-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I placed a 192 address so kiddiots like yourself don't go bonkers on my company's /23.
On Sun, 25 Dec 2005 13:38:15 -0800 Bob Hacker <[EMAIL PROTECTED]> wrote: >Allowing 192* to be called from is absurd. And its not that hard >to whois >the ip, contact the isp who now these days hand over information >to almost* >anyone with a nice fancy letterhead from a lawyers office. Saying >Dear Mr >ISP bad person using this IP has stolen laptop that sold on ebay >for 50 >bucks, please give us his address so we may take him to court and >charge him >with possession of stolen property, a misdemenor in most states. >Yes its >logical. But in theory I think the whole thing is like the MS key >validate, >disable it in windows add-ons and move on. Its like that one time >at >bandcamp when i was on a lan and didnt know my ip so i went to >steve gibsons >site. Note. I am sure anyone who has a purchased a stolen laptop , > it had a >password on it. So the OS was already installed. just my .02 > > >-bob > > > Computrace Agent last called from: >192.168.0.1 >> > >> > Secure? Doubtful. Absolute is solely relying on an IP address >to >> > track a machine. One of the problems with this is that they >will >> > need to go to court and request the information from the ISP >on who >> > used that IP address, after getting this information, they can >only >> > hope they will find the machine at that location. > > >On 12/25/05, Andrew Wong <[EMAIL PROTECTED]> wrote: >> >> Do you have evidence for this? Or are you just going to claim >he's wrong? >> He's presented an arguement, now if you believe it to be wrong, >back >> it up with facts. >> >> Cheers, >> >> On 12/24/05, Bob Hacker <[EMAIL PROTECTED]> wrote: >> > Let me begin with your very very WRONG. Those laptops cant be >hacked >> even >> > with the password. >> > Have you lost what little mind you have left? Thats like >saying there >> isnt a >> > local for * 2.6.x stolen from lorians /home , give me a break. >Go audit >> > linksys router manual on typo's or something. >> > And merry xmas !Z >> > >> > >> > >> > On 12/24/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: >> > > -----BEGIN PGP SIGNED MESSAGE----- >> > > Hash: SHA1 >> > > >> > > Breaking Computrace's Lo Jack for Laptops >> > > J. Oquendo >> > > [EMAIL PROTECTED] :: "Can you hear me now?" >> > > 12/24/05 >> > > >> > > >> > > After my company spent a pretty penny purchasing this >Absolute's >> > > Computrace "Lojack for Laptops" product, I decided to write >up a >> > > "How-To Defeat LoJack For Laptops" article. Why? Why not? >Maybe the >> > > vendor can step it up a notch and create something that >actually >> > > functions without flaw. This is not to say the product >doesn't work >> > > to some capacity, this article tends to solely clarify what >this >> > > product is and how simple it is to disable it. >> > > >> > > Here is Asbolute's advertisement: >> > > >> > > LAPTOP SECURITY PREVENTS LAPTOP THEFT. >> > > >> > > Computrace is laptop security and tracking software which >deters >> > > laptop theft and recovers stolen computers guaranteed. >Absolute >> > > also provides software inventory, computer inventory, PC >inventory, >> > > PC audits, IT asset management, asset tracking, software >license >> > > management, and data security tools and services. >> > > >> > > I'd like to know how their product prevents laptop theft or >even >> > > minimizes it. The ad is humorous. For the company to >guarantee they >> > > can deter theft is another oddity. For starters there are no >> > > markings on my own laptop that state "Protected by Absolute" >or >> > > anything similar. Even if there were, I highly doubt - that >even if >> > > there were markings on my laptop - that would stop someone >from >> > > picking up my machine and taking off with it. Secondly to >state >> > > they can recover my laptop is even stranger. Lastly, someone >might >> > > confuse Absolute with Absolut and snicker at it. To date my >laptop >> > > has not "called in" for about sixty plus days. Should I call >> > > Absolute and put them to the test? The outcome would be >nothing >> > > more than a refund for Computrace. Data? Laptop? Sayanora. >> > > >> > > So here