lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon Dec 26 00:27:42 2005
From: thetowch at gmail.com (Bob Franklin)
Subject: Breaking LoJack for Laptops

Anyone with a brain is not going to hook up a stolen laptop to a network
without formatting the drive first.

On 12/25/05, Bob Hacker <bob.hacker@...il.com> wrote:
>
> Allowing 192* to be called from is absurd. And its not that hard to whois
> the ip, contact the isp who now these days hand over information to almost*
> anyone with a nice fancy letterhead from a lawyers office. Saying Dear Mr
> ISP bad person using this IP has stolen laptop that sold on ebay for 50
> bucks, please give us his address so we may take him to court and charge him
> with possession of stolen property, a misdemenor in most states. Yes its
> logical. But in theory I think the whole thing is like the MS key validate,
> disable it in windows add-ons and move on. Its like that one time at
> bandcamp when i was on a lan and didnt know my ip so i went to steve gibsons
> site. Note. I am sure anyone who has a purchased a stolen laptop ,  it had a
> password on it. So the OS was already installed. just my .02
>
>
> -bob
>
>
>  Computrace Agent last called from:                      192.168.0.1
> > >
> > > Secure? Doubtful. Absolute is solely relying on an IP address to
> > > track a machine. One of the problems with this is that they will
> > > need to go to court and request the information from the ISP on who
> > > used that IP address, after getting this information, they can only
> > > hope they will find the machine at that location.
>
>
> On 12/25/05, Andrew Wong <andrewmarkwong@...il.com> wrote:
> >
> > Do you have evidence for this? Or are you just going to claim he's
> > wrong?
> > He's presented an arguement, now if you believe it to be wrong, back
> > it up with facts.
> >
> > Cheers,
> >
> > On 12/24/05, Bob Hacker <bob.hacker@...il.com> wrote:
> > > Let me begin with your very very WRONG. Those laptops cant be hacked
> > even
> > > with the password.
> > > Have you lost what little mind you have left? Thats like saying there
> > isnt a
> > > local for * 2.6.x stolen from lorians /home , give me a break. Go
> > audit
> > > linksys router manual on typo's or something.
> > > And merry xmas !Z
> > >
> > >
> > >
> > > On 12/24/05, obnoxious@...h.com <obnoxious@...h.com> wrote:
> > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > Hash: SHA1
> > > >
> > > > Breaking Computrace's Lo Jack for Laptops
> > > > J. Oquendo
> > > > obnoxious@...h.com :: "Can you hear me now?"
> > > > 12/24/05
> > > >
> > > >
> > > > After my company spent a pretty penny purchasing this Absolute's
> > > > Computrace "Lojack for Laptops" product, I decided to write up a
> > > > "How-To Defeat LoJack For Laptops" article. Why? Why not? Maybe the
> > > > vendor can step it up a notch and create something that actually
> > > > functions without flaw. This is not to say the product doesn't work
> > > > to some capacity, this article tends to solely clarify what this
> > > > product is and how simple it is to disable it.
> > > >
> > > > Here is Asbolute's advertisement:
> > > >
> > > > LAPTOP SECURITY PREVENTS LAPTOP THEFT.
> > > >
> > > > Computrace is laptop security and tracking software which deters
> > > > laptop theft and recovers stolen computers ? guaranteed. Absolute
> > > > also provides software inventory, computer inventory, PC inventory,
> > > > PC audits, IT asset management, asset tracking, software license
> > > > management, and data security tools and services.
> > > >
> > > > I'd like to know how their product prevents laptop theft or even
> > > > minimizes it. The ad is humorous. For the company to guarantee they
> > > > can deter theft is another oddity. For starters there are no
> > > > markings on my own laptop that state "Protected by Absolute" or
> > > > anything similar. Even if there were, I highly doubt - that even if
> > > > there were markings on my laptop - that would stop someone from
> > > > picking up my machine and taking off with it. Secondly to state
> > > > they can recover my laptop is even stranger. Lastly, someone might
> > > > confuse Absolute with Absolut and snicker at it. To date my laptop
> > > > has not "called in" for about sixty plus days. Should I call
> > > > Absolute and put them to the test? The outcome would be nothing
> > > > more than a refund for Computrace. Data? Laptop? Sayanora.
> > > >
> > > > So here is what Computrace is; it is nothing more than a piece of
> > > > software that details what your machine is, and reports this data
> > > > back to the Absolute website. This is some the information the
> > > > reporting contains for some for those machines running this
> > > > gimmick:
> > > >
> > > > Call Tracking Information (for my own laptop)
> > > > Computrace Agent first installed on (first call):       11/10/2005
> > > > 9:06:38 AM
> > > > Computrace Agent version:
> > > 814
> > > > Computrace Agent last called on:
> > > 11/13/2005 2:20:17 PM
> > > > Computrace Agent last called from:                      192.168.0.1
> > > > Computrace Agent next call scheduled for:               11/14/2005
> > 2:50:17
> > > PM
> > > > Asset tracking data last collected on:                  11/13/2005
> > 2:20:17
> > > PM
> > > >
> > > > MY_USERNAME
> > > > MY_LAPTOP_NAME
> > > > Assig. Username:
> > > > Make: Dell Computer
> > > > Model: INSPIRON_6000            Serial# XXXXXXX
> > > > Asset#   11/13/2005 2:20:17 PM          814     Active
> > > >
> > > > Today is December 24th 2005. Prior to the 11/10 date, I had the
> > > > program installed and disabled it without any notice for
> > > > approximately 64 days, then reinstalled it for testing purposes.
> > > > Obviously had I stolen this laptop, Absolute wouldn't be able to do
> > > > anything about it. They don't know where it's at. At least they let
> > > > me know something was cooking:
> > > > Dear Customer Center User:
> > > >
> > > >
> > > > This is an automatic e-mail notification generated by the Customer
> > > > Center alerting system.
> > > >
> > > > Please visit
> > > https://www.Absolute.com/public/secure/login.asp to
> > > > investigate your new alert.
> > > >
> > > > The following alert(s) configured for your account have been
> > > > triggered:
> > > >
> > > > * Alert Name: Last called 20 days ago
> > > > * Description: Pre-defined alert - if you don't wish to use this
> > > > alert, leave it in a suspended status (note that it will be
> > > > recreated in a suspended status if deleted)
> > > > * Alert Type: Automatic Reset in 10 days
> > > > * Alert Condition: Last Call Time - Greater or Equal To - 20 day(s)
> > > > since last call
> > > > * Detected on: 24 Dec 2005 00:28:34:5
> > > >
> > > > You have computers that have not called within a specific time
> > > > period (as defined by the alert condition).
> > > >
> > > > For customers with the recovery guarantee: Note that the guarantee
> > > > becomes invalid for computers that have not called in more than 30
> > > > days. Please refer to your Terms and Conditions for more
> > > > information.
> > > >
> > > > For customers with the recovery service:  The chances of recovering
> > > > a computer post-theft are reduced if the computer is not calling
> > > > regularly.
> > > >
> > > > For customers with asset tracking: your asset data is likely to be
> > > > out of date for computers that haven't called in recently
> > > >
> > > > All Customers: You can use the ctmweb management tool to confirm
> > > > that the agent software is installed and, if necessary, reinstall
> > > > it.  If the agent is installed, the ctmweb management tool can be
> > > > used to perform a test call.  Once machines call into the
> > > > monitoring center, they automatically meet the call-back criteria
> > > > for eligibility for the guarantee.To retrieve the list of
> > > > computers, log into the Customer Center and follow the instructions
> > > > below:
> > > >
> > > > a. Click on Reports.
> > > > b. Go to "Call History and Loss Control" , click on "Missing
> > > > Computers".
> > > >
> > > > In the box below "Show all Computers where...", under where it
> > > > states:  "group name is" use the drop down to select the group
> > > > name: "Recovery Guarantee" then to the right, enter 20 days.  Once
> > > > done, click on "show results".This will provide you with a list of
> > > > computers that need attention.
> > > >
> > > > ESN: XXXXXXXXXXXXXXXXXXXX PC Name: [MACHINE_X]  Username:
> > > > [username]  Department: [departmentname]
> > > >
> > > >
> > > > That message is reassuring. It's letting me know MACHINE_X hasn't
> > > > been online. It is up to me to report it stolen so Absolute can
> > > > retrieve it. But how do they expect to do this. There isn't
> > > > anything other than a little program which runs after Windows has
> > > > started that waits for connectivity to scream for help.
> > > >
> > > > Now let's look at what Absolute is using to find a stolen machine
> > > > shall we?
> > > >
> > > > Computrace Agent last called from:                       192.168.0.1
> > > >
> > > > Secure? Doubtful. Absolute is solely relying on an IP address to
> > > > track a machine. One of the problems with this is that they will
> > > > need to go to court and request the information from the ISP on who
> > > > used that IP address, after getting this information, they can only
> > > > hope they will find the machine at that location. How much would it
> > > > cost Absolute to go through these motions? Even if they did go
> > > > through these motions, why should they when they can just refund
> > > > someone the cost of the Computrace software. Or, what happens when
> > > > a stolen laptop is using stolen resources for connections? Like say
> > > > an open Wi-Fi hotspot? What does Computrace expect to do when
> > > > someone reinstalls an operating system over the system with their
> > > > software running. That software is useless.
> > > >
> > > > It's that simple. Reinstalling an operating system over a stolen
> > > > laptop will automaGically make Computrace as useful as an
> > > > industrial freezer in Antarctica, useless.
> > > >
> > > > Now supposing you stole a laptop with Computrace installed on it,
> > > > and actually wanted to keep the data, you have one of a few
> > > > choices: copy the data, wipe the drive and make a clean OS
> > > > installation, or you can simply kill the process and modify the
> > > > Windows registry to rid yourself of this gimmick.
> > > >
> > > > What are you looking for? A program called RPCNETP.EXE. You could
> > > > search the registry for it and rename it, delete it entirely, stop
> > > > the services by going to the Windows Control Panel/Administrative
> > > > Tools/Services and stop it from there. Use Sysinternal's Process
> > > > Explorer, Knoppix. I could count numerous ways to disable this
> > > > product. As for the service Absolute offers, I've logged in twice
> > > > in six months because I was wondering who was sending me those
> > > > annoying alerts, and I wanted to see exactly what information was
> > > > being passed over to Absolute's databases.
> > > >
> > > > Final word? Want security think Biometrics before a bios boot up,
> > > > disabling CD/DVD start ups, passwording the bios. All in all there
> > > > is little one can do when a laptop is stolen. Other than insurance
> > > > purposes, I see this product as being nothing more than a gimmick.
> > > > Sadly I was hoping I could give them some form of kudos. Maybe I
> > > > can, their website and packaging are nice.
> > > >
> > > > -----BEGIN PGP SIGNATURE-----
> > > > Note: This signature can be verified at
> > > https://www.hushtools.com/verify
> > > > Version: Hush 2.4
> > > >
> > > >
> > > wkYEARECAAYFAkOtY7wACgkQo8cxM8/cskousQCgvWJNpxfseItFts2OeTJMEBRjhEYA
> > > > oK4F3A9hl5L66qX3R5A/29zMsQKN
> > > > =sVF5
> > > > -----END PGP SIGNATURE-----
> > > >
> > > >
> > > >
> > > >
> > > > Concerned about your privacy? Instantly send FREE secure email, no
> > account
> > > required
> > > > http://www.hushmail.com/send?l=480
> > > >
> > > > Get the best prices on SSL certificates from Hushmail
> > > > https://www.hushssl.com?l=485
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter:
> > > http://lists.grok.org.uk/full-disclosure-charter.html
> > > > Hosted and sponsored by Secunia - http://secunia.com/
> > > >
> > >
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter:
> > > http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> > >
> > >
> >
> >
> > --
> > Andrew Wong
> > Student of Computer Science at large.
> > KeyID: 406568A2
> >
> > "This is the sort of pedantry up with which I will not put." - Winston
> > Churchill
> > "I'm not closed minded, you're just wrong." - Getfuzzy
> >
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051226/4ad68ac8/attachment-0001.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