Slashdot Mirror
Delete Data On Netbook If Stolen?
An anonymous reader writes "I have just moved overseas on a 2-year working holiday visa and so I picked up a netbook for the interim, an MSI Wind U100 Plus running WinXP. I love it to bits. But as I am traveling around I am somewhat worried about theft. Most of my important stuff is in Gmail and Google Docs; however, I don't always have Net access and find it useful to gear up the offline versions for both. Ideally I would like to securely delete all the offline data from the hard drive if it were stolen. Since it is backed up in the cloud, and the netbook is so cheap I don't really care about recovery, a solution that bricks it would be fine — and indeed would give me a warm glow knowing a prospective thief would have wasted their time. But it's not good if they can extract the HD and get at the data some other way. All thief-foiling suggestions are welcome, be they software, hardware, or other."
The answer to your problem is whole disk encryption, not trying to delete the data.
Encrypt the entire drive with TrueCrypt or something. Use a strong cipher and a very strong passphrase. The laptop is as good as bricked to anyone who gets it.
"Nature doesn't care how smart you are. You can still be wrong." - Richard Feynman
set up a scheduled task to wipe the drive unless you cancel it. Then don't forget to cancel it.
That is what encryption is for. Get truecrypt or other similar application and then the data won't be extractable by anyone without the password.
If it's physical theft I would think they would bin the HDD or sell it "as is" without even looking at what's on it. Bricking it doesn't do a lot, you'd probably just replace the HDD anyway.
Identity theft is more worrying. Why not encrypt the HDD with something like Fedora / Ubuntu offers - ie an encrypted /home or MyDocuments. That way the laptop won't log on for the thief.
It's the only way to be sure.
There is probably room in the case for a few ounces of C4 explosive, and a detonator. You might have a hard time getting it through customs though..... and you had better never drop the thing so the detonator goes off!!
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
Website: http://www.absolute.com/products/lojack
FAQ: http://www.absolute.com/resources/public/FAQ/L4L-FAQ-E.pdf
Costs $59.95/year for the premium package which supports Remote Wipe. Embeds itself in the BIOS/EFI. Supports XP and OS X.
Carefully paint over the letters on the "T" and "E" keys with polonium-218 laced paint, then just remember to wear gloves when typing unless your name is something like "Frank" and your password is all digits.
As others will have already said: use truecrypt. In addition, use two account: yours with a password, and another one (visible from the login shell) without password. Put a script in it that wipes the disk if anybody logs in it.
Non-Linux Penguins ?
Of course full-disk encryption, as lots of people have already suggested, but since you want the thief's time to be wasted, remember to password-protect the BIOS and disallow booting from USB drives or external units. Same goes for GRUB if you were on Linux. That way the thief will not be able to resell the netbook.
Yes, the thief could remove the BIOS battery, but he would have to tear the case open. If he knew how to open a laptop without breaking it, he has more skill than I would associate with a petty thief.
You might also consider Adeona.
Victims of 9/11: <3000. Traffic in the US: >30,000/y
First, get truecrypt, that takes care of your data.
Now then, If you have the spark of evil in you, here's the plan.
1. Set up multi-boot config.
2. Create a bootable partition that has enough OS on it to run the drive and network, name it something interesting like 'Confidential'.
3. Get the BIOS flash utils for your netbook, create a corrupt bios image that will still pass muster enough to install.
4. Set up a boot time process on the netbook that does a 'wget' from a web site that you control. If it gets a file, quietly flash the BIOS with what it downloads.
If you ever get ripped off, move the nasty BIOS image to the file location on your web site and bask in the glow of pure wickedness...
You can test this with a valid BIOS image, but don't look at me if something terrible happens, you're playing with fire here.
Try Eraser
Works fine for removing data. Might not work if advanced forensic techniques are used.
Most thieves don't have access to those forensic tools. And I'm assuming you don't need this level of protection. I'm assuming you're not trying to obfuscate your illegal Tracy Lord mpegs.
My ZooLoo
Well, there is are a couple arguments for encrypting the whole drive. . .
1) Are you 100% certain that every program you use is allowing you to store data in the folder of your choosing (the TC 'drive') instead of shoving data either in program files (any app dev who puts data in Program Files needs to be taken out, have their geek card torn up, thrown on the ground, spit on, stomped on, then the dev gets beat up till they bleed, damn dumbasses, but unfortunately, it happens all the time, even with programs from very large IT vendors who should know better), or somewhere like %userprofile%\Application Data\AppName (that, at least, is not an actively *bad* place to put it, but doesn't always work well with encryption)? Or under a Unix-like environment, even if your home directories are encrypted, data might be getting saved to other folders like /usr/local, /var, /opt, etc.
2) What about the temp files directory? The page file? Interesting stuff might get stored in the temp files directory, and copies of all the encrypted data will likely be loaded into memory, and copied into the page file, at some point.
The only way to really be sure your data actually is encrypted, is to encrypt the whole drive.
This might be a bit of overkill, and personally it is not something I've tried myself (yet). Install a user un-friendly version of Linux (just to confound the criminal) and use an Iron Key to run a super small Linux distro on. Keep all of your important data on the key. Don't store the laptop and the key together.
Added bonus - if you are around a desktop or a laptop better than a netbook, you can run your OS and all your documents through the drive.
Name...That...Autocomplete!
1) Set up two accounts. Your actual one behind a password and an unprotected one.
2) In the unprotected one's startup, set it to delete all of your personal data.
You'll never log on via the unprotected account. Therefore you'll never accidentally delete everything. Even if you do manage to, as soon as you're next near a net connection it sounds like you can pull it back anyway.
Most casual thieves (sorry, your life isn't actually important enough that crack teams of ninja espionage winged monkeys will track you down and deliberately steal your data) will be perfectly happy to log on via the one account they can get on via and won't notice a suitably disguised process quietly cleaning everything sensitive off the machine.
