Page 6 of 8 FirstFirst ... 45678 LastLast
Results 51 to 60 of 79

Thread: Lojack for Laptops - Spying on their users?

  1. #51
    Member squishyalt's Avatar
    Join Date
    Feb 2010
    Posts
    172

    Default

    Quote Originally Posted by archangel.amael View Post
    Again in order to activate said deletion software one has to have an authentication method in place prior to that request, hence the rsa-securid.
    If the same were true when activating the remote observation/desktop tools or accessing the laptop remotely I would have no problem with the software. It is not. And I do.

    Quote Originally Posted by archangel.amael View Post
    7. An arson investigator? Not do discredit the source in any way at all.
    But why would this A.I. receive a briefing on this product? What does a companies ability to track a laptop have to do with an arson.
    This would most likely not be his area of expertise would it?
    Maybe I am wrong but I do not really see the relation.
    I'll ask him later today and get back to you. He didn't mention the reason for the demonstration when he first told me what their rep said and showed him - and it didn't cross my mind to ask.

    Give a few hours and I'll let you know.

    Quote Originally Posted by archangel.amael View Post
    I am sorry but the whole thread (IMHO) as turned into some sort of fear mongering circus act. That so far as produced little evidence that the company is/has the capability to do anything outside of what would be considered normal.
    It has gotten quite ridiculous. As I said in every post, I have no first hand knowledge of this product because I will not run it. I trust my source more than I trust Absolute. I have known him for 14 years and I trust his judgment and ability to relay the facts of the conversation that his class had with the Absolute rep.

    It is entirely possible that the Absolute rep misspoke, outright lied to push the product or is just a run-of-the-mill idiot. It is also possible that the AI got his wires crossed. But, in my dealings with him, I wouldn't bet on that being the case.

    I have tried to be as impartial as possible here. I have clearly stated in my posts what I believe to be factual (that portion coming directly from the Absolute site) and what is hearsay (from my AI source).

    I have no interest in the success or failure of Absolute as a company. I am in no way affiliated with Absolute or any competing company or interest.

    I see the software as a possible threat because of the conversation relayed to me, the faith that I have come to have in my source (after a 14 year relationship), the obvious potential for misuse, the lack of any external oversight or mentioned by the company.

    One of my concerns with the software was the collection of possibly unlicensed software information, like backup copies of DVDs or MP3s or even data that may lead the person searching the laptop to think that something illegal MAY be happening - like finding BT4 on your laptop and evidence of pentesting without corresponding legally binding permission that you obtained from the company being tested also being readily seen.

    Absolute even says that it will disclose your personal information.... well....here is exactly what they say...

    "We may disclose your personal information without your consent under the following circumstances:
    a) To a public authority or agent of a public authority, if in our reasonable judgement, it appears that there is imminent danger to the life, health or security of an individual which could be avoided or minimized by disclosure of the information;
    b) When such use or disclosure is clearly in the interests of the individual and consent cannot be obtained in a timely way;
    c) When such use or disclosure is required by or an anticipated breech of law;
    d) When it is reasonable to expect that the use or disclosure with the consent of the individual would compromise the availability or the accuracy of the personal information and the collection, use or disclosure is reasonable for an investigation or a proceeding; and
    e) When the information is publicly available."
    So everyone with Absolute's software loaded that has even a single unlicensed MP3 file or a backup of a DVD or anything that may be a breech of law (this would include the DMCA) gives Absolute grounds to reveal this breach and your personal info to "a public authority or agent of a public authority".

    Now I know that none of us have anything on our PCs that may violate the DMCA, and I also know that you all keep copies of all legal, relevant agreements concerning your pentesting right alongside all of the documentation of those pentesting logs.

    But, what if you forget to keep copies of all legal, relevant agreements concerning your pentesting right alongside all of the documentation of those pentesting logs? Will Absolute "disclose your personal information without your consent" for "an anticipated breech of law" - even when that could be a simple misunderstanding?

    And, what about your clients? Should they be using Absolute's software if they download items from torrent sites or even innocently made backups of their music or even second copies to listen to on their laptop as well as their iPod? Probably not.

    Again...it's your call. So I'll leave you to it.

    --------------------------------------------------------------------

    Quote Originally Posted by streaker69 View Post
    So again, unless you see the source code it cannot be trusted, I doubt that's going to happen. But let's posit something else.

    Have you ever:

    • Purchased something online: Did you read the source code of the website and the payment layer underneath before you did your purchase?
    • Paid a utility bill online: Many utilities have their payments handled by third parties that process the payment and then deposit the money into their account. A rogue employee there could misdirect the funds, plus this has the same issues as making any purchase online.
    • Paid a utility bill via check in the mail: Again, many utilities utilize a third party to retrieve their checks from their PO box and then process them at a third party site. A rogue employee could pull a check out, wash it and then rewrite it and deposit it at one of those really reputable check cashing places.
    • Checked baggage on a flight: It's well known that rogue employees rifle through bags stealing anything they can sell quickly.
    • Had a bank account: A rogue employee there could transfer funds out of your account before you'd even know it. What's protecting you from that?
    • Had a Credit card: Many CC Companies have outsourced their Helldesks and IT work, again you're in the hands of a third party. A Rogue employee could be selling your personal information on the Blackmarket.
    • Paid with a CC at a restaurant: A rogue server could skim your card.
    • Used an ATM: There's been lots of reports of Skimming devices installed in ATM's. Do you examine every single one that you've used to determine if there's such a device there?
    • Had a retirement account: Rogue investment bankers have been skimming off of retirement accounts, many recently have gotten arrested for it.
    • Considered the CFO or CPA looking at your employer's books: Rogue CFO's have been caught skimming company funds which directly impacts you, as in some cases it could cause the company to go out of business.
    There is an inherent flaw with your comparisons. In the cases that you mentioned above, if a theft occurs there is something physical that goes missing ($$$ or luggage). When physical objects are removed, they generally leave a trail - or at the very least a gaping hole and a screaming victim.

    It is very evident when your physical property has been stolen. What's more, in the cases that you mentioned about credit cards and ATMs, the banks generally refund the amount stolen and proceed to go after the criminals themselves.

    But, in the case of data theft (or identity theft or insider trading based on information stolen from your laptop or blackmail based on your private emails) there is no bank to simply put everything back where it was and let you go on your merry way.

    In fact, most data theft probably goes completely unnoticed until the damage has been done (whether that is insider trading or identity theft or even corporate espionage).

    You are comparing apples and zebras.

    Quote Originally Posted by streaker69 View Post
    My point to this is that the payoff for a rogue employee at LJL's site would be rather tough because chances are there's many hoops they'd have to jump through just to gain access to a machine with the software installed. I bet there's auditing practices in place there to make sure there aren't people randomly connecting to machines that they shouldn't.
    Perhaps you are right. But, if those were in place, why wouldn't Absolute use them as a selling point on their website. After 3 years in a row of multi-million dollar loses you'd think they'd do everything possible to increase customer confidence and sales.

    Quote Originally Posted by streaker69 View Post
    Law Enforcement wouldn't trust them for a second if they didn't have auditing practices in place.
    Law enforcement doesn't trust them. Law enforcement trusts you. That's why Absolute requires that you file a stolen laptop report with the police (supposedly) BEFORE they get involved. Without it, the cops would not simply go after a laptop based on the word of Absolute.

    Quote Originally Posted by streaker69 View Post
    I think it's silly to claim that this product cannot be trusted because you or someone else cannot read the source code when chances are, you do put your trust in other things that you don't know the auditing process every single day.
    To act like that is the only reason that I have outlined here is not only disingenuous - it is downright dishonest of you and reveals that you are just looking for someone to argue with.

    I will not be that person for you. Go play somewhere else.

  2. #52
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    To act like that is the only reason that I have outlined here is not only disingenuous - it is downright dishonest of you and reveals that you are just looking for someone to argue with.

    I will not be that person for you. Go play somewhere else.
    That was completely uncalled for, and you completely missed my point.

    I'm not pointing out that things go missing and there's a method for getting them back. I'm pointing out that chances are, you use(d) those methods and you apparently trusted using them even though you didn't know everything about them. You don't know your banks auditing methods, and they're not advertised on their websites. You don't know your CC's or utility auditing methods. You have no idea how many third parties your personal information passes through, that chances are cannot be trusted just the way you feel that LJL cannot be trusted, but you still use them.

    The first part of this thread it was discussion of who's going to protect us from a rogue employee at LJL. Now it's turned into who's going to protect us from the entire corporation. Granted, I do not like the last statement you posted from their website regarding that they'll turn information over without consent of the owner of the laptop, I do feel that is well over the top, and I would think hard about that. Chances are, I'd never use their product on my PERSONAL computer, but I would consider deploying their product on laptops supplied to employees here that are company property, as they are exactly that, company property and there would be no expectation of privacy on that point.

    I do not feel as though LJL is just randomly searching harddrives as a lapdop of the RIAA or MPAA if they were, they probably wouldn't still be in business. It's your choice not to use their software, so don't use it.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #53
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    I would totally agree with what streaker said in the last couple of posts.
    There are many times when we as consumers have to trust sources that we no nothing about. This brings to mind the statement ignorance is bliss.
    As far as their(LJ's) policy goes that was mentioned above, lot's of companies do the same sort of things.
    As far as searching, and being able to search a harddrive, well if LJ can do it and help maintain compliance, company polices etc, and provide it to me as a service that requires nothing more that a web interface since that is how it is displayed back, and I was in a job like streaker and some others here then I would probably want it( or something similar). I would want to know where the property that I may in someway be responsible for is at, and what is it being used for. If someone were looking at Pr0n on it or pirating software on it, I would want to know so that that employee could get one of my copies of McD applications. ( I keep a few, for those employees that decide they don't like their present job anymore.)
    (Mind you at various points in my life I have been responsible for well over tens of millions of dollars worth of Government equipment, that was not in my hands 24/7. So knowing were my "stuff" was at at all times was a huge priority. And I am in no means talking about "stuff" that would be easy to steal or that if stolen would simply have gotten me fired but rather top secret national security type junk that would have put me under the prison cell. Mind you that is not always an easy thing to deal with, as such all means of auditing are normally considered ok with me.)
    No person operating a computer that belongs to a company should have any expectation of privacy.
    I have none where I work nor do I expect any. Not to mention I could seriously care less about it so long as I can continue earning an income. Any one who thinks that they need to surf facespace or d/l crap is just clogging up an otherwise good bit of bandwidth.

    If the same were true when activating the remote observation/desktop tools or accessing the laptop remotely I would have no problem with the software. It is not. And I do.
    I did not see this, please paste a link to it.
    It is entirely possible that the Absolute rep misspoke, outright lied to push the product or is just a run-of-the-mill idiot.
    All 3 are generally acceptable parts of the job for a sales-rep, especially if it is a commissioned based salary.
    Law enforcement doesn't trust them. Law enforcement trusts you. That's why Absolute requires that you file a stolen laptop report with the police (supposedly) BEFORE they get involved. Without it, the cops would not simply go after a laptop based on the word of Absolute.
    I am sorry but that is just a silly comment. Who's to say that anyone could call up and say that a laptop has been stolen?
    Me: (calling LJ) yes my laptop was stolen I need to have it wiped.
    ( this laptop actually belongs to you since I have the make and model I need nothing more. I got that from the forums when you posted that it worked.)
    LJ: ok sir we are activating it right now. Once it comes online the process will start. Now lets think about how long a business model like this will last.


    And on a personal note squishyalt keep a thick skin mate.
    It is ok to have different points of views and opinions but we don't need another thread closed for things that can be avoided.
    No one is attacking you (maybe your reasoning or though process in this conversation but not you personally).


    On another side note about utilities and their honesty see today's headline here
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  4. #54
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by archangel.amael View Post
    On another side note about utilities and their honesty see today's headline here
    I saw that hit yesterday. I'm glad the guy didn't get away with it, and chances are that would have been devastating to the authority had he gotten away with it. Believe it or not, many utilities do not have tons of cash sitting on hand. Many local utilities struggle just to get money for regular maintenance.

    (I'm glad mine isn't one of them, this job wouldn't be nearly as much fun if I didn't get to buy everything I wanted)
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  5. #55
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by streaker69 View Post
    I saw that hit yesterday. I'm glad the guy didn't get away with it, and chances are that would have been devastating to the authority had he gotten away with it.
    This guy should get what you posted in the other thread in addition to some jail time.
    Believe it or not, many utilities do not have tons of cash sitting on hand. Many local utilities struggle just to get money for regular maintenance
    .
    True statement, not to mention in the electric sector with these so-called alternate energy methods that are starting to pop up.
    (I'm glad mine isn't one of them, this job wouldn't be nearly as much fun if I didn't get to buy everything I wanted)
    I am going to get me one of those type jobs when I grow up.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  6. #56
    Member squishyalt's Avatar
    Join Date
    Feb 2010
    Posts
    172

    Default

    Quote Originally Posted by streaker69 View Post
    That was completely uncalled for, and you completely missed my point.
    Perhaps I did. If so, I apologize. I am just getting tired of restating my points over and over.

    Quote Originally Posted by streaker69 View Post
    I'm not pointing out that things go missing and there's a method for getting them back. I'm pointing out that chances are, you use(d) those methods and you apparently trusted using them even though you didn't know everything about them. You don't know your banks auditing methods, and they're not advertised on their websites. You don't know your CC's or utility auditing methods. You have no idea how many third parties your personal information passes through, that chances are cannot be trusted just the way you feel that LJL cannot be trusted, but you still use them.
    Actually, the CC companies openly post that they will replace money stolen (like when shopping or paying bills online). Absolute only says that they will guarantee certain laptops (depending on which plan you subscribe to) up to $1,000.

    Since you guys have worked (and do work) in government jobs and with large companies like I have, you know that the value of the data that can be stolen from a laptop far exceeds $1,000. And, that does not take into effect the possible negative financial effects of the data theft.

    Quote Originally Posted by streaker69 View Post
    The first part of this thread it was discussion of who's going to protect us from a rogue employee at LJL. Now it's turned into who's going to protect us from the entire corporation. Granted, I do not like the last statement you posted from their website regarding that they'll turn information over without consent of the owner of the laptop, I do feel that is well over the top, and I would think hard about that. Chances are, I'd never use their product on my PERSONAL computer, but I would consider deploying their product on laptops supplied to employees here that are company property, as they are exactly that, company property and there would be no expectation of privacy on that point.
    But there is an expectation that the company has that it's laptop data is private property. IMHO, this software puts that expectation at risk.

    Quote Originally Posted by streaker69 View Post
    I do not feel as though LJL is just randomly searching harddrives as a lapdop of the RIAA or MPAA if they were, they probably wouldn't still be in business.
    But, my point is that it is possible with their BIOS software (to download software to your PC and search it without your knowledge). And, since even ISPs are jumping into bed with the RIAA/MPAA and starting to police their customers' activities online in exchange for $$$ from the RIAA/MPAA, I find it very likely that a company that has posted a $14.27 MILLION dollar loss for 2007 & 2008 and is continuing to post further losses in 2009 would be likely to do a similar deal with the RIAA/MPAA.

    If such a deal between Absolute and the RIAA/MPAA existed, and if Absolute wanted to do so, they could easily place themselves in the role of PC cop WITHOUT your knowledge or permission. The capability is built into the BIOS with the permission/assistance of computer manufacturers.

    The thing that gets me is the potential for abuse that Absolute has failed to address - even though doing so would be a trivial matter.

    Quote Originally Posted by streaker69 View Post
    It's your choice not to use their software, so don't use it.
    Done.

