Couple Can Sue Laptop-Tracking Company (LoJack) for Spying on Sex Chats

[FromTheRafters]

"Jenn" <me@fakee..mail.com> wrote in message news:j3uqkv$hp$1@dont-email.me...
> On 9/3/2011 6:10 PM, FromTheRafters wrote:
>> "G. Morgan"<G_Morgan@easy.com> wrote in message
>> news:bpa567htcc7gjh397mqavi9op949v96270@Osama-is-dead.net...
>>> Dustin wrote:
>>>
>>>> possibilities if the
>>>> lojack was tricked into thinking the worst by a malware file that
>>>> detected it's presence and took advantage.
>>>
>>> A new attack vector, suggest you?
>>>
>>> That would be a nasty one.
>>
>> More a payload than an attack vector. Like the old cryptovirology
>> angle, with a twist. You want your data back, pay me. Upon payment
>> I *might* just tell you how - and it involves LoJack and you getting a
>> root key of some sort from them - nothing to do with me at all, as it
>> wasn't *my* key being used.
>>
>>
> Would you put lojack on your laptop?

I believe my Toshiba Satellite already has the hardware support for
it; I probably would if thought my laptop was likely to be stolen. I don't
travel with it, it stays at home, so it's not that likely IMO.

I'm still unsure of the hardware aspect, but I really wouldn't bother
with the software/firmware version as it can be defeated anyway.
Generally, what can be done with software can be undone with
software. There's not much information about the hardware aspect
aside from marketing bull****.

Their Q & A states that it is persistent in spite of reformatting the
drive. It also says that it is persistent after reflashing the BIOS
firmware (because of a "healing" capability). It is not specifically
stated that it can survive *both* a reformat and a flashing. In other
words, if the "healing" of the BIOS reflashing is accomplished by
the software on the drive, and the persistence of the software is
accomplish by the code in the BIOS which phones home and
reloads the software, removing *both* defeats the whole scenario.
They are not clear about that, and in my experience with security
related program vendors, they are willing to let the buyer make
bad assumptions if it increases sales.

[Jenn]

On 9/4/2011 7:14 AM, FromTheRafters wrote:
> "Jenn"<me@fakee..mail.com> wrote in message news:j3uqkv$hp$1@dont-email.me...
>> On 9/3/2011 6:10 PM, FromTheRafters wrote:
>>> "G. Morgan"<G_Morgan@easy.com> wrote in message
>>> news:bpa567htcc7gjh397mqavi9op949v96270@Osama-is-dead.net...
>>>> Dustin wrote:
>>>>
>>>>> possibilities if the
>>>>> lojack was tricked into thinking the worst by a malware file that
>>>>> detected it's presence and took advantage.
>>>>
>>>> A new attack vector, suggest you?
>>>>
>>>> That would be a nasty one.
>>>
>>> More a payload than an attack vector. Like the old cryptovirology
>>> angle, with a twist. You want your data back, pay me. Upon payment
>>> I *might* just tell you how - and it involves LoJack and you getting a
>>> root key of some sort from them - nothing to do with me at all, as it
>>> wasn't *my* key being used.
>>>
>>>
>> Would you put lojack on your laptop?
>
> I believe my Toshiba Satellite already has the hardware support for
> it; I probably would if thought my laptop was likely to be stolen. I don't
> travel with it, it stays at home, so it's not that likely IMO.
>
> I'm still unsure of the hardware aspect, but I really wouldn't bother
> with the software/firmware version as it can be defeated anyway.
> Generally, what can be done with software can be undone with
> software. There's not much information about the hardware aspect
> aside from marketing bull****.
>
> Their Q& A states that it is persistent in spite of reformatting the
> drive. It also says that it is persistent after reflashing the BIOS
> firmware (because of a "healing" capability). It is not specifically
> stated that it can survive *both* a reformat and a flashing. In other
> words, if the "healing" of the BIOS reflashing is accomplished by
> the software on the drive, and the persistence of the software is
> accomplish by the code in the BIOS which phones home and
> reloads the software, removing *both* defeats the whole scenario.
> They are not clear about that, and in my experience with security
> related program vendors, they are willing to let the buyer make
> bad assumptions if it increases sales.
>
>

When I bought my laptop a Lojack CD came with it, but I didn't feel
'right' about putting it on my laptop so it's still sitting in the
original pkg it came in.

--
Jenn
(posting from Thunderbird)

[Bullwinkle.]

Why not? As a former sysop and web master could you not hanlde it?


"Jenn" <me@fakee..mail.com> wrote in message
news:j40h2t$igs$1@dont-email.me...
When I bought my laptop a Lojack CD came with it, but I didn't feel
'right' about putting it on my laptop so it's still sitting in the
original pkg it came in.


Jenn

[G. Morgan]

Jenn wrote:

>When I bought my laptop a Lojack CD came with it, but I didn't feel
>'right' about putting it on my laptop so it's still sitting in the
>original pkg it came in.

Keep it in the package.

[Dustin]

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:j3tu550jo2@news2.newsguy.com:

> From: "Dustin" <bughunter.dustin@gmail.com>
>
>> G. Morgan <G_Morgan@easy.com> wrote in
>> news:mrk367ls6vh2qhorf7b7j0igjpdldqcjb7@Osama-is-dead.net:
>>
>>> I was actually thinking of the PCI database. But the FCC has one
>>> too on NIC's.
>>>
>>> http://www.pcidatabase.com/search.ph...tr=4315&device
>>> _s earch.x=0&device_search.y=0
>>>
>>> Wouldn't LoJack be able to recognize a NIC in this manner and
>>> still work on Linux?
>>
>> It can't drop the exe on linux. So, it will try one of two things:
>> Wait for your net to get hot and try to call home; using optionrom2
>> code base. Failing that, it will bios lock the system until it's
>> got the OK to proceed. Either way, you have a paperweight for a
>> laptop.
>>
>
> Ahhhh....
> If can't phone home, how would it know it was stolen ?

