Category: Security

How to wipe your hard drive securely before selling or recycling your computer

Paul
Photo by: pastedo on Pixabay

Wiping the Hard drive

Sometimes it’s a good idea to wipe the hard drive beyond recovery to prevent someone else from getting that information about the previous owner.     It is always a good idea to erase the information before you sell or recycle or even donate your computer.   You can destroy the data on the hard drive with little or no effort but it does takes an app to do it.   Depending on your situation, if you have an OEM system, than you will probably want to reinstall Windows into the system that you are going to wipe securely and erase the data on the hard drive.  It’s best before you do this to create a USB or DVD of the operating system you are going to wipe.   If this is Windows 10, you can download the the media creation tool for Windows 10 and make a bootable USB for Windows 10 for after the wiping of the hard drive.  If this is an older system like Windows 7, I would suggest before wiping checking to see if you have the DVD for it or you could buy a Windows 7 from amazon using my Affiliate Link, which I’ll get a small amount of money when you do that.  If this is another system all together, Like Linux, or even Mac OS you’ll have to get a copy of the operating system that you are going to wipe and reinstall it to be helpful to the next person to use the system.

DBAN : Darik’s Boot and Nuke

Darik's boot and nuke

This is one of the utilities that I use to remove and erase all the information securely to prevent anyone from getting the information that is on the hard drive.    It’s open sourced and can be downloaded freely.   They do have an enterprise version that is for those who are running a business and requires a license to do use in a business environment.  This is however the first one that I use when I have a Hard drive that I need to erase, destroy,  or wipe the entire Hard drive.  This can even be used on SSD and NVME’s.

MHDD

This one is similar to DBAN but has some interesting features that work well with what I might need to do.  I often times will us MHDD after I use DBAN just to be safe and make sure nothing is left on the hard drive, or the Solid State drives to prevent anyone from getting any information from the hard drive.  This probably sounds like over kill but I figure it sometimes is needed to prevent the people from accessing the data.  It was developed by Dmitry Postrigan and I have used this program from time.  You’ll need to download the ISO and create a bootable USB or CD/DVD to use this program and I suggest something like Yumi Pen Drive creator to make a USB Bootable Disk for MHDD.

Formatting the HDD, SSD, or NVME

Format commends

This is the last option I would suggest because this option is only going to do it once and you’ll need to format the disk several times with different commands to provide enough assurances that the data is destroy or wiped.  This option is good for those disk drives that didn’t have any really important information on them and had either games or files that probably didn’t have anything on that would be too personal  for anyone to find.   I usually use this as a last resort when I know the system wasn’t used to keep personal data and maybe the HDD was being exclusively used for games on it.  The format command on a HDD or SSD could be useful because it’s already on the media creation tool and can be accessed by hitting Shift+F10.

Then all you will need to do it type:

format <drive>: /fs:NTFS /p:1 (For zeros)
or
format <drive>: /fs:NTFS /p:2 (For one's)

This will write zero’s  or one’s to every sector on the HDD or SDD and will securely erase the data.   I have found to go from zero’s to one’s or doing one’s than doing zeros.   Be warned thought doing this will take a very long time.  It could be hours between passes.

This option is good when you have a system that you can use to install and format HDD and still do other things on the system or if you can pull the HDD and SSD out and temporarily install it on the working system.  While it does it things you can do other things on the system.   Be warned this might take some of your system resources while you are formatting the HDD in question.  The System might be a bit slower to respond.   Also it will take a VERY long time to do multiple passes on a HDD.  So don’t be surprised if it takes several minutes to go from 0 to 1% or several hours to even get to 100% depending on the size of the drive you are formatting.

Do you have any good tools that work better?  Why not leave a comment and tell me what you use to securely wipe hard drives and SSD’s.  Why not share your experiences and hear how you do it.  If this has helped you with something, why not consider checking out my affiliate links below and say thank you for this great resource.

Security News for this Month and How that affects you!

Paul

tpm chip on imac.png

Hackers get around TPM

According to Arstechnica, a hacker was able to get around TPM in under 30 minutes.  It seems impressive for someone to be able get around something that Microsoft thinks helps secure your operating system.  I’ve been doing some major research into how secure is the TPM and secure boot.

Getting around the TPM in this manner is akin to ignoring Fort Knox and focusing on the not-so-armored car coming out of it.  — Arstechnica

Fort Knox is way better than a TPM, it just means that people don’t realize the vulnerabilities of the the TPM.   It is still relatively new and people just haven’t had the chance to thoroughly test the trusted platform module.

BlackMatter is Reborn

With Revil and DarkSide getting shut down, we now see that BlackMatter could really be just a simple name change from Darkside.

And sure enough, a recent detailed forensic analysis of the cryptographic algorithms being employed by an apparent newcomer named “BlackMatter” suggests that BlackMatter is actually DarkSide 2.0. — Steve Gibson

It seems that they have left the affiliate model and now are looking for the IAB(initial Access Brokers) to be able to infect computers and networks that might bring them some great revenue from ransomware.  Ransomware is getting more and more common and I can guess that they will start to use something like this to infect companies computers.   I doubt they will infect targets that are going to be bring them to much attention.

Print Nightmare is a feature not a bug!

I keep saying this but the Print nightmare that is being talked about last month will probably never truly be fix because Microsoft created this issue in the early days so people could easily print to any system.   Microsoft has been trying to fix some of the issues but I doubt they will ever fix them all.  The idea that it is a zero day, is something that Microsoft didn’t expect but most researchers would have said it was probably possible for several years at the least.  I am sure this will be used with a number of other things such as the Boothole exploit.  Although this has already be patched by most Linux distro, there are some that just won’t update due to not being able to or wanting to.  So there are going always have people who will not see a need to update their systems.  .

The First 6 months

Most researchers have said this but in the past 6 months there has already been more attacks than last year.   Although most of malware and ransomware writers were all just like everyone else watching what is going on in the world and covid19.  They probably weren’t very busy last year and now they need to fix that by showing us how much more they can do.   I am sure it will even be better the next 6 months but I am also hopeful the Russians government will keep putting pressure on the virus writers to keep their acts clean and leave companies alone.  I doubt it but I can only hope.

What’s your thoughts on all that has happened this year?  Do you think it will slow down or get even faster?  Do you think we will see more computers getting compromised even with TPM and Secure boot enabled?  Let me hear your thoughts.

My Initial thoughts on Windows 11!

Paul
Windows 11 — Just is!

It’s like pulling teeth!

I finally installed Windows 11 Windows Preview build into my system. Later last week I was wondering what they had done with Windows 11 and requirements. So I thought it would be a great idea to try to install Windows 11 with my current system that I built last year. Thanks to building this system just last year and thinking ahead, I got everything I could to prepare for the future needs. I even made sure it had TPM 2.0 just in case, I thought I’d not need this. I guess I was completely and most definitely wrong. I will say after talking about how to update Windows 10 to GPT and Secure Boot, that part went rather smoothly. I did find that if you have a Linux partition and a Windows partition then the converter will not be able to work. I had to erase the Linux Mint Distro partition to be able to convert it to GPT. I however divided the size to possibly install Linux mint along side Windows 11. I am curious to see just how well that will happen. That’s my next step in the next few days.

I didn’t like the setup

After converting the partitions and joining the Windows insiders program, I was able after a few attempts and fixing the CMOS.  It seems strange that I had to keep going into CMOS to enable even more things than I initially thought.   I had to enable secure boot, UEFI, and PTT (For those on Gigabyte Motherboards).   It wasn’t easy to say the least, I’d update one and the other and find out I had to enable more in the bios so Microsoft would see I met the requirements to download and install Windows 11.

Privacy is a Real concern!

I know on my Windows 10 system, I didn’t have my account linked to Microsoft but when I installed Windows 11.  It automatically linked my account to Microsoft.  I’d think if I am upgrading to Windows 11and it sees that it was a local account it would not link it to the Microsoft account.  The Bad news was I had to delete that account and remove all the data so Microsoft wouldn’t be watching me.  I had to re-install all my apps and loose some of my personally files but it was worth it to keep the information safe.  I wish I could of had an easy way to go back to my local account without having to jump through so many hoops.

It’s Just isn’t that good!

