[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1feb097c0512250830r1e85ec9anf568fed982a4230@mail.gmail.com>
Date: Sun Dec 25 16:30:53 2005
From: andrewmarkwong at gmail.com (Andrew Wong)
Subject: Breaking LoJack for Laptops
Do you have evidence for this? Or are you just going to claim he's wrong?
He's presented an arguement, now if you believe it to be wrong, back
it up with facts.
Cheers,
On 12/24/05, Bob Hacker <bob.hacker@...il.com> wrote:
> Let me begin with your very very WRONG. Those laptops cant be hacked even
> with the password.
> Have you lost what little mind you have left? Thats like saying there isnt a
> local for * 2.6.x stolen from lorians /home , give me a break. Go audit
> linksys router manual on typo's or something.
> And merry xmas !Z
>
>
>
> On 12/24/05, obnoxious@...h.com <obnoxious@...h.com> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Breaking Computrace's Lo Jack for Laptops
> > J. Oquendo
> > obnoxious@...h.com :: "Can you hear me now?"
> > 12/24/05
> >
> >
> > After my company spent a pretty penny purchasing this Absolute's
> > Computrace "Lojack for Laptops" product, I decided to write up a
> > "How-To Defeat LoJack For Laptops" article. Why? Why not? Maybe the
> > vendor can step it up a notch and create something that actually
> > functions without flaw. This is not to say the product doesn't work
> > to some capacity, this article tends to solely clarify what this
> > product is and how simple it is to disable it.
> >
> > Here is Asbolute's advertisement:
> >
> > LAPTOP SECURITY PREVENTS LAPTOP THEFT.
> >
> > Computrace is laptop security and tracking software which deters
> > laptop theft and recovers stolen computers ? guaranteed. Absolute
> > also provides software inventory, computer inventory, PC inventory,
> > PC audits, IT asset management, asset tracking, software license
> > management, and data security tools and services.
> >
> > I'd like to know how their product prevents laptop theft or even
> > minimizes it. The ad is humorous. For the company to guarantee they
> > can deter theft is another oddity. For starters there are no
> > markings on my own laptop that state "Protected by Absolute" or
> > anything similar. Even if there were, I highly doubt - that even if
> > there were markings on my laptop - that would stop someone from
> > picking up my machine and taking off with it. Secondly to state
> > they can recover my laptop is even stranger. Lastly, someone might
> > confuse Absolute with Absolut and snicker at it. To date my laptop
> > has not "called in" for about sixty plus days. Should I call
> > Absolute and put them to the test? The outcome would be nothing
> > more than a refund for Computrace. Data? Laptop? Sayanora.
> >
> > So here is what Computrace is; it is nothing more than a piece of
> > software that details what your machine is, and reports this data
> > back to the Absolute website. This is some the information the
> > reporting contains for some for those machines running this
> > gimmick:
> >
> > Call Tracking Information (for my own laptop)
> > Computrace Agent first installed on (first call): 11/10/2005
> > 9:06:38 AM
> > Computrace Agent version:
> 814
> > Computrace Agent last called on:
> 11/13/2005 2:20:17 PM
> > Computrace Agent last called from: 192.168.0.1
> > Computrace Agent next call scheduled for: 11/14/2005 2:50:17
> PM
> > Asset tracking data last collected on: 11/13/2005 2:20:17
> PM
> >
> > MY_USERNAME
> > MY_LAPTOP_NAME
> > Assig. Username:
> > Make: Dell Computer
> > Model: INSPIRON_6000 Serial# XXXXXXX
> > Asset# 11/13/2005 2:20:17 PM 814 Active
> >
> > Today is December 24th 2005. Prior to the 11/10 date, I had the
> > program installed and disabled it without any notice for
> > approximately 64 days, then reinstalled it for testing purposes.
> > Obviously had I stolen this laptop, Absolute wouldn't be able to do
> > anything about it. They don't know where it's at. At least they let
> > me know something was cooking:
> > Dear Customer Center User:
> >
> >
> > This is an automatic e-mail notification generated by the Customer
> > Center alerting system.
> >
> > Please visit
> https://www.Absolute.com/public/secure/login.asp to
> > investigate your new alert.
> >
> > The following alert(s) configured for your account have been
> > triggered:
> >
> > * Alert Name: Last called 20 days ago
> > * Description: Pre-defined alert - if you don't wish to use this
> > alert, leave it in a suspended status (note that it will be
> > recreated in a suspended status if deleted)
> > * Alert Type: Automatic Reset in 10 days
> > * Alert Condition: Last Call Time - Greater or Equal To - 20 day(s)
> > since last call
> > * Detected on: 24 Dec 2005 00:28:34:5
> >
> > You have computers that have not called within a specific time
> > period (as defined by the alert condition).
