Gordon Dexter on 14 Jul 2010 15:30:03 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Laptop recovery--useful data to collect?

JP Vossen wrote:
On 07/14/2010 03:47 AM, JP Vossen wrote:
Date: Tue, 13 Jul 2010 22:01:52 -0400
From: Gordon Dexter<gordon@texasdex.com>
Subject: [PLUG] Laptop recovery--useful data to collect?

I'm setting up my Eee 901 netbook with a 'phone-home' type shell script
that will collect various data in the event that it is stolen.

You know, I gave this some more thought and I think we've all gotten caught up in "cool problem solving" and have failed to ask a better question, which is, why does this matter?

The laptop should have whole-disk encryption, thus the thief should never be able to boot it up, thus none of these solutions should never have a chance to work.

So...  Why isn't the laptop's data protected?

This was really brought out when reading http://ask.slashdot.org/story/10/07/12/2253218/Retrieving-a-Stolen-Laptop-By-IP-Address-Alone because that OP was tracking his stolen laptop via Thunderbird logging into GMail via IMAP. Wait, WHAT?!? So you turn on this laptop, and it boots, auto-logs-in, and fires up TB all by itself?!? WTH!!!

My policy is that any laptop that could leave the house has whole-disk encryption and even if on but suspended, it asks for a (user) password on un-suspend. So how do these "phone home" tricks even matter since the OS and data should never be accessible to the bad guy in the first place?

(I get that in this particular case the laptop may have no data, and it's certainly a cool thing to play with. My point is that people *in general* need to start taking the default stance of whole-disk encryption for "stored data in motion" and worry less about fancy tricks.)


You're absolutely right of course. Every laptop nowadays should have disk encryption enabled by default.

I was going to mention this in the original post, but decided against it since I didn't want to over-complicate things. I considered FDE for the laptop in question, but given the dinky Atom processor I decided against it. Instead it has the next best thing to FDE: an encrypted /home partition, with ramdisks for /tmp and /var/log.

The drive layout of the Eee 901 kind of forces me to do it this way. It provides two physically separate drives (4G and 16G), so if I wanted to encrypt both I'd have to enter two passwords on boot. The ramdisks are mostly because of SSD wear but they also minimize info leakage. I don't use swap on the machine, so that won't leak info either. At one point I even had encrypted hibernate set up with uswsusp, but upgrading to 9.04 broke it.

The other interesting thing about my setup that makes this tracking possible is that I have gdm set to log my username in automatically. That's convenient for me since I only need one password on bootup, but it has another interesting effect. Since I'm not using luks for the /home crypt, it won't error out when given a wrong disk password, it just silently fails to mount /home, allowing the thief to use the laptop. I have a minimal home directory set up on the root partition, so if /home doesn't mount they just see a home directory that I set up for them (this could also be useful for border crossings...). They can use this for as long as they want, and they'll have rights to join wireless networks if they need to, but they won't be able to sudo because they don't have the password to the account. There is also a BIOS password and a GRUB password on the machine, so I think it's as wipe-resistant as I can make it.

I realize that this whole scheme is overthought and perhaps slightly Rube Goldberg, but it works pretty well for me, and happens to be quite amenable to this sort of tracking thing.


Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug