Slashdot Mirror

← Back to Stories (view on slashdot.org)

Another Stab at Laptop Security

Posted by timothy on from the wonder-if-it's-linux-friendly dept.

kogus writes "LoJack is licensing its brand name to Absolute Software, which provides Computrace -- soon to be known as the 'LoJack for Laptops' line of computer theft recovery systems. When a stolen Computrace-equipped system is connected to the Internet, it automatically and silently sends locating data to Absolute Software, which then calls out the law. In some cases, Absolute Software customers are eligible for a $1,000 guarantee payment when a stolen system is not recovered within 60 days.

8 of 316 comments (clear)

  1. Not secure at all. by TripMaster+Monkey · · Score: 4, Interesting

    From TFA:
    When a stolen Computrace-equipped system is connected to the Internet, it automatically and silently sends locating data to Absolute Software, which then calls out the law.

    Unless you:
    • Block the outgoing signal with a firewall,
      and/or
    • Wipe the drive, removing the Computrace software.

      Nice illusion of security....wonder how many people will fall for it.
    --
    ____

    ~ |rip/\/\aster /\/\onkey

    1. Re:Not secure at all. by Qzukk · · Score: 3, Interesting

      You block everything except the few things you know you need or want.

      You probably want http, so the firmware could do http://www.laptopjack.com/report.pl?laptopid=AF314 229B2C&gps=55N33E or whatever the hell it sends. If the result comes back "you've been stolen!" it halts the computer and prints FBI! on the screen or whatever. If theres no network or the laptop is not stolen yet, it boots normally and waits until next time.

      The whole logic could be embedded in a boot rom on the card, with DHCP and all. Or, if you custom-made the ethernet card, it could even store the last IP address and gateway, and use that next time you boot if DHCP failed. You could even theoretically set it to do this every few hours or something when the network is idle-ish, so that if someone nabs it while its running and keeps it on all the time, it still gets a chance to report.

      If you wanted to be REALLY tricky, you could hit other sites first and test for the presence of proxies or what not, then go through a few options, like SSL client authentication using a stored certificate to identify the laptop if a direct connection can be established. Or using just normal client SSL if a proxy that will allow it is detected. Or last ditch, http:

      --
      If I have been able to see further than others, it is because I bought a pair of binoculars.
  2. Ah... by HillaryWBush · · Score: 3, Interesting

    1. Purchase $500 laptop
    2. Purchase $100 security
    3. Purchase $100 spyware remover
    4. "Lose" laptop
    5. Wait 60 days
    6. Profit $300 for 60 days work
    7. GOTO 1 (I never spaced lines by 10, what was up with that)

  3. Hardware, or software? by djh101010 · · Score: 4, Interesting

    TFA is remarkably lacking in technical details, so I looked at LoJack's site, which doesn't mention a thing about this. So - is this a hardware solution, or a program that gets installed into an existing OS? If the latter, well, how useful is that? While the slashdot crowd and the laptop-stealing crowd probably don't have a whole lot of overlap, I can't see someone not just re-installing the OS to wipe the system in any case.

    The spyware and firewall questions seem important as well - if this is just a "Hey, this is box XYZ and I'm at this IP address", talking to lojack's servers, well, fine, but how does the end-user know that they haven't blocked that with their firewall?

    I'd love to see something technical on this, rather than some stock-tip-guy's interpretation.

  4. Not just stolen! by Telastyn · · Score: 5, Interesting

    It's not just stolen laptops that send information to their servers. Any laptop with this software installed sends periodic heartbeats to the computrace people.

    Our PHB ordered it installed after getting a call from a golf buddy. It was ripped out a week later. The heartbeats contain enough [cleartext] information that the increased chance of the laptop being broken into, or the salesguy socially engineered using the info was deemed higher than the chance it'd ever be stolen.

  5. Nice marketing idea, but... by imuffin · · Score: 4, Interesting

    I've been doing this for years using DynDNS's free dynamic DNS service. I run a client on all my machines that updates their IPs with dyndns's database. If my laptop disappears, I just look to see what mylaptop.dyndns.org resolves to.

    --
    watch funny commercials

  6. Worse than just an illusion... by janic · · Score: 5, Interesting

    It is outright bullshit!

    We had a laptop stolen and called it in.

    "Oh, you need to file a police report"

    Fine, so we get the numbnuts who lost it to file the report and give us the report number.

    "Okay, yes... we have recieved a call home from the laptop, and we know where it is!"

    Great! Now when do we get it back?

    "Wellll, you cant..."

    and it just got worse from there. The police wouldn't retrieve the laptop, and these clowns wouldn't tell us where the machine was. But at least we knew:

    - it was in fact stolen and not in the hands of the numbnuts employee
    - it was in fact connected to the internet, being used, right then
    - we couldn't get it back
    - someone was at least enjoying their brand new laptop...

    damnnit! This shit just annoys me. I'm going home.

    1. Re:Worse than just an illusion... by pcmanjon · · Score: 4, Interesting

      Yes, I used this service before as well -- last fall I think. The police were very unhelpful --

      and Computrace wouldn't share the location of the stolen laptop, she was nice to tell me that they were online with it right now though.

      Jesus Christ, it was a waste of money