Slashdot Mirror
Second Hand Hard Discs Reveal Secrets
An anonymous reader writes "BBC News has a story about MIT grads buying old hard discs from eBay and elsewhere, and finding credit card numbers, ATM transactions, porn and emails all accessible on them. Comments? What's the strangest thing readers have found, or left, on a hard drive?"
This was posted before here.
I found a bunch of Spice Girl stuff (3GB+) on my friends 'broken' hard drive he gave me... I was sorta afraid when I saw that, really makes me wonder about him...
How else can we explain how the editors are finding these old stories?
If tits were wings it'd be flying around.
I found archives of old Slashdot stories and resubmitted them.
Common sense is what tells you the world is flat.
Well I bought a laptop back in the day...a p166 toshiba which to this day has enough power to word process...surf the internet, but unfortunately the battery and cdrom both died.
Now when I bought it I thought it was kinda wierd...it was in like a crayola theme and had lots of kids games on it and stuff, but the guy I got it from said it was his kids. So I am about to format it, since it was full of junk and the little 2 gig hd was filled, when all of a sudden what do i discover but a c:\private\ dir!!!
So...as any good person does I formatted without looking at it. *cough*
Turns out daddy had a gay pron fetish!
After being disgusted by this, especially since it was on his KIDS computer, I formatted and lived happily ever after.
Now, if someone was to buy the laptop from me they would find plenty of straight pron on it!!!
(and i just might leave it there as a little present)
[I can picture a world without war, without hate. I can picture us attacking that world, because they'd never expect it]
I'm seriously considering blocking CmdrTaco from the list of people whose stories I see. If you look back over the list of duplicates, nearly all of them are Taco's.
Psssst, Taco. A hint for ya: just because you started the site doesn't absolve you of the duty of looking at it once in a while. Say, before you click "Submit."
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
I see duplicates. They're everywhere - they don't even know they're duplicates...
-Adam
Some MIT kid in the future is going to stumble across the Slashdot hard drives and go "God Damn they posted Duplicates alot."
Discarded computer hard drives prove a trove of personal info
--- have you healed your church website?
I've rarely used second hand disks, but even if I did I'd just not look at what's on it. It's kind of like not looking in the neighbour's trashkan...
Of course, that's no excuse for companies to leave sensitive data from their customers on their leftovers!
Simon
Arrgh, I saw the cat pass twice... Errr, the post twice ! :-)
:-)
(Note to moderator : this is a pityful attempt at humor, to get my karma from bad to neutral, since my first 2 posts were rated -1 and ever since I can't post that will get read, and my two other posts weren't offensive, so I deserve better).
I've come across quite a few older drives in machines that hadn't been cleaned out. One was an ancient Mac II which used to be used as a webserver, but was removed from that job in 1995, and had sat in a basement getting rustier and rustier. It was given to me in horrific condition, and the motherboard/PSU was toast, almost like it was washed through with saltwater. The HD looked a little better, and on firing it up in another machine, it clattered noisily, but still read most of the drive - on there was the website, last accessed 8 years ago. I copied that all off and archived it just because it was cool.
:).
:).
Oddly, the website nowadays isn't all that different
Another belonged to a rather fascinating lady who seemed to use her computer from 1994 when it was new, until 2002 when I came across it from an ebay sale. All of her writing (some published, some not), drafts, her academic work, and her photography was on there. She did quite a few nudes and not only had published work, but every photo taken in between used to create those images. Slightly giggleworthy, but really just rather tasteful nude photos.
One other I was given, a compaq 486, belonged to an organiser of some of the behind the scenes work for the Sydney Olympics - it had names, addresses and phone numbers of dozens of celebrities, politicians, and anyone involved in the marketing pre-games, along with correspondence to those people. A fun read but kind of boring - I didn't keep the addresses either.
The biggest coincidence I came across was ordering a computer from ebay, from a town about 800km from me. it came to me with a HD full of various word documents - what a surprise to find it had originally been used as a wordprocessing machine in the same building I work in, and several years before. It came home
Nothing amazingly exciting, just a few curious little moments.
Check out the photoshop that's going on over at Fark: unlikely Slashdot articles.