It's not perfect, it's not infallible but, honestly, your data really isn't worth the hassle of defeating it for the average opportunistic thief.
You want to have more fun with them...
Set a scheduled task on that account to open Firefox 3.5 every 15 minutes and go to an address on your own server where it promptly gives its geolocation info before more obviously redirecting itself to some apparent malware site. They'll assume your machine's just infected with malware while you and the cops are given constant updates on their location.
Again, it's not perfect and most of /. could easily defeat it... But the average thief isn't a /. reader, they're just an opportunist who thinks they're getting something for free.
You could also use two layers of security. 1) Truecrypt the entire laptop and run a mobile OS with truecrypt off a flash drive, then make sure the flash drive never leaves your sight. 2) Truecrypt the entire laptop and store your personal data on a flash drive, again with truecrypt.
Including the owner!
Boffoonery - downloadable Comedy Benefit for Bletchley Park
http://www.pendrivelinux.com/
Or, for Windows XP:
http://articles.techrepublic.com.com/5100-22_11-5928902.html
Name...That...Autocomplete!
Most casual thieves want the hardware to use, resell, or simply because it's pretty. They don't give a toss about your data unless they can get easy cash out of it.
Encrypt the disk to protect your data. It doesn't even have to be very strong encryption but obviously good encryption is better if your CPU can handle it. You can save CPU cycles by only encrypting data that really needs to be kept personal.
Personally I'd be tempted to have some kind of low trick on there just to fuck with their minds. Add a script like
echo "GPS location tracking started..."
sleep 13
echo "Device location found and reported."
read x
There is absolutely no security in this but casual thieves are normally not too smart so might shit their pants.
Right now! No thief will ever get your data if you destroy it right now!
Oh you wanted to use it in the meantime. Well that's different...
These posts express my own personal views, not those of my employer
come on! this isn't tagged with 'thermite' yet? Consider me disappointed...
Perhaps the poster meant to truly "brick" the netbook instead of just making sure no sensitive data can get stolen from the hard drive. In this case autoflashing the rom/bios with something nasty under some condition can do the trick.
people this is 2009, how is it you haven't heard of encryption???!!
If you mod me down, I will become more powerful than you can imagine....
Firstly: You're not that interesting - nobody wants to read your E-mail, and the 'important' stuff (like your PGP keys) are individually passphrase protected, aren't they.
Secondly: You're not that interesting - the thief either wants the device for themselves, or to fence it for $50 worth of crack (or food, depending on where you travel). If they want it for themselves - chances are they'll just wipe it with a clean Windows install (you even leave the registration key on that little sticker on the back, don't you...) to get past your login/resume password. If they don't whoever fences it will.
I find it hilarious that the submitter is worried about security, but keeps their "most" of their "important" stuff on google docs. If more people were biting on that obvious contradiction I'd say the submitter had successfully trolled the /. front page.
Set it up with multiple boot options, and the default one does something nasty.
If you don't select the right boot option when you switch it on ... Zap! One wiped disk.
If you can wipe the BIOS...even better.
No sig today...
If it has Winxp on it it will self destruct eventually anyway.
Google: windows encrypted drive + "I'm feeling lucky".
Here's what I got:
http://www.truecrypt.org/
I'm OK with "Ask Slashdot" being used to gather the collective experience of the techies that like to hang out off-hours here at /. - but.. this?!?
Something that could be addressed by a moment or two spent at Google or even (god's sake) Bing is a WASTE OF HITS. But maybe that's the plan - get droves of angry techies to bitch about the lameness of the stories, delivering ad impressions?
Crazy like a fox?
I'm on to you, Cmdr Taco, if that is your real name!
I have no problem with your religion until you decide it's reason to deprive others of the truth.
You are sharing your important data with a third party, however, the unimportant data should be destroyed?
The Dutch will inherit the earth. If not, we'll settle for a bit of ocean. Beta delenda est!
http://xkcd.com/538/
I think the poster should worry about other things, like who the hell gave you the idea that storing your stuff at Google's is safe in the first place?? Fuck the netbook, get a decent place to store your "important" shizzle.
but if you care about confidentiality of your datas once your laptop is stolen, and at the same time you store most of your datas on servers owned and administered by someone who is not you (the Google company in this case), then maybe you should think twice about what you do.
Votez ecolo : Chiez dans l'urne !
Try MS Groove. It supports offline working, synchronizes your data (and forms and stuff) when your connection is up, and stores local copies in an encryped 'vault'. ...But there's a catch: you need to build something for your geared Gmail and Groove to sync.
A good encrypted filesystem is better than deleting: It's equivalent to overwriting the disc with random data.
-fb Everything not expressly forbidden is now mandatory.
All the more reason to use a Linux or BSD based OS.
To the average thief or receiver of stolen goods, a netbook running an alternate OS is as good as bricked.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
I use LaptoLock http://www.thelaptoplock.com/, its free to use and easy to set up, but it is Windows only. It is a bit old though, the last time it was updated was in 2007, but it works like a charm.
To the average thief, and to the average receiver of a stolen netbook, if the netbook boots an alternative OS, it might as well be bricked.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
A number of people have suggested that the data is not important.
But what about cached credit card numbers or passwords?
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
"I have just moved overseas on a 2-year working holiday visa"
gimme one of those!!!
THIS COMPUTER WAS STOLEN FROM <your name/phone number>
In large, contrasting letters - for extra points write it in the language(s) of the countries to be visited. Not only will it draw unwanted attention to whoever tries to use it, but it will make the stolen item impossible to sell on errr, auction sites, where most of this stuff ends up.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
Use the intelligent disk controller's intelligence for something?
Sure, it would require some significant modifications to the drive, but it ought to be possible. And, I guess, triggered by lack of signal rather than by signal.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
I'd keep all my sensitive files on an Ironkey https://www.ironkey.com/ and do a full-disk encrypt on the system drive of the netbook... That way if they jack your netbook, it's pretty much useless, and if they jack your Ironkey, it self destructs after 10 incorrect password attempts.
This is probably the best solution for anyone not carrying trade secrets.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
Unless you can tell it to brick the firmware you won't get squat.
Besides, once it's been stolen all you can do is deny the thief any gain, or help him get caught. You've already lost the equipment.
My suggestion would be to invest in some physical security, such as a locked bag. If permissible, a loaded gun wouldn't hurt either.
You're worried about security and privacy? Then why are you using Gmail and Google Docs for that oh-so-important data? If you're going to be paranoid, you might want to start there...
I mean, I use Gmail too, but as a student, I don't exactly have a lot to hide - a few forum passwords, slashdot credentials, a few measly bucks in the bank. If you were really AT ALL serious about privacy and security, you should be using services that aren't paid for by a company that makes money from knowing your private data...
Sorry, but this makes it very difficult to take your post seriously...
You can do the same with Bluetooth and you mobile - I bet the netbook in question has Bluetooth. For Linux, there's KBlueMon (and some GTK equivalent), it let's you define the Bt devices that need to be in range; if they're not, it locks the machine. I am sure there must be something like this for Windows.
Adding a home made thermite device to a computer is not highly recommended. The nice people at airport security check might mistake your computer for improvised explosive and delay your flight.
For safe and secure disposal of hard disk I recommend installing an extra lithium battery from a certain manufacturer. The LHDDU (Lithium Hard Drive Disposal Unit) is both legal and functional as proven numerous times in Internet video clips. Just remember to keep the laptop on the table, not in your lap while using it yourself.
by wiping it you mean with ICBMs or? At least some sensible use of tax payers money.
Leave the Netbook in tact but take a hammer with you, just in case it gets stolen and you need to destroy it.
Check out IronKey (http://ironkey.com). A hardware encrypted USB stick may help you - especially with the netbook. The newer S200 models with 256-bit AES encryption gives the security you imply and they have (or will have) models with what I'd consider more than ample storage for "traveling around" (I see this as trips away from where you are staying). When looking at encryption, seriously think about the plausible deniability feature - providing a password that opens the volume to enable innocuous data that you would want an adversary to see and not the volume with your protected data. Also think about making the USB device a bootable device (Ubuntu being my preferred) so you can leave little to no trace of your data on the netbook. The USB stick is far easier to carry (and lose!) than the netbook... and the IronKey can even go into the shower with you!!
Full drive encryption can brick netbooks/laptops unintentionally. Bad sectors, which might under other circumstances corrupt a file in a recoverable way, can render a whole drive unrecoverable if it's encrypted. Overheating is a commonly cited cause.
I don't know if some drive-encryption methods/settings are more susceptible than others, but if anyone is seriously considering this route then it's worth reading up on this type of failure.
Meta will eat itself
Full disk encryption is what you want, http://www.truecrypt.org/ will do this for you. However, consider the overhead, and even as fast as TrueCrypt might be, Netbooks have only so many cycles to burn.
:) Try https://wiki.ubuntu.com/UNR
Consider switching to Linux so that you won't need additional (read: expensive) malware/antivirus/crapware eating up the remaining cycles
Oh, the terror! What if the thief kidnaps you and tortures you to obtain the passphrase or bomb deactivation code? I suggest you hire Jack Bauer as bodyguard. No, seriously. Encrypt the disk and you're good to go.
I would have recommended 10 grams of C4 explosives linked to a USB deactivation key for ultimate satisfaction, but you might have a few problems at airports....
Participatory Governance : The only feasible option for a real democracy, where everyone really does have a say.
Many netbooks boot from USB or an SDcard. Run the OS off of one of these. If you use an Ubuntu live CD, there will be no information on the drive upon reboot. For local storage use a USB drive with Truecrypt.
Most of these netbooks support boot over USB. Why not just use an external USB powered drive as the machine's only boot and data storage media? When not in use, keep the drive in your pocket. Anyone who'd be interested in stealing the netbook would probably just be satisfied with the machine itself and probably wouldn't think to see if it boots before taking it.
Perhaps future netbook iterations will use a similar setup where you can simply eject the drive from the system and run the interface off the internal USB.
8==8 Bones 8==8
As far as login security goes, the iPhone can be pretty slick. It can be setup so if someone enters the password wrong five times a secure wipe begins. Does anyone know of something that gives XP similar functionality? Tiggering remote wipe functionality like Exchange or MobileMe would be a huge plus too.
Many other posters have already commented on the idea of encrypting your data but if you want it destroyed (you're paranoid about aliens with 10^40 flop computers or the 5-dollar-wrench attack) there are 2 solutions with their own weaknesses. First, you can install a program to remotely view your desktop, hope the box is connected to the internet, then wipe the hard drive right there. Second is the fail-deadly solution - require a password every 10-30 hours or the data is automatically wiped. This has a high risk of destroying the data when you could have recovered it, but if you have another copy of all the data (preferably a disk image to clone right onto your netbook for ease) in a secure location it can work.
A 30 page dissertation from http://www.bestdissertation.com/prices.html is $550, possibly more to the original author. Along with family photos and facebook entries, making contact for a cash exchange might be on the mind of some criminals.
Finally had enough. Come see us over at https://soylentnews.org/
Comment removed based on user account deletion
If you're backing up your data "in the cloud," all manner of people probably have access to it already.
Liberty in your lifetime
Hi there :)
I have a similar situation as you - I have a netbook with data I'd prefer to keep to myself. My solution, as many others have suggested, is to use Truecrypt. My particular configuration is to encrypt a secondary partition where most of my more sensitive data resides.
My email, instant messengers, and even Firefox & firefox profile are installed on this partition, so my cookies and saved passwords are safe.
My netbook has basically two modes, "insecure" mode where the sensitive data's not mounted, and "secure" mode for whenever the computer is physically close by.
What this allows me to do is to not even bother with a login screen. This comes in handy because I can boot it and start using it without having to fuss with the tiny keyboard. Secondly, I can loan it out to friends who want to borrow it, even for a day or two.
