Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: How To Deal With Refurbed Drives With Customer Data?

Posted by timothy on from the first-scan-for-gossip dept.

An anonymous reader writes "I just received 3 'refurbished' SATA drives from Newegg. All 3 had some sort of existing partition. Most appeared to be factory diagnostic partitions, but one had a full Dell Windows XP install complete with customer data. How big a deal is this? Should I contact someone besides Newegg about this?"

20 of 385 comments (clear)

  1. Two choices... by mlts · · Score: 5, Informative

    Choice #1: Send the drives back and demand ones without confidential data on them.

    Choice #2: Use a utility like HDDErase which uses low level ATA commands to tell the controller to wipe the drive. This will wipe every sector, even ones that are bad, relocated, or protected ones. After that, follow up with DBAN for good measure.

    After that, don't worry about it.

    1. Re:Two choices... by jhigh · · Score: 4, Informative

      I would definitely let Newegg know about this. This is potentially a very serious issue for their customers.

      --
      Social Engineering Expert: Because there is no patch for stupidity.
    2. Re:Two choices... by wjousts · · Score: 4, Informative

      Why even bother with industrial grade hard drive whipping? It's not you data, so who cares. Just a regular erasing should be fine. If I was the questioner, I would probably just repartition, format and get on with it.

      A quick e-mail to New Egg to bitch them out might be worthwhile too.

    3. Re:Two choices... by director_mr · · Score: 4, Informative

      No, refurbished drives do NOT mean the drive failed. It means someone returned the drive, and the thing tested good, or that someone returned a computer that they parted out, and the hard drive tested good. Bad hard drives are VERY rarely repaired, and only if it is a very easy, cheap and quick fix, and I can't think of any such repair except maybe unbend a pin or put the jumper on correctly, and SATA drives don't have either of those issues. They simply don't cost enough to justify repair.

    4. Re:Two choices... by TheGratefulNet · · Score: 5, Informative

      don't bother. they know about this. they DECIDE to ignore some things.

      open-box and returns from newegg are bad, bad, bad!.

      I buy a lot from NE. but I got burned on open-box things enough that I now refuse to do it anymore.

      last purchase was an intel ssd. it was the only one left (a year ago) and it was a customer return.

      silly me to think NE even tests things. they do not! they admitted as much on a voice call to me. I was so mad but nothing I could do about it other than not buy from them anymore (only new things, now).

      the ssd must have been someone's 'joy ride test' and NE didn't even test it. it worked for a few weeks in my system and - bad for me - I didn't use that system much during the next several months. I finally powered it on and it was no end of disk errors. the ssd was fried. when I called NE to complain they said that they just rebox things and send it out. its YOUR job to verify it works.

      O. M. G.

      what a lesson ;(

      don't get burned. don't buy open box from newegg. I like NE in most ways but they totally screwed me and themselves on that one.

      DO NOT BUY USED GEAR FROM NEWEGG. I have to put it in all caps since its a major issue and you WILL get burned; its just a matter of 'when'.

      --

      --
      "It is now safe to switch off your computer."
    5. Re:Two choices... by Anonymous Coward · · Score: 5, Informative

      Choice #2: Use a utility like HDDErase which uses low level ATA commands to tell the controller to wipe the drive. This will wipe every sector, even ones that are bad, relocated, or protected ones. After that, follow up with DBAN for good measure.

      You need to become more familiar with the underlying storage protocols before stating things like this. Let's get to the facts, preferably technical ones, because this is Slashdot. What you've said is mostly nonsense (not entirely though), so let me go over it with you:

      1) There is no such thing as a "low-level ATA command". ATA commands are as "low-level" as it gets with communication between disks and controllers -- controller status bits are a different thing, and are not managed/viewed via ATA, they are done via PCI BAR or memory-mapped I/O. The "command" you are talking about with regards to HDDErase is part of standard ATA8-ACS specification (probably earlier), known as SECURITY ERASE UNIT (command 0xF4). This is verified here.

      2) HDDErase issues SECURITY ERASE UNIT, which is a firmware-level erase that the drive does itself. On mechanical HDDs this is completely equivalent to issuing dd if=/dev/zero of=/dev/disk bs=64k -- except with SECURITY ERASE UNIT, you have no visibility into the progress of the erase, the software simply has to make "educated guesses". If you erase via an OS (meaning the underlying storage driver issues zeros to each LBA), you can get an idea of the progress and speed given that you know how many LBAs there are, and which ones you've written to. DBAN does the latter (though with its own program, not using dd -- but its C code does the equivalent).

      With SSDs, SECURITY ERASE UNIT actually does some extra magic, since the FTL that maps LBAs to NAND flash regions also gets reset (meaning you lose all wear levelling history). This doesn't happen with a standard "OS-level" erase.

      And I'll just throw this out there because some smart-ass will certainly bring it up: there is absolutely no "low-level format" equivalent on ATA/SATA disks unless the vendor chose to implement a non-ATA-standard ATA command that does it. I repeat: THERE IS NO LOW-LEVEL FORMAT COMMAND. SCSI, on the other hand, even today still has a low-level format command. This command on SCSI merges the grown defect list into the physical defect list. ATA/SATA does not work this way -- keep reading.

      3) Both methods I described above "wipe every sector". However, your claim that "it wipes even ones which are bad" is completely incorrect. The same goes for your "[even ones which are] reallocated (sic)". Bad (uncorrectable) sectors are PERMANENTLY bad. LBAs which are remapped (to point to sectors other than their actual LBA 1:1 equivalent) can point to any sector, of course. Sectors which are marked unusable DO NOT get touched by the drive with SECURITY ERASE UNIT or an OS-level format. I can expand more on this later, but it's probably best to read something someone familiar with storage wrote a few weeks ago for a user.

      4) Please explain what a "protected" sector is. I believe you're referring to the HPA region of a disk. SECURITY ERASE UNIT does not do this, and no OS-level erase/zero can touch it. The HPA stores information like SMART attributes, the ATA GP log, hard disk model, serial number, capacity (LBA count), and many internal/vendor-specific things. It is possible to "reset" the HPA using utilities like mHDD, but if you read the (awful) docs for it, it will tell you flat out that this doesn't work on the mass majority of disks because it uses a vendor-specific ATA command that not all vendors implement, or if they do implement it, have security limitations applied to it (usually something magical like issue ATA command 0x45 with a specific CDB payload, watching for a result code of some value, then issuing a

  2. DBAN by the+real+darkskye · · Score: 2, Informative

    http://dban.org/

    Enough said.

    --
    Music is everybody's possession.
    It's only publishers who think that people own it.
    Fuck Beta
    ~John Lenno
    1. Re:DBAN by hairyfeet · · Score: 3, Informative

      Actually there is a MUCH better tool friend, I'd suggest Hiren's Boot CD instead. not only does it have Dban as well as a good dozen or more HDD utilities but it has just about every tool you'd ever need from password reset to system info to testing of all major components. It really is a Swiss army knife of system tools and can be run off the CD in Windows so you can use the tools without needing to boot off the disc first. Truly a great tool to have.

      --
      ACs don't waste your time replying, your posts are never seen by me.
  3. Nuke it by NortySpock · · Score: 1, Informative

    Darik's Boot And Nuke | Hard Drive Disk Wipe and Data Clearing
    www.dban.org/

    Just wipe the drive and move on. You don't want to know, and it's too much hassle besides.

  4. Who cares? by jdastrup · · Score: 5, Informative

    Why bother? Ignore it. Dumb question. Move on.

  5. I've gotten "new" drives from Newegg and Amazon... by slaker · · Score: 4, Informative

    I've gotten drives I purchased as new from Amazon and Newegg with exsiting Windows installations on them. In fact, I'd say I see it maybe once in every 30 drives I get. I buy enough drives that I see six or seven such drives in a typical year. Once I got a drive that was clearly part of a Windows SoftRAID before I formatted it.

    Personally, I send those drives back. They clearly aren't new and they're not fit for sale in that state. I'm not paranoid enough to go looking at the SMART data for power on hours but when I run across drives like that it makes me think I should. Amazon will pay return shipping on drives in that condition. That is a good reason to buy drives from Amazon.

    --
    -- I wanna decide who lives and who dies - Crow T. Robot, MST3K
  6. seat belt by pak9rabid · · Score: 5, Informative

    I can't help but be reminded of this scene from the movie Old School:

    Mitch: Sorry, your seat belt seems to be broken. What do you recommend?
    Cab Driver: I recommend you stop being such a pussy. You're in the back seat.

    Just don't even worry about it. Nobody you complain to is really going to care. Give it a quick scan for anything interesting, and format once you're done.

  7. Re:Data Breach by Anrego · · Score: 1, Informative

    I think this is yet another reason full disk encryption should just become the norm for people storing sensitive data.

  8. How badly do you want/need to be involved? by davidwr · · Score: 3, Informative

    I assume you don't have any LEGAL obligation to do anything other than not try to view the data. If you have any reason to suspect otherwise, ignore this entire Slashdot threat and call a lawyer.

    Now the question is, how much do you WANT do do, which boils down to "at least as much as your conscience requires" and "not so much work that you'll wish you'd never ordered the drive in the first place."

    At the low end of the stress scale, take an earlier poster's suggestion and use HDDErase or something similar followed by DBAN should make sure you don't ever stumble across their data. Sending it back to NewEgg accomplishes the same thing.

    If you send it back, I wouldn't use the normal return method. Instead, I'd write a letter to a high-level executive and include a copy of the drive-plate cover, a screen-shot, and a copy of your order along with a request that the executive do what it takes to make sure this never happens again, then ask for instructions to return the drive. Send the letter by certified mail. Keep copies of all correspondence.

    At the high end of the stress scale, you can probably complain to a government agency, as NewEgg may have violated the law.

    There are other options in between.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  9. Re:use dd by Richard+Dick+Head · · Score: 5, Informative

    You'd be surprised.

    Long time ago I temp'd at a place that did computer recycling for various companies, mostly for a company that was a large depot of home supplies...Turns the hard drive security wipes were a "dog and pony show", to quote the supervisor. I was instructed to run the formatting utility for about 5 seconds, and then hit cancel and throw it in the "done" pile. "That gets the first part of the drive, the rest doesn't matter."

    The people that do this kind of thing have hundreds of drives to do for the day, and there is no QA, so throwing a few in the done pile without clearing it just makes you look good for being extra productive, and nobody gives a shit about the data. Never cheated myself, though I probably should have. I was fired after two weeks, go figure.

    --
    The real path to male liberation
  10. Christmas Ornaments by ISoldat53 · · Score: 3, Informative

    If I have a HD that has failed I pull the disks out and use them for Christmas ornaments. I don't trust sending them back. The rare earth magnets are useful too.

  11. Re:knowledge is power by UnknowingFool · · Score: 5, Informative

    Looking at the data legally puts you at risk. The other company may care. If the data was government/military, there's a headache you don't want. Erase it immediately so there is no question. While no one can prove you looked at it or not, no need to make it worse on you.

    --
    Well, there's spam egg sausage and spam, that's not got much spam in it.
  12. Re:knowledge is power by Anonymous Coward · · Score: 2, Informative

    This generally makes it hard to exercise the manufacturer's warranty on a broken drive, though.

  13. Encrypt your DATA! by yooy · · Score: 4, Informative

    "I don't trust sending them back." Why should I not get a replacement when it fails during the warranty? And this is exactly ONE of the reasons why you should encrypt your data.

  14. Re:knowledge is power by MozeeToby · · Score: 4, Informative

    First: that shouldn't happen. I'm not saying it doesn't or won't, but if people are following the rules it shouldn't.

    Second: classified documents are marked as such, top and bottom of every page.

    Third: if you you do happen to see documents marked as classified, close them immediately (even if you have security clearance), power down the machine, put the drive in a safe, secure place, and contact someone. It really doesn't matter who, you'll get to the person you need to eventually even if you just call the local police department but you'd probably be better off looking up a general contact number for the DoD.

    And for everyone out there who says "Just delete it! Contacting someone is just going to cause problems!", there are 2 things to consider. First, the information never should have been on the drive anyway. If somewhere down the line an investigation gets fired up to go into where all those missing drives went you can bet your ass they'll be knocking on your door, taking your drives (probably more than just the refurbished one), and asking a lot of questions (that are a lot easier to answer honestly than with little white lies). Second, most classified information is classified for a reason. If someone out there is selling drives with classified information on them, that's what we call a bad thing. Yeah, it's going to be a headache for you, but it's the kind of thing that really shouldn't be happening.