Please! If a story is a dupe, so what? Here's a thought. Don't read it. Don't even comment. Don't even "just say no". (OK, so that was several thoughts ;-)
Get outside, breathe the fresh air, and quit trying to come up with clever quotes that express your angst over a duplicate/semi-duplicate story.</RANT>
SET MODE KarmaTracking=ON
SET MODE ModeratorSuckup=ON
The preceding comment has been reviewed and declared to be compliant with HIPPA Phase II regulations.
Again a story that has been posted a little while ago. I won't rant about reading your own website or getting decent editors... not this time.
:)
But I wouldn't be surprised if one of the factors for the attention BBC gives to this project is the fact that is has been on Slashdot.
Nice circle
There have to be 20 dupes about the fact that this is a dupe. Of course, I'm guessing this has already been pointed out...
Forget the whales - save the babies.
1.) All right allready! We now have established beyond a shadow of a doubt that yes, a similar story was posted earlier this week.
2.) It amuses me that people seem to think that /. editors have so much time on their hands that all they have to do all day is read headline and forum posts. That's what moderators and metamoderators are for, and they may not catch every story that comes down the pike.
3.) Perhaps the most enjoyable "data mining" find on an old hard drive for me was over 1000 songs in MP3 format. After deleting the ones that I didn't like, there were still nearly 950 of them. They now make up the bulk of my music library.
I have no tag line
I find it most interesting at places where lots of computers are hooked up to a network, like at a college dorm. It's amazing the clueless dolts that share their entire harddrive over the network. You can learn a lot by browsing someone's internet cache. Also, since Windows seems to share My Documents by default, you can read people's homework (usually boring as hell though). About the most interesting was the person sharing all of their instant messaging chat logs. Lets just say that person got around a lot... The only thing is that you have to be careful, these people who are that clueless usually have a ton of virii, so don't click on goatse.ch.vbs!
I know you don't care, but I was changing out a certain head priest's hard drive for a Catholic organization(Something to do with a Little Flower) in Chicago, and I was moving his documents and found a folder that was holding a few letters to an S&M house down in Springfield saying that he wanted some services and he was a single salesmen from Milwaukee...well he got the single part right.
Not to make this too long, but the funny part is they got pretty explicate about what he was wanting, and when I asked him if he wanted me to scratch and reinstall windows on the hard drive before I moved it over to the convent where the head Mother was going to be using it, he told me no, and I just went and installed it on here desk....God only knows how that went over?
while cat garbage garbage ; do true ; done | dd bs=100k of=/dev/hdaX
You could put it on a floppy Linux distribution and sell it to windows users who want to wipe their disks .. $20 a pop!
(or better yet -- a bootable CD business card so you could include the source).
Just don't let your 5 year old nephew get hold of it -- or else!
OS Software is like love: The best way to make it grow is to give it away.
Every other poster has managed to stay within the confines of this discussion, which is clearly about Duplicate stories being posted to Slashdot.
I don't think it's fair to them, or the rest of the readers, if this post doesn't get modded down to -1 Offtopic.
"Tuesday 8th of February 1997, Tony is pissing me off today, he's already taken 4 coffee breaks, sticking me with the rest of the work, note to self report to boss. Julie is looking rather sexy today, comment to her at lunch about lovely blouse."
It got spicy here and there and read like a badly written journal, still it was great to read about the daily intricate moments that one of my ex collegues had felt.
Errr Id better not tell this one.
Mouse powered Chips, Open source Processors and Lego
Think of it as an opportunity for even the dimmest of slashdotters to appear funny - go grabbing the funniest comments from the original story! For example:
"Luckily for me, my Ebay'd hard drives are safe: I only sell broken ones."
"Two MIT grad students bought used drives from eBay and secondhand computer stores.
Don't I feel inferior. I've done the same with used HD's in the past and I only have a HS edumacation."
"Your old HD is safe, I can get creditcard numbers faster on kazaa."
"Was it Pete Townshend's drive?"
"How do I destroy a HD? I just wait for my warranty to run out - it becomes unreadable shortly thereafter!"
One time when I came home from work, there was a PC by the dumpster at our apartment complex. I brought it in to harvest it for parts (never can have enough screws), and i decided to boot it up first to see what it was. Low end pentium, like a 75mhz. 8megs of ram. Ran DOS and Win 3.11.
Turned out the machine used to be a Kiosk machine at a deli counter at a local grocery store. There wasnt TOO much of interest on it, but there was a huge list of peoples meat and cheese orders.
About 6 months ago, I was taking out the trash in my apartment when I noticed a computer case next to the dumpster. Being the pack rat I am, I grabbed that baby and haulled it up to my room. It was absolutly caked in smoke and dust, so after an hour of totally cleaning it, I was ready to fire it up. The system was a 166 P1 and was in perfect working order, dispite the dust bunnies. Windows 95 loaded up painfully slow, but I managed. And the wealth of crap I found on there, lemme tell ya.
The first thing I found was an exchange of messages between the previous owner and a company that had shipped him a crate of mushrooms. Yes, mushrooms. Apperantly, customs has distroyed his first order and he wanted the company to ship a replacement. But it doesn't stop here.
The second thing I found was a pile of emails between the previous owner and his ex-girlfriend. Wow were they at eachothers necks. Apperantly, the previous owner was your average college drunkard and basically rapped this girl. I won't go into the specifics of it, but man, it was like watching a train wreck. I couldn't stop from reading every last juicy detail.
Anyway, that was about it... not CC# or anything like that, just sex and drugs.
should be
dd if=/dev/urandom bs=100k count=100 of=garbage
(I was sure that I'd fixed that)
OS Software is like love: The best way to make it grow is to give it away.
Slashdot ought to implement a dupe filtering system along the lines of the following: People indicate in their prefs whether or not they want to see dups (for the extra discussion). When a dupe is posted and an editor later recognizes it as a dupe, the editor flags it as a dupe and it no longer shows up on the pages of people who have asked not to see dupes.
Knowing this could cause legal trouble, I quickly got on the phone and called the hospital. They said that they thought the system was clean, and that I should destroy any data on the drive. I then called my lawyer. After a small consulting fee (about $60) he informed me that I shouldn't have anything to worry about, so long as I did as the hospital asked, and destroyed all copies of the records. And I did, and that was the first time I ever felt good about losing data!
(Posting anonymously, in case any other slashdotters get any funny ideas... :)
Sheesh, you'd think the 'nerds' would pay attention to the details. But then, you are not really nerds. Are you?
throw the baby out. The bathwater is cold
in a dumpster.
A friend went back to claim them, this is what he ended up with:
2 HP Server class machines PIII 450Mhz good working condition once the cigarette ashes were removed.
1 DLT Tape backup
19 New tapes in wrapper and cleaning kit
Cables and other accessories.
The machines were used by a financial company. Everything worked and booted up. NT server loaded and ready....
We shut them down and wiped everything. Pretty scary actually, who knows what was on those machines!
Blogging because I can...
Modest doubt is called the beacon of the wise. - William Shakespeare
This story is part of a striped disk array, which is why its content looks similar, but not identical, to the other stripe, which was discovered a week ago.
That said, experts would tell you that the only reliable way to make sure sensitive data doesn't get out is to thermite your drive.
Also, what's the one-line unix command (running MacOS X here).
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
1. Are you Tony? How many coffee breaks have you had today?
2. Got any nice pictures of Julie?
"A terrorist is someone who has a bomb but doesn't have an air force." -William Blum
When we sorted through his equipment, not only did he have volumes of she-male pr0n, but he had been subscribed to she-male pr0n emailing lists using his company email account.
It certainly explained his freaky looking "girlfriend".
:)
The strangest most surreal thing found so far is a copy of the same story on Slashdot.org from a few days ago.
Help fight continental drift.
15:08 21 January 03
At a worldwide conference held in Atlanta, GA, leading scientists and publishers agreed on a new measurement unit to describe the common phenomenon of news stories getting published repeatedly on internet news sites.
1 Taco = 3 dpm (dupes per minute)
After a lengthy discussion we eventually agreed to name the new unit after "CmdrTaco", founder of the famous web site Slashdot. We are really happy now, this has been bothering us since the beginning of the internet. said Sag. S. Nochmal, German publisher and chairman of the convention.
"CmdrTaco" himself was unavailable for comment. He was last seen yelling "Eternal fame" and "must write automatic re-post script now."
There are fewer illiterates than people who can't read.
Secure Harddisk Eraser is a Linux floppy that overwrites the HD several times with different patterns. Just boot from the floppy, wait 60 seconds and the harddisk will start to erase.
The homepage
Oh yes, I've posted on this before, but that doesn't seem to matter...
Any sufficiently advanced libertarian utopia is indistinguishable from government.
Or maybe the moderators who give "Offtopic" mods need to learn how to read the parent posts and see if the comment is really off topic or not.
Tangents can and do appear. While they may be "off topic" for the main heading they can be on topic for the context of the thread. For a bunch of people who gripe about context (benchmarks, blame for root exploits, etc) the "Offtopic" mod seems to be used improperly more often than not.
There are two kinds of people: 1) those that need closure
"Offtopic" mod seems to be used improperly more often than not.
very true indeed.
This whole little subdiscussion is very likely to get moderated as offtopic, whereas the only consistent topic in the entire comments is the fact that it's a dupe, which is offtopic.
The whole issue basically comes down to wether slashdot is a "discussion site" or an "information site based on comments". If the main purpose of slashdot is to create a vast and useful archive of comments that can enlighten a visitor seraching for info on a "news for nerd" subject, then indeed we are offtopic. If on the other hand, slashdot is a forum in which nerds can discuss anything they consider nerdstuff, almost everything is on topic !
I suppose the best way is something in between, but right now, I have the impression the balance is shifted way to much towards the first type. Plus, as many of us have said, the biggest problem is the fact that due to the recursive nature of the problem, the problem itself can't be discussed on slashdot.
And that attitude is what we usually call censorship. Slashdot is more and more becoming a selfcensoring community. I've tried to find analogies in the real world, but fail to see one so far. The only thing I'm sure of, is that it is not a GoodThing(tm)
When will I end this grieving ? When will my future begin ?
Back in the late 90's, when I was still doing PC service work for folks, I had a pretty wild experience in terms of recovery. I ran into this cab driver at CompUSA who was in the process of picking up a whole bunch of power cords and other basic accessories. We got to talking, and he said he was new to computers, and had just gotten a whole bunch of hardware from the local swap meet.
We talked a while longer, and he ended up agreeing to pay my hourly rate to look the machines over, clean them up, and wipe the drives so he could use 'em. What he had was a full-tower Pentium 166 (big stuff back then), and a smaller external drive that had a security key lock on it.
So, I vacuum the system's guts (had a ton of dust-bunnies in there), reseat the memory, and fire it up. It boots into Win95. First thing I notice is a TON of very high-end graphics-manipulation and publishing software installed, including packages like Adobe PageMaker, a full version of Acrobat, PhotoShop, etc. There was also the (then) current version of Visual Basic and Visual C (both Enterprise-class editions).
This set off some alarm bells in my head. The combined software on that system was worth at least as much as the hardware. I started digging a bit deeper. I found a couple of Word documents (yes, the system had a full version of MS Office and MS Exchange on it as well) with the name of a graphics-and-advertising company barely 30 miles away.
I called said company, and got hold of the admin assistant for the programmer who's name was all over the system. Turns out that the entirety of what that cabbie had delivered to me had all been stolen in a burglary the same day it showed up at the swap meet!
You can probably guess the rest. The cabbie, once he learned what was going on, and not wanting any trouble with the King County Sheriffs, agreed to just leave the equipment with me in return for anonymity. The system, as it turned out, belonged to one of their senior developer/programmers who, along with their system, had lost about seven years worth of intense work.
The company involved was so delighted to get everything back intact (yep, every byte of that work was recovered) that they not only paid me for my time involved in cleaning the stuff up, but they also gave me a $50.00 certificate for one of the best restaurants in town. My wife and I had a nice dinner with that one.
The moral of the story: Pay VERY close attention to what may be left on any hard drive or system you get, and follow your instincts if you're the least bit suspicious! You could end up saving someone a ton of grief and lost hours.
Bruce Lane, KC7GR,
Blue Feather Technologies
True story: some years back my wife was doing web design for various clients, one of whom had a graphic artist on staff, who gave her a Mac 100M Zip disk that supposedly had some nice artwork on it for my wife to put on the client's web site.
But the disk appeared to be completely empty, so my wife gave it to me to try to recover the missing files.
No problem under Linux...I recovered a full 100 megabytes of files...but they were all kinky porn!!!
We decided to let the guy off easy and didn't tell his employers what he was doing with company computers and media, but my wife was always a bit leery of working with that guy after that.
(Yes, I did of course save the more, ah, artistic images for, um, later personal, uh, research. ;-)
This kind of amusing leftovers on media is probably extremely common, but most people don't have any motivation to pry around into deleted files. As I recall, this particular disk just had a bit of file system damage that made it appear empty at first, rather than literally having deleted files, so file system repair was enough to get all of the originals back.
