• Last 10 things the cat wrote

  • I hear a harrruuummmm. Should I be worried? Lessons in tech support
  • Hard drives, privacy and what do you do with them
  • Follow up on the phony tech support calls
  • Phony tech support calls
  • When the mighty flash drive dies
  • That pesky photo organisation problem
  • A better way to bookmark your favourite pages
  • Annoying hints and password problems
  • Twitter, worms and an ounce of caution
  • Just because they call themselves tech support, doesn’t mean they are right

• Subscribe For Free

  Enter your email address:

  Delivered by FeedBurner

  
  
  

  
  
  
  
  

• Catpaw uses:

When you replace your computer, what happens to your old hard drive? What about all those USB drives you use to put your documents on? Do you simply erase them and throw them out when you upgrade to larger sizes?  I’ve been concerned about customers’ privacy for a long time – especially when it comes to their old drives. If you have the right tools, it’s not that hard to recover erased data from them.  It doesn’t even take a lot of skill.

We store a tons of personal information on our computers – passwords, financial data, emails, passport details, SIN numbers, you name it. They are treasure troves of info for anyone who wants to steal an identity or rifle through bank accounts. Today, a timely reminder came from Canada’s Privacy Commissioner’s office of just how easy it is to loose your information. Staples has been taken to task for reselling storage drives that have personal data still on them. In their press release today, the Office of the Privacy Commissioner said:

Staples Business Depot stores failed to fully wipe customer data from returned devices such as laptops and USB hard drives destined for resale, a privacy audit has found. The long-standing problem put customers’ personal information at risk, says Privacy Commissioner of Canada Jennifer Stoddart. 

“Our findings are particularly disappointing given we had already investigated two complaints against Staples involving returned data storage devices and the company had committed to taking corrective action,” says Commissioner Stoddart.

“While Staples did improve procedures and control mechanisms after our investigations, the audit showed those procedures and controls were not consistently applied, nor were they always effective – leaving customers’ personal information at serious risk.”

In short, storage drives taken back to Staples were inadequately erased. Up to 1/3 of the devices in this report that were supposedly “wiped and restored” and put up for resale still had personal data on them:

The Staples audit included tests on data storage devices (ie:  computers, laptops, USB hard drives and memory cards) that had undergone a “wipe and restore” process and were destined for resale. Of the 149 data storage devices tested, over one-third (54 devices) still contained customer data – in some cases, highly sensitive personal information such as Social Insurance Numbers, and health card and passport numbers; academic transcripts; banking information and tax records.

In reading this, I’m 100% confident Staples is not an isolated case. Many other stores would end up with the similar findings, or in some cases worse. This reminded me of an incident years ago when I purchased a package of generic floppies (yes, that many years ago) for a customer. I can’t remember which office supply store it was now.  When we went to use them, all the disks were full. Every one in the package held some business’ archived records. I was astounded. When I returned to the store with said floppies in hand, the clerks were baffled as well. The manager did some phoning and found out the disks they had purchased in bulk came from a reseller. He simply acquired floppies from a variety of sources, repackaged them and sold them as new, without ensuring the data was erased. Since that time, I’ve been very wary.

Ask yourself, what do you do with the old CDs you no longer want? Throw them in the garbage? How about the old computer you just replaced? I’ve walked by computers dumped at the end of drive ways – waiting for someone to pick through the unwanted carcass – and poked through them myself. It’s surprising how many still have their HD in them. Simply erasing the data is not enough. Anyone can go online and get recovery software that will bring most of the files back up. I don’t like to see customers throw out their drives or even give them away an longer. I yank hard drives out of old machines, and either buy a case for it to turn it into an external backup drive for the customer (if the HD is in good working order) or I bring my handy dandy screw driver set with me and dismantle the entire drive. The casing for HD is not expensive and offers customers the extra security that their data is safe. If the drive is no good, the silver disks inside the HD make great coasters and the earth magnets are .. well they are just cool to play with. Let’s just say there are a few refrigerators in Toronto with magnets on them that will be there when the fridge is disposed of.

As for CD and USB drives (if they no longer work properly), I take a hammer to them and destroy them.  Make sure you put them into a bag before attacking them, CDs and USB drives splinter when smacked with heavy objects. The parts can become dangerous flying projectiles. Remember, it’s all fun and games until someone looses an eye.

But what if you have to return your drive because it is defective?  That’s a serious problem. We assume any company we are dealing with is either ethical enough or smart enough to take steps to protect your security.  If the drive is still in working condition, I’d recommend you get software (called shredders) to wipe it clean yourself. There are lots of decent ones on the Internet. Simply deleting the files does nothing – they are still there. A good shredder program overwrites the files numerous times until they are no longer accessible, unless someone has some very, very expensive software on hand.  One of the best is Active@ Kill Disk. It not only erases your drive, it destroys the partitions and does a low level format. Use it on floppies, USB drives, hard drives – any data storage you want to get rid of. It’s a FREE utility. Yes, free as in no strings attached. They also have professional level utilities for businesses, but for the home market or single computer/laptop the Active@ Kill Disk will do the job. If you find yourself deleting lots of USB drives etc, purchase Active@, it’s not expensive and may be the cheapest insurance you ever buy yourself.

Active@ Kill Disk meets government standards for “sanitizing” disks. That means, nothing will be recoverable from your old drive. If you don’t want the drive hanging around and want to pass it along the computer food chain, use Active@ first, make sure nothing is on the drive and then give it away. If the disk or computer is defective and under warranty, use Active@ before returning to the store for a replacement. The Active@ comes with clear instructions on how to use it as well as common sense information. If you can’t dismantle the drive, or need to return it, Active@ Kill Disk will let you rest easy your data will not be recovered.

If the drive doesn’t work at all, you are faced with a dilemma. Take it back for the refund/replacement and trust the company disposes of the drive properly or destroy it yourself and swallow the loss. It’s up to you.  If you take your drive back to the store, demand in writing, a guarantee the drive will be professionally wiped by the company (do this even if you’ve been able to wipe it by yourself). Make sure the store understands you take your privacy seriously.  Get it in writing. No company should hesitate to offer this in writing. If they do, that’s a signal they have sloppy habits. It’s your data, and it’s your right to protect yourself. If a company won’t put it in writing, tell them they have a cavalier attitude about their customers and say “there’s lots of competition out there. Do you want me to take my business elsewhere?” I think customers need to start forcing this issue by demanding it in writing. This puts the company on notice.  Money talks in this situation. You can also use the threat of going to the Privacy Commissioner. Here in Canada, it wields a very big stick – just ask Facebook about the problems they’ve had here. Don’t be meek. Don’t put your data at risk.

In my last post, I told of a customer who received a phone call from a phony tech support person trying to sell protection for her computer. Since that time, 3 more customers have received similar calls. The callers are slick and extremely aggressive. If one customer’s experience is anything to go by, the scammers are also very persistant as well. They don’t take no for an answer. Here’s an email from one of my customers:

Somebody from India or wherever claiming to be from Microsoft took me through a trip on my old computer, claiming that my computer is 4 years and 1 day old and that I need to buy a new firewall from them. It was a long process whereby they claimed to prove things to me.

I think some idiots hacked into somewhere, got all my info and they were not from Microsoft. Kept claiming they were proving things to me.

This is what makes the calls so hard to resist. They sound so damn convincing. Not only do they have your phone number and address, in some cases they actually have detailed information regards the age of your computer and warranty status.

I knew that at the end either the computer problem would just be fixed or they would ask for money. They wanted $$$.

He [said] that my computer would white out in 24 hours if we did not buy the new firewall.

The computer in question had just been checked by me 2 weeks ago and I know the firewall is fine. The computer is on it’s last legs and already replaced by a newer machine, but the firewall works fine. Not only that, it has both a hardware and a software firewall working on it. The threats about the firewall are bunk. But very scarey bunk.

An important note here: if your firewall stops working your computer will not “white out”. This is not possible. “White out” is a nonsense term used by a scammer to terrify the unsuspecting. Even if the company you bought your computer from is in the business of selling firewalls, you are under no obligation to purchase your firewall from them. You can pick and choose the software you run.

Would Microsoft call and try to sell an update over the telephone? The man told me my computer number and that only Microsoft and I know the number blah blah blah…

Blah, blah, blah indeed. The answer is a categorical NO. Microsoft does not cold call people to sell them anything. Nor will any reputable anti-virus protection company. The calls are scams, nothing more. The more you argue with the person on the other end of the line, the more threatening they become. I gather from this customer, the call disintegrated into a shouting match.

Here’s advice on how to handle this type of call – hang up. Don’t engage the person, don’t listen to their sales pitch, don’t take their tales of imminent catastrophe seriously. They are interested in your credit card number, not your computer security. It isn’t rude to hang up on someone trying to steal your money.

I was helping a customer with her FaceBook account the other day checking the security. Up popped the ubiquitous security hints. Now in theory, these hints to help you recover you password are a good idea. In practice they are often frustratingly laughable. Case in point with the FaceBook questions:

What was the name of your first pet? This is okay if you had a pet, and a good memory.
What was the name of your first grade teacher? WTF? I can barely remember most of my university prof’s names. I have been trying for the life of me to remember their names (we moved midway through the year so I had two teachers) and I can’t.
What are the last 5 characters of your driver’s license? Can’t answer the first 2 so I’ll just get up, stroll across the room, find my wallet, pull out my license (and bifocals) and put in the numbers. Yea, right.
What street did you live on when you were 8 years old? I can’t even remember my damned first grade teachers’ names. Hang on a minute while I call up my mom and ask her.
What is the name of the first boy or girl you kissed? WHAT? How old were the people who thought these up? Seriously!
In what city or town was your mother born? Okay we have a winner! This one is achievable.

My point is, setting questions like this fail to take into account not everyone is 16 years old when first grade was not that long ago. It’s great if you have enough fingers and toes to count back to when you were 8, but after a certain point in time, it’s just another hassle. It’s one thing to finally dredge up an answer, it’s another thing to remember this a year down the road.

To me the hallmark of a good company is one that understands the user. These are the companies that offer a series of set questions, then the lovely option to write your own question. So if you are in charge of website security, please keep in mind, not all of us have the nimble recall of a teenager. Don’t offer up one more obstacle to your user when you don’t have to.

Social media sites like Twitter can be great fun. They can also be powerful mediums for getting messages out quickly. However like all things related to the Internet, an ounce of caution is always needed. Today a worm is threading it’s way through Twitter sending out Tweets with links using the URL shortener “goo.gl”. The link sends anyone who clicks on it to a hacked website loaded with malware. Variations of the actual link have already appeared; when one is blocked, another takes it’s place. One of the early links looked like this: goo.gl/R7f68.

The link is being sent out from both bogus accounts and legit Twitter accounts that have been infected with the worm. Never randomly click a link from anyone you don’t know. If the tweet was sent to you by an anonymous person, don’t click it, just don’t. If it came from a Twitter friend, ask them if they sent it to you. It’s stunningly easy to get caught up in a maleware honey-trap so protect yourself by ensuring your anti-virus and malware scanner/defender is up-to-date because Malware will screw up your computer and pretty much ensure you have a really pissy day.

Next Page →

• Index

  Select Category 0x error  (1) Addons  (1) Advertising on the internet  (1) advice  (4) antivirus  (2) Bad tech support calls  (4) beginners blog  (1) blogging  (1) Bookmarks  (1) Browsers  (1) Data Security  (1) error message  (1) evaluation  (1) Good tech support  (1) hardware  (2) Internet privacy  (3) internet usage  (2) Malware  (1) Microsoft patch  (2) new computer purchase  (1) Organising files  (1) outlook  (1) outlook express  (1) Photos  (1) purchase advice  (2) Quicken  (1) Scams  (2) Security  (7) security patch  (1) send mail errors  (1) software  (5) SSID  (1) Storage Drives  (1) Tech support issues  (4) Twitter  (1) unable to access  (1) Understanding the customer  (1) Vista  (1) wifi  (1) word processor  (1)
• 
  Subscribe to Catpaw's Technical Support Column - free
  

• User Liability Information.

  Information is supplied on a use at your own risk basis. Catpaw Computer Consulting offers no warranty or guaranty concerning the tips, hints and information supplied. Again, use at your own risk.
  
  All content wholly owned by Catpaw Computer Consulting and may not be copied without permission.

  All comments are held for approval. If there is a link back to an obvious spam site the comment will be deleted, regardless of the comment.
  Not all comments will be approved. Abusive and rude comments will end up in the trash with all the spam so please moderate your language.

• Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org