OCZ Vertex 2 100GB SSD dead after 1 week - RMA and Data security and policy

[world33]

Hello,

I clean installed Windows 7 in my brand new Asus n71jq notebook and OCZ Vertex 2 100GB SSD and updated to firmware 1.10 a couple of days afterwards; after 1 week of hard work reinstalling all applications and data the SSD is not recognized anymore just after awakening from sleep mode. I tried to see if the SSD was recognized in the bios and in an external enclosure but no luck.

I applied for RMA and I have received a RA code from the Australian distributor in order to return the item.

My questions are:

1) how confident can I be that this issue does not happen again especially considering that I did update to the new firmware a couple of days after clean installing win 7

?
2) what are the policies that OCZ and their distributors have to comply in order to guarantee that my personal and business data are not somehow recovered, copied and illegitimately reused when returning my dead SSD.
3) Is there a way to erase my data without having to physically destroy the SDD before returning it or is there any other way I can cover myself legally for potential dodgy practices?

I would appreciate your suggestions before sending back the SSD.

 

[taltamir]

2) what are the policies that OCZ and their distributors have to comply in order to guarantee that my personal and business data are not somehow recovered, copied and illegitimately reused when returning my dead SSD.

The only way for it to be used illegitimately is if, upon receipt, their technician/s steals the dead HDD and then repairs it at home. The thing is, repairing HDD costs tons of money and makes you literally an asston of money completely legally. We are talking lawer / doctor type money here.
So, you should be about as concerned that your doctor would be stealing your kidney next time you pay 50,000 for a few hours of operation.

I have no idea what type of guarantees the companies in question make though. But if they have the most basic of security and more then 1 (exactly) employee handling RMAs then its fairly safe to say that isn't happening... problem is, I WAS a 1 man RMA department for a company that rolled tens of millions and was selling a variety of products on sears, costco, and a few other major ones (oh, and I handled both USA and canada at once). So it is actually entirely possible for it to be 1 guy who is doing exactly whatever he wants with it.

it is Possible but I wouldn't call it likely. (both the 1 man RMA department and the knowing how to fix HDD and doing it for illegitimate profit)

As for destroying the data without damaging the SSD... you know I am honestly not sure. With a spindle drive I would say degauss (although that would potentially damage newer drives and might be detected as extra damage voiding warranty)... so, maybe someone else would chime in.

 

[Fayd]

The only way for it to be used illegitimately is if, upon receipt, their technician/s steals the dead HDD and then repairs it at home. The thing is, repairing HDD costs tons of money and makes you literally an asston of money completely legally. We are talking lawer / doctor type money here.
So, you should be about as concerned that your doctor would be stealing your kidney next time you pay 50,000 for a few hours of operation.

I have no idea what type of guarantees the companies in question make though. But if they have the most basic of security and more then 1 (exactly) employee handling RMAs then its fairly safe to say that isn't happening... problem is, I WAS a 1 man RMA department for a company that rolled tens of millions and was selling a variety of products on sears, costco, and a few other major ones (oh, and I handled both USA and canada at once). So it is actually entirely possible for it to be 1 guy who is doing exactly whatever he wants with it.

it is Possible but I wouldn't call it likely. (both the 1 man RMA department and the knowing how to fix HDD and doing it for illegitimate profit)

As for destroying the data without damaging the SSD... you know I am honestly not sure. With a spindle drive I would say degauss (although that would potentially damage newer drives and might be detected as extra damage voiding warranty)... so, maybe someone else would chime in.

since the electronics/controller on the op's SSD failed, rather than the flash memory failing, his fear is that the company will just refurb it, install a new controller or whatever, and send it out again to another customer. (with data either intact or recoverable.)

i'm curious about this as well... both for SSD's and rotational harddrives. for those that have recieved refurbed HDD's back from RMA.... is it possible to recover data from them? or do they use entirely new platters?

 

[Rifter]

years ago, like 10-12 i recieved a refurb from WD(i think it was a 6.4GB or a 4.3GB), when i installed it windows 98 seemed to think it had a FAT32 partition on it but was corrupt and i could not access it through windows 98, and the dos disk tools did nothing to repair it. However when loading up some data recovery software(cant remember name, ran off CD in linux i believe , i got it through work) i was able to restore the partition and access it like a normal disk, had some guys win95 install on it.

So i believe that there is a possibility that whoever gets the refurb could access your data IF they do not wipe the drive before hand. And i would imagine that nowdays it would be common practice to wipe the data if only for the reason that zero filling it a few times would be a great way to test the drive before putting it into stock as a refurb.

 

[Emulex]

yeah DMR warranties ftw.

take a bulk eraser to the drive?

 

[world33]

Remember it is a SSD drive. No bulk eraser can erase it especially when dead.
I guess this Sandforce page gives me a bit of comfort for my concern on data security:

The SandForce SSD Processor solves this problem by embedding an AES-128 encryption engine to protect the information it stores on the flash to prevent any unauthorized access.

Fingers crossed and thanks for your replies.

 

[ShizKani]

I was also wondering about this same thing about my DATA Security when retuning RMA'ing an HDD/SSD due to it failing..

What about TrueCrypting the Entire Drive, and doing regular BackUps..
That way if your Drive does fail and you need to RMA it.. you can be sure that your whole Drive is Encrypted and the only way your data can be extracted is if your Drive is Decrypted with your PassWord..

So if the Drives Manufactures need to test your drives data to ensure the drive is still good they gunna have to 1st ReFormat it essentially wiping out all encrypted data on your Drive to be able to do all their tests.. Other than that, the DATA will just be scrambled & encrypted on your drive until its decrypted.. And having a backup ensures that you dont have to worry about losing your data that is wiped out on the failed Drive..

Unless there is some other way that works better.. what do you guys think..?

 

[Old Hippie]

for those that have recieved refurbed HDD's back from RMA....

I've had many RMA'd drives both SS and mechanical.....all were formatted refurbs with no data.

I've never heard of a case of RMA data theft and consider it a very remote possibility.

 

[taltamir]

since the electronics/controller on the op's SSD failed, rather than the flash memory failing, his fear is that the company will just refurb it, install a new controller or whatever, and send it out again to another customer. (with data either intact or recoverable.)

not going to happen. This is an SSD, it has a single board with soldered electronics on it, do you have any idea how difficult it is to fix something like that? how much it would cost them?

What they are going to do is plug it (unopened), run a tool to reflash the firmware and reset the drive, and then test it to see if it works. If it does it gets sent to another customer, if it doesn't it goes in the trash.

As long as its really broken and not just some weird incompatibility issue with your mobo then they will be unable to read it and it will go in the trash.
The only mildly plausible scenario is if they send it to their architects/engineers to find out WHY it broke.

With a spindle drive you can have a guy (college student making 10-15$/hr) swap out the mainboard or the motor.

 

[Rubycon]

What's your liability on theft of data?
If it's more than the price of the drive why worry? Just destroy the drive and move on.

 

[Zap]

Just destroy the drive and move on.

That was my first thought. I know some agencies will do that - destroy HDDs and never RMA them. A friend of mine used to destroy removable discs instead of RMAing them due to sensitive data. Forgot exactly what it was he used, but it was like the Iomega Jaz (but not that drive).

 

[=Wendy=]

Usually when a SandForce based SSD is not detected by the BIOS, it's because the SSD has went into a panic state after waking from a sleep mode.
In this case the manufacturer will just do a complete flash (destructive) to recover the drive, which will clear all NAND anyway.
No need to panic about your data being stolen.

 

[RebateMonger]

You could try contacting OCZ's customer support and see what they say about the security of the SSD RMA service. Seagate, as I recall, has information on their Support site about how data security is handled with their spindle disks.

 

[MagickMan]

That was my first thought. I know some agencies will do that - destroy HDDs and never RMA them. A friend of mine used to destroy removable discs instead of RMAing them due to sensitive data. Forgot exactly what it was he used, but it was like the Iomega Jaz (but not that drive).

I did that with SyQuest SyJet carts when I was working for a gov't research firm. If one went bad I'd just smash it with a hammer, it was better than the remote possibility that the data on that drive could fall into the wrong hands.

 

[FishAk]

Hay! This is what government and university researchers involved with ClimateGate should do, MagickMan!

 

[Zap]

I did that with SyQuest SyJet carts when I was working for a gov't research firm. If one went bad I'd just smash it with a hammer, it was better than the remote possibility that the data on that drive could fall into the wrong hands.

Ah yes, SyJet. That may have been it. Yup, guaranteed no security risk is sometimes worth the replacement cost.

 

[GrumpyMan]

To be sure, sight in your shot gun with it.

 

[BTRY B 529th FA BN]

I asked than very same question on my trouble ticket with my OCZ Vertex 100G LE

The answer had loopholes in it. It was something like ..all data is destroyed..

yeah, big deal, all data is destroyed.. by who, joe schmoes data destroying for $19.99? - never mentioned OCZ physically destroying the data themselves.. I don't think I'm being paranoid but how is it determined un-recoverable..

Luckily for me, I was able to work the drive for a minute and a half before it became un-usable so I deleted what I could for a little peace of mind.. yes, i know if some a-hole really wanted they could go through all the trouble of digging in it..

 

[Old Hippie]

what do you guys think..?

I think TrueCrypt can be a major PITA and some peoples' paranoia may run overtime.

 

[Emulex]

go get a VCR bulk-eraser and take it to the ssd ?

 

[taltamir]

go get a VCR bulk-eraser and take it to the ssd ?

and? the contents of SSD are erased by a strong magnetic field?

 

[faxon]

I was also wondering about this same thing about my DATA Security when retuning RMA'ing an HDD/SSD due to it failing..

What about TrueCrypting the Entire Drive, and doing regular BackUps..
That way if your Drive does fail and you need to RMA it.. you can be sure that your whole Drive is Encrypted and the only way your data can be extracted is if your Drive is Decrypted with your PassWord..

So if the Drives Manufactures need to test your drives data to ensure the drive is still good they gunna have to 1st ReFormat it essentially wiping out all encrypted data on your Drive to be able to do all their tests.. Other than that, the DATA will just be scrambled & encrypted on your drive until its decrypted.. And having a backup ensures that you dont have to worry about losing your data that is wiped out on the failed Drive..

Unless there is some other way that works better.. what do you guys think..?

make sure it isnt using MD5 hash based encryption, used to be pretty secure, but if your app is using it, my farm of 4 radeon 5870s could bust it open inside a day using this app unless its something rather insane long and random. when you consider how many passwords it can run through per second though, you're pretty much fucked if someone with a cluster like this comes across anything you encrypted with MD5

http://www.golubev.com/hashgpu.htm

 

[jimhsu]

make sure it isnt using MD5 hash based encryption, used to be pretty secure, but if your app is using it, my farm of 4 radeon 5870s could bust it open inside a day using this app unless its something rather insane long and random. when you consider how many passwords it can run through per second though, you're pretty much fucked if someone with a cluster like this comes across anything you encrypted with MD5

http://www.golubev.com/hashgpu.htm

Note that MD5 is not an encryption algorithm. Now MD5 hashes are insecure, but I believe most modern encryption implementations have moved away from hashing the password with MD5. And given that MD5 has practical collision breaks, whether your password is "rather insane long and random" really doesn't matter.

PS I should retract that, actually. Currently MD5 has no significant preimage attacks (http://www.springerlink.com/content/d7pm142n58853467/); thus cryptographic break of passwords will still have to be bruteforced. That does not make algorithms like SHA any safer, although key strengthening (i.e. 2^10 rounds of SHA) will help with any hash algorithm, including "broken" MD5.

 

[Emulex]

and? the contents of SSD are erased by a strong magnetic field?

try it and let me know.

 

[taltamir]

try it and let me know.

I don't have the kind of money to try this. Surely there is a link somewhere to someone who has.