What are the risks of buying a used/refurbished computer? How can I mitigate those risks?











up vote
59
down vote

favorite
11












I bought a used computer that appears to be wiped clean, but can I be sure?










share|improve this question




















  • 9




    Is this question theoretical or practical in nature? I would argue that buying a computer off an unknown third party would be farily low risk if you format (or replace) the storage devices and clear the BIOS. A lot of exploits are discovered through thousands of attack attempts, which is feasible in a digital environment. It would be far less so when operating in the real world, sending out tons of compromised systems hoping for a worthwhile target to buy them.
    – Brian R
    Nov 26 at 16:28






  • 8




    This is a very broad question.
    – Billal Begueradj
    Nov 27 at 5:24






  • 3




    A significant number of weird crashes reported to Microsoft are most plausibly explained by people buying used machines that incompetent or unscrupulous former owners have severely overclocked. It might be worth checking whether the observed clock speed matches the manufacturer's recommendation.
    – Eric Lippert
    Nov 27 at 18:11






  • 3




    I'd also point out that there is no guaranteed that if you buy a computer new from amazon or a shop it's actually 100% new... during assembly, storage, transport etc from the production plant to your home many people could have a chance to stay a significant amount of time unattended with the hardware. Sure, it's probably harder to do and to avoid it being noticed but you are not 100% sure that a new computer wasn't tampered with either.
    – Bakuriu
    Nov 27 at 18:54






  • 5




    Define "risks." Are you worried about it being potentially stolen? Counterfeited? Loaded with spyware? Packed with C4 to assassinate you?
    – HopelessN00b
    Nov 27 at 19:21















up vote
59
down vote

favorite
11












I bought a used computer that appears to be wiped clean, but can I be sure?










share|improve this question




















  • 9




    Is this question theoretical or practical in nature? I would argue that buying a computer off an unknown third party would be farily low risk if you format (or replace) the storage devices and clear the BIOS. A lot of exploits are discovered through thousands of attack attempts, which is feasible in a digital environment. It would be far less so when operating in the real world, sending out tons of compromised systems hoping for a worthwhile target to buy them.
    – Brian R
    Nov 26 at 16:28






  • 8




    This is a very broad question.
    – Billal Begueradj
    Nov 27 at 5:24






  • 3




    A significant number of weird crashes reported to Microsoft are most plausibly explained by people buying used machines that incompetent or unscrupulous former owners have severely overclocked. It might be worth checking whether the observed clock speed matches the manufacturer's recommendation.
    – Eric Lippert
    Nov 27 at 18:11






  • 3




    I'd also point out that there is no guaranteed that if you buy a computer new from amazon or a shop it's actually 100% new... during assembly, storage, transport etc from the production plant to your home many people could have a chance to stay a significant amount of time unattended with the hardware. Sure, it's probably harder to do and to avoid it being noticed but you are not 100% sure that a new computer wasn't tampered with either.
    – Bakuriu
    Nov 27 at 18:54






  • 5




    Define "risks." Are you worried about it being potentially stolen? Counterfeited? Loaded with spyware? Packed with C4 to assassinate you?
    – HopelessN00b
    Nov 27 at 19:21













up vote
59
down vote

favorite
11









up vote
59
down vote

favorite
11






11





I bought a used computer that appears to be wiped clean, but can I be sure?










share|improve this question















I bought a used computer that appears to be wiped clean, but can I be sure?







hardware






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 26 at 20:08









yoozer8

1641210




1641210










asked Nov 26 at 4:05









PBeezy

6441410




6441410








  • 9




    Is this question theoretical or practical in nature? I would argue that buying a computer off an unknown third party would be farily low risk if you format (or replace) the storage devices and clear the BIOS. A lot of exploits are discovered through thousands of attack attempts, which is feasible in a digital environment. It would be far less so when operating in the real world, sending out tons of compromised systems hoping for a worthwhile target to buy them.
    – Brian R
    Nov 26 at 16:28






  • 8




    This is a very broad question.
    – Billal Begueradj
    Nov 27 at 5:24






  • 3




    A significant number of weird crashes reported to Microsoft are most plausibly explained by people buying used machines that incompetent or unscrupulous former owners have severely overclocked. It might be worth checking whether the observed clock speed matches the manufacturer's recommendation.
    – Eric Lippert
    Nov 27 at 18:11






  • 3




    I'd also point out that there is no guaranteed that if you buy a computer new from amazon or a shop it's actually 100% new... during assembly, storage, transport etc from the production plant to your home many people could have a chance to stay a significant amount of time unattended with the hardware. Sure, it's probably harder to do and to avoid it being noticed but you are not 100% sure that a new computer wasn't tampered with either.
    – Bakuriu
    Nov 27 at 18:54






  • 5




    Define "risks." Are you worried about it being potentially stolen? Counterfeited? Loaded with spyware? Packed with C4 to assassinate you?
    – HopelessN00b
    Nov 27 at 19:21














  • 9




    Is this question theoretical or practical in nature? I would argue that buying a computer off an unknown third party would be farily low risk if you format (or replace) the storage devices and clear the BIOS. A lot of exploits are discovered through thousands of attack attempts, which is feasible in a digital environment. It would be far less so when operating in the real world, sending out tons of compromised systems hoping for a worthwhile target to buy them.
    – Brian R
    Nov 26 at 16:28






  • 8




    This is a very broad question.
    – Billal Begueradj
    Nov 27 at 5:24






  • 3




    A significant number of weird crashes reported to Microsoft are most plausibly explained by people buying used machines that incompetent or unscrupulous former owners have severely overclocked. It might be worth checking whether the observed clock speed matches the manufacturer's recommendation.
    – Eric Lippert
    Nov 27 at 18:11






  • 3




    I'd also point out that there is no guaranteed that if you buy a computer new from amazon or a shop it's actually 100% new... during assembly, storage, transport etc from the production plant to your home many people could have a chance to stay a significant amount of time unattended with the hardware. Sure, it's probably harder to do and to avoid it being noticed but you are not 100% sure that a new computer wasn't tampered with either.
    – Bakuriu
    Nov 27 at 18:54






  • 5




    Define "risks." Are you worried about it being potentially stolen? Counterfeited? Loaded with spyware? Packed with C4 to assassinate you?
    – HopelessN00b
    Nov 27 at 19:21








