What is Digg?65 Comments
- ThePerchik, on 10/12/2007, -0/+9Direct Link
http://www.macgeekery.com/gspot/2006-02/remote_destruction_of_data - Otto, on 10/12/2007, -0/+3This is a fairly terrible idea. Instead of running rm -rf, why not have it grab the real IP of the machine and a date/time stamp, along with logging all keystrokes that the thief makes, then periodically uploading that information to your webserver or some other system in the background. Using that information, you can probably track the ***** down.
The keystrokes alone will probably give you a name and/or email address for your thief. The IP, along with a date/time stamp, will be useful if you can get the ISP to reveal the information about whos account is being used to access the net.
Plus, you might actually get your laptop back. - sdbryan, on 10/12/2007, -0/+3I guess I am echoing an earlier comment but how dumb do you have to be to think it is a good idea to install a mechanism for trashing your hard drive remotely? Besides the fact that most software of any real complexity can behave unexpectedly on its own, you also have the prospect of bit-rot over time and there are always those wacky pranksters who will go to unexpected lengths to crack such a system and cause mayhem.
Despite the jeers from others it is always possible that your laptop can be stolen. Rational precautions is to include it in your insurance policy to ease its replacement. Also create two accounts and set the second to be encrypted (turn on FileVault). Give the first account administrator privileges for installing software and so forth, and the second account, which is just given standard privileges, is the account you should customarily use. This makes your personal documents (kept in your home directory) inaccessible unless the thief had the opportunity to capture your login passphrase. - adidax, on 10/12/2007, -0/+3dear mac user i just stole a computer from
thank you for cleaning the hard drive for me.
-computer theif - Craig1394, on 10/12/2007, -0/+2How about a script that notifies the owner of the computer and says "I don't care about your stupid porn collection, I just wanted the hardware"
- wtfunkymonkey, on 10/12/2007, -0/+2rule number one of stealing computers;
reformat/replace hard disk prior to connecting to the internet. - Ignathius, on 10/12/2007, -0/+2soooo, i steal someone's Mac, grab all the info i need form it, and then just plug it in to a net connection and it'll do the wipe for me? great! now i can just install OS X fresh and start from scratch without all those pesky apps installed from the previous owner.
- neohx_7, on 10/12/2007, -0/+1>Who the hell would steal a Mac? It's not like there's any software available for it.
What year is this again? - aimless, on 10/12/2007, -3/+4Amazing how many articles on digg link to some ad-filled blog that does nothing more than reference the real article.
- jk_baller23, on 10/12/2007, -0/+1if I were to steal a mac, which i probably won't since I already have a PB, I would garbage the hard drive and install my own. Better to spend about $150 then to spend $1500+
- h0dg3s, on 10/12/2007, -0/+1adidax said "dear mac user i just stole a computer from
thank you for cleaning the hard drive for me.
-computer theif"
rofl - vandil, on 10/12/2007, -0/+0As a sysadmin and an owner of a 17" PowerBook G4, I can only say: "Use a password with your user account." (This goes for those Windows XP users out there running admin-level accounts without passwords -- shame on you.)
The thief can't go online if they can't log in. :P
And unless they targeted your PowerBook for its user data, any hardware thief would simply reroll the thing without attempting to boot from the installed OS. - xutopia, on 10/12/2007, -0/+0I just want the IP address... and knowing most people who own laptops they probably want their data as well.
This is only useful if you have sensitive infromation on your laptop (in which case you should password protect it) and in that case the user shouldn't be able to go online anyways. - wilkeson, on 10/12/2007, -1/+1Wait, you can remotely delete all of the files on a Mac.
...yeah, that seems like a good idea. - mercano, on 10/12/2007, -0/+0This technique can also be used on Windows.
The other nice bit about this scheme is the thief's IP address will show up in your HTTP logs, which might be helpful to the police. No one else should be hitting that file, either, so there's a nice signal to noise ratio. - dbr_onix, on 10/12/2007, -0/+0"Any ideas on how to automatically activate a file when "www.mywebsite.com/stolen" is put there ?
I'd be looking to do this on a windows machine, and have it activate a Trojan/keylogger...
remember WINDOWS !!
cheers"
Learn some form of scripting (Visual BASIC is easy enough), make it open the file, check if the web-object thing contains "1" or something, if so, shellexec("C:program.exe")
Remeber you might not be able to make incomming connections to a trojan type thing (whcih is why using something like Hamachi is a good idea)..
- Ben - a1programmer, on 10/12/2007, -0/+0This would be worth doing on a PC, but for a MAC? lol... just kidding.
Why not write a script to recover your files back for you?
Or, even better, embed a GPS inside your box, and activate it once your service checks the url and gets text to indicate it has been stolen. - wyngnut, on 10/12/2007, -0/+0What a stupid idea....
At least his porn fetish is safe from that thief. - framitz, on 10/12/2007, -0/+0Ruxpin,
If you were to do something like this on a work pc and actually use it, then you would probably be prosecuted for the action. NOT a good idea to remotly delete files from a machine you don't own!
As a network security analyst and the guy that audits employee terminations I can tell you that we work very hard to make sure a terminated employee can NOT get back into our network or computers. - bsoric, on 10/12/2007, -0/+0Just a question- I've never really used macs heaps, but wouldn't the thief need to use a password to get into your account anyway?
- signal15, on 10/12/2007, -0/+0Quick, someone poison his DNS so he hits a webserver run by you with that file on it. :)
Personally, I would rather make the script take audio recordings of the people in the room in the hope that they would say something that would identify them. You'd already have logs of their IP's when they hit the webserver. Built in iChat camera would let you take pics of them. And, you could probably make something that would pop up on the screen encouraging them to enter in their contact information, like something that said "congratulations for winning the iTunes free stuff giveaway, please enter your name and address to get 3 MacBook Pros, $10k in cash, and unlimited iTunes purchases for free!"
I have an Asterisk VoIP server running too. I can set up certain extensions to record the conversation to disk. If you did manage to tell the laptop it was stolen, it could covertly dial that extension over the net and just record everything.
Thieves are stupid most of the time and have no idea. But, personally I wouldn't count on your data being around long anyway, because chances are they will dump it on someone that knows what they are doing and the box will be formatted anyway. - inactive, on 10/12/2007, -0/+0bam, otto has it.
keystroke logger to any connection to the net, low visibility, you'd OWN the info on the guy, what he's doing, prob'ly where he is. best use of a keylogger I've ever seen.
Then again, don't all mac people hang out at cliche' coffee spots dressed similarly talking about haircuts anyway? seems easy to find, hard part is id'ing YOUR laptop over all the other clones of it. - ruxpin2, on 10/12/2007, -0/+0I dugg this not because I think it is usefull in the situation described... but, because I think this would be wonderful to put on my work boxes. As any employee does I do have a bit of private info on the machine and who knows if you can back it up in the event of being fired. Hell we just fired someone that has been out of the office for 3 weeks... so I can make it back up my data and email it to me or something...
- pixas, on 10/12/2007, -0/+0@jbarnett:
other way around dude, if the server is accessible and the file exists the script executes. - framitz, on 10/12/2007, -0/+0Right, remotly clean up the computer for the thief, what a nice favor. I guess that if done right at least your data is deleted so it can't be used. A remote total drive wipe would be better, but also a favor to the thief, who can now start fresh without replacing the drive.
Having the stolen mac report the IP of it's connection via the web would actually be helpful and might lead to recoving the equipment.
I don't usually bash mac users, but they sure do seem to be lame at times. PC users are mostly lame too so I guess it balances out. - simon21, on 10/12/2007, -0/+0Wait, there's something interesting about that. I agree that it's not THAT usefull to delete all e-mails once a computer is stolen, but wouldn't it be possible to try to track one's computer? I mean there are still stupid people who steal computers and then try to use it. So best would be: once the thief is loged in, to send an e-mail with maybe be IP or the websites he visits to me by e-mail so that I can at least try to identify him? It would be great if someone could write a tool like that.
- inactive, on 10/12/2007, -0/+0you may be better off having a non admin acct with a very easy to guess password so a thief can easily sign in. also have a network location set up for both airport and ethernet dhcp. then if you have a 'phone home' script, you're more likely that the thief will use it and it'll have a chance to send you the important info.
- dink, on 10/12/2007, -0/+0umm to the yahoo that said that passwords would stop people from getting in.
windows: boot into a linux cd and crack the windows password with nthash program
Mac: ctrl + s i believe it is that gets you a root shell at init1 if you hold down those keys when turning the computer on. from there you can change the password and issue the systemstart command
linux: boot off a live cd system, mount the file system and overwrite /etc/passwd .. im sure there are other methods
bios: pull the battery
ibm-thinkpad-bios: google it, there is bound to be some answer at this point.
These aren't complete answers and im too lazy to look up the updated info. the point is passwords dont do ***** if physical security is compromised - dreadlock7, on 10/12/2007, -0/+0why don't these types of articles come up for PC's?? Why are these "get stolen" articles are only about Macs? I want to become paranoid too, like someone is gonna steal my PC.
I'm sure these articles are helpful but it's like it's promoting that the kool thing to do is steal a Mac - dougmc, on 10/12/2007, -0/+0Really, this is a very bad idea. The odds of something going wrong and that causing the deletion of all your files while the laptop is in your posession are much greater than the odds of it actually being stolen and then actually being used in a way that the script can trigger. You could make things a bit safer by making it only trigger if file laptop_stolen is found *and* file dont_delete_my_files is missing, but even so, there's many scenarios that could result in the triggering of this payload when you don't want it to. (What if somebody cracked your web site box and saw the requests coming in, and figured out what they were for? One touch and one rm later, and blammo ... your files are gone at the next reboot.)
And really, even if the rm -rf * does go off, the data isn't gone -- it's just that the pointers to it are gone. A `strings' on the raw disk device will find all your mail and such. I've never tried to undelete files under MacOS, but under fat32 and ext2, it's not so difficult, just time consuming.
Personally, when I steal hardware (or when I buy it used -- same difference), be it PC, Mac or other, I never boot off the disk included. Instead, if I want to poke around somebody else's files, I put the drive into another computer of mine and read it that way. That way, nothing bad like this can go off. Really, if you want your files to be secure, you'll need some sort of encrypted filesystem. And if I don't want to poke around their files, the system gets formatted immediately and never booted while on the network -- who knows what sort of crap is installed on it that I don't want on my network? - frozendice, on 10/12/2007, -0/+0If google ever wanted a usefull service this would be one. All google has to do is offer for you to register your laptop's wireless and wired MAC address with them, and everytime you log into a google account it checks the mac address to see if it's listed as stolen. I don't know how they would request the MAC through a browser though. I know MAC can be changed, but not wireless on macintoshes.
- 16x9, on 10/12/2007, -0/+0> attropHeed wrote: "The joke's on the thief already. The idiot just stole a Mac."
I actually look forward to stories that are specific to Apple or Microsoft or Linux because I know that there are going to be the predictable yet pointless fanboy comments such as the one uttered by attropHeed. - bluemax, on 10/12/2007, -0/+0Nice, next time I jack someone's Mac this will save me the trouble of deleting the previous owner's files myself.
- geocar, on 10/12/2007, -0/+0I'll go steal his mac and make sure I'm not online at 4:15 in the afternoon.
- mike_c, on 10/12/2007, -0/+0"here's an idea, call me crazy, but... why not just encrypt the contents of your hd, or OH I DON'T KNOW ... keep track of your little toy? i know computers are complicated, but it isn't exactly rocket science to not lose your laptop."
its probably not your own files you'd be deleting but the nw "owner's" drrrrrrrrrrr. jk - darrylring, on 10/12/2007, -0/+0Why not put web-activated explosives in it instead? At least that would leave you feeling satisfied.
- wijman, on 10/12/2007, -0/+0Any ideas on how to automatically activate a file when "www.mywebsite.com/stolen" is put there ?
I'd be looking to do this on a windows machine, and have it activate a Trojan/keylogger...
remember WINDOWS !!
cheers - rebrad, on 10/12/2007, -0/+0Sounds like a great virus hook. I can see it now a virus that searches for machines infected with supposed security software and deleting the real owners files. I think I'd be weary of installing such an application. Programmers always leave a backdoor.
- urbn, on 10/12/2007, -0/+0And then they laugh, reformat, and resell your laptop. Not going to stop or solve anything with your laptop being stolen, only thing that may be saved are you files. And most of the time, im sure the person who stole it dosen't give a dam about your files, only the hardware.
- dbr_onix, on 10/12/2007, -0/+0"Say his webserver goes down. The script can find the file so *rm -rf*
Say he loses connection to his internet (ISP goes down, wireless glitch, etc) then automate *rm -rf*"
Err, it checks for that file, if it IS FOUND, it deletes the file..
And as for the comments about the encrypted filesystem, say it gets stolen when it's switched on? (Which is likely if your using it somewhere public, mistake 1, then leave it unattended for a second, mistake 2..), okay most people who would steal a Mac aren't going to the be most intelligent in the world, and probobaly wouldn't think about this, or care, and just sell it..
There was a program/service on Digg a while ago that did exactly this, and I though it's screwed up that you'd pay for something so simple..
This is a good idea, but there are a few easier alternatives..
Something like a VPN service (Hamachi when it's released for OS X would be ideal), and enabling SSH, when it's stolen, just wait for it to go online, then you can delete files, scare the theif by making files appear with messages from you etc.. Okay so not as convientent, but more fun..
You could also run a script (via SSH, or automaticlly when that file is found), that grabs a picture from the iSight, shoves it on an FTP shared folder and grab it via SFC (Or email it, which is less..covert, as you might get "Sending email.." dialouges..)
Finaly, again to the "Just use a password you idiots" argument.. That way your pretty much forcing them to either spend weeks bruteforcing the login then trigger your evil script (not going to happen), or reinstall OS X (screws up script)..
Leaving it open seems like a bad idea, but if it means you get your sillypriced laptop back, it might be worth it.. Have a unpassworded account, and your main passworded account, which has encrypted data.. Best of both worlds, the theif clicks the unpassworded account and it triggers the script, but keeps all your p0r- erm "data" safe..
- Ben - itchyfeet, on 10/12/2007, -0/+0Delete your whole hard disk remotely? That just sounds like a disaster waiting to happen.
Why not try "Orbicule"? Sounds like a lot more fun, and a lot more sophisticated method of theft recovery. Kind of like a lo-jack for your Mac.
http://www.orbicule.com - 16x9, on 10/12/2007, -0/+0> themeparkphoto wrote: "Who the hell would steal a Mac? It's not like there's any software available for it. Windows XP has a better solution to the "stolen data" problem: Encrypted filesystems."
> neohx_7 wrote in response to themeparkphoto's comments: "What year is this again?"
No kidding, neohx_7. When I read this kind of stuff I realize that the author has never used a Mac. The only class of applications where someone can fairly claim that the options for the Macintosh aren't as wide as those for PCs are games. And even there, most of the big name games are ported to the Mac.
Oh, and by the way, themeparkphoto, OS X has built file system encryption. Are you just pulling your opinions out of your butt? - soopafly, on 10/12/2007, -1/+0Wait..why are people stealing Powerbooks and iBooks when they could steal a perfectly good $399 Dell??
/end sarcasm - matts0344, on 10/12/2007, -1/+0This is so stupid and a waste of time.
It has 'Mac' in the title! digg digg digg! - mynameisob3l, on 10/12/2007, -2/+1My PowerBook’s periodic gets that URL and, if found, runs a script that runs rm -rf against a smattering of directories and pops an AppleScript informing the new “owner” that they are using stolen hardware.
-----------------
rm -rf what could possibly go wrong...
here's an idea, call me crazy, but... why not just encrypt the contents of your hd, or OH I DON'T KNOW ... keep track of your little toy? i know computers are complicated, but it isn't exactly rocket science to not lose your laptop. - RyeBrye, on 10/12/2007, -2/+1This is hilarious how stupid it is. Nobody is going to steal a laptop in order to get data from it - and then connect it to the internet before they extract the data. If he's got such great data on his hard drive, they will probably just take the drive out and extract it - then toss the computer.
DIGG Challege:
I can't wait until someone either hacks this guy's server, or hijacks the DNS of it on the guys network to point to a different server with that "youve_been_stolen" file on it.
That would be hilarious. - BIGGY350z, on 10/12/2007, -4/+3Wow, thanks for linking to some blog instead of straight to the point. Going directly to the source sucks.
- Kuipo, on 10/12/2007, -1/+0Linking to a blog that has the link = no digg
- lalee, on 10/12/2007, -1/+0Duh. Why bother with remote-access? Sheesh, so typical of Mac people -- you think too hard when trying to solve problems.
Just have a password pop-up, if the user gets the password wrong, delete (or encrypt) the sensitive content. Going through all the hassle HOPING the thief goes online to trigger this is ridiculous.
No Digg. - inactive, on 10/12/2007, -2/+0Who the hell would steal a Mac? It's not like there's any software available for it.
Windows XP has a better solution to the "stolen data" problem: Encrypted filesystems. -
Show 51 - 61 of 61 discussions
Check out the new & improved 
© Digg Inc. 2009
— Content created and posted by Digg users is