5267287
story
Comments: 459 +- Hardware: Delete Data On Netbook If Stolen? on Tuesday July 21 2009, @01:18AM
Posted
by
kdawson
on Tuesday July 21 2009, @01:18AM
from the grab-brick-smash-window dept.
from the grab-brick-smash-window dept.
background: url(//a.fsdn.com/sd/topics/topicportables.gif); width:53px; height:54px;
portables
background: url(//a.fsdn.com/sd/topics/topicsecurity.gif); width:59px; height:78px;
security
background: url(//a.fsdn.com/sd/topics/topichardware.gif); width:64px; height:55px;
hardware
An anonymous reader writes "I have just moved overseas on a 2-year working holiday visa and so I picked up a netbook for the interim, an MSI Wind U100 Plus running WinXP. I love it to bits. But as I am traveling around I am somewhat worried about theft. Most of my important stuff is in Gmail and Google Docs; however, I don't always have Net access and find it useful to gear up the offline versions for both. Ideally I would like to securely delete all the offline data from the hard drive if it were stolen. Since it is backed up in the cloud, and the netbook is so cheap I don't really care about recovery, a solution that bricks it would be fine — and indeed would give me a warm glow knowing a prospective thief would have wasted their time. But it's not good if they can extract the HD and get at the data some other way. All thief-foiling suggestions are welcome, be they software, hardware, or other."
Related Stories
Submission: Delete data on netbook if stolen? by Anonymous Coward
Because I don't need to worry about finances I can ignore Microsoft
and take over the (computing) world from the grassroots.
-- Linus Torvalds
All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2010 Geeknet, Inc.
Whole Disk Encryption (Score:5, Insightful)
Re:Whole Disk Encryption (Score:4, Informative)
I know it doesn't help the OP, but on linux-based netbooks it's trivial to re-install linux with whole disk encryption if you want to upgrade to Ubuntu anyway. I've been running this way on my primary laptop for over a year and haven't really noticed any performance degradation.
Parent
Re:Whole Disk Encryption (Score:5, Funny)
The answer to your problem is whole disk encryption, not trying to delete the data.
Feh. Your so-called answer does not include the word 'thermite' or the phrase 'earth-shattering kaboom'. And you call yourself a geek?
Parent
Re:Whole Disk Encryption (Score:5, Funny)
Where's the ka-boom. There was supposed to be an earth shattering ka-boom.
Parent
Re:Whole Disk Encryption (Score:5, Funny)
Install a Sony battery.
Ka-boom.
http://geeksaresexy.blogspot.com/2006/11/lithium-ion-laptop-battery-explosion.html
P.S: It was made by a Gnome, so it might explode before it gets stolen.
Parent
Slow News Day - WTF? (Score:5, Insightful)
Google: windows encrypted drive + "I'm feeling lucky".
Here's what I got:
http://www.truecrypt.org/ [truecrypt.org]
I'm OK with "Ask Slashdot" being used to gather the collective experience of the techies that like to hang out off-hours here at /. - but.. this?!?
Something that could be addressed by a moment or two spent at Google or even (god's sake) Bing is a WASTE OF HITS. But maybe that's the plan - get droves of angry techies to bitch about the lameness of the stories, delivering ad impressions?
Crazy like a fox?
I'm on to you, Cmdr Taco, if that is your real name!
Parent
Re:Slow News Day - WTF? (Score:4, Funny)
Parent
Re:Whole Disk Encryption (Score:5, Funny)
the part where the original poster said "Running WinXP" may not have made it all the way in.
I despise answers that randomly suggest competing products without really answering the question. It's like "My lawnmower won't start" and "Well, if you had goats, then you could feed them a different feed to make them more motivated." Try to advertise less and answer the frakking question more, MMkay?
Parent
Re:Whole Disk Encryption (Score:4, Funny)
If your lawnmower doesn't work, one answer would be: try goats.
Parent
Re: (Score:3, Informative)
fencing (repost) (Score:4, Insightful)
To the average thief, and to the average receiver of a stolen netbook, if the netbook boots an alternative OS, it might as well be bricked.
Parent
Re:fencing (repost) (Score:4, Funny)
Parent
Re:Whole Disk Encryption (Score:5, Funny)
The correct answer is truecrypt for Windows XP [truecrypt.org] then simply encrypt the drive and voila! No password no data. But I can't think of any other way to totally brick it and still have it legal to travel with. After all customs tends to frown on C4, even if all you are doing is trying to teach thieves a valuable lesson in respecting peoples property.
Of course if you really wanted to make them suffer you could keep a small DOS partition and have it set to load in case of incorrect password and then use a batch file to play slides of Goatse and Tubgirl and maybe a few choice selections from 2 girls one cup, while playing a wav file of that damned annoying frog full blast on endless loop, but I think you may risk getting arrested for crimes against humanity. But I'm sure after the thief was done throwing up and washing out his eyes with bleach a valuable lesson would be learned.
Parent
Re: (Score:3, Funny)
Moot. The word is moot.
If you make more mistakes of that magnitude, you may be muffled and mutilated with a maddened moose.
Encryption (Score:5, Informative)
Encrypt the entire drive with TrueCrypt or something. Use a strong cipher and a very strong passphrase. The laptop is as good as bricked to anyone who gets it.
Re:Encryption (Score:5, Insightful)
Whole-Disk AES via TrueCrypt is only BARELY above the "acceptable" threshold on a Core Solo. I cringe to think what it'd be like on an Atom. A better bet would be to use a container-hosted TrueCrypt volume, and set your My Documents folder into that volume.
Parent
Re:Encryption (Score:4, Informative)
Parent
Re:Encryption (Score:5, Informative)
Parent
fencing (Score:5, Insightful)
All the more reason to use a Linux or BSD based OS.
To the average thief or receiver of stolen goods, a netbook running an alternate OS is as good as bricked.
Parent
Re:Encryption (Score:5, Interesting)
On N270 Atoms, whole-disk AES encryption works perfectly fine, and the only time I notice a slow-down is when I'm running a benchmark program side-by-side with a model that has an unencrypted drive. For regular browsing and e-mail (which is what the person asking the question listed as a qualification), it's a non-issue.
As some others have posted, and what my local police have told me, the laptop will likely have been sold for cash in less than 24 hours. Unless you are being targeted specifically for something of significant value such as corporate IP, it's unlikely that anyone is going to spend the time to try to unencrypt your drive.
But other threats still loom...
If you plan on connecting to any network, you will expose your machine to any network-based threat, so you ought to harden your machine accordingly.
Make sure you still have a strong password for your account login. If your machine is in hibernate, the crypto authentication prompt will stop them, but if your machine was sleeping, it'll return to the OS prompt.
The one scenario where you're not protected at all is if the machine is powered on, logged in, and someone grabs it by force. I realize there are proximity-based USB dongles that will lock the screen when the remote adapter is beyond range, but this may be far too impractical to use. A USB security dongle sticking out the side is a quick recipe for a broken USB port...
Parent
Re:Encryption (Score:5, Informative)
My personal experience with a Inspiron 1520 is that whole disk encryption significantly reduces battery life, which is a real usability problem.
Most likely, when I get back to the states (I only encrypted for some overseas travel anyway), I will decrypt it and move back to an encrypted truecrypt container for the small number of documents that are really sensitive.
Parent
Re: (Score:3, Informative)
I have a Pentium 3 Mobile 1.7GHz Thinkpad and Truecrypt makes no appreciable difference in performance. Even during benchmark tests the CPU is only about 50% loaded, so the bottleneck is the HDD itself. 50% sounds like a lot, but keep in mind we are talking artificial benchmarks here. Real world performance is probably in the order of 5-10% when loading an app or large file.
Truecrypt is by far the best option. Not only does it protect your data in case of theft or over-zealous customs staff, but you can wip
Re:Encryption (Score:4, Interesting)
Parent
On a netbook? (Score:5, Funny)
Including the owner!
Parent
a hack (Score:5, Funny)
set up a scheduled task to wipe the drive unless you cancel it. Then don't forget to cancel it.
Re:a hack (Score:5, Funny)
That's a TERRIBLE idea... Like, HOLY SHIT terrible.
Then your threshold for terrible needs adjusting. I'm sure I can think of something worse than what the AC suggested :-P
For example: a small thermite charge, proximate to the hard drive platter. It's fused to go off if a particular peripheral isn't detected upon boot-up; you keep the peripheral "key" with you, perhaps attached to your regular key-chain. A thief tries to boot, and BOOM (okay, thermite doesn't "boom", but you get the idea) - no more HDD. Or netbook. Or whatever it happened to be on top of. Bonus points if the thief happens to have it on their lap at the time.
Now that, ladies and gentlemen, is how you propose a terrible idea. Compared to this, a full disk wipe sounds positively safe and reasonable.
(IMPORTANT: If anyone out there is stupid enough to take this suggestion seriously and implement this obvious deathtrap, I cannot be held accountable for any loss of property, organic damage or Darwin award nominations that result.)
Parent
Re:a hack (Score:4, Interesting)
The OP says he's moved "overseas" so presumably some day he'll be travelling back to which ever country he came from, and I would guess that includes flying.
Parent
Re:a hack (Score:5, Funny)
The OP says he's moved "overseas" so presumably some day he'll be travelling back to which ever country he came from
Not necessarily, he might have moved out of the U.K.
(No flames please, I'm British :)
Parent
Re: (Score:3, Insightful)
That's a TERRIBLE idea... Like, HOLY SHIT terrible.
Why? The laptop is a backup for online data. He can afford to throw it away and reload it next time he goes on line.
Identity Theft or Physical Theft (Score:5, Insightful)
If it's physical theft I would think they would bin the HDD or sell it "as is" without even looking at what's on it. Bricking it doesn't do a lot, you'd probably just replace the HDD anyway.
Identity theft is more worrying. Why not encrypt the HDD with something like Fedora / Ubuntu offers - ie an encrypted /home or MyDocuments. That way the laptop won't log on for the thief.
Re: (Score:3, Interesting)
What if it was already logged in?
Ex: Someone grabs it at an internet cafe, while you're ordering something?
I know everyone else is thinking the same thing, but I'll say it anyway - encrypt the entire partition, with a tool like TrueCrypt.
Re:Identity Theft or Physical Theft (Score:4, Insightful)
If a thief grabs it, they would inevitably tuck it under their arm (walking around with an open netbook would slow them down and make them easier to spot). So set the netbook to shutdown when the lid is closed.
Parent
Re: (Score:3, Interesting)
(I'm aware that my suggestion doesn't deal with an already-logged in scenario. If anyone has an answer to that one, please, do reply with it!)
Sounds like you need some kind of RF token and a receiver attached to the netbook; if the token goes out of range, the machine logs you out and/or shuts down. If push came to shove, I imagine you could bodge something together with a Bluetooth receiver and a Bluetooth enabled phone like BluePromixity [sourceforge.net] does.
Booby trap it? (Score:3, Funny)
There is probably room in the case for a few ounces of C4 explosive, and a detonator. You might have a hard time getting it through customs though..... and you had better never drop the thing so the detonator goes off!!
Lojack for Laptops (Score:4, Informative)
Website: http://www.absolute.com/products/lojack [absolute.com]
FAQ: http://www.absolute.com/resources/public/FAQ/L4L-FAQ-E.pdf [absolute.com]
Costs $59.95/year for the premium package which supports Remote Wipe. Embeds itself in the BIOS/EFI. Supports XP and OS X.
Truecrypt + fake account (Score:5, Insightful)
Re: (Score:3, Funny)
You don't have kids, do you ?
You just gave a recipe for disaster :)
Re: (Score:3, Funny)
Re: (Score:3, Insightful)
Image the disk, test, bitcopy. Obviously.
The bonus is that you now have a ready-made image for your next netbook when this one is stolen.
Encryption and BIOS settings (Score:3, Interesting)
Of course full-disk encryption, as lots of people have already suggested, but since you want the thief's time to be wasted, remember to password-protect the BIOS and disallow booting from USB drives or external units. Same goes for GRUB if you were on Linux. That way the thief will not be able to resell the netbook.
Yes, the thief could remove the BIOS battery, but he would have to tear the case open. If he knew how to open a laptop without breaking it, he has more skill than I would associate with a petty thief.
You might also consider Adeona [washington.edu].
Re:Encryption and BIOS settings (Score:5, Interesting)
"Yes, the thief could remove the BIOS battery, but he would have to tear the case open. If he knew how to open a laptop without breaking it, he has more skill than I would associate with a petty thief."
Did it ever occur to you that the thief might be part of a larger crime organization, which organization might have a few people with pretty advanced technical skills? Or, even if they aren't, it's entirely possible/probable that after the thief fences the stolen computer, it will end up in the hands of someone both unscrupulous, and technically saavy?
