[Dataloss] fringe: Open source laptop tracking

TS Glassey tglassey at earthlink.net
Thu Jul 17 17:35:58 UTC 2008 

If the party who stole that laptop is smart - they will pull the drive from 
the system, image it and return the new image to the system. Then they have 
the original image to play with on a forensic drive reader or just an 
imager.

Todd Glassey
----- Original Message ----- 
From: "Arshad Noor" <arshad.noor at strongauth.com>
To: "security curmudgeon" <jericho at attrition.org>
Cc: <ST-ISC at MAIL.ABANET.ORG>; "ekmi" <ekmi at lists.oasis-open.org>; 
<dataloss at attrition.org>
Sent: Wednesday, July 16, 2008 6:05 PM
Subject: Re: [Dataloss] fringe: Open source laptop tracking


Am I the only one who believes that an attacker (who is after
the data) with half-a-brain is going to make sure that the first
time they boot up a stolen laptop, they're NOT going to put it on
the internet, and they're going to disable any radio for wireless
communications.  (Laptop companies have to provide an external
radio switch I imagine so that there is confirmation of the radio
being OFF inside an airplane - I'm not sure how the iPhone gets
away with a software switch since we all know software can be
buggy and the radio may not go off despite a visible indication
that it is off - but that's another discussion.

Alternatively, the attacker could boot off of a Linux CD and then
copy the entire hard-disk contents (or what was most interesting)
and then blow away everything on the hard-disk to reclaim the HW.

In both cases, they have the HW and the data without anything
"calling home" to give away GPS positions or IP addresses of the
machine.  So, why do people think that this is an effective
counter-measure against data-theft?  How long do they anticipate
this to work? And with which type of attacker?  I've read examples
of attacks that go beyond anything most IT developers - or even
security developers - are capable of in the marketplace today, so
who is this expected to deter?  The guy who broke into your car
to get the hub-caps and radio, but got the laptop instead?

Very puzzled.....

Arshad Noor
StrongAuth, Inc.

security curmudgeon wrote:
>
>
> ---------- Forwarded message ----------
> From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade at shaw.ca>
>
> I know some people who are going to be really upset by this, but
> personally, I'm delighted:
>
> Researchers at the University of Washington and the University of
> California, San Diego, launched a new laptop tracking service, called
> Adeona, that is free and private. Once downloaded onto a laptop, the
> software starts anonymously sending encrypted notes about the computer’s
> whereabouts to servers on the Internet. If the laptop ever goes missing,
> the user downloads another program, enters a username and password, and
> then picks up this information from the servers, a free storage service
> called OpenDHT.  (The Mac version of Adeona even uses a freeware program
> called isightcapture to take a snapshot of whomever is using the
> computer.) Adeona provides the IP address that it last used as well as
> data on nearby routers. Armed with that information, law enforcement
> could track down the criminal. Because Adeona ships with an open-source
> license, anyone can take the code and improve it or even sell it. The
> researchers say they’re hoping that software developers will build all
> kinds of new features such as Global Positioning System-aware tracking
> systems for new platforms such as the iPhone. Later this month, the
> Adeona team will give a technical presentation at the Usenix Security
> Symposium in San Jose.
>
> http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9110128&taxonomyId=17&intsrc=kc_top
>
>
> http://adeona.cs.washington.edu/
_______________________________________________
Dataloss Mailing List (dataloss at attrition.org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.138 / Virus Database: 270.5.0/1556 - Release Date: 7/16/2008 
4:56 PM

More information about the Dataloss mailing list