have stolen nokia "call home" with its ip address - Page 7 - maemo.org

Active Topics

Error after installing Leste on sdcard (18)
to Maemo 7 / Leste by Maemish - 11 hrs, 52 mins ago
Maemo 20th Anniversary (4)
to Brainstorm by teroyk - 2 days, 6 hrs ago
Nokia Booklet 3G (RX-75) Drivers (64)
to Alternatives by teroyk - 2 days, 7 hrs ago
Porting apps to Leste (46)
to Maemo 7 / Leste by teroyk - 4 days, 10 hrs ago
more...

Page 7 of 7

« First

< Prev

Thread Tools

cyeung	2010-02-25 , 11:03
Posts: 145 \| Thanked: 80 times \| Joined on Jan 2010	#61

Originally Posted by dov

I totally agree with what Alan said, and in addition you have the problem that the the thief theoretically can ssh into your box and erase the files. You want some kind of a write only storage for any info collected from the phone.

That is a perfectly valid assumption, but what is the likelihood of this happening?

Quote & Reply |

The Following User Says Thank You to cyeung For This Useful Post:
Alan_Peery

hqh	2010-02-25 , 11:08
Posts: 388 \| Thanked: 842 times \| Joined on Sep 2009 @ Finland	#62

Originally Posted by cyeung

That is a perfectly valid assumption, but what is the likelihood of this happening?

About same than the thief wanting to do anything with your data? If they're after your passwords or other private data they are surely gonna take a closer look at things like this...

Most thieves want just the hardware, though. And if they're any smart the first thing they do is take the battery out and reflash the device before the tracking software can do anything.

Quote & Reply |

	ozen78	2010-02-25 , 11:17
	Posts: 34 \| Thanked: 8 times \| Joined on Dec 2009 @ London	#63

Originally Posted by hqh

About same than the thief wanting to do anything with your data? If they're after your passwords or other private data they are surely gonna take a closer look at things like this...

Most thieves want just the hardware, though. And if they're any smart the first thing they do is take the battery out and reflash the device before the tracking software can do anything.

well then you might as well just not bother recovering you property, call you mobile operator and have then disable the handset via its IMEI number. I am already signed up for this. It basically allows all network operators not only to track the phone when it tries to connect to a network but also make the device a brick.

Quote & Reply |

badboyuk	2010-02-25 , 11:47
Posts: 334 \| Thanked: 45 times \| Joined on Jan 2010	#64

Thanks for sharing this with us!

Altho it is quite a lengthy process jst to send out an ip/details. Surely an app for this will be out soon.
ill wait for that :-P

Quote & Reply |

Alan_Peery	2010-02-25 , 20:43
Posts: 247 \| Thanked: 91 times \| Joined on Jan 2008 @ London/M4 Corridor	#65

Originally Posted by cyeung

That is a perfectly valid assumption, but what is the likelihood of this happening?

It depends on where you lose your phone. Lose it in a supermarket or on a train to the beach, not too likely. Lose it at in the local computer chain store or the meeting of your local Linux user group, much more likely. In any case it's not a risk *I* would willing to run as losing the phone would be less painful to me than having to clean up after an intrusion to my systems at home.

I took a quick look at the Gnu anti-theft tool mentioned earlier in the thread, and it looks like it has complete approach to the backend storage of the data regarding location.I think adding GPS, camera, etc, to its data gathering is the endpoint we should aim at.

In the meantime, if your risks are different than mine, deploy the current script. But do so with the knowledge of the risk to the system waiting to gather data viassh upload.

__________________
--
If you don't know who the Eletronic Frontier
Foundation are, you should. Check out
http://www.eff.org.

Quote & Reply |

Alan_Peery	2010-02-25 , 20:45
Posts: 247 \| Thanked: 91 times \| Joined on Jan 2008 @ London/M4 Corridor	#66

Originally Posted by cyeung

That is a perfectly valid assumption, but what is the likelihood of this happening?

__________________
--
If you don't know who the Eletronic Frontier
Foundation are, you should. Check out
http://www.eff.org.

Quote & Reply |

CrashandDie	2010-02-26 , 05:43
Posts: 336 \| Thanked: 610 times \| Joined on Apr 2008 @ France	#67

Originally Posted by Alan_Peery

In the meantime, if your risks are different than mine, deploy the current script. But do so with the knowledge of the risk to the system waiting to gather data via ssh upload.

I think you're all looking at it the wrong way. No need for SCP, FTP anonymous is enough. Just configure your ftpd to only support anonymous writing, and no deletion nor reading (or move have a crontab move the files in the directory to a more secure location, inaccessible from FTP). Give the user a quote of say 10MB per day max.

The problem is that a lot of shared wireless connections don't allow SSH or FTP access. In that case, i would recommend using wget to post the data to a webpage. This is even better, as it allows to view the data for authenticated users, but not the guy who stole your device.

Even if you go with the SCP route, this isn't a security issue. You can create a dedicated user account who can only go to /home/spy and doesn't have execution rights to anything, and also has disk quotas, etc. Even better, set the shell to /sbin/nologin.

Quote & Reply |

efelony	2010-03-01 , 02:00
Posts: 10 \| Thanked: 0 times \| Joined on Feb 2010	#68

Originally Posted by iamthewalrus

Looks useful! Would be nice if we had an automatic 'mugshot' funtion as well.

possible to have the front camera activated for a brief capture?

in response to thiefs going through data i think the n900 is a bit complex. ive had mine a few weeks and am still not using it to its full potential.

Quote & Reply |

Alan_Peery	2010-03-01 , 13:47
Posts: 247 \| Thanked: 91 times \| Joined on Jan 2008 @ London/M4 Corridor	#69

Originally Posted by CrashandDie

I think you're all looking at it the wrong way.

Ahem, I was saying that scp without additional configuration was a bad idea for security reasons--something I think you (CrashandDir) and I agree on.

Originally Posted by CrashandDie

No need for SCP, FTP anonymous is enough. Just configure ...

That's more work than people should have to do, and if we want anti-theft software to be reasonably available to people we can't

depend on them having a Unix box at home up 7x24 and
being able to follow the steps you have given.

Originally Posted by CrashandDie

The problem is that a lot of shared wireless connections don't allow SSH or FTP access. In that case, i would recommend using wget to post the data to a webpage.

Exactly, WebDAV has the same advantage.

Originally Posted by CrashandDie

Even if you go with the SCP route, this isn't a security issue. You can create a dedicated user account who can only go to /home/spy and doesn't have execution rights to anything, and also has disk quotas, etc. Even better, set the shell to /sbin/nologin.

Do we really think that all N900 users have the skill and the time to do this? Do we think they all have a spare 7x24 Unix box? Even both were true, it certainly won't be true for Maemo 6 -- and wouldn't it be nice to have a future proof solution?

We want a clean client app that runs on the N900, with a minimal set of external dependencies. At first glance, the Adonea app (http://talk.maemo.org/showpost.php?p...9&postcount=30) looked like a good model. Since there appears to be a bit of problem around the supporting OpenDHT storage (http://adeona.cs.washington.edu/faq.html, at the top), it takes a bit more thought. I'm guessing that running this OpenDHT storage doesn't take a lot of resources, but have not investigated.

__________________
--
If you don't know who the Eletronic Frontier
Foundation are, you should. Check out
http://www.eff.org.