<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML dir=ltr><HEAD><TITLE>Re: [Dataloss] [ekmi] Re: fringe: Open source laptop tracking</TITLE>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16674" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=127095609-17072008><FONT face=Arial
color=#0000ff size=2>Brian</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=127095609-17072008><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=127095609-17072008><FONT face=Arial
color=#0000ff size=2>As has been pointed out this type of technology does
nothing to protect your data and provides some recourse to recover the physical
device if and when it connects to the Internet. Indeed in some countries
you may have to carefully consider the legal and privacy implications of using
such technology. The Data Privacy laws in some European countries
may restrict the use of such technology - this is something that I have yet
to research into further though. In a similar vein some police forces may
not be able to act on the information you provide to them.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=127095609-17072008><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=127095609-17072008><FONT face=Arial
color=#0000ff size=2><SPAN class=127095609-17072008><FONT face=Arial
color=#0000ff size=2>The most useful application I have seen for this type of
technology is recovering computers stolen by employees. I know of one
company that installed similar technology onto laptops given out to
employees and as a result saw the number of "lost laptops" reduce. They
discovered that staff were reporting their laptop had been stolen or
lost but in actual fact were keeping the laptop for their own use. Of
course this measure may only be effective until employees realise how the
company is tracking their laptops and simply follow some of the steps outlined
in an earlier email to remove the software from
it.</FONT></SPAN></FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=127095609-17072008><FONT face=Arial
color=#0000ff size=2><SPAN
class=127095609-17072008></SPAN></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=127095609-17072008><FONT face=Arial
color=#0000ff size=2><SPAN
class=127095609-17072008>Regards</SPAN></FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=127095609-17072008><FONT face=Arial
color=#0000ff size=2><SPAN
class=127095609-17072008></SPAN></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=127095609-17072008><FONT face=Arial
color=#0000ff size=2><SPAN
class=127095609-17072008>Brian</SPAN></FONT></SPAN><SPAN
class=127095609-17072008><FONT face=Arial color=#0000ff size=2><SPAN
class=127095609-17072008></DIV>
<DIV></SPAN></FONT></SPAN> </DIV>
<DIV><SPAN class=127095609-17072008><FONT face=Arial color=#0000ff size=2>BH
Consulting</FONT></SPAN></DIV>
<DIV><BR></DIV>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> dataloss-bounces@attrition.org
[mailto:dataloss-bounces@attrition.org] <B>On Behalf Of </B>Brian
Krebs<BR><B>Sent:</B> 17 July 2008 04:18<BR><B>To:</B> Allen; Arshad
Noor<BR><B>Cc:</B> security curmudgeon; dataloss@attrition.org; ekmi;
ST-ISC@MAIL.ABANET.ORG<BR><B>Subject:</B> Re: [Dataloss] [ekmi] Re: fringe: Open
source laptop tracking<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV id=idOWAReplyText16810 dir=ltr>
<DIV dir=ltr><FONT face="Times New Roman" color=#000000 size=3>My big question
is, assuming for a minute you can actually zero in on the person who stole your
machine (what about crowded living areas, like apartment buildings), what is the
likelihood you'll be able to get the police to knock on someone's door with that
evidence?</FONT></DIV>
<DIV dir=ltr><FONT face="Times New Roman" color=#000000
size=3></FONT> </DIV>
<DIV dir=ltr><FONT face="Times New Roman" color=#000000 size=3>Doesn't seem all
that bloodly likely to me. Seems like it increases the chance that people
running this software will confront the thief on their own and possibly put
themselves in a very compromising situation.</FONT></DIV>
<DIV dir=ltr> </DIV></DIV>
<DIV id=idSignature78033 dir=ltr>
<DIV><FONT face=Arial color=#000000 size=2>Brian Krebs</FONT></DIV>
<DIV><FONT face=Arial size=2><A
href="http://www.washingtonpost.com/securityfix">www.washingtonpost.com/securityfix</A></FONT></DIV>
<DIV><FONT face=Arial size=2>703-469-3162 (w)</FONT></DIV>
<DIV><FONT face=Arial size=2>703-989-0727 (c)</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV></DIV>
<DIV dir=ltr><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> dataloss-bounces@attrition.org on behalf
of Allen<BR><B>Sent:</B> Wed 7/16/2008 11:01 PM<BR><B>To:</B> Arshad
Noor<BR><B>Cc:</B> security curmudgeon; ST-ISC@MAIL.ABANET.ORG; ekmi;
dataloss@attrition.org<BR><B>Subject:</B> Re: [Dataloss] [ekmi] Re: fringe: Open
source laptop tracking<BR></FONT><BR></DIV>
<DIV>
<P><FONT size=2>Arshad,<BR><BR>I don't think you analysis, which I agree with,
goes far enough.<BR><BR>1) Steal laptop.<BR>2) Remove battery.<BR>3) Remove
HD.<BR>4) Use HD cloning software such as Apricorn - hardware and
software<BR>only $40 - and clone to any HD that is laying about<BR>5) Mount
clone as USB attached to a desktop<BR>6) Attach old HD as USB attached and wipe
old HD with DBAN or<BR>similar tool<BR>7) Use Aloha Bob or equivalent to
selectively migrate OS and basic<BR>productivity software such as Office from
clone.<BR>8) Remount HD in laptop<BR>9) Sell the
sucker.<BR><BR>Best,<BR><BR>Allen<BR><BR>Arshad Noor wrote:<BR>> Am I the
only one who believes that an attacker (who is after<BR>> the data) with
half-a-brain is going to make sure that the first<BR>> time they boot up a
stolen laptop, they're NOT going to put it on<BR>> the internet, and they're
going to disable any radio for wireless<BR>> communications. (Laptop
companies have to provide an external<BR>> radio switch I imagine so that
there is confirmation of the radio<BR>> being OFF inside an airplane - I'm
not sure how the iPhone gets<BR>> away with a software switch since we all
know software can be<BR>> buggy and the radio may not go off despite a
visible indication<BR>> that it is off - but that's another
discussion.<BR>><BR>> Alternatively, the attacker could boot off of a
Linux CD and then<BR>> copy the entire hard-disk contents (or what was most
interesting)<BR>> and then blow away everything on the hard-disk to reclaim
the HW.<BR>><BR>> In both cases, they have the HW and the data without
anything<BR>> "calling home" to give away GPS positions or IP addresses of
the<BR>> machine. So, why do people think that this is an
effective<BR>> counter-measure against data-theft? How long do they
anticipate<BR>> this to work? And with which type of attacker? I've
read examples<BR>> of attacks that go beyond anything most IT developers - or
even<BR>> security developers - are capable of in the marketplace today,
so<BR>> who is this expected to deter? The guy who broke into your
car<BR>> to get the hub-caps and radio, but got the laptop
instead?<BR>><BR>> Very puzzled.....<BR>><BR>> Arshad Noor<BR>>
StrongAuth, Inc.<BR>><BR>> security curmudgeon
wrote:<BR>>><BR>>><BR>>> ---------- Forwarded message
----------<BR>>> From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah"
<rMslade@shaw.ca><BR>>><BR>>> I know some people who are going
to be really upset by this, but<BR>>> personally, I'm
delighted:<BR>>><BR>>> Researchers at the University of Washington
and the University of<BR>>> California, San Diego, launched a new laptop
tracking service, called<BR>>> Adeona, that is free and private. Once
downloaded onto a laptop, the<BR>>> software starts anonymously sending
encrypted notes about the<BR>>> computer’s whereabouts to servers on the
Internet. If the laptop ever<BR>>> goes missing, the user downloads
another program, enters a username<BR>>> and password, and then picks up
this information from the servers, a<BR>>> free storage service called
OpenDHT. (The Mac version of Adeona even<BR>>> uses a freeware
program called isightcapture to take a snapshot of<BR>>> whomever is using
the computer.) Adeona provides the IP address that<BR>>> it last used as
well as data on nearby routers. Armed with that<BR>>> information, law
enforcement could track down the criminal. Because<BR>>> Adeona ships with
an open-source license, anyone can take the code and<BR>>> improve it or
even sell it. The researchers say they’re hoping that<BR>>> software
developers will build all kinds of new features such as<BR>>> Global
Positioning System-aware tracking systems for new platforms<BR>>> such as
the iPhone. Later this month, the Adeona team will give a<BR>>> technical
presentation at the Usenix Security Symposium in San
Jose.<BR>>><BR>>> <A
href="http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9110128&taxonomyId=17&intsrc=kc_top">http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9110128&taxonomyId=17&intsrc=kc_top</A><BR>>><BR>>><BR>>>
<A
href="http://adeona.cs.washington.edu/">http://adeona.cs.washington.edu/</A><BR>><BR>>
---------------------------------------------------------------------<BR>> To
unsubscribe from this mail list, you must leave the OASIS TC that<BR>>
generates this mail. Follow this link to all your TCs in OASIS at:<BR>>
<A
href="https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php">https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php</A><BR>><BR>_______________________________________________<BR>Dataloss
Mailing List (dataloss@attrition.org)<BR><A
href="http://attrition.org/dataloss">http://attrition.org/dataloss</A><BR><BR>Tenable
Network Security offers data leakage and compliance monitoring<BR>solutions for
large and small networks. Scan your network and monitor your<BR>traffic to find
the data needing protection before it leaks out!<BR><A
href="http://www.tenablesecurity.com/products/compliance.shtml">http://www.tenablesecurity.com/products/compliance.shtml</A><BR></FONT></P></DIV></BODY></HTML>