Was wondering whether there isn't a risk in selling old devices when you have done netbanking and internet purchases with it.

Wouldn't a skilled hacker be able to get into your bank account and draw money?

http://www.makeuseof.com/tag/4-things-you-must-do-when-selling-or-giving-away-your-old-computer-phone-or-tablet/

This should put your mind at rest.

dd if=/dev/random of=/dev/sad bs=1M && dd if=/dev/zero of=/dev/sad bs=1M

Good luck getting anything off that hard drive.

dd if=/dev/random of=/dev/sad bs=1M && dd if=/dev/zero of=/dev/sad bs=1M

Good luck getting anything off that hard drive.

I thought it was english only on here

dd if=/dev/random of=/dev/sad bs=1M && dd if=/dev/zero of=/dev/sad bs=1M

Good luck getting anything off that hard drive.

On what device and/or OS would that command work?

dd if=/dev/random of=/dev/sad bs=1M && dd if=/dev/zero of=/dev/sad bs=1M

Good luck getting anything off that hard drive.

On what device and/or OS would that command work?

Any *nix on a computer. A live Linux cd will be able to get it done for you.

It will not work Dave.... try

dd if=/dev/urandom of=/dev/sad bs=1M && dd if=/dev/zero of=/dev/sad bs=1M

For the really paranoid, repeat the command 6 or 7 times...

sad!?

try sda

It will not work Dave.... try

dd if=/dev/urandom of=/dev/sad bs=1M && dd if=/dev/zero of=/dev/sad bs=1M

For the really paranoid, repeat the command 6 or 7 times...

Perhaps it could be blocked if there isn't enough entropy; but as /dev/urandom uses a seed from /dev/random and then a PRNG it is theoretically possible to predict urandom's output.

Simply letting it run will allow entropy to build; running "sync" or "rngd" or even "haveged" seeds it.

**edit**

Apologies for the earlier /dev/sad...stupid autocorrect 'fixed' my /dev/sda

OP, you should stop immediately any netbanking that doesn't require two factor authentication.

thinking further that sda is going to wipe the hard drive you are running from, presumably you will be wanting to wipe sdb or some external drive connected to your computer.

thinking further that sda is going to wipe the hard drive you are running from, presumably you will be wanting to wipe sdb or some external drive connected to your computer.

Hence my suggestion to use a livecd which can be a thumb drive. Will always start from sata0 and label the drives from there.

thinking further that sda is going to wipe the hard drive you are running from, presumably you will be wanting to wipe sdb or some external drive connected to your computer.

Hence my suggestion to use a livecd which can be a thumb drive. Will always start from sata0 and label the drives from there.

ok

thinking further that sda is going to wipe the hard drive you are running from, presumably you will be wanting to wipe sdb or some external drive connected to your computer.

Hence my suggestion to use a livecd which can be a thumb drive. Will always start from sata0 and label the drives from there.

Actually it doesn't always do that with recent Ubuntu. If I boot my machine with an external hard drive connected, sometimes the external is sda and the internal sdb, sometimes the other way around, it's random, that's why UUID is used in fstab now.

You should probably use fdisk -l to check which drive is which before destroying it.

But anyway this is all probably a bit technical for the OP's question.

Google DBAN - Darin's Boot and Nuke. You burn an ISO to a CD and then boot off it. Pick the drive and wipe using the default settings.

Other similar software available.

Thanks guys for all the swift replies.But for someone who is as IT illiterate as I am, this is just too complicated.

My reasoning is, correct me if I am wrong:The buyer of my laptop and smartphone can get all the data and information on my devices for all I care.But if I immediately after selling it change the password of my netbanking with my new smartphone, he won't be able to get in there.He could still initiate internet purchases with my debit card information, but won't be able to complete them as it would me, not him, who receives the OTP from my bank.

You are right to be worried and a bit paranoid.

All smartphones/tablets (at least Androids) have a way to "Reset to factory settings", which would clear all user data and remove all user installed apps.

For the laptop the best and easiest would be to reinstall the OS. After all, it's the hardware you are selling.

Easy to do, even for an "IT illiterate".

If you want peace of mind, take the laptop to a computer shop have the hard drive replaced and a fresh os installed.

Insist that they remove your drive while you wait. Take your old hard drive home and belt it with a hammer - several times. Or drill several holes through it.

It may still be possible to retrieve some of the information from your drive, but the time and equipment necessary is way beyond the capabilities/budget of the average data thief.

Myself and friends have previously lost all data on our hard drives,

we learnt how to retrieve data from hard drives, with the right tools

anything can be done, old hard drives of mine are opened, disks

smashed, washed with acid, burnt then taken to the rubbish tip.

Not a tech savy guy for the most part and do not sell old phones or computers but dose not everything get wiped out when you do a factory reset.

Any data on any memory device is recoverable to some extent.

Computers with mechanical and SSD drives can be overwritten to damage any existing data upon them.. Australian Military remove and destroy any drive used in a secure facility prior to disposing of the device. This is the most secure method.

Smartphones: Most have the ability of accepting a memory card and in most cases will automatically move data like pictures etc to them some do not.

If the device has a memory card remove and keep it.

You can do a hard reset and restore the phone to default settings this will wipe the info from the device but can be restored by someone with skills. if you want to sell the phone and make sure all data is not retrievable then you will need to procure either an app or 3rd party software that will permanently damage the existing overwritten data so that it can no longer be recovered.

If you are unsure when you sell your phone change your banking passwords to prevent the problem

Just give it the heave ho into the nearest burn pile and be done with it....??

The old military way of wiping a hard drive clean was to reformat it 3 times using the low level method

For the majority of non-techies here, I would NEVER sell a PC with the hard drive(s) left in it. Remove the drive(s), open it/them up and destroy the platters if there is ANY info you don't want in someone else's hands.

Still you look at Craigslist and it's full of people selling their computers,tablets,smartphones.

OK, if we are really paranoid here:

For the smartphones, encrypt the device, then factory reset. Good luck trying to forensically de-crypt any remaining data without the keys! This is for Android. iPhones are encrypted by default.

SSD drives can be securely erased. All manufacturers provide programs to write all zeros to all the NAND cells. This is one of the ways to reclaim SSD performance. SSD being a bipolar technology, once the data is overwritten, it is impossible to recover it. If you want to make really sure... take out the circuit board from the SSD and microwave for a minute or so on full. Goodbye all the data!

HDD are a bit problematic, relying on magnetic flux to store the data. This flux extends to the sides of the written track of data, and can be recovered by special programs that re-position the recording heads and look for patterns. The programs are expensive and not something general public would have.

DoD specified that the HDD's must be totally overwritten by random data at least 7 times before being reused.

A bit of paranoia is healthy, but assuming 9 billion people on the planet are after your Google password is a little bit extreme? If your name was Assange then yes, but Johnny TvBlogger? Sure, do the cleanup as advised above before selling or disposing of phones or PCs. But I'll bet people have more incriminating data of their Facebook and other social media accounts.

OK, if we are really paranoid here:

For the smartphones, encrypt the device, then factory reset. Good luck trying to forensically de-crypt any remaining data without the keys! This is for Android. iPhones are encrypted by default.

SSD drives can be securely erased. All manufacturers provide programs to write all zeros to all the NAND cells. This is one of the ways to reclaim SSD performance. SSD being a bipolar technology, once the data is overwritten, it is impossible to recover it. If you want to make really sure... take out the circuit board from the SSD and microwave for a minute or so on full. Goodbye all the data!

HDD are a bit problematic, relying on magnetic flux to store the data. This flux extends to the sides of the written track of data, and can be recovered by special programs that re-position the recording heads and look for patterns. The programs are expensive and not something general public would have.

DoD specified that the HDD's must be totally overwritten by random data at least 7 times before being reused.

A bit of paranoia is healthy, but assuming 9 billion people on the planet are after your Google password is a little bit extreme? If your name was Assange then yes, but Johnny TvBlogger? Sure, do the cleanup as advised above before selling or disposing of phones or PCs. But I'll bet people have more incriminating data of their Facebook and other social media accounts.

I've personally wiped hard drives to DoD specs and still been able to retrieve some data. I used to work DoD IT, the only sure way to get rid of the info is to open the physical drive and destroy the platters inside. Yes, this is anal, but it's also the ONLY 100% absolutely sure way to remove data.

It still does not answer my question.Lets suppose the new owner is able to retrieve all the data on my device, including my internet bank transactions.He would not have my new passwords for banking and internet,if I change them with my new device?Or is my reasoning wrong here?

I see paranoia reigns supreme on this threads

Change your passwords often

Have your browser setup to not save passwords or history

Change your OS back to the original settings before you sell

There is the square root of zero chance anybody is going to steal anything from your machine

It still does not answer my question.Lets suppose the new owner is able to retrieve all the data on my device, including my internet bank transactions.He would not have my new passwords for banking and internet,if I change them with my new device?Or is my reasoning wrong here?

I believe that by default the browser does not cache pages delivered over https. Since your bank website should be then this data should not be cached. However passwords are often cached in browsers so any site that only required a username and password which were saved to the browser would be vulnerable. You would as you say need to change these.

I thought through all this "banking on the computer" crap some years ago. I came to a solution that works for me, and after that, didn't think about it much. So this is all probably very old school. Mai bpen rai. I'm not gonna change anything. My rules are:

1. I don't do any internet banking in the country in which I live (Thailand). Better to just go to the bank.

If any bank mistake is going to be made with regard to any account, no one's going going to blame it on the internet.

2. For my home country, I've little choice other than to do internet banking. In which case:

a. I only do it from within a virtual PC dedicated to the purpose of internet banking, with no cut/paste share nor anything such as that.

No visits to non banking sites allowed within that virtual machine.

b. I only use a hard wired internet connection. No wireless.

c. I only use wired keyboard and mouse. No wireless.

d. I only do it when I must. Once a month or so.

Beyond that, I would never sell one of my used mobile phones or hard disk drives. There's no money in it. Better to beat whatever it is to death with a hammer, and then apply the DoD destruction standard recommended back when I worked with DoD: gasoline fire.

Overly paranoid? Maybe. But again, I don't spend much more time thinking about it all. And I've yet to come up with a reason to deviate from this approach.