Ask Slashdot: How To Deal With Refurbed Drives With Customer Data?

An anonymous reader writes "I just received 3 'refurbished' SATA drives from Newegg. All 3 had some sort of existing partition. Most appeared to be factory diagnostic partitions, but one had a full Dell Windows XP install complete with customer data. How big a deal is this? Should I contact someone besides Newegg about this?"

knowledge is power

[louic]

First, have a look at the data. Then decide.

Re:knowledge is power

You know what? You're right. I think I'll go ahead and do what I've been considering doing for some time now, and encrypt the hard drive of my laptop.

Re:knowledge is power

[ackthpt]

First, have a look at the data. Then decide.

Just because you have it doesn't justify any actions you take based upon it. Erase it. Make sure it's completely gone. Then notify Newegg their Refurbies are morons, putting them at legal risk, as well.

Re:knowledge is power

[steelfood]

Same thing you do with every other mostly-dead drive: Go through it and look for pr0n.

Re:knowledge is power

[ShieldW0lf]

Why do I have to be the first to say it?

Format the drive. Store data on it. Move on with your life. It's a non-issue. Quit being a drama queen.

Re:knowledge is power

[UnknowingFool]

Looking at the data legally puts you at risk. The other company may care. If the data was government/military, there's a headache you don't want. Erase it immediately so there is no question. While no one can prove you looked at it or not, no need to make it worse on you.

Re:knowledge is power

[uncledrax]

Until you find out it had kiddie porn, and simple possession is pretty felonous these days.

Re:knowledge is power

[Stewie241]

That significantly reduces the changes of successfully making a warranty claim, and that is probably the issue.

Two choices...

[mlts]

Choice #1: Send the drives back and demand ones without confidential data on them.

Choice #2: Use a utility like HDDErase which uses low level ATA commands to tell the controller to wipe the drive. This will wipe every sector, even ones that are bad, relocated, or protected ones. After that, follow up with DBAN for good measure.

After that, don't worry about it.

Re:Two choices...

[Joce640k]

Is it Newegg's job to wipe the drives?

I would have thought it's up to the original owner to make sure there's nothing important on there.

Re:Two choices...

[BlackSnake112]

Refurbished drives usually mean the drive failed, was sent in for repair and now is being resold. You can wipe a failed drive? If the motor died, how can you wipe it? The average person does not have the utilities to wipes a failed drive. Whoever refurbished the drive should have wiped it, not newegg.

Re:Two choices...

[hairyfeet]

I agree that Newegg should be told, as they may have a problem in their supply chain. Who knows what company they are buying these refurbs from and I'm sure they have in the contract they are supposed to be zeroed and testing prior to shipment. That said I always give any new drives a quick zeroing out just in case, you never know even on a new drive if some manufacturer in China is gonna have a bug on that machine that is formatting the drives and then a quick runthrough with spinrite on level I just to make sure they are good. For those who have never used the program spinrite on level I simply bypasses the firmware so the drive can't replace bad sectors with spares and then does a simple write/read/erase where it writes to each sector once and ensures that it can read the data before going on to the next. if a drive can't do a simple read/write without significant bad sectors it simply isn't worth trusting data to.

But I've had quite good luck with refurbs from both Newegg and Tigerdirect and if a drive passes spinrite level I it'll be no more risky IMHO than any other drive. You'd be amazed though at how many companies sell or toss drives with data on them, I had a friend working at one of the big telecos as a temp hand for their big computer upgrade and he calls me and says "Hey bud, you still got your truck? good why don't you come out here and bring it around back, they are just chunking their previous systems and most are loaded to the gills with excellent hardware and they said anybody that wants to can help themselves" so when i get there he loads what can't be more than 3 year old Dell workstations nearly to overflowing in my truck, around 60 in all. I get them back to the shop and go to fire one up to see what the BIOS says and missing the BIOS prompt it starts to boot! Sure enough the full OS is there, no password, and there is still all kinds of customer data on these things! I of course Dbanned the drives but if I would have been a bad guy it would have been like Xmas.

If what I saw was typical no wonder we have so many data breaches, but it really doesn't surprise me this guy ended up with drives that had data, picking up off lease systems I find that kind of thing all the time.

Re:Two choices...

[TheGratefulNet]

don't bother. they know about this. they DECIDE to ignore some things.

open-box and returns from newegg are bad, bad, bad!.

I buy a lot from NE. but I got burned on open-box things enough that I now refuse to do it anymore.

last purchase was an intel ssd. it was the only one left (a year ago) and it was a customer return.

silly me to think NE even tests things. they do not! they admitted as much on a voice call to me. I was so mad but nothing I could do about it other than not buy from them anymore (only new things, now).

the ssd must have been someone's 'joy ride test' and NE didn't even test it. it worked for a few weeks in my system and - bad for me - I didn't use that system much during the next several months. I finally powered it on and it was no end of disk errors. the ssd was fried. when I called NE to complain they said that they just rebox things and send it out. its YOUR job to verify it works.

O. M. G.

what a lesson ;(

don't get burned. don't buy open box from newegg. I like NE in most ways but they totally screwed me and themselves on that one.

DO NOT BUY USED GEAR FROM NEWEGG. I have to put it in all caps since its a major issue and you WILL get burned; its just a matter of 'when'.

Re:Two choices...

Choice #2: Use a utility like HDDErase which uses low level ATA commands to tell the controller to wipe the drive. This will wipe every sector, even ones that are bad, relocated, or protected ones. After that, follow up with DBAN for good measure.

You need to become more familiar with the underlying storage protocols before stating things like this. Let's get to the facts, preferably technical ones, because this is Slashdot. What you've said is mostly nonsense (not entirely though), so let me go over it with you:

1) There is no such thing as a "low-level ATA command". ATA commands are as "low-level" as it gets with communication between disks and controllers -- controller status bits are a different thing, and are not managed/viewed via ATA, they are done via PCI BAR or memory-mapped I/O. The "command" you are talking about with regards to HDDErase is part of standard ATA8-ACS specification (probably earlier), known as SECURITY ERASE UNIT (command 0xF4). This is verified here.

2) HDDErase issues SECURITY ERASE UNIT, which is a firmware-level erase that the drive does itself. On mechanical HDDs this is completely equivalent to issuing dd if=/dev/zero of=/dev/disk bs=64k -- except with SECURITY ERASE UNIT, you have no visibility into the progress of the erase, the software simply has to make "educated guesses". If you erase via an OS (meaning the underlying storage driver issues zeros to each LBA), you can get an idea of the progress and speed given that you know how many LBAs there are, and which ones you've written to. DBAN does the latter (though with its own program, not using dd -- but its C code does the equivalent).

With SSDs, SECURITY ERASE UNIT actually does some extra magic, since the FTL that maps LBAs to NAND flash regions also gets reset (meaning you lose all wear levelling history). This doesn't happen with a standard "OS-level" erase.

And I'll just throw this out there because some smart-ass will certainly bring it up: there is absolutely no "low-level format" equivalent on ATA/SATA disks unless the vendor chose to implement a non-ATA-standard ATA command that does it. I repeat: THERE IS NO LOW-LEVEL FORMAT COMMAND. SCSI, on the other hand, even today still has a low-level format command. This command on SCSI merges the grown defect list into the physical defect list. ATA/SATA does not work this way -- keep reading.

3) Both methods I described above "wipe every sector". However, your claim that "it wipes even ones which are bad" is completely incorrect. The same goes for your "[even ones which are] reallocated (sic)". Bad (uncorrectable) sectors are PERMANENTLY bad. LBAs which are remapped (to point to sectors other than their actual LBA 1:1 equivalent) can point to any sector, of course. Sectors which are marked unusable DO NOT get touched by the drive with SECURITY ERASE UNIT or an OS-level format. I can expand more on this later, but it's probably best to read something someone familiar with storage wrote a few weeks ago for a user.

4) Please explain what a "protected" sector is. I believe you're referring to the HPA region of a disk. SECURITY ERASE UNIT does not do this, and no OS-level erase/zero can touch it. The HPA stores information like SMART attributes, the ATA GP log, hard disk model, serial number, capacity (LBA count), and many internal/vendor-specific things. It is possible to "reset" the HPA using utilities like mHDD, but if you read the (awful) docs for it, it will tell you flat out that this doesn't work on the mass majority of disks because it uses a vendor-specific ATA command that not all vendors implement, or if they do implement it, have security limitations applied to it (usually something magical like issue ATA command 0x45 with a specific CDB payload, watching for a result code of some value, then issuing a

Data Breach

[gellenburg]

Technically it qualifies as a Data Breach Incident. Depending on the industry the original drive belonged to shit could hit the fan.

The fault lies entirely with the original owner for not wiping the hard drive before returning the equipment. NewEgg is ot in the data wiping business.

Of course the easiest thing for you to do would simply be to repartition it and reformat it.

Who cares?

[jdastrup]

Why bother? Ignore it. Dumb question. Move on.

seat belt

[pak9rabid]

I can't help but be reminded of this scene from the movie Old School:

Mitch: Sorry, your seat belt seems to be broken. What do you recommend?
Cab Driver: I recommend you stop being such a pussy. You're in the back seat.

Just don't even worry about it. Nobody you complain to is really going to care. Give it a quick scan for anything interesting, and format once you're done.

Re:use dd

[Richard+Dick+Head]

You'd be surprised.

Long time ago I temp'd at a place that did computer recycling for various companies, mostly for a company that was a large depot of home supplies...Turns the hard drive security wipes were a "dog and pony show", to quote the supervisor. I was instructed to run the formatting utility for about 5 seconds, and then hit cancel and throw it in the "done" pile. "That gets the first part of the drive, the rest doesn't matter."

The people that do this kind of thing have hundreds of drives to do for the day, and there is no QA, so throwing a few in the done pile without clearing it just makes you look good for being extra productive, and nobody gives a shit about the data. Never cheated myself, though I probably should have. I was fired after two weeks, go figure.

Bring Eye Bleach

I once went over an "unwiped" drive looking for pron. What I found was a folder of "racy" photos the previous owner took. Unfortunately she was twenty years older than me, had about 200 lbs on me, and had a penchant for butternut squash, a food I can not eat to this day.

Knowledge is power, ignorance is bliss, and no amount of eye bleach will remove some images.

Must Wipe It

[Pitawg]

No decision needed. Look all you want, but the liability is on you if someone decides your computer is of interest and data is questionable. Unless you report it to vender in a verifiable way, data on the drive, even if it was not yours, is now yours in any examination. Report it in writing or no evidence will exist to point in someone else's direction for liability.

Wiping beyond technological limits of retrieval is important with both criminal liabilities and civil copyright liabilities. The odds of old data being a problem in your life may be low, but it would be icing on the cake with any situation bringing your drive to the attention of some types of investigations.

Call it paranoia if you like, but why drive around in your new used-car with a suitcase in the trunk that came with the car without knowing precisely what is inside. Remove the suitcase, or examine every square inch of it looking for contraband..