Slashdot Mirror
Ask Slashdot: How Do You Prepare For The Theft Of Your PC?
A security-conscious Slashdot reader has theft insurance -- but worries whether it covers PC theft. And besides the hassles of recreating every customization after restoring from backups, there's also the issue of keeping personal data private.
I currently keep important information on a hidden, encrypted partition so an ordinary thief won't get much off of it, but that is about the extent of my preparation... What would you do? Some sort of beacon to let you know where your stuff is? Remote wipe? Online backup?
There's a couple of issues here -- including privacy, data recovery, deterrence, compensation -- each leading to different ways to answer the question: what can you actually do to prepare for the possibility? So use the comments to share your own experiences. How have you prepared for the theft of your PC?
There's a couple of issues here -- including privacy, data recovery, deterrence, compensation -- each leading to different ways to answer the question: what can you actually do to prepare for the possibility? So use the comments to share your own experiences. How have you prepared for the theft of your PC?
distributed architecture.
Dialectician. Archology.
Enable whole disk encryption and use a good passphrase that must be entered on power-on.
Without the passphrase your data is just unrecognizable noise.
It does not protect against someone threatening you to reveal the passphrase if they really want your data, but it protects against petty theft.
Buy a bullet and rent a gun.
Most (almost all burglars / robbers) don't care about the contents of your machine, only what they can sell it for. And they certainly aren't going to be capable crackers.
Have a password to make turning it on a dead end run disc image backups as your best way of storing all your data and settings, if you can replace with similar out identical h/w you only have to restore and away you go.
Encryption is all you need, stop worrying! Unless your "thief" is the FBI.
I just keep my passwords DB in an encrypted container.
For privacy, the simplest and most helpful thing to do is use full-disk encryption for your hard drive. This will significantly increase the amount of effort required to access your data and any online accounts (e.g. bank accounts).
For data, I just store all of my sensitive data on the cloud (e.g. tax returns, personal documents). If you have large amounts of important data such as photos, you may have to pay a monthly fee for good cloud storage. But it's definitely worth it. There are many, many other things that can go wrong besides theft that can cause data loss.
It's also good to practice good online account security (e.g. using 2-factor authentication), and make sure to reset all of your critical passwords in the event of theft of a computer.
My laptop is bitlocker encrypted. All my stuff is synced to a several hundred MB Seafile library. Modern Windows with online accounts takes care of backing up customisations quite well too. A lot of open source apps especially store customisations in a file, they are in a Seafile library.
The only thing I'll lose if someone steals my laptop is the $200 insurance cost and a few hours of my time reinstalling a few programs.
Full loaded with its .44 special cartridges, works better than any backup as a deterrent against laptop thieves.
Seriously? Well, sure why not.
If you're going to go that far just use Tails OS and backup the encrypted volume on some cheap cloud storage. You have backup, you have encryption, and even some theoretical thief doesn't get any of it, short of kidnapping you and hitting you a bunch with a hammer.
Just build a gigantic tower PC with full water cooling rig, in a case with no good grip points, then strap it to the leg of your desk with plumber's tape and screws with security torx heads.
First, track down one of those Dell laptops from the early 2000s - the two-inch thick ones which used desktop processors and weighed something like ten pounds.
Then take the ginormous power brick from that laptop, hollow it out, and hide your MacBook in there.
#DeleteChrome
Some questions to start with:
1.) Why keeping a hidden encrypted partition?
Its easier and more secure to have FDE in place because some programm .. perhaps notepad++ might buffer for example the text files that contain your passwords (password managers have some security issues themself).
2.) Backups / local & online "offsite"
Do you maintain the internet connection for your parents? .. put a small remote controlled server there and store only encrypted data on it.
encrypt backups too :)
here is how I do it:
1.) local data is encrypted and on a homeserver that has FDE
2.) my backup home server is just an iscsimachine the encryption/decryption is done on my homeserver and the disks are just "exported" over the network via iscsi
3.) my root server is an iscsi machine too and is handled the same way as my backup home server over an ssh tunnel.
