JP Vossen on 14 Jul 2010 11:58:13 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Laptop recovery--useful data to collect?

On 07/14/2010 03:47 AM, JP Vossen wrote:
Date: Tue, 13 Jul 2010 22:01:52 -0400
From: Gordon Dexter<>
Subject: [PLUG] Laptop recovery--useful data to collect?

I'm setting up my Eee 901 netbook with a 'phone-home' type shell script
that will collect various data in the event that it is stolen.

You know, I gave this some more thought and I think we've all gotten caught up in "cool problem solving" and have failed to ask a better question, which is, why does this matter?

The laptop should have whole-disk encryption, thus the thief should never be able to boot it up, thus none of these solutions should never have a chance to work.

So...  Why isn't the laptop's data protected?

This was really brought out when reading because that OP was tracking his stolen laptop via Thunderbird logging into GMail via IMAP. Wait, WHAT?!? So you turn on this laptop, and it boots, auto-logs-in, and fires up TB all by itself?!? WTH!!!

My policy is that any laptop that could leave the house has whole-disk encryption and even if on but suspended, it asks for a (user) password on un-suspend. So how do these "phone home" tricks even matter since the OS and data should never be accessible to the bad guy in the first place?

(I get that in this particular case the laptop may have no data, and it's certainly a cool thing to play with. My point is that people *in general* need to start taking the default stance of whole-disk encryption for "stored data in motion" and worry less about fancy tricks.)

JP Vossen, CISSP            |:::======|
My Account, My Opinions     |=========|
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --