Re: LoJack for Laptops

[Dustin]

G. Morgan <G_Morgan@easy.com> wrote in
news:mpql67pmb0i8j5b7p4p1bmqnrs92lk3tjl@Osama-is-dead.net:

> Sounds judgmental to me. Judge, Jury, and Exe.. wait, he's innocent
> after all, doh!

Judgemental, sure. I'll go for that. Still, no lie. You were, ehh, wrong
on that accusation. Rather than just say, opps, ok, like I did, you'd
rather deflect and try to attack more. Likely due to your poor decision
to challenge on technical skill. You're really pissed off at me, eh?



--
I am a sinner
Hold my prayers upto the sun
I am a sinner
Heaven's closed for what I've done.

[~BD~]

Dustin wrote:
> ~BD~<~BD~@nomail.afraid.org> wrote in news:j4bavi$do9$2@dont-email.me:
>
>> I've posted *no* email content!
>
> Fine. I jumped the gun. Some of the wording is almost identical to your
> last email. The one you hinted about posting already. I'm sure you can
> understand my quickness on the trigger on this one. no excuse, but..
> atleast you understand the reasoning?

OK. I'll forgive you.

> If I ever get around to taking all my text file quickie notes,
> disassemblies and bins together into something readable for a techie, I
> will provide it to a safe site where I know trusted, respected and
> professional persons can study it safely. Obviously, you don't have the
> pre-requiste knowledge to keep a potentially harmful piece of code in a
> safe and controlled environment. It would be at the very least,
> irresponsible of me to openly share the code or my notes as without
> proper precautions, firmware corruption can result. I can handle that
> should it occur, but you couldn't and I wouldn't want you to be left with
> a dead computer on my account.

Please don't worry about my computer Dustin. It's simply a tool and
easily replaceable. Please answer my original question, viz:-

If I have understood correctly, when the LoJack software is loaded onto
a computer (from a CD/DVD) somehow or other, an alteration is made to
the BIOS chip. In turn, this results in a situation whereby even if the
hard drive is wiped clean, the product survives and can still call home.

Now, if LoJack can do this, as I've intimated in the past, why cannot a
specifically crafted *malware* do exactly the same thing if it was
planted on a CD/DVD which a user deliberately 'loaded' for a specific
purpose? For example, a CD used to install drivers for a printer or,
perhaps, a CD ordered by post to install Windows XP SP2?

Serious question.

[G. Morgan]

Dustin wrote:

>G. Morgan <G_Morgan@easy.com> wrote in
>news:mpql67pmb0i8j5b7p4p1bmqnrs92lk3tjl@Osama-is-dead.net:
>
>> Sounds judgmental to me. Judge, Jury, and Exe.. wait, he's innocent
>> after all, doh!
>
>Judgemental, sure. I'll go for that. Still, no lie.

Nope, it was a lie.

>You were, ehh, wrong
>on that accusation. Rather than just say, opps, ok, like I did, you'd
>rather deflect and try to attack more.

Nope, it was a lie.

>Likely due to your poor decision
>to challenge on technical skill.

I don't remember any 'technical' challenge unsettled except for the BS
you are spewing about LoJack.

>You're really pissed off at me, eh?

Nope, you're just a hobby for me when I feel like talking ****.

[Bullwinkle.]

Why don't you load it up. study it and report back here the results?

IOW answer you own questions and educate the masses at the same time.


"~BD~" <~BD~@nomail.afraid.org> wrote in message
news:j4etue$jre$1@dont-email.me...

If I have understood correctly, when the LoJack software is loaded onto
a computer (from a CD/DVD) somehow or other, an alteration is made to
the BIOS chip. In turn, this results in a situation whereby even if the
hard drive is wiped clean, the product survives and can still call home.

Now, if LoJack can do this, as I've intimated in the past, why cannot a
specifically crafted *malware* do exactly the same thing if it was
planted on a CD/DVD which a user deliberately 'loaded' for a specific
purpose? For example, a CD used to install drivers for a printer or,
perhaps, a CD ordered by post to install Windows XP SP2?

Serious question.

[Dustin]

G. Morgan <G_Morgan@easy.com> wrote in
news:hdvl67l1lghv0dso8152elqg31eefvse0n@Osama-is-dead.net:

> you are spewing about LoJack.

I'm not spewing any BS about lojack. You can easily verify my claims,
some sites which are discussing lojack have also noticed the same
functionality.

