[ale] lojack for laptops?

Michael H. Warfield mhw at WittsEnd.com
Tue Jun 16 12:42:51 EDT 2009 

$$!#@$@#!#!@

That was not suppose to get sent yet...  Fat fingers...

On Tue, 2009-06-16 at 12:35 -0400, Michael H. Warfield wrote:
> On Mon, 2009-06-15 at 18:34 -0400, Bob Toxen wrote:
> > On Mon, Jun 15, 2009 at 02:52:24PM -0500, Preston Boyington wrote:
> > > Geoffrey wrote:
> > > > Anyone use any software like this?  I'm considering it for my daughter's 
> > > > macbook as she heads off to Tech in the fall.
> > > > 
> > > > Suggestions, recommendations?
> > > > 
> > > > Anyone know of anything like this for Linux??
> > > > 
> 
> > > I would love a hardware solution.  That way the thief wouldn't need to
> > > power on the unit for the locator to work.
> > Uh, is that like the Pointy Hair Boss saying that he wanted the unit
> > to have a light that comes on when the battery is dead?  Yes there was
> > Dilbert about this.  Sorry I couldn't resist.
> 
> > Seriously, this would be a device physically attached to this but not
> > electrically connected -- since all such PCMCIA cards and such don't
> > have power unless the laptop is running.  Hence, it's not really laptop
> > related as you could just as easily attach it to your pen (if it were
> > small enough).
> 
> 	Actually, that's not totally true.  PCI includes a backup power buss (B
> Bus or something like that, I don't recall the exact nominclature) for
> things like "wake on lan".  If you didn't have that, wake-on-lan
> wouldn't work.  Certain very low level functions and powered and
> operational even if you only have power to the device and don't have it
> powered up.

	Wake-on-lan info:

	http://en.wikipedia.org/wiki/Wake-on-LAN

> 	The really scary extension to that is the Intel ATM  / vPro technology.

> 	http://en.wikipedia.org/wiki/Intel_Active_Management_Technology

> "Almost all AMT features are available even if PC power is off, the OS
> is crashed, the software agent is missing, or hardware (such as a hard
> drive or memory) has failed."

> Intel AMT supports these management tasks:
> 
>       * Remotely power up, power down, power cycle, and power reset the
>         computer.[1]
>       * Remote boot the PC by remotely redirecting the PC’s boot
>         process, causing it to boot from a different image, such as a
>         network share, bootable CD-ROM or DVD, remediation drive, or
>         other boot device.[1][7] This feature supports remote booting a
>         PC that has a corrupted or missing OS.
>       * Remotely redirect the system’s I/O via console redirection
>         through serial over LAN (SOL).[1] This feature supports remote
>         troubleshooting, remote repair, software upgrades, and similar
>         processes.
>       * Access and change BIOS settings remotely.[1] This feature is
>         available even if PC power is off, the OS is down, or hardware
>         has failed. This feature is designed to allow remote updates and
>         corrections of configuration settings. This feature supports
>         full BIOS updates, not just changes to specific settings.

	There are other potential uses for the ATM technology and, if you can
load certitificates and other software up there, there's quite a few
possiblities.  But it is intended to be tightly restricted.  You can't
update it from the normal running OS.  But it is intended for remote
management, EVEN WHEN THE MACHINE IS INITIALLY turned off.  A "lojack"
functionality has been discussed in some forums.  I'm not aware of any
product that actually takes advantage of it for those purposes and I'm
not sure how widely deployed it is (like the accelerometers on our
laptops, Bob, or VT/SVM capabilities for virtualization).

> > > Early possibilities for this seem to be a company called S5 Wireless
> > > (http://www.s5w.com/):
> > > 
> > > http://www.gadgetvenue.com/s5-gps-like-tracking-device-is-tiny-12174830/
> > 
> > Bob Toxen
> > bob at verysecurelinux.com               [Please use for email to me]
> > http://www.verysecurelinux.com        [Network&Linux security consulting]
> > http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
> > Quality spam and virus filters.
> > Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

	Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20090616/b2170f4d/attachment-0001.bin

More information about the Ale mailing list