lifehacker.com— Prepare yourself by writing a script that pops up on the screen via a web server to inform the thief that you are aware of the theft and that files will be deleted.
Feb 24, 2006View in Crawl 4
I guess I am echoing an earlier comment but how dumb do you have to be to think it is a good idea to install a mechanism for trashing your hard drive remotely? Besides the fact that most software of any real complexity can behave unexpectedly on its own, you also have the prospect of bit-rot over time and there are always those wacky pranksters who will go to unexpected lengths to crack such a system and cause mayhem.Despite the jeers from others it is always possible that your laptop can be stolen. Rational precautions is to include it in your insurance policy to ease its replacement. Also create two accounts and set the second to be encrypted (turn on FileVault). Give the first account administrator privileges for installing software and so forth, and the second account, which is just given standard privileges, is the account you should customarily use. This makes your personal documents (kept in your home directory) inaccessible unless the thief had the opportunity to capture your login passphrase.
I dugg this not because I think it is usefull in the situation described... but, because I think this would be wonderful to put on my work boxes. As any employee does I do have a bit of private info on the machine and who knows if you can back it up in the event of being fired. Hell we just fired someone that has been out of the office for 3 weeks... so I can make it back up my data and email it to me or something...
Really, this is a very bad idea. The odds of something going wrong and that causing the deletion of all your files while the laptop is in your posession are much greater than the odds of it actually being stolen and then actually being used in a way that the script can trigger. You could make things a bit safer by making it only trigger if file laptop_stolen is found *and* file dont_delete_my_files is missing, but even so, there's many scenarios that could result in the triggering of this payload when you don't want it to. (What if somebody cracked your web site box and saw the requests coming in, and figured out what they were for? One touch and one rm later, and blammo ... your files are gone at the next reboot.)And really, even if the rm -rf * does go off, the data isn't gone -- it's just that the pointers to it are gone. A `strings' on the raw disk device will find all your mail and such. I've never tried to undelete files under MacOS, but under fat32 and ext2, it's not so difficult, just time consuming.Personally, when I steal hardware (or when I buy it used -- same difference), be it PC, Mac or other, I never boot off the disk included. Instead, if I want to poke around somebody else's files, I put the drive into another computer of mine and read it that way. That way, nothing bad like this can go off. Really, if you want your files to be secure, you'll need some sort of encrypted filesystem. And if I don't want to poke around their files, the system gets formatted immediately and never booted while on the network -- who knows what sort of crap is installed on it that I don't want on my network?
Sounds like a great virus hook. I can see it now a virus that searches for machines infected with supposed security software and deleting the real owners files. I think I'd be weary of installing such an application. Programmers always leave a backdoor.
And then they laugh, reformat, and resell your laptop. Not going to stop or solve anything with your laptop being stolen, only thing that may be saved are you files. And most of the time, im sure the person who stole it dosen't give a dam about your files, only the hardware.
> themeparkphoto wrote: "Who the hell would steal a Mac? It's not like there's any software available for it. Windows XP has a better solution to the "stolen data" problem: Encrypted filesystems."> neohx_7 wrote in response to themeparkphoto's comments: "What year is this again?"No kidding, neohx_7. When I read this kind of stuff I realize that the author has never used a Mac. The only class of applications where someone can fairly claim that the options for the Macintosh aren't as wide as those for PCs are games. And even there, most of the big name games are ported to the Mac.Oh, and by the way, themeparkphoto, OS X has built file system encryption. Are you just pulling your opinions out of your butt?
