mailto: blog -at- heyrick -dot- eu
People can be so careless with their personal data
I'm sure many people who have touched second-hand kit have a variety of stories to tell. Sometimes the person doesn't bother to delete data as they trust you to wipe it when you are setting up your own system, sometimes people trust others to safely dispose of their kit. And sometimes...that's a really poor idea.
At a recent vide grenier I purchased two 80GB SATA harddiscs for €7. Dunno how the guy arrived at that price, but never mind. The plan was to test the drives using the DPS Self Test built into my computer's BIOS.
The Maxtor drive passed its testing after a long examination (about 40 minutes). The Seagate Barracuda failed its test in seconds. But not to be dissuaded, I decided to fire up the Barracuda and see if there was anything of interest on the drive.
A copy of XP Pro which required a login. By default it was a guy, let's call him Joe, set to log in to a networked machine. His account was passworded. The Admin account was passworded. There was no way into this.
So I booted up with Hiren's BootCD; where there was a rather useful tool to mount the NTFS partition, open the registry, find the Admin user account, and erase the password. That done, I rebooted back into XP and logged in as the Administrateur.
There was surprisingly little in the way of applications software on this machine. A copy of OpenOffice, an ancient PDF reader, a freeware photo retouch package, and some sort of time/personnel accountancy software that expected to be able to talk to a back end server (and died when it couldn't). Kind of boring.
Until I stumbled upon Joe's personal assortment of rubbish. A brief look at some of the document titles, I'm guessing he is some sort of pen pusher in the local council. He drives a Dacia Sandero that was first registered on 15th December 2009. His wife, Annie, drives a Renault MRE1206AR544 (that's a type of Scenic) that is a decade older. How do I know this? Scans of his carte gris (vehicle registration document). He passed his driving test on the 13th of May 1971, I know this because he also scanned his driving licence.
As to who he is...what would you like? His French national identity card, or his passport?
There are a fair few photos as well. He and his wife have been to Egypt, Vietnam, and numerous holiday places around Brittany. Egypt looks baking hot. Vietnam looks crowded and damp.
These photos leave absolutely nothing to the imagination, and note that they are categorised as "humour" (re pathname). Pretty pathetic for a married guy born in '51.
Then there's this:
I reformatted the harddisc to have a crack at installing Ubuntu just to try it out (not worried about the disc being dodgy as I had no intentions of switching to Ubuntu), but it hung up trying to write data to the damaged part. Hmm, I had kind of expected the controller to have worked around that, isn't that what this SMART stuff is for?
Now, I wasn't going to get anywhere using any sort of Windows installer because NTFS is a bit brain dead. I did, however, have the Ubuntu Live CD that I had tried a while back. So I booted into Linux and let it begin the installation of the system. It didn't take long for it to bomb out. So I rebooted the Live CD, dismounted the harddisc, and then switched to a console.
fdisk /dev/sda1 -c -f -D
This is to force a check of the filesystem, and to perform a read-test looking for bad blocks, which will be mapped out. A more thorough test is with
-cc to perform a read-write-read test, but that takes a lot longer. The corruption is near the start of the disc. It took an hour and a half to scan through the first 3% of the disc, finding 946 (!) errors. By comparison, the rest of the scan was pretty rapid. Once those are mapped out, I'll reinstall Ubuntu into the existing partitions. Obviously the disc is junk and should be binned, however is would like to see how Ubuntu fares in use with something better than a Live CD, and since I wish to make use of the other drive, it seems a shame not to recycle this drive given the ext filesystem supports mapping out bad blocks so can work around the damage. Clearly no data of value is going to be held on the setup, so it's no big deal.
Of course, reinstalling was easier said than done. You need to delete stuff so it doesn't conflict, and then do other stuff because the installer has a fair few bugs when used in uncommon cases. And if you're lucky, it'll make it three quarters of the way across "Copying files" before the machine kernel panics. Wasn't the bad stuff supposed to have been mapped out? I run fsck and it reports a bunch of programmer errors. Hmm, my confidence level has fallen through the floor... I think I'll stick to Windows for the time being.
The other drive had a basic installation of Windows XP Professional that has little in the way of information on it. Judging by the machine name, it was from an association for impoverished people in a nearby town. This machine, also, was set to log into a networked server. With the Admin password nuked, logging in showed very little besides a plain XP installation that refused to do anything until it had been activated. Well, what a bother.
The trick of running
Rundll32.exe syssetup,SetupOobeBnk didn't work. Don't waste your time.
Instead, reboot into plain ordinary Safe Mode and fire up RegEdit.
Navigate the structure as follows:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ WPAEvents and then double click on the
OOBETimer key. Erase all of the data there (until the windows says only 0000). Then in the middle section, enter the following hex bytes:
FF D5 71 D6 8B 6A 8D 6F D5 33 93 FD and OK it to update the registry.
Now right click on the WPAEvents folder and choose the Permissions option. In the window that appears, highlight SYSTEM in the upper part of the window, and in the lower part, tick both of the Deny boxes. OK to update this.
What we have done is to fake WPA into thinking it has been activated, and then denied it any rights to modify the registry (so it can't change its mind and bother you some more).
Reboot the machine and it will report itself as having been activated.
It's a shame the Windows 10 stuff isn't this easy to silence.
This, working, harddisc will either be a replacement for my current 40GB drive, or as a secondary drive for storing videos and stuff. I haven't decided yet. The Ubuntu drive? Bin. But having wasted an afternoon on it, I think I'll hit it with a really big hammer first. Okay, it was a trash drive and I wasn't doing anything else today, but it'll make me feel better...
Actually, I'm mostly annoyed that I couldn't go into town today. There's a petrol crisis on because the CGT (militant union) held a ballot that was 55% in favour of a strike at the big oil refinery in Donges (near Nantes). This led to panic buying, pumps running dry...a kind of self-fulfilling prophecy. They are striking because of a hugely unpopular labour law. That's why people have been protesting, students rioting, etc. Yes, the law is bad and risks making CDI (proper employee) basically an unofficial sort of long term CDD (fixed duration contract); however I fail to see how holding the motorists/workers/etc of the north west ransom to their whinging is going to be in any way helpful. If I have trouble at my work (I might, his new legislation being what it is), does this give me trhe rights to lob a hand grenade into their refinery to mess them up? Of course not, my problems have sod all to do with them; just as their problems should have sod all to do with me. They are only doing this because they know that their actions will directly affect a huge number of people.
Well, what happens come the end of next week if they are still on strike and there's no more petrol in the tank? Isn't it enough that I have to worry about the law everybody hates (and my origin country's stupid referendum) without this? They're beligerent, power happy, hypocrits; and every one of the 55% that voted to go on strike should be pink slipped. Dear refinery workers - your problems are not more important than ours. We work in France, we're all affected.
Aaanyway, the moral of the story: If you are passing on (recycling, donating, selling) equipment that has had your digital data on it, you should be careful to scrub your data from the device before it leaves your hands.
Yup. Feel better now.
I recommend this method of removing data:
Please note that while I check this page every so often, I am not able to control what users write; therefore I disclaim all liability for unpleasant and/or infringing and/or defamatory material. Undesired content will be removed as soon as it is noticed. By leaving a comment, you agree not to post material that is illegal or in bad taste, and you should be aware that the time and your IP address are both recorded, should it be necessary to find out who you are. Oh, and don't bother trying to inline HTML. I'm not that stupid! ☺ ADDING COMMENTS DOES NOT WORK IF READING TRANSLATED VERSIONS.
You can now follow comment additions with the comment RSS feed. This is distinct from the b.log RSS feed, so you can subscribe to one or both as you wish.
(Felicity? Marte? Find out!)
List all b.log entries
Return to the site index
PS: Don't try to be clever.
It's a simple substring match.
Last read at 05:21 on 2022/07/05.
© 2016 Rick Murray
This web page is licenced for your personal, private, non-commercial use only. No automated processing by advertising systems is permitted.
RIPA notice: No consent is given for interception of page transmission.