Slashdot Mirror
Another Stab at Laptop Security
kogus writes "LoJack is licensing its brand name to Absolute Software, which provides Computrace -- soon to be known as the 'LoJack for Laptops' line of computer theft recovery systems. When a stolen Computrace-equipped system is connected to the Internet, it automatically and silently sends locating data to Absolute Software, which then calls out the law. In some cases, Absolute Software customers are eligible for a $1,000 guarantee payment when a stolen system is not recovered within 60 days.
My PowerBook cost more than $1000.
From TFA:
Unless you:
and/or
Nice illusion of security....wonder how many people will fall for it.
____
~ |rip/\/\aster /\/\onkey
should build this into the hardware or the bios. i know if i stole a computer i wouldn't be in a rush to plug into the internet. unless of course it's a windows machine, in which case i've got a good solid 12 minutes to play around with it.
Just wait 15 seconds, the box clears on its own.
The bastards have even developed very tiny cinder blocks which they leave the empty laptop skeletons propped on.
If I were to steal a laptop, the first thing I would do would be to format it if i could. I hope this isn't a software solution. If it was a hardware solution, it would seem likely that it would be so expensive it would probally ofset the cost of the laptop. (hardware to phone home... am I stolen?) + monthly fee.
Link is bad. I hate this.
Is the groundbreaking gorilla of stolen vehicle recovery committing Peter Lynch's cardinal sin of deworsification into the unrelated field of hard-drive hacking?
...could this perhaps use a little dewordification?
If the person who steals the computer just reformats the hard drive?
yeah!
You could just click the "close form" link in the upper right of that information request. It wasn't a demand, just a very obtrusive request.
My blog. Good stuff (when I remember to update it). Read it.
...you insensitive clod???
1. Purchase $500 laptop
2. Purchase $100 security
3. Purchase $100 spyware remover
4. "Lose" laptop
5. Wait 60 days
6. Profit $300 for 60 days work
7. GOTO 1 (I never spaced lines by 10, what was up with that)
well, it is aligned with the policy of the content of the article...
Pumbaa! I don't wonder; I know.
How would one report if a laptop is stolen? How easy would it be for a thief to remove this after stealing said laptop (before connecting it to the computer)? How will the law know where to go (geographic IP location can't be THAT accurate, can it?) How much of a performance hit will this add to normal use?
I'm curious as to what kind of locating data it gathers, and how it gathers it. Seeing as this is just a software package, I can't imagine it can go much farther than an IP address.
Hmm... for me, the first time I clicked through the link it quickly refreshed and asked me for my email address or login, yaddda yadda, but when I clicked on the link again, after having closed the first window, I got to the story without any trouble. your mileage may vary... -t
In some cases, Absolute Software customers are eligible for a $1,000 guarantee payment when a stolen system is not recovered within 60 days.
Anyone else imagined lots of laptop owners playing hide n seek with their laptops for 60 days?
Except the website doesn't demand personal information before they let you read the story. Which story were you clicking on?
Have TFA anyway, if it makes you feeel any better
LoJack for Your Computer
By Michael Jaffe
July 6, 2005
Last week, LoJack (Nasdaq: LOJN) announced the dawning of a new era in data recovery.
What? Is the groundbreaking gorilla of stolen vehicle recovery committing Peter Lynch's cardinal sin of deworsification into the unrelated field of hard-drive hacking? Not really.
LoJack is licensing its brand name to Absolute Software, which provides Computrace -- soon to be known as the "LoJack for Laptops" line of computer theft recovery systems. When a stolen Computrace-equipped system is connected to the Internet, it automatically and silently sends locating data to Absolute Software, which then calls out the law. In some cases, Absolute Software customers are eligible for a $1,000 guarantee payment when a stolen system is not recovered within 60 days.
In my opinion, LoJack investors should be pleased for at least two reasons. First, without committing any capital or assets, LoJack is collecting a licensing fee, as well as warrants to purchase 500,000 shares of Absolute Software, with a $2 per-share exercise price. Assuming that LoJack can capitalize on its option to buy shares profitably (Absolute Software shares are trading at around $2 each), LoJack investors might be looking at the elusive free lunch. As long as Absolute Software delivers on quality control and customer service, thereby maintaining its reputation, downside risk is relatively limited.
Second, and more importantly, the LoJack brand name is gaining free exposure in the laptop market, catering to a higher-middle-income individual and business population, which happens to be a major segment of LoJack's automotive target customer base. Ostensibly, LoJack's status as a recognized brand and market leader in its field stands to be confirmed and enhanced. If companies take note (and mass appeal exists), there might be more licensing revenue to come.
To be sure, in a business that depends on brand awareness and customer confidence, a deal like this carries tempered risks because a company's brand equity is tantamount to the success or failure of a product. That said, successful licensing also offers the possibility for even greater rewards.
Want valuable nuggets on small-cap investing with a potential for mythic returns? Spend your magic bean money on a subscription to the Motley Fool Hidden Gems newsletter.
Fool contributor Michael Jaffe owns no shares in any of the companies mentioned in this article. Click here to see The Motley Fool's disclosure policy. The Motley Fool is investors writing for investors.
I don't read your sig, why do you read mine?
Unless you have a peice of radio transmitting hardware inside the laptop that will destroy the laptop if removed, how can any software really be worth while?
The ultimate network admin tool needs HELP!
If the thief follows the standard security procedure to install a firewall before going online, what would happen?
Rock that crushes, Paper & Scissors that don't matter.
not sure what you're talking about, but it doesn't require anything.
t .aspx?file=/news/mft/2005/mft05070623.htm
you troll...
here's the coral cache anyhow http://www.fool.com.nyud.net:8090/Server/foolprin
It was a stupid popup. Just close it and read the article.
The AdBlock and FlashBlock extensions to Firefox are excellent, but somehow that site found a way around them.
--
Bush lied. 100,000 died. Violence & lying show a lack of social sophistication.
TFA is remarkably lacking in technical details, so I looked at LoJack's site, which doesn't mention a thing about this. So - is this a hardware solution, or a program that gets installed into an existing OS? If the latter, well, how useful is that? While the slashdot crowd and the laptop-stealing crowd probably don't have a whole lot of overlap, I can't see someone not just re-installing the OS to wipe the system in any case.
The spyware and firewall questions seem important as well - if this is just a "Hey, this is box XYZ and I'm at this IP address", talking to lojack's servers, well, fine, but how does the end-user know that they haven't blocked that with their firewall?
I'd love to see something technical on this, rather than some stock-tip-guy's interpretation.
which then calls out the law
What does that mean?
Is there some law organisation in the USA that you can call saying "my laptop has been stolen and it is now on the internet at address 333.444.555.666" which will then go out to locate your laptop and return it to you??
On the other hand, if thieves think will get busted by stealing laptops, this helps everyone. Schneier has an interesting note on his blog about lo jacks in cars benefiting everyone.
Well it could be remotely successful... I would ponder most crooks would be curious enough to boot a stolen laptop before they wipe it clean... though unlikely they would have need for internet access.
Xac Stegner - Wizdom Design Company (www.wizdomdesigns.com)
I want my laptop to emit knock-out gas and then send a signal via satellite to track it if it is stolen and wrong password are in the hardware.
If you don't have physical control, you don't have security. Okay, strong encrypted data may be safe from prying eyes but how many people, after getting a stolen laptop back, boot it immediately and "check" everything? Can you say keylogger trojan?
o rm.asp
/dev/hda1"? How about booting from alternate media like a USB key, floppy or CD?
Computrace is a piece of client software that "phones home" on a regular basis. It provides NO protection against things like formatting the hard drive before connecting to the Internet. http://www.absolute.com/Public/products/techplatf
Oooo... it uses an ENCRYPTED connection. Explain to me how this stops "fdisk; format c:" or "fdisk; mkfs
This must be designed to nab the stupid criminal, who jacks in as soon as they boot.
On the other hand, with the prevalence of open WAPs, it is quite possible a laptop with a built-in wireless NIC will connect and phone home before the hapless thief realizes it.
-Charles
Learning HOW to think is more important than learning WHAT to think.
Absolute Software may be guaranteeing $1,000 after 60 days if the laptop is not found, but you'd be surprised what that actually means.
:
I used to work for a computer store. We sold scores of laptop locks; all sorts of kinds of them. The Kensington locks sold like hotcakes because they had a $1,200 "guarantee" that the lock could not be compromised. The problem, we soon found out, is that the theif has to physically cut through the lock and leave behind the pieces. As we all know, some locks can be picked with even a bic pen, and so a lot of good this "guarantee" did for some poeple. Some theives also just took the not-so-hard-to-steal item the laptops were attached too. (Lock it to a bed or desk people, please!)
No evidence to send in, no money back. I am willing to bet in this case there are similar loopholes for Absolute Software to play with.
--
Check out the Uncyclopedia.org
The only wiki source for politically incorrect non-information about things like Kitten Huffing and Pong! the Movie !
Please allow me to hate the creator of the 120-character limit: *HATES*. Thank you.
Okay so I've just stolen your laptop and formatted it and installed (anything) on it... Where's you LoJack now?
I fear software solutions will always fail, be weak at this point. A hardware option would seem to be better, no?
Yes it will work when a petty theif steals your baby, but not for anyone with an IQ over 105.
Not sure what the costs involved are... but I doubt that this will be of much interest to the typical personal laptop owner. However, I can see this being bought up in bulk by companies as a sort of "insurance." In fact, their insurance rates would probably go down if all company laptops were equipped with this software. I think it makes sense for a business to try to protect their laptops this way. Employees are going to be less careful with a company laptop, as compared to their own personal laptop, and it might be important for the company to get the laptop back.
I think companies would be even more interested if there was a "kill-laptop" feature. So if the owner of the laptop goes to the IT department and says "my laptop was stolen!" (or lost), then they activate a flag so that when the laptop makes its secret connection, it receives a signal to erase itself, thereby protecting valuable company data. For many companies, protecting the data on the laptop might be more valuable than the laptop itself.
On the flip side, I would think that most people who steal laptops are going to wipe them or snoop around in them for awhile before connecting to the net and surf for porn. So this should hardly be viewed as a perfect solution for catching thieves (although WiFi certainly helps).
Come on Slashdot. What is this, news for AOL users? This kiddie crap. Yes, most thieves will just boot the computer with Windows and try to get on the net. But this is Slashdot. We're nerds or something. And this ain't F***ing news. If I got a laptop that was stolen, hell if it was used, I would format it:
/ faqs.asp
From the website: www.absolute.com
Q. Can Computrace Personal be removed?
A. The Computrace Personal software is a low-level utility that is as tamper resistant as a disk-based utility can be. The software can only be removed by an authorized user with the correct password so please be sure the password is stored in a safe location and not on the protected computer.
Q. What happens if a computer's hard drive is removed?
A. The software resides on a computer's hard drive so if the drive is removed the computer will no longer be protected and can not be located if stolen or lost.
http://www.absolute.com/Public/computracepersonal
Wow, what great protection.
Come on!!!!! This ain't even hardware!!!
CAPS LOCK: ITS LIKE THE CRUISE CONTROL FOR AWESOME
Just wipe any laptop you steal and install a nice, fresh OS on it. Preferably one without "LoJack".
Nothing in the rather grim article suggested that this tech is available outside the OS, so to me it sounds like an easy fix.
If I'm without my work-computer in 60 days, it sure has cost me a heck of a lot more than a grand in productivity loss. Not too friendly-minded with systems that call home either. This's certainly a stab... somewhere...
avocade.com
In a free and open internet, who needs Windows
..then use fdisk to wipe the disk. Really, am I missing something here? (Other than a possible BIOS setting to force boot from internal HD in preference to CD/USB/Floppy/LAN, which can always be gotten around). ;o)
Oh, I get it - it's just designed to recover stolen laptops from non-slashdot readers
There was a time when laptops were stolen due to their price, and possible resale value on the black market. I personally think we are now in a new era where laptop theft (at least the corporate type) is no longer about getting a shiney new powerbook, and possibly selling it off the back of a truck. Today laptop theft could be for the information contained on the hard drive. Now lets think about the componsation, if my HR director "loses" his/her laptop with important information about me/co-workers, is $1000 really going to cover the loss? No, not even close. 1K in most cases will not even cover the cost of the laptop. For my money, I want a techonology that will encrypt the contents of that hard drive, and be easy enough for an HR director to use.
Paranoid tinfoil hat crowd say Y here, everyone else say N.
So when the bank official looses his laptop with my bank data on it and the thief dumps the data to another system and reformats before it connects to the net then what do I get for my stolen identity?
The Code Ninja is swift with his tool, precise in his delivery, and deadly accurate in his execution.
BTW, it's strictly forbidden to report non-existing IP addresses to Teh Internets Police.
"Our interests are to see if we can't scale it up to something more exciting," he said.
I figure there's a 97% chance this is Windows-only software, according to the last market-share report.
Xac Stegner - Wizdom Design Company (www.wizdomdesigns.com)
It's not just stolen laptops that send information to their servers. Any laptop with this software installed sends periodic heartbeats to the computrace people.
Our PHB ordered it installed after getting a call from a golf buddy. It was ripped out a week later. The heartbeats contain enough [cleartext] information that the increased chance of the laptop being broken into, or the salesguy socially engineered using the info was deemed higher than the chance it'd ever be stolen.
Sounds pretty low to me. Insurance should pay at least that much depending on the value. And considering how easy it would be to stop this sort of thing if it was only software based, it just sounds like an extra insurance plan.
a drive bay double-barreled Derringer might be of use.
"Our interests are to see if we can't scale it up to something more exciting," he said.
If you're worried about the data, then you should protect that, not the hardware. Have the system thoroughly encrypted locked to biometric data. Then have it keep back ups of critical data on a secure remote server. Then if you're laptop gets stolen, no big deal, they can't get the data and you've not lost much.
This sig has been temporarily disconnected or is no longer in service
When a stolen Computrace-equipped system is connected to the Internet, it automatically and silently sends locating data to Absolute Software ...unless it is constantly phoning home all the time? I don't think I want that.
This, people, is why you shouldn't try every step of the instructions you recommend to people :)
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
This is just what Los Alamos needs next time one of their laptops go missing.
Come to think of it, Banc One should also consider it.
However even the young kids who casually steal cell phones appear to have some sophistication, and are able to reprogram or wipe phones for resale.
Given that wiping and reinstalling the OS for laptop is trivial compared to reprogramming a phone, I do not see how this would stop anyone but the most casual of laptop thief.
I would like to see how easy it is to get the $1000. If the service was cheap enough, it would be valuable merely as $1000 insurance policy.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
God I suck
/. nerd...
I always thought God could get better than a
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
The Computrace $1000 refund system is only valid if the Computrace servers recieve a transmission from the laptop after it is stolen. Sort of defeats the value of the whole thing, especially if the thieves know their security. It'd also make it harder for people to "steal" their own laptops to get the $1000 claim.
$1000 would in no way compensate my for my $2700 17" Powerbook.
Xac Stegner - Wizdom Design Company (www.wizdomdesigns.com)
I've been doing this for years using DynDNS's free dynamic DNS service. I run a client on all my machines that updates their IPs with dyndns's database. If my laptop disappears, I just look to see what mylaptop.dyndns.org resolves to.
--
watch funny commercials
This company just proves the saying "A fool and his money are soon venture capital".
:)
I seriously can't believe this concept ever got past the drunken-scheming-businessplan-on-a-napkin phase.
Yes, this might catch your average completely clueless snatch-and-grab thief, but I wonder how often those guys go through the trouble of connecting a stolen laptop to an internet connection anyway?
What would be really fun is to report some PHB's laptop stolen while he's on a business trip with this software installed
-This sig intentionally left blank
Well sonny I work for these here boys, and when I get a tellygram, I hop on my trusty steed 'Mac', and he and I head on down to russle me up some lappies. 'casionally I hook up with m' associate Ping; she's a real darlin' and knows how to ferret out the sneakiest son-of-a-guns, even them Cen-trin-toes.
I tell ya, these city slickers wouldn't be loosin' 'em so fast if they branded 'em!
Please help metamoderate.
How does the stolen computer know it's time to transmit the homing signal... unless it's always transmitting anytime you're connected to the internet?
I'm not entirely sure how the LoJack on cars works, but I seem to recall it requires you to report the theft, and then the cops/LoJack have some means for tracking the car's device. With a physical device, this might not require an always-transmitting approach so much as always-ready-to-transmit - that is, it could have enough battery power to start transmitting once it's hit with a request for broadcast. But for a software solution, how would you ping the stolen computer? (You need routing information in addition to the MAC address, right?)
Fortunately, there's a good chance that anyone booting up your stolen WinXP laptop will quickly be caught and arrested for connecting to the nearest WiFi network.
Did I say overlords? I meant protectors.
Simply put a small charge of explosives in the case and when it gets stolen, boom, check the news for "fence killed by stolen laptop", wait for the /. posting "innocent man killed by exploding Windows laptop", and comment here.
These situations are just fodder for more posts, so why noy enjoy it?
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
Ever been to a swap meet? A lot of that stuff is, uh, warm to the touch.
Raise your children as if you were teaching them to raise your grandchildren, because you are.
Literally. 10 years ago. I called them up and asked if they did laptops. They did not.
A better solution is to make it work like the car LoJacks - when the unit receives an "I'm stolen" message it replies with its location. Only major problem would be power - if a theif removed the batteries it could be a long time before some sucker replaced the batteries, and by then LoJack might've stopped broadcasting.
Of course, any kind of security won't work well if it can be disabled or removed without disabling the PC.
If LoJack or any other company wants to make a killing, license their technologies to motherboard manufacturers.
Hmm, if I could get LoJack-on-a-motherboard, I'd like it in my TV, my VCR/PVR, my CD player, and anything else likely to wind up in a pawn shop.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
"Come on!!!!! This ain't even hardware!!" True...but unless you get another ethernet card they DO have your MAC address. I can see a cookie finding its way back to their servers with that info. I would definately not use the ethernet it came with ever.
I've been thinking of anti theft protection for laptops recently, and the flaw in most software is that they assume you will somehow end up on a open network which isn't firewalled.
One way around that is to put in a celluar radio, not only will it allow net access almost anywhere where coverage exists, it can be used to call home and do lots of things easily. Perhaps port LinuxBIOS to the laptop (if you can get the docs) and set it to self destruct on bootup remotely, not sure if any trapping is possible via LinuxBIOS while an user operating system is runnning.
The biggest barrier here is that there isn't many (I couldn't find any) intergrated cellular radios in miniPCI (probably due to power requirements?) form which would be suitable to plug in, I know Telstra down here in Aus is ordering rugged laptops from Fujitsu with an integrated GPRS radio (or perhaps CDMA judging by their recent monopoly boosting stance) to replace HP PDA's for field techs, but thats about all I've heard.
Absolute Software customers are eligible for a $1,000 guarantee payment when a stolen system is not recovered within 60 days.
1: get a laptop
2: install this "security" software
3: report laptop stolen
4: wait 60 days
5: put in claim for money
6: profit
Just because I claim it's stolen and make sure I don't plug it into the internet for 60 days, or claim it's stolen then wipe the drive clean, does that mean I can make $1000??
It sounds about as ridiculous as
1 - collect underpants
2 - ???
3 - profit
It's a great idea, but I think it should be a function of the BIOS. It's a whole lot harder to bypass a security feature of the bios than it is to wipe the harddrive.
Dude... it's BASIC. There were no loops.
Even in early BASIC there was the FOR statement, but because behavior with STEP 0 was unpredictable on various home computer ports, it couldn't always be used as a replacement for WHILE.
Were *I* in this position, I'd buy a second lock, break it, leave pieces of it lying around the area where the notebook was stolen, take a photo, and then proceed to make my claim.
Of course, there there is no way I would *really* do that officer...
When a stolen Computrace-equipped system is connected to the Internet, it automatically and silently sends locating data to Absolute Software, which then calls out the law . . .
And the law proceeds, uninterrupted, with their donut break.
Seriously, "the law" doesn't pursue stolen cars all that aggressively. Instead, they say, "we'll take a report that you can turn in to your insurance company. What? You didn't have theft insurance? You're one dumb sonofabitch." The manufacturer implies that, once the laptop is located, they're going to invade the house, BATF style, to retrieve it. Ain't happenin, sorry.
OTOH, the cops aggressively pursue speeding, overtime parking, etc., with collection agencies, wage garnishment, etc. Why? The government then has more money to buy new furniture for the mayor's office and other such extremely important public expenditures.
I remember another "security" measure at work: they went round and painted PC cases with a smear of some magic water containing microspheres in a combination making a unique identifier. They paid good money for this.
What I found funny was that every PC is registered for the campus network. So every PC likely to be stolen has a unique six-byte identifier built into the motherboard, and recorded in a campus-wide database. (PCs with plug-in ethernet cards are too old to be worth stealing: as we saw after an actual break-in and theft of the only PC worth taking.)
How difficult is it to read off the MAC address of a suspected stolen PC and compare it with a list of reported stolen machines? A damn sight easier than reading off the magic water markings....
1) Buy $500 Dell laptop
2) Install Computrace
3) Throw laptop away and file police report as stolen
4) Apply to Computrace for $1000 guarantee
5) Profit!
I've abandoned my search for truth; now I'm just looking for some useful delusions.
IBM thinkpads are shipping with this software in the BIOS. From http://www.pc.ibm.com/us/security/ "This PC tracking and loss control solution helps security departments monitor asset locations daily, protect valuable corporate data and attempt to recover PCs if they are stolen. The Computrace BIOS-based agent provides superior security over tracking software that is installed only on the hard drive. Once the ComputraceComplete or ComputracePersonal service is activated, it will reinitiate even if the hard drive is reformatted or replaced. The Computrace BIOS-based agent works with System Information Center to provide asset management."
It is outright bullshit!
We had a laptop stolen and called it in.
"Oh, you need to file a police report"
Fine, so we get the numbnuts who lost it to file the report and give us the report number.
"Okay, yes... we have recieved a call home from the laptop, and we know where it is!"
Great! Now when do we get it back?
"Wellll, you cant..."
and it just got worse from there. The police wouldn't retrieve the laptop, and these clowns wouldn't tell us where the machine was. But at least we knew:
- it was in fact stolen and not in the hands of the numbnuts employee
- it was in fact connected to the internet, being used, right then
- we couldn't get it back
- someone was at least enjoying their brand new laptop...
damnnit! This shit just annoys me. I'm going home.
i will be sure to put an official "protected by lojack" sticker on my laptop just like the home security signs outside many houses. i remember a sales guy saying that the sign itself deters like 90% of thieves. personally i feel if someone really wants to make off with my stuff they will, but i am more than happy to invest in proper signage.
http://www.sledgehammercomputers.com
First, the idea that the recovery software is worthless because the user will wipe the drive ignores the idea that the thief may boot the OS to try to steal sensitive data. The real value of such warez is the chance that you will recover or disable the system. I've been looking into the option because I have careless people who carry gigs of sensitive data on their laptops and who could lose it. Cyberangel (http://www.sentryinc.com/) adds file encryption / locking to the idea, stuffbak is not software based but offers a reward for return of not just laptops (http://www.stuffbak.com/stuffBakAdmin/) and others offer a similar service. Some insert the tool in the form of a root kit (http://blackhat.com/html/bh-usa-05/bh-usa-05-sche dule.html) that might be difficult to detect and delete.
Obviously hardware is prefered. Recovery is not the key, teh real key is information leak prevention.
I just use sysinternals boot logoing to set my windows craptop to show the CIA logo on boot.
Geek Marine
I wrote both Windows and OSX clients for a very basic system that does this last night. I'm planning on offering it to my customers for free. I don't think that I would have a lot of success selling it as a service compared to the clients it would naturally bring in for other things... Plus... it's insurance you're buying with these folks... an insurance product... not a security product... think about it.
And yes, it's simple to get around this software... but think about this... Most criminals/thieves are stupid . I have seen stolen computers that still have entire family photo albums on them from the previous owner.
If you have a script that sends out a call for help every minute... What's your bet that an idiot can find out in less than a minute that the computer is calling for help.
I have the pleasure of many "acquaintances" visiting me from time to time with laptops of dubious origin.
First thing they do is bring it me to wipe, check, value and prep for sale.
Profit $300 for 60 days work
Well, if you work in IT, at least you'd be getting a raise.
Comment removed based on user account deletion
...but when Intel wants to do this to track counterfeit or stolen chips, oh how you'll howl!
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
AFAIK wiping the drive does not remove their tracker unless you do a low-level BIOS format. Also if I remember correctly they had an option of having the tracker in the bios itself, so it was executing even before mbr is referenced. I talked to their CTO at some point and these guys were actually involved with IEEE and IETF to move forward some related standards. It is far more complex stuff than it seems from the first glance.
3.243F6A8885A308D313
There is no problem with using consecutive line numbers. If you need to insert a line between two other lines, use fractional line numbers.
5½ GOTO 3.1
No renumbering required, problem solved!
Yes, I know what you are thinking: what if we run out of fractions? Don't worry though! In such emergencies, you can start using irrational line numbers. There are tons of those, so you will never run out. This does tend to increase the size of the program considerably, so they should only be used as a last resort.
I'll probably be modded down for this...
They want their coding paradigm back.
Avoid Missing Ball for High Score
The theif is presented with this pop-up window:
Norton Firewall has detected that program - LoJack - is attempting to send information to the Internet.
Do you wish to allow it?
What? ®
not understanding a joke despite it's complete absurdness. Nominees for this award showed immense ignorance in the face of an obvious attempt at humour. Ladies and gentlemen, we have a winner!
6.5 goto "jail" 'for fraud, you loser.
8. jail = bubba.pusher
9. bubba.pusher = 10 'inches of PAIN
...and it is useless. It is an application (not firmware) that is installed into the disk's MBR. It also requires a Windows OS. So, in a nutshell: if you reinstall Windows it will not kill computrace. Reformatting the MBR or installing a *NIX OS will kill it, however.
Together, we will drive the rats from the tundra.
should say: "When ANY Computrace-equipped system is connected to the Internet (built in LAN?, wifi?, what about others?), it automatically and silently sends locating data to Absolute Software" wtf? "locating data"? So can I really have a GPS reciver in a laptop case? If so can this locating data be used with google maps or some such other use?
Yeah, something along those lines is what I've wanted to implement on our laptops for a long time. Since we support more than one OS, I'd probably implement it in a cross-platform script and make sure the firewall is open. Whenever we get something new, there's always such a big hurry to get it deployed, whereupon it is promptly placed on a shelf and gathers dust. I never got the chance to test a phone-home program. Ah well, someone walked off with a nice laptop.
Fred
"A fool and his freedom are soon parted"
-RMS
I read about the exact same idea at least 5 years ago.
Well i see all your arguments for and against this software. This software is moronic, I.E. another marketing tool. This is asking for people to exploit this tool and make a quick thousand bucks. OH and to all you morons calling criminals dumb, ask yourself how many people know what theyre stealing! If they do you better hope theyre dumb! If i were a criminal straling your laptop i wouldnt connect it to the internet, catch me if you can. Am i really a dumb criminal now?
Q. What are the browser requirements of the Computrace Personal web site?
A. The Computrace Personal web site currently supports only recent versions of the Internet Explorer browser (version 5.5 and above). The site also requires the default security settings in order to install and configure the Computrace Personal software on your computer.
In other words, we not only won't be able to help you when your computer gets stolen... We also want it to be so full of spyware that the theives get so frustrated they give it back!
I'll be impressed if they come up with a lojack(-like) device for a bicycle, frankly. Only problem I forsee is where to put it and how to power it, since most bicycles don't have batteries, many don't have dynamos (and those who light prefer batteries versus dynamos), and it's pretty hard to find a spot on a bicycle that isn't going to require cutting into the frame.
This sig no verb.
Here's a novel concept....use more standard forms of security...eg...lock your doors. Back when I was living in college dorms 6 years ago (is it bad I already feel old?) the most common reason people had their laptop stolen is because they left their dorm door unlocked and went to take a shower, etc... Laptop locks have been around a long time as well (of course, as we learned from the bike-lock world, sometimes the best lock can be defeated by a BiC pen) Granted everyone will be able to come up with a what if this scenario, what if that, but the best solution to solve the problem is to be like an onion and have layers (ok, shoot me for the lame joke). A layered approach is always the best bet. Lock your door, lock down the laptop to the desk if you so choose, and install some "Phone Home" software if you like. But of course, given physical access and enough time, anything can be defeated.
Boot from external source, crack the users password, remove the security software, all without activating any alarms. Boot off internal drive, use password, steal personal data, wipe drive. Free identity with every laptop!
I doubt it would be affected by firewalls, because the client would just send a signal, and there would be no incoming response. It wouldn't be affected by NATs either, because it could just signal the server and the server records the IP address the signal came from, not what the software sees as its IP. I'm sure you could write a program to do this in a minute. It just records every ping it gets and also receives an encrypted key that is different for each laptop. The client just pings the server and sends its key with it. Keys are automatically assigned from the server on first use.You could probably make a shell script with only a couple commands for the client, and another slightly longer one (due to key assignment) for the server.
Last Post!
with all the new technologies to protect laptops, i wonder if we will see a movie about stealing laptops? gone in 60 seconds meets hackers perhaps. i can't wait to be an elite internet joyrider.
Anyone who is even mildly paranoid is not going to want to install (trusted?) software that gives away their location every time they get online.
Abolish Copyright. Restore Freedom.
> ...but unless you get another ethernet card they DO have your MAC address.
Or you just reconfigure it:
ifconfig eth0 down hw ether 00:00:00:00:00:01
ifconfig eth0 up
-- Don't Tase me, bro!
10 GOTO 10
a.k.a. an infinite "loop"
Speaking of paying attention to one's teachers...
Just take the laptop, plug it into a non-Internet connected network that has snort running on it. Watch for the DNS queries, ICMP, which ports are outgoing from the laptop, etc... It shouldn't be too hard to collect the needed info, write a "de-tracer" program to be installed on these types of laptops and POOF it's all yours. Not that I condone that sort of thing, but I'm simply putting out an example of how to break the system. You can't solve people problems with computer technology. If you want to cut down on laptop theft, do the following:
1. Don't let your laptop out of your sight. Ever.
2. Put the CPU (with a symbiotic identifier for your particular laptop) in a key fob that ensures it's a useless box unless your keys are stolen with it. (CPUs need to be smaller than they are. 1cm x 1cm is preferable)
3. Don't lose your fucking keys
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
Brigadoon has software for Macs and PCs, 30-day trial and $30 forever, to do essentially the same thing. See https://www.pcphonehome.com/
Aire Libre
Yes, you can call me paranoid...
It's installed at the HW level on all Thinkpads.
e nuChoice=pressreleases&TemplateName=ShowPressRelea seTemplate&SelectString=t1.docunid=7525&TableName= DataheadApplicationClass&SESSIONKEY=any&WindowTitl e=Press+Release&STATUS=publish
http://www-1.ibm.com/press/PressServletForm.wss?M
I think this is the direction the company is going.
When the theives turn on the laptop, they can't connect it to the internet without entering the logon password. So their only option is a fresh install... meaning the Lo-Jack software is uninstalled.
Do you have to dispense with passwords for LoJack to work?
Do you set up a passsword-free guest account as a kind of honeypot?
Anyone who steals a laptop will wipe the disk and get a new version of Windows,etc installed on it if they are after the hardware.
If they are after data, we can assume the data is encrypted and the machine has an operating system with a user id and password. In this case, the disk is going to be mounted on another machine and analyzed.
In either case, I don't see how this software which resides on the disk as per TFA is going to help.
I'd been using TrackYourMac for over a year but their site (trackyourmac.net) seems to have disappeared and been snarfed by Seeq.com.
:-)
Pity, it gave me a nice, warm false sense of securtiy
Ah, computer dating -- it's like pimping, but you rarely have to use the phrase "upside your head" -- Bender
silently sends locating data So do I have to by a GPS to do that on my lapotop ?
I worked for these guys 10 years ago when they were just starting the tech up and using 1800 phone numbers to call home. Didn't realize they were still alive. I would think they would have to integrate the technology into the motherboard itself. I was also wondering about if they would use GPS... Doesn't GPS not work too well inside some buildings?
How much it costs to integrate a GSM/GPRS modem with a GPS locator inside a laptop? No bios, no OS, no software. Just a device (built in the Notebook HW) with a rechargeable battery wich sends periodically the GPS location after the owner reported that was stollen.
...is a very efficient, cheap, and stealthy way of getting a laptop to always phone home. As far as I can figure, that lock doesn't do anything Dynamic DNS can't do.
I have configured my PowerBook to phone home on boot, without having to log in. A firmware password prevents booting with any other system that the one on my harddrive.
Of course, this helps only against novice thiefs. Experts can easily circumvent the firmware password, and nothing helps if the stolen laptop is not connected to the net, or if hardware is removed beforehand.
Furthermore, I figure as soon as I have the thief's IP address, there are ways to get my laptop back. I never had to prove that, fortunately.
On the other hand, I need dynamic DNS anyway, so the protection is a free side effect.
Ring, Ring ...
- hi, this is compumob, you are using a stolen computer, either you pay us $500 or we eill tell the cops ...
- burps the $$$$ DOSH $$$$
-hi , is it the police ? Im reporting on a stolen computer at address ....
mua ah ah ah
---
r u a retro computing fan ?
http://www.retroreview.com/
I was ordered to install this crappy software on the engineering workstations of a company several years ago. Shortly thereafter one-by-one all of the workstations the software was installed on failed to boot. The commonality, of course, was this software (which locates itself in your boot sector).
The company was absolutely no help in troubleshooting or fixing the problem as I recall, and I had engineers who didn't understand why their workstations were dropping like flies. After wiping their drives (including re-initializing their boot sectors), the problem went away and never came back.
Do not walk, RUN away from this software. And for that matter, you should *NEVER* install anything that messes with your boot sector unless it's a boot manager.
I am not interested in articles about life extension advancements.
This sounds like a good way to frame someone. You steal a laptop and then go turn the laptop on and associate with their home AP. Subpoenas are issued. Customer information is released. Police show up and arrest unsuspecting victim. Laptop not recovered.
/pointer
[%- PROCESS life -%]
and this is slashdot. we hate that stuff here.
Yay me!
I just bought a laptop and was considering something like this because, like most new laptops, my laptop has built in wifi. Now, I've configured my laptop to automatically connect to any available wireless network. Many /.ers seem to have said "I wouldn't connect it to the internet until I've wiped the hard drive" but no one has mentioned wireless yet so this gives me hope that the common thief would never even CONSIDER the trap that I'd lay for them:
With software like this installed, simply turning ON the laptop near an open access point will give away their location!
Now many have said "hard drive removal" negates the process and to them I say, password protect your bios settings so that the computer will boot, but access to bios is password protected so therefore changing out the hard drives becomes more difficult, assuming you can setup your bios for that and manually enter your HD information.
But this software, or the DYNDNS trick someone else mentioned + wifi = the win.
...unfortunately no one can be told what The Mat^H^H^HGoatse is...they must experience it for themselves...
This is a good idea but impractical (sic). The idea has been touched on here before. A few things, no default user password would be set. The default user would need to be able to access the net, how many of us set BIOS passwords to prevent booting from CD? What's to keep said crook from fdisking the drive and doing a fresh install. A better idea would be to have some type of theft insurance on it. But with the current price of laptops, is that even worth it? I have never had a laptop stolen, I have also never put it in a situation that it could be stolen. At school it fits in my backpack and goes into the bathroom with me. I would rather shut it down than be shut down upon return to find it had taken off. It never stays alone in a car, not inside, not in the trunk, and not under a seat. In fact when out and about with it, it doesn't leave my site. Of course none of these steps would prevent a face to face laptop jacking, but if someone is willing to try that, I'd hand it over. It's equipment, not my life.
I am Bennett Haselton! I am Bennett Haselton!
I hate to post anonymously however the words deserve to be spoken, I just can't speak them aloud.
We use Computrace where I work. In fact I am in change of it from the IT perspective. However, the return rates are pathetic. Until the lastest generation of the software all one had to do to defeat the software was reinstall any Windows NT based operating system on the drive (NT3.5/4/2000/XP/2003) the call home functionality was stopped dead by the HAL.
It was able to call home if the machine was running DOS/or a 9x kernel.
It still can't deal with Linux or any other *nix on the machine. Having those on the machine will also stop the call home dead.
The easiset defeat of all is to simply pull the hard drive and replace it with a new one. I have argued time and again with them on this issue. With the price of drives if I thief makes off with a machine they can easy do this simple task and avoid detection.
The machines boot order has to be fixed and locked so it can't be changed so the machine can do its work as well. The Hard Drive has to be first in the boot order or the agent can be easily defeated. I have told my company this 100's of times and they continue to ignore my advise.
Yes he could. The software is not supposed to be perfect.
The quesiton is not Is this the single peice of security that will solve ALL your stolen laptops problems.
Instead the question is: Given the typical missing laptop situation, will this be helpfull?.
It will DEFINITELY be helpfull in a "lost laptop" situation where you left it someplace and was found by a reasonable person who decides to use it. (Lets face it, people do "forget" computers).
It will also Definitely be helpfull when some idiot who is too stupid to get a job decides to steal something. Low end street thieves are NOT smart (or rather, anyone risking prison and a legal record for a mere couple of grand is not smart - when smart people steal they go for at least a $100,000. See Embezlement.)
So YES, I do think that in at least 50% of the likely missing laptop scenarios, this will be helpfull.
But if you really want security, do the following:
Install a wireless modem with GPS capability. If you really are paranoid, open the case and install it in the case. Frankly, I don't think people will remove the card.
Set up the modem so that it will answer back anyone calling it with a modem line, and just log on remotely and activate the GPS.
Cost would be reasonable, assuming you want a wireless modem for other purposes and had sensitive data.
excitingthingstodo.blogspot.com
IIRC, LoJack puts "secret transmitters" into cars so's they can be tracked by cops if stolen. Oh kay... So, if I put one of these software jobbies on my laptop (it will work with Apple laptops, right?), what prevents Little Snitch (or -- heaven forfend -- even some little homebrew daemon script that monitors tcpdump) from noticing the "alert"?
This reminds me of "the club", that low tech bar you lock onto your steering wheel -- defeated in 10 seconds by a $20 hacksaw that wrecks a $200 steering wheel so the thief can drive off with a $28,000 Toyota. None of these systems PREVENT theft. None of these systems ALERT anybody, if thieves know where to look, what wires to jiggle, what files to delete, what black box to smash with a ball peen hammer.
Especially with commodity-priced laptops, you're better off assuming your laptop WILL be lost or destroyed, which is why you clone your hard disk onto an external Firewire drive every other day. Way cheaper, and provides 100% peace of mind.
``Tension, apprehension & dissension have begun!'' - Duffy Wyg&, in Alfred Bester's _The Demolished Man_
I had thought of something like this - but not for laptops. I was thinking that portable MP3 players, iPods in particular, could use something along these lines. Why? iPods are less modification friendly than laptops. The odds are good a thief would be stupid enough to plug it into an internet enabled computer - hell, he has to plug it into some kind of computer to format it. Not that it's foolproof, but I think it would at least increase your chances of seeing your device again, particularly if the tracking software was very agressive. I was thinking, basically install malware on the thief's computer that reports back to you via email. Again, a technologically competant person would probably catch it, but there are plenty of people who wouldn't.