Professional Wild-Eyed Visionary
Whenever a PC changed hands, the IT folks did a complete 100% wipe on the hard drive before installing an image, but not before scanning the drive for security violations. I don't know what their disposition policy was, but it's a safe bet that dead media was definitely not going to be recovered.
Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10
And not just hard drives. Browsing around the company LAN, we find all sorts of things on peoples's shares. And once a couple of years back, my colleague and I discovered some persons of questionable parentage had gotten into one of our colocated servers and was using it as an FTP site for trading games. Our reaction was like this:
.... Is there anything good in there?"
Me: "Where did all the disk space go?"
Co-worker: "And this new account?"
Me: "Damn! I knew we should have replaced this POS(a 2 year old install)! It's been compomised!"
Co-worker: "Here's where it went. They've got an FTP site up for trading games. It's taking up 30 gigs!"
Me: "Bastards!
Co-worker: "Actually.... yes..."
Me: "OK. Shut that account out, let's prepare to redo the system. And maybe we should archive that. You know, for evidence...."
Fuck you, you no talent assclown! Butterscotch rules! Vanilla sucks! Where did you go to school, SEARS? Anyone who would say that about butterscotch clearly has Oedipal issues, do you kiss you mother with that mouth? Probably, french kiss. French VANILLA, that is!!!!
09F911029D74E35BD84156C5635688C0
Jesus loves you, I think you suck
At least it wasn't an article submitted like:
:p
According to this article posted on slashdot, HP released some.......
I'd like to see if something like that can slip through the filters
We didn't bother with wiping the drives.
After the end of a project or if a drive went bad, the drive platter was physically removed from the hd, smashed and then finally burned!
( Ob. M.P. quote : "burned down, fell over, then sank into the swamp" )
Better than what they used to do: destroy the ENTIRE PC too!
...wiping the free space on a drive is built into the OS.
/w:[path]
cipher
where [path]= any location on the drive in question.
This tool doesn't delete files that are present, but simply clears space already marked as "empty". It was included to augment the functionality of EFS. If you encrypt a file, you don't want vestiges of the file from before you encrypted it lingering.
"My God, this must be a truly remarkable corn chip, to be so widely and confidently touted."
A roommate of mine once worked at the Berkeley admissions office. Once, he showed up with a stack of ~15 floppies that he said were placed in the trash bin and were completely clean and usable when he tried them. Noticing a cryptic sticker with some numbers and the letters "ETS" on it, I got him to let me take a look at them. Took a raw disk dump. Hmm. Looks like ascii-ish data, as if from a flat database file, unencrypted. And hey, here're names... addresses... social security numbers... and a few more odd 4-digit numbers. about 30 minutes later, having figured out where the fields are, it dawns upon me that i had come upon the ETS test records (SAT I/SAT II) for the '97-'98 incoming applicant class at berkeley (some of the '96-'97 data too). Scarily enough, this also included DOB, SSN, addr, phone number, etc. Apparently the people in charge of processing the data did a quickformat or something and threw the disks right out thinking they're clean.
The data has since been destroyed for good, but not until after I spent weeks drooling about the hypothetical possibilities that this could've yielded =)
// zyqqh
I think time has arrived for techices to tell the general public and the companies they work for to wipe their drives before disposing or giving them away. People should be told to encrypt sensitive info and wipe drives. Heck, it should even come w/ the computer manuals IMO with the necessary software.
I think it just goes to show how much people depend on their computers for too many things. Only a matter of 10 years ago, people had financial information, documents, addresses and contacts and any other personal information under lock and key in a filing cabintet.
As long as someone doesn't snoop through their garbage bags, someone would probably not want to go to the local garbage dump to get personal information. Now many simply give old, working hard drives to charitable organizations or friends w/o even reformatting them. In the age of identity theft, I think its safe to say that most in the general public shred paper documents before disposal.
I worked for a professor doing workstudy for about three years who consistantly sexually harassed me - looking down shirt, trying to ask me to spend a weekend in the city with him, etc. One day while doing some word processing I happened upon a file with a few pieces of poetry. One was about the arrogance of american women, and another was about impotence. That almost made up for having to deal with his idiocy for all that time. I debated for a while printing them out and then using the departmental photocopier and posting them all around campus. I should have done that as a going away present to myself.