lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat Dec 24 15:57:32 2005
From: bob.hacker at gmail.com (Bob Hacker)
Subject: Breaking LoJack for Laptops

Let me begin with your very very WRONG. Those laptops cant be hacked even
with the password.
Have you lost what little mind you have left? Thats like saying there isnt a
local for * 2.6.x stolen from lorians /home , give me a break. Go audit
linksys router manual on typo's or something.
And merry xmas !Z


On 12/24/05, obnoxious@...h.com <obnoxious@...h.com> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Breaking Computrace's Lo Jack for Laptops
> J. Oquendo
> obnoxious@...h.com :: "Can you hear me now?"
> 12/24/05
>
>
> After my company spent a pretty penny purchasing this Absolute's
> Computrace "Lojack for Laptops" product, I decided to write up a
> "How-To Defeat LoJack For Laptops" article. Why? Why not? Maybe the
> vendor can step it up a notch and create something that actually
> functions without flaw. This is not to say the product doesn't work
> to some capacity, this article tends to solely clarify what this
> product is and how simple it is to disable it.
>
> Here is Asbolute's advertisement:
>
> LAPTOP SECURITY PREVENTS LAPTOP THEFT.
>
> Computrace is laptop security and tracking software which deters
> laptop theft and recovers stolen computers ? guaranteed. Absolute
> also provides software inventory, computer inventory, PC inventory,
> PC audits, IT asset management, asset tracking, software license
> management, and data security tools and services.
>
> I'd like to know how their product prevents laptop theft or even
> minimizes it. The ad is humorous. For the company to guarantee they
> can deter theft is another oddity. For starters there are no
> markings on my own laptop that state "Protected by Absolute" or
> anything similar. Even if there were, I highly doubt - that even if
> there were markings on my laptop - that would stop someone from
> picking up my machine and taking off with it. Secondly to state
> they can recover my laptop is even stranger. Lastly, someone might
> confuse Absolute with Absolut and snicker at it. To date my laptop
> has not "called in" for about sixty plus days. Should I call
> Absolute and put them to the test? The outcome would be nothing
> more than a refund for Computrace. Data? Laptop? Sayanora.
>
> So here is what Computrace is; it is nothing more than a piece of
> software that details what your machine is, and reports this data
> back to the Absolute website. This is some the information the
> reporting contains for some for those machines running this
> gimmick:
>
> Call Tracking Information (for my own laptop)
> Computrace Agent first installed on (first call):       11/10/2005
> 9:06:38 AM
> Computrace Agent version:                               814
> Computrace Agent last called on:                        11/13/2005 2:20:17
> PM
> Computrace Agent last called from:                      192.168.0.1
> Computrace Agent next call scheduled for:               11/14/2005 2:50:17
> PM
> Asset tracking data last collected on:                  11/13/2005 2:20:17
> PM
>
> MY_USERNAME
> MY_LAPTOP_NAME
> Assig. Username:
> Make: Dell Computer
> Model: INSPIRON_6000            Serial# XXXXXXX
> Asset#   11/13/2005 2:20:17 PM          814     Active
>
> Today is December 24th 2005. Prior to the 11/10 date, I had the
> program installed and disabled it without any notice for
> approximately 64 days, then reinstalled it for testing purposes.
> Obviously had I stolen this laptop, Absolute wouldn't be able to do
> anything about it. They don't know where it's at. At least they let
> me know something was cooking:
> Dear Customer Center User:
>
>
> This is an automatic e-mail notification generated by the Customer
> Center alerting system.
>
> Please visit https://www.Absolute.com/public/secure/login.asp to
> investigate your new alert.
>
> The following alert(s) configured for your account have been
> triggered:
>
> * Alert Name: Last called 20 days ago
> * Description: Pre-defined alert - if you don't wish to use this
> alert, leave it in a suspended status (note that it will be
> recreated in a suspended status if deleted)
> * Alert Type: Automatic Reset in 10 days
> * Alert Condition: Last Call Time - Greater or Equal To - 20 day(s)
> since last call
> * Detected on: 24 Dec 2005 00:28:34:5
>
> You have computers that have not called within a specific time
> period (as defined by the alert condition).
>
> For customers with the recovery guarantee: Note that the guarantee
> becomes invalid for computers that have not called in more than 30
> days. Please refer to your Terms and Conditions for more
> information.
>
> For customers with the recovery service:  The chances of recovering
> a computer post-theft are reduced if the computer is not calling
> regularly.
>
> For customers with asset tracking: your asset data is likely to be
> out of date for computers that haven't called in recently
>
> All Customers: You can use the ctmweb management tool to confirm
> that the agent software is installed and, if necessary, reinstall
> it.  If the agent is installed, the ctmweb management tool can be
> used to perform a test call.  Once machines call into the
> monitoring center, they automatically meet the call-back criteria
> for eligibility for the guarantee.To retrieve the list of
> computers, log into the Customer Center and follow the instructions
> below:
>
> a. Click on Reports.
> b. Go to "Call History and Loss Control" , click on "Missing
> Computers".
>
> In the box below "Show all Computers where...", under where it
> states:  "group name is" use the drop down to select the group
> name: "Recovery Guarantee" then to the right, enter 20 days.  Once
> done, click on "show results".This will provide you with a list of
> computers that need attention.
>
> ESN: XXXXXXXXXXXXXXXXXXXX PC Name: [MACHINE_X]  Username:
> [username]  Department: [departmentname]
>
>
> That message is reassuring. It's letting me know MACHINE_X hasn't
> been online. It is up to me to report it stolen so Absolute can
> retrieve it. But how do they expect to do this. There isn't
> anything other than a little program which runs after Windows has
> started that waits for connectivity to scream for help.
>
> Now let's look at what Absolute is using to find a stolen machine
> shall we?
>
> Computrace Agent last called from:                      192.168.0.1
>
> Secure? Doubtful. Absolute is solely relying on an IP address to
> track a machine. One of the problems with this is that they will
> need to go to court and request the information from the ISP on who
> used that IP address, after getting this information, they can only
> hope they will find the machine at that location. How much would it
> cost Absolute to go through these motions? Even if they did go
> through these motions, why should they when they can just refund
> someone the cost of the Computrace software. Or, what happens when
> a stolen laptop is using stolen resources for connections? Like say
> an open Wi-Fi hotspot? What does Computrace expect to do when
> someone reinstalls an operating system over the system with their
> software running. That software is useless.
>
> It's that simple. Reinstalling an operating system over a stolen
> laptop will automaGically make Computrace as useful as an
> industrial freezer in Antarctica, useless.
>
> Now supposing you stole a laptop with Computrace installed on it,
> and actually wanted to keep the data, you have one of a few
> choices: copy the data, wipe the drive and make a clean OS
> installation, or you can simply kill the process and modify the
> Windows registry to rid yourself of this gimmick.
>
> What are you looking for? A program called RPCNETP.EXE. You could
> search the registry for it and rename it, delete it entirely, stop
> the services by going to the Windows Control Panel/Administrative
> Tools/Services and stop it from there. Use Sysinternal's Process
> Explorer, Knoppix. I could count numerous ways to disable this
> product. As for the service Absolute offers, I've logged in twice
> in six months because I was wondering who was sending me those
> annoying alerts, and I wanted to see exactly what information was
> being passed over to Absolute's databases.
>
> Final word? Want security think Biometrics before a bios boot up,
> disabling CD/DVD start ups, passwording the bios. All in all there
> is little one can do when a laptop is stolen. Other than insurance
> purposes, I see this product as being nothing more than a gimmick.
> Sadly I was hoping I could give them some form of kudos. Maybe I
> can, their website and packaging are nice.
>
> -----BEGIN PGP SIGNATURE-----
> Note: This signature can be verified at https://www.hushtools.com/verify
> Version: Hush 2.4
>
> wkYEARECAAYFAkOtY7wACgkQo8cxM8/cskousQCgvWJNpxfseItFts2OeTJMEBRjhEYA
> oK4F3A9hl5L66qX3R5A/29zMsQKN
> =sVF5
> -----END PGP SIGNATURE-----
>
>
>
>
> Concerned about your privacy? Instantly send FREE secure email, no account
> required
> http://www.hushmail.com/send?l=480
>
> Get the best prices on SSL certificates from Hushmail
> https://www.hushssl.com?l=485
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051224/7be9b262/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