An individual who goes by the name Ant examined a rom dump file some
time back and reached the same conclusions as I have.

You don't learn well, so I'll try to use simple english. I don't play
cards for one reason, I'm not a natural liar, so I stink at having to
bluff. basically, I give myself away; if I'm holding a hand that you
know is going to squish you like a bug, you'd be able to tell.

Plus, I don't like wasting time trying to remember stupid ****, so it's
just easier for me to be honest with an individual when I'm discussing
research openly like this. I'm obviously placing my reputation as a
professional malware researcher on the line when sharing what little I
have here with you.

I've done my homework, I know lojack intimately.

I've been sure to share material you can independently verify. For two
reasons. One, my reputation, I've worked my ass off to earn trust and
respect of other researchers. No easy task considering my confirmed
history as a retired Vxer who enjoyed irking the avers. I'll be damned
if I'd screw it up on a pissant nobody like you.

Two, I like to imagine the expression on a persons face when they see
the same results by another individual unrelated to me. I know it has
to increase their bloodpressure when they work so hard to discredit me.

Not only do they fail in the job, their actually further increase my
credibility to other newbies who aren't familiar with malware
researchers. In other words, When you ask me to prove little things
like this, thinking I can't, You're helping me in a good way. [g]

> Nope, you're just a hobby for me when I feel like talking ****.

Well, you seem to talk **** the majority of the time from where I'm
sitting. I think IT is more a hobby for you than it is for me, tho. I
do it for a living, professionally.


--
I am a sinner
Hold my prayers upto the sun
I am a sinner
Heaven's closed for what I've done.

[Dustin]

~BD~ <~BD~@nomail.afraid.org> wrote in
news:j4etue$jre$1@dont-email.me:

> Please don't worry about my computer Dustin. It's simply a tool and
> easily replaceable. Please answer my original question, viz:-

Alright. Consider it everyone elses computers who might try playing
around if I made the findings public. If you want an example, How many
computers are likely infected with something right now? Infected is
still better than dead.

For those users who can't remove, say, mywebsearch, a firmware
corruption is a dead computer; I don't think they'd be so forgiving.

> If I have understood correctly, when the LoJack software is loaded
> onto a computer (from a CD/DVD) somehow or other, an alteration is
> made to the BIOS chip. In turn, this results in a situation whereby
> even if the hard drive is wiped clean, the product survives and can
> still call home.

An additional codeblock is installed in a freespace section of the BIOS
itself, depending on installation style and manufacturer (I'm not going
to get any more specific here) it may or may not include modified
firmware code for the mainBIOS itself. Not all systems have a bios
which supports this. It isn't universal.

> Now, if LoJack can do this, as I've intimated in the past, why
> cannot a specifically crafted *malware* do exactly the same thing if
> it was planted on a CD/DVD which a user deliberately 'loaded' for a
> specific purpose? For example, a CD used to install drivers for a
> printer or, perhaps, a CD ordered by post to install Windows XP SP2?

David,

I never implied one couldn't do this; I only stated an ITW sample of a
real malware (technically, lojack is greyware) has never been reported.
firmware corruption, yes, but not installation of additional code. It's
not universal, as I've said from the getgo. The BIOS has to support it,
and the flasher code has to know which bios it's flashing too. It has
to do some very specific things in a specific order to convince the
BIOS to accept a new program. Those things and that order is specific
to BIOS manufacturer; not universal.

Also,

Some mainboards on desktop pcs (you can lojack those too if you feel a
real risk of the computer being stolen. You should be more concerned
with the data on it, tho. Imho.) contain a secondary read-only basic
firmware program; in the event of BIOS corruption, or the board things
you screwed up, it can reflash the bootblock for you, with code direct
from manufacturer. This will not touch lojack, but will restore you
from firmware corruption.

> Serious question.

Serious explanation provided, I'm sorry I can't be more specific, but
it would be bad of me. I have told people to google it tho. I can't
stop you from learning things that way. Hint hint.


--
I am a sinner
Hold my prayers upto the sun
I am a sinner
Heaven's closed for what I've done.

[Aardvark]

On Sat, 10 Sep 2011 06:52:06 +0100, ~BD~ wrote:

> Now, if LoJack can do this, as I've intimated in the past, why cannot a
> specifically crafted *malware* do exactly the same thing if it was
> planted on a CD/DVD which a user deliberately 'loaded' for a specific
> purpose? For example, a CD used to install drivers for a printer or,
> perhaps, a CD ordered by post to install Windows XP SP2?
>
> Serious question.