is what Computrace is; it is nothing more than a >piece of >> > > software that details what your machine is, and reports this >data >> > > back to the Absolute website. This is some the information >the >> > > reporting contains for some for those machines running this >> > > gimmick: >> > > >> > > Call Tracking Information (for my own laptop) >> > > Computrace Agent first installed on (first call): >11/10/2005 >> > > 9:06:38 AM >> > > Computrace Agent version: >> > 814 >> > > Computrace Agent last called on: >> > 11/13/2005 2:20:17 PM >> > > Computrace Agent last called from: >192.168.0.1 >> > > Computrace Agent next call scheduled for: >11/14/2005 >> 2:50:17 >> > PM >> > > Asset tracking data last collected on: >11/13/2005 >> 2:20:17 >> > PM >> > > >> > > MY_USERNAME >> > > MY_LAPTOP_NAME >> > > Assig. Username: >> > > Make: Dell Computer >> > > Model: INSPIRON_6000 Serial# XXXXXXX >> > > Asset# 11/13/2005 2:20:17 PM 814 Active >> > > >> > > Today is December 24th 2005. Prior to the 11/10 date, I had >the >> > > program installed and disabled it without any notice for >> > > approximately 64 days, then reinstalled it for testing >purposes. >> > > Obviously had I stolen this laptop, Absolute wouldn't be >able to do >> > > anything about it. They don't know where it's at. At least >they let >> > > me know something was cooking: >> > > Dear Customer Center User: >> > > >> > > >> > > This is an automatic e-mail notification generated by the >Customer >> > > Center alerting system. >> > > >> > > Please visit >> > https://www.Absolute.com/public/secure/login.asp to >> > > investigate your new alert. >> > > >> > > The following alert(s) configured for your account have been >> > > triggered: >> > > >> > > * Alert Name: Last called 20 days ago >> > > * Description: Pre-defined alert - if you don't wish to use >this >> > > alert, leave it in a suspended status (note that it will be >> > > recreated in a suspended status if deleted) >> > > * Alert Type: Automatic Reset in 10 days >> > > * Alert Condition: Last Call Time - Greater or Equal To - 20 >day(s) >> > > since last call >> > > * Detected on: 24 Dec 2005 00:28:34:5 >> > > >> > > You have computers that have not called within a specific >time >> > > period (as defined by the alert condition). >> > > >> > > For customers with the recovery guarantee: Note that the >guarantee >> > > becomes invalid for computers that have not called in more >than 30 >> > > days. Please refer to your Terms and Conditions for more >> > > information. >> > > >> > > For customers with the recovery service: The chances of >recovering >> > > a computer post-theft are reduced if the computer is not >calling >> > > regularly. >> > > >> > > For customers with asset tracking: your asset data is likely >to be >> > > out of date for computers that haven't called in recently >> > > >> > > All Customers: You can use the ctmweb management tool to >confirm >> > > that the agent software is installed and, if necessary, >reinstall >> > > it. If the agent is installed, the ctmweb management tool >can be >> > > used to perform a test call. Once machines call into the >> > > monitoring center, they automatically meet the call-back >criteria >> > > for eligibility for the guarantee.To retrieve the list of >> > > computers, log into the Customer Center and follow the >instructions >> > > below: >> > > >> > > a. Click on Reports. >> > > b. Go to "Call History and Loss Control" , click on "Missing >> > > Computers". >> > > >> > > In the box below "Show all Computers where...", under where >it >> > > states: "group name is" use the drop down to select the >group >> > > name: "Recovery Guarantee" then to the right, enter 20 days. > Once >> > > done, click on "show results".This will provide you with a >list of >> > > computers that need attention. >> > > >> > > ESN: XXXXXXXXXXXXXXXXXXXX PC Name: [MACHINE_X] Username: >> > > [username] Department: [departmentname] >> > > >> > > >> > > That message is reassuring. It's letting me know MACHINE_X >hasn't >> > > been online. It is up to me to report it stolen so Absolute >can >> > > retrieve it. But how do they expect to do this. There isn't >> > > anything other than a little program which runs after >Windows has >> > > started that waits for connectivity to scream for help. >> > > >> > > Now let's look at what Absolute is using to find a stolen >machine >> > > shall we? >> > > >> > > Computrace Agent last called from: >192.168.0.1 >> > > >> > > Secure? Doubtful. Absolute is solely relying on an IP >address to >> > > track a machine. One of the problems with this is that they >will >> > > need to go to court and request the information from the ISP >on who >> > > used that IP address, after getting this information, they >can only >> > > hope they will find the machine at that location. How much >would it >> > > cost Absolute to go through these motions? Even if they did >go >> > > through these motions, why should they when they can just >refund >> > > someone the cost of the Computrace software. Or, what >happens when >> > > a stolen laptop is using stolen resources for connections? >Like say >> > > an open Wi-Fi hotspot? What does Computrace expect to do when >> > > someone reinstalls an operating system over the system with >their >> > > software running. That software is useless. >> > > >> > > It's that simple. Reinstalling an operating system over a >stolen >> > > laptop will automaGically make Computrace as useful as an >> > > industrial freezer in Antarctica, useless. >> > > >> > > Now supposing you stole a laptop with Computrace installed >on it, >> > > and actually wanted to keep the data, you have one of a few >> > > choices: copy the data, wipe the drive and make a clean OS >> > > installation, or you can simply kill the process and modify >the >> > > Windows registry to rid yourself of this gimmick. >> > > >> > > What are you looking for? A program called RPCNETP.EXE. You >could >> > > search the registry for it and rename it, delete it >entirely, stop >> > > the services by going to the Windows Control >Panel/Administrative >> > > Tools/Services and stop it from there. Use Sysinternal's >Process >> > > Explorer, Knoppix. I could count numerous ways to disable >this >> > > product. As for the service Absolute offers, I've logged in >twice >> > > in six months because I was wondering who was sending me >those >> > > annoying alerts, and I wanted to see exactly what >information was >> > > being passed over to Absolute's databases. >> > > >> > > Final word? Want security think Biometrics before a bios >boot up, >> > > disabling CD/DVD start ups, passwording the bios. All in all >there >> > > is little one can do when a laptop is stolen. Other than >insurance >> > > purposes, I see this product as being nothing more than a >gimmick. >> > > Sadly I was hoping I could give them some form of kudos. >Maybe I >> > > can, their website and packaging are nice. >> > > >> > > -----BEGIN PGP SIGNATURE----- >> > > Note: This signature can be verified at >> > https://www.hushtools.com/verify >> > > Version: Hush 2.4 >> > > >> > > >> > >wkYEARECAAYFAkOtY7wACgkQo8cxM8/cskousQCgvWJNpxfseItFts2OeTJMEBRjhEY >A >> > > oK4F3A9hl5L66qX3R5A/29zMsQKN >> > > =sVF5 >> > > -----END PGP SIGNATURE----- >> > > >> > > >> > > >> > > >> > > Concerned about your privacy? Instantly send FREE secure >email, no >> account >> > required >> > > http://www.hushmail.com/send?l=480 >> > > >> > > Get the best prices on SSL certificates from Hushmail >> > > https://www.hushssl.com?l=485 >> > > >> > > _______________________________________________ >> > > Full-Disclosure - We believe in it. >> > > Charter: >> > http://lists.grok.org.uk/full-disclosure-charter.html >> > > Hosted and sponsored by Secunia - http://secunia.com/ >> > > >> > >> > >> > _______________________________________________ >> > Full-Disclosure - We believe in it. >> > Charter: >> > http://lists.grok.org.uk/full-disclosure-charter.html >> > Hosted and sponsored by Secunia - http://secunia.com/ >> > >> > >> >> >> -- >> Andrew Wong >> Student of Computer Science at large. >> KeyID: 406568A2 >> >> "This is the sort of pedantry up with which I will not put." - >Winston >> Churchill >> "I'm not closed minded, you're just wrong." - Getfuzzy >> -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkOvQPcACgkQo8cxM8/cskqNpACgsBMVRQiGuj8FLr1F2M5RkF6GZxoA oKRGT78CUsehOasSs+J8LxAdjfef =DEqQ -----END PGP SIGNATURE----- Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