Well, the thing is, if you never let it phone home; it assumes the
worst and bios locks you anyway. It has to be able to check in every so
often or you lose access until it is allowed to do so.


--
I am a sinner
Hold my prayers upto the sun
I am a sinner
Heaven's closed for what I've done.

[Dustin]

"FromTheRafters" <erratic.howard@gmail.com> wrote in
news:j3uamv$94a$1@dont-email.me:

> "Dustin" <bughunter.dustin@gmail.com> wrote in message
> news:Xns9F558CA9A208AHHI2948AJD832@no...
>> "David W. Hodgins" <dwhodgins@nomail.afraid.org> wrote in
>> newsp.v07k0xqda3w0dxdave@hodgins.homeip.net:
>>
>>> On Fri, 02 Sep 2011 18:50:54 -0400, Dustin
>>> <bughunter.dustin@gmail.com> wrote:
>>>
>>>> Oh, and switching to linux still ****s you, when the optionrom2
>>>> calls home on your internet connection and finds out she's
>>>> stolen. Which it will do, when it cannot drop the exe file. LOL.
>>>> Whan happens next is a
>>>
>>> If it's using a windows executable, to phone home, that won't
>>> work.
>>
>> You seem to be missing something important. It can use the windows
>> executable, but in the event it cannot drop it in a specified
>> amount of time, it halts the boot process.
>>
>>> Are you saying the option rom can establish an internet connection
>>> before the operating system boots?
>>
>> I'm not only saying that, but, being as I've extracted a viable
>> sample of the option rom and have since learned how to remove it, I
>> *know* the company is lying about the products limitations and
>> abilities.
>
> Have you been analyzing the OEM partnered persistence version or
> just the software CD loadable version?

One from CD loading, one from OEM. They don't have much difference in
code, and both can be remotely updated.


--
I am a sinner
Hold my prayers upto the sun
I am a sinner
Heaven's closed for what I've done.

[Dustin]

G. Morgan <G_Morgan@easy.com> wrote in
news:bpa567htcc7gjh397mqavi9op949v96270@Osama-is-dead.net:

> A new attack vector, suggest you?

A DoS style attack, yes.

> That would be a nasty one.

It would eliminate a large majority of the computer shops here from being
able to do anything with it. I OTH, still could. LOL.

--
I am a sinner
Hold my prayers upto the sun
I am a sinner
Heaven's closed for what I've done.

[Dustin]

"FromTheRafters" <erratic.howard@gmail.com> wrote in
news:j3ubls$euh$1@dont-email.me:

> A simple program that takes advantage of the already there crypto
> to lock you out of your data. All one need do is provide the trigger
> event. sweee...I mean that's terrible.

Apparently one trigger condition involves messing with the dropped exe in
a specific fashion that I won't dilvuldge here.

> I assume only the folks at LoJack could reverse that encryption,
> so no actual fix by the perp after the ransom is paid.

LOL, probably not.


--
I am a sinner
Hold my prayers upto the sun
I am a sinner
Heaven's closed for what I've done.

[David H. Lipman]

From: "Dustin" <bughunter.dustin@gmail.com>

> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
> news:j3tu550jo2@news2.newsguy.com:
>
>> From: "Dustin" <bughunter.dustin@gmail.com>
>>
>>> G. Morgan <G_Morgan@easy.com> wrote in
>>> news:mrk367ls6vh2qhorf7b7j0igjpdldqcjb7@Osama-is-dead.net:
>>>
>>>> I was actually thinking of the PCI database. But the FCC has one
>>>> too on NIC's.
>>>>
>>>> http://www.pcidatabase.com/search.ph...tr=4315&device
>>>> _s earch.x=0&device_search.y=0
>>>>
>>>> Wouldn't LoJack be able to recognize a NIC in this manner and
>>>> still work on Linux?
>>>
>>> It can't drop the exe on linux. So, it will try one of two things:
>>> Wait for your net to get hot and try to call home; using optionrom2
>>> code base. Failing that, it will bios lock the system until it's
>>> got the OK to proceed. Either way, you have a paperweight for a
>>> laptop.
>>>
>>
>> Ahhhh....
>> If can't phone home, how would it know it was stolen ?
>
> Well, the thing is, if you never let it phone home; it assumes the
> worst and bios locks you anyway. It has to be able to check in every so
> often or you lose access until it is allowed to do so.
>

It can't do that.
It may be used w/o Internet access.
It may be used on a closed network.
It may be used as a tool or lab device.

For those reasons, and there may be more, it can't be utilized in an assumption if it
can't phone home it will lock you out. Thus, I don't believe it to be true.



--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

[Dustin]

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:j46lig02i2d@news3.newsguy.com:

> It may be used w/o Internet access.

For a period of time. You paid for the software and the monitoring
service which comes with it. You are understanding that you will provide
it a way to check in every so often, or it will, for your protection,
bios lock the boot process.

> It may be used on a closed network.

Actually, the dropped exe brags about being able to call home regardless
of firewall presence and network configuration.

> It may be used as a tool or lab device.

A tool for what?

--
I am a sinner
Hold my prayers upto the sun
I am a sinner
Heaven's closed for what I've done.