Full Disclosure mailing list archives
Re: Breaking LoJack for Laptops
From: <obnoxious () hush com>
Date: Sun, 25 Dec 2005 17:01:48 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I placed a 192 address so kiddiots like yourself don't go bonkers on my company's /23. On Sun, 25 Dec 2005 13:38:15 -0800 Bob Hacker <bob.hacker () gmail com> wrote:
Allowing 192* to be called from is absurd. And its not that hard to whois the ip, contact the isp who now these days hand over information to almost* anyone with a nice fancy letterhead from a lawyers office. Saying Dear Mr ISP bad person using this IP has stolen laptop that sold on ebay for 50 bucks, please give us his address so we may take him to court and charge him with possession of stolen property, a misdemenor in most states. Yes its logical. But in theory I think the whole thing is like the MS key validate, disable it in windows add-ons and move on. Its like that one time at bandcamp when i was on a lan and didnt know my ip so i went to steve gibsons site. Note. I am sure anyone who has a purchased a stolen laptop ,
it had a password on it. So the OS was already installed. just my .02 -bob Computrace Agent last called from: 192.168.0.1Secure? Doubtful. Absolute is solely relying on an IP addresstotrack a machine. One of the problems with this is that theywillneed to go to court and request the information from the ISPon whoused that IP address, after getting this information, they can
onlyhope they will find the machine at that location.On 12/25/05, Andrew Wong <andrewmarkwong () gmail com> wrote:Do you have evidence for this? Or are you just going to claimhe's wrong?He's presented an arguement, now if you believe it to be wrong,backit up with facts. Cheers, On 12/24/05, Bob Hacker <bob.hacker () gmail com> wrote:Let me begin with your very very WRONG. Those laptops cant behackedevenwith the password. Have you lost what little mind you have left? Thats likesaying thereisnt alocal for * 2.6.x stolen from lorians /home , give me a break.
Go auditlinksys router manual on typo's or something. And merry xmas !Z On 12/24/05, obnoxious () hush com <obnoxious () hush com> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Breaking Computrace's Lo Jack for Laptops J. Oquendo obnoxious () hush com :: "Can you hear me now?" 12/24/05 After my company spent a pretty penny purchasing thisAbsolute'sComputrace "Lojack for Laptops" product, I decided to writeup a"How-To Defeat LoJack For Laptops" article. Why? Why not?Maybe thevendor can step it up a notch and create something thatactuallyfunctions without flaw. This is not to say the productdoesn't workto some capacity, this article tends to solely clarify whatthisproduct is and how simple it is to disable it. Here is Asbolute's advertisement: LAPTOP SECURITY PREVENTS LAPTOP THEFT. Computrace is laptop security and tracking software whichdeterslaptop theft and recovers stolen computers guaranteed.Absolutealso provides software inventory, computer inventory, PCinventory,PC audits, IT asset management, asset tracking, softwarelicensemanagement, and data security tools and services. I'd like to know how their product prevents laptop theft orevenminimizes it. The ad is humorous. For the company toguarantee theycan deter theft is another oddity. For starters there are no markings on my own laptop that state "Protected by Absolute"
oranything similar. Even if there were, I highly doubt - thateven ifthere were markings on my laptop - that would stop someonefrompicking up my machine and taking off with it. Secondly tostatethey can recover my laptop is even stranger. Lastly, someone
mightconfuse Absolute with Absolut and snicker at it. To date mylaptophas not "called in" for about sixty plus days. Should I call Absolute and put them to the test? The outcome would benothingmore than a refund for Computrace. Data? Laptop? Sayanora. So here is what Computrace is; it is nothing more than apiece ofsoftware that details what your machine is, and reports this
databack to the Absolute website. This is some the informationthereporting contains for some for those machines running this gimmick: Call Tracking Information (for my own laptop) Computrace Agent first installed on (first call):11/10/20059:06:38 AM Computrace Agent version:814Computrace Agent last called on:11/13/2005 2:20:17 PMComputrace Agent last called from:192.168.0.1Computrace Agent next call scheduled for:11/14/20052:50:17PMAsset tracking data last collected on:11/13/20052:20:17PMMY_USERNAME MY_LAPTOP_NAME Assig. Username: Make: Dell Computer Model: INSPIRON_6000 Serial# XXXXXXX Asset# 11/13/2005 2:20:17 PM 814 Active Today is December 24th 2005. Prior to the 11/10 date, I hadtheprogram installed and disabled it without any notice for approximately 64 days, then reinstalled it for testingpurposes.Obviously had I stolen this laptop, Absolute wouldn't beable to doanything about it. They don't know where it's at. At leastthey letme know something was cooking: Dear Customer Center User: This is an automatic e-mail notification generated by theCustomerCenter alerting system. Please visithttps://www.Absolute.com/public/secure/login.asp toinvestigate your new alert. The following alert(s) configured for your account have been triggered: * Alert Name: Last called 20 days ago * Description: Pre-defined alert - if you don't wish to usethisalert, leave it in a suspended status (note that it will be recreated in a suspended status if deleted) * Alert Type: Automatic Reset in 10 days * Alert Condition: Last Call Time - Greater or Equal To - 20
day(s)since last call * Detected on: 24 Dec 2005 00:28:34:5 You have computers that have not called within a specifictimeperiod (as defined by the alert condition). For customers with the recovery guarantee: Note that theguaranteebecomes invalid for computers that have not called in morethan 30days. Please refer to your Terms and Conditions for more information. For customers with the recovery service: The chances ofrecoveringa computer post-theft are reduced if the computer is notcallingregularly. For customers with asset tracking: your asset data is likely
to beout of date for computers that haven't called in recently All Customers: You can use the ctmweb management tool toconfirmthat the agent software is installed and, if necessary,reinstallit. If the agent is installed, the ctmweb management toolcan beused to perform a test call. Once machines call into the monitoring center, they automatically meet the call-backcriteriafor eligibility for the guarantee.To retrieve the list of computers, log into the Customer Center and follow theinstructionsbelow: a. Click on Reports. b. Go to "Call History and Loss Control" , click on "Missing Computers". In the box below "Show all Computers where...", under whereitstates: "group name is" use the drop down to select thegroupname: "Recovery Guarantee" then to the right, enter 20 days.
Oncedone, click on "show results".This will provide you with alist ofcomputers that need attention. ESN: XXXXXXXXXXXXXXXXXXXX PC Name: [MACHINE_X] Username: [username] Department: [departmentname] That message is reassuring. It's letting me know MACHINE_Xhasn'tbeen online. It is up to me to report it stolen so Absolutecanretrieve it. But how do they expect to do this. There isn't anything other than a little program which runs afterWindows hasstarted that waits for connectivity to scream for help. Now let's look at what Absolute is using to find a stolenmachineshall we? Computrace Agent last called from:192.168.0.1Secure? Doubtful. Absolute is solely relying on an IPaddress totrack a machine. One of the problems with this is that theywillneed to go to court and request the information from the ISP
on whoused that IP address, after getting this information, theycan onlyhope they will find the machine at that location. How muchwould itcost Absolute to go through these motions? Even if they didgothrough these motions, why should they when they can justrefundsomeone the cost of the Computrace software. Or, whathappens whena stolen laptop is using stolen resources for connections?Like sayan open Wi-Fi hotspot? What does Computrace expect to do
when
someone reinstalls an operating system over the system withtheirsoftware running. That software is useless. It's that simple. Reinstalling an operating system over astolenlaptop will automaGically make Computrace as useful as an industrial freezer in Antarctica, useless. Now supposing you stole a laptop with Computrace installedon it,and actually wanted to keep the data, you have one of a few choices: copy the data, wipe the drive and make a clean OS installation, or you can simply kill the process and modifytheWindows registry to rid yourself of this gimmick. What are you looking for? A program called RPCNETP.EXE. Youcouldsearch the registry for it and rename it, delete itentirely, stopthe services by going to the Windows ControlPanel/AdministrativeTools/Services and stop it from there. Use Sysinternal'sProcessExplorer, Knoppix. I could count numerous ways to disablethisproduct. As for the service Absolute offers, I've logged intwicein six months because I was wondering who was sending methoseannoying alerts, and I wanted to see exactly whatinformation wasbeing passed over to Absolute's databases. Final word? Want security think Biometrics before a biosboot up,disabling CD/DVD start ups, passwording the bios. All in all
thereis little one can do when a laptop is stolen. Other thaninsurancepurposes, I see this product as being nothing more than agimmick.Sadly I was hoping I could give them some form of kudos.Maybe Ican, their website and packaging are nice. -----BEGIN PGP SIGNATURE----- Note: This signature can be verified athttps://www.hushtools.com/verifyVersion: Hush 2.4wkYEARECAAYFAkOtY7wACgkQo8cxM8/cskousQCgvWJNpxfseItFts2OeTJMEBRjhEY
AoK4F3A9hl5L66qX3R5A/29zMsQKN =sVF5 -----END PGP SIGNATURE----- Concerned about your privacy? Instantly send FREE secureemail, noaccountrequiredhttp://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 _______________________________________________ Full-Disclosure - We believe in it. Charter:http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- Andrew Wong Student of Computer Science at large. KeyID: 406568A2 "This is the sort of pedantry up with which I will not put." -WinstonChurchill "I'm not closed minded, you're just wrong." - Getfuzzy
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkOvQPcACgkQo8cxM8/cskqNpACgsBMVRQiGuj8FLr1F2M5RkF6GZxoA oKRGT78CUsehOasSs+J8LxAdjfef =DEqQ -----END PGP SIGNATURE----- Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Breaking LoJack for Laptops, (continued)
- Re: Breaking LoJack for Laptops Bob Hacker (Dec 24)
- Re: Breaking LoJack for Laptops Andrew Wong (Dec 25)
- Re: Breaking LoJack for Laptops Bob Hacker (Dec 25)
- Re: Breaking LoJack for Laptops Bob Franklin (Dec 25)
- Re: Breaking LoJack for Laptops Andrew Wong (Dec 25)
- Re: Breaking LoJack for Laptops Bob Hacker (Dec 24)
- RE: [inbox] Breaking LoJack for Laptops Exibar (Dec 27)
- Re: [inbox] Breaking LoJack for Laptops Michael Holstein (Dec 27)
- Re: [inbox] Breaking LoJack for Laptops Steve Friedl (Dec 27)
- Re: [inbox] Breaking LoJack for Laptops Michael Holstein (Dec 27)
- Re: [inbox] Breaking LoJack for Laptops nocfed (Dec 28)
- Re: [inbox] Breaking LoJack for Laptops Michael Holstein (Dec 27)
- Re: [inbox] Breaking LoJack for Laptops J.A. Terranson (Dec 27)
- Re: Breaking LoJack for Laptops Bob Hacker (Dec 25)
- Re: Breaking LoJack for Laptops Stan Bubrouski (Dec 26)