I don't understand, why it isn't in Mac OS as a part of Mobile Me service...it is must have for people, who have sensitive data in their computer. If you lose your MacBook, you probably will not see it anymore, you have your backup on time capsule, so you don't lose any data, but worst thing that can happen is someone breaking the password protection and stealing your data (and sell it to someone, who might use that data against you)...im not a hacker, so i don't know how can he break through the password protection, but i bet there is a way, if you have that laptop in your hand (for example plug the hard drive into another computer etc.)
sdbryanFeb 24, 2006
I guess I am echoing an earlier comment but how dumb do you have to be to think it is a good idea to install a mechanism for trashing your hard drive remotely? Besides the fact that most software of any real complexity can behave unexpectedly on its own, you also have the prospect of bit-rot over time and there are always those wacky pranksters who will go to unexpected lengths to crack such a system and cause mayhem.Despite the jeers from others it is always possible that your laptop can be stolen. Rational precautions is to include it in your insurance policy to ease its replacement. Also create two accounts and set the second to be encrypted (turn on FileVault). Give the first account administrator privileges for installing software and so forth, and the second account, which is just given standard privileges, is the account you should customarily use. This makes your personal documents (kept in your home directory) inaccessible unless the thief had the opportunity to capture your login passphrase.
ruxpin2Feb 24, 2006
I dugg this not because I think it is usefull in the situation described... but, because I think this would be wonderful to put on my work boxes. As any employee does I do have a bit of private info on the machine and who knows if you can back it up in the event of being fired. Hell we just fired someone that has been out of the office for 3 weeks... so I can make it back up my data and email it to me or something...
Closed AccountFeb 24, 2006
Just a question- I've never really used macs heaps, but wouldn't the thief need to use a password to get into your account anyway?
dougmcFeb 24, 2006
Really, this is a very bad idea. The odds of something going wrong and that causing the deletion of all your files while the laptop is in your posession are much greater than the odds of it actually being stolen and then actually being used in a way that the script can trigger. You could make things a bit safer by making it only trigger if file laptop_stolen is found *and* file dont_delete_my_files is missing, but even so, there's many scenarios that could result in the triggering of this payload when you don't want it to. (What if somebody cracked your web site box and saw the requests coming in, and figured out what they were for? One touch and one rm later, and blammo ... your files are gone at the next reboot.)And really, even if the rm -rf * does go off, the data isn't gone -- it's just that the pointers to it are gone. A `strings' on the raw disk device will find all your mail and such. I've never tried to undelete files under MacOS, but under fat32 and ext2, it's not so difficult, just time consuming.Personally, when I steal hardware (or when I buy it used -- same difference), be it PC, Mac or other, I never boot off the disk included. Instead, if I want to poke around somebody else's files, I put the drive into another computer of mine and read it that way. That way, nothing bad like this can go off. Really, if you want your files to be secure, you'll need some sort of encrypted filesystem. And if I don't want to poke around their files, the system gets formatted immediately and never booted while on the network -- who knows what sort of crap is installed on it that I don't want on my network?
rebradFeb 25, 2006
Sounds like a great virus hook. I can see it now a virus that searches for machines infected with supposed security software and deleting the real owners files. I think I'd be weary of installing such an application. Programmers always leave a backdoor.
urbnFeb 25, 2006
And then they laugh, reformat, and resell your laptop. Not going to stop or solve anything with your laptop being stolen, only thing that may be saved are you files. And most of the time, im sure the person who stole it dosen't give a dam about your files, only the hardware.
16x9Feb 25, 2006
> themeparkphoto wrote: "Who the hell would steal a Mac? It's not like there's any software available for it. Windows XP has a better solution to the "stolen data" problem: Encrypted filesystems."> neohx_7 wrote in response to themeparkphoto's comments: "What year is this again?"No kidding, neohx_7. When I read this kind of stuff I realize that the author has never used a Mac. The only class of applications where someone can fairly claim that the options for the Macintosh aren't as wide as those for PCs are games. And even there, most of the big name games are ported to the Mac.Oh, and by the way, themeparkphoto, OS X has built file system encryption. Are you just pulling your opinions out of your butt?
tupcekDec 24, 2009
I don't understand, why it isn't in Mac OS as a part of Mobile Me service...it is must have for people, who have sensitive data in their computer. If you lose your MacBook, you probably will not see it anymore, you have your backup on time capsule, so you don't lose any data, but worst thing that can happen is someone breaking the password protection and stealing your data (and sell it to someone, who might use that data against you)...im not a hacker, so i don't know how can he break through the password protection, but i bet there is a way, if you have that laptop in your hand (for example plug the hard drive into another computer etc.)