Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [inbox] Breaking LoJack for Laptops

From: nocfed <nocfed () gmail com>
Date: Wed, 28 Dec 2005 09:01:07 -0600
On 12/27/05, Michael Holstein <michael.holstein () csuohio edu> wrote:

Don't a lot of systems include just this? Any system which supports
PXE boot can pretty much do all of the above from the BIOS.


True, but Intel's PXE spec expects it to fetch the instructions from the
TFTP server, and get all the details about what to fetch via DHCP. To do
the "LoJack" trickery would require a very custom BIOS .. one that a
laptop manafacturer would be pretty unlikley to provide to a software
vendor, IMHO.

~Mike.



Would really need to implement this within the actual Firmware on the
NIC for it to be fully effective as bootp will just not work in a
non-bootp environment.  This could then send an innocent DNS query(or
whatever you so choose) to 'phone home' every 6-12 hours using the
information in buffer.  The single UDP packet would contain all of the
information needed and not need a reply of any kind.  The information
could be stored on-chip and would not need an OS to be booted into to
be effective.  So, as long as the machine has power and a network
connection... you get the picture.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: