 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Mac Forum / General / Portable Macs / February 2006Stolen laptop
Someone stole my mac laptop last-week. )-: Is there any why of tracking or seeing where my laptop is, if the person who stole it goes online?? because each and every mac has a SN number just for that mac. -Adriel > Someone stole my mac laptop last-week. )-: > Is there any why of tracking or seeing where my laptop is, if the > person who stole it goes online?? because each and every mac has a SN > number just for that mac. No, becasue that serial number isn't ordinarily transmitted by the OS or any other Mac software. >> Someone stole my mac laptop last-week. )-: >> Is there any why of tracking or seeing where my laptop is, if the [quoted text clipped - 3 lines] > No, becasue that serial number isn't ordinarily transmitted by the OS or > any other Mac software. There is a company called "Absolute Software" (formerly "Computrace") that sells a service that does this. Whenever your machine is connected to a network, it sends some packets to the company (which is trace-routed). If you're on a dialup, it also gives the phone number. And the company can remotely command your machine to self-destruct by wiping its hard drive. (Someone told me that it also has a key-logging feature, but I am not sure if that's correct.) They tout this as "LoJack for Laptops". But if I were thief, I wouldn't be booting my stolen machine on the network. I'd be wiping the drive, after looking it over for credit card and other valuable information. I don't know how real laptop thieves act, though. One of the features of this software is that it's "hidden". (In other words, this product amounts to deliberately installing a network back-door rootkit on your laptop!) I think on the PC/Windows something is installed in the BIOS. On the Mac, I am not sure if it messes with the firmware, because on my Tiger Powerbook I see it running at least partly through the OS interfaces. I see RPC activity that I suspect is Computrace, and sometimes a Computrace component runs which Lil' Snitch detects. > >> Someone stole my mac laptop last-week. )-: > >> Is there any why of tracking or seeing where my laptop is, if the [quoted text clipped - 13 lines] > but I am not sure if that's correct.) > They tout this as "LoJack for Laptops". There's also MacPhoneHome (which I couldn't get to work), and Lapcop and Undercover (which replaces Lapcop). > But if I were thief, I wouldn't be booting my stolen machine > on the network. I'd be wiping the drive, after looking it [quoted text clipped - 4 lines] > (In other words, this product amounts to deliberately > installing a network back-door rootkit on your laptop!) What precisely is meant by a "rootkit"? After all, there's a lot going on that is invisible in everyday use. > I think on the PC/Windows something is installed in the BIOS. > On the Mac, I am not sure if it messes with the firmware, because > on my Tiger Powerbook I see it running at least partly through the > OS interfaces. I see RPC activity that I suspect is Computrace, > and sometimes a Computrace component runs which Lil' Snitch detects. The ones I know about don't affect the firmware. An admin user can find out that the program is running and then delete it. But if you don't know it's there then it can be difficult to discover that it exists. Wiping the drive can be made difficult by setting an Open Firmware password, though there are ways round that. I suspect most thieves (and their clients) aren't sufficiently experienced in computers to work this out if they have a machine that is working for them.  SignatureSend e-mail to the Reply-To address; mail to the From address is never read Entity Daniel Cohen spoke thus: > Wiping the drive can be made difficult by setting an Open Firmware > password, though there are ways round that. Speaking of Open Firmware, you can improve your chances of retrieving a stolen Mac by setting the Open Firmware " oem-banner" variable to display a message to would-be hackers. To do this, first ensure that Open Firmware is unlocked. If you keep it locked then relock it after setting the message. Say this in Terminal to enable display of the banner text: sudo nvram oem-banner?=true Now set the banner variable: udo nvram oem-banner="This Mac belongs to Gnarlodious: http://Gnarlodious.com/ 505/570-****" Now, anyone who is computer savvy enough to boot into Open Firmware has no excuse to steal your Mac. -- Gnarlie > Now set the banner variable: > udo nvram oem-banner="This Mac belongs to Gnarlodious: > http://Gnarlodious.com/ 505/570-****" I think this is worth doing. In the bit in double quotes, how does one get the new line? SignatureSend e-mail to the Reply-To address; mail to the From address is never read > What precisely is meant by a "rootkit"? After all, there's a lot > going on that is invisible in everyday use. A secret remote backdoor, unknown to the user, that surreptitously makes network connections to a server, from which it downloads arbitrary commands that will run with super-user (uid=0) privileges; specifically, commands that will log your keystrokes to the remote server, wipe your hard drive, and probably a few other functions the details of which I do not know. Also, most things are not "invisible" - you can see them running by doing a "ps" command or using the Activity Monitor. The program that I am referring to exploits holes in the system in order to hide its existance and operation. You can't see it. It's fairly well hidden on disk, too: I don't think it shows up if you look at the Unix "rc" types of files, nor in the various Apple launchd configuration files and so forth. > > What precisely is meant by a "rootkit"? After all, there's a lot > > going on that is invisible in everyday use. [quoted text clipped - 14 lines] > up if you look at the Unix "rc" types of files, nor in the > various Apple launchd configuration files and so forth. Hmm, but you were originally referring to Lojack, of which you said "this product amounts to deliberately installing a network back-door rootkit on your laptop!". That would be a program that is known to the user (at least to the legitimate user), and, provided you trust the firm, again the commands it carries out are not "arbitrary". I think my feeling was that something the owner of the machine deliberately instals could not be called a rootkit Contrast this with the recent Sony attempt at copy protection, which was a rootkit. Interesting that Lojack doesn't show up in Activity Monitor, etc. SignatureSend e-mail to the Reply-To address; mail to the From address is never read > Someone stole my mac laptop last-week. )-: > Is there any why of tracking or seeing where my laptop is, if the > person who stole it goes online?? because each and every mac has a SN > number just for that mac. Adriel- Do you happen to have the box the PB came in? In addition to the serial number, there is an "Internet ID" on the label, which may be the MAC address. (Mine also has the Bluetooth and Airport IDs.) If there is any way to track it, it would probably be through the MAC address. Fred > If there is any way to track it, it would probably be through the MAC address. Correct, in a way. If it was put onto a private network that you had access to, such as on a college campus, you could have the admins look for the mac address in the network logs. But on the open internet, not gonna happen unless you know what ISP the thief is on, and getting them to search. > Someone stole my mac laptop last-week. )-: > Is there any why of tracking or seeing where my laptop is, if the > person who stole it goes online?? because each and every mac has a SN > number just for that mac. Talk to your ISP, but I doubt it. Too easy to chance the configuration parameters to point it to a different ISP. You might also try contacting the police in the area where the laptop was stolen. Good luck. Stan Horwitz <stan@temple.edu> wrote: > > Someone stole my mac laptop last-week. )-: > > Is there any why of tracking or seeing where my laptop is, if the [quoted text clipped - 4 lines] > parameters to point it to a different ISP. You might also try contacting > the police in the area where the laptop was stolen. Good luck. I'm told that Apple keeps a list of stolen machines. Useful if something goes wrong with the stolen machine and the user takes it in for service. Otherwise I don't see what can be done now the machine is gone. As you've seen elsewhere in the thread, there are programs one can install that will report when a stolen machine goes online. SignatureSend e-mail to the Reply-To address; mail to the From address is never read > Someone stole my mac laptop last-week. )-: > Is there any why of tracking or seeing where my laptop is, if the > person who stole it goes online?? because each and every mac has a SN > number just for that mac. > > -Adriel Sorry for your loss. Now, possible solutions that all depend on the thief being (more of) an idiot: -Contact your email service provider, and see what IP addresses have accessed your account. (helps to know your own first) -If you do online banking, same thing. -Check local papers/craigslist/want ads, etc for someone selling a computer that fits your description. Wait until you actually get your hands back on it before accusing them of stealing your computer. I hope you have already changed all your passwords and such. this would actually make it easier for the admins doing the search (all they would have to look for are failed login attempts) And as others have pointed out, report it to apple, just in case. Other than that, it's time for a new laptop. (d) Thanks dspriggs ill do all that. |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.