http://www.pimall.com/nais/tracking.html
http://www.youtube.com/watch?v=MCp3H_qkj18
http://www.eyespysupply.com/gps-trackers--car--vehicle-tracking-devices.html

So its a matter of finding which one u need, fit it inside a battery, next to Dvdrom chassis, etc, just be creative.

>Why would a 1337 argue that logical controlls would be an adequate barrier when all >physical security is compromised?

Am not telling people to let a reboot, why are you? I have been involved in Security Assessment where a laptop had to be grabbed, and i know the risks.






On 6/17/12, James Nzomo <kazikubwa@gmail.com> wrote:
> lol Gichuki, I'm puzzled
> Why would a 1337 argue that logical controlls would be an
> adequate barrier when all physical security is compromised?
> Anyways, i see no end to this debate. Take whatever precautions you see fit
> for your portables, i'll stick to mine 
>
> One last thing tho, when you get time, kindly share a link to these "tiny
> covert GPS tracker devices" that can at least sent a text with lat & long
> and be fitted discreetly inside a laptop chassis.
> I'd like to know whether i've missed something concerning those
>
>
>
> _______________________________________________
>
> Without requirements or design,
> programming is the art of adding bugs to an empty text file.
> _______________________________________________
>
>
>
>
> 2012/6/17 Gichuki John Chuksjonia <chuksjonia@gmail.com>
>>
>> There are very small transponders size of USB stick, i cant remember
>> there names. There also some little GPS covert tracker devices, price
>> range of 299 USD to 500 USD.
>>
>> Using software for tracking laptops is not security advised (This
>> should be done for organizations that are open even to their
>> competitors), especially when working with a sensitive environment,
>> security 101.
>>
>> Best advice,
>>
>> 1) Backup your data always, off the laptop. Protect the storage.
>> 2) Lock your HDD on BIOS level, pretty easy
>> 3) Encrypt your whole Device
>> 4) Don't store your passwords on the browser
>> 5) Sensitive document should always be password protected or encrypted
>>
>> Saying that you let the thief get all the way to boot, man, thats a
>> horrible option, some of these guys know how to remove software. What
>> if the box is booted up in Mogadishu, will send KDF to pick it up?
>>
>> Kindly,
>>
>> ./Chucks
>>
>> On 6/17/12, James Nzomo <kazikubwa@gmail.com> wrote:
>> > By the way Bwana Chuks, as long as impunity or physical access is gained
>> > to
>> > a machine, it's disclosure time for sensitive data!
>> >
>> > Allowing or denying booting on a lost machine will make very little
>> > difference to a jambazi that really wants access to millions worth of
>> > company data.
>> >
>> > HDD huenda ikachujwa (bila matata) na kukaguliwa kwingine.
>> >
>> > About transponders, try opening your lappy and check whether there's
>> > enough
>> > room for a decent HW tracker.
>> > (by decent, i mean one that can acquire conclusive location data and
>> > submit
>> > it to you in NBO even if it ends up in Mandera)
>> >
>> >
>> > NB: anyone/org crazy enuf to store sensitive nfo (worth millions) on any
>> > portable machine is in serious need of an overhaul to their security
>> > policies (and 1000 cans of whoop ass unleased on them)
>> >
>> >
>> > _______________________________________________
>> >
>> > *Without requirements or design,
>> > programming is the art of adding bugs to an empty text file.*
>> > _______________________________________________
>> > *
>> >
>> > *
>> >
>> >
>> >
>> > 2012/6/16 Gichuki John Chuksjonia <chuksjonia@gmail.com>
>> >
>> >> Data cost millions to companies, a laptop is cheaper than that.
>> >>
>> >> A boot up of a box gets its naked even when you have an encrypted
>> >> partition, this is coz its a partition of one full device, and thats
>> >> where the vulnerability comes to.
>> >>
>> >> If you want to track something, use hardware, like a transponder can
>> >> do a great job, even in a remote area with no maps.
>> >>
>> >>
>> >>
>> >> On 6/16/12, James Nzomo <kazikubwa@gmail.com> wrote:
>> >> > Allowing a boot up doesn't guarantee unwanted data access.
>> >> > Disks can be partitioned.
>> >> > Partitions & Dirs with sensitive data can be encrypted.
>> >> > Decent tracking SW allows you to nuke your data remotely
>> >> >
>> >> > I don't know about you but to the rest of us common folk, a lappy is
>> >> > an
>> >> > asset that cost real heard earned bling and effort to acquire.
>> >> > I would think it wise to do everything within one's means to
>> >> > reacquire
>> >> > a
>> >> > lost machine
>> >> >
>> >> > _______________________________________________
>> >> >
>> >> > *Without requirements or design,
>> >> > programming is the art of adding bugs to an empty text file.*
>> >> > _______________________________________________
>> >> > *
>> >> >
>> >> > *
>> >> >
>> >> >
>> >> >
>> >> > 2012/6/16 Gichuki John Chuksjonia <chuksjonia@gmail.com>
>> >> >
>> >> >> @James, i cant let u access my laptop just like that. Its better to
>> >> >> have a backup of your work on an encrypted hdd, if the laptop goes,
>> >> >> i
>> >> >> say bye bye, get a new one, load my work up.
>> >> >>
>> >> >> Letting the laptop boot coz you want to track it, its a bigger risk
>> >> >> to
>> >> >> data, dont advice people that.
>> >> >>
>> >> >> On 6/16/12, James Nzomo <kazikubwa@gmail.com> wrote:
>> >> >> > @Chuksjonia
>> >> >> > Letting a laptop boot the OS sans boot passwords will allow a
>> >> >> > stolen
>> >> >> > machine to run prey or some other tracking SW (if it hasn't been
>> >> >> formatted
>> >> >> > already)
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > _______________________________________________
>> >> >> >
>> >> >> > *Without requirements or design,
>> >> >> > programming is the art of adding bugs to an empty text file.*
>> >> >> > _______________________________________________
>> >> >> > *
>> >> >> >
>> >> >> > *
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > 2012/6/16 <thomas.kibui@gmail.com>
>> >> >> >
>> >> >> >>
>> >> >> >> Furthermore if your hijacked email accounts are subscribed to
>> >> >> >> this
>> >> >> >> mailing
>> >> >> >> list . ... The hijacker is readin this thread as we speak ...
>> >> >> >>
>> >> >> >> Lets not even talk of other social sites like facebook, twitter
>> >> >> >> and
>> >> >> >> the
>> >> >> >> likes
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >> Sent from my BlackBerry®
>> >> >> >>
>> >> >> >> -----Original Message-----
>> >> >> >> From: Erick Njoka <erickarn@gmail.com>
>> >> >> >> Sender: skunkworks-bounces@lists.my.co.ke
>> >> >> >> Date: Sat, 16 Jun 2012 15:19:21
>> >> >> >> To: Skunkworks Mailing List<skunkworks@lists.my.co.ke>
>> >> >> >> Reply-To: Skunkworks Mailing List <skunkworks@lists.my.co.ke>
>> >> >> >> Subject: Re: [Skunkworks] Hacked Email Accounts
>> >> >> >>
>> >> >> >> Even if the laptop requires a password to log in, Ophcrack can
>> >> usually
>> >> >> >> read most Windows login passwords.  I've tried it (on request, of
>> >> >> >> course) for XP, not sure about Windows 7.
>> >> >> >>
>> >> >> >> Erick
>> >> >> >>
>> >> >> >> On Sat, Jun 16, 2012 at 12:46 PM, Evans Ikua
>> >> >> >> <ikua.evans@gmail.com>
>> >> >> >> wrote:
>> >> >> >> > Well Philip, if your laptop does not require a password when it
>> >> >> starts,
>> >> >> >> and
>> >> >> >> > your browser is set to remember the passwords to websites like
>> >> >> >> > your
>> >> >> >> > email
>> >> >> >> > accounts (automatic login), then you begin to see the picture.
>> >> >> >> > Once
>> >> >> the
>> >> >> >> > person is logged into your email account, they can do plenty of
>> >> >> damage.
>> >> >> >> This
>> >> >> >> > is serious stuff. I wonder if there is a way of engaging Google
>> >> >> >> > to
>> >> >> >> rectify
>> >> >> >> > this? Especially with the local office?
>> >> >> >> >
>> >> >> >> > Evans
>> >> >> >> _______________________________________________
>> >> >> >> Skunkworks mailing list
>> >> >> >> Skunkworks@lists.my.co.ke
>> >> >> >> ------------
>> >> >> >> List info, subscribe/unsubscribe
>> >> >> >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> >> >> >> ------------
>> >> >> >>
>> >> >> >> Skunkworks Rules
>> >> >> >> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>> >> >> >> ------------
>> >> >> >> Other services @ http://my.co.ke
>> >> >> >> _______________________________________________
>> >> >> >> Skunkworks mailing list
>> >> >> >> Skunkworks@lists.my.co.ke
>> >> >> >> ------------
>> >> >> >> List info, subscribe/unsubscribe
>> >> >> >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> >> >> >> ------------
>> >> >> >>
>> >> >> >> Skunkworks Rules
>> >> >> >> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>> >> >> >> ------------
>> >> >> >> Other services @ http://my.co.ke
>> >> >> >>
>> >> >> >
>> >> >>
>> >> >>
>> >> >> --
>> >> >> --
>> >> >> Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
>> >> >> I.T Security Analyst and Penetration Tester
>> >> >> jgichuki at inbox d0t com
>> >> >>
>> >> >> {FORUM}http://lists.my.co.ke/pipermail/security/
>> >> >> http://chuksjonia.blogspot.com/
>> >> >> _______________________________________________
>> >> >> Skunkworks mailing list
>> >> >> Skunkworks@lists.my.co.ke
>> >> >> ------------
>> >> >> List info, subscribe/unsubscribe
>> >> >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> >> >> ------------
>> >> >>
>> >> >> Skunkworks Rules
>> >> >> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>> >> >> ------------
>> >> >> Other services @ http://my.co.ke
>> >> >>
>> >> >
>> >>
>> >>
>> >> --
>> >> --
>> >> Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
>> >> I.T Security Analyst and Penetration Tester
>> >> jgichuki at inbox d0t com
>> >>
>> >> {FORUM}http://lists.my.co.ke/pipermail/security/
>> >> http://chuksjonia.blogspot.com/
>> >> _______________________________________________
>> >> Skunkworks mailing list
>> >> Skunkworks@lists.my.co.ke
>> >> ------------
>> >> List info, subscribe/unsubscribe
>> >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> >> ------------
>> >>
>> >> Skunkworks Rules
>> >> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>> >> ------------
>> >> Other services @ http://my.co.ke
>> >>
>> >
>>
>>
>> --
>> --
>> Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
>> I.T Security Analyst and Penetration Tester
>> jgichuki at inbox d0t com
>>
>> {FORUM}http://lists.my.co.ke/pipermail/security/
>> http://chuksjonia.blogspot.com/
>> _______________________________________________
>> Skunkworks mailing list
>> Skunkworks@lists.my.co.ke
>> ------------
>> List info, subscribe/unsubscribe
>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> ------------
>>
>> Skunkworks Rules
>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>> ------------
>> Other services @ http://my.co.ke
>
>
>


--
--
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
jgichuki at inbox d0t com

{FORUM}http://lists.my.co.ke/pipermail/security/
http://chuksjonia.blogspot.com/