Ask Slashdot: How To Deal With Refurbed Drives With Customer Data?

← Back to Stories (view on slashdot.org)

Ask Slashdot: How To Deal With Refurbed Drives With Customer Data?

Posted by timothy on Thursday February 9, 2012 @03:31AM from the first-scan-for-gossip dept.

An anonymous reader writes "I just received 3 'refurbished' SATA drives from Newegg. All 3 had some sort of existing partition. Most appeared to be factory diagnostic partitions, but one had a full Dell Windows XP install complete with customer data. How big a deal is this? Should I contact someone besides Newegg about this?"

76 of 385 comments (clear)

Min score:

Reason:

Sort:

knowledge is power by louic · 2012-02-09 03:32 · Score: 5, Interesting

First, have a look at the data. Then decide.
1. Re:knowledge is power by Anonymous Coward · 2012-02-09 03:54 · Score: 5, Insightful
  
  You know what? You're right. I think I'll go ahead and do what I've been considering doing for some time now, and encrypt the hard drive of my laptop.
2. Re:knowledge is power by ackthpt · 2012-02-09 03:59 · Score: 5, Insightful
  
  First, have a look at the data. Then decide.
  Just because you have it doesn't justify any actions you take based upon it. Erase it. Make sure it's completely gone. Then notify Newegg their Refurbies are morons, putting them at legal risk, as well.
  
  --
  
  A feeling of having made the same mistake before: Deja Foobar
3. Re:knowledge is power by tunapez · 2012-02-09 04:05 · Score: 3, Insightful
  
  Knowledge can be quite a burden, too.
  YMMV.
  
  --
  Imagination drew in bold strokes, instantly serving hopes and fears, while knowledge advanced by slow increments...
4. Re:knowledge is power by steelfood · 2012-02-09 04:07 · Score: 5, Funny
  
  Same thing you do with every other mostly-dead drive: Go through it and look for pr0n.
  
  --
  "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
5. Re:knowledge is power by louic · 2012-02-09 04:15 · Score: 2, Insightful
  
  Just looking at it won't hurt anyone. It's what you do after it that counts, and that depends on the data. Of course, notifying a company of their mistake is nice so they can make improvements in the future. Where I come from, people help each other instead of even thinking about "putting them at legal risk". Unfortunately though, it is also my experience that most companies don't care.
6. Re:knowledge is power by forkfail · 2012-02-09 04:22 · Score: 3, Funny
  
  Just looking at it won't hurt anyone.
  Unless, of course, there is an unencrypted version of the Dark Book of The Elder Gods on the drive....
  
  --
  Check your premises.
7. Re:knowledge is power by networkBoy · 2012-02-09 04:27 · Score: 4, Insightful
  
  *this*
  encrypt your drive before it fails, because once it fails you can not control the data if you want to return the drive.
  I have eaten drives before rather than warranty returns because the data was sensitive (IMHO) and I do not trust every person in the chain to not snoop on the drive's contents.
  -nB
  
  --
  whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
8. Re:knowledge is power by Saintwolf · 2012-02-09 04:29 · Score: 2
  
  Erm... use a magnet?
9. Re:knowledge is power by CastrTroy · 2012-02-09 04:39 · Score: 2
  
  Perhaps you can identify the original owner. If the original owner is some large company, perhaps they can help convince hard disk manufacturers from selling drives that haven't been wiped. A single person complaining to Newegg might not help much. A large corporation which buys hundreds or thousands of drives a year giving their hard drive vendor a hard time might help to change things.
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
10. Re:knowledge is power by dorianh49 · 2012-02-09 04:43 · Score: 2
  
  Myth. You are aware that hard drives contain rare earth magnets, right?
  
  --
  Gravity is a contributing factor in nearly 73 percent of all accidents involving falling objects. -Dave Barry
11. Re:knowledge is power by ShieldW0lf · 2012-02-09 04:58 · Score: 5, Insightful
  
  Why do I have to be the first to say it?
  Format the drive. Store data on it. Move on with your life. It's a non-issue. Quit being a drama queen.
  
  --
  -1 Uncomfortable Truth
12. Re:knowledge is power by UnknowingFool · 2012-02-09 05:02 · Score: 5, Informative
  
  Looking at the data legally puts you at risk. The other company may care. If the data was government/military, there's a headache you don't want. Erase it immediately so there is no question. While no one can prove you looked at it or not, no need to make it worse on you.
  
  --
  Well, there's spam egg sausage and spam, that's not got much spam in it.
13. Re:knowledge is power by logical_failure · 2012-02-09 05:18 · Score: 2
  
  Step 1: Open drive
  Step 2: Remove platters
  Step 3: Turn on your grinder
  Step 4: Grind platter into shavings.
  
  Problem solved. Please give me $500. Small bills. Leave it in a bag by the dumpster of the pizza place I like. You know the one.
  
  --
  Sock Puppets: damn_registrars=pudge_confirmer=jimmy_slimmy=raiigunner=cml4524=a_klavan=red4men=ronpaulisanidiot
14. Re:knowledge is power by Skewray · 2012-02-09 05:19 · Score: 2, Funny
  
  Looking at the data legally puts you at risk. The other company may care. If the data was government/military, there's a headache you don't want. Erase it immediately so there is no question. While no one can prove you looked at it or not, no need to make it worse on you.
  If you purchased the drive, then you purchased the contents. They now belong to you. Please look through it, find anything interesting, and post it here.
15. Re:knowledge is power by pipatron · 2012-02-09 05:27 · Score: 4, Funny
  
  Yes, that's the point of rare earth magnets. That they are more powerful than normal magnets. I'm glad you understand!
  
  --
  c++; /* this makes c bigger but returns the old value */
16. Re:knowledge is power by Anonymous Coward · 2012-02-09 05:31 · Score: 2, Informative
  
  This generally makes it hard to exercise the manufacturer's warranty on a broken drive, though.
17. Re:knowledge is power by uncledrax · 2012-02-09 05:38 · Score: 5, Interesting
  
  Until you find out it had kiddie porn, and simple possession is pretty felonous these days.
  
  --
  ----- The internet has given everyone the ability to have their voice heard equally as loud.. even if they shouldn't be
18. Re:knowledge is power by MozeeToby · 2012-02-09 05:54 · Score: 4, Informative
  
  First: that shouldn't happen. I'm not saying it doesn't or won't, but if people are following the rules it shouldn't.
  Second: classified documents are marked as such, top and bottom of every page.
  Third: if you you do happen to see documents marked as classified, close them immediately (even if you have security clearance), power down the machine, put the drive in a safe, secure place, and contact someone. It really doesn't matter who, you'll get to the person you need to eventually even if you just call the local police department but you'd probably be better off looking up a general contact number for the DoD.
  And for everyone out there who says "Just delete it! Contacting someone is just going to cause problems!", there are 2 things to consider. First, the information never should have been on the drive anyway. If somewhere down the line an investigation gets fired up to go into where all those missing drives went you can bet your ass they'll be knocking on your door, taking your drives (probably more than just the refurbished one), and asking a lot of questions (that are a lot easier to answer honestly than with little white lies). Second, most classified information is classified for a reason. If someone out there is selling drives with classified information on them, that's what we call a bad thing. Yeah, it's going to be a headache for you, but it's the kind of thing that really shouldn't be happening.
19. Re:knowledge is power by UnknowingFool · 2012-02-09 06:17 · Score: 3, Insightful
  
  First, the information never should have been on the drive anyway.
  How do you know this? Someone along the line should have deleted it but didn't. Maybe the drive wasn't in working order when it was returned. Maybe the tech just forgot to format it before sending it back. Former CIA chiel John Deutch was found to have classified files on his personal, unsecured computer even though CIA techs provided him with a secure one.
  
  If somewhere down the line an investigation gets fired up to go into where all those missing drives went you can bet your ass they'll be knocking on your door, taking your drives (probably more than just the refurbished one), and asking a lot of questions (that are a lot easier to answer honestly than with little white lies). Second, most classified information is classified for a reason. If someone out there is selling drives with classified information on them, that's what we call a bad thing. Yeah, it's going to be a headache for you, but it's the kind of thing that really shouldn't be happening.
  Your drives will be seized regardless in your scenario whether you looked at the data or not. The government may inspect them to see if the data still exists. A simple format will not truly erase all the data. If your SOP is to format all HDDs when you get them and never look at the data you are far safer. I don't know if the government can technically determine you looked at the data through computer forensics or more conventional means (interogation) but you are far better off never knowing the contents.
  
  --
  Well, there's spam egg sausage and spam, that's not got much spam in it.
20. Re:knowledge is power by SecurityGuy · 2012-02-09 06:19 · Score: 3, Insightful
  
  You're probably right on that count. I was thinking that if you tell a vendor they sent you customer data without offering some form of proof, you're very likely to get a nonsense reply that adds up to "No, we didn't." To be clear, if there's anything with a mandatory reporting requirement, I do agree that you DO turn it in. When you don't, you ARE guilty of a crime.
  Maybe the question is "What do you want to accomplish?" Get on with your life? Then just wipe the drive. Hold the vendor accountable? That gets messy. I'll still stick with "Wipe your own data." If you mail your data to someone, assume they WILL disclose it.
21. Re:knowledge is power by Stewie241 · 2012-02-09 06:26 · Score: 5, Funny
  
  That significantly reduces the changes of successfully making a warranty claim, and that is probably the issue.
22. Re:knowledge is power by CastrTroy · 2012-02-09 06:33 · Score: 2
  
  Send them an anonymous email, send a letter with a fake return address (or none at all), call them from a payphone. Lots of ways to get in touch with these people.
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
23. Re:knowledge is power by postbigbang · 2012-02-09 06:44 · Score: 2
  
  That's useless paranoia. The drive needs to be identified, in terms of ownership, the prior owner notified. It's THEIR data. Then complain noisily to vendor, and let your favorite social media site understand the problem.
  Vendors have no excuse for this kind of behavior. Worse users need to take ownership in their data, and understand what the privacy laws are all about. It should start with the user, but the vendor has an inspection job to do, too.
  Looking at the data is very unlikely to put you at any risk. The purchaser owns the drive, and ostensibly, the data. Erasing the data is the original owner's job, as vetted through the vendor's processes.
  
  --
  ---- Teach Peace. It's Cheaper Than War.
24. Re:knowledge is power by meerling · 2012-02-09 07:31 · Score: 2
  
  It's an electromagnetic device called a bulk eraser. Essentially it's magnetic field overpowers the magnetic media and scrambles or resets the field, result, no usable data left.
  My advice, don't bother with it. It's faster, cheaper, and easier to use something like secure erase.
  Read the article at http://www.zdnet.com/blog/storage/how-to-really-erase-a-hard-drive/129 and don't worry, it has a link to Secure Erase.
  
  Now you don't need to use Secure Erase itself, there are other programs out there that can do the same thing.
  
  What if you can't hook the drive up to a computer to erase it? Sure you can, unless it's broken, in which case, your best bet to make sure it's as big a pain for a data recovery place to get anything back (are we paranoid?) is to physically destroy the platters. I'd suggest melting them to a puddle if you have access to a forge or some other metal melting equipment. Less secure, but still a deal breaker for most snoops, cut it to bits with some sort of metal saw. (That is a saw designed to cut metal, not one made of metal, though it probably is. Doesn't matter if it's a big table chop saw, or a hand held hacksaw.)
  
  All jokes aside, if you send it to someone else, and they are responsible for wiping the drive, you really don't know if it was done, so don't be too surprised if you get a strange phone call one day from somebody that has your data. (Or worse, your bank account gets looted.)
25. Re:knowledge is power by meerling · 2012-02-09 07:35 · Score: 2
  
  The magnets from Hard Drives make THE BEST FRIDGE MAGNETS EVER!
  
  Seriously, a regular fridge magnet can barely hold itself up there, but a hard drive magnet can hold an entire manila folder, I've tested several.
  
  They are also good for pulling the lids out of cans when they fall in.
26. Re:knowledge is power by Cute+Fuzzy+Bunny · 2012-02-09 07:55 · Score: 3, Funny
  
  No. It must be lured into a factory where there are huge vats of molten metals, frozen by a truck full of liquid nitrogen, shot into smithereens, and then eventually dropped into the molten metal. I know, it sounds like a lot of work but trust me, its cool to watch. Well worth the effort.
27. Re:knowledge is power by KrazyDave · 2012-02-09 08:10 · Score: 2
  
  "Looking at the data legally puts you at risk." Oh boy, a shit-house lawyer chimes in. No, that's patently false. You own the drive, that's what they sold you, you can do ANYTHING you want with it. Now if the content is illegal and you share it or you use the content for illegal gain, then you're liable for your own actions. Signed, a *real* lawyer.
  
  --
  www.chihuahuarescue.com- Help to end dog abuse, abandonment and cruelty
28. Re:knowledge is power by Cramer · 2012-02-09 09:20 · Score: 2
  
  Depending on the drive, degausing it will very likely destroy it, by erasing the factory formated tracking information and firmware. (the same is true of an LTO tape... "bulk erasure" will destroy the tracking information.)
  The read/write heads on a hard drive create a *very* powerful magnetic field. It's just over a very, very tiny area. See Also: The MythBusters episode where they try to erase a credit card mag-stripe.
29. Re:knowledge is power by Bert64 · 2012-02-09 10:22 · Score: 2
  
  Doesn't help for drives which are dead, but still under warranty...
  You can't erase the data without physically destroying the drive, which will invalidate the warranty and they wont replace it...
  You also can't erase the data because the drive is dead, and you likely don't have the equipment to recondition the drive like the manufacturer will when you send it back for replacement.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
30. Re:knowledge is power by afaik_ianal · 2012-02-09 13:00 · Score: 2
  
  Actually, there was an interesting case recently here in Australia. Some bloke had been wandering around a carpark stealing valuables and at least one car. One of the mobiles he had stolen had kiddy porn on it. He turned it over to the police. They warned him that he'd be charged with theft, but he decided it was a price he was willing to pay.
  The pedo has been charged (and I assume is awaiting trial). A judge commended the thief, and gave him a relative slap on the wrist for his crimes. (Okay, so it was a month in prison, but it was a pretty impressive rap sheet).
  http://www.smh.com.au/national/im-bad--but-not-that-bad-thief-goes-straight-after-finding-child-porn-20120208-1rb6b.html
  To quote the judge, "'We don't want to discourage other like-minded people to act in the manner you have."
Two choices... by mlts · 2012-02-09 03:33 · Score: 5, Informative

Choice #1: Send the drives back and demand ones without confidential data on them.
Choice #2: Use a utility like HDDErase which uses low level ATA commands to tell the controller to wipe the drive. This will wipe every sector, even ones that are bad, relocated, or protected ones. After that, follow up with DBAN for good measure.
After that, don't worry about it.
1. Re:Two choices... by jhigh · 2012-02-09 03:38 · Score: 4, Informative
  
  I would definitely let Newegg know about this. This is potentially a very serious issue for their customers.
  
  --
  Social Engineering Expert: Because there is no patch for stupidity.
2. Re:Two choices... by Korin43 · 2012-02-09 03:44 · Score: 4, Interesting
  
  Instead of choice 1 and choice 2, I would say step 1 and step 2:
  1. Inform Newegg that there's a problem with their process (considering this is on Slashdot, this may already be done).
  2. Erase the drives.
  3. ???
  4. Profit
3. Re:Two choices... by wjousts · 2012-02-09 03:46 · Score: 4, Informative
  
  Why even bother with industrial grade hard drive whipping? It's not you data, so who cares. Just a regular erasing should be fine. If I was the questioner, I would probably just repartition, format and get on with it.
  A quick e-mail to New Egg to bitch them out might be worthwhile too.
4. Re:Two choices... by Joce640k · 2012-02-09 03:50 · Score: 5, Insightful
  
  Is it Newegg's job to wipe the drives?
  I would have thought it's up to the original owner to make sure there's nothing important on there.
  
  --
  No sig today...
5. Re:Two choices... by vortechs · 2012-02-09 03:52 · Score: 2, Insightful
  
  Depends on the data on the drive. If there's instructions for building explosives, child porn, or something similarly problematic (depending on your current locale) on there, and you don't do a industrial grade wipe, it could be an issue for you later...
6. Re:Two choices... by JosKarith · 2012-02-09 03:54 · Score: 3, Insightful
  
  And then your house gets raided because you've been naughty enough to download an episode of Glee. Under forensic examination your main data drive seems to have 45Gb of deleted pr0n, some of it CP.
  Suddenly you're in a whole new world of hurt that involves trying to prove to a justice system that goes for the simplest possible answer that you didn't put it there...
  
  --
  'Don't worry' said the trees when they saw the axe coming, 'The handle is one of us.'
7. Re:Two choices... by BlackSnake112 · 2012-02-09 03:54 · Score: 5, Insightful
  
  Refurbished drives usually mean the drive failed, was sent in for repair and now is being resold. You can wipe a failed drive? If the motor died, how can you wipe it? The average person does not have the utilities to wipes a failed drive. Whoever refurbished the drive should have wiped it, not newegg.
8. Re:Two choices... by AF_Cheddar_Head · 2012-02-09 03:55 · Score: 3, Insightful
  
  If the drive is truly "refurbished" NewEgg or its supplier should be testing the drive and in the process of testing the data should be wiped. Yes, I know that a "refurbished" drive has not been fixes but at least it should be tested and wiped to ensure that it meets OEM specifications.
9. Re:Two choices... by Miamicanes · 2012-02-09 03:57 · Score: 2
  
  Most of the time, there's not a whole lot the original owner can do if it's a consumer-grade hard drive. I believe some enterprise laptop hard drives are encrypted by a key that can be blown away (rendering the data on the drive into digital noise) regardless of whether or not the drive is working properly, but it's rare for consumer (or enterprise drives used in servers, for that matter) to make use of the feature because it reduces your odds of ever performing successful data-recovery on the drive down to approximately "zero" if the drive fails due to a controller failure.
  Given a choice between a tiny risk of unauthorized disclosure, and the overwhelming risk of permanent data loss, most people will roll the dice with unauthorized disclosure... especially anybody who's had literally dozens of hard drives die since the late 80s (and noticed that the failure rate seems to be INCREASING over the past few years), but never had one actually get *stolen*.
  For obvious reasons, "secure erase" by blowing away a whole-disk encryption key isn't something you want to be TOO easy to initiate (ideally, it should only be possible to do with a jumper in place that's not there by default), because otherwise you'd have the ULTIMATE denial-of-service trojan attack vector.
10. Re:Two choices... by hairyfeet · 2012-02-09 03:57 · Score: 5, Insightful
  
  I agree that Newegg should be told, as they may have a problem in their supply chain. Who knows what company they are buying these refurbs from and I'm sure they have in the contract they are supposed to be zeroed and testing prior to shipment. That said I always give any new drives a quick zeroing out just in case, you never know even on a new drive if some manufacturer in China is gonna have a bug on that machine that is formatting the drives and then a quick runthrough with spinrite on level I just to make sure they are good. For those who have never used the program spinrite on level I simply bypasses the firmware so the drive can't replace bad sectors with spares and then does a simple write/read/erase where it writes to each sector once and ensures that it can read the data before going on to the next. if a drive can't do a simple read/write without significant bad sectors it simply isn't worth trusting data to.
  But I've had quite good luck with refurbs from both Newegg and Tigerdirect and if a drive passes spinrite level I it'll be no more risky IMHO than any other drive. You'd be amazed though at how many companies sell or toss drives with data on them, I had a friend working at one of the big telecos as a temp hand for their big computer upgrade and he calls me and says "Hey bud, you still got your truck? good why don't you come out here and bring it around back, they are just chunking their previous systems and most are loaded to the gills with excellent hardware and they said anybody that wants to can help themselves" so when i get there he loads what can't be more than 3 year old Dell workstations nearly to overflowing in my truck, around 60 in all. I get them back to the shop and go to fire one up to see what the BIOS says and missing the BIOS prompt it starts to boot! Sure enough the full OS is there, no password, and there is still all kinds of customer data on these things! I of course Dbanned the drives but if I would have been a bad guy it would have been like Xmas.
  If what I saw was typical no wonder we have so many data breaches, but it really doesn't surprise me this guy ended up with drives that had data, picking up off lease systems I find that kind of thing all the time.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
11. Re:Two choices... by TheCarp · 2012-02-09 04:02 · Score: 2
  
  That was my thought exactly. There was a story just the other day about a thief who stole a couple of cell phones from a car. He found child porn on the phones, and turned himself in. The judge gave him 1 month in jail... because he neither wanted to encourage theft nor discourage reporting child porn, and the guy also had stolen a car previously....
  In any case...my thought was...good thing he looked! Good for the kids obviously, but, him too. How much of a mess would that have been had he been picked up for his stolen car charge and THEN the police found the CP. Sure, they will know it was a stolen phone but, whether they would believe that the CP was the original owners or his.
  I wouldn't take any chances with data like that. I might look over the drive to see if there was anything really problematic (might even let the original owner know if I identified him) but... since I can't trust my ability to find what may be hidden, the only safe move next is to wipe the whole drive.
  
  --
  "I opened my eyes, and everything went dark again"
12. Re:Two choices... by rickb928 · 2012-02-09 04:10 · Score: 4, Insightful
  
  This drive was not refurbished . At best it was put through a cursory test and passed. Newegg failed twice: once, not actually refurbishing the drive , and second not wrong it. Dishonest and incompetent in one pass.
  Or their outsourced team, still responsible.
  
  --
  deleting the extra space after periods so i can stay relevant, yeah.
13. Re:Two choices... by director_mr · 2012-02-09 04:13 · Score: 4, Informative
  
  No, refurbished drives do NOT mean the drive failed. It means someone returned the drive, and the thing tested good, or that someone returned a computer that they parted out, and the hard drive tested good. Bad hard drives are VERY rarely repaired, and only if it is a very easy, cheap and quick fix, and I can't think of any such repair except maybe unbend a pin or put the jumper on correctly, and SATA drives don't have either of those issues. They simply don't cost enough to justify repair.
14. Re:Two choices... by TheGratefulNet · 2012-02-09 04:18 · Score: 5, Informative
  
  don't bother. they know about this. they DECIDE to ignore some things.
  open-box and returns from newegg are bad, bad, bad!.
  I buy a lot from NE. but I got burned on open-box things enough that I now refuse to do it anymore.
  last purchase was an intel ssd. it was the only one left (a year ago) and it was a customer return.
  silly me to think NE even tests things. they do not! they admitted as much on a voice call to me. I was so mad but nothing I could do about it other than not buy from them anymore (only new things, now).
  the ssd must have been someone's 'joy ride test' and NE didn't even test it. it worked for a few weeks in my system and - bad for me - I didn't use that system much during the next several months. I finally powered it on and it was no end of disk errors. the ssd was fried. when I called NE to complain they said that they just rebox things and send it out. its YOUR job to verify it works.
  O. M. G.
  what a lesson ;(
  don't get burned. don't buy open box from newegg. I like NE in most ways but they totally screwed me and themselves on that one.
  DO NOT BUY USED GEAR FROM NEWEGG. I have to put it in all caps since its a major issue and you WILL get burned; its just a matter of 'when'.
  
  --
  
  --
  "It is now safe to switch off your computer."
15. Re:Two choices... by networkBoy · 2012-02-09 04:32 · Score: 2
  
  I can second this. Been burned by non booting motherboard and other open box issues.
  -nB
  
  --
  whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
16. Re:Two choices... by Nick+Number · 2012-02-09 04:32 · Score: 2
  
  Why even bother with industrial grade hard drive whipping?
  Perhaps they're into HDSM.
  
  --
  Promote proofreading. Don't mod up sloppy posts.
17. Re:Two choices... by Anonymous Coward · 2012-02-09 04:59 · Score: 5, Informative
  
  Choice #2: Use a utility like HDDErase which uses low level ATA commands to tell the controller to wipe the drive. This will wipe every sector, even ones that are bad, relocated, or protected ones. After that, follow up with DBAN for good measure.
  You need to become more familiar with the underlying storage protocols before stating things like this. Let's get to the facts, preferably technical ones, because this is Slashdot. What you've said is mostly nonsense (not entirely though), so let me go over it with you:
  1) There is no such thing as a "low-level ATA command". ATA commands are as "low-level" as it gets with communication between disks and controllers -- controller status bits are a different thing, and are not managed/viewed via ATA, they are done via PCI BAR or memory-mapped I/O. The "command" you are talking about with regards to HDDErase is part of standard ATA8-ACS specification (probably earlier), known as SECURITY ERASE UNIT (command 0xF4). This is verified here.
  2) HDDErase issues SECURITY ERASE UNIT, which is a firmware-level erase that the drive does itself. On mechanical HDDs this is completely equivalent to issuing dd if=/dev/zero of=/dev/disk bs=64k -- except with SECURITY ERASE UNIT, you have no visibility into the progress of the erase, the software simply has to make "educated guesses". If you erase via an OS (meaning the underlying storage driver issues zeros to each LBA), you can get an idea of the progress and speed given that you know how many LBAs there are, and which ones you've written to. DBAN does the latter (though with its own program, not using dd -- but its C code does the equivalent).
  With SSDs, SECURITY ERASE UNIT actually does some extra magic, since the FTL that maps LBAs to NAND flash regions also gets reset (meaning you lose all wear levelling history). This doesn't happen with a standard "OS-level" erase.
  And I'll just throw this out there because some smart-ass will certainly bring it up: there is absolutely no "low-level format" equivalent on ATA/SATA disks unless the vendor chose to implement a non-ATA-standard ATA command that does it. I repeat: THERE IS NO LOW-LEVEL FORMAT COMMAND. SCSI, on the other hand, even today still has a low-level format command. This command on SCSI merges the grown defect list into the physical defect list. ATA/SATA does not work this way -- keep reading.
  3) Both methods I described above "wipe every sector". However, your claim that "it wipes even ones which are bad" is completely incorrect. The same goes for your "[even ones which are] reallocated (sic)". Bad (uncorrectable) sectors are PERMANENTLY bad. LBAs which are remapped (to point to sectors other than their actual LBA 1:1 equivalent) can point to any sector, of course. Sectors which are marked unusable DO NOT get touched by the drive with SECURITY ERASE UNIT or an OS-level format. I can expand more on this later, but it's probably best to read something someone familiar with storage wrote a few weeks ago for a user.
  4) Please explain what a "protected" sector is. I believe you're referring to the HPA region of a disk. SECURITY ERASE UNIT does not do this, and no OS-level erase/zero can touch it. The HPA stores information like SMART attributes, the ATA GP log, hard disk model, serial number, capacity (LBA count), and many internal/vendor-specific things. It is possible to "reset" the HPA using utilities like mHDD, but if you read the (awful) docs for it, it will tell you flat out that this doesn't work on the mass majority of disks because it uses a vendor-specific ATA command that not all vendors implement, or if they do implement it, have security limitations applied to it (usually something magical like issue ATA command 0x45 with a specific CDB payload, watching for a result code of some value, then issuing a
18. Re:Two choices... by rrohbeck · 2012-02-09 05:20 · Score: 3, Interesting
  
  This.
  Refurbishing a drive means (among other things) a full media test which means writing every sector.
  These drives were probably plugged in and "OK, works, ship it!"
  
  --
  thegodmovie.com - watch it
DBAN by the+real+darkskye · 2012-02-09 03:34 · Score: 2, Informative

http://dban.org/
Enough said.

--
Music is everybody's possession.
It's only publishers who think that people own it.
Fuck Beta
~John Lenno
1. Re:DBAN by hairyfeet · 2012-02-09 04:02 · Score: 3, Informative
  
  Actually there is a MUCH better tool friend, I'd suggest Hiren's Boot CD instead. not only does it have Dban as well as a good dozen or more HDD utilities but it has just about every tool you'd ever need from password reset to system info to testing of all major components. It really is a Swiss army knife of system tools and can be run off the CD in Windows so you can use the tools without needing to boot off the disc first. Truly a great tool to have.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
Data Breach by gellenburg · 2012-02-09 03:35 · Score: 5, Insightful

Technically it qualifies as a Data Breach Incident. Depending on the industry the original drive belonged to shit could hit the fan.
The fault lies entirely with the original owner for not wiping the hard drive before returning the equipment. NewEgg is ot in the data wiping business.
Of course the easiest thing for you to do would simply be to repartition it and reformat it.
1. Re:Data Breach by forkfail · 2012-02-09 03:38 · Score: 3, Insightful
  
  So - then are you saying that you should never RMA a failed HD? Because if NewEgg doesn't wipe drives as part of the refurbishment, then you can never send a drive back.
  
  --
  Check your premises.
2. Re:Data Breach by DigiShaman · 2012-02-09 04:27 · Score: 2
  
  Mod parent up. A good percentage of failed drives happens at the controller level. When a drive is refurbished, sometimes only the PCB controller board is swapped out leaving both the existing platters and data intact.
  With regards to data exposure. Who's at fault depends on where the drive originated from. For example, NewEgg gets a shipment of drives from WD or Seagate and then directly resells one to a customer. If it had data on it, that would be the fault of the drive manufacture. However if the drive was returned from a customer and then resold to another customer, that would be NewEgg's fault. For a company as large as they are, it's not that expensive to purchase a stand-alone console in which you can connect a drive or two and wipe it with the press of button. A quick google search shows such a product in the link below.
  http://www.wiebetech.com/products/Drive_eRazer_Ultra.php
  
  --
  Life is not for the lazy.
3. Re:Data Breach by Amouth · 2012-02-09 06:06 · Score: 2
  
  seriously?? $9k for a powered hydraulic press in a box?????????????
  
  --
  '...if only "Jumping to a Conclusion" was an event in the Olympics.'
Who cares? by jdastrup · 2012-02-09 03:37 · Score: 5, Informative

Why bother? Ignore it. Dumb question. Move on.
1. Re:Who cares? by interval1066 · 2012-02-09 05:14 · Score: 2
  
  It's not a hard decision; just nuke it and move on with your life. What the message here is; if this is such a soul rendering thing for anyone, just one plain good reason not to buy refurbed drives. I never do, I always get new ones, there's really no good reason to buy a refurb. You know that by default the drive is going to have a shorter lifespan than a new one, and the price on drives isn't that horribly expensive. I frankly don't see a good reason to buy a refurb.
  
  --
  Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
I've gotten "new" drives from Newegg and Amazon... by slaker · 2012-02-09 03:38 · Score: 4, Informative

I've gotten drives I purchased as new from Amazon and Newegg with exsiting Windows installations on them. In fact, I'd say I see it maybe once in every 30 drives I get. I buy enough drives that I see six or seven such drives in a typical year. Once I got a drive that was clearly part of a Windows SoftRAID before I formatted it.
Personally, I send those drives back. They clearly aren't new and they're not fit for sale in that state. I'm not paranoid enough to go looking at the SMART data for power on hours but when I run across drives like that it makes me think I should. Amazon will pay return shipping on drives in that condition. That is a good reason to buy drives from Amazon.

--
-- I wanna decide who lives and who dies - Crow T. Robot, MST3K
seat belt by pak9rabid · 2012-02-09 03:40 · Score: 5, Informative

I can't help but be reminded of this scene from the movie Old School:

Mitch: Sorry, your seat belt seems to be broken. What do you recommend?
Cab Driver: I recommend you stop being such a pussy. You're in the back seat.

Just don't even worry about it. Nobody you complain to is really going to care. Give it a quick scan for anything interesting, and format once you're done.
Yeah, that's kind of a big deal .... by King_TJ · 2012-02-09 03:41 · Score: 2

I'd ask if you can do an exchange for one with Windows 7 on it, since XP is getting pretty long in the tooth ....
Seriously though, it sounds like NewEgg is usually putting the used drives through some sort of diagnostic process, if they all had special partitions on them for the purpose. Maybe they simply need to train their bench techs to wipe the drives first, instead of making the assumption that creating the new partition is ensuring any old data on the drive becomes unreadable/inaccessible?
Re:I've gotten "new" drives from Newegg and Amazon by jdastrup · 2012-02-09 03:43 · Score: 4, Insightful

That is a good reason to buy drives from Amazon.
So Amazon selling used drives labeled as new is a good reason to buy from them? Sounds to me that you need a new vendor. And if you're buying 210 drives a year (one used drive every 30, and you see 7 used drives a year), I highly recommend you get some sort of direct wholesale or resellers account instead.
Re:Simple and easy solution by DogDude · 2012-02-09 03:47 · Score: 2

dd if=/dev/urandom /dev/sdx bs=4096 The solution is a little bit harder if you don't run Linux: install it first.

And people say Linux is still hard to use....

--
I don't respond to AC's.
Goodies by spooje · 2012-02-09 03:47 · Score: 4, Funny

First check for free porn, then call New Egg about it.

--
Tea and kung-fu. Life is good. Rising Phoenix
Happened to us once by Gavin+Scott · 2012-02-09 03:49 · Score: 3, Interesting

Quite a few years ago we bought an allegedly new drive from a bay area electronics retailer, and found it to contain some sort of raw partition containing a list of the names of approximately HALF THE PEOPLE in the United States along with some "number". Those of us who were listed in the data were unable to figure out what the number might be (an account number etc.)
Eventually we got bored with the data and put the drive in service for its originally intended application.
I wrote up the event and sent it off to the RISKS list, especially as Peter G. Neumann, the moderator of RISKS, was listed in the data, but they didn't publish it.
G.
How badly do you want/need to be involved? by davidwr · 2012-02-09 03:53 · Score: 3, Informative

I assume you don't have any LEGAL obligation to do anything other than not try to view the data. If you have any reason to suspect otherwise, ignore this entire Slashdot threat and call a lawyer.
Now the question is, how much do you WANT do do, which boils down to "at least as much as your conscience requires" and "not so much work that you'll wish you'd never ordered the drive in the first place."
At the low end of the stress scale, take an earlier poster's suggestion and use HDDErase or something similar followed by DBAN should make sure you don't ever stumble across their data. Sending it back to NewEgg accomplishes the same thing.
If you send it back, I wouldn't use the normal return method. Instead, I'd write a letter to a high-level executive and include a copy of the drive-plate cover, a screen-shot, and a copy of your order along with a request that the executive do what it takes to make sure this never happens again, then ask for instructions to return the drive. Send the letter by certified mail. Keep copies of all correspondence.
At the high end of the stress scale, you can probably complain to a government agency, as NewEgg may have violated the law.
There are other options in between.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Oder more by zwei2stein · 2012-02-09 03:56 · Score: 2

Order more drives. Hope for jackpot.

--
-- Technology for the sake of technology is as pathetic as eschewing technology because it's technology.
Re:use dd by Richard+Dick+Head · 2012-02-09 04:04 · Score: 5, Informative

You'd be surprised.

Long time ago I temp'd at a place that did computer recycling for various companies, mostly for a company that was a large depot of home supplies...Turns the hard drive security wipes were a "dog and pony show", to quote the supervisor. I was instructed to run the formatting utility for about 5 seconds, and then hit cancel and throw it in the "done" pile. "That gets the first part of the drive, the rest doesn't matter."

The people that do this kind of thing have hundreds of drives to do for the day, and there is no QA, so throwing a few in the done pile without clearing it just makes you look good for being extra productive, and nobody gives a shit about the data. Never cheated myself, though I probably should have. I was fired after two weeks, go figure.

--
The real path to male liberation
What really happened by tomhudson · 2012-02-09 04:04 · Score: 3, Insightful

Someone along the chain swapped the RMA'd drive for one they had hanging around. They get a refurbed drive with (hopefully) more lifetime left before failure (and the ability to return it if it does die), you get a ticking time bomb and no warranty.
Christmas Ornaments by ISoldat53 · 2012-02-09 04:32 · Score: 3, Informative

If I have a HD that has failed I pull the disks out and use them for Christmas ornaments. I don't trust sending them back. The rare earth magnets are useful too.
1. Re:Christmas Ornaments by Translation+Error · 2012-02-09 04:38 · Score: 3, Insightful
  
  If I have a HD that has failed I pull the disks out and use them for Christmas ornaments. I don't trust sending them back. The rare earth magnets are useful too.
  Even if it was still under warranty? For a decent-sized drive, that's giving up over a hundred dollars that the manufacturer rightfully owes you for selling a defective product.
  
  --
  When someone says, "Any fool can see ..." they're usually exactly right.
Easy way to protect your data. by Gumbercules!! · 2012-02-09 04:36 · Score: 4, Funny

I once had to wipe some disks before throwing them out (nothing really sensitive or important). But they were SCSI and I didn't have a SCSI enabled PC handy and I couldn't be bothered setting something up or downing a server to do it, etc.

So I came up with a technique for making the disks safe for disposal.

First, I threw them out the 2nd story window a few times. Then I hurled them at the ground a few more times as hard as I could for good measure.

Then I put them in a plastic bag with a heap of dog shit and water, tied the bag up and put them in the bin. If anyone still wanted to try to retrieve that data, they've earned it.

True Story. Still makes me smile.
Bring Eye Bleach by Anonymous Coward · 2012-02-09 04:50 · Score: 5, Funny

I once went over an "unwiped" drive looking for pron. What I found was a folder of "racy" photos the previous owner took. Unfortunately she was twenty years older than me, had about 200 lbs on me, and had a penchant for butternut squash, a food I can not eat to this day.
Knowledge is power, ignorance is bliss, and no amount of eye bleach will remove some images.
Encrypt your DATA! by yooy · 2012-02-09 05:38 · Score: 4, Informative

"I don't trust sending them back." Why should I not get a replacement when it fails during the warranty? And this is exactly ONE of the reasons why you should encrypt your data.
Must Wipe It by Pitawg · 2012-02-09 05:47 · Score: 5, Insightful

No decision needed. Look all you want, but the liability is on you if someone decides your computer is of interest and data is questionable. Unless you report it to vender in a verifiable way, data on the drive, even if it was not yours, is now yours in any examination. Report it in writing or no evidence will exist to point in someone else's direction for liability.
Wiping beyond technological limits of retrieval is important with both criminal liabilities and civil copyright liabilities. The odds of old data being a problem in your life may be low, but it would be icing on the cake with any situation bringing your drive to the attention of some types of investigations.
Call it paranoia if you like, but why drive around in your new used-car with a suitcase in the trunk that came with the car without knowing precisely what is inside. Remove the suitcase, or examine every square inch of it looking for contraband..
Re:Newegg: Many problems. Recommend others? by Stoutlimb · 2012-02-09 05:50 · Score: 3, Interesting

Oddly enough I have a story involving both Newegg and Memory Express.
I recently moved away from a city which was home to my favourite store (Memory Express) and needed to buy micro SD cards. I couldn't buy from ME's online store because they didn't handle my method of payment, so I bought a card from Newegg for a bit more money and a lesser known brand. (the same brand was way more money on Newegg). I tested the card, and it was a class 4 card with a class 10th label on it. Of course Newegg only refunds price not shipping, so I'm out a lot of money and still no decent SD card. I'm holding out until my next road trip.
Moral of the story: Don't trust Newegg. Even if they do return the money, they aren't worth it.