I bought a 3d printer off Ebay which got delivered not too long ago, and it came with 2 sd cards - one with a build video and some demo print files, but worryingly another card that has all the previous owner’s personal files on there.

Not sure whether to format it, or to contact the seller offering to send the card back (free of charge)… how would you prefer to be approached in a similar situation?

Edit: No gcode files are on the card, just 30gb of pictures, music and videos. Sent the seller a message offering to upload it to cloud or to send the card back

  • LufyCZ@lemmy.world
    link
    fedilink
    arrow-up
    21
    arrow-down
    23
    ·
    11 months ago

    Autorun doesn’t exist anymore.

    As long as you don’t open any executables, you’ll be fine.

    What’s the chance that the seller has a 0day (which would be veeery valuable) and is using it to steal data from someone random? Not worth it for sure on their side.

    • Darkassassin07@lemmy.ca
      link
      fedilink
      English
      arrow-up
      37
      arrow-down
      2
      ·
      edit-2
      11 months ago

      While autorun doesn’t exist anymore, there’s many many other methods of attack via usb.

      Here’s a list with 10 seconds of searching:

      https://www.bleepingcomputer.com/news/security/heres-a-list-of-29-different-types-of-usb-attacks/

      It’s entirely possible this drive was made maliciously to pass on data from whatever unsuspecting soul uses it. The seller op bought from could even be a victim themselves. You just never know.

      • LufyCZ@lemmy.world
        link
        fedilink
        arrow-up
        7
        arrow-down
        2
        ·
        11 months ago

        We’re talking about an sd card here. The absolute majority of these attacks only work with USB drives.

        And the rest either don’t make sense or make use of a 0day, which, as I’ve already said, is inconceivable

          • Max-P@lemmy.max-p.me
            link
            fedilink
            arrow-up
            11
            ·
            11 months ago

            The SD card is still speaking SD protocol, the card reader bridges between USB and SD.

            This only works with USB sticks because they’re plugged on directly over USB and you don’t know whether it’ll present itself as a storage device or as a keyboard that immediately starts typing stuff and running a bunch of commands.

            The risk is not the flash storage part, it’s the USB interface.

          • Big P@feddit.uk
            link
            fedilink
            English
            arrow-up
            1
            ·
            10 months ago

            But I don’t think OP is saying the package came with an sd card reader as well that they used

    • MiltownClowns@lemmy.world
      link
      fedilink
      arrow-up
      19
      arrow-down
      2
      ·
      11 months ago

      Best security practices are pointless if you disregard them because they’re inconvenient and unlikely to be necessary. Most needles I find on the ground are clean too, but I’m not just gonna stick them in me because the odds are in my favor.