    ----------------------------------------------------------

    Quote Originally Posted by archangel.amael View Post
    Mind you at various points in my life I have been responsible for well over tens of millions of dollars worth of Government equipment, that was not in my hands 24/7. So knowing were my "stuff" was at at all times was a huge priority. And I am in no means talking about "stuff" that would be easy to steal or that if stolen would simply have gotten me fired but rather top secret national security type junk that would have put me under the prison cell. Mind you that is not always an easy thing to deal with, as such all means of auditing are normally considered ok with me.
    And, there may very well be times that this software would help you and your company/government agency keep up with it's equipment. However, it still represents a national security threat since unauthorized personnel have the capabilities that I have outlined here.

    Quote Originally Posted by archangel.amael View Post
    No person operating a computer that belongs to a company should have any expectation of privacy.
    I have none where I work nor do I expect any. Not to mention I could seriously care less about it so long as I can continue earning an income. Any one who thinks that they need to surf facespace or d/l crap is just clogging up an otherwise good bit of bandwidth.
    I agree. But having the capability to ensure company compliance can be done without the risks associated with installing Absolute's software.

    Quote Originally Posted by archangel.amael View Post
    If the same were true when activating the remote observation/desktop tools or accessing the laptop remotely I would have no problem with the software. It is not. And I do.
    I did not see this, please paste a link to it.
    Search the Security Agreement posted at Absolute for "RSA SecurID". You'll see that it only applies and is mentioned in association with data deletion.

    If this were also implemented for general access and software installation/tracking they could publish their patented BIOS code without fear that anyone would misuse it and it would go a long way towards ensuring the privacy of the end users' data from a rogue Absolute employee.

    Quote Originally Posted by archangel.amael View Post
    All 3 are generally acceptable parts of the job for a sales-rep, especially if it is a commissioned based salary.
    True.

    Quote Originally Posted by archangel.amael View Post
    I am sorry but that is just a silly comment. Who's to say that anyone could call up and say that a laptop has been stolen?
    Me: (calling LJ) yes my laptop was stolen I need to have it wiped.
    ( this laptop actually belongs to you since I have the make and model I need nothing more. I got that from the forums when you posted that it worked.)
    LJ: ok sir we are activating it right now. Once it comes online the process will start. Now lets think about how long a business model like this will last.
    I'm sorry, but I don't understand what you are saying here. Please explain it further for me.

    Quote Originally Posted by archangel.amael View Post
    And on a personal note squishyalt keep a thick skin mate.
    It is ok to have different points of views and opinions but we don't need another thread closed for things that can be avoided.
    No one is attacking you (maybe your reasoning or though process in this conversation but not you personally).
    True enough. I was simply getting frustrated at being asked to explain the same concerns over and over. The possible risks and obvious missing effort by Absolute to address these concerns (which I am sure that more people than I have raised before) just seem glaringly obvious to me.

    Quote Originally Posted by archangel.amael View Post
    On another side note about utilities and their honesty see today's headline here
    Hey...at least he'll get free room and board out of the deal.....

  7. #57
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by squishyalt View Post
    Perhaps I did. If so, I apologize. I am just getting tired of restating my points over and over.
    As am I.

    Actually, the CC companies openly post that they will replace money stolen (like when shopping or paying bills online). Absolute only says that they will guarantee certain laptops (depending on which plan you subscribe to) up to $1,000.
    I never said anything about getting money back. What I'm talking about is the trust that you place in them that no rogue employee will steal from you. That is what you've stated a couple of times in this thread, that you're worried about rogue employees having access. As I have stated, the CC companies do not advertise what they do to prevent this kind of access, neither does Absolute, which is what you've stated. So let's just let the whole idea of returning lost funds out of the discussion and let's stick to the trust issues related to rogue employees or even a rogue company doing something they shouldn't.

    Every example I stated in that previous post has clear cut examples where someone that 'you' trusted to do something they should and got caught doing something else. These things make the news, but in the case of Absolute, there is no evidence anywhere of anything bad happening with their product. If you're as paranoid about this kind of thing as you're leading us to believe in this thread, then you're probably conducting all your business in cash, you never travel, and you don't own a car. Of course, that could also make you Amish, since that's the basic idea in the way they live, except for the travel because they do take the train.

    Since you guys have worked (and do work) in government jobs and with large companies like I have, you know that the value of the data that can be stolen from a laptop far exceeds $1,000. And, that does not take into effect the possible negative financial effects of the data theft.
    Actually, I'm less concerned about the potential of Absolute accessing the data than I am concerned about our Financial Director wanting to outsource a CSR position to a third party for processing of payments. I have already voice my concerns to him regarding it, but I don't think it did any good. I've stated very plainly that any money they hope to save by outsourcing that position will be lost when the first person files a claim for loss because of this third party.

    But there is an expectation that the company has that it's laptop data is private property. IMHO, this software puts that expectation at risk.
    Again, I contend that if they were doing what you accuse them of, someone somewhere would have found it already and it would be big news. It seems to me that you don't like them just because their software is closed source. But as I have stated previously, you place your trust in other areas where things are 'closed source'. You seem to be skimming over that aspect of my statements.

    I do suspect that the salesperson that told your trusted friend of these things probably was mistaken as it's true abilities. I get sales people in my office a couple times a month and they're always promising wonderful things that I know aren't true about their products. Most of them don't know a damn thing about the product they're selling.

    As a primary example of this, a few months ago a SalesStrumpet came in to talk to us about a document management system. She said she was going to use some highly technical terms that she didn't expect us to understand and then went into her well rehearsed spiel. When she was done, I asked her if her product did full page OCR. She gave me a blank stare and asked what OCR meant. In the document management software world, you had better know what OCR is, since it's such a big part of scanning paper documents.

    Sales people most of the time, have less of a clue than helldesk people. You should never take anything they say for truth unless you've already used their product and you know that it actually does it.

    But, my point is that it is possible with their BIOS software (to download software to your PC and search it without your knowledge). And, since even ISPs are jumping into bed with the RIAA/MPAA and starting to police their customers' activities online in exchange for $$$ from the RIAA/MPAA, I find it very likely that a company that has posted a $14.27 MILLION dollar loss for 2007 & 2008 and is continuing to post further losses in 2009 would be likely to do a similar deal with the RIAA/MPAA.

    If such a deal between Absolute and the RIAA/MPAA existed, and if Absolute wanted to do so, they could easily place themselves in the role of PC cop WITHOUT your knowledge or permission. The capability is built into the BIOS with the permission/assistance of computer manufacturers.

    The thing that gets me is the potential for abuse that Absolute has failed to address - even though doing so would be a trivial matter.
    ...and every single time an ISP signs such a deal with those two organizations it makes the news. Not the mainstream news, but it does make it to all the IT sources. I believe that if they did do such a thing, it would signal the death knell for their business. Even if they got caught browsing a system without permission, it would effectively kill them, because they would actually have violated the trust instead of you just suspecting that they are. Personally, I find it distasteful that you're accusing them of activity with no proof or evidence of them doing anything wrong. Just upon the word of some person that you've known for a while and a salesperson that apparently don't know Jack from Shit.

    Let's see how this works. A close, trusted friend of mine that I've known for 30 years has heard that you regularly take dumps in your neighbor's yard. He heard it from his neighbor, so it must be true. I don't have any proof of it, but I trust my friend, and he trusts the person that he heard it from.

    Purple, Monkey, Dishwasher.

    And, there may very well be times that this software would help you and your company/government agency keep up with it's equipment. However, it still represents a national security threat since unauthorized personnel have the capabilities that I have outlined here.
    Again, I don't think it's that big of a deal, had they been doing anything wrong, there would be reports of it. They'd have gotten caught.

    I agree. But having the capability to ensure company compliance can be done without the risks associated with installing Absolute's software.
    I agree, there are other methods of ensuring compliance on the laptops and chances are, if I used their product I wouldn't use this aspect of it. But I do like the ability to track the machine and remotely erase it if need be. Actually, I'm less concerned about having my data erased remotely, since the machines that I have that can be tracked also have encrypted harddrives. Nothing on the drive can be read, even if the drive is pulled. So the only method a thief would have to use the machine would be either erase the drive, or install a new drive. From what I understand, if this is done, the machine can still be tracked. In my case, it isn't a matter of recovering the data on the machine, since it really doesn't have any data stored on it, but it's more to keep people from using the software on the machine. Why am I tracking it, if I don't care about the data? Because I'm a nasty BoFH and if someone is gonna steal it, I'll do what I can to make sure they get caught and pay the price of their crime.

    BTW, did you know the same can be done with Blackberries? I guess you'd want to see the source code to that as well.

    Hey...at least he'll get free room and board out of the deal.....
    Where do you get 'free' out of it? Do you pay taxes? Guess who pays for that room and board? It may be free to him, but it's far from free to you and I.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  8. #58
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    Sorry to sound like a broken record, but the whole "data loss" can be summed up in two points:

    * Regularly backing up valuable data (because you'd be stupid to keep the only copy of valuable data on a laptop that gets dragged around everyday -- a dog could eat it, it could fall down stairs, you could spill water on it)

    * Encrypt sensitive data. Truecrypt can now encrypt your entire hard disk, everything from your software to the pictures of your wife in a gimp suit.

    That's the be-all and end-all of making sure that laptop loss comes down to one thing: The dollars you spent on the physical piece of hardware.

    If you really wanna get the laptop back, put a tracking device inside it. Have you ever seen No country for old me? I'd love nothing more than to drive around following the signal from my laptop, it would be all my birthdays come at once.
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  9. #59
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    I am going to say this one more time.
    There is nothing that is indicative of Absolute (or whatever name we shall give them) them doing anything wrong. As such I can only say that should I have the need for such a product I would keep them in mind. As of now I do not.

    Let's look again at the above posted service agreement.
    All of the following assumes that the purchaser has purchased the enterprise edition of the software. This is the edition that has all of the features that have thus far scared you squishyalt. We will not talk about other editions, since they do not have all of the mentioned products included.
    In section one titled Service it plainly states:
    If you are using the Computrace® Enterprise edition of the Service, for the purposes of this Agreement,
    the Service (a) will be provided via a Monitoring Center (the Enterprise Server) operated and maintained internally by you,
    (c) the features that would otherwise have been provided directly to you by Absolute Online
    via its Monitoring Center shall be operated and maintained internally by you
    That means that I the purchaser of said software would control the monitoring behavior, the actions etc. at my end. I would be in control of this not the absolute, I have merely purchased software that allows me do so this. I monitor everything that the software is capable of monitoring. There are other brands of software that do the same thing.

    Further down we see:
    Section 4 Things You Must Do In Using the Service
    You as stated above indicates the owner/purchaser of said software or a designated representative. (that was stated at the top of the agreement.)
    c) must confirm that the Service is activated and remains installed, activated and functioning during the course of the Service by
    ensuring from time to time that the Customer Computer is calling the Absolute Monitoring Center (or, in the case of
    Computrace® Enterprise™, the Enterprise Server) and that the Customer Computer’s make, model, and PSN have been
    collected and are visible via Customer Center, and ensure that you obtain support promptly in the event there is a
    problem;
    So this means that all computers that have the monitoring capabilities installed must be able to communicate with the server that I run. Seems fair enough I would want this with or without the software installed. I want to be able to access my computers that I am responsible for. BTW PSN is the Processor Serial Number that I mentioned earlier. Widows uses it too when determining if your computer has legitimate software installed. They take that and your registration number from the license and store those in a database. They do what you claim LJ to do and they still hold the desktop market.
    Further we see:
    d) must ensure that... including provision of an internet connection, or any other form of telecommunications service that may be
    required.[/quote] Yeah that's normal if I am going to be able to communicate with my computers in some fashion.
    Further:
    must permit the regular, unimpeded transmission of communications and other data between the Customer Computer and
    the Monitoring Center in order to enable the Service, including without limitation allow access through your configured
    firewalls;
    That is simple again I need to allow Absolute the ability to connect to my computers for the purpose of software updates, ensuring that I have the latest version is important because they have offered me a service guarantee of a 1000$ should they not be able to recover a stolen laptop. Now Since I am in charge of several computers I can use this to sell the product to my boss. Why else would the boss authorize a huge amount of money to some other company. So this is normal too.

    And Finally I will drive the last nail into this coffin, that should have been buried long ago:
    g) if the Customer Computer has been stolen and the Service edition in question has a Theft Recovery feature, and you have filed a Theft Report, hereby authorize and permit Absolute to (i)
    remotely download and install additional Client Software or third party software on your Customer Computer (including
    without limitation forensic tools) in order to augment the post-theft investigative capabilities of the Service, and (ii) access
    data on the Customer Computer solely for the purpose of performing the Theft Recovery feature;
    I do hope that not only you but others that may slightly be confused can understand that.
    They, absolute will remotely download tools and install them onto the stolen machine, given that they have the proper documentation,that you would have to submit before the laptop is stolen. That you have paid your bill/s to them. That there is a Theft Report on file with them. (BTW a Theft Report in this case is an internal document that they would have you fill out. The would also probably want cross referenced data from the Police report that you filled out with the local LEO, and the would most likely want a copy of it.)
    So again the monitoring that you speak of comes from you the purchaser of said monitoring software. The data deletion is done with your express permission given the appropriate circumstances, and documentation.
    What the hell is wrong with that?
    Further you are obligated under the agreement to:
    k) keep your password and other account activation material secret and separate from the protected Customer Computer
    That tells me that they don't want to know your password and anything else you may have used to activate the service. To be stored onto the computer that the monitoring software is on.
    Seem smart and legitimate to me.

    Oh wait I want to add some dirt on top of this one so that there really is no more confusion.
    11. Theft Recovery Feature. If you have purchased a Service Term that includes a Theft Recovery feature, you hereby consent to Absolute coordinating with local law enforcement officials to recover
    your Customer Computer, and acknowledge that Absolute relies upon their cooperation to carry out such a recovery.
    That means they better be honest as a company if they want help from Law Enforcement Agencies throughout the world. Not Just in the US.
    Not to many LEO's are going to put their badge (aka career) on the line so you can get your laptop back. This is again normal acceptable policy.
    Now My dear friends lets say our goodbyes and toss those flowers shall we?
    To wit:
    Data Delete Launch. For Corporate Editions, you acknowledge that the process for launching a Data Delete Operation is self-initiated and that accordingly you are solely responsible for ensuring that the Data Delete Authorized Administrators whom you authorize to set up the Data Delete Operation are trustworthy
    Wait Wait Wait, You mean I have to do this and not absolute?
    Yes that is exactly what I have been saying the whole time.
    They need the number from the RSA-Securid Token that I mentioned earlier.
    This token will generate a pseudo-random number that will match a given number called a seed that is stored on a server somewhere. These two numbers have to match up in order for the process of deleting software will take place.

    Know if there is still any doubt in your mind as to the software, please make a generous donation to Remote-Exploit and I will Write the entire service agreement into plain english and ensure that you or anyone else has no doubts about how this software works. Granted there may be a way to misuse the software, but I can't see any. Especially considering the tokens.
    I have to insert a number into my computer at work about every time I unlock the screen from a break. Trust me I enter numbers about 30 different times a day in order to do just about anything. It is a pain in the rear but it is a necessary part of my job.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  10. #60
    Member squishyalt's Avatar
    Join Date
    Feb 2010
    Posts
    172

    Default

    Quote Originally Posted by archangel.amael View Post
    I am going to say this one more time.
    There is nothing that is indicative of Absolute (or whatever name we shall give them) them doing anything wrong. As such I can only say that should I have the need for such a product I would keep them in mind. As of now I do not.

    Let's look again at the above posted service agreement.
    All of the following assumes that the purchaser has purchased the enterprise edition of the software. This is the edition that has all of the features that have thus far scared you squishyalt.
    Actually you are wrong. I NEVER mentioned this version. I began my original post with Lojack for Laptops. It is an entirely different version that the one that you are responding about. Therefore the rest of your post is pointless.

Page 6 of 8 FirstFirst ... 45678 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •