How to Give Away or Sell a Computer or Hard Drive (Safely)
You'd be surprised by how many people, when they sell an old hard drive or computer (or give it away) do nothing to safeguard the information on the hard drive. There are several things you can do to remove the data from a hard drive, but only one of them actually does remove the data from the hard drive.
- I'll just delete the files and then empty the trash. If that's the solution you choose, I hope the disk drive didn't contain any valuable personal data because just about anyone can run a data recovery utility and restore all of your files in just a few minutes. That's because when files are erased, the only thing that's changed is the entries for the files in the disk's index. They're simply marked as having been deleted, but everything is still there. Emptying the trash does nothing other than make it impossible to restore the file by dragging it out of the trash.
- Well, then, I'll format the drive. This Quick Format option finishes the job in less than a minute. Again, I hope that the disk drive didn't contain any valuable data. You've made it a bit harder for someone to recover the data, but any good data recovery utility will be up to the job and it won't take long. In fact, some people like to visit second-hand stores and buy any disk drives that are being offered just to see what they can find.
- OK, so I'll use the standard format. It takes a couple of hours so the disk must be clean! Sorry, but no. You've now made the process of recovering data considerably more challenging, but some people like that kind of challenge.
So those are the options that won't work. I said there's one that will. Actually, there are two, but you're not going to like one of them. I'll start there.
- Obtain a large hammer. Place the disk drive on a hard surface, such as a steel workbench. Beat the drive until it is in multiple pieces. Then continue beating the metal platters you'll find inside until they are no longer shiny, level, or round. This is data deletion to military specification.
- You'll like this one better: Download DiskWipe from www.diskwipe.org. It doesn't need to be installed, but just copied to the computer. If you're planning to delete data from an external drive, plug it in. Otherwise, just start the application. DiskWipe will display a list of the drives that are attached to the computer. Select very carefully the drive you want to wipe. Choose the type of wipe process you want to use, noting that slower is better from a data-destruction standpoint but that when it comes to wiping data, "fast" means that the process will take several hours. In my case, it was nearly 11 hours (10:42:15) for a modest 500GB drive. Unless you're being followed by the FBI, CIA, Mossad, or SMERSH, one of the "faster" options is probably acceptable. If you are being followed by a professional spy agency, you'll want to use the previous method.
Here's How DiskWipe Works
To illustrate the process, I used a 2GB thumb drive and that brings up another point: If you're planning to sell or give away old thumb drives or flash cards from your camera or other device, these should also be cleared.
No installation is required, so you can place DiskWipe on a thumb drive or copy it to any location and run it from there.
After starting the application, I selected the thumb drive because that's the drive that I wanted to wipe. The interface is simple and easy to use. Just select the disk and click Wipe Disk.
But first you might want to see what's on the disk. In this case, I had formatted the thumb drive with the quick-format option. Prior to being formatted, the device contained 2 executable files and another file that would not have been human readable. Executable files do contain some text and this text is clearly visible even though the thumb drive had been formatted.
DiskWipe will detect the disk's current file system (NTFS=NT File System, FAT=File Allocation Table, and FAT32=32-bit File Allocatioin Table). You can leave the existing file system in place or select one of the others because DiskWipe's first action will be to format the drive. Depending on the size of the drive, this could take several minutes or several hours.
I selected the one-pass ("quick") option, which took about 1 hour and 20 minutes for a 2GB thumb drive.
If you believe that really determined crooks might get their hands on your drive, use the 35-pass Peter Guttman process, which is shown as "extremely slow". Based on a nearly 11-hour process for a 500GB drive using the 1-pass option, I would expect a 35-pass option to take approximately half a month.
The application will display the name of the disk and its letter for your confirmation and you'll be required to type ERASE ALL to continue.
Just to be sure, you'll have one more chance to cancel the process without proceeding. Once you click OK, the data on the disk will be in the process of being turned into toast.
At the conclusion of the process (1 hour 20 minutes), you can view the data on the disk.
What this image shows is the boot record, followed by random data. There is no longer any useful information that can be retrieved.
DiskWipe is a Free Disk Clearing Application
The computer, disk drive, thumb drive, or flash memory card that you take out of service and want to sell or give away still contains data, maybe data that you don't want anyone else to have. DiskWipe is easy to use and free. It's not fast, but no application that deletes all data from a disk is fast.
For more information, visit the DiskWipe website.
WTOP and Federal News Radio Hit By Malware
According to the Department of Homeland Security/Computer Emergency Response Team (CERT), Washington DC radio station WTOP and Federal News Radio websites were infected with malware but as of late last week, the malware had been removed. CERT says that the exploit would affect users of Microsoft's Internet Explorer on computers where Adobe Reader, Adobe Acrobat Pro, or Oracle Java had not been updated.
The compromised websites were modified to contain a hidden iframe that referenced a JavaScript file on a dynamic-DNS host. Note that Oracle's Java and the scripting language JavaScript are not related in any way. The file loaded on victims' computers was what's called the Fiesta Exploit Kit, which uses several known vulnerabilities to attempt to download a file that will install malware on the computer.
The following descriptive links were provided by CERT:
Any systems visiting running Internet Explorer and vulnerable versions of Adobe Reader or Acrobat or Oracle Java may have been compromised.
WTOP General Manager Joel Oxley said that getting the websites back up and running safely for all users has been the organization's top priority. "We take our users' privacy very seriously," he said, "and we have taken steps to prevent similar occurrences."
The WTOP website noted that both sites were temporarily limited to browsers other than Internet Explorer "to allow for a careful examination of how site security was compromised."
The exploit kit that was used delivers and executes a known variant of the ZeroAccess Trojan and reportedly also downloads and installs a variant of FakeAV/Kazy malware, one of those pop-up antivirus warning scareware applications that are so difficult to remove.
Next, the ZeroAccess Trojan would attempt to communicate with one of two hardcoded command-and-control IP addresses using an HTTP GET procedure and reporting itself to be the Opera browser, version 10.
As a final gift to the victim, the malware downloads a custom Microsoft Cabinet file (via UDP on port 16464, if you're interested) from its peer-to-peer network. This cabinet file contains several lists of IP addresses and a fake Flash installer.
WTOP writes on its website: "Computers infected with the malware may display a pop-up message indicating that the computer is infected with a virus." This pop-up should be regarded as fake if it prompts the user to click on a link that goes to a website the user doesn't recognize. "This fake website offers security software for sale and prompts users to provide personal information, including credit card numbers. Users should not provide information, if prompted to do so," the site said.
Most up-to-date anti-virus programs would probably have recognized the threat and blocked it, even when the browser involved was Internet Explorer.
Short Circuits
Grilled Apples in Washington
This week the Senate asked Apple CEO Tim Cook about the company's tax strategies. You may recall the report from a few weeks ago that cited Apple's plans to sell $100 billion worth of bonds even though it has $145 billion in cash. It seems that the $100 billion that Apple couldn't use was unavailable because it wasn't in the United States. The $100 billion turns out not to be liable for taxes in any country on the planet. And it's all legal.
The money is in Ireland and Irish authorities say they did nothing wrong, which is what Cook said of Apple's practices.
Apple isn't alone. Continuing not to be evil, Google generated $18 billion in Britain between 2006 and 2011. Taxes paid to Britain: $16 million. In numbers that people like us might understand, that would be like charging $16 worth of tax on an $18,000 purchase. It's a rate of about 9 tenths of one percent.
Amazon's European headquarters is in Luxembourg, which allows it to minimize taxes in Europe, but it also makes it possible for Amazon to reduce its US tax rate to a rate of about 5.3%. You'd probably like that rate, too. Good luck getting it. The IRS suggests that Amazon owes the US Treasury about $1.5 billion; Amazon disagrees.
Calling the US corporate tax code "broken" seems to be an understatement but with the current climate in Washington, it's unlikely that anything will change.
Although Apple is headquartered in California and run from California, it maintains a shell operation in Ireland. That shell has no employees, but most of the company's profits are held there. The US considers it a "foreign" company. Because there are no employees in Ireland, that country's taxing authority also considers it to be a "foreign" company and the money isn't taxed.
Cook told senators that Apple pays every single dollar of taxes that it owes and that it's been using the same process since 1980. He stated that the procedures make Apple more "efficient" and is not intended as a "tax avoidance" strategy.
PayPal to be in 2 Million Stores Soon
You can pay for your RadioShack purchases with PayPal. That was a big win for PayPal because RadioShack has a quarter of a million stores. The two companies signed the deal last month and PayPal intends to quadruple that within the year. PayPal head David Marcus says other deals are in the works.
PayPal now has 128 million registered users, picking up 5 million new users between January and April of this year. PayPal's overall growth has dropped drastically, though, from 32% to "just" 18%. Most companies are delighted with 5% growth and anything over 10% is worth of a corporate celebration, just to put those numbers in perspective.
PayPal wants to offer more than just online payments and the goal is to couple PayPal payment options with smart phones.
Lots of Changes for Online Music Services
Google launched its online music service last week via the Play Store and competing services are updating their services. Whether this is because of Google's move into the market space or as part of planned, ongoing changes isn't clear. Internet businesses frequently change their operating practices regardless of competitors.
Pandora has added a new "Premieres" station offers the latest albums and actually makes them available for listening a week before the music is available for sale. John Fogerty's new album, Wrote a Song for Everyone, is available but it doesn't officially debut until the end of the month.
If you're a Pandora subscriber, search for "Pandora Premieres".
I had considered subscribing to Google's service ($8 per month, or $10 per month if you wait until June to subscribe) but decided against it because the results are not good on slow connections such as the one available on the public network at the office. With nearly 30,000 selections to choose from on my home computer, it seemed unlikely that I would need an online service there.
Spotify will start publishing a list of the most-streamed songs and most-shared selections on its service. The Top 50 lists will include links that will allow users to stream the tracks without logging in. In fact, no Spotify account is needed to stream those selections. Spotify has about 24 million users, of which about a quarter pay for the service. By comparison, Pandora reports 70 million users. No figures are available for Google's service yet.
And Last.fm has added 90,000 music videos to its service. The videos are from MUZU.TV and currently is available only in Europe. Last.fm says other countries will soon have the service, but hasn't explicitly promised that the US is covered by the term "other countries".