Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Major Australian Retailer Accused of Selling Infected Hard Drives

samzenpus posted more than 2 years ago | from the what's-old-is-new dept.

Australia 128

skegg writes "Dick Smith, a major Australian electronics retailer, is being accused of regularly selling used hard drives as new. Particularly disturbing is the claim that at least one drive contained malware-infested pirated movies, causing the unlucky buyer significant data loss. Apparently the Fair Trading Commissioner will be conducting an investigation."

cancel ×

128 comments

Sorry! There are no comments related to the filter you selected.

Dick Smith (-1)

Anonymous Coward | more than 2 years ago | (#38469186)

He's a Dick.

Re:Dick Smith (4, Informative)

scdeimos (632778) | more than 2 years ago | (#38469412)

Actually, Dick Smith is a great guy. Dick Smith Electronics on the other hand has been owned by Woolworths for over 20 years now and is useless compared to its former glory.

Re:Dick Smith (1)

Anonymous Coward | more than 2 years ago | (#38469562)

This is why you don't make a company with your name in it :)

Re:Dick Smith (-1, Offtopic)

syousef (465911) | more than 2 years ago | (#38469612)

Actually, Dick Smith is a great guy. Dick Smith Electronics on the other hand has been owned by Woolworths for over 20 years now and is useless compared to its former glory.

Any guy who supports a CEO getting a >$1 Million day pay rise closing down the company the following day and inconveniencing travellers just pressure workers into accepting pay cuts or reduced below CPI pay rises doesn't qualify as great to me. Dick Smith is no better than Gerry Harvey. (I'm talking about Qantas for those who don't know).

Re:Dick Smith (2)

deniable (76198) | more than 2 years ago | (#38469894)

Dick Smith now, no Electronics. Their marketing head thought that meant fridges and things, so they changed the name. I went to the big across from work today and couldn't find a USB wall charger. I found one at the former Tandy further down the street. They've gone completely consumer and can't even handle that.

Standard Practice (5, Interesting)

acehole (174372) | more than 2 years ago | (#38469188)

Seems standard practice with a lot of stores. Someone takes something back because they don't want or need it for whatever reason, the shop will just shrinkwrap it up again and the next buyer is none the wiser. I'm surprised that it hasn't happened sooner.

On another note, so how exactly can a video file (pirated movie or not) be 'malware infested'?

Re:Standard Practice (2)

Bad Ad (729117) | more than 2 years ago | (#38469202)

Re:Standard Practice (3, Informative)

petes_PoV (912422) | more than 2 years ago | (#38469252)

From the first article your link points to:

If you accept the licence agreement, it then downloads malware to your PC.

So all the "malware infested" media does is get the unsuspecting (or credulous, it's a fine line) user to download their own malware. It's not the video that contains the bad software and you'd expect any AV software to pick up on this old, old (the article is dated 2006) attack vector.

Re:Standard Practice (1)

Bad Ad (729117) | more than 2 years ago | (#38469376)

Are you implying most users wouldn't click "OK" to download "something" required to play all the free movies they think they have just got?

And AV is going to pickup what exactly? the fact the DRM is sending you to a website? sorry, thats a legit use. If you are talking about the malware itself, then you should know it changes daily.

Re:Standard Practice (0)

Anonymous Coward | more than 2 years ago | (#38469386)

Which operating system has all of this malware and DRM?

Re:Standard Practice (0)

Anonymous Coward | more than 2 years ago | (#38470278)

From the first article your link points to:

If you accept the licence agreement, it then downloads malware to your PC.

So all the "malware infested" media does is get the unsuspecting (or credulous, it's a fine line) user to download their own malware. It's not the video that contains the bad software and you'd expect any AV software to pick up on this old, old (the article is dated 2006) attack vector.

Yep. Was trying to download a "White Christmas" wmv for Xmas family listening off eMule. Every single file was a redirect to a malware codec. Sheesh... not even Mr. Crosby's classic is safe!

Sasquatch and the Queen playing Beach Volleyball (1)

Dogtanian (588974) | more than 2 years ago | (#38470460)

Yep. Was trying to download a "White Christmas" wmv for Xmas family listening off eMule. Every single file was a redirect to a malware codec. Sheesh... not even Mr. Crosby's classic is safe!

Isn't that one of those cases where a malware peddler on P2P notes what you're searching for and returns lots of fake results "customised" to your search term that are all basically the same piece of malware if you try to download them?

For example, if you searched for "sasquatch and queen elizabeth ii playing beach volleyball" (i.e. the most unlikely term to get *any* match, let alone exact match), you'd get quite a number of "results" such as "sasquatch-and-queen-elizabeth-ii-playing-beach-volleyball.wmv"... which of course would be nothing of the sort!

Re:Sasquatch and the Queen playing Beach Volleybal (1)

SuricouRaven (1897204) | more than 2 years ago | (#38471226)

That's the usual situation with ed2k protocol servers. Get one of the mods that adds support for the Kad network, and use that - I've never had any such false-result spam when searching kad.

Re:Standard Practice (3, Informative)

Threni (635302) | more than 2 years ago | (#38469204)

The same way jpegs can be.

Re:Standard Practice (-1)

Anonymous Coward | more than 2 years ago | (#38469216)

What you want is a replica Gucci handbag
The early autumn weather very cool, a thin unlined upper garment will than other coat the intimate many, someone like euramerican style contracted style, someone like the pure color or large star of the fancy design, these are all very fashionable element, so long as understands some collocation, can let you in the law more comfortable, and don't bother to how listed so many clothes. Dark grey thin unlined upper garment and perspective effect how see is showing the sexy and mature flavor, so it is suitable for ripe female style. Some way is worth learning, whether take long skirt or trousers, inside the firm will have show high role. The colour of the upper body more low-key, if you pursue individuality, down vivid color pretty good also. The replica Gucci [luxuriesbrands.com] BOETIE PM is a nice handbag , this replica Gucci [luxuriesbrands.com] is made of natural cowhide leather , it is the feminine Botie PM handbag is ideal for everyday sophistication. Its soft pleats, Monogram canvas and elegant shape add a touch of glamour to any outfit. There are double handles for hand carry , this replica Louis Vuitton [luxuriesbrands.com] is deserve for you have one.

Re:Standard Practice (5, Informative)

KXeron (2391788) | more than 2 years ago | (#38469410)

The parent couldn't be more correct.

People discount regular data files as being malicious simply because they're not labelled executables. What they don't think is that those files are opened by executables. These executables are often trusted programs which makes this an even bigger threat to a system as the malicious code can run hidden under the legitimate process and do its work. There's anything from buffer overruns to file parsing mistakes in the programs that can open them up to become a conduit for abuse.

An example of this is Adobe Reader's countless exploits with the PDF file format.

Re:Standard Practice (3, Insightful)

Kjella (173770) | more than 2 years ago | (#38470058)

Which is also why SQL injection attacks exist, everything you send to the server is data. If you take that data and execute it as code, well duh you've just created an exploit. Never, ever trust anything coming from the user.

Re:Standard Practice (0)

Anonymous Coward | more than 2 years ago | (#38470562)

Explain that to the Lisp fanboys.

Re:Standard Practice (0)

Anonymous Coward | more than 2 years ago | (#38471372)

This is what is wrong with Slashdot right here, a half truth is marked 5/5. Only executable code that actually gets executed is vulnerable. If no executables supplied with the drive were run, no harm could be done. And movies and music cannot have malicious code in them.

Re:Standard Practice (1)

Dog-Cow (21281) | more than 2 years ago | (#38471526)

You are the most ignorant AC I've come across in quite some time.

Re:Standard Practice (4, Informative)

KXeron (2391788) | more than 2 years ago | (#38471724)

This is an incorrect assertion, an assertion my previous post debunked, but I suppose I'll re-explain:

You could have a drive full of PDFs, you could have it full of PNGs, whatever file format you'd like. You could mount the drive as noexec, however when it comes down to it, a trusted program (NOT ON THAT DRIVE) can interact with those files and since file formats can be complex AND since the programs opening them are also complex, there's a chance that the program will be vulnerable to a crafted file that tricks the program to do something that a "regular movie" or whatever wouldn't do and may not have been tested for.

If you've written a file parser of any kind, you'll see how complicated it gets in having your program code check the file for abnormalities before interacting with it. This complexity is a steep curve and all it takes is not checking an array boundary for your program to mistakenly leak data memory into its executable memory space.

The old addage plays correct here: Never trust user inputs.

Re:Standard Practice (0)

Anonymous Coward | more than 2 years ago | (#38469214)

Yes, there are some frayed ends in this story...

Re:Standard Practice (1)

Anonymous Coward | more than 2 years ago | (#38469222)

On another note, so how exactly can a video file (pirated movie or not) be 'malware infested'?

By containing code that exploitable video players load into memory, and somehow manages to change that info into an executable status, and then somehow executes the code. But that's only one possibility.

Re:Standard Practice (2, Informative)

Anonymous Coward | more than 2 years ago | (#38469240)

While not 'containing' the malware, some media files have a field that specifies where the codec for them can be downloaded, and some players respond to this by downloading and installing the 'codec'. Needless to say, the 'codec' installer contains the malware.

Re:Standard Practice (2)

citizenr (871508) | more than 2 years ago | (#38470858)

While not 'containing' the malware, some media files have a field that specifies where the codec for them can be downloaded, and some players respond to this by downloading and installing the 'codec'. Needless to say, the 'codec' installer contains the malware.

by some you mean WMV and Windows media player, NO OTHER files do that.

Re:Standard Practice (2)

Em Adespoton (792954) | more than 2 years ago | (#38473880)

While not 'containing' the malware, some media files have a field that specifies where the codec for them can be downloaded, and some players respond to this by downloading and installing the 'codec'. Needless to say, the 'codec' installer contains the malware.

by some you mean WMV and Windows media player, NO OTHER files do that.

True... if you get a dodgy MKV and open it up in VLC, it doesn't attempt to load a fake codec; it just uses exploits in VLC to gain VLC-level access to your system. You never have the option to back out before the malware is downloaded.

That doesn't really make MKV containers safer than WMV containers.

The big issue here is that a lot of people look at WMV/MKV/PDF/DOCX/etc. as "file formats". In fact, these are all "container formats" that interact with a specific API, and can contain multiple documents that conform to the container-document interface specifications.

This is why you can have AVC/H.264 video in a MP4, MOV, MKV, WMV, or AVI container (or for that matter, embedded in a PDF or DOCX file).

The actual data stream is usually harmless, but software tends to trust container files, and many exploits depend upon the executable blindly trusting the container to know what's best to do with the containing data -- even if that means either using the executable in a way it was never intended to be used, or by using it as a vector to privilege escalation under the host system (that is trusting the executable for some reason).

Things like Postscript, ASCII text, RTF, and PCM audio are data types... they tend to be bundled up inside containers like PDF, MS Office XML, WAV, etc, which can also contain scripts (javascript, perl, python, ruby, vbscript, etc), COM objects (meaning any other container can be embedded inside), and custom instruction sets.

Re:Standard Practice (4, Interesting)

hairyfeet (841228) | more than 2 years ago | (#38469406)

Basically any file type that can have a link to a webpage embedded, I believe both .MPG and .WMV are capable of this and a player that will launch the link without asking which WMP 9 was the last WMP I believe that would launch a weblink without asking but I'm sure there were others. Basically how it works is like this: You try to play infected video, video launches default browser to embedded website and then if the browser is unpatched or has any known vulnerabilities you get hit with a driveby. I used to see this trick often here at the shop in the era of fastrack and Limewire, people would look for the latest blockbuster and not think about formatting and get screwed.

As for TFA? Frankly don't surprise me as I've seen the same thing from Best Buy in my area which just reshrinkwraps returned items and will just put them back on the shelf. Funny part is I found out when a local preacher went there and bought an external drive and when first plugged into Windows it asked if he wanted it to play the videos. Well the old guy thought it must be some "Welcome to your new drive" kind of thing and launched it only to be looking at a gangbang vid. Needless to say he freaked and brought it to me thinking his PC must have been hacked!

Frankly anything these big box retailers do anymore really doesn't surprise me which is why i tell folks to ask around and see if the people that have bought from them before were happy. I'm happy to point any potential customers towards previous customers if they want to ask, because i'm proud of my work, but I've seen some of these places...wow is all I got to say. Hell i know so many horror stories from some of these places it ain't even funny, parts ending up "missing" from the PC when they took it to get cleaned, a PC going in for an OS upgrade only to come out with a cheaper graphics card than what it went in with, and stolen RAM is practically SOP in some places. Finally just like in TFA I've seen parts so obviously used sold to customers as new, hell some they didn't even bother blowing dust out the fan or like with the preacher even emptying the drive first.

So I hope they get seriously busted for this and get hit with MASSIVE fines, otherwise they'll just consider it the cost of doing business and continue. I just couldn't do it myself, I take pride in the things I sell and build and try to get the customer the best deal I can. If something is used I tell them upfront and tell them the price difference and let them decide. Of course all drives going through my place are wiped first!

Re:Standard Practice (3, Informative)

Kjella (173770) | more than 2 years ago | (#38469524)

Basically any file type that can have a link to a webpage embedded, I believe both .MPG and .WMV are capable of this

No, just WMV. But "intelligent" players like Windows Media Player would "helpfully" realize that a WMV file renamed to MPG, AVI etc. was actually a WMV file and play it as such anyway. There's no reason for a movie format to contain such a link, it's for DRM'd WMV files that are supposed to take you to a page explaining how to buy access to it. Whoever came up with that scheme was stupid and I don't know any other player than WMP that ever supported it, since it was 99.99% used for malware and 0.01% for legitimate uses.

Re:Standard Practice (0)

Anonymous Coward | more than 2 years ago | (#38470008)

It used to not even prompt back in the day, it just automatically opened the link. I don't understand why anybody would still use WMP though.

Re:Standard Practice (3, Informative)

Dogtanian (588974) | more than 2 years ago | (#38470472)

It used to not even prompt back in the day, it just automatically opened the link.

Perhaps that was only the case if you had the "download license automatically" checkbox ticked in the preferences? At any rate, you can turn this "helpful" feature off, and I always have. Though of course, this doesn't excuse MS's crappy implementation and presentation of a feature that most people won't realise is dangeous.

Re:Standard Practice (1)

Kjella (173770) | more than 2 years ago | (#38472002)

Perhaps that was only the case if you had the "download license automatically" checkbox ticked in the preferences?

At least in some version of WMP this was the default. This lead to pages like this [spyany.com] . It says so on the page too:

By default, Windows Media Player will attempt to acquire a license when you try to play the secure content if one was not issued to you by the content provider when you downloaded the content.

Re:Standard Practice (1)

hairyfeet (841228) | more than 2 years ago | (#38473430)

Problem was that was the default behavior on WMP 7-9. It doesn't do this anymore but you'd be surprised how many "XP Pirate Edition" boxes are out there with updates disabled so they don't get WGA'd.

Frankly I wouldn't be surprised if a good 70%+ of the zombies out there are pirate Windows, which is why i say MSFT's answer to piracy was brain dead. The correct move would have been to have a $50 special for Windows home which until they stupidly got rid of it Win 7 HP was replacing pirated Windows left and right thanks to the $50 price tag. MSFT needs to learn there is a price that above which the pirated version becomes a more attractive deal and I'd say that price is over $50 for Home.

Re:Standard Practice (1)

SuricouRaven (1897204) | more than 2 years ago | (#38471286)

That is obvious. WMP is the player that comes preinstalled on windows, and unless they have need for something else, that is the player most people will continue to use. Same reason IE remains so popular, and the reason Bing is the second-most-popular search engine for English-language searches.

You can insert some microsoft-bashing here if you want, but to be fair, every OS bundles a ton of helpful programs now for web-browsing and media-playing.

Re:Standard Practice (1)

mcgrew (92797) | more than 2 years ago | (#38474064)

Whoever came up with that scheme was stupid and I don't know any other player than WMP that ever supported it, since it was 99.99% used for malware and 0.01% for legitimate uses.

It had legitimate uses???

The same problem exists with WiMP and MP3s. MP3s don't support DRM, WMAs do. So you can imbed a trojan link in the WMA file, rename it MP3, and WiMP will play the song AND the malware. Like you say, no other media player does that, and I see no legit use for it EXCEPT malware.

Maybe Norton or McAfee paid MS for this "feature". It sure makes their software more necessary!

Re:Standard Practice (3, Interesting)

mlts (1038732) | more than 2 years ago | (#38472192)

I don't know if they will get with fines (most of the time, playing the three monkey game will be enough to avoid civil/criminal charges.)

However, this is a lesson to everyone: After buying any new storage media, completely erase it first. This is something I try to keep the habit of doing, be it a USB flash drive, a SD card for my phone, external hard disks, or an internal HDD of a new PC.

The best utility, hands down, is HDDErase because it tells the drive controller to do the dirty work and erase everything, including the host protected area, sector relocation table, etc. I then follow it up by a DBAN, or at least a dd if=/dev/zero of=/dev/sdwhatever. If one can't do an ATA erase, then zeroing it out with a couple passes is the next best thing.

