Hacker News new | ask | show | jobs
by icebraining 5419 days ago
>Luckily the thief was a smart little bugger and he was able to bypass the password by using an OSX install CD to create a new admin account.

So why did he rely on luck instead of SSHing to the laptop and unlocking the machine?

>I cranked up the frequency of reports to one in every five minutes to try to get a screen capture of him using gmail or facebook so I could snag a name or login credentials.

Hmm, start a keylogger (and a sniffer) in the background and then scp the logs a couple hours later?
2 comments
blhack 5419 days ago
>So why did he rely on luck instead of SSHing to the laptop and unlocking the machine?

I don't know of a single person who directly connects their laptop to the internet. This would have been sitting behind a NAT device which, unless port 22 was explicitly forwarded to the IP address that his laptop happened to get via DHCP, would have stopped him from SSHing in :)

link
icebraining 5419 days ago
That's why I have a two line shell script that creates an SSH tunnel to my server if I put a file called 'reversessh' on my webserver.

I mean, basically doing what Prey does, but without relying on a third-party service and having much more control over the machine.

link
LogicX 5419 days ago
See also AutoSSH: https://secure.wikimedia.org/wikipedia/en/wiki/Autossh

"Autossh is a program to start a copy of SSH and monitor it, restarting it as necessary should it die or stop passing traffic."

link
blhack 5419 days ago
Now that's hack-zore :).
link
aw3c2 5419 days ago
Would you share that script?
link
icebraining 5419 days ago
http://news.ycombinator.com/item?id=2878415
link
notaddicted 5419 days ago
Consumer routers will typically have port 22 firewalled for incoming trafic.
link
icebraining 5419 days ago
Ok, I'll rewrite: Why wouldn't he use his reverse SSH connection* to do that stuff?

* Reverse SSH: if wget http://myserver.com/sshreverse; then ssh -R 2900:localhost:22 User@myserver.com; fi

Stick this in a file, chmod +x, then add an entry in cron to run it every hour or so. After that, you just need to create a file in your web server called "sshreverse" and you'll have an SSH tunnel to your laptop.

link
moe 5419 days ago
You forgot the part where you ensure that the ssh-key for user@myserver.com can only be used for this particular reverse-tunnel and not to, say, login to myserver.com...
link
TheAmazingIdiot 5419 days ago
Id do one thing slightly different.

I would set up an icmp proxy with ssh on top of that. And there would be a few good reasons for that. 1: it bypasses a whole lot of firewalls and captive gateways. 2: few hackers would expect such a communication mechanism like that.

Of course, this solution works only if the computer isnt reformatted, as i would do if i ever got into petty theft. So one would need the computer to have an open and easy to get into account. If you use linux, have home directory encryption on and the account called "Administrator".

link
rograndom 5419 days ago
Run SSH on a non-standard port. Or you can have your laptop set to open a reverse ssh tunnel to another trusted machine on some event, like a file changed on your website, etc.
link