Slashdot Mirror
Ask Slashdot: How To Deal With Refurbed Drives With Customer Data?
An anonymous reader writes "I just received 3 'refurbished' SATA drives from Newegg. All 3 had some sort of existing partition. Most appeared to be factory diagnostic partitions, but one had a full Dell Windows XP install complete with customer data. How big a deal is this? Should I contact someone besides Newegg about this?"
First, have a look at the data. Then decide.
Choice #1: Send the drives back and demand ones without confidential data on them.
Choice #2: Use a utility like HDDErase which uses low level ATA commands to tell the controller to wipe the drive. This will wipe every sector, even ones that are bad, relocated, or protected ones. After that, follow up with DBAN for good measure.
After that, don't worry about it.
http://dban.org/
Enough said.
Music is everybody's possession.
It's only publishers who think that people own it.
Fuck Beta
~John Lenno
Newegg is a bunch of morons.
dd if=/dev/sda of=somefile
Then reformat the drive, do whatever you want with it. Take the dd image, mount it and browse through it. Credit card numbers, passwords, private photos and shit - you bought it, so it's all yours.
Technically it qualifies as a Data Breach Incident. Depending on the industry the original drive belonged to shit could hit the fan.
The fault lies entirely with the original owner for not wiping the hard drive before returning the equipment. NewEgg is ot in the data wiping business.
Of course the easiest thing for you to do would simply be to repartition it and reformat it.
Darik's Boot And Nuke | Hard Drive Disk Wipe and Data Clearing
www.dban.org/
Just wipe the drive and move on. You don't want to know, and it's too much hassle besides.
The responsible thing to do is to make a TGZ of the contents and post it on Pirate bay. Zero the empty space to achieve the best compression, although someone might like rooting around in the raw data..
Do not look at laser with remaining good eye.
Why bother? Ignore it. Dumb question. Move on.
Run a few times (>=2 ) the command:
dd if=/dev/urandom /dev/sdx bs=4096
The solution is a little bit harder if you don't run Linux: install it first.
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
Well on one hand, it mustn't be important data if they just resold the drives. I'd just wipe them and move on.
On the other hand, you essentially have a pirated copy of Win XP now, plus a bunch potentially sensitive data. So in the interests of limiting liability on your part and on NewEgg's part (or whoever provided the drives to NewEgg) it makes sense to inform them.
First off the drives are yours, but the data isn't. You are within your rights to wipe the drives clean and use the drives as you wish, BUT I would highly recommend contacting Newegg about this data privacy breach. The data on those drives is defiantly not yours and Newegg should NEVER sell a drive with personal data on it (no matter how confidential it is). Someone should be losing their job over this.
I've gotten drives I purchased as new from Amazon and Newegg with exsiting Windows installations on them. In fact, I'd say I see it maybe once in every 30 drives I get. I buy enough drives that I see six or seven such drives in a typical year. Once I got a drive that was clearly part of a Windows SoftRAID before I formatted it.
Personally, I send those drives back. They clearly aren't new and they're not fit for sale in that state. I'm not paranoid enough to go looking at the SMART data for power on hours but when I run across drives like that it makes me think I should. Amazon will pay return shipping on drives in that condition. That is a good reason to buy drives from Amazon.
-- I wanna decide who lives and who dies - Crow T. Robot, MST3K
Or else you would not be asking this question? Take whatever is useful and get rid of the useless data. If you did not then you are one of the good ones remaining ;wipe them with several passes and start using them
I can't help but be reminded of this scene from the movie Old School:
Mitch: Sorry, your seat belt seems to be broken. What do you recommend?
Cab Driver: I recommend you stop being such a pussy. You're in the back seat.
Just don't even worry about it. Nobody you complain to is really going to care. Give it a quick scan for anything interesting, and format once you're done.
Profit.
Manna. Check it for any good stuff (sexy pics of hot former user, passwords, credit card info etc), and use it as you see fit. The disc serials could potentially be traced to you, so use some common sense. But a little evil does a body good.
I'd ask if you can do an exchange for one with Windows 7 on it, since XP is getting pretty long in the tooth ....
Seriously though, it sounds like NewEgg is usually putting the used drives through some sort of diagnostic process, if they all had special partitions on them for the purpose. Maybe they simply need to train their bench techs to wipe the drives first, instead of making the assumption that creating the new partition is ensuring any old data on the drive becomes unreadable/inaccessible?
MINE BABY, MINE!
There are some eastern european 'gentlemen' that will pay top dollar for quality information. Just extract the names and social security numbers, you can keep the drive.
SD
âoeWho knew something as harmless as willful ignorance could end up having real consequences?â
That is a good reason to buy drives from Amazon.
So Amazon selling used drives labeled as new is a good reason to buy from them? Sounds to me that you need a new vendor. And if you're buying 210 drives a year (one used drive every 30, and you see 7 used drives a year), I highly recommend you get some sort of direct wholesale or resellers account instead.
If so, I'd just reformat the drive and keep my mouth shut.
First check for free porn, then call New Egg about it.
Tea and kung-fu. Life is good. Rising Phoenix
Choice #3: Mine the data, use to your advantage.
Yes, I'm sure we're all civilized people here with great integrity. But that doesn't preclude the submitter from being evil and lord knows there's plenty of others who are nefarious.
Even if you're not particularly evil, I know few people who wouldn't be tempted to see if that refurbished (camera+)memorycard had any fun photos on there.. just to have a peek. We're a curious bunch, after all.
Quite a few years ago we bought an allegedly new drive from a bay area electronics retailer, and found it to contain some sort of raw partition containing a list of the names of approximately HALF THE PEOPLE in the United States along with some "number". Those of us who were listed in the data were unable to figure out what the number might be (an account number etc.)
Eventually we got bored with the data and put the drive in service for its originally intended application.
I wrote up the event and sent it off to the RISKS list, especially as Peter G. Neumann, the moderator of RISKS, was listed in the data, but they didn't publish it.
G.
If the data is boring just ignore it, otherwise you might like to go get your whistle.
At some point you'll want to wipe it, with Linux this is my fav:
testdisk () {
[ -e "$1" ] || { < "$1" ; return; }
cryptsetup create towipe $1 -c aes-xts-plain -d
badblocks -svw
cryptsetup remove towipe
dd bs=512 count=1 if=/dev/zero of=$1
}
Just run it with: testdisk /dev/sda
It quickly wipes the disk with data that is indistinguishable from encrypted data. Checks that the disk is in fact OK and makes sure that S.M.A.R.T has had a chance do check over the entire disk. If it passes this it's a good disk (for now).
If it doesn't have the same diag partition, then NewEgg didn't do their usual refurb testing on it. Which means that there's a chance it's not in as good a shape as the others. So send it back and make them give you one that's been properly refurbed. There's no excuse for them not to have wiped the drive in the process of testing it before they resold it.
A thousand pounds of wood moving at 300 feet per minute. Don't get in the way.
You don't need to write 0s or random data to disk, just format that sucker and start using it. Also, if you want, email New Egg to tell them about the problem. Maybe they'll forward the message onto the supplier who refurbishes drives and resells them without wiping the data first.
I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
I assume you don't have any LEGAL obligation to do anything other than not try to view the data. If you have any reason to suspect otherwise, ignore this entire Slashdot threat and call a lawyer.
Now the question is, how much do you WANT do do, which boils down to "at least as much as your conscience requires" and "not so much work that you'll wish you'd never ordered the drive in the first place."
At the low end of the stress scale, take an earlier poster's suggestion and use HDDErase or something similar followed by DBAN should make sure you don't ever stumble across their data. Sending it back to NewEgg accomplishes the same thing.
If you send it back, I wouldn't use the normal return method. Instead, I'd write a letter to a high-level executive and include a copy of the drive-plate cover, a screen-shot, and a copy of your order along with a request that the executive do what it takes to make sure this never happens again, then ask for instructions to return the drive. Send the letter by certified mail. Keep copies of all correspondence.
At the high end of the stress scale, you can probably complain to a government agency, as NewEgg may have violated the law.
There are other options in between.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Order more drives. Hope for jackpot.
-- Technology for the sake of technology is as pathetic as eschewing technology because it's technology.
...as they say, is nine-tenths of the law.
Contact the original owner, and extort them for $50k. It worked so well for Anonymous and Symantec.
Karma: 0 (But I wield a mean +10 Vorpal Apathy)
Probably 5 years ago when I was in the industry, I had an arrangement with high end makers/distributors of enterprise level disk drives that for failed drives, I could call them and give them the serial number, they would replace the drive and my shop could then destroy the failed drive. It was a condition of buying their drives. Had this arrangement through distributors with the two drive makers of such disk drives at the time. Since we bought in the hundreds and they knew where the drives were going, they appreciated that they could never possibly see a platter that data had been written on it.
Only you know how much you care, so only you know how far to go to do something about it. If it were me, I'd look at the files to see if there was something interesting then go from there. Otherwise DBAN and deal with it.
I swear to God...I swear to God! That is NOT how you treat your human!
Someone along the chain swapped the RMA'd drive for one they had hanging around. They get a refurbed drive with (hopefully) more lifetime left before failure (and the ability to return it if it does die), you get a ticking time bomb and no warranty.
A while back, I bought my PS3 from a game stop, and good lord, it still had someone else's profile and stuff on it. I think it even had their login saved too.
I simply did a restore of the system, wiping it clean.
If the hard drive was sold as new and had somebody's data on it, that's a strong case against Newegg.
But this is a used hard drive, and it's not Newegg's responsibility to wipe it unless they're advertising that it's been wiped. Newegg's responsibility is just to test it to see that it works (and fix it if necessary) before selling it as refurbished. Wiping the data is the responsibility of the previous owner of the hard drive.
Having said that, it would be a good idea for them to at least do a quickformat before selling it.
---------
There is inferior bacteria on the interior of your posterior.
It would be good for the rest of us to know which manufacturer is sloppy with handling their refurbs.
dd if=/dev/zero of=/dev/[your device here] bs=1M count=1
This zeros the first megabyte of the drive This will erase the boot sector, in case any fun little surprises are there. Will also wipe the partition table so you can start fresh! (Yeah, it's more than necessary but it's easy to type. You're wiping out the data anyway.)
If you're feeling nice and actually want to destroy data on the whole device there's DBAN. Free and easy and wonderfully effective. Just takes longer.
http://www.dban.org/
Yes.... Tell everyone on Slashdot!
Honestly we used to use bulk erasers like crazy on customer drives that needed to be wiped. Those old radio shack powered bulk erasers do the trick every time time. Otherwise just search for 'bulk eraser hard drive' on google or bing and you should be able to find somebody who sells one or try ebay. Old school tricks still work most of the time, this is one of them from the 80's.
What's wrong with you? Just use the drive. The customer sold it, you bought it. End of story. Geez...
1) Wipe them
2) Use the data for nefarious means
3) Shove it up your ass.
Why is this question on Slashdot. No matter who you call nobody would care. You could be best friends with the chair of the FTC and he/she would be like "nobody cares dude just let it go." Seriously what is your problem?
My understanding is that the vendor just does a "disk wipe" and marks the bad blocks with something like "check disk".
Opening the drive and doing anything to it internally would not allow the low resale prices that refurb vendors charge.
Obviously, some vendors just blow off the dust.
Dell has two services to deal with data breach; Keep Your Hard Drive - KYHD, and Pay As You Need - PAYN.
If you're out-of-warranty and buy an HDD from them as a replacement, you have to return your broken one. - Even though you paid for the new (refurbished) one. - If you want to keep the broken drive, you have to PAYN for KYHD.
If you think this is nuts, you should see the company's management.
Customer data should be destroyed. Whats stopping that data from containing credit card information, personal contact information or even business information. Newegg shipping drives that contain customer information is completely unacceptable. Granted it's the customers job to erase the data in the first place but it's Neweggs job to assure it's completely gone!
good customer service when a mistake does come up
happened to me one time I bought a new CD that was already scratched - covered the return shipping and sent out a new one right away.
I listen to both RIAA and non-RIAA stuff if I like the music, tangential business/politics nonwithstanding.
If I have a HD that has failed I pull the disks out and use them for Christmas ornaments. I don't trust sending them back. The rare earth magnets are useful too.
If you intend to reuse the drive, you can't use a bulk eraser (except for the ancient stepper motor MFM drives), because doing so will erase the servo information which typically occupies one platter surface. Once this info is wiped out, the drive is unable to operate unless the servo tracks are re-written using specialized equipment, typically only available to drive manufacturers.
Remember "News for Nerds, Stuff that Matters"? Help make it a reality again! http://soylentnews.org
I once had to wipe some disks before throwing them out (nothing really sensitive or important). But they were SCSI and I didn't have a SCSI enabled PC handy and I couldn't be bothered setting something up or downing a server to do it, etc.
So I came up with a technique for making the disks safe for disposal.
First, I threw them out the 2nd story window a few times. Then I hurled them at the ground a few more times as hard as I could for good measure.
Then I put them in a plastic bag with a heap of dog shit and water, tied the bag up and put them in the bin. If anyone still wanted to try to retrieve that data, they've earned it.
True Story. Still makes me smile.
If you intend to reuse the drive, you can't use a bulk eraser (except for the ancient stepper motor MFM drives), because doing so will erase the servo information which typically occupies one platter surface. Once this info is wiped out, the drive is unable to operate unless the servo tracks are re-written using specialized equipment, typically only available to drive manufacturers.
Ahh, thats very interesting. I retract my suggestion then!
There are two questions:
a) If you have drives with customer data of your customers and wish to refurbish them.
Here the answer is easy: Don't, if you don't have hundreds of drives, creating a safe procedure costs more than the drives will yield.
Every disk (that leaves us for ever) has an appointment with a drilling machine.
b) If you bought a refurbished drive with customer data on it.
Delete it before reading. Anything else brings trouble you're not getting paid for.
CU, Martin
I would suggest the following:
1) Contact the original owner of the drive offering to archive the data to a DVD, and send it back to the original owner of the drive/data.
2) Contact NewEgg informing them of the data breach.
3) Preserve the hard drive intact in case the original owner of the drive wishes to take legal action against NewEgg.
4) Contact your own lawyer to confirm the above BEFORE contacting ANYONE!
IANAL
If it's the right sort, I'm sure Julian Assange and WikiLeaks would be interested.
That's reasonable when you're buying a new drive. If there's already windows installations on them, they're obviously not new, you're not getting what you paid for. If you're buying a refurbished drive, you know it's used so the fact that there's data on it isn't such a big deal. But wiping the data is very important, as no one's going to believe you when you tell them the leaked corporate secrets/terrorist plot/child porn they find on the drive was there when you bought it.
Any company too incompetent to perform a thorough diagnostic on a refurbished disk; including performing a destrictuve surface scan, obviously isn't fixing the drives very well.
Return it and tell them it was never tested.
I once went over an "unwiped" drive looking for pron. What I found was a folder of "racy" photos the previous owner took. Unfortunately she was twenty years older than me, had about 200 lbs on me, and had a penchant for butternut squash, a food I can not eat to this day.
Knowledge is power, ignorance is bliss, and no amount of eye bleach will remove some images.
The thing with Amazon is that they have transitioned over the years from being a large online retailer to being an even bigger venue for others to sell their goods. The value they add is mandatory good customer service. If something goes wrong with the order I know that I will get a refund or exchange and won't have to go through hell to do so. I have had enough problems with NewEgg and most every other online retailers that I am more than happy to let Amazon be the middle man for my transactions.
Contact the person whose data was on the drive. I suspect that they'll take care of contacting Newegg for you...
Although if they're not smart enough to wipe a drive before returning it...maybe not.
Whomever Newegg purchased the drives from is at fault. If a person has a HDD die under warranty, they can't necessarily run DBAN on it before they return it to the manufacturer for replacement. Definitely let NewEgg know that these refurb drives weren't refurbished very well. If it were me, I would try and use the data on the drive to find out who it belonged to, and let them know what happened. If you file a complaint that you found someone's data on a drive, they really won't care and will just tell you to wipe it. However, if someone ever purchased a refurb drive and found my data on it, I would want to know so I could inspire some fear into the hearts of the manufacturer.
In Soviet Russia, dot slashes YOU!
If anything, contact the manufacturer. But this isn't that strange. I've seen discussions about the Magnavox HDD/DVD recorder manufactured by Funai. Funai apparently doesn't bother to re-format the HDD, as people have reported getting refurbs that have porn on them.
Do what somebody above suggested, zero the drive and run Spinrite on it. If it fails, send it back to Newegg telling them that it not only still had customer data on it, but if failed testing.
Or see if you can identify the company it came from and send them the disk, telling them where you got it from. If it's a big company, go through their website and find their compliance officer's office or equivalent. This is entirely up to you, but *don't* boot it. Depending upon how security conscious they are, it just might dial home.
I am Homer of Borg, resistance is - Ooo Donuts!
See if you can find the previous owner, then contact them and recommend you both pursue legal action against the company who refurbished the drive. Then, split the profits!
Let's see. (IANAL)
You buy a computer (you assume it's brand new), with a hard disk (again you assume it's brand new) from a reputable (Maybe not reputable, but at least a chain with a recognized brand) electronics store. Since it's a recognized supplier in good standing with the authorities, you fear no shenanigans, other than making sure everything with moving parts comes with a 5+ year guarantee.
You start the computer, and to your surprise, even though you only bought (You of course verify this from the waybill) a computer, with a pre installed copy of Windows (Mostly because apparently the cost per unit of OEM Windows is negative I hear), there are lots of other pieces of software installed.
Did you specifically order Internet Explorer? Doubtful
How about said OEM Manufacturer's own DVD player software? Doubtful.
Can the store remain in good standing with the authorities it is sells hardware with unauthorized and/or unlicensed installations? Hardly
The important or at least interesting questions in my opinion are:
Since it's a store in a good standing with the authorities, can you reasonably be expected to verify that everything the disk contains was theirs to sell and/or license and/or divulge? Maybe (As a slashdot regular, you obviously have a grasp on these things), but can Jammie Thomas or Joe Average be held responsible when they purchase a hard disk drive (Which often, when sold to an end customer, include legally installed software), find a document on it, and publish it on the internet asking "Hey, I found this on my new hard drive, what is it?"
Where is the "should have known they were placed there by mistake" line drawn? What if Joe Average found design specifications of a romulan memory crystal, and asked the internet "I found this documentation on my hard drive, but I cannot find this part anywhere on it. Is it broken?"
Shove it on Megaupload!
There is a local store in my city which is always very good to deal with; I don't want to think how much money I have spent there over the years! Prices are generally competitive, even compared to online retailers, and they have great service and returns. This place started as a hole-in-the-wall about 15 years ago IIRC, and has grown substantially since then. If you live in a large enough city, then there are probably similar stores for you. Support your local B&M stores!
My home server's disks are dm-crypted for just this reason. The passphrase is stored as plaintext right on the boot/root SSD, so if someone steals/seizes my server the data isn't protected at all. But that's not the common threat. The common -- as in downright routine -- threat is that two or three times per year I RMA a drive. And while I usually would have an opportunity to wipe such a drive (I react as soon as SMART says things are going bad), that's just extra hassle and it's not always possible (had one completely croak very suddenly).
So I send ciphertext off to total strangers with no idea where it'll next turn up, and don't worry or think about about whether or not that drive, say, contained /home and Firefox's saved passwords, or whatever.
If you're not RMAing the occasional drive, then you're either lucky, or you're not using spinning drives anymore, or you've decided to not encrypt and therefore have to occasionally destroy a drive instead of a getting free warranty replacement, so you're paying more money.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
In this Post-9/11 world, we need to take great pains that individual citizens not have access to corporate data. That's hacking.
And Hacking is Terrorism.
By looking at corporate data, you have violated that companies laws of privacy, which they are entitled to, since they pay off congressmen. You however, as a citizen are not entitled to privacy, and to prove it the government is flying a drone over your house RIGHT NOW, spying on you looking at the data on the hard-drive.
Please sit down and wait for the authorities to arrive. If you are co-operative, they may only pepper spray you, although some are tasered for good measure.
After a few years in Guantanamo you may be released back into the general public, but that's only after you've been properly waterboarded to reveal the names and addresses of any other hackers you know.
Or if I were you... I'd throw that drive in the fire, pack my bags and head to Mexico RIGHT NOW.
If telephones are outlawed, then only outlaws will have telephones.
First, call NewEgg, and tell them they'd sold you a refurbed drive with original owner data, probably proprietary, and ask if they want it returned for a replacement for you. Note that there are criminal laws against selling such....
Then ask for the calltaker's manager, when they tell you, in effect, that's above their pay grade.
Next, stick it in a system and use DBAN. The default of DoD short's probably good enough these days, but as I work for the feds, I used DoD long, and let it run all day or overnight, till done. I have utterly no compunction about certifying these as sanitized, above my signature.
mark
I'd be worried that it was not even refurbished, but connected up, and it seemed to work properly, so they just reboxed it, and off it went to Newegg. Especially if the manufacturer of the drive has ever had a firmware update for it. Many times the refurb will look at the problem, and try to decide if it was hardware or software related, and if they decide software, then reflash it, and move on to the next one in the pile (hello smartphones).
If you look closely at it, does it show any differences compared to the other two? Warranty Void stickers, screw head marks, screw torque, anything that might indicate it was handled with a different process than the other two you have?
It sounds like it doesn't have the same diag partition as the others, how was it verified?
I'd ask for a new one, and not stop asking til it is the same as the other two.
Cheers
Go through it and look for pr0n.
And if you find any, don't forget to post it to 4chan, we want to take a look at it too.
"I don't trust sending them back." Why should I not get a replacement when it fails during the warranty? And this is exactly ONE of the reasons why you should encrypt your data.
It doesn't say "used", it says "refurbished". That means "used but cleaned up, repaired if necessary and tested to work satisfactorily."
thegodmovie.com - watch it
I pretty much just go to local places. Even with the sales tax and the TSA line at the end of a Fry's trip, at least I'm seeing what I'm getting before I check out, and they seem to be pretty good at marking restocked boxes.
If I have been able to see further than others, it is because I bought a pair of binoculars.
No decision needed. Look all you want, but the liability is on you if someone decides your computer is of interest and data is questionable. Unless you report it to vender in a verifiable way, data on the drive, even if it was not yours, is now yours in any examination. Report it in writing or no evidence will exist to point in someone else's direction for liability.
Wiping beyond technological limits of retrieval is important with both criminal liabilities and civil copyright liabilities. The odds of old data being a problem in your life may be low, but it would be icing on the cake with any situation bringing your drive to the attention of some types of investigations.
Call it paranoia if you like, but why drive around in your new used-car with a suitcase in the trunk that came with the car without knowing precisely what is inside. Remove the suitcase, or examine every square inch of it looking for contraband..
I once received a 'new' laptop drive from Fry's a few years ago that had a fully working Win 98 install, complete with AOL and stored logon information. Ok, it was more than a few years ago, but still. This is why I consider hard drives to be consumables, like toner cartridges or keyboards. Once it fails, DESTROY IT and throw it away. The cost of purchasing a new drive, instead of replacing it under warranty, is nothing compared to the risk you take by letting your data fall into some strangers hands. Unless the vendor will allow you to receive a new drive on the condition that you destroy the old one and provide a certificate of destruction, just write it off and dispose of it safely.
Over 200 responses and not one person have given the correct answer:
"Nuke it from orbit just to be sure."
Seriously this is the only viable solution.
Well, there's spam egg sausage and spam, that's not got much spam in it.
Oddly enough I have a story involving both Newegg and Memory Express.
I recently moved away from a city which was home to my favourite store (Memory Express) and needed to buy micro SD cards. I couldn't buy from ME's online store because they didn't handle my method of payment, so I bought a card from Newegg for a bit more money and a lesser known brand. (the same brand was way more money on Newegg). I tested the card, and it was a class 4 card with a class 10th label on it. Of course Newegg only refunds price not shipping, so I'm out a lot of money and still no decent SD card. I'm holding out until my next road trip.
Moral of the story: Don't trust Newegg. Even if they do return the money, they aren't worth it.
I used to be a loyal Newegg customer, but their shipping practices leave much to be desired. They used to be blazingly fast, but now they pull some move where they ship via DHL and then hand off to the post office (or the other way round...). Shipping time is poor and they just throw hard drives in a box with no packing. Pretty risky. Not as bad as buying a car battery from Amazon though [They ship it to you and if it is defective, they tell you you can't send it back because a lead-acid battery is hazardous material!]. Last drive I bought was from Microworx which is local to me in Rochester, NY.
Sorry, but gray text on gray background is making my eyes bleed.
and help them get their data back. make an image with dd, post it online tagged with the value of 'MK digest' from luksDump
How do you wipe a defective drive? Sometimes you have a small window before it dies, sometimes it won't power up at all. It's up to the refurbisher to refurbish it into a like new condition, and that includes wiping any data (which should naturally occur anyway as part of testing).
That being said, unless it's an encrypted drive, I won't typically send it back, eating the cost.
I am genuinely interested in what you are talking about, do you have more information ?
int main() { while(1) fork(); }
There's really no such thing as a "refurbished" drive. It's an industry euphemism from "pulled from equipment", and perhaps minimally tested to see if it spins up, the spindle bearing doesn't sound like a siren and a controller can detect it. Worst-case, these came from old machines that some dishonest "recycler" crated up and sent to Africa to be dissected by kids in a mud hut. There's probably more of this going on now after the floods in Thailand. I'd let Newegg know about this, but if the price was right and the damn things work, I wouldn't send them back--what's on them isn't any of Newegg's business either. Just reformat them and put them to work--hopefully in something non-critical.
I once bought a used laptop from a guy that had some risqué photos his gf. After ogling them, I deleted the images. If you ever sell a computer or drive don't just erase it, secure erase it with at least a single pass of 0s. A 3-pass of random data is DOE compliant, but 7 pass is the most secure.
http://en.wikipedia.org/wiki/Servowriter
http://www.me.berkeley.edu/~horowitz/Publications_files/All_papers_numbered/186c_Nie_ACC10_TutorialonSSTW.pdf
Remember "News for Nerds, Stuff that Matters"? Help make it a reality again! http://soylentnews.org
Most people seem to not have much of an idea just how much personal data they have unsecured on their workstations. I was disturbed a decade ago now to have discovered confidential information on Police & Sheriff's HD's that were being auctioned off by the County i worked for. All sorts of highly confidential data was left on the drives without a care in the world. Given people's concerns about Privacy these days, it's disheartening to read that a company like NewEgg isn't doing a damn thing to ensure they are not propagating potential identity theft. Epic Fail NewEgg, Shame on you!
You comb thru the data to find anything incriminating and then extort the owner. Seriously, are you not an American?
Our data destruction method is a number-based system that ensures data is unreadable. We find that values such as .270, .308, and .338 are extremely effective. .38, .40, and .45 are generally sufficient against most recovery methods, but delivery methods exceeding 2000fps are optimal.
If there was something *bad* on the drive, it might still be hanging around. Leave it running for a day or so with DBAN.
Depends on whether it's Newegg that does the refurbishing.
It may be that the drive was send back to the manufacturer, who fixed some issue (but didn't wipe the drive) and then gave it to Newegg for resale.
If you can identify the previous owner, contact them. Inform them of how dangerous it is to send in a drive that hasn't been DBAN/secure wiped somehow.
Newegg has that market place thing going on, which is where those drives could have came from.
Send to porn to my dropbox
See this "Triple core" CPU. It's actually a dual-core
Awhile after Xmas, I ordered the last unit they had. I returned it as soon as I got it and found it to be a dual-core. After my return, their stock went back up to 1. I believe the description has now changed a bit to indicate "Multi-Core: Dual-core", but the short description still says "triple core"
I called to report that they were still selling a dual-core as a triple-core, but it's STILL got a header calling it triple-core.
I'd be very wary of buying anything from amazon.
Publish or they'll never learn. Neither ex-owner nor vendor.
Gotta love the spammers. They never stop trying.
Serious? Seriousness is well above my pay grade.
I suspect they're coming that way from whomever is supplying my vendors. I've seen "new" drives containing data from a wide variety of vendors over the years including Amazon, Newegg, Provantage and CDW. For all I know they're coming out of Seagate or Samsung's factory that way. I buy drives in large enough quantities to get sealed cases full of drives rather than random one-off units someone shoved in a static bag and wrapped in bubble wrap, so I tend to think the boxes I'm getting have probably been unmolested since they got unloaded from whatever boat they came off of in California.
-- I wanna decide who lives and who dies - Crow T. Robot, MST3K
Agreed, hard drive magnets are the BEST fridge magnets ever!
But some of magnets are a little inconvenient to get a grip on and pull them back off the refrigerator again. The fix is that every hard drive magnet I've seen has at least one hole in it (they almost always at least two holes) which can be use as place for you to tie on something like a sting to use as a handle. I use bulk twist tie wrap to make the handles.
This is why we DBAN any laptops we have before we recycle them, and every laptop gets 256 bit AES FDE before it ever touches a user's hands.
I bought two computers at a police evidence auction to use as home servers a couple of years ago. The computers even still had the evidence tape on them. Neither of the computers had been wiped. Scans of birth certificates and social security cards, years of taxes, family pictures, etc. One computer was seized a week after his wife told him she was leaving him (a little scary). I thought about trying to notify the people, but realized I didn't really know the circumstances of the seizures, so I wiped them.
The lesson here is to always encrypt your drives.
I mean, seriously... should you ever come across such an HDD with classified, secret or even top secret data on it, what are you supposed to do? You can't even send it back, because you will be charged for having had a glimpse at classified information, right? But if you simply reformatted the drive, or destroyed it, you may have nuked important information that may not have been backed up. Pretty hairy stuff.
cpghost at Cordula's Web.
First, check the advertisement to make sure that it was advertised as "new" and not something like "new unused" or other con-artist, err marketer's tricks.
Personally I would return it for a refund if it was falsely advertised. I believe in making sleezey outfits pay and pay as much as possible when I catch them. :(
Reading the heading I first thought this was going to be about manufacturers selling drives that were 'refurbished', having 3 bad replacement drives sent to me by Seagate in the past month.
1. buy car battery
2. buy 1m of heavy gauge single core cable (2.5TE grounding conductor is ideal)
3. wrap cable around hard drive no more than three times
4. trim cable so the ends reach to the conductors on the battery and no more
5. apply cable to battery, wait for the spark. No more data.
home improvised EMP bombs rock.
Operation Guillotine is in effect.
apparently once this became public, everyone rushed to see if they could get some of this customer data love
To heck with pr0n, it might have bitcoins!
-- Terry
Yes, I like Hiren's too. I'm not a tech professional but am the trusted tech savvy one among my friends. Rather than bother with much trouble shooting I wipe the drives and return them with a clean OS. Active Kill disk has worked most consistently and leaves the drive ready for every version of Linux an Windows I've tried. Some of the wiping programs leave the disk unusable. Of course, I'm more concerned with a quick riddance of malware and fix for a corrupted OS.
I use an older version of Hiren's, 10.1. Later versions would not boot on some older computers.
If a drive I purchased had data I'd just wipe it and go on. There are much greater worries than the possibility of a forensic analysis of a wiped refurbished drive having had possibly incriminating data. Lightning has struck my house but no one has ever asked to examine my hard drive.
And you actually believe that what someone wrote on the internet is 100% true and free from hyperbole, embellishment and outright lies? Gimme a minute, gotta dig out my snake oil boys, we've got a live one here!
I agree with your opinion though, anyone who truly does buy the equivalent of a hard drive every 1.8 days should have an account with CDW or another volume reseller, not the Walmart of the internet.
but open a separate ebay account and delete it after you get the money
You might also look for any clue about original owner and inform him about it. And of course wipe the data.
Just to help you in deciding I would like to share two stories of mine.
I have once found a USB stick. I checked it out and found who is its owner. He was glad that I returned it to him and paid me for it.
Another one is about external HDD I had. It died one day. But I had some data that was not in any backup. So I opened it and put the drive itself in computer. I have downloaded data and wiped disk. Then I put it back into its enclosure and returned it back. It was not simple as WD external disks have security sealed screws and some plastic locks. But after getting disk out of enclosure, then it was very easy to get data out.
So you bought a cheap card from Newegg that didn't live up to the manufacturer's claims and blame Newegg?
Moral of the story: You get what you pay for.
The reason they are refurbished may be that
the system they went into was infected with a
virus. For this reason alone you need to format/ dev/zero
the drives. Do not forget the MBR...
If you do look at the data then you have a potential liability.
What if the twit visited a site that hacked the box and cached
kiddie porn... you would be OH so screwed.
All the reasons for returning the drive are not evil
but how the heck would you know.
So what to do... .pop it in a system and boot that ;)
system with a DVD/ CDROM/ USBkey based OS and
give it a look...
Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't. Mark Twain.
In defense of Newegg I've ordered over $10k USD worth of merchandise from them every year for the past three years. They offer quick free shipping, are comparable on most prices, and offer a wide variety of stuff to meet most people's needs. Any time I've had to return anything I ask them for a shipping and they approve me for one, the only time they haven't done this was because the problem was my fault and they weren't liable.
Moral of the story: Go buy items at your brick and mortar store, pay tax on them and enjoy it!
I go through about a dozen + drives a week, donated to our NGO, and I simply run DBAN on them. Yes, out of about 700 drives and systems donated, I have found
over 100 had data on them. Even full OSes. But, I run GNU/Linux, and the BSDs!
Microsoft $UCK$, because they "own" you, and ALL of your data, and all M$ OSes are built to burn up hardware, in support of their "partners"!
Perhaps you want to see the laboratory results of Micro$oft'$ purposeful software options that kill hard drives?
SCROOGLE is your real friend...