Greetings.

I've got a laptop computer which I'm trying to secure against theft. I've
already got insurance and a security cable, but as a last resort I'd like
to set it up to "phone home" by trying to send me an e-mail whenever it's
activated.

The system is dual-boot Windows XP and GNU/Linux. I use the latter almost
exclusively, and writing my own "phone home" program is a trivial one-line
shell script (see below). However, I expect most thieves will opt to boot
into Windows XP. Is there any comparable batch file or free software I
can use to have it send an e-mail upon Windows bootup? I'd rather not
install something big and complicated like Cygwin or a C compiler just to
port my one-line shell script. Is there some MS-Windows equivalent of the
following I can add to my Startup folder or AUTOEXEC.BAT file?

#!/bin/sh
echo "Hello world" | mail -s "Phoning home" me@example.com

Regards,
Tristan

--
_
_V.-o Tristan Miller [en,(fr,de,ia)] >< Space is limited
/ |`-' -=-=-=-=-=-=-=-=-=-=-=-=-=-=-= <> In a haiku, so it's hard
(7_\\ http://www.nothingisreal.com/ >< To finish what you

Since you mainly use it for Linux anyway, why not set it to boot
directly into Linux, unless a certain key combination is pressed within
say, a few seconds. To the thief there would be no indication that the
machine even runs another OS, unless of course the perpetrator was familiar
with multi-boot systems, in which case it will be too late anyway as the
machine will already have booted and sent your email.

In your mail you obviously want to include information such as the
connecting IP address.

--
Neil.
There cannot be a crisis next week. My schedule is already full.
-- Henry Kissinger

Greetings.

In article <87k6b9xugu.fsf@phun.phasmic.org>, Neil Woods wrote:
I'd rather the thief think he has a working Windows system that he can use
or sell as-is rather than reformatting, thus destroying my phone-home
script. That way I have a better chance of tracking the machine's
whereabouts.

I figure the mail server would add this information automatically.

Regards,
Tristan

--
_
_V.-o Tristan Miller [en,(fr,de,ia)] >< Space is limited
/ |`-' -=-=-=-=-=-=-=-=-=-=-=-=-=-=-= <> In a haiku, so it's hard
(7_\\ http://www.nothingisreal.com/ >< To finish what you

On Sun, 5 Mar 2006, Tristan Miller wrote:

TM>
TM> #!/bin/sh
TM> echo "Hello world" | mail -s "Phoning home" me@example.com
TM>

I've been thinking about phoning home from my mac and that looks perfect.
From the headers, it seems that mail uses postfix and presumably it would
queue the mail as there would not be a network connection at bootup.

It would be useful to put something on my wife's windows machine.
Googling "windows command line email" looks useful and there even appear
to be a few free ones.

As my wife uses Eudora, I tried "windows command line email eudora" and,
apparently, Eudora has a command line interface.

http://www.eudora.com/developers/cmndline.html

hmmm maybe not so useful - a brief reading indicates it queues the message
to the outbox.


--
Alan

( If replying by mail, please note that all "sardines" are canned.
There is also a password autoresponder but, unless this a very
old message, a "tuna" will swim right through. )

Tristan Miller wrote:

You reckon the thief will connect to the Internet before booting? Or that
he'd sell an un-reformatted machine (that can obviously be seen to be stolen?)

[...]

How do you propose to figure out which mail server to connect to, given
that you know nothing about the network the machine is connected to?

You'd be far better off to write a simple Perl script that does an HTTP
request to some Web site you own; then you can look in the logs for
an IP address. This can be done in a couple of dozen lines of Perl, and
should be portable across Linux and Windows. It also doesn't rely on
a working e-mail setup. You could have it run in the background trying
the GET request once a minute until it succeeds, so you have a better
chance of finding the laptop when it's connected to the Internet.

Nevertheless, the amount of security offered by such a phone-home
script is minimal at best. You're better off password-protecting the
boot ROM, password-protecting your boot loader, and storing any
sensitive information on an encrypted file system. That way, if your
laptop is stolen, all you've lost is the laptop, and laptops can always
be replaced.

Regards,

David.

Tristan Miller <psychonaut@nothingisreal.com> wrote:
[deleted]
I agree with the others that something like this is of very little use
for your intended purpose, but ...

In the recent (February 22) posting "Re: Where : Free sendmail portage
for Win32 ?" (<news:MPG.1e66c957623a792098976a@news.tiscali.fr> ) in this
group, this was mentioned:

<http://glob.com.au/sendmail>

See also my responses in that thread, especially those about ssmtp and
how to run it without (full) Cygwin.

I hope this helps.

Greetings.

In article <4YidnQlQnMaMYpfZnZ2dnUVZ_t-dnZ2d@magma.ca>, David F. Skoll
wrote:

It doesn't matter when he connects to the Internet. The mail sent at
bootup will be placed in the queue and sent out when an Internet
connection is established. At least, it will with GNU/Linux. I am
assuming that Windows, if it has an equivalent of "mail", will work the
same way.

Yep, there are plenty of small-time or opportunistic-only thieves who
aren't likely to think to format the machine before using or selling it.

I can have it connect to my own mail server.

Yeah, that would work as well, though it would require sifting through
server logs rather than simply checking my e-mail.

I don't have any particularly sensitive information on my laptop which is
not protected with OpenPGP, and I make regular offline backups. My plan
is therefore not about security, but recovering stolen hardware.

Regards,
Tristan

--
_
_V.-o Tristan Miller [en,(fr,de,ia)] >< Space is limited
/ |`-' -=-=-=-=-=-=-=-=-=-=-=-=-=-=-= <> In a haiku, so it's hard
(7_\\ http://www.nothingisreal.com/ >< To finish what you

This would not work if the gateway ISP forwards port 25 connections to
their own SMTP server, which many do. Does your mail server listen on a
non-standard port or use port 587 (submission - RFC2476)?

This is a much better idea.

If you configure your perl script to use a unique User-Agent header,
this can be very quickly detected by using a program such as logcheck,
which can be setup to mail you as soon as this header is picked up in
the logs.

--
Neil.
The one day you'd sell your soul for something, souls are a glut.

Tristan Miller <psychonaut@nothingisreal.com> wrote:
*Windows* will not queue outgoing e-mail. It doesn't even know what
e-mail *is*. Only a 'mailer' (MUA) like Outlook Express knows what
e-mail is, but you don't want to use *its* 'queue' (Outbox), because
it's in plain sight. In order to *queue*, you do not only need a MSA
(Mail Submission Agent) like "sendmail -t", but also a MTA (Mail
Transfer Agent) a.k.a. mail*server*, like full-blown sendmail.

As I said before, ssmtp or the mentioned "sendmail -t" clone can do
the MSA part, but for the MTA part will be bigger, for example Exim
(sendmail look-alike), which needs (at least part of) Cygwin.

Many ISPs, especially consumer-grade ones, *block* the standard
outgoing (and incoming) SMTP port, so, as Neil also mentioned, you will
have to use another port.

[deleted]

Tristan Miller wrote:

:-) Not with Windows, unless you install a proper MTA.

You will achieve better security for much less hassle by doing what I
do: Buy an engraving tool and engrave your name, address and phone
number on the laptop case.

[About suggestion to do background HTTP requests]

Well, presumably the URL it hits could be a CGI that e-mails you...

[...]

Probably not worth it. Just insure your laptop, do normal sensible
things, and don't worry about it.

Regards,

David.