Slashdot Mirror
Man Finds Divorce Papers, Tax Docs On "New" Laptop
An anonymous reader writes "25-year-old Hidayat Sudirman found that his new laptop came loaded with more than just the usual software, it also contained 10GB of someone else's documents. From the article: "A buyer on the lookout for a new laptop got more than he bargained for at his local computer fair when the 'new' device came loaded with over 10GB of personal documents — including divorce papers and tax returns."
I think I saw an article a while back that IBM was going to add even more bloatware and start including "starter docs" to take the guess work out of creating day-to-day files and records. That's not personal data, those are "templates".
Loading...
It could have been any one of us who sold their laptop to some guy who sells laptops at an IT fair in Singapore!
Let
I probably wouldn't have noticed the documents, because the first thing I do with a new computer is make an image of it, toss the image into an archive bin, then whip out the DBAN or HDDErase media and zorch the drives.
This does three things -- ensures that any data previous to me is gone (because there are stories of even new devices having dubious content on them), checks to see if all sectors are readable/writable, and randomizes the data stored, so when I encrypt the drive using TrueCrypt or BitLocker, data that might have survived being written over will just be random numbers and useless for decryption attempts.
It is always a good habit to zero out media before using it, be it a USB flash drive, a MicroSD card, or a hard disk, just for the reasons above. It also is a good habit to do another thorough zeroing out before letting someone else have the media as well, for obvious reasons.
The article pushes the use of TrueCrypt rather heavily, but while it is nice for most people on a Mac it's a lot easier to just turn on FileVault (which stores your whole home directory in an encrypted disk image) and then make sure you require a login when you wake the computer.
I believe there's also a similar solution for Windows. In general it's better to promote the solution that works and is most likely to get used.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Hopefully most Slashdotters would at least make a minimal effort at wiping personal data off of any computer before selling it on.
which is totally what she said
1 - The seller got his hand on a bunch of identical, lightly-used machines and decided to resell 'em as "new". Creep.
---or
2 - The seller imaged a bunch of boxes from a used machine (with the end in view of not having to register/activate multiple copies of Windows) - i.e., the seller is pushing a pirated version of Windows with his new machines. Creep.
Years and years ago. Stuck it in my machine and it booted Win98se. Such a bargain.
"Eve of Destruction", it's not just for old hippies anymore...
At least in my view. I negotiate with the seller in order to get myself a bargain (50% off ideally; or 30% off if he's resistant).
If seller refuses to provide a partial discount, then I ship back the item at THEIR expense, not mine, because they made the error of sending a "new" laptop that is actually used.
One advantage of how laws and credit card contracts are written: The buyer holds almost-all the power, so it's rare for a seller to succeed in ripping you off.
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
Is it only me who finds this a bit insane? 10GB - that enough to store an entire library!
No kitty, this is my pot pie!
If we're going to mention specific OSes that have encryption built in, then I'll add Ubuntu and Windows Vista/7* to your list.
* probably just the more expensive versions, I'm not sure though
which is totally what she said
the black hats would have a field day with that kind of personal info....
I just got a "new" Boxee Box from Amazon that had some one's name in the accounts. To bad he didn't subscribe to Netflix. How come big business can sell used things as new?
If I return something. It should never be able to be sold as new again!
* Carthago Delenda Est *
You have to think about all of the law suits that the computer store is going to have.
Both of these implementations have serious flaws so are not recommended by anyone who wants to actually have some form of security.
This happened to me on a new laptop at Best Buy, and as if that wasn't bad enough, they tried to charge me a restocking fee when I returned it!!
Godaddy is a scam and a ripoff.
My fear with using BitLocker (win) or FileVault (mac) is that if for whatever reason my computer stops booting I won't be able to get in and get my files back. If you leave your files unencrypted you can usually just use a boot cd or worst case plug the drive in to another computer to save your files. Before anyone says it yes I do back up regularly, but you never know
However, with TrueCrypt you get a file which is a disc image that can be opened on any system as long as you have the TrueCrypt software and the password. So I throw all my general stuff on the drive unencrypted and sensitive stuff (passwords, financial data, etc) in a TrueCrypt file.
----------
Trying to fix or change something only guarantees and perpetuates it's existence
Hopefully most Slashdotters would at least make a minimal effort at wiping personal data off of any computer before selling it on.
Probably not. The more likely situation is to discover it post facto and blame the government and/or RMS somehow.
... Film at eleven.
FTFA:
> (a used device) on the understanding that it was a brand-new device
>China
This is news? In China? Really?
For anyone who's ever been to one, you know that there are good dealers and bad dealers. You need to know which is which. You can get a steal (haha) or you can be shafted. Being shafted doesn't happen often, but it does. You can't just walk in knowing nothing. Caveat emptor.
That said, computer fairs are good for people looking for specialized used equipment without having to go to an auction and buy an entire pallet of stuff and have 20 percent of it usable (and then you have to dispose of the rest yourself).
I'm also willing to bet that the guy completely misunderstood what the seller said.
--
BMO
With FileVault, you can recover your files on any Macintosh system. (You could technically recover your files on any system, but I don't know if anyone's written a sparsebundle reader for other OSes.)
Your home directory is, in fact, stored as a OS-X-specific disk image (sparsebundle) encrypted with your passphrase. It's not tightly bound to your particular computer or user account, except that the passphrase is required to be the same as your login password.
play-dates anyone?
1. Buy "new" computer
2. Discover said documents
3. Return computer for full refund
4. Claim the tax returns for you and sue the seller for attempted fraud
Profit!
The divorce papers spelt his own name. That futuristic laptop, top-spec and top-notch in every possible detail, was actually a gift from the future. And after reading through some pages of the divorce settlement, he called his fiancée and cancelled the marriage.
As if by magic, the laptop was now empty. He would not be able to show the nifty features of Office 2018 to his office mates.
Local computer fairs are basically the "Grey Ware" market of the world. I always assume when buying something from there I'll be getting something along the refurbished quality anyway. Not that that is a bad thing.... I just expect it, no matter what the sales people say.
In Vista and 7, yes, it is in the ultimate version and is called bitlocker.
Windows Vista
http://windows.microsoft.com/en-US/windows-vista/products/compare
Windows 7
http://www.microsoft.com/windows/windows-7/compare/default.aspx
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Does not surprise me - since everything they sell is NEW.
I worked in the IT department for a company, and we ordered a couple of laptops for evaluation from CDW. One of the laptops was defective (the lid closure switch didn't work). So I sent it back and got a replacement. A week later, we ordered a dozen laptops. In that shipment was the defective one I had sent back, still in the same box I shipped back in (I had torn the box trying to get the box open). Needless to say, a nasty phone call was made to our sales rep and he overnighted a replacement and they never asked for the defective unit back. I kept the defective unit as my desktop.
Also in the enterprise versions.
It really irritates the heck out of me - as freelancer I don't use most of the specific Enterprise features, nor the Ultimate features (for Vista at least) but whoever thought Bitlocker should be left out of the business edition is an idiot. All freelancers who tote around their laptop all day to customers could use it.
Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
You owe me a keyboard Sir.
Yeah no kidding. This is like me buying a car stereo from a guy who walked up to me a gas station and then recoiling in shock when it already has a cd in it. A better title for this article should be "Newsflash: Sometimes People Steal Things"
http://www.youtube.com/watch?v=L8D1e3kD4W8
Although my main issue with this ad is you'd really give some flunkies at Staples access to your tax files? REALLY??!?
.
Prisencolinensinainciusol. Ol Rait!
This was bought at a computer fair give me a break. Retailers selling returned stuff as new, not a surprise, definitely illegal. Manufacturers pulling it, extremely illegal. I had a friend that bought a "new" external hard drive only to find that it was loaded with someone else's photos, tax returns, etc. We believe that was the manufacturer buying refurb drives to install in the external case. Does that constitute a "new" product?
best buy some times does stuff like this
The problem, THE problem with encrypting your hard drive is that you add another set of complications in case of filesystem corruption.
I know we all use Linux here and that it never crashes, but you just try and fsck a filesystem after typing candlejack, it can't be
Do not meddle in the affairs of geeks for they are subtle and quick to anger
So ... to recover, you put the disk in a new / different Mac, create an account with the same passphrase, and then log in?
Also in the enterprise versions.
It really irritates the heck out of me - as freelancer I don't use most of the specific Enterprise features, nor the Ultimate features (for Vista at least) but whoever thought Bitlocker should be left out of the business edition is an idiot. All freelancers who tote around their laptop all day to customers could use it.
I agree that it would be nice to include bitlocker, but you can still use EFS to encrypt your documents in Win 7 Pro. just be sure to back up your personal cert.
Battlemaster--Game with friends in medival realms
This is why I use TrueCrypt instead of Fire Vault...
Most of my home directory isn't sensitive, I don't want to slow-down and hassle that comes with encryption on it.
So all my stuff is unencrypted, and then I have a few TrueCrypt volumes with stuff that I DO want encrypted.
At least now I know where my stolen laptop ended up!
For conscience is the wound, and there's naught to staunch it
Due to the current economic environment I could not afford to buy a new laptop, so every day I went to the local computer shop to "evaluate" their systems. The salesman said he didn't mind if I used the machine to "test its capabilities". I had my divorce papers almost completed when the next day the salesman told me that someone bought the machine I was using. Can you please post the divorce papers so I can print them out?
Thanks.
Isn't EFS just using your password hash as the key, or at least using that hash as the key to encrypt the actual certificate... In any case, it's supposed to be pretty weak and quite easy to retrieve data from.
Also, the reason most windows users go for full disk encryption instead of user level encryption is because of just how many places on disk windows could store personal information, whereas on a unix system it pretty much only goes in $HOME, /tmp (which you can put in ram) and swap (which you can encrypt using a random key at bootup)
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
If you buy a laptop at a "computer faire" you will get lied to and sold used hardware. Nobody in those arenas are telling the truth and selling used stuff as new.
Do not look at laser with remaining good eye.
Yes, exactly, as long as you have the right passphrase you can get in the sparsebundle.
That's the rub of course, if you lose that passphrase it's all gone. But that's true of TrueCrypt as well.
This is all made transparent by Apple's Time Machine backup, from which you just restore the whole system in the event of dramatic failure or machine replacement. If you are using a Mac and not using Time Machine, you are insane at it's the best way to maintain backups and fully recover a system.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
If we're going to mention specific OSes that have encryption built in, then I'll add Ubuntu and Windows Vista/7* to your list.
I already added Windows in my original post (just forgot the name of Bitlocker) and it goes without saying that Linux includes the same because anyone who knows what Linux is would know that. But someone running Linux would also know enough to evaluate the full range of choices rather than needing a simple switch.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
No. To recover, you simply open the .sparsebundle file on any Macintosh. It will prompt for your passphrase and mount the disk image.
If you use FileVault home directory encryption, the only thing your real home directory on disk contains is a single .sparsebundle file. Whenever you log in, that .sparsebundle is mounted (on top of your home directory's location). However, the entire login process is not necessary. A .sparsebundle is simple a disk image file, and a FileVault .sparsebundle is simply an encrypted disk image file. They can be opened and manipulated like a .dmg file.
FileVault actually also uses a backup key stored in the recovery keychain, so that you can decrypt your home directory in the event you lose your passphrase. I'm not familiar with using the recovery keychain on a foreign system, though.
So ... to recover, you put the disk in a new / different Mac, create an account with the same passphrase, and then log in?
You don't have to create an account with the same passphrase.
Like blueg3 said, you just take the sparse bundle (Disk image) and mount on another Mac. When you go to mount it, it will ask for the username and password that created it.
Or just connect the drive and mount the old home directory as an encrypted disk image.
The article pushes the use of TrueCrypt rather heavily, but while it is nice for most people on a Mac it's a lot easier to just turn on FileVault (which stores your whole home directory in an encrypted disk image) and then make sure you require a login when you wake the computer.
The last time I looked (which was fairly recently), FileVault conflicted with Time Machine in that TM would only back up your home directory while you were actually logged out of the machine if you had FileVault enabled. Is that still the case?
Reference to an example discussion of the issue: http://discussions.apple.com/thread.jspa;jsessionid=49AFF6673807DC58FD81B4150F261932.node0?messageID=11535839&
Dewey, what part of this looks like authorities should be involved?
I once purchased a 'new' hard drive from a computer store here in Vancouver, Canada. The store is well known for having the best prices in town, but also the worst service imaginable. They are literally hostile to customers. When I got home and slaved up the drive I discovered it was already full of data - Someone had obviously returned it and the store just resold it. When I tried to return it I got quite the hassle. Conversation went something like this -
"I want to return this hard drive."
"NO REFUNDS. Bye bye."
"OK, I want to exchange it."
"We too busy, come back later. Exchanges later. New purchases now only. Bye Bye."
"Come back when?"
"Later. You call. We tell you when."
"No, no, look you just need to exchange this. This 'new' drive has someone else's data on it. It's not new. I want a new one."
"Data? What data?"
"It was someone else's master - The drive's full of data."
"No, no not bad. Good, good!"
"Good?"
"Drive comes with everything you need! Comes pre-loaded with Windows, MS-Office, all preloaded - Even games, movies! Best Value!! Bye Bye!"
"That's not legal. Give me a new drive."
"Drive great value. No exchanges right now. Bye bye. NEXT!"
Eventually I just reformatted the thing. I should have known better than going to this particular store...
Actually I believe that Windows should only be putting user data in the \users\$username directory tree.
Non-conforming third-party apps on the other hand are a different matter.
It's official. Most of you are morons.
Both of these implementations have serious flaws so are not recommended by anyone who wants to actually have some form of security.
In the technologists mind is it really better to have no security than imperfect security?
You seem to think so, even though no one system of security is perfect.
FileVault is not perfect, no, but at this point it's pretty good (in conjunction as I said with requiring a password on wake from sleep) and you just check a box to turn it on, which means people actually might do it if you tell them it's a good idea. No way most Mac or Windows users are going to be able to set up TrueCrypt and make serious use of it.
Those of us with more technical skill can opt for solutions that are harder to set up and perform better in all sorts of ways, but that does not mean they should be recommended to people who cannot handle them. What should be recommended is what lies within their reach. Security is all about percentages and even a flawed security system will stop some attackers some of the time.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Actually I believe that Windows should only be putting user data in the \users\$username directory tree.
Doesn't matter where Windows should be putting user data, what matters is where users put data - and I don't think I've seen a single person who put data there. They usually start from the root of the drive. No-one (and I mean no-one) wants to drop data into that Windows directory black hole.
On macs at least people generally put stuff in the home directory because the system pushes you there.
On Linux people just know what the hell they are doing.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
That is unfortunately true but you can make TM actually back up your files and not the sparsebundle (which means it will back-up while you are logged in):
http://hints.macworld.com/article.php?story=20100123173425191
Sadly not something you could easily direct a normal person to do, as an encrypted laptop with an un-encrypted backup is the ideal situation for most users.
Also I would kind of worry how fast you could recover if you had tricked TM in that way, it seems like the process would be a lot more hands-on than normal as you would probably restore, set up FileVault in a new users, and then copy in the backed-up user directory into it. But if you know enough to get it to work you could get the data back out.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The summary doesn't *quite* represent the facts.
This wasn't a "new" laptop the way most of us would think "new" ie box, packaging, etc; from TFA: "...Hidayat Sudirman...bought a 14-inch Asus laptop from a stand at his local (Singapore) IT fair..."
It was UNDERSTOOD to be new.
-Styopa
Just went through this with my bitlocker encrypted drive - the drive started dying and I (luckily) able to just image the old drive to a new drive. No problems over here - bitlocker came right up and asked for my bitlocker key which I entered and I was on my way.
Around here (Florida) this happens pretty regularly. I know for an absolute fact that it's policy at my Lowes to put returned stuff that looks "ok" right back on the shelf. I've purchased several tools, decided they weren't what I needed, returned them, and saw the packages back on the shelf the next time I was there with no indication that they had been previously sold/returned. Granted, there isn't a whole lot you can do to a box of drill bits, etc to devalue them as long as they're not damaged, but if I was the guy that bought them and didn't find out they had been used until I got home, I'd be pretty ticked. Best Buy and other stores like them seem to base their policy on how likely a customer is to realize the item had previously been returned. I always keep the box and all accessories for everything I buy in case I decide to return it, but some people don't keep everything or are careless when ripping a box open. If I return something that still looks new, they'll probably put it back on the shelf next to the new items, if someone returns an item with a ripped box, they'll probably put an open box sticker on it. I think this is a pretty shady business practice, but they're a big box, so complaining to the manager may get you 10% off, but your complaint probably won't ever get to someone who can act on it. I don't see this policy changing unless someone starts a class action suit or the government steps in.
Pretty sure Ultimate addition would be for those gold diggers that marry older men and wait for them to die. Repeat.
These days, except for the registry, pretty much everything goes in C:\Users\. But nice try.
I'm Rocco. I'm the +5 Funny man.
That still requires you to have the actual passphrase of the account. Granted, all you need to do is run John for a period of time, but it still isn't trivial to get to the files, given a proper passphrase.
What a depressingly stupid machine.
Hidayat Sudirman, a 25 year old civil servant from Singapore, bought a 14-inch Asus laptop from a stand at his local IT fair on the understanding that it was a brand-new device. When he got it home, however, it appeared not to be the case.
So he didn't buy this at a store or from Dell/HP/whatever. He bought it at an IT fair in Singapore and they LIED and said it was new?
This is news?
If you've never been modded as "flamebait" or "troll," you've never tried to argue a minority viewpoint here!
That's quite a lot for a single individual to amass in a (presumably) short period of time between buying and returning a computer. I think they perhaps mean 10 gigs in personal files alltogether. If the previous user imported their music library, photo albums, video*cough*porn*cough*, then that's easy enough. Documents alone would be surprising, tho.
Open box laptops, tons of fun when the stores selling them forgets to reinitialize them.
How much does a tax return fetch on the black market? Was this an American tax return or local?
Every day people bring back computers, after they did something real quick on them (played a game, wanted to download one thing, do their taxes, work on a project, etc), and stores like Walmart, Best Buy, etc etc etc will just put them right back on the shelves unless they're broken. Hell, even major companies (Toshiba, for instance) will get broken products returned to them, then just put a 'this might be broken" sticker inside the product, then when it gets returned AGAIN, they finally decide to find out whats wrong
Defender of Microsoft and Communism!!!
Hopefully most Slashdotters would at least make a minimal effort at wiping personal data off of any computer before selling it on.
And if not the personal data, thenat least the bio[logical|metric] data. Yes, I meant dandruff, fingerprints and hair.
This is precisely the reason that Staples now makes you fill out a liability waiver on any merchandise return that could potentially contain personal data. The merchandise is then given to their in-store technician (I use that term loosely) for a data wipe. This usually consists of running an OEM recovery, which as many of you know will do absolutely nothing for you if the device falls into the hands of someone remotely competent with computers. This all stemmed from a major lawsuit because a customer returned a machine with income tax information on it. Turns out that the customer that purchased the computer afterwards found the information and notified the original customer. Needless to say, Staples ended up settling out of court for an undisclosed amount of money. If I recall correctly, they paid out approximately ten settlements before implementing the waiver.
Depends how the encryption works. If it hides all of the encrypted tree in an encrypted file (e.g. a tarball) then corruption of the encrypted tree is just corruption of a file and not a matter for fsck to deal with. If it encrypts each file separately then fsck should be able to find and relink them to the lost+found the way it does when they're unencrypted.
Unless of course you create a filesystem named candlejack, then you're f
Hopefully most Slashdotters would at least make a minimal effort at wiping personal data off of any computer before selling it on.
It is also possible that the laptop is stolen. I don't know, but if it is new enough to be passed off as brand new, then there has to be a story of why it is for sale.
Most people IME put stuff either on their Desktop, or in "My Documents", because those are the locations that the system and any remotely recent app will select by default. This has been true since Windows 95 (though per-user directories for those didn't appear until 98).
The only people I see putting stuff outside these locations are the stubborn old-schoolers who have been around since Windows 3.1 or earlier, and people who have multiple drives - which typically means they have enough knowledge to know what they're doing.
So does Windows, in exactly the same way (and has for longer - earlier versions of OS X still had the system disk straight on the desktop, encouraging people to use that).
Encrypting your home directory using FileVault on a Mac is nice for security, be aware that it makes backing up your machine with Time Machine a nightmare. You cannot do incremental backups if it is encrypted. I'm not sure (never tried it) that you can do restore of individual files either. Have 200GB of music/images in your home directory (the default location)? Have fun backing the entire thing up every time. I wish Apple would let you encrypt a single directory and everything under it rather than the all or nothing approach.
You can also use this to make your own password-protected sparsebundles. When I do stuff on contract, I use an encrypted sparsebundle for that client. Double click on the sparsebundle, and it prompts for the password and mounts.
I do keep symlinks to the /Volumes/BundleName directories in $HOME for command line convenience. But when the bundle isn't mounted, all tbe links are dead and point somewhere I can't write, so I can't accidentally create files.
Get started with "New Disk Image" in Disk Utility.
Hopefully most Slashdotters would at least make a minimal effort at wiping personal data off of any computer before selling it on.
if it was most Slahdotters - It would just be porn.....
There are 10 types of people in the world: Those that know Binary and those who don't.
Pretty close... copy the disk image file to a new install of the OS (be it on a new/other/borrowed mac, or the fixed one you had) and open it; it will ask you for your password, enter it, and your home folder is mounted as if it were a separate hard drive volume.
Yes, you can use Disk Utility to make all sorts of weird encrypted disk images. Sparseimages and sparsebundles are pretty convenient. The one problem with putting sensitive files inside encrypted disk images is that between the application and the OS, it's easy for information about your documents (e.g., temporary copies of the document) to leak into unencrypted space. The major benefit of having individual encrypted disk images, besides the handy compartmentalization, is that you can use a password other than your login password. OS X login passwords are enormously easier to crack than the passwords on encrypted disk images, and you substantially weaken security in FileVault by having the two always be the same.
No, you can just mount the image on any Mac and it will prompt you for the passphrase to decrypt it.
During my college days, I worked at a Sam's club and managers always had me reinstall Windows on returned machines. And it was pretty common for the earlier shift guys to repackage the machines without even doing a clean install. They did the same with high def tvs and any other electronic item you could imagine.
Obv u guys haven't been thru enough divorces to know
that "pre-divorce theft" happens frequently.
You come home one day... and the soon to be ex and
god knows who else has just been thru your home, all
your stuff and you have no recourse.
Cause it's "her stuff too".
Two is enough for me. [Oh and before you start judging
why it's been two. First one passed. Second one was a
bitch, lol]
I purchased an IBM Thinkpad off of eBay, it was lightly used. when I received it the machine had been rebuilt using the stored image on the drive and prompted me for all of the usual setup stuff blah blah.
Imagine my surprise when I found the second partition FILLED with medical files! The previous owner was apparently a plastic surgeon and there were many before\after pictures of breast augmentation, various maladies being remedied, and more than one poor burn patient. Yes, there was information that could have probably been used to directly identify these people but honestly all I ever looked over were a few of the pictures.
The previous owner lived in Canada, I in the US. I was in a quandary as to what to do. In my mind this was a "data spill" and the data had been mishandled but the only person who had seen it was me. I wasn't sure if I should notify someone official, simply notify the previous owner, or just format the drive. I spoke to some friends and they too had all sorts of conflicting ideas. However when someone began asking if they could see or copy the data because they were curious I decided to put an end to it and securely formatted the drive. I decided I didn't want the hassle, that it was an innocent mistake, and that since I had been THE only person to see it that it wasn't worth going to big trouble or getting someone into trouble. I also realized that at least one of my friends was creepier than I'd realized. Had it been a US doctor I might have had legal obligations though.
Certainly taught a lesson though - the rebuild disks don't touch anything but the primary partition - d'oh!
Build it, Drive it, Improve it! Hybridz.org
Isn't EFS just using your password hash as the key, or at least using that hash as the key to encrypt the actual certificate... In any case, it's supposed to be pretty weak and quite easy to retrieve data from.
Also, the reason most windows users go for full disk encryption instead of user level encryption is because of just how many places on disk windows could store personal information, whereas on a unix system it pretty much only goes in $HOME, /tmp (which you can put in ram) and swap (which you can encrypt using a random key at bootup)
It's not quite that bad, most of the weaknesses were in Windows 2000. Wikipedia has a good article on it. Basically, you need to log on as the user to decrypt the file. Resetting the user password destroys the private key, so that doesn't work. Just be sure that the administrator account is not the data recovery agent--just back up your key/cert to a CD or USB drive.
Battlemaster--Game with friends in medival realms
If it's porn then hopefully they'll at least wipe the machine down with a cloth to remove any "personal data"..
which is totally what she said
At least he didn't buy a router from Walmart only to open the box and find a bag of dirt labelled "PUTO".
I take it you haven't tried BitLocker...
When you enable BL, the OS will generate a recovery key (a whole bunch of random alphanumerics; I think it actually has more entropy than the crypto key) and force you to store it somehow. Options include printing and writing to a flashdrive or other external storage (on a domain, it can be backed up by the domain controller). This recovery key works for any situation where the "easy" unlocking methods that you're using (for example, a TPM + smart card) don't work. It can be used to unlock or fully decrypt the volume on another computer, in case something goes drastically wrong.
There's no place I could be, since I've found Serenity...
Yeah no kidding. This is like me buying a car stereo from a guy who walked up to me a gas station and then recoiling in shock when it already has a cd in it. A better title for this article should be "Newsflash: Sometimes People Steal Things"
Er... In Singapore's context, 'IT fair' does not mean what you think it means. In this case, think trade show. Hundreds of retailers and manufacturers selling to consumers. No person to person transactions. Also, link is relevant if you want to read the organiser's description of the show: http://www.itshow.com.sg/
Can I still judge you? It's the only way I can get an erection.
If your business depends on it, you would be an idiot not to pay the extra 100 bucks?
I would guess that's there business thinking.
The Kruger Dunning explains most post on
Back when I was working at a computer shop, a customer brought in a PC they had bought elsewhere, and the hard drive failed. The drive was still under warranty, so, I took care of everything, returned the drive to Maxtor for a replacement.
After receiving a new hard drive, I placed it into the PC, and turned it on. I forgot the Windows install CD, and expecting a boot error, I was quite surprised to find the PC booting into Win2K. Found lots of sales documents, other business related documents for a Ford car lot.
Maxtor says 'Sorry, just reformat the drive, and it's got a full warranty as if it were new' I was informed that warranty returns are tested, and if they don't find them bad, they're sent back out, only this one missed the format step.
The fact of the matter is that the vast majority of fathers pay child support and more than the court obligates them to, and that the vast majority of mothers routinely don't contribute a dime of their own obligation to provide for their children, instead, forcing them to live off of the contributions of only one parent -- the father, or lining up for a handout from the government to make up the shortfall.
That is very probably the biggest lie ever posted on /. in its entire history.
Just ask your local cops how many warrants for failure to pay child support are in their system. Then ask them for a breakdown by gender.
Methinks Mr. A. Coward has had his grasp on reality weakened by the acid of his poorly controlled rage against women. Let us hope that he never expresses that rage physically.
As a buyer, data is the least of my concerns, its trivially easy to wipe it...
However you must be pretty stupid to return an item to a store while it still has your own data on it!
I would however want a small discount if the packaging was opened/damaged... Even if the item inside was perfectly clean.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
So you have the registry for one...
Then you have the swap file, is there any option to encrypt that?
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
On windows, you can authenticate using the password hash instead of the plain text password (ie you can just retrieve the hash from the disk, no need to crack it), does doing so still provide access to the encrypted data?
If resetting the password destroys the private key, how is this performed? IS the destruction of the key a separate process which could be bypassed by resetting the password using a livecd, or is it destroyed because the privkey is encrypted using the password and thus can no longer be decrypted by the newly changed password?
Even assuming that this doesnt work, windows password encryption is much weaker than modern unix systems (especially if lanman is still enabled) so there is still a high possibility of simply cracking the password and using it.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
That's the benefit of the Costco 90 day return policy.. get a new computer, use it for tax season, return it (and maybe take a tax deduction for its purchase before you return it??)...sheesh. I'll bet there are lots of "new" computers out there that have been in at least one user's hands before.
On windows, you can authenticate using the password hash instead of the plain text password (ie you can just retrieve the hash from the disk, no need to crack it), does doing so still provide access to the encrypted data?
In order to do what you describe, you'd have to authenticate across the network...which means you'd be connecting from a machine that doesn't have the private key on it. No dice.
If resetting the password destroys the private key, how is this performed? IS the destruction of the key a separate process which could be bypassed by resetting the password using a livecd, or is it destroyed because the privkey is encrypted using the password and thus can no longer be decrypted by the newly changed password?
The private key is stored in the windows credential manager, which is encrypted using the password. Changing the password when you're not logged on renders the credential manager unreadable.
Even assuming that this doesnt work, windows password encryption is much weaker than modern unix systems (especially if lanman is still enabled) so there is still a high possibility of simply cracking the password and using it.
Lanman isn't enabled by default in Windows 7. An offline attack using a rainbow table would have the highest chance of success.
Battlemaster--Game with friends in medival realms
It's even easier than that. Double-click the sparse bundle image (on a Mac) and enter your password when prompted and it will mount on the desktop like another disk.
Specialist Mac support for creative pros, Melbourne
Yeah, but the guy didn't sell it... the dumb retailer said they mixed up units that they had repaired with brand new units they were selling.
Most Slashdotters would not be comfortable sending PC hardware in for repair, probably, without wiping/transferring the hard drive contents.
It could have been any one of us who sold their laptop to some guy who sells laptops at an IT fair in Singapore!
The real lesson is to computer buyers, and people getting service done on their computer.
Don't send your computer in for repair... at least not to a shop that also sells PCs.
Imagine if there were no documents found on it..... he would have been fooled into thinking he got a new computer, when he got a used one and paid the new item price for it? This is a monetary win for the store, since they sold something as 'new' which commands a premium over what it's worth.
An unscrupulous/shady retailer might do that intentionally, and it raises lots of suspicions here. They would eventually get caught (as they did here), and naturally, an excuse could be expected. I suppose the question will be.... does this repeat? If not, then maybe the excuse was legit. If it does repeat or the retailer vanishes/changes names suddenly, it will look more and more suspicious to the public.
The retailer came up with an excuse, but I really wonder..... Was it shrink-wrapped too?
How the hell do you mix up a unit you are repairing for someone with your new product?
"Oops...sorry your computer we were repairing? Sorry, we lost it... sold it to some random stranger" "The worker didn't notice he was pulling the computer from a stack of units being repaired that were not in original boxes, and he thought the 'repair ticket' taped to it was just a random piece of trash, so threw it away before giving PC to the buyer."
Here, you can buy a "brand new one" from us, and we'll give you 25% off and waive the repair charges, to make up for us losing your used one, or we'll give you a use one from our (*cough* [banged up lemons sent in for repair]) pile, we'll even throw in a free copy of [Bloatware/Trialware] 2011.