So far, after only using this for so many hours.  I can’t see any major differences that I will like.  The Start button will be an issue because I just don’t like it in the middle.   Also finding what I might need in the Settings is a little bit more interesting and difficult for me because they looked like they buried some of that.  I have also noticed the Windows 11 hack to revert my Windows start menu doesn’t work.  I’m going to try the Windows 11 preview builds some more but I am not that impressed with them and I might just go Windows 10 when Windows 11 finally get’s released unless they allow the users to use windows there own way, like No TPM, Or Secure boot.  I hope Linux will hurry up and make it easier for people to install Linux along side Windows 11.  I am almost sure there is a way just haven’t had time to explore the possibility.

Boot Times

After install Windows 11 and using my NVME drive, I have found the boot times to be a bit longer.  That was to expected because of the encryptions that is being used to quote “Secure” windows from any virus tampering.   I can’t see this being an extreme issue but I don’t  like the fact that it takes several more seconds on my NVME to boot up Windows when it would just boot almost instantly with my NVME.   They better fix that problem also because I don’t care about their so call security if I am sitting there waiting for the system boot.   All in All the Windows 11 experience isn’t as much a good thing as a bad thing.   I already know Virus writers are creating viruses to get around the so called security and I have done some research on the topic.  I can’t wait to say to Microsoft “I told you so“.

What’s your thoughts on Windows 11?  Have you tried it?  Will you install it even with the TPM and Secure boot requirements?  I’d like to hear your thoughts on the issue.  Why not leave a comment and tell me what you think about Windows 11.

 

How to problem solve a motherboard post issue

Paul

Motherboard

Motherboards are all different

Anyone who has been working with motherboards for years, probably will say this also.   Motherboard manufacturers all create their own unique motherboards to try to be different from the other.  That is the first thing for those who have issues with your motherboard and having difficulty trying to figure out what is causing your motherboard not to post or even show any signs of booting.   It can be a multitude of things that might be the cause of the issue and we’ll talk about each and every one that might be the reason for the problem.   Each issue might be a little bit different and that can bring on some more issues or concerns.  Don’t get discouraged because you can’t figure it out or know where to start.

Loose wires

This is the first place I look when I have this issue of nothing showing up or even looking like it is even going to boot.   Even a loose wire might prevent the system from starting up or even getting into the bios.   I’ve seen this at least once or twice that there was a SATA cable that was partially not plugged in and the system was just stuck and not trying to boot.   It’s usually the first place I’d look if the user says they just moved their system and now the system won’t boot because some wire somewhere came loose.   It’s usually the easiest fix for some problems.  It however isn’t the only reasons that the system might not boot.

Memory Modules

The memory modules which can be anything from DDR1 to DDR4 depending on the motherboard.  Memory sticks can go bad over time and this is usually what causes a lot of issues.  I usually just pull out all modules and start booting with just one until you find the culprit.   If it boots replace that module with the next module and see if the system still boots.  If it doesn’t then you have the issue the module is bad but if all of them boot or the problem persists than the modules aren’t the problem.  Then you will need to check other areas.

Check GPU

If the system has a GPU than this might also be the issue.  You can try to remove it and see if you can get the system to post by using the systems graphics processors if it has one.  If not you might try a cheap gpu to see if the system will post after you swap the GPU.  It’s usually not the GPU but you never know and that is where I find the problem can be sometimes.   Also if the GPU is getting to hot the motherboard might not post to protect itself and that might be the issue.   You can always redo the GPU and put new thermal paste down to help it keep cool.  I’ve found the thermal paste sometimes goes bad.

Check Hard drives

This is where I usually go next.  It can be as simple as a hard drive issue that is causing the system not post or boot into bios.   Strange as this might seem the issue can actual cause this to happen and the system will just not boot.  unplug all SATA cables and pull any NVME drives and try booting.  If it was the issues the system will at least boot to bios after that.  If it is the problem just slowly start with operating system boot drive (NVME or SATA) and see what happens until you get back to a no post issue.  When you do this you might find it is time to replace the SATA or NVME if it is that.

Reset Bios

This is usually where I go next when the problem persists and nothing seems to work.  It can be a problem in the bios and you’ll need to reset it or clear the bios memory,  to see if the problem persists.  Sometimes the bios has issues of its own and you will need to clear the bios and see if you can get the system to post.   Also if it does post, it might be time to update the bios to see if that will also help resolve the issue later on.  Sometimes even updating the bios seems to resolve the issue even better than just resetting the bios.

CPU or Motherboard

If you have done all that and the system still doesn’t boot, you know it is either the CPU or motherboard that is bad and that is where it gets interesting.  If you have another CPU that you know works, and you can put it in there to see if the system boots.  Also check the thermal paste on the cpu, if it is getting too hot on the cpu that might cause the system not to boot.  That would be my first thing to try to see if this will resolve the issue.   If not it might be time to buy another CPU or Motherboard.   It can happen that the mother just goes bad for whatever reason.   I’ve not seen it but I’ve heard about it that the motherboard can go bad.   If you can’t get the system post that is the final thing you can do to get your system running again.  Replace the Motherboard and RMA the motherboard.

Want to say thank you?  Why not buy something from my Affiliate links to say thanks.  Anything you buy with my affiliates helps me with my blog and what I love to talk about.  Thanks.

 

How to Convert your Windows 10 from MBR to GPT

Paul

Securing Windows 10

It’s complicated is what I’ve heard from people all around the world. The idea that We have to figure how to turn our Windows 10 into a secure boot, can seem difficult at best. Just like Unified Extensible Firmware Interface (UEFI) isn’t always labeled right in the bios and that can be hard to find.   It seems that all the motherboard manufacturers wanted to make it extremely difficult for anyone who might want to enable or disable UEFI to be able to do it.   Then add on to the fact that the Motherboard manufacturers also made it hard to figure out how to turn on TPM in the bios also.   Can seem quite maddening to most because each manufacturer didn’t just call it TPM or UEFI.   Some of them Call it PTT (The intel Platform Trusted Technology) or even the AMD which is called fTPM(Firmware Trusted Platform Module).   Although the AMD version is a whole lot easier to understand since it does say TPM.  Intel on the other hand can be hard to find or even know what PTT stands for unless you google it.

Checking your system

The first step you should always do is make sure you can do this in the first place.   If you haven’t read my other post about this, I’d go over there and check to make sure you can do this in the first place.   As of currently Microsoft has stated that the requirements are the same for the previous few weeks.   So I don’t know if they will change when the final release comes out but it could very well change.

Have backups

Before I talk about the upgrading or updating your boot system to allow you to boot into Windows 10 Secure boot.  I’ll make this statement, please consider backing up all your important files that you might want to keep to a USB Flash Drive or even portable HDD or a HD that you can unplug from the bios to keep your important files safe while the upgrading of Windows 10 is being done.    What you do after this is on yourself and no one else.

can you upgrade to secure boot?

If you have checked the previous post and turned on what you can besides secure boot, but you know you have it.  You’re pretty much set to upgrade Windows 10 from Master Boot Record (MBR) to GPT(GUID Partition Table).  The process for converting your Master Boot record is relatively simple but will require you to boot into a Windows 10 on a USB!  Once you have done that you will then want to get to the command prompt the easiest way is to hit Windows+S and type in cmd then right click run as administrator.  Now you’re at the command problem.  Now is where the fun starts.

Type in :  mbr2gpt.exe  /allowFullOS /convert

Let it do it’s conversion and once done you’ll need to reboot but before you try to log into Windows again, you’ll need to go into the bios and enable secure boot.   Depending on how much Windows 10 needs to go through a new startup process will depend on the way GPT was converted.  It may take a few minutes even on the fastest system for Windows 10 to fully boot or it could be just as quick as before.   Once Windows 10 is booted, I suggest verify all your files are there and that everything is working correctly.   You might need to update software but that shouldn’t be to much a problem.   After That if you are on the Windows Insider Program than go check for updates and Windows 11 should be able to install.  If it still says you can’t upgrade I’d go back and check Whynotwin11 and Find out if you haven’t enabled TPM or what version of the TPM it is.   Other than that you should be set to go.

Enjoy Windows 11 Preview builds.