architectures when exposed to a sequence of two red laser beamsexposed to a sequence of two red laser beams

•• A blue laser resets the molecules, erasing the dataA blue laser resets the molecules, erasing the data

For info: Google on “R. Birge Syracuse”


stylestyle






45

45

45

Future Medium?Future Medium?Future Medium?

•• Another project is to make a proteinAnother project is to make a protein--p based p based threethree--dimensional memory based on dimensional memory based on bacteriorhodopsinbacteriorhodopsin

•• Proteins will be encapsulated Proteins will be encapsulated in a polymer matrix that will in a polymer matrix that will allow threeallow three--dimensional dimensional addressingaddressing

•• Holographic memoryHolographic memory


stylestyle






46

46

46

AgendaAgendaAgenda




• Media




stylestyle






47

47

47

Media DestructionMedia DestructionMedia Destruction

Why destroy media?Why destroy media?

•• PolicyPolicy

P O IL C Y

•• System/media are System/media are damaged beyond repairdamaged beyond repair

•• System/media System/media are obsoleteare obsolete


stylestyle






48

48

48

Media Destruction Techniques

Media Destruction Media Destruction TechniquesTechniques

•• Not always a simple processNot always a simple process–– Remove componentsRemove components

–– PulverizePulverize

–– IncinerateIncinerate

•• Examples:Examples:–– MagnetoMagneto--optical disksoptical disks

–– Wafers/chipsWafers/chips

–– DiskettesDiskettes

–– Hard drivesHard drives

–– TapesTapes


stylestyle






49

49

49

What’s New?WhatWhat’’s New?s New?

•• Purging machine for Purging machine for optical CD/DVDoptical CD/DVD’’ss

•• Universal Secure Universal Secure OverwriteOverwrite--””Secure Secure EraseErase””


stylestyle






50

50

50

CD/DVD DESTROYERSCD/DVD DESTROYERSCD/DVD DESTROYERS

Turns CD/DVD’s to Dust CD/DVD Remains


stylestyle






51

51

51

TIME TAKES ITS TOLLTIME TAKES ITS TOLLTIME TAKES ITS TOLL


stylestyle






52

52

52


stylestyle






53

53

53

Who Does This Kind of Data Recovery?

Who Does This Kind of Who Does This Kind of Data Recovery?Data Recovery?

•• Ontrack Data RecoveryOntrack Data Recovery

•• CBL Data Recovery Technologies, Inc.CBL Data Recovery Technologies, Inc.

•• Data Retrieval ServicesData Retrieval Services

•• Data Recovery LabsData Recovery Labs

Who’s

Who

in Da

ta

Recov

ery


stylestyle






54

54

54

Quick ReviewQuick ReviewQuick Review

•• There is a difference between:There is a difference between:–– Clearing and Clearing and

purging mediapurging media

–– Keyboard and Keyboard and laboratory attacklaboratory attack

–– Overwriting and Overwriting and Degaussing mediaDegaussing media



stylestyle






55

55

55

ReferencesReferencesReferences

•• Article: Article: ““The Data DilemmaThe Data Dilemma”” Security ManagementSecurity Management, 1 FEB 1995, , 1 FEB 1995, by Charles M. Prestonby Charles M. Preston

•• NIST SP 500NIST SP 500--252, Care and Handling of CDs & DVDs, Oct. 252, Care and Handling of CDs & DVDs, Oct. 20032003

•• GAO Rpt. GAOGAO Rpt. GAO--0101--469, 469, ““Safeguarding of Safeguarding of Data in Excessed DOE Computers,Data in Excessed DOE Computers,”” Mar. 2001Mar. 2001

•• Article: Article: ““Remembrance of Data Passed: A Study of Disk Remembrance of Data Passed: A Study of Disk Sanitization PracticesSanitization Practices””, IEEE, Mar, 2003, by Garfinkle and , IEEE, Mar, 2003, by Garfinkle and ShelatShelat


stylestyle






56

56

56

Questions?Questions?Questions?


stylestyle






57

57

57

Understanding Data

Remanence Management

and What It Means to You

Understanding Data Understanding Data

Remanence Management Remanence Management

and What It Means to Youand What It Means to You

Presented By



Presented By



Thanks for

Attending!

Thanks for Thanks for

Attending!Attending!

Click to edit Master title Understanding Data Remanence … · 2019. 7. 16. · Click to edit...

Documents

Transcript of Click to edit Master title Understanding Data Remanence … · 2019. 7. 16. · Click to edit...