9




9




Is this question theoretical or practical in nature? I would argue that buying a computer off an unknown third party would be farily low risk if you format (or replace) the storage devices and clear the BIOS. A lot of exploits are discovered through thousands of attack attempts, which is feasible in a digital environment. It would be far less so when operating in the real world, sending out tons of compromised systems hoping for a worthwhile target to buy them.
– Brian R
Nov 26 at 16:28




Is this question theoretical or practical in nature? I would argue that buying a computer off an unknown third party would be farily low risk if you format (or replace) the storage devices and clear the BIOS. A lot of exploits are discovered through thousands of attack attempts, which is feasible in a digital environment. It would be far less so when operating in the real world, sending out tons of compromised systems hoping for a worthwhile target to buy them.
– Brian R
Nov 26 at 16:28




8




8




This is a very broad question.
– Billal Begueradj
Nov 27 at 5:24




This is a very broad question.
– Billal Begueradj
Nov 27 at 5:24




3




3




A significant number of weird crashes reported to Microsoft are most plausibly explained by people buying used machines that incompetent or unscrupulous former owners have severely overclocked. It might be worth checking whether the observed clock speed matches the manufacturer's recommendation.
– Eric Lippert
Nov 27 at 18:11




A significant number of weird crashes reported to Microsoft are most plausibly explained by people buying used machines that incompetent or unscrupulous former owners have severely overclocked. It might be worth checking whether the observed clock speed matches the manufacturer's recommendation.
– Eric Lippert
Nov 27 at 18:11




3




3




I'd also point out that there is no guaranteed that if you buy a computer new from amazon or a shop it's actually 100% new... during assembly, storage, transport etc from the production plant to your home many people could have a chance to stay a significant amount of time unattended with the hardware. Sure, it's probably harder to do and to avoid it being noticed but you are not 100% sure that a new computer wasn't tampered with either.
– Bakuriu
Nov 27 at 18:54




I'd also point out that there is no guaranteed that if you buy a computer new from amazon or a shop it's actually 100% new... during assembly, storage, transport etc from the production plant to your home many people could have a chance to stay a significant amount of time unattended with the hardware. Sure, it's probably harder to do and to avoid it being noticed but you are not 100% sure that a new computer wasn't tampered with either.
– Bakuriu
Nov 27 at 18:54




5




5




Define "risks." Are you worried about it being potentially stolen? Counterfeited? Loaded with spyware? Packed with C4 to assassinate you?
– HopelessN00b
Nov 27 at 19:21




Define "risks." Are you worried about it being potentially stolen? Counterfeited? Loaded with spyware? Packed with C4 to assassinate you?
– HopelessN00b
Nov 27 at 19:21










5 Answers
5






active

oldest

votes

















up vote
95
down vote



accepted










It all boils down to which kinds of threats you want to migitate against - a determined attacker has many more options of leaving malware on your computer than just your hard drive, but it's getting increasingly complex to do so. If you're a rocket scientist working on the newest version of ICBMs you have more to fear than a college student who uses their computer for a few class assignments and some of the newest games (but in the rocket scientist's case, you won't be allowed to use self-bought used computers anyway).



Also, it depends a bit on how competent a presumed non-malicious previous owner was in protecting against malware.



And of course, "wipe clean" can mean anything from "deleting personal files, then emptying the wastebasket" to "reinstall the OS" to "completely overwrite the disks with random data/zeroes, then do an install from scratch".



The typical threats you should migitate against are random malware infections that the previous owner caught somehow. Wiping the disks clean, then reinstalling the OS should be enough to get rid of those.



Some computers, mainly laptops, come with a "recovery partition" that allows you to quickly reset the computer to factory condition; I wouldn't use that. First, because a virus might have altered the install files as well to survive a reinstallation; second, these recovery partitions often come with a lot of crapware which the manufacturer installs because they're paid a few dollars by the crapware maker. Better download an installation DVD/USB medium from Microsoft/Ubuntu/whichever OS you're using, and do a fresh install from that.



Besides that, there's many more locations that could have malware, but it's unlikely to find them on your used computer unless you are specifially targeted.




  • The computer BIOS might be altered to do stuff even before booting, for example, it could have a keylogger trying to steal your passwords, or even keep a few cores of your CPU busy mining bitcoin for the previous owner. It can't hurt to check the manufacturer's website for the newest BIOS update, and flashing the newest version of it, even if that's the version you already (seem to) have. This is already quite paranoid, but still something you can do in a few minutes so doing it won't hurt you much.


  • The hard drive firmware itself could be altered. Someone published a proof-of-concept a few years ago who installed Linux on the hard drive - no, the computer didn't run Linux; the hard drive itself ran Linux, ignoring the fact that it was supposed to be a hard drive (see http://spritesmods.com/?art=hddhack - on page 6, he adds a backdoor by replacing the root password hash with a known one every time the disk reads /etc/shadow, and on page 7, he boots a linux kernel on the disk itself).


  • The CPU microcode itself could be altered to do .. stuff, including ignoring any further microcode updates. Unlikely that this could be done without cooperation from Intel, but still a possibility if the NSA is trying to target you. (However, if the NSA were targeting you, "hope he'll buy the spiked used computer we put on ebay for him" wouldn't be their primary strategy, I assume).



So, if you're just a random guy, wiping the hard disks and doing an OS reinstall from scratch provides good protection against the kinds of threats you can reasonably expect.
However, if you have any reason to assume someone is actively targeting you - this includes MDs keeping patient data on their computers, credit card processors, ... - "Just don't buy used computers" is the first thing in a long chain of measures you need to take.






share|improve this answer



















  • 46




    Good answer. One nitpick: Even if you assume you are actively targeted, I don't see how it would matter whether the computer is used - it would matter whether the attacker knows in advance what you are buying, giving them time to interfere - you can manipulate a new computer just as easily as a used one.
    – sleske
    Nov 26 at 12:15










  • Comments are not for extended discussion; this conversation has been moved to chat.
    – Rory Alsop
    yesterday










  • However, "intercept the used computer he already bought on ebay" is definitely the sort of thing the NSA might do.
    – OrangeDog
    yesterday


















up vote
12
down vote













Since you are buying a used server, I assume that you aren’t the target of a nation state’s intelligence services, and that you aren’t being targeted with implanted hardware spying modules. All you really need to do is make sure the disk is free of malware.