> >
> > For customers with the recovery guarantee: Note that the guarantee
> > becomes invalid for computers that have not called in more than 30
> > days. Please refer to your Terms and Conditions for more
> > information.
> >
> > For customers with the recovery service: The chances of recovering
> > a computer post-theft are reduced if the computer is not calling
> > regularly.
> >
> > For customers with asset tracking: your asset data is likely to be
> > out of date for computers that haven't called in recently
> >
> > All Customers: You can use the ctmweb management tool to confirm
> > that the agent software is installed and, if necessary, reinstall
> > it. If the agent is installed, the ctmweb management tool can be
> > used to perform a test call. Once machines call into the
> > monitoring center, they automatically meet the call-back criteria
> > for eligibility for the guarantee.To retrieve the list of
> > computers, log into the Customer Center and follow the instructions
> > below:
> >
> > a. Click on Reports.
> > b. Go to "Call History and Loss Control" , click on "Missing
> > Computers".
> >
> > In the box below "Show all Computers where...", under where it
> > states: "group name is" use the drop down to select the group
> > name: "Recovery Guarantee" then to the right, enter 20 days. Once
> > done, click on "show results".This will provide you with a list of
> > computers that need attention.
> >
> > ESN: XXXXXXXXXXXXXXXXXXXX PC Name: [MACHINE_X] Username:
> > [username] Department: [departmentname]
> >
> >
> > That message is reassuring. It's letting me know MACHINE_X hasn't
> > been online. It is up to me to report it stolen so Absolute can
> > retrieve it. But how do they expect to do this. There isn't
> > anything other than a little program which runs after Windows has
> > started that waits for connectivity to scream for help.
> >
> > Now let's look at what Absolute is using to find a stolen machine
> > shall we?
> >
> > Computrace Agent last called from: 192.168.0.1
> >
> > Secure? Doubtful. Absolute is solely relying on an IP address to
> > track a machine. One of the problems with this is that they will
> > need to go to court and request the information from the ISP on who
> > used that IP address, after getting this information, they can only
> > hope they will find the machine at that location. How much would it
> > cost Absolute to go through these motions? Even if they did go
> > through these motions, why should they when they can just refund
> > someone the cost of the Computrace software. Or, what happens when
> > a stolen laptop is using stolen resources for connections? Like say
> > an open Wi-Fi hotspot? What does Computrace expect to do when
> > someone reinstalls an operating system over the system with their
> > software running. That software is useless.
> >
> > It's that simple. Reinstalling an operating system over a stolen
> > laptop will automaGically make Computrace as useful as an
> > industrial freezer in Antarctica, useless.
> >
> > Now supposing you stole a laptop with Computrace installed on it,
> > and actually wanted to keep the data, you have one of a few
> > choices: copy the data, wipe the drive and make a clean OS
> > installation, or you can simply kill the process and modify the
> > Windows registry to rid yourself of this gimmick.
> >
> > What are you looking for? A program called RPCNETP.EXE. You could
> > search the registry for it and rename it, delete it entirely, stop
> > the services by going to the Windows Control Panel/Administrative
> > Tools/Services and stop it from there. Use Sysinternal's Process
> > Explorer, Knoppix. I could count numerous ways to disable this
> > product. As for the service Absolute offers, I've logged in twice
> > in six months because I was wondering who was sending me those
> > annoying alerts, and I wanted to see exactly what information was
> > being passed over to Absolute's databases.
> >
> > Final word? Want security think Biometrics before a bios boot up,
> > disabling CD/DVD start ups, passwording the bios. All in all there
> > is little one can do when a laptop is stolen. Other than insurance
> > purposes, I see this product as being nothing more than a gimmick.
> > Sadly I was hoping I could give them some form of kudos. Maybe I
> > can, their website and packaging are nice.
> >
> > -----BEGIN PGP SIGNATURE-----
> > Note: This signature can be verified at
> https://www.hushtools.com/verify
> > Version: Hush 2.4
> >
> >
> wkYEARECAAYFAkOtY7wACgkQo8cxM8/cskousQCgvWJNpxfseItFts2OeTJMEBRjhEYA
> > oK4F3A9hl5L66qX3R5A/29zMsQKN
> > =sVF5
> > -----END PGP SIGNATURE-----
> >
> >
> >
> >
> > Concerned about your privacy? Instantly send FREE secure email, no account
> required
> > http://www.hushmail.com/send?l=480
> >
> > Get the best prices on SSL certificates from Hushmail
> > https://www.hushssl.com?l=485
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
--
Andrew Wong
Student of Computer Science at large.
KeyID: 406568A2
"This is the sort of pedantry up with which I will not put." - Winston
Churchill
"I'm not closed minded, you're just wrong." - Getfuzzy
Powered by blists - more mailing lists