It’s a Jungle Out There
In June 2008 the Ponemon Institute released a report entitled “Airport Insecurity: The Case of Missing and Lost Laptops.”
- 12,000 notebook computers are lost at US airports each week.
- Between 65 and 70 percent are never recovered.
- Most laptops are lost at security checkpoints.
That’s almost 672,000 notebooks lost each year just in airports. That doesn’t include theft from businesses, thefts from parked cars, thefts from hotel rooms, and luggage theft.
It’s a leafy jungle out there, at least when it comes to keeping up with a laptop.
Prepare for Eventual Loss
The model used by some other well-known notebook tracker services is something like this
- Software is installed on the notebook.
- The software periodically communicates with a server to provide the user’s IP address and “local network topology.”
- The machine is stolen.
- The owner notifies the tracking service.
- The tracking service watches for the laptop to connect.
- The tracking service contacts the owner with information he can take to the police to enable the laptop’s recovery.
Most Notebook Thiefs are not Professionals
Most notebook thefts are done by amateurs. There’s no way to know if they’ll be technically proficient enough to wipe the hard drive, thus wiping out the tracking application, before going online. There’s a good chance that the thief won’t be proficient. The act is likely to be a grab and swipe. The thief may be thinking of selling the notebook on eBay or pawning it, or he may even want to give it to a family member or friend as a present.
Even worse, from the thief’s perspective, he may not even be able to start the laptop. My ThinkPad has a TPM – Trusted Platform Module – on the motherboard. Other than knowing precisely what the configuration of my notebook is, it also contains the password for the device, and it’s not erasable. Unless the thief can guess my password, he’s not going to start the notebook without changing the system board.
But what if you don’t have a power-on password set? What if the notebook is just sleeping or hibernating when it’s stolen?
Then the thief will be very happy. Maybe he’ll watch a few YouTube videos and play some online games before selling or giving away your notebook. There’s a very good chance that he will want to try out the notebook as soon as possible.
Businessmen are not Strong on Laptop Securty
That Ponemon Institute survey also found:
- 53 percent of business travelers surveyed carry sensitive corporate information on their laptop.
- 65 percent of those who carry confidential information have not taken steps to protect it while traveling.
- 42 percent of respondents say they do not back up their data.
Open Server, Encrypted Message
The model used by Adeona is similar to other notebook tracking services, but the details are different. In their model, a cryptographic key is generated and saved to external storage like a USB flash drive. This key is the “seed” and it is used to send a unique cipher each time the notebook updates. In other words, the server itself is open, but the message is encrypted.
Because it is encrypted, the data is protected at the server end. A malicious employee or data thief could not obtain information about who you are and where you are. Even if they wanted to, the folks behind Adeano wouldn’t be able to sell your location or your identity.
Upon installation in Windows, it asks for a password. Make this a good password because it uses it as part of the generated cipher. The cipher then becomes a file named “adeona-retrievecredentials.ost” on the desktop. You’ll need this in order to retrieve your notebook’s location so they suggest saving it to an external USB flash drive and to another computer or mailing it to yourself. The installer finishes by asking you to wait for an hour before testing retrieval.
Flow Model in Adeona
Here’s how the flow works with Adeona:
- Software is installed on the notebook.
- The software periodically communicates with a server to provide the user’s IP address and local network topology.
- The machine is stolen.
- The owner uses another computer, downloads the Adeona Windows, Linux, or OS-X executables if not previously installed, and runs the retrieval application, providing his notebook’s cipher file and the password he used during setup. (So don’t keep your flash drive in the same bag as the notebook. The .ost file is a text file – you can also back it up to a CD and store it separately from your laptop.)
- The server then sends back location information. The default is for the last two days, but up to a week’s report may be requested.
Note that the Adeona client program need not be installed for the retrieval program to work.
Here’s what a report may include.
- Internal IP address – the Internet location from the operating system.
- External IP Address – the location from a location web server.
- Nearby routers along the path – obtained by traceroute.
- Access point – the name of the wireless hotspot.
- Photos – lucky MacBook owners can get a picture of the thief from the built-in webcam.
When making a retrieval, you can check as often as you like. More often than thirty minutes, however, might not yield better results. (Adeano can go up to 30 minutes between server contacts.)
A smart thing to do would be to go ahead and pre-install Adeona on your desktop along with a copy of the .ost file.
And that’s another point. Should you use Adeona on your desktop? Yes. If you’re worried about your desktop, office box, or server walking away, sure, why not use Adeona on them, too?
I ran a retrieval on my laptop at 6:57 pm and got results for 6:56 pm. (I had no idea Adeona had just "talked" with the server.) The traceroute tracked my notebook to the Verizon Wireless tower about a half-mile away.
I’m impressed with the thoughtful design, simplicity, and security of Adeona, and I will be using it on both of my notebooks. I like the fact that Adeona is open source. The methods they use are not secret – any knowledgeable person can examine the source code, compile it, criticize it, and improve it. I like their name, too. Adeona is named after the Roman goddess who guided children home after they left for the first time. She was the goddess of safe returns.
Trouble Ahead: Broken Down on the Information Superhighway – In the war against terrorism and media piracy the lines have been drawn – or have they? Highly visible is the conflict between the pipe owners and the content pushers, but are secret deals and treaties that affect the global use of the Internet, music, and movies being made out of the public eye? Read this to learn about the secretive "Anti-counterfeiting Trade Agreement" and find out who’s really behind ACTA.
How to Set Up a USB Flash Drive for Automatic, Transparent Encryption and Decryption – Want to keep the data on your thumb drive away from prying eyes? TrueCrypt, running in "Traveler" mode on your flash drive, provides transparent, seamless encryption and decryption and can automatically run itself upon insertion. This article guide provides step-by-step instructions to set it up.
How to Test High-Definition Video on Your Notebook or Desktop PC – Want to find out what high-definition video looks like on your current Vista or high-end XP PC without spending any money or buying any additional equipment? You’ll find out quickly if your PC can handle 720p or 1080p video. All you need is a fast Net connection and Windows Media Player 9 or 11.
How to Make a Bootable Disc in Vista – Need a backup method to start a Vista PC? Creating a bootable disc in Vista is not as easy as in previous versions of Windows, but it can be done. This article tells you how.