--
#include <malloc.h>
free(your.mind);
Here's an idea.
Install Grub as the bootloader. Make the default boot partition (labeled as WinXP or something,like that) into a small linux that runs Duke's Boot & Nuke. Have a selectable option to boot the windows partition with a password.
The thief gets a boot menu, ignores it and it will take the default after 10 seconds so DB&N boots and trashes the HD
The normal user chooses his protected entry and can boot the machine into Windows normally. The only risk is if he misses the GRUB menu and heads into DB&N by accident.
There's also things like BIOS passwords that can be used to defeat the casual thief
Sigs. We don't need no steenking sigs.
n/t
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Unlike those who just say "encryption" the parent of this post links to TrueCrypt. TrueCrypt is free, very easy to install, very safe, very flexible, and quite secure. I've used it on laptops before and found the performance degradation to be minimal. The installation walks you through the selection of choices with enough information to help you make smart decisions. Just go get it and install it.
The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
You hinted at wanting to deny the thief the use of the stolen netbook - so far I've not seen many practical suggestions that won't land you in jail (hand grenades, explosives, etc). Here's a relatively simple way that's airplane-friendly.
When Mr. Thief tries to start it up it'll either not start at all or will smoke some of the laptop's internal workings.
Tiller's Rule: Never use a word in written form that you've only heard and never read. You will end up looking foolish.
As others have already pointed out on this thread, use encryption. If you're booting Linux, use LUKS encryption on all of /(root). For Windows, use TrueCrypt. Use a strong passphrase! If a thief ever gets your laptop, they won't be able to access anything on the drive.
I do this on all the laptops I have access to. Makes it very secure. I even have an 8GB flash drive that I use to boot my subnotebook (runs Windows when I'm at work, now runs Linux when I'm at home.) Works great.
If you're really paranoid, create a multi-boot system. You have a netbook, so you don't have a lot of hard drive space to install a (second?) Linux distro. You need something tiny like FreeDOS or a really minimal Linux install. Then set it up to nuke the entire drive without prompting the user first. (Linux can easily do an unattended shred, but FreeDOS will need a third party program to do it.) Set the bootloader to not boot an operating system by default but instead to just prompt the user. The default option should be the "nuke" instance, labeled something obvious like 'Microsoft Windows XP'. Label your real operating system something less obvious like 'Tools'. Guess what option the thief would choose?
Just don't forget and choose the wrong one yourself, or you're going to spend some time rebuilding your system.
Yes... first go with whole disk encryption. (TrueCrypt)
Then personalize yourself a nice rootkit, hide your copy of PoisonIvy or similar, and keep the keylogger running.
If the thief does not reboot the pc, you will capture any personal information on him before he does. Once the PC reboots, your 20 diget key is in full effect..
Kill your TV
I can't say much for windows, but I can say that one possible solution would be to put a key on a pendrive, don't mark it as such, and require that the pen drive be in in order to decrypt the data. If the system is booted without the drive then begin a wipe, shredder works great for ensuring a very clean drive.
:(){
It's the only way to be sure...
... to prevent booting, I would rewire the connector of the disk so if extracted, and connected to a normal interface, it would malfunction / self destruct, with the bonus that any other disk plugged in place would also suffer from the non-standard interface (like applying power in a place reserved to data for instance).
Create a service/background task that downloads a program or script from your website and executes it. Have it do nothing by default, but if your laptop ever gets stolen replace the script with one that wipes the hard drive... Only works if the thief uses an internet connection with your laptop though.
of course any smart fence these days, probably will spend at least a little time trying to get into a laptop.
A stolen netbook/laptop is probably only worth a 100-200 dollars...
There's enough stupid users out there that access to bank account/credit cards/ etc. could be worth 5 times that much..
So yes at some point during the "re-distribution" process I bet someone is going to try and access the laptop...
Nuke it from Orbit.
It's the only way to be sure.
You could simply put a couple attractive shortcuts on the desktop that are really linked to a batch file that formats/departitions the disk. That could be fun.
It would make it even easier if you restricted your key files to a small separate partition.
The red button will trigger a self destruct when pushed...think about it if you saw a red button you would definitely push it to see what it does.
Just because you are wrong and I called you out on it doesn't mean I am a Troll.
Make it so you have to cancel a pop up window every five minutes, or it will reboot the box and run dban in automated mode. Of course, this means that you'll have to be in front of your PC and awake 24x7, but that's a small price to pay to know your data is safe if the laptop is stolen. It's more elegant than using something really impractical like encryption.
http://xkcd.com/538/
I guess the only alternative left is thermite!
Uh, and who is going to be in a habit of buying cheap laptops quick from that average thief? Maybe Jonas 6-liter, but more likely an above average thief who is experienced at extracting the extra value from a stolen laptop before selling the hardware. He's the one who might take the time to look for credit card numbers, passwords, or even hotel room numbers if the previous owner looks like a really valuable target.
Just because the first thief won't look at the data doesn't mean the data is safe.
Bricks are hardware, if you want to brick it, you need a hardware hack, not software.
Here's what I'd attempt (if I was rich). Open the sucker. Find a resistor. Rip it off. Solder in leads going to a USB port that you've disconnected. Hack a usb-stub kit to contain the right resistor.
Voila, now you're the only person that can use the laptop, short of another hardware hacker who has access to a nearly identical motherboard model who can figure out what's missing (or who cares to risk the hardware by guessing.
Of course, with everything being surface mount ... I'm not saying this would be easy. But I am saying this'd make the netbook itself useless to the thief. You of course would still need to truecrypt the drive, to protect your privacy.
Hmmm, of course a smart thief would know that the battery and hard drive are worth money. No way of preventing him from selling those. But you could label them in a permanent way with "STOLEN, CALL XXX-XXXX OR CRIMESTOPPERS".
Nuke it from space - it's the only way to be sure.
Don't fight for your country, if your country does not fight for you.