Parent
Are you evil enough? (Score:5, Interesting)
First, get truecrypt, that takes care of your data.
Now then, If you have the spark of evil in you, here's the plan.
1. Set up multi-boot config.
2. Create a bootable partition that has enough OS on it to run the drive and network, name it something interesting like 'Confidential'.
3. Get the BIOS flash utils for your netbook, create a corrupt bios image that will still pass muster enough to install.
4. Set up a boot time process on the netbook that does a 'wget' from a web site that you control. If it gets a file, quietly flash the BIOS with what it downloads.
If you ever get ripped off, move the nasty BIOS image to the file location on your web site and bask in the glow of pure wickedness...
You can test this with a valid BIOS image, but don't look at me if something terrible happens, you're playing with fire here.
Quick'n'easy (Score:5, Interesting)
1) Set up two accounts. Your actual one behind a password and an unprotected one.
2) In the unprotected one's startup, set it to delete all of your personal data.
You'll never log on via the unprotected account. Therefore you'll never accidentally delete everything. Even if you do manage to, as soon as you're next near a net connection it sounds like you can pull it back anyway.
Most casual thieves (sorry, your life isn't actually important enough that crack teams of ninja espionage winged monkeys will track you down and deliberately steal your data) will be perfectly happy to log on via the one account they can get on via and won't notice a suitably disguised process quietly cleaning everything sensitive off the machine.
It's not perfect, it's not infallible but, honestly, your data really isn't worth the hassle of defeating it for the average opportunistic thief.
You want to have more fun with them...
Set a scheduled task on that account to open Firefox 3.5 every 15 minutes and go to an address on your own server where it promptly gives its geolocation info [mozilla.com] before more obviously redirecting itself to some apparent malware site. They'll assume your machine's just infected with malware while you and the cops are given constant updates on their location.
Again, it's not perfect and most of /. could easily defeat it... But the average thief isn't a /. reader, they're just an opportunist who thinks they're getting something for free.
Re:Quick'n'easy (Score:4, Insightful)
And while at Custom's, have the border guard try to log in to your computer. Have him "access" the second account, delete all the data and then discover that you find yourself in some foreign court charged with destroying whatever it is they claim you destroy.
I do believe there have been cases in the US where people have been compelled by the courts to produce encryption keys for data on laptops they have tried to carry past customs. The poster does want to do this for protection while traveling "overseas". I wouldn't suggest entering some countries and claiming you just had a script delete everything on your harddrive - when their customs tried to log - but "you have nothing to hide - honest".
Parent
What do they want to steal? (Score:5, Informative)
Most casual thieves want the hardware to use, resell, or simply because it's pretty. They don't give a toss about your data unless they can get easy cash out of it.
Encrypt the disk to protect your data. It doesn't even have to be very strong encryption but obviously good encryption is better if your CPU can handle it. You can save CPU cycles by only encrypting data that really needs to be kept personal.
Personally I'd be tempted to have some kind of low trick on there just to fuck with their minds. Add a script like
echo "GPS location tracking started..."
sleep 13
echo "Device location found and reported."
read x
There is absolutely no security in this but casual thieves are normally not too smart so might shit their pants.
Re:What do they want to steal? (Score:5, Informative)
It doesn't even have to be very strong encryption but obviously good encryption is better if your CPU can handle it.
AES is quite fast on 32-bit CPUs. There's no excuse for bad crypto.
Parent
Take to it with a hammer! (Score:5, Funny)
Right now! No thief will ever get your data if you destroy it right now!
Oh you wanted to use it in the meantime. Well that's different...
Maybe I don't understand something... (Score:3, Insightful)
but if you care about confidentiality of your datas once your laptop is stolen, and at the same time you store most of your datas on servers owned and administered by someone who is not you (the Google company in this case), then maybe you should think twice about what you do.
paint a STOLEN FROM ... message on the front (Score:4, Interesting)
THIS COMPUTER WAS STOLEN FROM <your name/phone number>
In large, contrasting letters - for extra points write it in the language(s) of the countries to be visited. Not only will it draw unwanted attention to whoever tries to use it, but it will make the stolen item impossible to sell on errr, auction sites, where most of this stuff ends up.
C4 (Score:3, Funny)