Slashdot Mirror

← Back to Stories (view on slashdot.org)

Delete Data On Netbook If Stolen?

Posted by kdawson on from the grab-brick-smash-window dept.

An anonymous reader writes "I have just moved overseas on a 2-year working holiday visa and so I picked up a netbook for the interim, an MSI Wind U100 Plus running WinXP. I love it to bits. But as I am traveling around I am somewhat worried about theft. Most of my important stuff is in Gmail and Google Docs; however, I don't always have Net access and find it useful to gear up the offline versions for both. Ideally I would like to securely delete all the offline data from the hard drive if it were stolen. Since it is backed up in the cloud, and the netbook is so cheap I don't really care about recovery, a solution that bricks it would be fine — and indeed would give me a warm glow knowing a prospective thief would have wasted their time. But it's not good if they can extract the HD and get at the data some other way. All thief-foiling suggestions are welcome, be they software, hardware, or other."

4 of 459 comments (clear)

  1. Are you evil enough? by saynt · · Score: 5, Interesting

    First, get truecrypt, that takes care of your data.

      Now then, If you have the spark of evil in you, here's the plan.

        1. Set up multi-boot config.
        2. Create a bootable partition that has enough OS on it to run the drive and network, name it something interesting like 'Confidential'.
        3. Get the BIOS flash utils for your netbook, create a corrupt bios image that will still pass muster enough to install.
        4. Set up a boot time process on the netbook that does a 'wget' from a web site that you control. If it gets a file, quietly flash the BIOS with what it downloads.

        If you ever get ripped off, move the nasty BIOS image to the file location on your web site and bask in the glow of pure wickedness...

        You can test this with a valid BIOS image, but don't look at me if something terrible happens, you're playing with fire here.

  2. Quick'n'easy by nick_davison · · Score: 4, Interesting

    1) Set up two accounts. Your actual one behind a password and an unprotected one.
    2) In the unprotected one's startup, set it to delete all of your personal data.

    You'll never log on via the unprotected account. Therefore you'll never accidentally delete everything. Even if you do manage to, as soon as you're next near a net connection it sounds like you can pull it back anyway.

    Most casual thieves (sorry, your life isn't actually important enough that crack teams of ninja espionage winged monkeys will track you down and deliberately steal your data) will be perfectly happy to log on via the one account they can get on via and won't notice a suitably disguised process quietly cleaning everything sensitive off the machine.

    It's not perfect, it's not infallible but, honestly, your data really isn't worth the hassle of defeating it for the average opportunistic thief.

    You want to have more fun with them...

    Set a scheduled task on that account to open Firefox 3.5 every 15 minutes and go to an address on your own server where it promptly gives its geolocation info before more obviously redirecting itself to some apparent malware site. They'll assume your machine's just infected with malware while you and the cops are given constant updates on their location.

    Again, it's not perfect and most of /. could easily defeat it... But the average thief isn't a /. reader, they're just an opportunist who thinks they're getting something for free.

  3. Re:Encryption and BIOS settings by JSBiff · · Score: 4, Interesting

    "Yes, the thief could remove the BIOS battery, but he would have to tear the case open. If he knew how to open a laptop without breaking it, he has more skill than I would associate with a petty thief."

    Did it ever occur to you that the thief might be part of a larger crime organization, which organization might have a few people with pretty advanced technical skills? Or, even if they aren't, it's entirely possible/probable that after the thief fences the stolen computer, it will end up in the hands of someone both unscrupulous, and technically saavy?

  4. Re:Encryption by Sodakar · · Score: 5, Interesting

    On N270 Atoms, whole-disk AES encryption works perfectly fine, and the only time I notice a slow-down is when I'm running a benchmark program side-by-side with a model that has an unencrypted drive. For regular browsing and e-mail (which is what the person asking the question listed as a qualification), it's a non-issue.

    As some others have posted, and what my local police have told me, the laptop will likely have been sold for cash in less than 24 hours. Unless you are being targeted specifically for something of significant value such as corporate IP, it's unlikely that anyone is going to spend the time to try to unencrypt your drive.

    But other threats still loom...

    If you plan on connecting to any network, you will expose your machine to any network-based threat, so you ought to harden your machine accordingly.

    Make sure you still have a strong password for your account login. If your machine is in hibernate, the crypto authentication prompt will stop them, but if your machine was sleeping, it'll return to the OS prompt.

    The one scenario where you're not protected at all is if the machine is powered on, logged in, and someone grabs it by force. I realize there are proximity-based USB dongles that will lock the screen when the remote adapter is beyond range, but this may be far too impractical to use. A USB security dongle sticking out the side is a quick recipe for a broken USB port...