Anyone remember the old-school trashing technique of using the chemicals from strike anywhere matches on a 5.25 floppy disk. Insert disk, r/w head hits surface, ignition.
So I offer, pack the shell with ohio blue tip matches. A bigger brain than mine (not so much) will need to figure out how to light them. :-)
The answer to your problem is ... reduce your risk, massively. Don't go anywhere where there are thieves. Move away.
Except...
This whole urbanisation thing bothers the hell out of me. Weren't we all told that ubiquitous internet would mean we could telecommute to our jobs from wherever we wanted? Shouldn't we all be living in the countryside with WiMax, mesh and fast-latency low-altitude satellite connections? Y'know, a long, long way from the thieves and the druggies and the traffic and the idiots who queue for coffee?
I wouldn't work in a big city or commute along a busy train line if you paid me, and believe me plenty of people have offered. I've been offered three times my salary to work 20 miles distant from London. No effing chance. Too many people too close together, all getting on each other's nerves and that leads to crime as sure as night follows day.
And yet, the rollout of cable fiber slows to a crawl, the PSTN telcos write small print about fibre-to-cabinet never getting past 80% of the population, and our government's sum total of technology horizon is that one day, one day, every house in the UK might, just might, be entitled to a whopping 2 megabit Internet connection (with indeterminiate latency), the temptation of the urban life becomes more and more irresistible every day.
Me? I've stopped believing in telecommuting like I stopped believing we'd live on the moon. I grew up and had kids. The wife's up the duff with twins and our cosy little Victorian country cottage now looks distinctly pokey. I've had the same ADSL connection speed for over five years and it just ain't gonna change any time soon. The closest we came to 3G was one distant and barely visible hilltop got upgraded to EDGE last year. I can now get 128kbps from outside Winchcombe fish and chip shop. Woo effing hoo.
I'm looking at new build box houses, three storeys high with five bedrooms AND a study, hot and cold running fiber, built on the edge of town between the motorway and the flood plain, the developers keep knocking ten grand off the asking price, and I'm thinking, I'm going to have to call time on this rural adventure sooner or later. It just ain't happening.
Garden the size of a matchbox, though. No orchard, I'll miss that. And streetlights. I'll miss the Milky Way, it'll be like a dagger through my heart when I look up one night and see nothing but angry orange fuzz.
I wonder if I'll need a burglar alarm?
Andrew Oakley - www.aoakley.com
You want to make sure they learn a lesson? Make sure they never steal anything again? securely erase your data? Try Chlorine Trifluodide http://en.wikipedia.org/wiki/Chlorine_trifluoride
Hi, Try using Portable OS a linux distribution that boots from USB pendrive. http://www.linconsulo.com/ You can browse the web on this and no data is stored in the harddisk. ( including browsing history)
But there is a free solution which is more like thermite.
Encryption is wrong for netbooks because the Atom is a slow, single-core chip. It really can't afford the extra overhead.
Encryption also won't do what the submitter asks: bricking the device.
But ATA passwords will do this! Sometimes called "drivelock," these are firmware passwords you type when powering on a disk. If it doesn't get the right password, the disk will refuse to cooperate. Recovering the data from such a disk requires expensive equipment that almost certainly isn't available or worth the effort to the common thief. This solution meets the submitters requirement of bricking the device, and it also keeps his data safe.
Disclaimer: There are many drives out there from major manufactures which have flawed ATA password implementations. Check and see if your HD is among the list of drives which are so flawed.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
I worked for MyLaptopGPS.com for a couple of years. They do pretty much what is being asked, offering the ability to delete certain files and even transfer files off of the laptop before deletion. This is in addition to the tracking-over-IP ability.
I saw some other comments to the effect that most thieves don't try to reformat, look for covert software, or things like that. That's true based on my experience. Most thieves either want to resell or use it.
Thumb drive.
Why not just use true crypt and keep every single file you think is critical on that thumb drive. You can even default set your MyDocuments and force the drive type to a specific drive letter, so its transparent when you boot.
Bonus points because if your laptop is stolen, odds are you still have the drive in your pocket or wallet. Don't think you can cram a thumb drive in your fat wallet. Try this one on for size.
http://shopping.trustedreviews.com/UK/product/88435015/Crucial_8GB_Gizmo_Jr/
Simple. Cover the message with black duct tape. Nobody sees the message and nobody bothers you. But when the thief peels off the tape, they are DOOMED.
... Does anyone know why I can't format a new container with a MS file system/FS under Mac OS X 10.5.7? I don't even get FAT32 option which I want the container to be portable between Linux, Windows, and Mac OS X. I posted this in http://forums.truecrypt.org/viewtopic.php?p=70861 but got no replies so far. :(
Thank you in advance. :)
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Since your running XP, you can use truecrypt to do a full disk encryption. This way it would require a password on boot. My personal solution, i just don't save any real data to my drive. Also use a "master password" in firefox to encrypt my stored passwords. I have plans on setting up home directory encryption (im running linux). That way only my personal settings and files are encrypted. Less preforance hit that way. Also, you could just use an encrypted USB drive and keep all your settings there and use online backup when you have connection.
A very good guide to the thermite solution:
http://www.youtube.com/watch?v=5EVJFg4dxVA
As you can see, it takes a lot of care and finesse to pull of this laptop mod :)
Paint the inside around the HD with tacky ink, as around fire alarms. Seal the thing with a little tape. If a thief or someone willing to buy stolen goods wants to get at the drive, he'll be unhappy and cussing. There will be ink all over the laptop, his tools, hands, clothes, etc.
The good news: the same thing will happen to a customs person. Be sure to warn them first.
"GPP doesn't mention what level of risk there is with having a weee pc from being stolen"
Maybe I'm alone here, but I would just like to say I do not want your data. I don't think anyone does. I've bought many a used drive, PC and laptop and I've never ever tried to recover data from them (even though I know how) to see what the previous owner was up to. Frankly I didn't care and was too concerned with my own data, and if I were to steal someone's laptop I think I'd probably do the same.
Unless you're smuggling government secrets or you're pedobear (pedobear video) your data will probably be wiped clean by whoever steals it so they can use it or resell it.
my karma will be here long after I'm gone
Airport inspection rules are arbitrary - the only thing consistent is that they'll tell you that whatever random thing they made up this week has *always* been the rule and that *you* should know that and obey them. There was a while in the mid-90s when laptops were still viewed as new and shiny and the airport people made you turn them on. (I remember getting asked once if I was carrying a laptop - I had to refrain from saying "Is this the wrong airport - I'm at San Jose aren't I? Have you seen anybody today who didn't have a laptop, duh!")
But recently the Bush Administration's Customs thugs were stopping laptop-carrying people coming from Canada (I think this was in Seattle) because there might be (gasp!) *pr0n* on some of the computers and asserting their right to hold onto your machine until they were sure it was Pure. And Canada sometimes stops people to inspect their papers to see if they're carrying commercial material that might be taxable, so it wouldn't surprise me if they might randomly do something obnoxious (politely, of course, unlike the American customs thugs.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Of course you should bring a knife to a bun fight - and butter!
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
How about the dvd drive? The USB, network and card slots are also nice little spots for jamming in already been chewed and disliked candy or gum. I'd be willing to bet some kid might try stuffing jellied toast or peanut butter into any opening on a PC. I had to keep a very vigilant eye on my daughter, who still managed to insert a paper clip into one of my dvd drives, and thus laid the trap for me to destroy an important DVD.
I notice somebody mentioned IronKey, a jazzed up USB thumb drive. Shounds good. If you'd rather not spend money, you can also use Open Source tools like TrueCrypt, which can encrypt an entire USB thumb drive. All the usual caveats apply about weak spots in apparently secure systems: Suboptimum human behavior (both laziness and ignorance), weak passwords, failure to actually use the encrypted volume, residual OS or Application (such as FireFox!) data caches in unencrypted storage, backup routines that back up unencrypted data to insecure volumes, etc.
There's some utility in farming out that kind of foresight and expertise to off-the-shelf solutions, but you balance that against the value of the data you're protecting so assiduously. Of course, if you put a TrueCrypt file on your onboard HD, it appears as a separate volume when mounted. Use a keyfile (an MP3 file, e.g.) which you store on USB thumb, then if the two are separated they're both useless. In theory.
Not all TrueCrypts are equal, apparently. The Mac and Windoze versions may have better thought out user interfaces than Linux does, although I haven't actually seen these for awhile. Good front ends can ameliorate newbie or casual or business user blunders, such as automating a "turnkey" logon which completely defeats the purpose of security in the first place.
TrueCrypt uses 256-bit AES, Serpent, TwoFish and cascading versions of these on 128 bit blocks in XTS mode. It's hash algorithms are RIPEMD-160, SHA-512 or Whirlpool, user selectable. Open source and recommended, and reasonably idiot proof, not for beginners or sophomores.
``Tension, apprehension & dissension have begun!'' - Duffy Wyg&, in Alfred Bester's _The Demolished Man_
Create an image partiton, and set your bootloader to offer a "Factory Restore", set a good windows password, and hope for the best. I figure if every time they boot, and they dont have ERD or something similar, they see something to do a restore (most windows machines come with it anyway) they will go that route, and format off all your data.
Sauer
Many people use their laptops to work on projects for their employers, and companies really don't like having their corporate data exposed - especially if they're in California or other states that require corporations to disclose to the public if customer information is exposed, which makes them look stupid.
There are upmarket criminals who do want data, typically credit card and bank account information. Does your browser have your bank's password cached? That can be worth far more than a used laptop. And spammers may pay trivial amounts for Facebook/etc. logins. On the other hand, yeah, most low-level criminals just want to sell the hardware fast, and it might be easier if they can just wipe your user data and leave Windows installed rather than having to reinstall pirated Windows themselves.
The real technical question is whether you want to encrypt the whole disk, or only encrypt the file systems or partitions that have your files (and maybe swap and spool) and leave the vanilla operating system partition unencrypted for performance reasons.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
You seem to be implying that, because you use Linux, you cannot use TrueCrypt.
I use TrueCrypt on Linux (Ubuntu 8.04). Works great.
404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
[GPG key in journal]
The submitter didn't say he wanted the machine bricked - he said he wanted his data protected, and if that means bricking the machine, he's ok with that. After all, if a thief is trying to resell the hardware, not the data, even ATA passwords aren't enough, because the thief can replace the drive with a new one. On the other hand, encryption will protect your data against smart thieves as well as dumb ones, and ATA passwording won't, unless you get lucky and have a disk from a non-flawed manufacturer.
Encryption doesn't take that much horsepower, especially if you're also doing compression, which lets you run your disks a lot faster. If it's still a problem, encrypt the file systems where you keep data (including /home and /var and maybe swap) and leave the operating system itself on a non-encrypted partition.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
No, my laptop didn't get stolen this time. It was a brand new machine, with the OS and my files installed on it, and got sent in for "repairs" because the hardware clock wasn't working - probably needed the battery seated correctly or whatever. And either our outsourced corporate desktop support people didn't get the message requesting them to fix the clock, or Dell didn't get the message requesting them to fix the clock, or something else happened, because they allegedly scrapped the machine and sent me a new one. Did they crush it, or rip it apart, or fix the battery and send it to a new users? Nobody can tell me :-)
But it had Pointsec, so allegedly my data's protected from outsiders, and my old laptop is left over from our *old* corporate desktop bureaucracy, so it's company-owned rather than leased, and I've been using it while they "fix" my new one, so I haven't lost my data.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Well, it nullifies the query in the sense of saying "instead of carrying a netbook, carry a flash drive with your data and a Linux LiveCD, so you can use whatever hardware's available at your destination, and you'll probably be safe from viruses or keyloggers by running the US you brought with you." And it's becoming much more common these days for machines to boot from USB, and 4GB flash drives cost under $10, you can even carry a fairly full environment on your keychain.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Modify a boot loader (GRUB, LILO) to require updates via the internet. When you can't resolve after 10 days, or the kill switch is flipped, it automatically writes over the hard drive. The idea is a system-level service would re-write the boot loader periodically with a new time stamp as long as the network service does not activate the kill switch. Of course, you should always keep a backup of your system somewhere in case you pass the cut-off :-)
Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
To truly 'brick' a machine, it should be unusable afterwards. Even if truecrypt makes the data inaccessible, the thief can just install an OS and re-sell the device.
Some posters have suggested some sort of explosive for bricking, but I suspect that there are more reasonable solutions. In the Comodore Pet days, there was a poke that would route 12V to the drive controller and fry it. Another would stop the raster and, if left long enough, damage the phosphor at the center of the screen.
These days, you can get a similar effect with XVidtune deliberately configured to damage the display (I accidentally smoked a CRT monitor that way once). A bit of research for the specifications of the particular hardware on the poster's device could probably find a few other hardware damaging tricks that could be employed to make the device useless to a thief.
Signatures are a waste of bandwi (buffering...)
Bricked can mean many things.
It was intended (and, I think, understood) to be a partially clueful joke.
The real answers, decoy OSses, decoy easy logins, tripwire scripts, external devices for actual data, (thermite or high density caps where appropriate) are touched on elsewhere, although not nearly well enough. This was just intended as a nudge in the right direction.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
I don't know who you are. I don't know what you want. If you are looking for ransom, I can tell you I don't have money. But what I do have are a very particular set of skills; skills I have acquired over a very long career. Skills that make me a nightmare for people like you. If you let my laptop go now, that'll be the end of it. I will not look for you, I will not pursue you. But if you don't, I will look for you, I will find you, and I will upgrade your Windows XP to the original version of Vista that is completely unpatched and very vulnerable.
And they said zombies weren't real!
The mode for thieves is part-time. The clueful thief graduates from the dirty work, and goes into fencing, but even fencing is part-time.
Most commercial encryption stuff is actually not that hard to break. So encrypting a drive should be less effective than using a separate device for your data, but it is probably better than nothing.
The problem with separate devices for data is that even the alternative OSses tend to leak a little in the caches.
So, you use an alternative OS, and that means you can make it harder for the guy who does the dirty work stealing your box to take a joyride.
So, yeah, there's more to it. Maybe between my jest and your partial analysis (and many other posts of varying cluefulness under this article) more people will think a bit beyond relying on Microsoft to make everything easy for them.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
Perhaps since the laptop isn't the zippiest thing, it might be worth protecting the documents rather than the laptop. You could try storing them on a flash drive. Keep it close to you on your key chain and if you want to go the extra mile you can encrypt it or get a "secure" dirve rather than encrypting the netbook's drive. Then you don't have to do anything to the laptop and you get the added bonus of being able to use your files on anyone's computer.
Hopefully, when you were installing the alternate OS, you took care of that "hidden" partition. You didn't skip the partitioning step, did you?
Or are you saying that current netbooks have firmware capable of hiding a disk partition from the install CD's partitioning software?
(And I'm guessing these netbooks are not running their OSses from flash drives, if there's room for an install partition.
Hmm. This sounds like it could be fun. Install a live CD to an install partition. Blast your OS and use the re-install key combo to boot into something that can repair it.)
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
We all know windows sucks.
We also know that Linuxs is funny.
The real solution is just to install osX (see osx86projects).
Then go to "System Preferences/Security/"
1) Disable automatic login
2) Check on require a password to wake this computer from sleep or screen saver.
3) Turn on "FileVault" or home directory encryption, this will encrypt all your good stuff.
That is it.
No extra software, no fancy shmancy tricks, nothing.
just straight out of the bittorentbox Kalyway OSX.
IF you want to get super fancy, you could write an "AppleScript" that requires a usb key or other volume to be mounted to let you use the computer on top of that.
see easy peasy.
UNIX os, shmoodelicious interface, use any MS & Adobe shyte software you would normally use (albeit very slowly) and have a native encryption system + continuous backups with "Time Machine" --onto the usb key that is required to start/use the computer.
Tada!!!
Vive le Mac!
Hourra pour le Linux!
A Bat le Weendozs
Content + Container; Content = Container; Content â Container... which is the question?
If he is using one of the SSD based netbooks, couldn't he simply run a batch file to "slam" the SSD and use up its read/writes? Say something that will constantly write and erase files based on wildcards until you have used up the read write cycles on the SSD?
I admit I haven't messed with SSDs much which is why I'm asking. I know they have a limited number of read/writes and since it probably wouldn't be hard to cook up a batch file to do a buttload of read writes and maybe change the time stamps causing files to be rewritten is why I'm asking. But the problem is he also wants he data secured, which means short of using Truecrypt's plausible deniability option to boot into a "clean" OS to run the destruction I don't see how he could toast it, short of doing some serious hardware hacking. Today's machine simply aren't easy to totally fry like the older ones were.
Now if he had one of those Celeron/Athlon 64 desktop CPU based laptops it would be another story, as I have seen plenty of those fry from overheat. you could probably rig up a software override of the CPU fan causing it to overheat and fry the board and the battery with one of those. But I don't think there is a way to actually get an Atom hot enough to cook a board like a desktop CPU can.
ACs don't waste your time replying, your posts are never seen by me.
As far as I know there is no sure fire way of deleting the data once the book is already stolen. They might not even power it up, but remove the hard drive and read it as a slave drive. Your BEST option is to encrypt the drive with something like TrueCrypt. You can either encrypt the entire thing, or just a data holding area you want to keep your sensitive files on. I recommend doing the whole disk encryption if you can. To securely erase all hard drives on your notebook, I recommend DBan. Essentially this is a bootable Linux disk, and will allow you to wipe all data when you boot from the disk. You can choose a quick wipe, simple DoD wipe (3X), Standard DoD wipe (7X), or a 32X wipe (which takes forever). However, initiating such a wipe once the notebook is already stolen? That could be tough. This is especially true because wipes take time, and the thief might get wise to what is happening, shut it down, and read the disk by some other method. You are MUCH better off using encryption. Used properly, there is little to no chance that they will be getting your data that way.
Open Source: Eroding the Digital Divide
run a stripped down XP installation and run only VirtualPC on that. Then create and run everything you want from a virtual machine and encrypt that VM. This means you can switch the VM image to another machine or copy it, back it up, etc. - as long as you have the key - but the contents if stolen will be total garbage for the thief who will, as other posters say, probably dump the disk anyway.
Lojack is an option. Or just encrypt the entire disk with something like TrueCrypt or GuardianEdge. Those two won't delete the data but they'll make it really difficult to get to it. One of my offices had 4 laptops stolen a few years ago. They showed up at a pawn shop....as is, nothing had changed on them. The person who stole it needed money for their meth habit, that was it. Myself, if I lifted a laptop I'd wipe the drive and reinstall my OS of choice if I was going to keep it.
You've already let the biggest data thief in the world at your laptop, whats one extra petty criminal?
Get a copy of the free AxCrypt program and encrypt sensitive data with a key stored on a USB flash drive. That way, if your netbook is ever stolen the data would be useless without your drive. Easy to do and pretty fast.
Anthony Papillion
Advanced Data Concepts, Inc.
"Quality Custom Software and IT Services"
You could reformat the hard drive 5 or 6 times to try and wipe it clean first. Or how about removing the hard drive totally? I was also advised by a hard drive company that running a strong magnet over it wipes it (I know because we accidently did it to one of ours) and this is how some of the external hard drive firms deal with the faulty ones returned by businesses.
100% Mortgage
It's a bit of a joke, but it's also a bit of a comment on the tragedy of monoculture.
Some things are relative to your physical state, some things are relative to your emotional state, some things are relative to how good you are with computers.
Yeah, there are thieves who are technically savvy. There are a lot more who aren't.
Bricked, in the sense of being made unusable, may mean being fried by lightening to one person, and, to another person, it may mean presenting a login screen. And there's a whole range of thresholds for a whole range of people in between.
Shoot. Some people have the time and money to fix a computer that has been burned by lightening. Depending on whether the pulse came through the power or the network cabling, or through the air, it may not even be that expensive or that time consuming. Some people even get a sense of satisfaction out of taking a burned out chassis, cleaning up the insides, sending the hard disk to a recovery service, installing new P/S, motherboard, etc., etc., and showing their friends a re-al scorchin' mo-cheen.
Some people are completely frustrated when you change the wallpaper on them, unless you hold their hand and reassure them that nothing will break while they re-establish their relationship with the machine.
So, maybe not bricked for you just by installing an OS outside the monoculture, but likely bricked for many, if not most of the petty thieves.
You can look elsewhere under this article for not a small amount of discussion of how technically savvy the people who steal notebooks generally are (or are not).
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
Then all you have to worry about are temporary files. If you learn where they are stored for each app you can write a script to delete them. In Windows XP, they are usually either stored in the same folder as the application or in the hidden folder Application Data.
There are also apps out there that phone home whenever the computer is connected to the internet. These apps typically log the timestamp and the IP address. Some collect more data and/or geo-locate the IP.
Jeff Miller
http://www.assistsolar.com
http://businesscredittips.weebly.com
My sister totaled my favorite car in a little three-way argument with the sun and a cow. (The cow lost that argument, and the rancher was not happy. My sister was a bit shaken, but otherwise, okay.)
The insurance company covered it for replacement cost, estimated at buying a similar car used., because we had chosen that kind of coverage.
I drove that car for at least ten years after that.
And we didn't even have to put a new engine in it. I think we replaced the radiator and some of the steering chain. The same insurance company that had called the car totaled inspected our repairs and called it insurable. It did cost a bit more than the coverage they gave us to fix it, so we were just being environment-conscious (and a little bit sentimental).
How's that for a car analogy? (I kind of thought my comments on a burned-out chassis addressed this point, but you insist on a car analogy.)
But that's a red herring. Let's change our point of view a bit.
You know it's not bricked, if only you had it in your hands.
I know it's not bricked, if only I had it in my hands.
The owner knows it's not really bricked, if only he/she had it in his/her hands where it belongs.
But the thief, in whose hands it is, likely does not know how to make it usable. Neither you nor I, nor the owner, are on hand to show the thief how to get past the barrier to use.
Unless the thief's fence or good buddy knows how to get past the barrier, it's unusable to the person who has possession of it. Thus, to the person who has physical access, in the mode case, it's effectively bricked.
Statistically, the thief tosses it in the nearest bin as more liability than it's worth to try to un-"brick" it.
Perhaps we should call it statistically half-bricked, since the probability it gets tossed rather than re-installed or brute-forced or whatever is somewhere above 33% and less than 100%.
As I said. It's a joke. Something of an inside joke, I suppose, but everyone here should know the joke, should understand that we aren't recommending depending on merely using an alternate OS to thumb your nose at all the potential thieves.
It's a joke with a point.
The point being that, the reasonable steps to protect your data will also, statistically speaking, make it harder for the thief to even use the hardware. At the bare minimum, proper security measures are going to cost the thief time and trouble.
Even inserting a system re-install CD is going to cost, time-wise, somewhat close to the value of the box on the black market.
Which should (at least partially) answer the desire that the author of the article had to get a bit of revenge on the theoretical thief.
Okay? Can we quit talking around each other?
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
The original poster (who has not bothered continuing his part of the conversation) said, "as good as bricked."
Oh, well. Brick it. Fill it full of cement.
Hmm. I have a computer that you could fill full of cement without actually making it non-functional.
Whatever.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.