• "Phoning home" IP detection sw sought to protect laptop

    From Marc Heusser@marc.heusser@CHEERSheusser.comMERCIALSPAMMERS.invalid to comp.sys.mac.system on Thursday, April 20, 2006 11:33:08
    From Newsgroup: comp.sys.mac.system

    As I just had my 17" PB stolen, I'd like to better protect my new Mac
    Book Pro.
    I now have my whole user directory encrypted with FileVault.
    I would assume this renders attempts to get at my data futile.
    It does not get a stolen laptop back though.
    What would your recommend as "phoning home" software that sends back any
    new IP addresses the computer is connected to (private and public, ie
    through routers), preferrably free- or shareware. And preferrably
    something that is run faceless with cron, so it does not show up in the
    task list usually.
    Is there anything else that I can do preventively (other than locking it
    up :-)?
    Engraving an e-mail address/name on the case, ...

    TIA

    Marc

    --
    Switzerland/Europe
    <http://www.heusser.com>
    remove CHEERS and from MERCIAL to get valid e-mail
    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From Barry Margolin@barmar@alum.mit.edu to comp.sys.mac.system on Thursday, April 20, 2006 07:48:34
    From Newsgroup: comp.sys.mac.system

    In article <marc.heusser-E169FC.11330820042006@idnews.unizh.ch>,
    Marc Heusser <marc.heusser@CHEERSheusser.comMERCIALSPAMMERS.invalid>
    wrote:

    As I just had my 17" PB stolen, I'd like to better protect my new Mac
    Book Pro.
    I now have my whole user directory encrypted with FileVault.
    I would assume this renders attempts to get at my data futile.
    It does not get a stolen laptop back though.
    What would your recommend as "phoning home" software that sends back any
    new IP addresses the computer is connected to (private and public, ie through routers), preferrably free- or shareware. And preferrably
    something that is run faceless with cron, so it does not show up in the
    task list usually.
    Is there anything else that I can do preventively (other than locking it
    up :-)?
    Engraving an e-mail address/name on the case, ...

    A simple, free solution would be to set up a DynDNS.ORG account, and
    install their client on your laptop. Then you can just look up your
    hostname to get its current IP.

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    *** PLEASE don't copy me on replies, I'll read them in the group ***
    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From Gnarlodious@gnarlodious@yahoo.com to comp.sys.mac.system on Thursday, April 20, 2006 14:18:39
    From Newsgroup: comp.sys.mac.system

    Entity Marc Heusser uttered this profundity:

    What would your recommend as "phoning home" software that sends back any
    new IP addresses the computer is connected to (private and public, ie
    through routers), preferrably free- or shareware. And preferrably
    something that is run faceless with cron, so it does not show up in the
    task list usually.

    I would suggest this kind of script run from cron:

    curl http://checkip.dyndns.org/ > /private/tmp/IP.html ; scp /private/tmp/IP.html /private/tmp/IP.html login@address:webPath

    I ran it just now and it works well when ssh is already set up. The result
    is seen here: http://Gnarlodious.com/IP.html

    There may be a way to pipe the curl output directly into the scp command without creating a temp file, but I don't know how.

    -- Gnarlie

    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From Andre Berger@andre.berger@web.de to comp.sys.mac.system on Thursday, April 20, 2006 16:37:45
    From Newsgroup: comp.sys.mac.system

    * Gnarlodious (2006-04-20):
    Entity Marc Heusser uttered this profundity:

    What would your recommend as "phoning home" software that sends back any new IP addresses the computer is connected to (private and public, ie through routers), preferrably free- or shareware. And preferrably
    something that is run faceless with cron, so it does not show up in the task list usually.

    I would suggest this kind of script run from cron:

    curl http://checkip.dyndns.org/ > /private/tmp/IP.html ; scp /private/tmp/IP.html /private/tmp/IP.html login@address:webPath

    I ran it just now and it works well when ssh is already set up. The result
    is seen here: http://Gnarlodious.com/IP.html

    There may be a way to pipe the curl output directly into the scp command without creating a temp file, but I don't know how.

    curl http://checkip.dyndns.org | ssh hostname 'cat > /path/to/IP.html'

    but I like Barry's solution much better.

    -Andre
    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From Don Bruder@dakidd@sonic.net to comp.sys.mac.system on Thursday, April 20, 2006 12:01:50
    From Newsgroup: comp.sys.mac.system

    In article <marc.heusser-E169FC.11330820042006@idnews.unizh.ch>,
    Marc Heusser <marc.heusser@CHEERSheusser.comMERCIALSPAMMERS.invalid>
    wrote:

    As I just had my 17" PB stolen, I'd like to better protect my new Mac
    Book Pro.
    I now have my whole user directory encrypted with FileVault.
    I would assume this renders attempts to get at my data futile.
    It does not get a stolen laptop back though.
    What would your recommend as "phoning home" software that sends back any
    new IP addresses the computer is connected to (private and public, ie through routers), preferrably free- or shareware. And preferrably
    something that is run faceless with cron, so it does not show up in the
    task list usually.
    Is there anything else that I can do preventively (other than locking it
    up :-)?
    Engraving an e-mail address/name on the case, ...

    Not to be a killjoy, but if I were the type to be swiping a powerbook, I
    can *GUARANTEE* this much:

    *NO* "phone-home" or "where are you?" type scheme would ever get a
    chance to work. Why not? Simple:

    My very first move (probably even before completing my "getaway") would
    be to pull the batter(y/ies) and render the machine inert until I had
    time to dink around with it at leisure. Once that time came, the machine
    would never see a network connection of any kind because every card,
    cable, antenna, or anything else that even looked like it *MIGHT* be a
    "get in touch with the outside world" device would be
    disconnected/removed before I powered it up.

    If I thought there was data on it that I wanted, it would fire up
    completely isolated until I got an inventory of what there was I wanted,
    that data would be copied off to a USB drive of some sort, and then I'd proceed to wipe the machine's drive and do a re-install from CD/DVD
    media.

    <poof>

    So much for your "phone home"/"lo-jack" scheme...

    --
    Don Bruder - dakidd@sonic.net - If your "From:" address isn't on my whitelist, or the subject of the message doesn't contain the exact text "PopperAndShadow" somewhere, any message sent to this address will go in the garbage without my ever knowing it arrived. Sorry... <http://www.sonic.net/~dakidd> for more info --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From Michael Vilain@vilain@spamcop.net to comp.sys.mac.system on Thursday, April 20, 2006 12:38:36
    From Newsgroup: comp.sys.mac.system

    In article <4447da6c$0$1497$742ec2ed@news.sonic.net>,
    Don Bruder <dakidd@sonic.net> wrote:

    In article <marc.heusser-E169FC.11330820042006@idnews.unizh.ch>,
    Marc Heusser <marc.heusser@CHEERSheusser.comMERCIALSPAMMERS.invalid>
    wrote:

    As I just had my 17" PB stolen, I'd like to better protect my new Mac
    Book Pro.
    I now have my whole user directory encrypted with FileVault.
    I would assume this renders attempts to get at my data futile.
    It does not get a stolen laptop back though.
    What would your recommend as "phoning home" software that sends back any new IP addresses the computer is connected to (private and public, ie through routers), preferrably free- or shareware. And preferrably something that is run faceless with cron, so it does not show up in the task list usually.
    Is there anything else that I can do preventively (other than locking it up :-)?
    Engraving an e-mail address/name on the case, ...

    Not to be a killjoy, but if I were the type to be swiping a powerbook, I
    can *GUARANTEE* this much:

    *NO* "phone-home" or "where are you?" type scheme would ever get a
    chance to work. Why not? Simple:

    My very first move (probably even before completing my "getaway") would
    be to pull the batter(y/ies) and render the machine inert until I had
    time to dink around with it at leisure. Once that time came, the machine would never see a network connection of any kind because every card,
    cable, antenna, or anything else that even looked like it *MIGHT* be a
    "get in touch with the outside world" device would be
    disconnected/removed before I powered it up.

    If I thought there was data on it that I wanted, it would fire up
    completely isolated until I got an inventory of what there was I wanted, that data would be copied off to a USB drive of some sort, and then I'd proceed to wipe the machine's drive and do a re-install from CD/DVD
    media.

    <poof>

    So much for your "phone home"/"lo-jack" scheme...

    Most laptop theives aren't that smart. If it looks like it will buy
    their next fix, it gone. You should be working for the local
    constabulary. They need computer savy people.

    --
    DeeDee, don't press that button! DeeDee! NO! Dee...



    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From William Mitchell@mitchell@math.ufl.edu to comp.sys.mac.system on Thursday, April 20, 2006 16:00:22
    From Newsgroup: comp.sys.mac.system

    Don Bruder <dakidd@sonic.net> writes:

    Not to be a killjoy, but if I were the type to be swiping a powerbook, I
    can *GUARANTEE* this much:

    *NO* "phone-home" or "where are you?" type scheme would ever get a
    chance to work. Why not? Simple:

    [ a day's work of details omitted ]

    <poof>

    So much for your "phone home"/"lo-jack" scheme...

    And then you would fence it for 10 cents on the dollar, and retire in
    style.

    I'll grant you that whoever would steal my laptop could be a computer
    savvy hacker too cheap to buy his own computer, or an agent from the
    FBI working with the NSA to get my secrets. I could see the chances
    of failure easily as high as 5% --- if one counts in there the
    outright failure of the program to work, or the possibility of its
    winding up in the trash instead. Either would be far more likely
    than your scenario.




    --
    Bill Mitchell
    Dept of Mathematics, The University of Florida
    PO Box 118105, Gainesville, FL 32611--8105
    mitchell@math.ufl.edu (352) 392-0281 x284
    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From Tom Harrington@tph@pcisys.no.spam.dammit.net to comp.sys.mac.system on Thursday, April 20, 2006 16:05:08
    From Newsgroup: comp.sys.mac.system

    In article <4447da6c$0$1497$742ec2ed@news.sonic.net>,
    Don Bruder <dakidd@sonic.net> wrote:

    *NO* "phone-home" or "where are you?" type scheme would ever get a
    chance to work. Why not? Simple:

    My very first move (probably even before completing my "getaway") would
    be to pull the batter(y/ies) and render the machine inert until I had
    time to dink around with it at leisure. Once that time came, the machine would never see a network connection of any kind because every card,
    cable, antenna, or anything else that even looked like it *MIGHT* be a
    "get in touch with the outside world" device would be
    disconnected/removed before I powered it up.

    If I thought there was data on it that I wanted, it would fire up
    completely isolated until I got an inventory of what there was I wanted, that data would be copied off to a USB drive of some sort, and then I'd proceed to wipe the machine's drive and do a re-install from CD/DVD
    media.

    That's what YOU would do. What's your basis for assuming that any
    random thief is as computer-savvy as you?

    Given that many people who buy used computers don't seem to know enough
    to start by reinstalling the system, you seem to be radically
    overestimating the odds that a prospective thief is going to be anywhere
    near as clued-in as you.

    --
    Tom "Tom" Harrington
    Macaroni, Automated System Maintenance for Mac OS X.
    Version 2.0: Delocalize, Repair Permissions, lots more.
    See http://www.atomicbird.com/
    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From Don Bruder@dakidd@sonic.net to comp.sys.mac.system on Thursday, April 20, 2006 16:23:49
    From Newsgroup: comp.sys.mac.system

    In article <y9dlku0f25l.fsf@waccamaw.math.ufl.edu>,
    William Mitchell <mitchell@math.ufl.edu> wrote:

    Don Bruder <dakidd@sonic.net> writes:

    Not to be a killjoy, but if I were the type to be swiping a powerbook, I can *GUARANTEE* this much:

    *NO* "phone-home" or "where are you?" type scheme would ever get a
    chance to work. Why not? Simple:

    [ a day's work of details omitted ]

    <poof>

    So much for your "phone home"/"lo-jack" scheme...

    And then you would fence it for 10 cents on the dollar, and retire in
    style.

    I'll grant you that whoever would steal my laptop could be a computer
    savvy hacker too cheap to buy his own computer, or an agent from the
    FBI working with the NSA to get my secrets. I could see the chances
    of failure easily as high as 5% --- if one counts in there the
    outright failure of the program to work, or the possibility of its
    winding up in the trash instead. Either would be far more likely
    than your scenario.

    The point being that all protection/recovery schemes are a waste of
    effort when confronted by anyone with a bit of knowledge and the time
    they need to use it. It doesn't matter if it takes a day, a week, a
    month, or thirty seconds - Once a machine is in the hands of someone
    with enough know-how (and the smarts to USE it) then *ALL* protection
    offered by said scheme is worthless.

    Better by far to not let it get stolen in the first place - nail it
    down, never leave it alone, even for a moment, etc.

    (Yes, I understand that isn't always practical/convenient. If it's
    important enough, you'll *MAKE* it possible, regardless of practicality
    or inconvenience.)

    --
    Don Bruder - dakidd@sonic.net - If your "From:" address isn't on my whitelist, or the subject of the message doesn't contain the exact text "PopperAndShadow" somewhere, any message sent to this address will go in the garbage without my ever knowing it arrived. Sorry... <http://www.sonic.net/~dakidd> for more info --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From Don Bruder@dakidd@sonic.net to comp.sys.mac.system on Thursday, April 20, 2006 16:24:41
    From Newsgroup: comp.sys.mac.system

    In article <tph-8443A1.16050820042006@localhost>,
    Tom Harrington <tph@pcisys.no.spam.dammit.net> wrote:

    In article <4447da6c$0$1497$742ec2ed@news.sonic.net>,
    Don Bruder <dakidd@sonic.net> wrote:

    *NO* "phone-home" or "where are you?" type scheme would ever get a
    chance to work. Why not? Simple:

    My very first move (probably even before completing my "getaway") would
    be to pull the batter(y/ies) and render the machine inert until I had
    time to dink around with it at leisure. Once that time came, the machine would never see a network connection of any kind because every card, cable, antenna, or anything else that even looked like it *MIGHT* be a "get in touch with the outside world" device would be
    disconnected/removed before I powered it up.

    If I thought there was data on it that I wanted, it would fire up completely isolated until I got an inventory of what there was I wanted, that data would be copied off to a USB drive of some sort, and then I'd proceed to wipe the machine's drive and do a re-install from CD/DVD
    media.

    That's what YOU would do. What's your basis for assuming that any
    random thief is as computer-savvy as you?

    Valid point...

    Given that many people who buy used computers don't seem to know enough
    to start by reinstalling the system, you seem to be radically
    overestimating the odds that a prospective thief is going to be anywhere near as clued-in as you.

    <sigh> Two in one post... OK, That's it - you don't get to play anymore!
    :)

    --
    Don Bruder - dakidd@sonic.net - If your "From:" address isn't on my whitelist, or the subject of the message doesn't contain the exact text "PopperAndShadow" somewhere, any message sent to this address will go in the garbage without my ever knowing it arrived. Sorry... <http://www.sonic.net/~dakidd> for more info --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From Randy Howard@randyhoward@FOOverizonBAR.net to comp.sys.mac.system on Thursday, April 20, 2006 23:39:43
    From Newsgroup: comp.sys.mac.system

    Marc Heusser wrote
    (in article
    <marc.heusser-E169FC.11330820042006@idnews.unizh.ch>):

    As I just had my 17" PB stolen, I'd like to better protect my new Mac
    Book Pro.

    Argh...

    I now have my whole user directory encrypted with FileVault.
    I would assume this renders attempts to get at my data futile.

    It makes it more difficult, but there are no guarantees.

    It does not get a stolen laptop back though.

    True.

    What would your recommend as "phoning home" software that sends back any
    new IP addresses the computer is connected to (private and public, ie through routers), preferrably free- or shareware. And preferrably
    something that is run faceless with cron, so it does not show up in the
    task list usually.

    Gateway actually puts a LoJack like product inside their
    notebooks for this, I think they call it "Mobile Theft
    Protection. I suspect it hasn't sold all that well, or other
    companies would be doing it more.

    This might work if you boot camp and Windows on it... http://www.synet.biz/LaptopAntitheft/index.htm

    This product purports to support both Windows and OS X.

    http://www.computersecurity.com/stealth/


    Is there anything else that I can do preventively (other than locking it
    up :-)?
    Engraving an e-mail address/name on the case, ...

    TIA

    Marc





    --
    Randy Howard (2reply remove FOOBAR)
    "The power of accurate observation is called cynicism by those
    who have not got it." - George Bernard Shaw





    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From Marc Heusser@marc.heusser@CHEERSheusser.comMERCIALSPAMMERS.invalid to comp.sys.mac.system on Friday, April 21, 2006 01:42:19
    From Newsgroup: comp.sys.mac.system

    In article <20060420143745.GG16000@hvk.local>,
    Andre Berger <andre.berger@web.de> wrote:


    curl http://checkip.dyndns.org | ssh hostname 'cat > /path/to/IP.html'

    but I like Barry's solution much better.

    Your solution has two possible advantages:
    1 Run by cron, ie not visible except for the crontab and if it just
    happens to run in the task list
    2 it would allow to trace the different IP addresses, instead of just returning the latest one (at least if one manages to append to a file
    instead of just copying a number)

    BTW: http://www.dnsupdate.org/ is the software to go with DynDNS, www.zoneedit.com is an alternative to DynDNS.

    I would wipe the disk too if I were a thief - but there is always hope
    that a thief does not know Mac's that well. Or am I just dreaming ;-)

    Marc

    --
    Switzerland/Europe
    <http://www.heusser.com>
    remove CHEERS and from MERCIAL to get valid e-mail
    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From Barry Margolin@barmar@alum.mit.edu to comp.sys.mac.system on Thursday, April 20, 2006 20:25:37
    From Newsgroup: comp.sys.mac.system

    In article <marc.heusser-1A125F.01421921042006@idnews.unizh.ch>,
    Marc Heusser <marc.heusser@CHEERSheusser.comMERCIALSPAMMERS.invalid>
    wrote:

    I would wipe the disk too if I were a thief - but there is always hope
    that a thief does not know Mac's that well. Or am I just dreaming ;-)

    Might he first boot it to try to steal personal data from it?

    A clever identity thief would probably remove the disk and connect it as
    a second drive on their own machine, but I wonder if most would bother.

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    *** PLEASE don't copy me on replies, I'll read them in the group ***
    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From John McWilliams@jpmcw@comcast.net to comp.sys.mac.system on Thursday, April 20, 2006 17:44:43
    From Newsgroup: comp.sys.mac.system

    Barry Margolin wrote:
    In article <marc.heusser-1A125F.01421921042006@idnews.unizh.ch>,
    Marc Heusser <marc.heusser@CHEERSheusser.comMERCIALSPAMMERS.invalid>
    wrote:


    I would wipe the disk too if I were a thief - but there is always hope >>that a thief does not know Mac's that well. Or am I just dreaming ;-)


    Might he first boot it to try to steal personal data from it?

    A clever identity thief would probably remove the disk and connect it as
    a second drive on their own machine, but I wonder if most would bother.


    Wouldn't it be easier to simply not put it online?

    --
    john mcwilliams
    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From danspam@danspam@f2s.com (Daniel Cohen) to comp.sys.mac.system on Friday, April 21, 2006 19:58:01
    From Newsgroup: comp.sys.mac.system

    John McWilliams <jpmcw@comcast.net> wrote:

    Wouldn't it be easier to simply not put it online?

    Yes, but most people will want the computer online.

    And if they don't suspect there is any protection on the machine, why
    not put it online.
    --
    http://www.decohen.com
    Send e-mail to the Reply-To address;
    mail to the From address is never read
    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From danspam@danspam@f2s.com (Daniel Cohen) to comp.sys.mac.system on Friday, April 21, 2006 19:58:02
    From Newsgroup: comp.sys.mac.system

    Don Bruder <dakidd@sonic.net> wrote:

    Once a machine is in the hands of someone
    with enough know-how (and the smarts to USE it) then *ALL* protection
    offered by said scheme is worthless.

    Agreed. But often enough it isn't in the hands of someone with enough
    know-how.

    Better by far to not let it get stolen in the first place - nail it
    down, never leave it alone, even for a moment, etc.

    (Yes, I understand that isn't always practical/convenient. If it's
    important enough, you'll *MAKE* it possible, regardless of practicality
    or inconvenience.)

    My computers were stolen from my home in two separate but related
    incidents. On one occasion they wrenched a window off its fastenings. No
    amount of care can cover all risks.
    --
    http://www.decohen.com
    Send e-mail to the Reply-To address;
    mail to the From address is never read
    --- Synchronet 3.18b-Win32 NewsLink 1.113