Load DBAN onto bootable removable media, then boot the server with it and use it to wipe the disks. That's will get them as clean as you can, without delving deeply into the internals of disk storage.






share|improve this answer



















  • 11




    Might as well just junk the hard drive they give you and just install an OS on a different one. Hard drives are fairly cheap.
    – pboss3010
    Nov 26 at 12:26






  • 1




    The hard drive is only one component of the computer...albeit the easiest place for an attack (and easiest to defend).
    – usul
    Nov 26 at 14:30






  • 1




    DBAN may not be enough. BIOS can also be a problem.
    – user1820553
    Nov 26 at 19:24






  • 2




    @kelalaka , BIOS infections are not typically something that some guy buying a used server to run in his basement is likely to encounter. If he is running a Fortune 500 company, he’s probably not buying used gear off eBay.
    – John Deters
    Nov 26 at 20:56






  • 2




    @KellyBang In which case once the PC goes to you it will no longer be of any interest to the threat actor and if we're talking this sophisticated in terms of spyware they'll have filters to just not act on whatever the PC is then spying on. Also, organizations such as that aren't in the habit of selling off old hardware, most of them properly physically destroy hardware with a crusher for fear of data theft.
    – Magisch
    2 days ago




















up vote
8
down vote













Well, depends on how you define secure. Are you being actively targeted by a large organization, such as a conglomerate or a government? Or just scared of criminals taking over your webcam to take photos?



If you are in the first group, congratulations! Assume all electronic devices you use tainted. There's so many ways that these organizations can spy on you without your knowledge, whether it's hardware based or software based. Most electronic devices sold today do not come with a board schematic - you have no way to verify if there isn't an extra component added, such as a keylogger, recording your activity.



On the other hand, if you are just a regular guy with nothing sensitive, I wouldn't worry too much. A simple wipe of the hard drive and a reinstall of whatever operating system you prefer would suffice. Maybe reflash the BIOS if you're really, really paranoid.






share|improve this answer




























    up vote
    2
    down vote













    It is pretty simple really, replace the hard drive, update the bios and use bitlocker or other encryption software to lock the drive once you install the OS.






    share|improve this answer








    New contributor




    aaronzook is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.














    • 1




      Whether that's sufficient or not is entirely dependent on the threat model. What if there's a wireless keylogger in the hardware itself?
      – Sneftel
      yesterday


















    up vote
    0
    down vote













    The only way I can suggest ensuring said device is clean, if you're that concerned, don't buy it.



    I typically will buy refurbished. Why pay top dollar for something that is already outdated the same week it his the sale floor? And with replacement parts such as hard drives getting insanely cheaper just copy down the OEM tag if it's a Microsoft Windows or whatever you need from the OS, transfer it to the new hard drive and good as new.



    You could also encrypt and zero the sectors so that if something should happen, like your son or daughter as secretly hacking to change their grades, get busted and the drive confiscated, and unknown to you that the previous owners were hackers but instead of having grades, were robbing banks for Bitcoin...you and your kid don't get hit with charges.






    share|improve this answer










    New contributor




    Syntaxxx Err0r is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.














    • 8




      At first I couldn't see how this answered the question. Now I see that it does, sort of, but it's not very clear. Re risks, you name the (astronomically unlikely) risk of getting hit with charges if the drive is confiscated for your kids' grade hacking and evidence of bank robbery by the previous owner is uncovered. Re mitigation, your answer is to "encrypt and zero the sectors." Okay, got it.
      – Wildcard
      Nov 26 at 22:37










    protected by Community yesterday



    Thank you for your interest in this question.
    Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).



    Would you like to answer one of these unanswered questions instead?














    5 Answers
    5






    active

    oldest

    votes








    5 Answers
    5






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    95
    down vote



    accepted










    It all boils down to which kinds of threats you want to migitate against - a determined attacker has many more options of leaving malware on your computer than just your hard drive, but it's getting increasingly complex to do so. If you're a rocket scientist working on the newest version of ICBMs you have more to fear than a college student who uses their computer for a few class assignments and some of the newest games (but in the rocket scientist's case, you won't be allowed to use self-bought used computers anyway).



    Also, it depends a bit on how competent a presumed non-malicious previous owner was in protecting against malware.



    And of course, "wipe clean" can mean anything from "deleting personal files, then emptying the wastebasket" to "reinstall the OS" to "completely overwrite the disks with random data/zeroes, then do an install from scratch".



    The typical threats you should migitate against are random malware infections that the previous owner caught somehow. Wiping the disks clean, then reinstalling the OS should be enough to get rid of those.



    Some computers, mainly laptops, come with a "recovery partition" that allows you to quickly reset the computer to factory condition; I wouldn't use that. First, because a virus might have altered the install files as well to survive a reinstallation; second, these recovery partitions often come with a lot of crapware which the manufacturer installs because they're paid a few dollars by the crapware maker. Better download an installation DVD/USB medium from Microsoft/Ubuntu/whichever OS you're using, and do a fresh install from that.



    Besides that, there's many more locations that could have malware, but it's unlikely to find them on your used computer unless you are specifially targeted.




    • The computer BIOS might be altered to do stuff even before booting, for example, it could have a keylogger trying to steal your passwords, or even keep a few cores of your CPU busy mining bitcoin for the previous owner. It can't hurt to check the manufacturer's website for the newest BIOS update, and flashing the newest version of it, even if that's the version you already (seem to) have. This is already quite paranoid, but still something you can do in a few minutes so doing it won't hurt you much.


    • The hard drive firmware itself could be altered. Someone published a proof-of-concept a few years ago who installed Linux on the hard drive - no, the computer didn't run Linux; the hard drive itself ran Linux, ignoring the fact that it was supposed to be a hard drive (see http://spritesmods.com/?art=hddhack - on page 6, he adds a backdoor by replacing the root password hash with a known one every time the disk reads /etc/shadow, and on page 7, he boots a linux kernel on the disk itself).


    • The CPU microcode itself could be altered to do .. stuff, including ignoring any further microcode updates. Unlikely that this could be done without cooperation from Intel, but still a possibility if the NSA is trying to target you. (However, if the NSA were targeting you, "hope he'll buy the spiked used computer we put on ebay for him" wouldn't be their primary strategy, I assume).



    So, if you're just a random guy, wiping the hard disks and doing an OS reinstall from scratch provides good protection against the kinds of threats you can reasonably expect.
    However, if you have any reason to assume someone is actively targeting you - this includes MDs keeping patient data on their computers, credit card processors, ... - "Just don't buy used computers" is the first thing in a long chain of measures you need to take.






    share|improve this answer



















    • 46




      Good answer. One nitpick: Even if you assume you are actively targeted, I don't see how it would matter whether the computer is used - it would matter whether the attacker knows in advance what you are buying, giving them time to interfere - you can manipulate a new computer just as easily as a used one.
      – sleske
      Nov 26 at 12:15










    • Comments are not for extended discussion; this conversation has been moved to chat.
      – Rory Alsop
      yesterday










    • However, "intercept the used computer he already bought on ebay" is definitely the sort of thing the NSA might do.
      – OrangeDog
      yesterday















    up vote
    95
    down vote



    accepted










    It all boils down to which kinds of threats you want to migitate against - a determined attacker has many more options of leaving malware on your computer than just your hard drive, but it's getting increasingly complex to do so. If you're a rocket scientist working on the newest version of ICBMs you have more to fear than a college student who uses their computer for a few class assignments and some of the newest games (but in the rocket scientist's case, you won't be allowed to use self-bought used computers anyway).



    Also, it depends a bit on how competent a presumed non-malicious previous owner was in protecting against malware.



    And of course, "wipe clean" can mean anything from "deleting personal files, then emptying the wastebasket" to "reinstall the OS" to "completely overwrite the disks with random data/zeroes, then do an install from scratch".



    The typical threats you should migitate against are random malware infections that the previous owner caught somehow. Wiping the disks clean, then reinstalling the OS should be enough to get rid of those.



    Some computers, mainly laptops, come with a "recovery partition" that allows you to quickly reset the computer to factory condition; I wouldn't use that. First, because a virus might have altered the install files as well to survive a reinstallation; second, these recovery partitions often come with a lot of crapware which the manufacturer installs because they're paid a few dollars by the crapware maker. Better download an installation DVD/USB medium from Microsoft/Ubuntu/whichever OS you're using, and do a fresh install from that.



    Besides that, there's many more locations that could have malware, but it's unlikely to find them on your used computer unless you are specifially targeted.




    • The computer BIOS might be altered to do stuff even before booting, for example, it could have a keylogger trying to steal your passwords, or even keep a few cores of your CPU busy mining bitcoin for the previous owner. It can't hurt to check the manufacturer's website for the newest BIOS update, and flashing the newest version of it, even if that's the version you already (seem to) have. This is already quite paranoid, but still something you can do in a few minutes so doing it won't hurt you much.


    • The hard drive firmware itself could be altered. Someone published a proof-of-concept a few years ago who installed Linux on the hard drive - no, the computer didn't run Linux; the hard drive itself ran Linux, ignoring the fact that it was supposed to be a hard drive (see http://spritesmods.com/?art=hddhack - on page 6, he adds a backdoor by replacing the root password hash with a known one every time the disk reads /etc/shadow, and on page 7, he boots a linux kernel on the disk itself).


    • The CPU microcode itself could be altered to do .. stuff, including ignoring any further microcode updates. Unlikely that this could be done without cooperation from Intel, but still a possibility if the NSA is trying to target you. (However, if the NSA were targeting you, "hope he'll buy the spiked used computer we put on ebay for him" wouldn't be their primary strategy, I assume).



    So, if you're just a random guy, wiping the hard disks and doing an OS reinstall from scratch provides good protection against the kinds of threats you can reasonably expect.
    However, if you have any reason to assume someone is actively targeting you - this includes MDs keeping patient data on their computers, credit card processors, ... - "Just don't buy used computers" is the first thing in a long chain of measures you need to take.






    share|improve this answer



















    • 46




      Good answer. One nitpick: Even if you assume you are actively targeted, I don't see how it would matter whether the computer is used - it would matter whether the attacker knows in advance what you are buying, giving them time to interfere - you can manipulate a new computer just as easily as a used one.
      – sleske
      Nov 26 at 12:15










    • Comments are not for extended discussion; this conversation has been moved to chat.
      – Rory Alsop
      yesterday










    • However, "intercept the used computer he already bought on ebay" is definitely the sort of thing the NSA might do.
      – OrangeDog
      yesterday













    up vote
    95
    down vote



    accepted







    up vote
    95
    down vote



    accepted






    It all boils down to which kinds of threats you want to migitate against - a determined attacker has many more options of leaving malware on your computer than just your hard drive, but it's getting increasingly complex to do so. If you're a rocket scientist working on the newest version of ICBMs you have more to fear than a college student who uses their computer for a few class assignments and some of the newest games (but in the rocket scientist's case, you won't be allowed to use self-bought used computers anyway).



    Also, it depends a bit on how competent a presumed non-malicious previous owner was in protecting against malware.



    And of course, "wipe clean" can mean anything from "deleting personal files, then emptying the wastebasket" to "reinstall the OS" to "completely overwrite the disks with random data/zeroes, then do an install from scratch".



    The typical threats you should migitate against are random malware infections that the previous owner caught somehow. Wiping the disks clean, then reinstalling the OS should be enough to get rid of those.



    Some computers, mainly laptops, come with a "recovery partition" that allows you to quickly reset the computer to factory condition; I wouldn't use that. First, because a virus might have altered the install files as well to survive a reinstallation; second, these recovery partitions often come with a lot of crapware which the manufacturer installs because they're paid a few dollars by the crapware maker. Better download an installation DVD/USB medium from Microsoft/Ubuntu/whichever OS you're using, and do a fresh install from that.



    Besides that, there's many more locations that could have malware, but it's unlikely to find them on your used computer unless you are specifially targeted.




    • The computer BIOS might be altered to do stuff even before booting, for example, it could have a keylogger trying to steal your passwords, or even keep a few cores of your CPU busy mining bitcoin for the previous owner. It can't hurt to check the manufacturer's website for the newest BIOS update, and flashing the newest version of it, even if that's the version you already (seem to) have. This is already quite paranoid, but still something you can do in a few minutes so doing it won't hurt you much.


    • The hard drive firmware itself could be altered. Someone published a proof-of-concept a few years ago who installed Linux on the hard drive - no, the computer didn't run Linux; the hard drive itself ran Linux, ignoring the fact that it was supposed to be a hard drive (see http://spritesmods.com/?art=hddhack - on page 6, he adds a backdoor by replacing the root password hash with a known one every time the disk reads /etc/shadow, and on page 7, he boots a linux kernel on the disk itself).


    • The CPU microcode itself could be altered to do .. stuff, including ignoring any further microcode updates. Unlikely that this could be done without cooperation from Intel, but still a possibility if the NSA is trying to target you. (However, if the NSA were targeting you, "hope he'll buy the spiked used computer we put on ebay for him" wouldn't be their primary strategy, I assume).



    So, if you're just a random guy, wiping the hard disks and doing an OS reinstall from scratch provides good protection against the kinds of threats you can reasonably expect.
    However, if you have any reason to assume someone is actively targeting you - this includes MDs keeping patient data on their computers, credit card processors, ... - "Just don't buy used computers" is the first thing in a long chain of measures you need to take.






    share|improve this answer














    It all boils down to which kinds of threats you want to migitate against - a determined attacker has many more options of leaving malware on your computer than just your hard drive, but it's getting increasingly complex to do so. If you're a rocket scientist working on the newest version of ICBMs you have more to fear than a college student who uses their computer for a few class assignments and some of the newest games (but in the rocket scientist's case, you won't be allowed to use self-bought used computers anyway).



    Also, it depends a bit on how competent a presumed non-malicious previous owner was in protecting against malware.



    And of course, "wipe clean" can mean anything from "deleting personal files, then emptying the wastebasket" to "reinstall the OS" to "completely overwrite the disks with random data/zeroes, then do an install from scratch".



    The typical threats you should migitate against are random malware infections that the previous owner caught somehow. Wiping the disks clean, then reinstalling the OS should be enough to get rid of those.



    Some computers, mainly laptops, come with a "recovery partition" that allows you to quickly reset the computer to factory condition; I wouldn't use that. First, because a virus might have altered the install files as well to survive a reinstallation; second, these recovery partitions often come with a lot of crapware which the manufacturer installs because they're paid a few dollars by the crapware maker. Better download an installation DVD/USB medium from Microsoft/Ubuntu/whichever OS you're using, and do a fresh install from that.



    Besides that, there's many more locations that could have malware, but it's unlikely to find them on your used computer unless you are specifially targeted.




    • The computer BIOS might be altered to do stuff even before booting, for example, it could have a keylogger trying to steal your passwords, or even keep a few cores of your CPU busy mining bitcoin for the previous owner. It can't hurt to check the manufacturer's website for the newest BIOS update, and flashing the newest version of it, even if that's the version you already (seem to) have. This is already quite paranoid, but still something you can do in a few minutes so doing it won't hurt you much.


    • The hard drive firmware itself could be altered. Someone published a proof-of-concept a few years ago who installed Linux on the hard drive - no, the computer didn't run Linux; the hard drive itself ran Linux, ignoring the fact that it was supposed to be a hard drive (see http://spritesmods.com/?art=hddhack - on page 6, he adds a backdoor by replacing the root password hash with a known one every time the disk reads /etc/shadow, and on page 7, he boots a linux kernel on the disk itself).


    • The CPU microcode itself could be altered to do .. stuff, including ignoring any further microcode updates. Unlikely that this could be done without cooperation from Intel, but still a possibility if the NSA is trying to target you. (However, if the NSA were targeting you, "hope he'll buy the spiked used computer we put on ebay for him" wouldn't be their primary strategy, I assume).



    So, if you're just a random guy, wiping the hard disks and doing an OS reinstall from scratch provides good protection against the kinds of threats you can reasonably expect.
    However, if you have any reason to assume someone is actively targeting you - this includes MDs keeping patient data on their computers, credit card processors, ... - "Just don't buy used computers" is the first thing in a long chain of measures you need to take.







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited 19 hours ago

























    answered Nov 26 at 10:56









    Guntram Blohm

    1,309710




    1,309710








    • 46




      Good answer. One nitpick: Even if you assume you are actively targeted, I don't see how it would matter whether the computer is used - it would matter whether the attacker knows in advance what you are buying, giving them time to interfere - you can manipulate a new computer just as easily as a used one.
      – sleske
      Nov 26 at 12:15










    • Comments are not for extended discussion; this conversation has been moved to chat.
      – Rory Alsop
      yesterday










    • However, "intercept the used computer he already bought on ebay" is definitely the sort of thing the NSA might do.
      – OrangeDog
      yesterday














    • 46




      Good answer. One nitpick: Even if you assume you are actively targeted, I don't see how it would matter whether the computer is used - it would matter whether the attacker knows in advance what you are buying, giving them time to interfere - you can manipulate a new computer just as easily as a used one.
      – sleske
      Nov 26 at 12:15










    • Comments are not for extended discussion; this conversation has been moved to chat.
      – Rory Alsop
      yesterday










    • However, "intercept the used computer he already bought on ebay" is definitely the sort of thing the NSA might do.
      – OrangeDog
      yesterday








    46




    46




    Good answer. One nitpick: Even if you assume you are actively targeted, I don't see how it would matter whether the computer is used - it would matter whether the attacker knows in advance what you are buying, giving them time to interfere - you can manipulate a new computer just as easily as a used one.
    – sleske
    Nov 26 at 12:15




    Good answer. One nitpick: Even if you assume you are actively targeted, I don't see how it would matter whether the computer is used - it would matter whether the attacker knows in advance what you are buying, giving them time to interfere - you can manipulate a new computer just as easily as a used one.
    – sleske
    Nov 26 at 12:15












    Comments are not for extended discussion; this conversation has been moved to chat.
    – Rory Alsop
    yesterday




    Comments are not for extended discussion; this conversation has been moved to chat.
    – Rory Alsop
    yesterday












    However, "intercept the used computer he already bought on ebay" is definitely the sort of thing the NSA might do.
    – OrangeDog
    yesterday




    However, "intercept the used computer he already bought on ebay" is definitely the sort of thing the NSA might do.
    – OrangeDog
    yesterday












    up vote
    12
    down vote













    Since you are buying a used server, I assume that you aren’t the target of a nation state’s intelligence services, and that you aren’t being targeted with implanted hardware spying modules. All you really need to do is make sure the disk is free of malware.



    Load DBAN onto bootable removable media, then boot the server with it and use it to wipe the disks. That's will get them as clean as you can, without delving deeply into the internals of disk storage.






    share|improve this answer



















    • 11




      Might as well just junk the hard drive they give you and just install an OS on a different one. Hard drives are fairly cheap.
      – pboss3010
      Nov 26 at 12:26






    • 1




      The hard drive is only one component of the computer...albeit the easiest place for an attack (and easiest to defend).
      – usul
      Nov 26 at 14:30






    • 1




      DBAN may not be enough. BIOS can also be a problem.
      – user1820553
      Nov 26 at 19:24






    • 2




      @kelalaka , BIOS infections are not typically something that some guy buying a used server to run in his basement is likely to encounter. If he is running a Fortune 500 company, he’s probably not buying used gear off eBay.
      – John Deters
      Nov 26 at 20:56






    • 2




      @KellyBang In which case once the PC goes to you it will no longer be of any interest to the threat actor and if we're talking this sophisticated in terms of spyware they'll have filters to just not act on whatever the PC is then spying on. Also, organizations such as that aren't in the habit of selling off old hardware, most of them properly physically destroy hardware with a crusher for fear of data theft.
      – Magisch
      2 days ago

















    up vote
    12
    down vote













    Since you are buying a used server, I assume that you aren’t the target of a nation state’s intelligence services, and that you aren’t being targeted with implanted hardware spying modules. All you really need to do is make sure the disk is free of malware.



    Load DBAN onto bootable removable media, then boot the server with it and use it to wipe the disks. That's will get them as clean as you can, without delving deeply into the internals of disk storage.






    share|improve this answer



















    • 11




      Might as well just junk the hard drive they give you and just install an OS on a different one. Hard drives are fairly cheap.
      – pboss3010
      Nov 26 at 12:26






    • 1




      The hard drive is only one component of the computer...albeit the easiest place for an attack (and easiest to defend).
      – usul
      Nov 26 at 14:30






    • 1




      DBAN may not be enough. BIOS can also be a problem.
      – user1820553
      Nov 26 at 19:24






    • 2




      @kelalaka , BIOS infections are not typically something that some guy buying a used server to run in his basement is likely to encounter. If he is running a Fortune 500 company, he’s probably not buying used gear off eBay.
      – John Deters
      Nov 26 at 20:56






    • 2




      @KellyBang In which case once the PC goes to you it will no longer be of any interest to the threat actor and if we're talking this sophisticated in terms of spyware they'll have filters to just not act on whatever the PC is then spying on. Also, organizations such as that aren't in the habit of selling off old hardware, most of them properly physically destroy hardware with a crusher for fear of data theft.
      – Magisch
      2 days ago















    up vote
    12
    down vote










    up vote
    12
    down vote









    Since you are buying a used server, I assume that you aren’t the target of a nation state’s intelligence services, and that you aren’t being targeted with implanted hardware spying modules. All you really need to do is make sure the disk is free of malware.



    Load DBAN onto bootable removable media, then boot the server with it and use it to wipe the disks. That's will get them as clean as you can, without delving deeply into the internals of disk storage.






    share|improve this answer














    Since you are buying a used server, I assume that you aren’t the target of a nation state’s intelligence services, and that you aren’t being targeted with implanted hardware spying modules. All you really need to do is make sure the disk is free of malware.



    Load DBAN onto bootable removable media, then boot the server with it and use it to wipe the disks. That's will get them as clean as you can, without delving deeply into the internals of disk storage.







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Nov 26 at 15:14

























    answered Nov 26 at 4:54









    John Deters

    26k24087




    26k24087








    • 11




      Might as well just junk the hard drive they give you and just install an OS on a different one. Hard drives are fairly cheap.
      – pboss3010
      Nov 26 at 12:26






    • 1




      The hard drive is only one component of the computer...albeit the easiest place for an attack (and easiest to defend).
      – usul
      Nov 26 at 14:30






    • 1




      DBAN may not be enough. BIOS can also be a problem.
      – user1820553
      Nov 26 at 19:24






    • 2




      @kelalaka , BIOS infections are not typically something that some guy buying a used server to run in his basement is likely to encounter. If he is running a Fortune 500 company, he’s probably not buying used gear off eBay.
      – John Deters
      Nov 26 at 20:56






    • 2




      @KellyBang In which case once the PC goes to you it will no longer be of any interest to the threat actor and if we're talking this sophisticated in terms of spyware they'll have filters to just not act on whatever the PC is then spying on. Also, organizations such as that aren't in the habit of selling off old hardware, most of them properly physically destroy hardware with a crusher for fear of data theft.
      – Magisch
      2 days ago
















    • 11




      Might as well just junk the hard drive they give you and just install an OS on a different one. Hard drives are fairly cheap.
      – pboss3010
      Nov 26 at 12:26






    • 1




      The hard drive is only one component of the computer...albeit the easiest place for an attack (and easiest to defend).
      – usul
      Nov 26 at 14:30






    • 1




      DBAN may not be enough. BIOS can also be a problem.
      – user1820553
      Nov 26 at 19:24






    • 2




      @kelalaka , BIOS infections are not typically something that some guy buying a used server to run in his basement is likely to encounter. If he is running a Fortune 500 company, he’s probably not buying used gear off eBay.
      – John Deters
      Nov 26 at 20:56






    • 2




      @KellyBang In which case once the PC goes to you it will no longer be of any interest to the threat actor and if we're talking this sophisticated in terms of spyware they'll have filters to just not act on whatever the PC is then spying on. Also, organizations such as that aren't in the habit of selling off old hardware, most of them properly physically destroy hardware with a crusher for fear of data theft.
      – Magisch
      2 days ago










    11




    11




    Might as well just junk the hard drive they give you and just install an OS on a different one. Hard drives are fairly cheap.
    – pboss3010
    Nov 26 at 12:26




    Might as well just junk the hard drive they give you and just install an OS on a different one. Hard drives are fairly cheap.
    – pboss3010
    Nov 26 at 12:26




    1




    1




    The hard drive is only one component of the computer...albeit the easiest place for an attack (and easiest to defend).
    – usul
    Nov 26 at 14:30




    The hard drive is only one component of the computer...albeit the easiest place for an attack (and easiest to defend).
    – usul
    Nov 26 at 14:30




    1




    1




    DBAN may not be enough. BIOS can also be a problem.
    – user1820553
    Nov 26 at 19:24




    DBAN may not be enough. BIOS can also be a problem.
    – user1820553
    Nov 26 at 19:24




    2




    2




    @kelalaka , BIOS infections are not typically something that some guy buying a used server to run in his basement is likely to encounter. If he is running a Fortune 500 company, he’s probably not buying used gear off eBay.
    – John Deters
    Nov 26 at 20:56




    @kelalaka , BIOS infections are not typically something that some guy buying a used server to run in his basement is likely to encounter. If he is running a Fortune 500 company, he’s probably not buying used gear off eBay.
    – John Deters
    Nov 26 at 20:56




    2




    2




    @KellyBang In which case once the PC goes to you it will no longer be of any interest to the threat actor and if we're talking this sophisticated in terms of spyware they'll have filters to just not act on whatever the PC is then spying on. Also, organizations such as that aren't in the habit of selling off old hardware, most of them properly physically destroy hardware with a crusher for fear of data theft.
    – Magisch
    2 days ago






    @KellyBang In which case once the PC goes to you it will no longer be of any interest to the threat actor and if we're talking this sophisticated in terms of spyware they'll have filters to just not act on whatever the PC is then spying on. Also, organizations such as that aren't in the habit of selling off old hardware, most of them properly physically destroy hardware with a crusher for fear of data theft.
    – Magisch
    2 days ago












    up vote
    8
    down vote













    Well, depends on how you define secure. Are you being actively targeted by a large organization, such as a conglomerate or a government? Or just scared of criminals taking over your webcam to take photos?



    If you are in the first group, congratulations! Assume all electronic devices you use tainted. There's so many ways that these organizations can spy on you without your knowledge, whether it's hardware based or software based. Most electronic devices sold today do not come with a board schematic - you have no way to verify if there isn't an extra component added, such as a keylogger, recording your activity.



    On the other hand, if you are just a regular guy with nothing sensitive, I wouldn't worry too much. A simple wipe of the hard drive and a reinstall of whatever operating system you prefer would suffice. Maybe reflash the BIOS if you're really, really paranoid.






    share|improve this answer

























      up vote
      8
      down vote













      Well, depends on how you define secure. Are you being actively targeted by a large organization, such as a conglomerate or a government? Or just scared of criminals taking over your webcam to take photos?



      If you are in the first group, congratulations! Assume all electronic devices you use tainted. There's so many ways that these organizations can spy on you without your knowledge, whether it's hardware based or software based. Most electronic devices sold today do not come with a board schematic - you have no way to verify if there isn't an extra component added, such as a keylogger, recording your activity.



      On the other hand, if you are just a regular guy with nothing sensitive, I wouldn't worry too much. A simple wipe of the hard drive and a reinstall of whatever operating system you prefer would suffice. Maybe reflash the BIOS if you're really, really paranoid.






      share|improve this answer























        up vote
        8
        down vote










        up vote
        8
        down vote









        Well, depends on how you define secure. Are you being actively targeted by a large organization, such as a conglomerate or a government? Or just scared of criminals taking over your webcam to take photos?



        If you are in the first group, congratulations! Assume all electronic devices you use tainted. There's so many ways that these organizations can spy on you without your knowledge, whether it's hardware based or software based. Most electronic devices sold today do not come with a board schematic - you have no way to verify if there isn't an extra component added, such as a keylogger, recording your activity.



        On the other hand, if you are just a regular guy with nothing sensitive, I wouldn't worry too much. A simple wipe of the hard drive and a reinstall of whatever operating system you prefer would suffice. Maybe reflash the BIOS if you're really, really paranoid.






        share|improve this answer












        Well, depends on how you define secure. Are you being actively targeted by a large organization, such as a conglomerate or a government? Or just scared of criminals taking over your webcam to take photos?



        If you are in the first group, congratulations! Assume all electronic devices you use tainted. There's so many ways that these organizations can spy on you without your knowledge, whether it's hardware based or software based. Most electronic devices sold today do not come with a board schematic - you have no way to verify if there isn't an extra component added, such as a keylogger, recording your activity.



        On the other hand, if you are just a regular guy with nothing sensitive, I wouldn't worry too much. A simple wipe of the hard drive and a reinstall of whatever operating system you prefer would suffice. Maybe reflash the BIOS if you're really, really paranoid.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 26 at 11:16









        ideaman924

        1034




        1034






















            up vote
            2
            down vote













            It is pretty simple really, replace the hard drive, update the bios and use bitlocker or other encryption software to lock the drive once you install the OS.






            share|improve this answer








            New contributor




            aaronzook is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.














            • 1




              Whether that's sufficient or not is entirely dependent on the threat model. What if there's a wireless keylogger in the hardware itself?
              – Sneftel
              yesterday















            up vote
            2
            down vote













            It is pretty simple really, replace the hard drive, update the bios and use bitlocker or other encryption software to lock the drive once you install the OS.






            share|improve this answer








            New contributor




            aaronzook is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.














            • 1




              Whether that's sufficient or not is entirely dependent on the threat model. What if there's a wireless keylogger in the hardware itself?
              – Sneftel
              yesterday













            up vote
            2
            down vote










            up vote
            2
            down vote









            It is pretty simple really, replace the hard drive, update the bios and use bitlocker or other encryption software to lock the drive once you install the OS.






            share|improve this answer








            New contributor




            aaronzook is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.









            It is pretty simple really, replace the hard drive, update the bios and use bitlocker or other encryption software to lock the drive once you install the OS.







            share|improve this answer








            New contributor




            aaronzook is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.









            share|improve this answer



            share|improve this answer






            New contributor




            aaronzook is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.









            answered Nov 27 at 13:34









            aaronzook

            288




            288




            New contributor




            aaronzook is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.





            New contributor





            aaronzook is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.






            aaronzook is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.








            • 1




              Whether that's sufficient or not is entirely dependent on the threat model. What if there's a wireless keylogger in the hardware itself?
              – Sneftel
              yesterday














            • 1




              Whether that's sufficient or not is entirely dependent on the threat model. What if there's a wireless keylogger in the hardware itself?
              – Sneftel
              yesterday








            1




            1




            Whether that's sufficient or not is entirely dependent on the threat model. What if there's a wireless keylogger in the hardware itself?
            – Sneftel
            yesterday




            Whether that's sufficient or not is entirely dependent on the threat model. What if there's a wireless keylogger in the hardware itself?
            – Sneftel
            yesterday










            up vote
            0
            down vote













            The only way I can suggest ensuring said device is clean, if you're that concerned, don't buy it.



            I typically will buy refurbished. Why pay top dollar for something that is already outdated the same week it his the sale floor? And with replacement parts such as hard drives getting insanely cheaper just copy down the OEM tag if it's a Microsoft Windows or whatever you need from the OS, transfer it to the new hard drive and good as new.



            You could also encrypt and zero the sectors so that if something should happen, like your son or daughter as secretly hacking to change their grades, get busted and the drive confiscated, and unknown to you that the previous owners were hackers but instead of having grades, were robbing banks for Bitcoin...you and your kid don't get hit with charges.






            share|improve this answer










            New contributor




            Syntaxxx Err0r is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.














            • 8




              At first I couldn't see how this answered the question. Now I see that it does, sort of, but it's not very clear. Re risks, you name the (astronomically unlikely) risk of getting hit with charges if the drive is confiscated for your kids' grade hacking and evidence of bank robbery by the previous owner is uncovered. Re mitigation, your answer is to "encrypt and zero the sectors." Okay, got it.
              – Wildcard
              Nov 26 at 22:37















            up vote
            0
            down vote













            The only way I can suggest ensuring said device is clean, if you're that concerned, don't buy it.



            I typically will buy refurbished. Why pay top dollar for something that is already outdated the same week it his the sale floor? And with replacement parts such as hard drives getting insanely cheaper just copy down the OEM tag if it's a Microsoft Windows or whatever you need from the OS, transfer it to the new hard drive and good as new.



            You could also encrypt and zero the sectors so that if something should happen, like your son or daughter as secretly hacking to change their grades, get busted and the drive confiscated, and unknown to you that the previous owners were hackers but instead of having grades, were robbing banks for Bitcoin...you and your kid don't get hit with charges.






            share|improve this answer










            New contributor




            Syntaxxx Err0r is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.














            • 8




              At first I couldn't see how this answered the question. Now I see that it does, sort of, but it's not very clear. Re risks, you name the (astronomically unlikely) risk of getting hit with charges if the drive is confiscated for your kids' grade hacking and evidence of bank robbery by the previous owner is uncovered. Re mitigation, your answer is to "encrypt and zero the sectors." Okay, got it.
              – Wildcard
              Nov 26 at 22:37













            up vote
            0
            down vote










            up vote
            0
            down vote









            The only way I can suggest ensuring said device is clean, if you're that concerned, don't buy it.



            I typically will buy refurbished. Why pay top dollar for something that is already outdated the same week it his the sale floor? And with replacement parts such as hard drives getting insanely cheaper just copy down the OEM tag if it's a Microsoft Windows or whatever you need from the OS, transfer it to the new hard drive and good as new.



            You could also encrypt and zero the sectors so that if something should happen, like your son or daughter as secretly hacking to change their grades, get busted and the drive confiscated, and unknown to you that the previous owners were hackers but instead of having grades, were robbing banks for Bitcoin...you and your kid don't get hit with charges.






            share|improve this answer










            New contributor




            Syntaxxx Err0r is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.









            The only way I can suggest ensuring said device is clean, if you're that concerned, don't buy it.



            I typically will buy refurbished. Why pay top dollar for something that is already outdated the same week it his the sale floor? And with replacement parts such as hard drives getting insanely cheaper just copy down the OEM tag if it's a Microsoft Windows or whatever you need from the OS, transfer it to the new hard drive and good as new.



            You could also encrypt and zero the sectors so that if something should happen, like your son or daughter as secretly hacking to change their grades, get busted and the drive confiscated, and unknown to you that the previous owners were hackers but instead of having grades, were robbing banks for Bitcoin...you and your kid don't get hit with charges.







            share|improve this answer










            New contributor




            Syntaxxx Err0r is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.









            share|improve this answer



            share|improve this answer








            edited Nov 26 at 19:10









            schroeder

            71.9k29156191




            71.9k29156191






            New contributor




            Syntaxxx Err0r is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.









            answered Nov 26 at 17:35









            Syntaxxx Err0r

            172




            172




            New contributor




            Syntaxxx Err0r is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.





            New contributor





            Syntaxxx Err0r is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.






            Syntaxxx Err0r is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.








            • 8




              At first I couldn't see how this answered the question. Now I see that it does, sort of, but it's not very clear. Re risks, you name the (astronomically unlikely) risk of getting hit with charges if the drive is confiscated for your kids' grade hacking and evidence of bank robbery by the previous owner is uncovered. Re mitigation, your answer is to "encrypt and zero the sectors." Okay, got it.
              – Wildcard
              Nov 26 at 22:37














            • 8




              At first I couldn't see how this answered the question. Now I see that it does, sort of, but it's not very clear. Re risks, you name the (astronomically unlikely) risk of getting hit with charges if the drive is confiscated for your kids' grade hacking and evidence of bank robbery by the previous owner is uncovered. Re mitigation, your answer is to "encrypt and zero the sectors." Okay, got it.
              – Wildcard
              Nov 26 at 22:37








            8




            8




            At first I couldn't see how this answered the question. Now I see that it does, sort of, but it's not very clear. Re risks, you name the (astronomically unlikely) risk of getting hit with charges if the drive is confiscated for your kids' grade hacking and evidence of bank robbery by the previous owner is uncovered. Re mitigation, your answer is to "encrypt and zero the sectors." Okay, got it.
            – Wildcard
            Nov 26 at 22:37




            At first I couldn't see how this answered the question. Now I see that it does, sort of, but it's not very clear. Re risks, you name the (astronomically unlikely) risk of getting hit with charges if the drive is confiscated for your kids' grade hacking and evidence of bank robbery by the previous owner is uncovered. Re mitigation, your answer is to "encrypt and zero the sectors." Okay, got it.
            – Wildcard
            Nov 26 at 22:37





            protected by Community yesterday



            Thank you for your interest in this question.
            Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).



            Would you like to answer one of these unanswered questions instead?



            Popular posts from this blog

            Plaza Victoria

            Puebla de Zaragoza

            Musa