The backup is done via rsync and I maintain a database of hashes for all files and locations (helps to reduce size by finding double data)
4.) I do a desaster simulation once in a while .. because having a backup is one thing, being able to restore all data it is another.
5.) When I'm not at home my computers are powered off, except an additional intrusion detection system. (old raspberry)
6.) all my computer I take with me are stone aged - yet still 64-bit & ssd accelerated - netbooks - cost ~60-80 USD + the ssd(only 128 and 256 gb) = low cost
Idea:
It might be a good idea to have a "tripwire" partition in place that boots unencrypted unless you switch the boot manager to the real FDE partition on prompt. This tripwire installation can signal GPS position over a 3G-card or take pictures via the webcam and make other remote control stuff possible.
To my knowledge all 3G cards provide also gps data over a virtual comport. (= no extra special hardware neccessary)
A UPS buffered shutdown would be better, because truecrypt(-- veracrypt) will overwrite the key data in RAM during shutdown.
A hard reset might make it possible to perform a memory freeze attack and extract the encryption key from the ram directly.
This attack is not just theory, it is used by for example law enforcement agencies and known to work.
So one might just kill your electrical power before rolling in.
https://en.wikipedia.org/wiki/...
First, the cost of repairs after a break-in will far exceed the value of your PC. And in addition, the increased insurance premiums will probably dwarf the repair costs, too.
Most burglaries are drugs-related. All the thief wants is to get in, grab enough to pay for their next fix and run away. All this stuff about organised robberies, knowing what to look for, recognising a pearl in the pigsh... , thefts to facilitate hacking - that only happens in bad movies.
There is not a housebreaker in the world who has any technical knowledge. All they will see is a PC-shaped box. And being a PC, it's resale value is negligible. it probably isn't even worth carrying to their car. I would suggest buying a broken Macbook or iPhone as a decoy and leaving that as a "sacrifice". Being instantly recognisable and easily portable, that would be stolen in preference to what you actually value.
If you are still worried that a thief will steal all your little secrets, then the simple solution is to run Linux. Anyone in the thief's circle will not recognise that as being Windows and they will therefore toss the PC at the earliest opportunity.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
How do I prepapre for the theft? I have Prey installed https://www.preyproject.com/ , and leave the machine unlocked and unencrypted. When it was stolen, the police arrested the thief within 90 minutes of him switching the machine on. (This works, of course, becase thieves are not smart.)
For really confidential stuff, we have other secure machines and procedures. The notebooks are for daily work.
17779 eligible voters in a district, 17779 'vote' as one. This is Russia.
Material loss: Insurance (read the small print and make sure you get a policy that covers it).
Privacy loss: Encrypt the disk. Commercial and open source full disk encryption software is easily available.
Data loss: Backups. Plenty of affordable online backup/storage solutions are available, some specialising in specifically in backups (Backblaze, Crashplan), others that are more generic (Amazon Drive, Google Drive).
"So how do you try to keep us out and where do the tech-savy Slashdot civilians keep their backups?" None of your damn business. How about that?
Biological weapons work best.
Creationists are a lot like zombies. Slow, but powerful and numerous. And they all want to eat our brains.
Space launches are getting so cheap now that you can just put a computer in space and just log into it.
[($)]
Like most, I like my desaster recovery to be hassle free. I've found the most important aspect of this to be dedicated HDDs for this. I use 2.5" external 0.5 or 1TB HDDs. On macOS TimeMachine and on linux BackInTime. Same thing.
The external USB HDDs have labels on them, like "(HOSTNAME) TimeMachine" or "(HOSTNAME) BackInTime". I don't use these for anything else. This is important!
TimeMachine / BackInTime cover my main users home dir. Pure and simple.
For archiving I have two seperate USB HDDs of the same type and size (2TB). UnifiedDataSorage 1 and 2. I archive stuff on 1 and roughly once a year rsync to 2, then use 2 for the next round. When I rsync 2 back to 1 I use 1 again. This keeps both HDDs in resonable use. The archive not in use is hidden in my bathroom cabinet, so it's not easly found in a break-in.
WiFi Drives under the floorpanels or NAS on a VPN with a computer buddy in another town in case of a fire would be a better solution, but we haven't gotten aroind to this yet. But I consider my setup usable, cheap, resonably hassle-free and safe enough.
My 2 eurocents.
We suffer more in our imagination than in reality. - Seneca
... encrypted HDD or homedir. Really important if you don't want a stolen computer leading to ID theft and a large type fuckup of your life.
We suffer more in our imagination than in reality. - Seneca
I hadn't heard of them before but the only 3G + GPS solutions using Python I've heard of are Telit modules, doing a search for Telit products it's probably something like the following:
HE910 Mini PCIe - 3G
So I was at the receiving end of a burglary last year. The wife woke me up because she heard something. And in some sort of half-sleep/half-awake state, I stormed down and charged at the two guys that were riffling through our possessions.
Thank god I live in Europe so burglars aren't armed or anything. They ran away to the front door and tried to escape. I ran after them and when they were opening the front door, attacked them. At some point during the pushing and shoving, I woke up and thought -- what the fuck do I actually care?
So I said "okay guys, let's stop here. I haven't actually seen your faces and I'm not looking" (I started staring at the floor) "and I don't really care, just take that stuff and go". They took off and I called the cops. They took fingerprints and stuff but never caught them.
They took an iPad, a MacBook and some money. I remote-locked the iPad, and realized I had Prey running on the MacBook. I switched the MacBook to "lost mode" but one year later, it appears they formatted the drive before connecting to the internet. The files on the MacBook weren't encrypted, the iPad was.
Lessons learned:
- I got most of the value back through the insurance
- Install Prey or some other remote locking software stuff
- Don't go and fight burglars, it's not worth it
8 of 13 people found this answer helpful. Did you?
Instead of encrypted partitions (or as well as them) I'd say it's best to not put things that are most useful to a thief on there at all. Bank account details do not have to be saved for example. Scans of documents that could be used for identity theft - not the permanent place for them either.
While a thief could do a social engineering attack on another using your email settings (another reason to not autosave a password) it's more hard work than them getting your banking details.
IMHO the likelihood of theft is why certificate only logins to VPNs or ssh are an extremely bad idea especially on laptops and tablets. Sure, use a cert, but if there is no passphrase than any thief or script kiddie that 0wns the device can get into whatever you can get into.
1. Backup
2. Enough money to buy a new one
3. Encryption
Much of my stuff is stored off my PC so they steal it they get a PC to sell on EBay I guess
Just get one of these bad boys:
https://i.ytimg.com/vi/ZS_CHjYie4A/maxresdefault.jpg
Your PC and data are safe! It's not like a thief will ever be able to find a copy of the dragon key for it.
http://www2.fiskars.com/Products/Gardening-and-Yard-Care/Cultivating-Tools/Big-Grip-Cultivator-400S
He was killed by an exploding grenade he had installed to kill thieves that would temper with his property. Unfortunatly he forgot the grenade and accessed the computer hardware with the neccessary precaution. .. or ..
Was found guilty and got sentenced to death for trip-wire 1st degree murdering an FBI agent trying to access his computer hardware.
Drive encryption on, Backup to Hidden NAS in the house, backup to encrypted cloud storage.
Really trivial solutions that have been available for everyone for over half a decade now.
Do not look at laser with remaining good eye.
One that goes off when the move the tower. Then there will be no data for them to steal. And no them to steal data.
250g of C4, shaped charge directed at the place where the user is sitting. ...
As soon as it gets activated and decides via its network connection that it is at the wrong place in the universe, it gets triggered.
An additional termite charge in the hard drives should make sure it can not be traced back to me
Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
Encryption. 2 backups (also encrypted), one at home and one at the office. If lost, damaged or stolen, I just buy another MacBook Pro, restore from Time Machine and I'm good to go. I work near an Apple Store so I could probably be back up and running in a few hours.
I do the following:
- Store copies of important data in multiple locations (backed up to a device in my home as well as cloud).
- Use a long, complex password.
- Encrypt my hard drive.
- Enable Firmware Password. This is not preventative but it does give me some peace of mind knowing that if my laptop was stolen, it is not able to be wiped and re-used.
- Enable Find My Mac. I do not have any experience using this to locate a laptop but it has saved numerous friends' phones.
- Display a logon message with my full name, phone number and email address.
- Have insurance that covers me for theft when I am at home or travelling.
Full Image of hard drive on an external hard drive of flash drive.
As a general rule for my side business, all data resides on the file server and the backup hard drive in the Red Hat Linux box. I'm not overly concern about my inexpensive laptop or gaming rig being stolen. The file server and RHL box are locked down with Kensington cable locks. This, of course, doesn't prevent a determined thief from stealing these systems. It does deter the casual thief who is looking to get in and out in a hurry.
For a laptop, I just enable to Power-on and disk password (and lock admin). That's going to stop 99.99% of the thieves (and protect the data from them), and, better yet, give the thieves a laptop that isn't good for much at a pawnshop, so they're less likely to return for a second pass. Any systems are imaged (clonezilla) with the images stored off site, and the data is backed up (and on a weekly basis swapped with off-site backup (taking drive to work after confirming routine with employer).
1. Power-on password that's reasonably (but not stupidly) strong.
2. Full-disk encryption.
3. External backups of critical data.
4. Mitigate risk of theft happening in the first place.
To be fair, I only do #1 and #4 currently. Though I'm supposed to be doing #2 as part of company policy.
I used to roll my own remote cron backups but when Crashplan came along I stopped. The problem with all other backup services out there is that even if they let you store as much as you liked the problem is 1) restores are a hideous problem at network speeds . 2) how do you validate the backups 3) Dump level 0 initial backups take forever.
Crash plan solves this. They let you use your own disks attached to a computer at your friends house. (presumably you return the favor). The initial backup is done locally attached to your computer, then you drive the disk over to your freinds house. Incremental backups are then done over the net. The disk is encrypted so your friend can't be tempted to take a peek or be liable if you happen to be storing illicit materials. And when the day comes for the complete restore, you drive over and get the disk.
While you could in priniciple do this yourself there's a couple reasons it's better to use crashplan. First it overcomes the problem of how two dynamic IP computers, severla layers deep in a router stack on different networks always can find each other. Second, your friend is putting blind faith in some perl spagetti script you hacked together then gave root level privledges and network access on their computer. third the software gets updated without you having to sysadmin their computer or worry about what OS, and version, they are running on their machines.
Finally it's cheap. You can of course pay more and use Crashplan's own server, but then you just get all the problems I outlined for no added benefit.
Some drink at the fountain of knowledge. Others just gargle.
I used to be the "crack" man for a couple of home burglars. IE, I used to unknowingly crack windows passwords, reinstall OS's, etc for some guys who would break into houses and steal shit. They told me that they'd buy the laptops for cheap at flea markets, and flip them. I of course didn't believe it, so I started recording serial numbers around the 3rd laptop. Funny enough, eventually I buddied up with them and one of them came clean with what they do and how they do it. (Wanting me to do more laptops at a bulk discount.) I agreed, did a few more for them, and then submitted all the serial numbers, text messages, and license plates to the police... In all I cracked/reinstalled around 20 computers, only a couple came back as hits as stolen by the police.
After that, I had to get serious about defense. If those fuckers ever put two and two together, they'll know who busted them. On top of this, I have tens of thousands of easily steal-able computer stuff too.
So here is what I learned working with professional thieves:
1) They want to get in as quick and quite as possible.
2) They want to get in when no one is home (9am-3pm)
3) They want to be not visible from the road, but close to the main road. (So back side of apartment buildings.)
4) They want to be in and out in 3-5minutes. Thus negating burglar alarms.
5) They're looking for easy to steal stuff. Laptops,Guns, Money/IDs, Video Games, Video Game Consoles, TV's, PC's, anything else (in that order).
6) They don't have a soul, they don't give a shit about you or your stuff.
Here is how you prevent your PC from being stolen:
1) Start with making your home difficult to break in:
Most entries are through an exterior door, generally by kicking it in. Replace all striker plates with a 4 screw system that has at least 2 2-inch long screws. Replace or add a metal plate around the lock of the door. You can do both of these in an apartment, and turn 1 kick entry into a 10 kick, possible no entry.
If you own the home your self, replace all exterior doors and door frames with steal frames. Metal doors and metal frames are extremely difficult to kick in.
Next are the windows. Keep all windows locked on every floor! A thief can easily climb up to a second story window and open it. Next, make your windows break proof. Some fire paranoid people will say don't do this, but home thief is much more common than breaking a window and jumping out of it during a fire. There are several security films that you can apply to a window that can make it withstand repeated attempts to smash it in with a hammer. Please note, this is EVERY window. Don't think a thief will shimmy in a busted garage door glass... These people are scum of the earth.
If you have a garage door, make sure the door opener opener is not using a common opening system. I don't know too much about garage security, so do some research.
Buy a doorbell camera. Make sure they can see it. This also helps great with UPS.
Finally, stick some home security stickers around your house. Make sure they're of real security companies. Even if you don't have service, a thief isn't going to pick your house if its difficult to get in, and the neighbor's is easier.
2) Securing your PC.
Once a thief is in your home, there isn't really much you can do. The main thing is, you have to make getting what they want so difficult that it'll take longer than 5 minutes. Easily frustrated, thieves are on a clock, and will just grab the easy to get stuff and run.
IF you have a laptop, this means one of those security cables. Although a decent wire cutter (which some thieves will have with them) will slice through them with ease. So with that in mind, unless you keep your laptop in a anchored safe, it's gone. Get insurance. Ditto with video game consoles, video games, etc.
The PC is a little different beast. Short of having a complete anchored rack cabinet with locks, there are two things you can do (one of which I currently do, the other I will pro
Do real, clean shutdowns every time. Yes, it is more effort, but you can either have security or convenience, not both. Apart from that, backups. You may want to put everything important in an SVN or GIT repository and sync whenever you are online.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Well, your lifetime spot in federal prison is already reserved. Just hope they do not make you a "terrorist".
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
To prepare the theft of my PC, I just slap a "Steal Me" sticker on top. If I'm lucky, they'll think it's a trap and leave it alone.
Do you feel lucky punk?
Fight Spammers!
I use a Dell laptop for work and I have enabled the hard disk password. I also ensure not to keep anything important on the laptop and use cloud storage. I am also exploring the option of using BitLocker to encrypt the drive. With the Dell hard disk password, the drive will not be mounted unless the correct password is entered. Resetting the password using Dell tools will result in drive getting wiped clean.
Actually, my experience has been that the VAST majority of the time a computer is stolen, it's a laptop that gets stolen while the owner is out and about someplace with it. Therefore, even if it's covered under the homeowners' policy, it's not going to make any sense to claim it. Even if it was a high-end system with costly accessories in the laptop bag -- it wouldn't be worth THAT much over any deductible. And homeowners' insurance tends to automatically drop you if you make 2 claims within something like a 5-10 year period of time. So you'd effectively be wasting your one claim that you'd want to use for a REAL issue (like a total loss due to fire).
