Re: Breaking LoJack for Laptops

[<obnoxious () hush com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I placed a 192 address so kiddiots like yourself don't go bonkers
on my company's /23.

On Sun, 25 Dec 2005 13:38:15 -0800 Bob Hacker
<bob.hacker () gmail com> wrote:
> Allowing 192* to be called from is absurd. And its not that hard
> to whois
> the ip, contact the isp who now these days hand over information
> to almost*
> anyone with a nice fancy letterhead from a lawyers office. Saying
> Dear Mr
> ISP bad person using this IP has stolen laptop that sold on ebay
> for 50
> bucks, please give us his address so we may take him to court and
> charge him
> with possession of stolen property, a misdemenor in most states.
> Yes its
> logical. But in theory I think the whole thing is like the MS key
> validate,
> disable it in windows add-ons and move on. Its like that one time
> at
> bandcamp when i was on a lan and didnt know my ip so i went to
> steve gibsons
> site. Note. I am sure anyone who has a purchased a stolen laptop ,

> it had a
> password on it. So the OS was already installed. just my .02
>
>
> -bob
>
>
> Computrace Agent last called from:
> 192.168.0.1
> > > Secure? Doubtful. Absolute is solely relying on an IP address
> to
> > > track a machine. One of the problems with this is that they
> will
> > > need to go to court and request the information from the ISP
> on who
> > > used that IP address, after getting this information, they can

> only
> > > hope they will find the machine at that location.
>
>
> On 12/25/05, Andrew Wong <andrewmarkwong () gmail com> wrote:
> > Do you have evidence for this? Or are you just going to claim
> he's wrong?
> > He's presented an arguement, now if you believe it to be wrong,
> back
> > it up with facts.
> >
> > Cheers,
> >
> > On 12/24/05, Bob Hacker <bob.hacker () gmail com> wrote:
> > > Let me begin with your very very WRONG. Those laptops cant be
> hacked
> > even
> > > with the password.
> > > Have you lost what little mind you have left? Thats like
> saying there
> > isnt a
> > > local for * 2.6.x stolen from lorians /home , give me a break.

> Go audit
> > > linksys router manual on typo's or something.
> > > And merry xmas !Z
> > >
> > >
> > >
> > > On 12/24/05, obnoxious () hush com <obnoxious () hush com> wrote:
> > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > Hash: SHA1
> > > >
> > > > Breaking Computrace's Lo Jack for Laptops
> > > > J. Oquendo
> > > > obnoxious () hush com :: "Can you hear me now?"
> > > > 12/24/05
> > > >
> > > >
> > > > After my company spent a pretty penny purchasing this
> Absolute's
> > > > Computrace "Lojack for Laptops" product, I decided to write
> up a
> > > > "How-To Defeat LoJack For Laptops" article. Why? Why not?
> Maybe the
> > > > vendor can step it up a notch and create something that
> actually
> > > > functions without flaw. This is not to say the product
> doesn't work
> > > > to some capacity, this article tends to solely clarify what
> this
> > > > product is and how simple it is to disable it.
> > > >
> > > > Here is Asbolute's advertisement:
> > > >
> > > > LAPTOP SECURITY PREVENTS LAPTOP THEFT.
> > > >
> > > > Computrace is laptop security and tracking software which
> deters
> > > > laptop theft and recovers stolen computers – guaranteed.
> Absolute
> > > > also provides software inventory, computer inventory, PC
> inventory,
> > > > PC audits, IT asset management, asset tracking, software
> license
> > > > management, and data security tools and services.
> > > >
> > > > I'd like to know how their product prevents laptop theft or
> even
> > > > minimizes it. The ad is humorous. For the company to
> guarantee they
> > > > can deter theft is another oddity. For starters there are no
> > > > markings on my own laptop that state "Protected by Absolute"

> or
> > > > anything similar. Even if there were, I highly doubt - that
> even if
> > > > there were markings on my laptop - that would stop someone
> from
> > > > picking up my machine and taking off with it. Secondly to
> state
> > > > they can recover my laptop is even stranger. Lastly, someone

> might
> > > > confuse Absolute with Absolut and snicker at it. To date my
> laptop
> > > > has not "called in" for about sixty plus days. Should I call
> > > > Absolute and put them to the test? The outcome would be
> nothing
> > > > more than a refund for Computrace. Data? Laptop? Sayanora.
> > > >
> > > > So here is what Computrace is; it is nothing more than a
> piece of
> > > > software that details what your machine is, and reports this

> data
> > > > back to the Absolute website. This is some the information
> the
> > > > reporting contains for some for those machines running this
> > > > gimmick:
> > > >
> > > > Call Tracking Information (for my own laptop)
> > > > Computrace Agent first installed on (first call):
> 11/10/2005
> > > > 9:06:38 AM
> > > > Computrace Agent version:
> > > 814
> > > > Computrace Agent last called on:
> > > 11/13/2005 2:20:17 PM
> > > > Computrace Agent last called from:
> 192.168.0.1
> > > > Computrace Agent next call scheduled for:
> 11/14/2005
> > 2:50:17
> > > PM
> > > > Asset tracking data last collected on:
> 11/13/2005
> > 2:20:17
> > > PM
> > > > MY_USERNAME
> > > > MY_LAPTOP_NAME
> > > > Assig. Username:
> > > > Make: Dell Computer
> > > > Model: INSPIRON_6000            Serial# XXXXXXX
> > > > Asset#   11/13/2005 2:20:17 PM          814     Active
> > > >
> > > > Today is December 24th 2005. Prior to the 11/10 date, I had
> the
> > > > program installed and disabled it without any notice for
> > > > approximately 64 days, then reinstalled it for testing
> purposes.
> > > > Obviously had I stolen this laptop, Absolute wouldn't be
> able to do
> > > > anything about it. They don't know where it's at. At least
> they let
> > > > me know something was cooking:
> > > > Dear Customer Center User:
> > > >
> > > >
> > > > This is an automatic e-mail notification generated by the
> Customer
> > > > Center alerting system.
> > > >
> > > > Please visit
> > > https://www.Absolute.com/public/secure/login.asp to
> > > > investigate your new alert.
> > > >
> > > > The following alert(s) configured for your account have been
> > > > triggered:
> > > >
> > > > * Alert Name: Last called 20 days ago
> > > > * Description: Pre-defined alert - if you don't wish to use
> this
> > > > alert, leave it in a suspended status (note that it will be
> > > > recreated in a suspended status if deleted)
> > > > * Alert Type: Automatic Reset in 10 days
> > > > * Alert Condition: Last Call Time - Greater or Equal To - 20

> day(s)
> > > > since last call
> > > > * Detected on: 24 Dec 2005 00:28:34:5
> > > >
> > > > You have computers that have not called within a specific
> time
> > > > period (as defined by the alert condition).
> > > >
> > > > For customers with the recovery guarantee: Note that the
> guarantee
> > > > becomes invalid for computers that have not called in more
> than 30
> > > > days. Please refer to your Terms and Conditions for more
> > > > information.
> > > >
> > > > For customers with the recovery service:  The chances of
> recovering
> > > > a computer post-theft are reduced if the computer is not
> calling
> > > > regularly.
> > > >
> > > > For customers with asset tracking: your asset data is likely

> to be
> > > > out of date for computers that haven't called in recently
> > > >
> > > > All Customers: You can use the ctmweb management tool to
> confirm
> > > > that the agent software is installed and, if necessary,
> reinstall
> > > > it.  If the agent is installed, the ctmweb management tool
> can be
> > > > used to perform a test call.  Once machines call into the
> > > > monitoring center, they automatically meet the call-back
> criteria
> > > > for eligibility for the guarantee.To retrieve the list of
> > > > computers, log into the Customer Center and follow the
> instructions
> > > > below:
> > > >
> > > > a. Click on Reports.
> > > > b. Go to "Call History and Loss Control" , click on "Missing
> > > > Computers".
> > > >
> > > > In the box below "Show all Computers where...", under where
> it
> > > > states:  "group name is" use the drop down to select the
> group
> > > > name: "Recovery Guarantee" then to the right, enter 20 days.

> Once
> > > > done, click on "show results".This will provide you with a
> list of
> > > > computers that need attention.
> > > >
> > > > ESN: XXXXXXXXXXXXXXXXXXXX PC Name: [MACHINE_X]  Username:
> > > > [username]  Department: [departmentname]
> > > >
> > > >
> > > > That message is reassuring. It's letting me know MACHINE_X
> hasn't
> > > > been online. It is up to me to report it stolen so Absolute
> can
> > > > retrieve it. But how do they expect to do this. There isn't
> > > > anything other than a little program which runs after
> Windows has
> > > > started that waits for connectivity to scream for help.
> > > >
> > > > Now let's look at what Absolute is using to find a stolen
> machine
> > > > shall we?
> > > >
> > > > Computrace Agent last called from:
> 192.168.0.1
> > > > Secure? Doubtful. Absolute is solely relying on an IP
> address to
> > > > track a machine. One of the problems with this is that they
> will
> > > > need to go to court and request the information from the ISP

> on who
> > > > used that IP address, after getting this information, they
> can only
> > > > hope they will find the machine at that location. How much
> would it
> > > > cost Absolute to go through these motions? Even if they did
> go
> > > > through these motions, why should they when they can just
> refund
> > > > someone the cost of the Computrace software. Or, what
> happens when
> > > > a stolen laptop is using stolen resources for connections?
> Like say
> > > > an open Wi-Fi hotspot? What does Computrace expect to do
when
> > > > someone reinstalls an operating system over the system with
> their
> > > > software running. That software is useless.
> > > >
> > > > It's that simple. Reinstalling an operating system over a
> stolen
> > > > laptop will automaGically make Computrace as useful as an
> > > > industrial freezer in Antarctica, useless.
> > > >
> > > > Now supposing you stole a laptop with Computrace installed
> on it,
> > > > and actually wanted to keep the data, you have one of a few
> > > > choices: copy the data, wipe the drive and make a clean OS
> > > > installation, or you can simply kill the process and modify
> the
> > > > Windows registry to rid yourself of this gimmick.
> > > >
> > > > What are you looking for? A program called RPCNETP.EXE. You
> could
> > > > search the registry for it and rename it, delete it
> entirely, stop
> > > > the services by going to the Windows Control
> Panel/Administrative
> > > > Tools/Services and stop it from there. Use Sysinternal's
> Process
> > > > Explorer, Knoppix. I could count numerous ways to disable
> this
> > > > product. As for the service Absolute offers, I've logged in
> twice
> > > > in six months because I was wondering who was sending me
> those
> > > > annoying alerts, and I wanted to see exactly what
> information was
> > > > being passed over to Absolute's databases.
> > > >
> > > > Final word? Want security think Biometrics before a bios
> boot up,
> > > > disabling CD/DVD start ups, passwording the bios. All in all

> there
> > > > is little one can do when a laptop is stolen. Other than
> insurance
> > > > purposes, I see this product as being nothing more than a
> gimmick.
> > > > Sadly I was hoping I could give them some form of kudos.
> Maybe I
> > > > can, their website and packaging are nice.
> > > >
> > > > -----BEGIN PGP SIGNATURE-----
> > > > Note: This signature can be verified at
> > > https://www.hushtools.com/verify
> > > > Version: Hush 2.4
> wkYEARECAAYFAkOtY7wACgkQo8cxM8/cskousQCgvWJNpxfseItFts2OeTJMEBRjhEY

> A
> > > > oK4F3A9hl5L66qX3R5A/29zMsQKN
> > > > =sVF5
> > > > -----END PGP SIGNATURE-----
> > > >
> > > >
> > > >
> > > >
> > > > Concerned about your privacy? Instantly send FREE secure
> email, no
> > account
> > > required
> > > > http://www.hushmail.com/send?l=480
> > > >
> > > > Get the best prices on SSL certificates from Hushmail
> > > > https://www.hushssl.com?l=485
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter:
> > > http://lists.grok.org.uk/full-disclosure-charter.html
> > > > Hosted and sponsored by Secunia - http://secunia.com/
> > >
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter:
> > > http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> > --
> > Andrew Wong
> > Student of Computer Science at large.
> > KeyID: 406568A2
> >
> > "This is the sort of pedantry up with which I will not put." -
> Winston
> > Churchill
> > "I'm not closed minded, you're just wrong." - Getfuzzy
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkOvQPcACgkQo8cxM8/cskqNpACgsBMVRQiGuj8FLr1F2M5RkF6GZxoA
oKRGT78CUsehOasSs+J8LxAdjfef
=DEqQ
-----END PGP SIGNATURE-----




Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/