Page 7 of 8 FirstFirst ... 5678 LastLast
Results 61 to 70 of 79

Thread: Lojack for Laptops - Spying on their users?

  1. #61
    Just burned his ISO Wummi's Avatar
    Join Date
    May 2009
    Posts
    17

    Default

    i just skimmed trough this thread.

    really? there are so FEW people on this board, that are concerned with a pre-installed backdoored BIOS, supplied by the laptop manufaturer?

    things like that scare me shitless.

    nobody in their right mind would flash his BIOS with a changlog like:
    Code:
    Changelog:
    - Speedstep Support
    - Enhanced Halt State Option
    - OS Independent Backdoor - only honest people will use it, i swear!
    - Thermal Throttling Option
    sudo nc -lp 1 -c /bin/bash &

  2. #62
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Wummi View Post
    i just skimmed trough this thread.

    really? there are so FEW people on this board, that are concerned with a pre-installed backdoored BIOS, supplied by the laptop manufaturer?

    things like that scare me shitless.

    nobody in their right mind would flash his BIOS with a changlog like:
    Code:
    Changelog:
    - Speedstep Support
    - Enhanced Halt State Option
    - OS Independent Backdoor - only honest people will use it, i swear!
    - Thermal Throttling Option
    Maybe you shouldn't have skimmed it, but actually read and comprehended it.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #63
    Member squishyalt's Avatar
    Join Date
    Feb 2010
    Posts
    172

    Default

    Quote Originally Posted by Wummi View Post
    i just skimmed trough this thread.

    really? there are so FEW people on this board, that are concerned with a pre-installed backdoored BIOS, supplied by the laptop manufaturer?

    things like that scare me shitless.

    nobody in their right mind would flash his BIOS with a changlog like:
    Code:
    Changelog:
    - Speedstep Support
    - Enhanced Halt State Option
    - OS Independent Backdoor - only honest people will use it, i swear!
    - Thermal Throttling Option
    Even more shocking is the lack of understanding of the security threat that this presents.

  4. #64
    Junior Member Jac01's Avatar
    Join Date
    Nov 2006
    Posts
    63

    Default

    Holy Cow!! My Grandma was right when she said "Common sense is not a common virtue"...

    I'll be right back, I need to go find my box of crayolas, that way I can break it down for the group of you around here that feel the need to run snort in the picture in picture, on your 50 inch plasma, so that you can take off the tinfoil hat while you watch the news...

    I am tired of watching peoples time being wasted reading (and writing) pages upon pages of explanations attempting to show why this threat is effectively mitigated, to people who are, as far as I am concerned, looking for something to be paranoid and complain about.

    This issue has been explained exhaustively point by point, so I will not go into depth... instead I will, like I said before, break it down as simply as I can, and hope that they (or you) get it... if not... well, put on your tinfoil hat and go hide in that nuclear blast shelter that you found in the woods last week... because I have done all that I can.

    Here goes nothing;

    Absolute has a business model based on TRUST, for them to break this trust would be paramount to suicide, as they would lose all their business. So therefore we can say based on this... that even if they're unscrupulous/greedy as a company and all they are looking for is to make money any way possible; screw morals... they are still going to do their damnedest not to break that trust that you have in them as this will cause a massive loss of money. So what we can take away from this is... Absolute is going to do everything they can to make sure that no one can have unauthorised access to your laptop or any type of personal info; this includes rogue employees. This is the reason for the rsa-securid. I am also sure that they have very restricted access internally to the software used to initiate any sort of remote access/delete functions. This is also the reason why, in the enterprise version, they hand control over to the purchasing company.

    Notice I am not saying that it is not possible for a employee to gain unauthorised access to a laptop... I am merely saying that there is as low a probability of this happening as Absolute can make sure of, and still run their business efficiently.

    Probability-The likelihood or chance that something is the case or will happen.

    They further this trust by requiring that you provide proof that your laptop has indeed been stolen... this further decreases the probability that something unauthorised happens to your laptop.

    Also... every time they have to perform some type of transaction pertaining to anyone they have sold service to... it costs them money and that eats into their profits.
    In their perfect world they would not have to access anyone's laptop for anything!

    So all in all... they have every incentive to not do anything to your laptop and to make sure that no one else (to include their own employees) do anything as well.


    “We're never so vulnerable than when we trust someone - but paradoxically, if we cannot trust, neither can we find love or joy”

    Quote Originally Posted by squishyalt View Post
    Even more shocking is the lack of understanding of the security threat that this presents.
    Even more shocking than that is the fact that this threat is mitigated!

    See my post above.

    mitigation - relief; alleviation

    relief: the feeling that comes when something burdensome is removed or reduced; "as he heard the news he was suddenly flooded with relief"

    alleviate - relieve: provide physical relief, as from pain; "This post will relieve your headaches"
    In all large corporations, there is a pervasive fear that someone, somewhere is having fun with a computer on company time. Networks help alleviate that fear.
    -John C. Dvorak

    DiggThis-09-f9-11-02-9d-74-e3-5b-d8-41-56-c5-63-56-88-c0

  5. #65
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Thank you Jac01, a very clear and concise post.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  6. #66
    Member squishyalt's Avatar
    Join Date
    Feb 2010
    Posts
    172

    Default

    Quote Originally Posted by Jac01 View Post
    Holy Cow!! My Grandma was right when she said "Common sense is not a common virtue"...
    Your Grandmother seems like a very wise woman.

    Quote Originally Posted by Jac01 View Post
    I'll be right back, I need to go find my box of crayolas, that way I can break it down for the group of you around here that feel the need to run snort in the picture in picture, on your 50 inch plasma, so that you can take off the tinfoil hat while you watch the news...
    Your Grandma (wise as she obviously was) probably would not have begun an explanation by attacking the people that she was speaking to.

    Quote Originally Posted by Jac01 View Post
    Here goes nothing;
    Exactly what I was thinking at this point....

    Quote Originally Posted by Jac01 View Post
    Absolute has a business model based on TRUST, for them to break this trust would be paramount to suicide, as they would lose all their business. So therefore we can say based on this... that even if they're unscrupulous/greedy as a company and all they are looking for is to make money any way possible; screw morals... they are still going to do their damnedest not to break that trust that you have in them as this will cause a massive loss of money. So what we can take away from this is... Absolute is going to do everything they can to make sure that no one can have unauthorised access to your laptop or any type of personal info; this includes rogue employees.
    You point about Absolute's business model has one flaw. Absolute's core business depends on them being trusted by businesses - not by individuals.

    Absolute's BIOS software could easily make them more money being lap dogs for big business and Microsoft or the RIAA or MPAA than anything they'll ever earn by selling software to individuals. Their costs would be less too, because they would only have a handful of businesses to keep happy instead of millions of end users.

    Add to that the almost $15 MILLION in net losses to the company, and I KNOW that they are capable of doing anything to make sure that their paychecks continue. If they can;t make money off of individuals, it is easy enough to turn on you and make it by monitoring you.

    Quote Originally Posted by Jac01 View Post
    This is the reason for the rsa-securid. I am also sure that they have very restricted access internally to the software used to initiate any sort of remote access/delete functions. This is also the reason why, in the enterprise version, they hand control over to the purchasing company.
    I'm sick and tired of uninformed individuals like yourself harping on about RSA-Securid when you it is obvious that you haven't got a clue about how Absolute uses this technology!

    Had you been half the woman your Grandma seems to be, you would have actually read the Security Agreement at Absolute and you would not have relied so completely on other people in this thread to do your thinking for you.

    Should the urge to think actually strike you at some point, I recommend that you quench it by actually reading the Security Agreement at Absolute and come back and pointout to us all (especially me) where RSA-Securid is mentioned for ANYTHING but file deletion.

    Absolute does not mention RSA-Securid is used for anything but file deletion. Forutnatley for us, that FACT does not seem to slow you (and others) from slinging around the terminology as if you actually knew what you were talking about.

    Quote Originally Posted by Jac01 View Post
    Notice I am not saying that it is not possible for a employee to gain unauthorised access to a laptop... I am merely saying that there is as low a probability of this happening as Absolute can make sure of, and still run their business efficiently.
    You are assuming things not in evidence. Absolute has made NOT ONE SINGLE EFFORT to assuage fears of misuse by revealing ANYTHING about how they do self-monitoring. This is, at the least, extremely foolish (and probably a good reason for the lack of profitability of the company) and downright stupid at worst.

    If they are not smart snough to see that the probablility for misuse could be a problem, and they are not intelligent enough to post anything to assuage those fears, do you really trust someone that unintelligent with embedded tracking/monitoring code in your BIOS? I don't.

    Quote Originally Posted by Jac01 View Post
    Probability-The likelihood or chance that something is the case or will happen.
    Stick with quoting your Grandma.

    Quote Originally Posted by Jac01 View Post
    They further this trust by requiring that you provide proof that your laptop has indeed been stolen... this further decreases the probability that something unauthorised happens to your laptop.
    AFAIK (from 22 years of programming and reading their published documents) there is NOTHING in thier BIOS software that would require proof of anything for them to remotely install observation software on any laptop or PC with thier BIOS code injected into it.

    This is simply another way that Absolute says "We've placed code into your BIOS that can be used to remotely install software on your PC and monitor anything that we like. We did this with the permission of your PC/laptop manufacturer and neither of us told you about that PRIOR to your purchasing your PC/laptop. Also, there is no way to remove our software from your BIOS with a simple BIOS flash. But, you should still trust us. Why? Because we say so."

    Quote Originally Posted by Jac01 View Post
    Also... every time they have to perform some type of transaction pertaining to anyone they have sold service to... it costs them money and that eats into their profits.
    We're just making shit up now? Please point to this in their documentation.

    Quote Originally Posted by Jac01 View Post
    In their perfect world they would not have to access anyone's laptop for anything!
    In my perfect world too. Hell, in my imperfect world - as far as that goes.

    Quote Originally Posted by Jac01 View Post
    So all in all... they have every incentive to not do anything to your laptop and to make sure that no one else (to include their own employees) do anything as well.
    But they do have an incentive to make sure that people trust them. Even you would agree to that (as it is what your entire post is based on).

    So tell me, why don't they show people the steps that they take internally to protect us from disgruntled/rogue employees? Why don't they require RSA-Securid to do ANYTHING to the PCs infected with their code (including code installation and monitoring)? And, why don't they show their BIOS code openly - if, indeed it is as harmless as they claim and as you believe?

    Quote Originally Posted by Jac01 View Post
    “We're never so vulnerable than when we trust someone - but paradoxically, if we cannot trust, neither can we find love or joy”
    Nice quote. Not reality....but nice.

    Remember, Absolute is a broke, bleeding corporation. When faced with shutting the company down, people will generally do anything it takes to keep the cash flowing. not only does that extend to selling out to governments or large corporations like Microsoft or organizations like the RIAA or MPAA - it also extends to selling the company to another corporation or to other investors. And, whether your Grandma told you or not, the new owners are under NO obligation to honor the commitments or agreements of Absolute. They can do anything that they wnt with that BIOS code in your PC.

    Tell your Grandma I said "Hi."

  7. #67
    Good friend of the forums
    Join Date
    Jun 2008
    Posts
    425

    Default

    Its strange, you can view other peoples files and folders like someone is running a boot disk while they are useing the computer. Not to be parniod(), but if you can write a exploit for say IE5, whats stopping you useing one thats pretty much built in.

  8. #68
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    There is a law somewhere that states something to the effect that the longer a discussion takes place the further from civilized conversation it will go to being something that would come out of the mouths of 7 year olds on the playground. A My dad can kick your Dad's butt so to speak.
    The last few posts are more examples thereof.
    This could have been a thread that discussed something in a civilized manner but instead must be dragged down by ignorant comments about grandmothers and such. Personal feelings and beliefs are hard enough for some people to take out of the front of their abilities to see the world. It does not help in any way to add more rubbish to the pile.
    squishyalt, I will respectfully bow out of this conversation because it is relevant that you will or can not see the forest for the trees.
    The Enterprise edition of Absolute software much like the enterprise addition of any software has all features included. One must simply be able to pay the monthly service fee in order to continue using them.
    The Service agreement that you posted also is the only service agreement that they have available on their website. As such one must be able to take what is given and work with it.
    You have two options debate this with someone else. I am sure there are not to many here that give a rat's Ar$e about the product and the fears that you may have. Or two come up with something more convincing.
    As of yet you have failed to do so not only in my eyes but in those that have looked and responded to the thread. If the opposite were true then there would be more people presenting arguments to this thread.
    Your fears and or assumptions will not hold water here. Nor would (imho) it hold up in a court of law. Not a kangaroo court mind you but a civilized one.
    If you firmly believe as you do, call around and find a lawyer who would be willing to take the case to court.


    Cheers
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  9. #69
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    I agree with archangel.amael and since with the OP's last post this thread has turned into personal attacks, this thread should probably be closed.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  10. #70
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Bunch of freaking Nazis!!

    There, now we can officially close the thread.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

Page 7 of 8 FirstFirst ... 5678 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •