By the way Bwana Chuks, as long as impunity or physical access is gained to a machine, it's disclosure time for sensitive data! Allowing or denying booting on a lost machine will make very little difference to a jambazi that really wants access to millions worth of company data. HDD huenda ikachujwa (bila matata) na kukaguliwa kwingine. About transponders, try opening your lappy and check whether there's enough room for a decent HW tracker. (by decent, i mean one that can acquire conclusive location data and submit it to you in NBO even if it ends up in Mandera) NB: anyone/org crazy enuf to store sensitive nfo (worth millions) on any portable machine is in serious need of an overhaul to their security policies (and 1000 cans of whoop ass unleased on them) _______________________________________________ *Without requirements or design, programming is the art of adding bugs to an empty text file.* _______________________________________________ * * 2012/6/16 Gichuki John Chuksjonia <chuksjonia@gmail.com>
Data cost millions to companies, a laptop is cheaper than that.
A boot up of a box gets its naked even when you have an encrypted partition, this is coz its a partition of one full device, and thats where the vulnerability comes to.
If you want to track something, use hardware, like a transponder can do a great job, even in a remote area with no maps.
On 6/16/12, James Nzomo <kazikubwa@gmail.com> wrote:
Allowing a boot up doesn't guarantee unwanted data access. Disks can be partitioned. Partitions & Dirs with sensitive data can be encrypted. Decent tracking SW allows you to nuke your data remotely
I don't know about you but to the rest of us common folk, a lappy is an asset that cost real heard earned bling and effort to acquire. I would think it wise to do everything within one's means to reacquire a lost machine
_______________________________________________
*Without requirements or design, programming is the art of adding bugs to an empty text file.* _______________________________________________ *
*
2012/6/16 Gichuki John Chuksjonia <chuksjonia@gmail.com>
@James, i cant let u access my laptop just like that. Its better to have a backup of your work on an encrypted hdd, if the laptop goes, i say bye bye, get a new one, load my work up.
Letting the laptop boot coz you want to track it, its a bigger risk to data, dont advice people that.
On 6/16/12, James Nzomo <kazikubwa@gmail.com> wrote:
@Chuksjonia Letting a laptop boot the OS sans boot passwords will allow a stolen machine to run prey or some other tracking SW (if it hasn't been formatted already)
_______________________________________________
*Without requirements or design, programming is the art of adding bugs to an empty text file.* _______________________________________________ *
*
2012/6/16 <thomas.kibui@gmail.com>
Furthermore if your hijacked email accounts are subscribed to this mailing list . ... The hijacker is readin this thread as we speak ...
Lets not even talk of other social sites like facebook, twitter and the likes
Sent from my BlackBerry®
-----Original Message----- From: Erick Njoka <erickarn@gmail.com> Sender: skunkworks-bounces@lists.my.co.ke Date: Sat, 16 Jun 2012 15:19:21 To: Skunkworks Mailing List<skunkworks@lists.my.co.ke> Reply-To: Skunkworks Mailing List <skunkworks@lists.my.co.ke> Subject: Re: [Skunkworks] Hacked Email Accounts
Even if the laptop requires a password to log in, Ophcrack can
usually
read most Windows login passwords. I've tried it (on request, of course) for XP, not sure about Windows 7.
Erick
On Sat, Jun 16, 2012 at 12:46 PM, Evans Ikua <ikua.evans@gmail.com> wrote:
Well Philip, if your laptop does not require a password when it starts, and your browser is set to remember the passwords to websites like your email accounts (automatic login), then you begin to see the picture. Once the person is logged into your email account, they can do plenty of damage. This is serious stuff. I wonder if there is a way of engaging Google to rectify this? Especially with the local office?
Evans
Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke