[LRUG] [OT?] Security advice, Prey and catching burglars... 'The Ruby Way'

Kevin Monk kevin at mangoswiss.com
Fri Mar 30 03:54:41 PDT 2012


Thanks to all those who responded to my job advert last week;  
including those who emailed just to say they enjoyed the success  
story. I shall be in touch shortly.

The reason why I've been a little slow to respond is that I had my  
office broken into last friday and two computers were stolen.
Unfortunately for them, we'd done quite a bit of preparation for such  
an event and installed the open source anti-theft system, Prey...

http://preyproject.com/

And it works!

I have my two computers back and the priceless picture of a man in  
handcuffs looking forlorn in front of my computer.

So firstly, from someone who's been there, this is just some advice to  
our LRUG community on preparing for and getting your stuff back...

Install Prey (It's free)
Lock the BIOS with a firmware password.
Use FileVault 2 if you're on Lion.
Allow 'Guest' access as bait (Amazing how many people will start  
accessing Skype and Facebook on a stolen computer)
If stolen, get yourself a directional WiFi antenna and some form of  
connectible portable analyzer to pinpoint the house.
Don't stop hassling the police until they break the door down.

Secondly, how do LRUGers secure their code?

One of the iMacs didn't have a firmware password and was running Snow  
Leopard so they booted it up in single user mode as described here...
http://www.hackmac.org/hacks/how-to-create-a-new-administrator-account/
... and created a new admin account. Had they wanted to, (fortunately  
the were too busy watching terrible Slovakian rap music) they could  
have reset the password on the other admin account(?) and would then  
have access to the Keychain, docs and other areas I wouldn't want them  
looking. As luck would have it, I'd just moved all my passwords to https://agilebits.com/onepassword 
  and so I didn't have to worry about that. We'd also just put all our  
very sensitive data in https://agilebits.com/knox and stored the Knox  
vault on dropbox. This got me wondering, if I want to keep our code  
really secure, should we be putting the git repo and code base in a  
Knox vault on dropbox whilst working?

Thirdly, anyone got a knowledge of computer forensics and/or a Radeon  
GPU rig they'd like to put to pro-social use?

I shall be attending the LRUG event on tuesday if anyone would like to  
discuss this or the job opportunity. I'll be the one in a red t-shirt  
with a picture of a teddybear with a pin through it.

Cheers,

Kevin.





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20120330/b482f1ad/attachment.html>


More information about the Chat mailing list