Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Overlooking An Important Threat

Status
Not open for further replies.

AnotherHiggins

Technical User
Nov 25, 2003
6,259
US
First a story, then a question.

I consider myself to be pretty savvy when it comes to computer security (thanks in no small part to this forum).

I run AVG, ZoneAlarm, SpyBot's TeaTimer, SpywareBlaster and MS Windows Defender. At least once a month, I scan with SpyBot Search and Destroy, and AdAware. I also periodically clean up the registry with TweakNow RegCleaner.

I use multiple email addresses to limit the spammers access to my main personal account. I have picked up (and subsequently removed) a few tracking cookies, but other than that I haven't found anything malicious on my computer in a long, long time.

So far, so good, right?

I recently moved from an apartment to a house (the first time my wife or I have ever owned a home!). This was also the first time that I have hired movers to haul my stuff. So we got a truck and moved almost everything in a single load. We kept some stuff at the apartment that we wanted to move ourselves; things we didn't want to risk being damaged by the movers – two TVs, two desktops, two laptops, some China and other wedding gifts, etc.

We returned to the apartment the next morning to load up our cars and finish up only to discover that some *%?!ers had kicked our door in. They took my tower, but not my monitor or Monsoon flat panel speakers. They did take my wireless keyboard and mouse, but not the IR receiver that connects to the computer (heh). They took both laptops (both were kinda old, but still). (They also walked away with my brand new digital camera, my IPod, and a few other things including two beers – but that is off topic.) Luckily, they didn't take my wife's desktop. Of course, it is an old IBM Vista that is still running Windows 2K, but at least we still have *a* computer.

I completely failed to protect against one of the most basic, oldest threats to property.... Having it stolen. Like a complete idiot, I didn't even have a password to login as the Administrator. I mean, only my wife and I had access to the computer, so why bother, right?

Wrong.

We have had to cancel all of our credit cards and reset the passwords to all of the sites that we used the "remember me" feature on. I just hope that the *%?!ing &^#@ers don't find our SSNs anywhere on the hard drives.

I plan on building a new system in the next month or two. This time, I want to put in place a little more "real world" security. I have (since this happened) read about software you can install (before your computer is stolen) that can lockdown the hard drives if the computer is reported stolen.

So my question to the security gurus is this: what steps should I take to reduce the risk if my computer is ever stolen again?

[tt]_____
[blue]-John[/blue][/tt]
[tab][red]The plural of anecdote is not data[/red]

Help us help you. Please read FAQ181-2886 before posting.
 
DO NOT USE THE REMEMBER ME FUNCTION,

make sure you have the "do not save encrypted webpages" option checked in IE options

password your machine,

save critical data/info on a flash drive that you carry on your key chain.

keep your fingers crossed.

sorry for your loss, but most of these things only keep the honest people honest. short of a self destruct chip (they do have them) nothing can prevent a dedicated thief (virtual or real) from stealing your things.
 
No hi-tech solution from me.
Your puters will probably be 'on sale' at some pub and get sold to some chav for a tenner. He will be too stupid to realise about your numbers etc.
His kids will fill it with games, neglect all your security measures, and then the spyware merchants will grab your details, unless they get deleted to make room for the games.
So you should have a little time to change everything (as yu have).

As for reducing the risk,
Don't show off that you have puter, i.e don't let em see you sat in a window at the keyboard (lots of people do this, its like saying here's my puter come and get it)
You can spend a fortune on security as you say.
But the best way is not to store everything on there, Yes I know this defeats the object.
Only use your credit card on secure sites. and make sure your property is as secure as you can.






Steve: Delphi a feersum engin indeed.
 
There are many things that can help - passwords, encrypted file systems, disallowing 'remember me', biometric authentication, large angry guard dogs...... but nothing is foolproof. The best that you can do is to reasonable risk assessment and weight that against the cost & inconvienience of additional security measures. Ponder these - If your paper filing cabinet had been stolen instead, would this be better or worse & why? If your computers or paper files had gone up in a ball of flames, would this be better or worse & why?

With all the recently stolen laptops, this is a somewhat common topic of discussion. You might find some interesting info on this topic by subscribing to the TechTips mailing list of the New England Information Security Group.
 
I read an article about this very thing a couple of months ago. I wish I could remember where it was. :-( I do remember that they recommended using an encyption scheme on all your computers (not just laptops) so even if someone stole it, it would be more trouble to break the encyption than what it was worth. Their idea was most thieves would just give up and sell the computer instead of spending hours or days getting to your data. You still lose the hardware but your data was safe.

Of course, if someone stole the computers for the data, they just might be dedicated enough to break the encyption. By that time, hopefully, you would have have enough time to change your credit cards, passwords, etc.



James P. Cottingham
-----------------------------------------
I'm number 1,229!
I'm number 1,229!
 
if you are interested you can look @ a program called TruCrypt (Google for it).

 
Encrypting your data is a great idea!
There are tools that they can use on your physical system to get into the files reguardless of what password your use.
If I have physical access to any system, and time, I can slice through any of the security, always, count on it.
There's a scary story on Hak5.org (podcast 2x2) about using a new usb key from SanDisk that has "U3" technology, and it allows them, with some caviets, steal all the files needed to crack your passwords offline, and it copies those files in SECONDS! So the perp walks to a physically unsecured machine, sticks the usb key in, waits 2 seconds, pulls it out and walks away. He now has more information on your passwords than you would belive!! Go to Hak5.org, and check out the show notes if you don't belive me...
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top