No, it's a ****ing sto0pid question, ****. Why would M$ wish to do
anything like that and expect to get away with it for any length of time?



--
"When I give food to the poor, they call me a saint. When I ask
why are they poor, they call me a Communist."
- Hélder Pessoa Câmara, Archbishop of Olinda and Recife, Brazil

[~BD~]

Dustin wrote:
> ~BD~<~BD~@nomail.afraid.org> wrote in
> news:j4etue$jre$1@dont-email.me:
>
>> Please don't worry about my computer Dustin. It's simply a tool and
>> easily replaceable. Please answer my original question, viz:-
>
> Alright. Consider it everyone elses computers who might try playing
> around if I made the findings public. If you want an example, How many
> computers are likely infected with something right now? Infected is
> still better than dead.
>
> For those users who can't remove, say, mywebsearch, a firmware
> corruption is a dead computer; I don't think they'd be so forgiving.

I believe that *millions* of computers are currently infected!

>> If I have understood correctly, when the LoJack software is loaded
>> onto a computer (from a CD/DVD) somehow or other, an alteration is
>> made to the BIOS chip. In turn, this results in a situation whereby
>> even if the hard drive is wiped clean, the product survives and can
>> still call home.
>
> An additional codeblock is installed in a freespace section of the BIOS
> itself, depending on installation style and manufacturer (I'm not going
> to get any more specific here) it may or may not include modified
> firmware code for the mainBIOS itself. Not all systems have a bios
> which supports this. It isn't universal.

I understand that, Dustin.

>> Now, if LoJack can do this, as I've intimated in the past, why
>> cannot a specifically crafted *malware* do exactly the same thing if
>> it was planted on a CD/DVD which a user deliberately 'loaded' for a
>> specific purpose? For example, a CD used to install drivers for a
>> printer or, perhaps, a CD ordered by post to install Windows XP SP2?
>
> David,
>
> I never implied one couldn't do this; I only stated an ITW sample of a
> real malware (technically, lojack is greyware) has never been reported.
> firmware corruption, yes, but not installation of additional code. It's
> not universal, as I've said from the getgo. The BIOS has to support it,
> and the flasher code has to know which bios it's flashing too. It has
> to do some very specific things in a specific order to convince the
> BIOS to accept a new program. Those things and that order is specific
> to BIOS manufacturer; not universal.

OK

> Also,
>
> Some mainboards on desktop pcs (you can lojack those too if you feel a
> real risk of the computer being stolen. You should be more concerned
> with the data on it, tho. Imho.) contain a secondary read-only basic
> firmware program; in the event of BIOS corruption, or the board things
> you screwed up, it can reflash the bootblock for you, with code direct
> from manufacturer. This will not touch lojack, but will restore you
> from firmware corruption.

Very interesting. Thanks.

>> Serious question.
>
> Serious explanation provided, I'm sorry I can't be more specific, but
> it would be bad of me.

Thank you, Dustin.

> I have told people to google it tho. I can't
> stop you from learning things that way. Hint hint.

I'm getting better with Google! ;-)

[~BD~]

Dustin wrote:

> Serious explanation provided, I'm sorry I can't be more specific, but
> it would be bad of me. I have told people to google it tho. I can't
> stop you from learning things that way. Hint hint.

There is some very interesting information here:-

LoJack for Laptops *FAQ*

http://www.absolute.com/shared/faqs/L4L-FAQ-E.sflb.ashx

I expect that there's nothing therein of which you are unaware.

[FromTheRafters]

"~BD~" <~BD~@nomail.afraid.org> wrote in message
news:j4hnov$ora$1@dont-email.me...
> Dustin wrote:
>
>> Serious explanation provided, I'm sorry I can't be more specific, but
>> it would be bad of me. I have told people to google it tho. I can't
>> stop you from learning things that way. Hint hint.
>
> There is some very interesting information here:-
>
> LoJack for Laptops *FAQ*
>
> http://www.absolute.com/shared/faqs/L4L-FAQ-E.sflb.ashx
>
> I expect that there's nothing therein of which you are unaware.

Some things are a little vague.

For instance:

"The extra level of persistence provided by the Computrace BIOS Persistence
Module enables the Absolute Theft Recovery Team to track and recover computers
that have been stolen even if the hard drive has been tampered with or removed."

I think they mean "replaced" rather than "removed".