If only on Windows, encrypting the disk with BitLocker, then running the format command will help. The format command in Vista and newer checks to see if the previous data was a BitLocker volume, and if so, scrub away the remnants of the old volume keys. You can use TrueCrypt and create a dummy volume for the same result.

I erase data before using a drive for three reasons:

First, to exercise the drive and all accessible sectors, so the drive relocates marginal stuff immediately. In the old days, you could periodically low level format a HDD which would shrink the drive's capacity, but extend the life of the drive by cleaning out the relocation table and making it ready for handling new defects encountered. However, new drives don't have this, so the next best thing is to test all sectors before use.

Second, there have been cases of people facing criminal and civil charges for data on their storage media that wasn't theirs... it came with the device. Whether this is true or not can be debated, but it is best to not let it happen in the first place.

Third, there is always the chance of malware be installed somewhere along the supply chain. By completely zeroing it out from the MBR to the last sectors, this threat is mitigated for the most part.

This also shows another sad fact. There are a number of "computer repair" places that are pretty shady. I'm sure most readers of /. can likely do better than a lot of repair joints.

Re:Standard Practice (2)

thegarbz (1787294) | more than 2 years ago | (#38469518)

It's not standard practice by most retailers, just a few dodgy ones and quite frowned upon by the ACCC. JB Hi-Fi have been caught [accc.gov.au] doing it with mobile phones.

Re:Standard Practice (0)

Anonymous Coward | more than 2 years ago | (#38469640)

External/hotswappable interface, autorun. But I'm still sceptical.

Re:Standard Practice (0)

Anonymous Coward | more than 2 years ago | (#38470240)

You're clueless. Any file that is opened by an application can contain malware. The application has a bug that can be exploited, the file being opened has been specially crafted to exploit this flaw in the application. When said application opens the file, the exploit happens, malware is active. Job done.

It make not happen in most cases because the exploit in the file isn't being opened by the desired application, but with enough people using the file (as in pirated material), sooner or later it'll be triggered.

An example of this is an early PS3 hack attempt which was based around it not handling jpegs properly, Sony had used an old jpglib in their GameOS. The flaw had hit many other applications in the PC world but was caught a long time ago.

Re:Standard Practice (0)

Anonymous Coward | more than 2 years ago | (#38470814)

I bought a hard drive from UMART in Brisbane that wasn't new.

Re:Standard Practice (0)

Anonymous Coward | more than 2 years ago | (#38471540)

wow. are you completely unfamiliar with malware?

Apparent Reason (0)

Anonymous Coward | more than 2 years ago | (#38469190)

Apparently they were mislabelled when they were returned, although, second hand stock is kinda obvious when the packaging is worn...

Nothing new (5, Interesting)

StefanWiesendanger (687733) | more than 2 years ago | (#38469224)

I once bought various "new" components from a shop here in Switzerland and after assembling my PC, I was surprised that it booted up with Windows without me installing anything yet... it even contained some PGP keys of the company how bought the disks before me and returned them (and yes, of course I got in contact with them and told them). Well, it had the nice effect for me that in the end I got all the components for free ;-)

Re:Nothing new (1)

mwvdlee (775178) | more than 2 years ago | (#38469310)

Which company would return harddisks without properly erasing them first?
Obviously the shop that sold the parts as new isn't particularly bright, but the company who owned the disks prior has some significant security issues.

Re:Nothing new (1)

StefanWiesendanger (687733) | more than 2 years ago | (#38469368)

Yeah absolutely - especially since it was running Windows 98 or so (don't remember exactly, long time ago)... i.e. no proper file system security *and* they had PGP keys on that system...

What? (0)

Anonymous Coward | more than 2 years ago | (#38469234)

Selling used stuff as new aside for a second, "malware-infested pirated movies"?

I'm not that technical but how the hell does an AVI/MKV/MP4 carry malware? You mean some dipstick simply clicked on something that said "Pirates of the Carribean - Movie File" when in fact is was a exe? Well if you're stupid enough to get a supposedly new drive out of box, find a load of ripped off stuff on it and you don't think twice before clicking all over the place before returning it, then you really deserve all you get!

Re:What? (4, Informative)

Penguinshit (591885) | more than 2 years ago | (#38469292)

The summary is wrong. The article says that the drive "was filled with pirated movies and which, he suspects, contained malware that corrupted his work."

He is embellishing for the media or trying to claim the dog ate his homework (or dingo ate his baby? ).

Re:What? (5, Interesting)

Gavin Rogers (301715) | more than 2 years ago | (#38469370)

Selling used stuff as new aside for a second

Umm. No.

The media blowup is being fuelled by "I bought a hard disk and it had hard core porn on it!" sensationalism but seem to be ignoring this deeper issue -
Dick Smith Electronics, Harvey Norman, JB-HiFi and the rest have been getting away with it for years but the fact is selling used goods (no matter how good a condition it's in) as new is illegal.

They can ask the same price for it if the return is in great condition but they can't just seal it back up and pop it back on the shelf next to the new unopened boxes.

Techxperts? (1)

Turnerj (2478588) | more than 2 years ago | (#38469246)

Not really "Techxperts" anymore, can't even wipe a simple hard drive before reselling it >.>

wecome to best buy do you want a pre setup laptop? (0)

Anonymous Coward | more than 2 years ago | (#38472280)

and later do you want the extended warranty the TOP / lead tech says it really a good deal.

but the TOP tech only got to be one by selling the most plans and have no real tech knowledge.

Maybe not infected (3, Interesting)

MichaelSmith (789609) | more than 2 years ago | (#38469250)

I recall from the article that the disk was definitely second hand because it had a whole lot of movies on it (free!) but the guy who reported it to the media made a big song and dance about how the files "appeared corrupt" and "could have infected his system". None of which impresses me much. He could use a secure OS. Other retailers sell stuff which has been returned by customers. DSE should have formatted the disk, and they are at fault for that reason.

IIRC the reason he went to the media was that he is promoting an album or something and this was a golden opportunity to get his face and T shirt on TV.

Re:Maybe not infected (1)

Anonymous Coward | more than 2 years ago | (#38469350)

>DSE should have formatted the disk, and they are at fault for that reason.

Not quite.

The core problem is that DSE (and others) are passing off used returned goods as new. That's illegal.

Customers are finding out and it's become a media storm because they're finding the previous owner's stuff on the phone or hard disk.

Re:Maybe not infected (1)

rev0lt (1950662) | more than 2 years ago | (#38469354)

And what technical marvelous is that "secure OS" you mention?
You know, he could have just plugged the drive and tried to boot from it. A boot virus could easily wipe out every available drive before prompting a "system not found" error. You could even hide it on a brand-new formatted drive, since the bootsector is the first sector and usually the first cylinder (currently usually sectors 0-63) is reserved. How will your "secure OS" protect you against that?

Re:Maybe not infected (1)

MichaelSmith (789609) | more than 2 years ago | (#38469492)

he could have just plugged the drive and tried to boot from it.

He didn't. He was pissed because he tried to play a movie file and it didn't work.

Re:Maybe not infected (1)

rev0lt (1950662) | more than 2 years ago | (#38469676)

Yes I know he didn't. I was just mentioning how silly is the idea that a "secure OS" (whatever that means) or preformatting could prevent a this kind of things from happening.

Re:Maybe not infected (1)

MichaelSmith (789609) | more than 2 years ago | (#38469730)

Preformatting the device would erase any malware which might have been on it. A secure OS would prevent the installation of any malware infected files which it might load. Obviously the secure OS doesn't help you if it is not running.

Re:Maybe not infected (1)

rev0lt (1950662) | more than 2 years ago | (#38469960)

Actually, preformatting wouldn't necessarily erase malware from the boot sector, that would only be true if the bootsector were to be rewritten with clean data. And no OS is secure, security is not a trait, is a process. Of course some OS'es are more resilient than others, but that doesn't mean they are "secure".

Re:Maybe not infected (0)

Anonymous Coward | more than 2 years ago | (#38469592)

You should not set the system to boot from a new or used drive until after you have wiped the boot sector. Lets blame those who think they are actually techy enough to do the deed and really aren't. Is it wrong to sell an item as new when it is used? Yes. Is a product returned within 14 days not new? It's 14 freeken days old. New vs old is subjective. I say my car is new when I have been driving it for a while. Is a car from the dealer not new because it has 20 miles on it from being test driven for safety (not even driven off the lot)? If it says New & sealed or maybe unopened or similar I can follow the logic. But... If you pick up a package that is unsealed next to a sealed package in the store of the same product you have only yourself to blame.

Re:Maybe not infected (1)

fnj (64210) | more than 2 years ago | (#38471252)

No. Just no. It's not just "wrong" to sell a used item as new. It's I-L-L-E-G-A-L. Period. And that's what they did. New vs used is not subjective. If you sell an item and it comes back with the shrink wrap opened, whether an hour has gone by or a year, it has to be presumed "used". That's what honest, law-abiding businesses do. They don't put un-shrinkwrapped packages on the shelf without clearly marking them as used, and they certainly don't re-shrinkwrap them and pass them off as new. Not even if the customer who returns it pinky-promises he didn't install it or mishandle it.

Re:Maybe not infected (1)

fast turtle (1118037) | more than 2 years ago | (#38472036)

In this case, I don't care how old the damn part was. It was sold to someone else before I got it, therefore the Doctrine of First Sale no longer applies, thus the part is used not new.

Re:Maybe not infected (-1)

Anonymous Coward | more than 2 years ago | (#38469700)

What part of buying a hard drive from Dick Smiths doesn't instantly make you think "idiot" in the first place? they are typically twice the price anyway.

Also, I've known of .wmv files which when opened in windows media player instantly contact an outside source and start downloading code, which then installs spyware onto your system.

And, ontop of that, This is Australia we're talking about, Bogans are everywhere, they can barely drive let alone install a competent anti-virus.

rather easy going return policy. (1)

Anonymous Coward | more than 2 years ago | (#38469270)

Not to defend the stores' oversight, but this particular store, had a rather generous return policy of 14 days no questions asked pretty much. Therefore, many people where purchasing TV sets, cameras, and whatever other good they sold, to use over a sport final weekend, or holiday, then return the item for a full refund. No intention of actually keeping the good they purchased.

Re:rather easy going return policy. (0)

Anonymous Coward | more than 2 years ago | (#38469622)

"Had" being the operative word, at least here in New Zealand DSE have dropped their returns policy, now they only accept returns for faults, no more "change of mind".

Re:rather easy going return policy. (1)

StrongAxe (713301) | more than 2 years ago | (#38471552)

It is the retailer's choice to offer a "no questions asked" return policy. It is irrelevant that many customers abuse such a policy. When the store offers such a policy, it assumes the all risks involved because of "no questions asked". It is unethical (and also illegal) for them to pawn off that risk on unsuspecting customers who are paying full retail price and expecting new products.

What they should have done is to refurbish the goods (add new shrink-wrap, reformat memory sticks and hard drives, reset phones to factory defaults, etc.) and offer them for sale as-is at a discount. That they didn't even try to refurbish media before re-selling it as new shows that not only are they unscrupulous, they're also stupid.

sex with a 6naa (-1)

Anonymous Coward | more than 2 years ago | (#38469290)

BSD Had beco8e

flushing the evidence (0)

Anonymous Coward | more than 2 years ago | (#38469322)

You know, I used to repartition and format the drives as soon as they arrived to get rid of any "helpful included software". Who knows if I had been flushing the evidence of being sold a used drive?

Woolworth's: ADVERSE affects on DickSmith stores (1)

Anonymous Coward | more than 2 years ago | (#38469328)

(AU retail giant) Woolworths-owned Dick Smith Electronics has - in our experience - several times shelved and sold "repaired" returned items (usually on a "take it or leave it basis" when stocks run low after an advertised "sale" (or did they -only- have such used gear on-hand from the start of the "sale").

Items we've seen & rejected out-of-hand:

- ASUS netbooks (in this case, shown as non-functioning "demos" & their boxes had NO indication of any repair or refurbishment by the maker; ONLY after being pressed as to why "demo" computers did not work, did staff bring to hand actual repair documentation)

(ASUS should be outraged that they brand would have been associated with non-functional computers)

- Huawei "WYSIWYG" mobiles (3-4 boxes of clearly used mobile on the shelf; very small discounts were available, ie, AFTER being shown these "fully-functional" phones - at FULL-prices - ie, before scratches & opened boxes were asked-for/seen).

Many - both inside & outside the Dick Smith organisation - strongly feel that Dick Smith is NOT a good match for the Woolworths supermarket "family" of companies.

By the way, Woolworths is Australia's LARGEST owner of Poker Machine venues.

Disk Smith used to supply Electronics hobbyist (incl Radio Amateurs), but they no longer even try to compete with the likes of Jaycar.

Neither company seems to carry any "scanner" (ie, VHF/UHF receiver) capable of receiving unencrypted transmissions from users of the South Australian / New South Wales (etc.) -trunked- Gov't Radio Network(s).

People who want them need to find them online... As a result. they stay out of the hands of "the general public" - to whom Disk Smith stores offer ONLY simple channel or service (eg, CB, trains, FM broadcast radio, Air Band) scanners.

By contrast, they USED to stock, demonstrate & sell the $600+ "trunked" scanner, ie, soon after the Gov't Radio Networks began to operate in SA & NSW, etc.

In Dick Smith's business model, some "smaller" stores can't even offer TV's larger than a specified screen-size!!!

I'd predict, that if Dick Smith can't find a more compatible "umbrella" to buy it, they'll go under, eg, as they try - in vain - to compete with other "box-pushers" (Harvey-Normans, OfficeWorks, etc.)

That would be sad, in a sense, because at least SOME of Dick Smith's younger staff seem to know the spec's of their products pretty well... I'm often impressed by a -female- staff member, who's really dug into the products' spec's... apparently in their own time. I don't think they're trained to be that knowledgable, but some really seem to know & possibly "love" the gear they sell. I hope management notice... this minority is truly deserving of praise for their after-hours time & efforts.

DSE distributing pirated media? (3, Insightful)

jamesh (87723) | more than 2 years ago | (#38469336)

DSE distributing pirated media? I'm sure the recording industry will be very interested to hear about this...

Re:DSE distributing pirated media? (0)

Anonymous Coward | more than 2 years ago | (#38469392)

The minute the recording industry goes against their retail partners is the minute their retail partners start to abandon them.

Re:DSE distributing pirated media? (0)

Anonymous Coward | more than 2 years ago | (#38469396)

Please. Unless you're a grandmother or a 12 year old child - you know, the scum of the earth - they won't give a fuck.

Re:DSE distributing pirated media? (2)

Occams (2422082) | more than 2 years ago | (#38469398)

Australians have forgotten that Dick Smith got his first big break in business by dumping cheap 27 MHz CB radios on the Australian market. He acquired bulk lots of them because they had been rejected by the FCC as being unsuitable for the USA market. They were equally unsuitable for Australia, and banned by the spectrum regulator, but Dick mounted a lobbying campaign and coerced the government into lowering its standards.

Re:DSE distributing pirated media? (-1)

Anonymous Coward | more than 2 years ago | (#38469558)

Why, it sounds like this Dick Smith fellow should be given a Presidential Award by the President of the United States for 'promoting free and fair trade, liberty, and all that other crap that makes the 1% their money.' :)

Re:DSE distributing pirated media? (1)

marxzed (1075971) | more than 2 years ago | (#38472058)

that and phones (the old land line ones) when it was illegal for anyone other than Telstra (oops sorry Telecom Australia (or was it even the Government Post Office back then?)) to to sell usable land line phones. Just like the CB radios they were advertised as being for "hobby purposes only" . Of course everybody did plug their DSE phones in and use their CB radios...

two things to remember though
1: this was when Dick Smith actually owned the business, the current DSE has nothing to do with him and hasn't for at least a decade.
2:back then the government regulations on both CB radios and phones were at best excessive and at worst a tax by proxy to subsidise uneconomical government monopoly and discourage competition against said monopolies.

Say Whom? (1)

geekprime (969454) | more than 2 years ago | (#38469416)

?malware-infested pirated movies? !

Really? Isn't that why we use VLC instead of media player?

Thats nothing! (0)

Anonymous Coward | more than 2 years ago | (#38469430)

This message is infected! Your computer is now my computer!

Sounds like just another attention whore who wanted a refund long after the day he bought it. Sue his ass for pirating movies. I bet his isp could help prove he downloaded those 'infected movies'.

Too bad he didnt make up something believable. It might have worked.

14 days return (2)

zAPPzAPP (1207370) | more than 2 years ago | (#38469446)

I don't know how it is in Australia, but around here, you can return anything you bought online within 14 days and get your money back (as long as you can actually return it as you got it, so food/software etc usually not included).
What do people expect happens to stuff that gets returned? Of course it goes on sale again. Otherwise selling online would be economic suicide...

Re:14 days return (4, Informative)

syousef (465911) | more than 2 years ago | (#38469516)

I don't know how it is in Australia, but around here, you can return anything you bought online within 14 days and get your money back (as long as you can actually return it as you got it, so food/software etc usually not included).
What do people expect happens to stuff that gets returned? Of course it goes on sale again. Otherwise selling online would be economic suicide...

In Australia it is illegal to re-sell used returned goods as new. The goods can be re-sold but must clearly be marked as returned items, and usually a discount is offered for accepting the goods in this condition. (The discount might not be offered if the item is in high demand).

What's more if goods have been returned and the item registered or activated online or similar they are not suppose to sell the item. That is the secondary reason that computer software isn't returnable at most stores (though there are exceptions like EB games).

Re:14 days return (1)

ledow (319597) | more than 2 years ago | (#38470216)

Same in the UK.

You can resell it, you have to marked it as returned, and basically the seller has to take the loss of whatever they get returned. It works on the basis that returns are such a small percentage of items, of little value to someone wishing to scam them, and represent such a small fraction of their costs, and *STILL* can be resold for even the same price so long as they are clearly marked that it's not an issue.

Go read any EU trading law. It's all in there.

Re:14 days return (1)

Calydor (739835) | more than 2 years ago | (#38469540)

Of course it gets sold again.

But under no circumstances should it then be advertised as 'new', ie. fresh from the factory and never been used as that is blatantly false advertising in bad faith.

Re:14 days return (1)

deniable (76198) | more than 2 years ago | (#38469918)

They can't sell it as new. They mark it as returned stock. Places like Dick Smith even have stickers they use to mark such stock. I see it on lots of DTV antennas at the shop across the road. Maybe Dick Smith should be more like Dick Smith and properly label returned goods.

Bigger Fish (1)

Anonymous Coward | more than 2 years ago | (#38469460)

Lets not forget that the company that owns and manages DSE is Australia's third largest employer Woolworths LTD.

shortcut shortcut (0)

samjam (256347) | more than 2 years ago | (#38469494)

People can't even take short-cuts properly!

I guess the kind of person who takes shortcuts can't be bothered to do it properly - short-cutting the short-cut.

But I suppose that those who can take short-cuts properly don't get spotted....

DSE = Radio Shack (5, Interesting)

ukoda (537183) | more than 2 years ago | (#38469496)

For those who don't live in Australia or New Zealand DSE is like Radio Shack but has suffered a worse decline in to just another appliance store. Like Radio Shack DSE used to sell electronic components to the general public and like Radio Shack they have shifted focus to selling appliances. The biggest difference is that if you spend long enough looking it is still possible to find and purchase a resistor at Radio Shack, but at DSE you can't anymore. While the staff at DSE are nice enough people they are low paid drones who often would not think of issues such as formatting returned media. While there may be a company policy on the issue it is probably just one of dozens the staff are meant to follow but, as minimum wage workers, may forget or ignore.

Re:DSE = Radio Shack (0)

Anonymous Coward | more than 2 years ago | (#38469566)

There is always Jaycar... for now

Re:DSE = Radio Shack (1)

Bitsy Boffin (110334) | more than 2 years ago | (#38469634)

Most DSE stores do still carry a few components, including resistors. It's just that you have to look quite hard.

Down the back.
In the dark corner.
Behind the door on the right.
Marked beware of the leopard.

Just keep looking, they are there somewhere.

Jaycar seems to be doing quite well here in Christchurch, they just moved into a much larger store, same stuff, just more of it.

Re:DSE = Radio Shack (1)

thegarbz (1787294) | more than 2 years ago | (#38470108)

Jaycar / Soanar / Electus seem to be getting bigger and bigger. Farnell is also a good choice in Australia. They were recently bought out by element14 who now offer free express shipping to major cities. Minimum order is $10 though.

Re:DSE = Radio Shack (1)

Anonymous Coward | more than 2 years ago | (#38469768)

Just go to Jaycar (Or buy online @ jaycar.com.au) for all of your electronics needs, going to Dick Smiths is like going to K-Mart for a "big screen" TV or a name brand appliance.

As a former employee... (5, Insightful)

Anonymous Coward | more than 2 years ago | (#38469498)

...this kind of thing was prevalent throughout the company. We would frequently be expected to sell used and returned stock without being given any real freedom in regards to marking it down. This led to a culture of lying to customers, especially in cases where it was not evident that the stock had been used.

Of course, used stock would be sold as new to customers all the time.

It even extended to returns on products that were in sealed packaging, despite having a clearly posted 14 day no questions asked refund policy we would be expected to tell customers that we wouldn't provide a refund, even if it was something that wasn't functioning as the customer expected (although within manufacturers specs).

Doesn't surprise me. (0)

Anonymous Coward | more than 2 years ago | (#38469752)

I purchased a Telstra 3G self install kit from them that wouldn't allow the creation of a new account. Turned out it had already been purchased by someone else and registered in their name, then returned and put back on the shelf. Telstra wouldn't help and Dick Smith didn't want to take it back until I jumped up and down.

And incidently, just the other day, some Dick Smith clown told me that the only difference between a 2nd gen. Core i7 and a 2nd gen. Core i5 was that the i5 doesn't have integrated graphics.

Reselling used goods and getting away with it (0)

Anonymous Coward | more than 2 years ago | (#38469890)

Some time ago, I bought a Logitech Squeezebox from MediaMarkt (which is a large electronics retailer in the Netherlands).
When I got home, I couldn't get it configured. It booted up fine, but somehow kept looking for some server. The device didn't operate at as explained in the manual. I was at a complete loss.
After searching the internet, it turned out the device had the demo firmware! And this was not flashable or anything.
So I had to go back to the store to return the device (they didn't have any others in stock, should have been a warning.) But then, ofcourse, the guy wouldn't believe me. The device was booting up fine, wasn't it... Had to spend an hour there to finally get my money back.

Had this happen to me (5, Interesting)

lucidlyTwisted (2371896) | more than 2 years ago | (#38469920)

Well, a friend. Their HDD had died and they asked me what to do. "Buy a new one" says I. Turns out they had no back-ups of pictures etc, so I offered to try a recovery (no promises and I warned them everything could be lost). Anyhoo, the recovery worked with the failed HDD working as a slave to the new one. I picks up loads of deleted pictures and felt rather chuffed with my little self.

"You seems to have made loads of friends on that Egypt trip." I say.
"Never been to Egypt." they reply.

It takes 5 seconds for me to twig that donkey-boy here had done the recovery on the wrong HDD and more stuff was still being found. School reports, banking spreadsheets, tonnes of stuff. Not really what one expects to find on a "new" HDD. Once I had the pictures recovered from the correct drive (and backed-up) my friend took the "new" HDD back to the shop for a bit of a word.

Selling hooky equipment to a police officer? Not one of the storekeeper's greatest ideas. And for the previous owner, there was enough information on there for someone to do them serious ill. Luckily for them, my friend made the storekeeper physically destroy the drive (and got a full refund).

There's no issue with selling 2nd hand kit, just advertise it as such and make sure it's properly wiped first.

People are clueless (2)

Cherubim1 (2501030) | more than 2 years ago | (#38470074)

What's scary is that people who sell their pc's or just dump them in the street are keeping data intact on their hard drives Some go to the trouble of doing a high level format thinking they're safe (big mistake) whilst others only do a standard secure erase which does nothing to ensure that personal data can't be recovered. Is it any wonder that identity fraud is now rampant because of the stupidity and sheer ignorance of people using computers and mobile devices.

Re:People are clueless (1)

fnj (64210) | more than 2 years ago | (#38471434)

Depends on what you mean by secure erase.

        sudo dd if=/dev/zero of=/dev/sda

With respect, and as long as there is no disk error during the operation (as evidenced by "<correct # bytes> copied" at the end), if you don't think that's a secure erase, you're in la-la land. Definitely secure enough for warez, and probably even secure enough if they were money-and-resources-no-object state or military secrets. Obviously I mean secure enough in terms of function, if not meeting bureaucratic requirements.

But you can use thermite and sledgehammers if it makes you feel better.

Re:Had this happen to me (0)

Anonymous Coward | more than 2 years ago | (#38470756)

It takes 5 seconds for me to twig that donkey-boy here had

Some colloquialisms just make me burst out laughing!

Some of you understand it (0)

Anonymous Coward | more than 2 years ago | (#38470320)

Returning Hardware (1)

Digital Vomit (891734) | more than 2 years ago | (#38470822)

What I do when returning hardware is write "USED" or "DEFECTIVE" in permanent marker on the item being returned (or in the manual, if writing on the hardware is not possible). Hopefully this will tip off the next person who unknowingly buys the item if the store decides it can get away with just putting it back on the shelf.

This what they get for useing sales guys as tech's (1)

Joe_Dragon (2206452) | more than 2 years ago | (#38470924)

And not have the techs be techs like how geek squad used to be.

Now days way to be come a tech or keep the job at a store is to get your numbers of Extended Warranties (some times even having to lie about what it covers), high cost cables , other ad ons, rip off software and more.

http://consumerist.com/2011/06/staples-canada-accused-of-selling-computers-with-old-user-data-on-hard-drive.html [consumerist.com]

http://iworkatpencils.blogspot.com/ [blogspot.com]

http://consumerist.com/2008/12/staples-give-us-80-weve-already-set-up-all-the-laptops-in-stock.html [consumerist.com]

http://consumerist.com/2011/03/confessions-of-a-staples-employee.html [consumerist.com] .

One reason (0)

Anonymous Coward | more than 2 years ago | (#38471182)

why I always boot from a live Linux CD/DVD when installing a new hard drive. I use the partitioning software to see if there are sany partitions already on the new drive, and what type they are. I usually set up custom partitions and install the OSs fresh from known safe media when I get a bew or used hard drive or computer. And if I sell a computer or hard drive, it is wiped to the best of my abilities. I have in the past bought computers that have come off corporate lease, and the drives had not been wiped. VERY sloppy!

Re:One reason (1)

mlts (1038732) | more than 2 years ago | (#38472236)

What is worse is that it isn't hard to wipe the drives. HDDErase can gnaw through a terabyte drive in 15 minutes to an hour [1], and DBAN might take a long time, but the computer can be set aside while that is going on. Even operating systems like OS X come with very easy to use HDD wiping tools.

[1]: HDDErase tells the HDD controller to zero everything out, so because the drive isn't waiting for oodles of zeros from the interface, it can write at its fastest speed.

14 Day Return Policy (0)

Anonymous Coward | more than 2 years ago | (#38471562)

In the original article, the guys says the 1.5TB drive turned out to be only 30GB.

Chances are, some smart ass was running out of storage space on his PC, so he bought an external drive, opened it up, took out the drive and replaced it with his smaller, older, shittier drive.

Screwed it back together, returned to DSE for a full refund.

Film maker buys said hard drive, uses this as an opportunity to pass the buck on why his film project wasn't completed.

- Neophyre

been there done that. (1)

marxzed (1075971) | more than 2 years ago | (#38471892)

some time earlier this year I bought a games console from DSE which when unpacked showed obvious signs of usage. Trying to register it on line a few days later I found that the particular unit had already been registered and, in fact, as it as I found out later, turned out had been originally registered just over a year before old. No joy from DSE staff about this so called "new" console nor did they inform me about the 14 day no fault return else I would have just dumped it on them and got a new one or a refund. A few weeks later it died and the manufacturer won't touch it because it's out of its statutory 1 year warranty (as registered by the original purchaser) and even if it wasn't they wouldn't honour it as it was not purchased by me new.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>