[ale] lojack for laptops?

Bob Toxen transam at VerySecureLinux.com
Fri Jun 12 18:28:05 EDT 2009


On Thu, Jun 11, 2009 at 05:20:23PM -0400, Jim Kinney wrote:
> Nice but if the / partition is encrypted (as it should be) it will
> never get to the rc.local
Well, recall that only some subdirs under / actually get confidential
data written to them, such as /home and /var/spool.

Thus, have those be symlinks to an encrypted partition, which is
trivial.

Then, ensure that the rc.local first does the "phone home" and then
asks for the password for the encrypted partition.  (Or use proper
ordering of S.* files in /etc/rc3.d.)  Of course, you need to ensure
that networking is up first.

Regarding  http://adeona.cs.washington.edu/, it IS Open Source so just
set up your own server or write a simple shell script to format a
http request, including your new IP and network information encrypted
with your public key -- per adeona's clever scheme.

Thus, if someone else hacks the server they cannot determine YOUR
whereabouts.  Keep the private key safe on another system, of course.

Bob

> Maybe a kernel module that blasts a multicast "I'm alive" packet like
> a dhcp request (or buried _in_ the dhcp request?). Of course that
> would require more than just a single server.
> 
> Hmm. I recall and IPv6 packet blast that connects all winders machines
> to redmond. Maybe a similar process for Linux that verifies system
> mac.
> 
> Still ponder the delivery process of a packet-based C4 charge....
> 
> What we _REALLY_ need is a process that changes the BIOS to only
> display STOLEN FROM * * when powered on.
> 
> TeeHee!! Just make that the default boot screen background! Add a
> siren sound on boot up that bbypasses the volume control.
> 
> On Thu, Jun 11, 2009 at 4:42 PM, Bob Toxen<transam at verysecurelinux.com> wrote:
> > Clever.
> >
> > Shall we do an Open Source version for Linux (since Lojack only supports
> > Winbloz and mac)?
> >
> > While clever, trivial to implement:
> >
> > Spec. out a simple TCP/IP-based client/server protocol.  Put a listener
> > on TCP port 80 (or SSL-encrypted on port 443) of a server somewhere.
> >
> > Then, in /etc/rc.d/rc.local invoke the client-side that sends a message
> > reporting its IP address, the Reverse DNS FQHN of its address, its
> > gateway and DNS server addresses (assuming it's using DHCP) and
> > requesting instructions.
> >
> > If the Laptop has been reported stolen (confirmed by a password) then it
> > is instructed to self-destruct.  The Premium service would include a
> > C4 insert with the form factor of a PCMCIA card or memory stick.
> >
> > Of course you ARE using encrypted file systems so they won't get your
> > data.
> >
> > Bob Toxen
> > bob at verysecurelinux.com               [Please use for email to me]
> > http://www.verysecurelinux.com        [Network&Linux security consulting]
> > http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
> > Quality spam and virus filters.
> > Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
> >
> > "One disk to rule them all, One disk to find them. One disk to bring
> > them all and in the darkness grind them. In the Land of Redmond where
> > the shadows lie...and the Eye is everwatching"
> > -- The Silicon Valley Tarot Henrique Holschuh with ... by Bob
> >
> > On Thu, Jun 11, 2009 at 03:14:19PM -0400, Jeff Lightner wrote:
> >> Haven't used it but it looks like it exists:
> >>
> >> http://www.absolute.com/products/lojack
> >>
> >>
> >> -----Original Message-----
> >> From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
> >> Geoffrey
> >> Sent: Thursday, June 11, 2009 2:55 PM
> >> To: ALE
> >> Subject: [ale] lojack for laptops?
> >>
> >> Anyone use any software like this?  I'm considering it for my daughter's
> >>
> >> macbook as she heads off to Tech in the fall.
> >>
> >> Suggestions, recommendations?
> >>
> >> Anyone know of anything like this for Linux??
> >>
> >> --
> >> Until later, Geoffrey
> >>
> >> Those who would give up essential Liberty, to purchase a little
> >> temporary Safety, deserve neither Liberty nor Safety.
> >>   - Benjamin Franklin
> >> _______________________________________________
> >> Ale mailing list
> >> Ale at ale.org
> >> http://mail.ale.org/mailman/listinfo/ale
> >>
> >> Please consider our environment before printing this e-mail or attachments.
> >> ----------------------------------
> >> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
> >> ----------------------------------
> >>
> >> _______________________________________________
> >> Ale mailing list
> >> Ale at ale.org
> >> http://mail.ale.org/mailman/listinfo/ale
> >
> 
> 
> 
> -- 
> -- 
> James P. Kinney III
> Actively in pursuit of Life, Liberty and Happiness


More information about the Ale mailing list