[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200512260102.jBQ120oF008102@mailserver2.hushmail.com>
Date: Mon Dec 26 01:02:12 2005
From: obnoxious at hush.com (obnoxious@...h.com)
Subject: Breaking LoJack for Laptops
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I placed a 192 address so kiddiots like yourself don't go bonkers
on my company's /23.
On Sun, 25 Dec 2005 13:38:15 -0800 Bob Hacker
<bob.hacker@...il.com> wrote:
>Allowing 192* to be called from is absurd. And its not that hard
>to whois
>the ip, contact the isp who now these days hand over information
>to almost*
>anyone with a nice fancy letterhead from a lawyers office. Saying
>Dear Mr
>ISP bad person using this IP has stolen laptop that sold on ebay
>for 50
>bucks, please give us his address so we may take him to court and
>charge him
>with possession of stolen property, a misdemenor in most states.
>Yes its
>logical. But in theory I think the whole thing is like the MS key
>validate,
>disable it in windows add-ons and move on. Its like that one time
>at
>bandcamp when i was on a lan and didnt know my ip so i went to
>steve gibsons
>site. Note. I am sure anyone who has a purchased a stolen laptop ,
> it had a
>password on it. So the OS was already installed. just my .02
>
>
>-bob
>
>
> Computrace Agent last called from:
>192.168.0.1
>> >
>> > Secure? Doubtful. Absolute is solely relying on an IP address
>to
>> > track a machine. One of the problems with this is that they
>will
>> > need to go to court and request the information from the ISP
>on who
>> > used that IP address, after getting this information, they can
>only
>> > hope they will find the machine at that location.
>
>
>On 12/25/05, Andrew Wong <andrewmarkwong@...il.com> wrote:
>>
>> Do you have evidence for this? Or are you just going to claim
>he's wrong?
>> He's presented an arguement, now if you believe it to be wrong,
>back
>> it up with facts.
>>
>> Cheers,
>>
>> On 12/24/05, Bob Hacker <bob.hacker@...il.com> wrote:
>> > Let me begin with your very very WRONG. Those laptops cant be
>hacked
>> even
>> > with the password.
>> > Have you lost what little mind you have left? Thats like
>saying there
>> isnt a
>> > local for * 2.6.x stolen from lorians /home , give me a break.
>Go audit
>> > linksys router manual on typo's or something.
>> > And merry xmas !Z
>> >
>> >
>> >
>> > On 12/24/05, obnoxious@...h.com <obnoxious@...h.com> wrote:
>> > > -----BEGIN PGP SIGNED MESSAGE-----
>> > > Hash: SHA1
>> > >
>> > > Breaking Computrace's Lo Jack for Laptops
>> > > J. Oquendo
>> > > obnoxious@...h.com :: "Can you hear me now?"
>> > > 12/24/05
>> > >
>> > >
>> > > After my company spent a pretty penny purchasing this
>Absolute's
>> > > Computrace "Lojack for Laptops" product, I decided to write
>up a
>> > > "How-To Defeat LoJack For Laptops" article. Why? Why not?
>Maybe the
>> > > vendor can step it up a notch and create something that
>actually
>> > > functions without flaw. This is not to say the product
>doesn't work
>> > > to some capacity, this article tends to solely clarify what
>this
>> > > product is and how simple it is to disable it.
>> > >
>> > > Here is Asbolute's advertisement:
>> > >
>> > > LAPTOP SECURITY PREVENTS LAPTOP THEFT.
>> > >
>> > > Computrace is laptop security and tracking software which
>deters
>> > > laptop theft and recovers stolen computers – guaranteed.
>Absolute
>> > > also provides software inventory, computer inventory, PC
>inventory,
>> > > PC audits, IT asset management, asset tracking, software
>license
>> > > management, and data security tools and services.
>> > >
>> > > I'd like to know how their product prevents laptop theft or
>even
>> > > minimizes it. The ad is humorous. For the company to
>guarantee they
>> > > can deter theft is another oddity. For starters there are no
>> > > markings on my own laptop that state "Protected by Absolute"
>or
>> > > anything similar. Even if there were, I highly doubt - that
>even if
>> > > there were markings on my laptop - that would stop someone
>from
>> > > picking up my machine and taking off with it. Secondly to
>state
>> > > they can recover my laptop is even stranger. Lastly, someone
>might
>> > > confuse Absolute with Absolut and snicker at it. To date my
>laptop
>> > > has not "called in" for about sixty plus days. Should I call
>> > > Absolute and put them to the test? The outcome would be
>nothing
>> > > more than a refund for Computrace. Data? Laptop? Sayanora.
>> > >
>> > > So here is what Computrace is; it is nothing more than a
>piece of
>> > > software that details what your machine is, and reports this
>data
>> > > back to the Absolute website. This is some the information
>the
>> > > reporting contains for some for those machines running this
>> > > gimmick:
>> > >
>> > > Call Tracking Information (for my own laptop)
>> > > Computrace Agent first installed on (first call):
>11/10/2005
>> > > 9:06:38 AM
>> > > Computrace Agent version:
>> > 814
>> > > Computrace Agent last called on:
>> > 11/13/2005 2:20:17 PM
>> > > Computrace Agent last called from:
>192.168.0.1
>> > > Computrace Agent next call scheduled for:
>11/14/2005
>> 2:50:17
>> > PM
>> > > Asset tracking data last collected on:
>11/13/2005
>> 2:20:17
>> > PM
>> > >
>> > > MY_USERNAME
>> > > MY_LAPTOP_NAME
>> > > Assig. Username:
>> > > Make: Dell Computer
>> > > Model: INSPIRON_6000 Serial# XXXXXXX
>> > > Asset# 11/13/2005 2:20:17 PM 814 Active
>> > >
>> > > Today is December 24th 2005. Prior to the 11/10 date, I had
>the
>> > > program installed and disabled it without any notice for
>> > > approximately 64 days, then reinstalled it for testing
>purposes.
>> > > Obviously had I stolen this laptop, Absolute wouldn't be
>able to do
>> > > anything about it. They don't know where it's at. At least
>they let
>> > > me know something was cooking:
>> > > Dear Customer Center User:
>> > >
>> > >
>> > > This is an automatic e-mail notification generated by the
>Customer
>> > > Center alerting system.
>> > >
>> > > Please visit
>> > https://www.Absolute.com/public/secure/login.asp to
>> > > investigate your new alert.
>> > >
>> > > The following alert(s) configured for your account have been
>> > > triggered:
>> > >
>> > > * Alert Name: Last called 20 days ago
>> > > * Description: Pre-defined alert - if you don't wish to use
>this
>> > > alert, leave it in a suspended status (note that it will be
>> > > recreated in a suspended status if deleted)
>> > > * Alert Type: Automatic Reset in 10 days
>> > > * Alert Condition: Last Call Time - Greater or Equal To - 20
>day(s)
>> > > since last call
>> > > * Detected on: 24 Dec 2005 00:28:34:5
>> > >
>> > > You have computers that have not called within a specific
>time
>> > > period (as defined by the alert condition).
>> > >
>> > > For customers with the recovery guarantee: Note that the
>guarantee
>> > > becomes invalid for computers that have not called in more
>than 30
>> > > days. Please refer to your Terms and Conditions for more
>> > > information.
>> > >
>> > > For customers with the recovery service: The chances of
>recovering
>> > > a computer post-theft are reduced if the computer is not
>calling
>> > > regularly.
>> > >
>> > > For customers with asset tracking: your asset data is likely
>to be
>> > > out of date for computers that haven't called in recently
>> > >
>> > > All Customers: You can use the ctmweb management tool to
>confirm
>> > > that the agent software is installed and, if necessary,
>reinstall
>> > > it. If the agent is installed, the ctmweb management tool
>can be
>> > > used to perform a test call. Once machines call into the
>> > > monitoring center, they automatically meet the call-back
>criteria
>> > > for eligibility for the guarantee.To retrieve the list of
>> > > computers, log into the Customer Center and follow the
>instructions
>> > > below:
>> > >
>> > > a. Click on Reports.
>> > > b. Go to "Call History and Loss Control" , click on "Missing
>> > > Computers".
>> > >
>> > > In the box below "Show all Computers where...", under where
>it
>> > > states: "group name is" use the drop down to select the
>group
>> > > name: "Recovery Guarantee" then to the right, enter 20 days.
> Once
>> > > done, click on "show results".This will provide you with a
>list of
>> > > computers that need attention.
>> > >
>> > > ESN: XXXXXXXXXXXXXXXXXXXX PC Name: [MACHINE_X] Username:
>> > > [username] Department: [departmentname]
>> > >
>> > >
>> > > That message is reassuring. It's letting me know MACHINE_X
>hasn't
>> > > been online. It is up to me to report it stolen so Absolute
>can
>> > > retrieve it. But how do they expect to do this. There isn't
>> > > anything other than a little program which runs after
>Windows has
>> > > started that waits for connectivity to scream for help.
>> > >
>> > > Now let's look at what Absolute is using to find a stolen
>machine
>> > > shall we?
>> > >
>> > > Computrace Agent last called from:
>192.168.0.1
>> > >
>> > > Secure? Doubtful. Absolute is solely relying on an IP
>address to
>> > > track a machine. One of the problems with this is that they
>will
>> > > need to go to court and request the information from the ISP
>on who
>> > > used that IP address, after getting this information, they
>can only
>> > > hope they will find the machine at that location. How much
>would it
>> > > cost Absolute to go through these motions? Even if they did
>go
>> > > through these motions, why should they when they can just
>refund
>> > > someone the cost of the Computrace software. Or, what
>happens when
>> > > a stolen laptop is using stolen resources for connections?
>Like say
>> > > an open Wi-Fi hotspot? What does Computrace expect to do
when
>> > > someone reinstalls an operating system over the system with
>their
>> > > software running. That software is useless.
>> > >
>> > > It's that simple. Reinstalling an operating system over a
>stolen
>> > > laptop will automaGically make Computrace as useful as an
>> > > industrial freezer in Antarctica, useless.
>> > >
>> > > Now supposing you stole a laptop with Computrace installed
>on it,
>> > > and actually wanted to keep the data, you have one of a few
>> > > choices: copy the data, wipe the drive and make a clean OS
>> > > installation, or you can simply kill the process and modify
>the
>> > > Windows registry to rid yourself of this gimmick.
>> > >
>> > > What are you looking for? A program called RPCNETP.EXE. You
>could
>> > > search the registry for it and rename it, delete it
>entirely, stop
>> > > the services by going to the Windows Control
>Panel/Administrative
>> > > Tools/Services and stop it from there. Use Sysinternal's
>Process
>> > > Explorer, Knoppix. I could count numerous ways to disable
>this
>> > > product. As for the service Absolute offers, I've logged in
>twice
>> > > in six months because I was wondering who was sending me
>those
>> > > annoying alerts, and I wanted to see exactly what
>information was
>> > > being passed over to Absolute's databases.
>> > >
>> > > Final word? Want security think Biometrics before a bios
>boot up,
>> > > disabling CD/DVD start ups, passwording the bios. All in all
>there
>> > > is little one can do when a laptop is stolen. Other than
>insurance
>> > > purposes, I see this product as being nothing more than a
>gimmick.
>> > > Sadly I was hoping I could give them some form of kudos.
>Maybe I
>> > > can, their website and packaging are nice.
>> > >
>> > > -----BEGIN PGP SIGNATURE-----
>> > > Note: This signature can be verified at
>> > https://www.hushtools.com/verify
>> > > Version: Hush 2.4
>> > >
>> > >
>> >
>wkYEARECAAYFAkOtY7wACgkQo8cxM8/cskousQCgvWJNpxfseItFts2OeTJMEBRjhEY
>A
>> > > oK4F3A9hl5L66qX3R5A/29zMsQKN
>> > > =sVF5
>> > > -----END PGP SIGNATURE-----
>> > >
>> > >
>> > >
>> > >
>> > > Concerned about your privacy? Instantly send FREE secure
>email, no
>> account
>> > required
>> > > http://www.hushmail.com/send?l=480
>> > >
>> > > Get the best prices on SSL certificates from Hushmail
>> > > https://www.hushssl.com?l=485
>> > >
>> > > _______________________________________________
>> > > Full-Disclosure - We believe in it.
>> > > Charter:
>> > http://lists.grok.org.uk/full-disclosure-charter.html
>> > > Hosted and sponsored by Secunia - http://secunia.com/
>> > >
>> >
>> >
>> > _______________________________________________
>> > Full-Disclosure - We believe in it.
>> > Charter:
>> > http://lists.grok.org.uk/full-disclosure-charter.html
>> > Hosted and sponsored by Secunia - http://secunia.com/
>> >
>> >
>>
>>
>> --
>> Andrew Wong
>> Student of Computer Science at large.
>> KeyID: 406568A2
>>
>> "This is the sort of pedantry up with which I will not put." -
>Winston
>> Churchill
>> "I'm not closed minded, you're just wrong." - Getfuzzy
>>
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4
wkYEARECAAYFAkOvQPcACgkQo8cxM8/cskqNpACgsBMVRQiGuj8FLr1F2M5RkF6GZxoA
oKRGT78CUsehOasSs+J8LxAdjfef
=DEqQ
-----END PGP SIGNATURE-----
Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
Powered by blists - more mailing lists