Slashdot Mirror
Another Stab at Laptop Security
kogus writes "LoJack is licensing its brand name to Absolute Software, which provides Computrace -- soon to be known as the 'LoJack for Laptops' line of computer theft recovery systems. When a stolen Computrace-equipped system is connected to the Internet, it automatically and silently sends locating data to Absolute Software, which then calls out the law. In some cases, Absolute Software customers are eligible for a $1,000 guarantee payment when a stolen system is not recovered within 60 days.
My PowerBook cost more than $1000.
From TFA:
Unless you:
and/or
Nice illusion of security....wonder how many people will fall for it.
____
~ |rip/\/\aster /\/\onkey
should build this into the hardware or the bios. i know if i stole a computer i wouldn't be in a rush to plug into the internet. unless of course it's a windows machine, in which case i've got a good solid 12 minutes to play around with it.
The bastards have even developed very tiny cinder blocks which they leave the empty laptop skeletons propped on.
Is the groundbreaking gorilla of stolen vehicle recovery committing Peter Lynch's cardinal sin of deworsification into the unrelated field of hard-drive hacking?
...could this perhaps use a little dewordification?
...you insensitive clod???
1. Purchase $500 laptop
2. Purchase $100 security
3. Purchase $100 spyware remover
4. "Lose" laptop
5. Wait 60 days
6. Profit $300 for 60 days work
7. GOTO 1 (I never spaced lines by 10, what was up with that)
How would one report if a laptop is stolen? How easy would it be for a thief to remove this after stealing said laptop (before connecting it to the computer)? How will the law know where to go (geographic IP location can't be THAT accurate, can it?) How much of a performance hit will this add to normal use?
Except the website doesn't demand personal information before they let you read the story. Which story were you clicking on?
Have TFA anyway, if it makes you feeel any better
LoJack for Your Computer
By Michael Jaffe
July 6, 2005
Last week, LoJack (Nasdaq: LOJN) announced the dawning of a new era in data recovery.
What? Is the groundbreaking gorilla of stolen vehicle recovery committing Peter Lynch's cardinal sin of deworsification into the unrelated field of hard-drive hacking? Not really.
LoJack is licensing its brand name to Absolute Software, which provides Computrace -- soon to be known as the "LoJack for Laptops" line of computer theft recovery systems. When a stolen Computrace-equipped system is connected to the Internet, it automatically and silently sends locating data to Absolute Software, which then calls out the law. In some cases, Absolute Software customers are eligible for a $1,000 guarantee payment when a stolen system is not recovered within 60 days.
In my opinion, LoJack investors should be pleased for at least two reasons. First, without committing any capital or assets, LoJack is collecting a licensing fee, as well as warrants to purchase 500,000 shares of Absolute Software, with a $2 per-share exercise price. Assuming that LoJack can capitalize on its option to buy shares profitably (Absolute Software shares are trading at around $2 each), LoJack investors might be looking at the elusive free lunch. As long as Absolute Software delivers on quality control and customer service, thereby maintaining its reputation, downside risk is relatively limited.
Second, and more importantly, the LoJack brand name is gaining free exposure in the laptop market, catering to a higher-middle-income individual and business population, which happens to be a major segment of LoJack's automotive target customer base. Ostensibly, LoJack's status as a recognized brand and market leader in its field stands to be confirmed and enhanced. If companies take note (and mass appeal exists), there might be more licensing revenue to come.
To be sure, in a business that depends on brand awareness and customer confidence, a deal like this carries tempered risks because a company's brand equity is tantamount to the success or failure of a product. That said, successful licensing also offers the possibility for even greater rewards.
Want valuable nuggets on small-cap investing with a potential for mythic returns? Spend your magic bean money on a subscription to the Motley Fool Hidden Gems newsletter.
Fool contributor Michael Jaffe owns no shares in any of the companies mentioned in this article. Click here to see The Motley Fool's disclosure policy. The Motley Fool is investors writing for investors.
I don't read your sig, why do you read mine?
Unless you have a peice of radio transmitting hardware inside the laptop that will destroy the laptop if removed, how can any software really be worth while?
The ultimate network admin tool needs HELP!
TFA is remarkably lacking in technical details, so I looked at LoJack's site, which doesn't mention a thing about this. So - is this a hardware solution, or a program that gets installed into an existing OS? If the latter, well, how useful is that? While the slashdot crowd and the laptop-stealing crowd probably don't have a whole lot of overlap, I can't see someone not just re-installing the OS to wipe the system in any case.
The spyware and firewall questions seem important as well - if this is just a "Hey, this is box XYZ and I'm at this IP address", talking to lojack's servers, well, fine, but how does the end-user know that they haven't blocked that with their firewall?
I'd love to see something technical on this, rather than some stock-tip-guy's interpretation.
which then calls out the law
What does that mean?
Is there some law organisation in the USA that you can call saying "my laptop has been stolen and it is now on the internet at address 333.444.555.666" which will then go out to locate your laptop and return it to you??
I want my laptop to emit knock-out gas and then send a signal via satellite to track it if it is stolen and wrong password are in the hardware.
If you don't have physical control, you don't have security. Okay, strong encrypted data may be safe from prying eyes but how many people, after getting a stolen laptop back, boot it immediately and "check" everything? Can you say keylogger trojan?
o rm.asp
/dev/hda1"? How about booting from alternate media like a USB key, floppy or CD?
Computrace is a piece of client software that "phones home" on a regular basis. It provides NO protection against things like formatting the hard drive before connecting to the Internet. http://www.absolute.com/Public/products/techplatf
Oooo... it uses an ENCRYPTED connection. Explain to me how this stops "fdisk; format c:" or "fdisk; mkfs
This must be designed to nab the stupid criminal, who jacks in as soon as they boot.
On the other hand, with the prevalence of open WAPs, it is quite possible a laptop with a built-in wireless NIC will connect and phone home before the hapless thief realizes it.
-Charles
Learning HOW to think is more important than learning WHAT to think.
Absolute Software may be guaranteeing $1,000 after 60 days if the laptop is not found, but you'd be surprised what that actually means.
:
I used to work for a computer store. We sold scores of laptop locks; all sorts of kinds of them. The Kensington locks sold like hotcakes because they had a $1,200 "guarantee" that the lock could not be compromised. The problem, we soon found out, is that the theif has to physically cut through the lock and leave behind the pieces. As we all know, some locks can be picked with even a bic pen, and so a lot of good this "guarantee" did for some poeple. Some theives also just took the not-so-hard-to-steal item the laptops were attached too. (Lock it to a bed or desk people, please!)
No evidence to send in, no money back. I am willing to bet in this case there are similar loopholes for Absolute Software to play with.
--
Check out the Uncyclopedia.org
The only wiki source for politically incorrect non-information about things like Kitten Huffing and Pong! the Movie !
Please allow me to hate the creator of the 120-character limit: *HATES*. Thank you.
Not sure what the costs involved are... but I doubt that this will be of much interest to the typical personal laptop owner. However, I can see this being bought up in bulk by companies as a sort of "insurance." In fact, their insurance rates would probably go down if all company laptops were equipped with this software. I think it makes sense for a business to try to protect their laptops this way. Employees are going to be less careful with a company laptop, as compared to their own personal laptop, and it might be important for the company to get the laptop back.
I think companies would be even more interested if there was a "kill-laptop" feature. So if the owner of the laptop goes to the IT department and says "my laptop was stolen!" (or lost), then they activate a flag so that when the laptop makes its secret connection, it receives a signal to erase itself, thereby protecting valuable company data. For many companies, protecting the data on the laptop might be more valuable than the laptop itself.
On the flip side, I would think that most people who steal laptops are going to wipe them or snoop around in them for awhile before connecting to the net and surf for porn. So this should hardly be viewed as a perfect solution for catching thieves (although WiFi certainly helps).
Come on Slashdot. What is this, news for AOL users? This kiddie crap. Yes, most thieves will just boot the computer with Windows and try to get on the net. But this is Slashdot. We're nerds or something. And this ain't F***ing news. If I got a laptop that was stolen, hell if it was used, I would format it:
/ faqs.asp
From the website: www.absolute.com
Q. Can Computrace Personal be removed?
A. The Computrace Personal software is a low-level utility that is as tamper resistant as a disk-based utility can be. The software can only be removed by an authorized user with the correct password so please be sure the password is stored in a safe location and not on the protected computer.
Q. What happens if a computer's hard drive is removed?
A. The software resides on a computer's hard drive so if the drive is removed the computer will no longer be protected and can not be located if stolen or lost.
http://www.absolute.com/Public/computracepersonal
Wow, what great protection.
Come on!!!!! This ain't even hardware!!!
CAPS LOCK: ITS LIKE THE CRUISE CONTROL FOR AWESOME
..then use fdisk to wipe the disk. Really, am I missing something here? (Other than a possible BIOS setting to force boot from internal HD in preference to CD/USB/Floppy/LAN, which can always be gotten around). ;o)
Oh, I get it - it's just designed to recover stolen laptops from non-slashdot readers
There was a time when laptops were stolen due to their price, and possible resale value on the black market. I personally think we are now in a new era where laptop theft (at least the corporate type) is no longer about getting a shiney new powerbook, and possibly selling it off the back of a truck. Today laptop theft could be for the information contained on the hard drive. Now lets think about the componsation, if my HR director "loses" his/her laptop with important information about me/co-workers, is $1000 really going to cover the loss? No, not even close. 1K in most cases will not even cover the cost of the laptop. For my money, I want a techonology that will encrypt the contents of that hard drive, and be easy enough for an HR director to use.
Paranoid tinfoil hat crowd say Y here, everyone else say N.
So when the bank official looses his laptop with my bank data on it and the thief dumps the data to another system and reformats before it connects to the net then what do I get for my stolen identity?
The Code Ninja is swift with his tool, precise in his delivery, and deadly accurate in his execution.
It's not just stolen laptops that send information to their servers. Any laptop with this software installed sends periodic heartbeats to the computrace people.
Our PHB ordered it installed after getting a call from a golf buddy. It was ripped out a week later. The heartbeats contain enough [cleartext] information that the increased chance of the laptop being broken into, or the salesguy socially engineered using the info was deemed higher than the chance it'd ever be stolen.
If you're worried about the data, then you should protect that, not the hardware. Have the system thoroughly encrypted locked to biometric data. Then have it keep back ups of critical data on a secure remote server. Then if you're laptop gets stolen, no big deal, they can't get the data and you've not lost much.
This sig has been temporarily disconnected or is no longer in service
However even the young kids who casually steal cell phones appear to have some sophistication, and are able to reprogram or wipe phones for resale.
Given that wiping and reinstalling the OS for laptop is trivial compared to reprogramming a phone, I do not see how this would stop anyone but the most casual of laptop thief.
I would like to see how easy it is to get the $1000. If the service was cheap enough, it would be valuable merely as $1000 insurance policy.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
I've been doing this for years using DynDNS's free dynamic DNS service. I run a client on all my machines that updates their IPs with dyndns's database. If my laptop disappears, I just look to see what mylaptop.dyndns.org resolves to.
--
watch funny commercials
Well sonny I work for these here boys, and when I get a tellygram, I hop on my trusty steed 'Mac', and he and I head on down to russle me up some lappies. 'casionally I hook up with m' associate Ping; she's a real darlin' and knows how to ferret out the sneakiest son-of-a-guns, even them Cen-trin-toes.
I tell ya, these city slickers wouldn't be loosin' 'em so fast if they branded 'em!
Please help metamoderate.
How does the stolen computer know it's time to transmit the homing signal... unless it's always transmitting anytime you're connected to the internet?
I'm not entirely sure how the LoJack on cars works, but I seem to recall it requires you to report the theft, and then the cops/LoJack have some means for tracking the car's device. With a physical device, this might not require an always-transmitting approach so much as always-ready-to-transmit - that is, it could have enough battery power to start transmitting once it's hit with a request for broadcast. But for a software solution, how would you ping the stolen computer? (You need routing information in addition to the MAC address, right?)
Fortunately, there's a good chance that anyone booting up your stolen WinXP laptop will quickly be caught and arrested for connecting to the nearest WiFi network.
Did I say overlords? I meant protectors.
Simply put a small charge of explosives in the case and when it gets stolen, boom, check the news for "fence killed by stolen laptop", wait for the /. posting "innocent man killed by exploding Windows laptop", and comment here.
These situations are just fodder for more posts, so why noy enjoy it?
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
Literally. 10 years ago. I called them up and asked if they did laptops. They did not.
A better solution is to make it work like the car LoJacks - when the unit receives an "I'm stolen" message it replies with its location. Only major problem would be power - if a theif removed the batteries it could be a long time before some sucker replaced the batteries, and by then LoJack might've stopped broadcasting.
Of course, any kind of security won't work well if it can be disabled or removed without disabling the PC.
If LoJack or any other company wants to make a killing, license their technologies to motherboard manufacturers.
Hmm, if I could get LoJack-on-a-motherboard, I'd like it in my TV, my VCR/PVR, my CD player, and anything else likely to wind up in a pawn shop.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
well yes, but that's no different from:
1. get x
2. insure x
3. report x stolen
4. claim insurance
5. profit
its called fraud.
This comment does not represent the views or opinions of the user.
It is outright bullshit!
We had a laptop stolen and called it in.
"Oh, you need to file a police report"
Fine, so we get the numbnuts who lost it to file the report and give us the report number.
"Okay, yes... we have recieved a call home from the laptop, and we know where it is!"
Great! Now when do we get it back?
"Wellll, you cant..."
and it just got worse from there. The police wouldn't retrieve the laptop, and these clowns wouldn't tell us where the machine was. But at least we knew:
- it was in fact stolen and not in the hands of the numbnuts employee
- it was in fact connected to the internet, being used, right then
- we couldn't get it back
- someone was at least enjoying their brand new laptop...
damnnit! This shit just annoys me. I'm going home.
Profit $300 for 60 days work
Well, if you work in IT, at least you'd be getting a raise.
There is no problem with using consecutive line numbers. If you need to insert a line between two other lines, use fractional line numbers.
5½ GOTO 3.1
No renumbering required, problem solved!
Yes, I know what you are thinking: what if we run out of fractions? Don't worry though! In such emergencies, you can start using irrational line numbers. There are tons of those, so you will never run out. This does tend to increase the size of the program considerably, so they should only be used as a last resort.
I'll probably be modded down for this...
They want their coding paradigm back.
Avoid Missing Ball for High Score
...and it is useless. It is an application (not firmware) that is installed into the disk's MBR. It also requires a Windows OS. So, in a nutshell: if you reinstall Windows it will not kill computrace. Reformatting the MBR or installing a *NIX OS will kill it, however.
Together, we will drive the rats from the tundra.