As a side note, on auto insurance? You're basically correct, except any time you're buying a brand new car, you should also be looking at buying Gap insurance that covers the difference between the car's supposed value and what you actually owe on the loan. The dealerships who hawk it at the time of the sale usually sell policies that cost 3x as much as what your own auto insurance agency would charge to add it to your existing policy, so it's worth making some calls about for quotes, at the very least.
except cry when they take my PC away
mfwright@batnet.com
I use Bitlocker drive encryption and have my Documents/pictures/music etc on my dropbox. This arrangement prepares me for lost/stolen computers as well as (far more common) hardware failures. It also gives me near-real-time sync to my other PCs as well.
There are some nice bonuses to this arrangement.
I (via my unlimited data) sync my photos to my PCs with dropbox automagically in near real-time.
I can pull up password safe on my Android Phone from my dropbox-made-available-offline psafe3 file.
Safe neighbourhoods count for a lot. No one's breaking into my house.
I'd prefer to simply stay up all night, lying in wait and stroking my gun. But my government won't let me have one. Something about being a danger to myself or others.
I need a wheelchair van for my son. Help me get the word out. https://www.gofundme.com/wheelchair-van-for-jj
I have my entire setup on Linux, with encrypted filesystems. My daily use notebook is a Dell XPS13, with BIOS password, then harddrive password, and last encrypted password of the linux partition. All the three passwords are different, of course.
All the important files/documents are automatically backed up in Amazon AWS, in one of my servers running NextCloud, with encrypted FS. So, if I lost a PC, I can recover all the important things easily. Never had any problems at all with it. All the emails are on Google, so I don't need to backup them every day.
And, at home, I've got eight dogs, all of them rescued from the streets. At night, they sleep inside the house, so if any burglar tries to get into, he'll probably get out in a trash bag, as feces. Of course, you can see the dog's houses from the street, so you'll be pretty sure that there are more than one. By the way, the poodle is the "alarm" of the house. She wakes up with the sound of a flea!!! (and the Pitbull one is a tank.... you don't want to mess with him!).
-- Francisco Rivas C.
Security screen door, outside the front door. Hinge pins are set. IIRC somebody mushroomed the ends pretty good.
Supreme court said cops can go in and 'secure the front room of the house' (shoot dog etc), without your consent, if you open the door. But not if you have a security door on the outside.
Everybody should have one, you're a _communist_ if you don't.
If they want in, they attach a chain to the security door and pull it off. But the pushin to checkout if you've got anything worth stealing (civil forfeiture) won't happen.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
Go ahead and try.
I don't need a gun to defend myself, I don't lock my door because I trust people.
I've had harddrive failure multiple times and I just restore from the external hard drive. I keep weekly/monthly on the 1TB so as to recover human error deletion on the OS disk. The real deal is I know it works because I've done the restore multiple times, including buying a new laptop.
The I7 Intel chip with onboard Linux encryption instructions makes the encryption fast enough to run multiple VMs with only a little lag, mostly starting a VM.
Cheers!
All my home PC's are encrypted with Bitlocker, main drives and additional. I backup all files between my PC and my Synology NAS which is also encrypted. This NAS is synced up 1 on site and 1 offsite. I am not concerned about auto-wipe since its encrypted anyway and I highly doubt anyone stealing my stuff would do anything outside formatting the stuff after not being able to get in. I am also not concerned about computer settings since most of that gets restored through my Microsoft account and anything else that doesn't is not to hard to setup. Insurance I never even thought of but I am very against "insurance" since I hate dealing with any service that takes your money and gives you a hard time when you need them. Ide rather throw a few bucks into an emergency fund every week and just take from that. All in all if you get your stuff taken from you there is no easy fast solution and sadly its just one of those things you have to deal with. Having encrypted devices to protect your data and at least 1 offsite backup of your stuff should really be all anyone needs to know your secure and safe.
I like to keep things simple.
This post was painful to read.
So he got a new computer, got it. Cool story, bro.
I have a great insurance company that insures my PC and all my stuff in my home.
It's called Smith and Wesson.