BreachExchange mailing list archives
Re: [ekmi] Re: fringe: Open source laptop tracking
From: Davi Ottenheimer <davi () poetry org>
Date: Wed, 16 Jul 2008 18:22:25 -0700 (PDT)
Actually, you give the perps far more credit than deserved (so far). There are some documented cases of laptops being recovered specifically because the thief not only connected to the net but allowed remote control and enabled the camera so investigators could take pictures of them. I would look at this more like just one method of many that would help catch a majority of criminals. I don't have the links handy or I'd send some example cases, sorry. Davi Arshad Noor wrote:
Am I the only one who believes that an attacker (who is after the data) with half-a-brain is going to make sure that the first time they boot up a stolen laptop, they're NOT going to put it on the internet, and they're going to disable any radio for wireless communications. (Laptop companies have to provide an external radio switch I imagine so that there is confirmation of the radio being OFF inside an airplane - I'm not sure how the iPhone gets away with a software switch since we all know software can be buggy and the radio may not go off despite a visible indication that it is off - but that's another discussion. Alternatively, the attacker could boot off of a Linux CD and then copy the entire hard-disk contents (or what was most interesting) and then blow away everything on the hard-disk to reclaim the HW. In both cases, they have the HW and the data without anything "calling home" to give away GPS positions or IP addresses of the machine. So, why do people think that this is an effective counter-measure against data-theft? How long do they anticipate this to work? And with which type of attacker? I've read examples of attacks that go beyond anything most IT developers - or even security developers - are capable of in the marketplace today, so who is this expected to deter? The guy who broke into your car to get the hub-caps and radio, but got the laptop instead? Very puzzled..... Arshad Noor StrongAuth, Inc. security curmudgeon wrote:---------- Forwarded message ---------- From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca> I know some people who are going to be really upset by this, but personally, I'm delighted: Researchers at the University of Washington and the University of California, San Diego, launched a new laptop tracking service, called Adeona, that is free and private. Once downloaded onto a laptop, the software starts anonymously sending encrypted notes about the computer’s whereabouts to servers on the Internet. If the laptop ever goes missing, the user downloads another program, enters a username and password, and then picks up this information from the servers, a free storage service called OpenDHT. (The Mac version of Adeona even uses a freeware program called isightcapture to take a snapshot of whomever is using the computer.) Adeona provides the IP address that it last used as well as data on nearby routers. Armed with that information, law enforcement could track down the criminal. Because Adeona ships with an open-source license, anyone can take the code and improve it or even sell it. The researchers say they’re hoping that software developers will build all kinds of new features such as Global Positioning System-aware tracking systems for new platforms such as the iPhone. Later this month, the Adeona team will give a technical presentation at the Usenix Security Symposium in San Jose. http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9110128&taxonomyId=17&intsrc=kc_top http://adeona.cs.washington.edu/--------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- fringe: Open source laptop tracking security curmudgeon (Jul 16)
- Re: fringe: Open source laptop tracking Arshad Noor (Jul 16)
- Re: [ekmi] Re: fringe: Open source laptop tracking Davi Ottenheimer (Jul 16)
- Re: [ekmi] Re: fringe: Open source laptop tracking Davi Ottenheimer (Jul 16)
- Re: [ekmi] Re: fringe: Open source laptop tracking Allen (Jul 16)
- Re: [ekmi] Re: fringe: Open source laptop tracking Brian Krebs (Jul 16)
- Re: [ekmi] Re: fringe: Open source laptop tracking lyger (Jul 16)
- Re: [ekmi] Re: fringe: Open source laptop tracking Max Hozven (Jul 16)
- Re: [ekmi] Re: fringe: Open source laptop tracking Brian Honan (Jul 17)
- Re: [ekmi] Re: fringe: Open source laptop tracking Rosenquist, Matthew (Jul 17)
- Re: [ekmi] Re: fringe: Open source laptop tracking Arshad Noor (Jul 17)
- Re: [ekmi] Re: fringe: Open source laptop tracking Chris Walsh (Jul 17)
- Re: [ekmi] Re: fringe: Open source laptop tracking Davi Ottenheimer (Jul 16)
- Re: fringe: Open source laptop tracking Arshad Noor (Jul 16)
- Re: [ekmi] Re: fringe: Open source laptop tracking Arshad Noor (Jul 16)