Well, my SH!T got stolen. Anyone got any ideas about how to recover a stolen laptop using software? Would a remote desktop work, even if I don't have it installed to my computer? This is a messed way to get into computer hacking. Any ideas would be much appreciated. Im kicking myself for not installing a "self destruct/lockdown mode" type button on my laptop when someone makes too many attempts to login, etc.

Anyone got any ideas about how to recover a stolen laptop using software?

Forget about it. Too little, too late. Way too late.

Im kicking myself for not installing a "self destruct/lockdown mode" type button on my laptop when someone makes too many attempts to login, etc.

Next time use full disk encryption and also set a boot password in the BIOS.
That way, even if they steal your laptop at least they won't access your data. And if they're stupid enough, they may not be able to use the laptop at all.

If I were you, I'd start by securing all my accounts by changing the passwords, and letting people know someone may impersonate me.

Then start saving for a new laptop.

I doubt it's doable, but don't quote me on that.
Anyway, if they swap the HDD they still get a working laptop. Unless you find a way to connect to it and delete the BIOS?

A HDD swap wouldn't bypass the bios password...

A HDD swap wouldn't bypass the bios password...

I don't think he was saying it would, at least not the way I read it.

Though depending on how old the laptop was they could still reset the bios password by just removing the laptops lithium backup batteries but usually that isn't the case anymore so a bios password should be quite safe unless of course they get a stupid manufacture representative that gives therm a backdoor password without verifying legal ownership.

Anyway, if they swap the HDD they still get a working laptop.

not with a bios password. it requires the harddrive i believe

Hopefully, if they are stupid enough they will go into one of my accounts, and I will find out when/where they last logged in. Getting my shit stolen makes me wanna beat someone up...But I'll go through the law first.

I once had a laptop that was stolen out of my car. I swore that my next expensive laptop would have some tracking device on it and I would break the knee caps of the next person to steal it. Unfortunately, I haven't been able to afford a decent laptop. T.T

EDIT: It had sentimental value plus a *lot* of work I had put into some GUI concepts. I actually haven't touched any GUI toolkit since then.

As for keeping your data safe, in general, it is relatively safe to assume that anyone who would steal your laptop is not out for your data, and a simple password lock should be sufficient.

As for keeping your data safe, in general, it is relatively safe to assume that anyone who would steal your laptop is not out for your data, and a simple password lock should be sufficient.

That is not really correct. Sure their main reason might not be about the data on the computer (Though many people do steal laptops for this reason) but if they can get access to the computer you can be almost dang sure they will snoop for data. A laptop isn't worth much on it's own but personal information to a thief (SS numbers, Credit card numbers, bank account info, ect are worth quite a lot).

Also most simple password locks (I assume you mean the login password that windows provides or similar on other OS's) can be cracked quite easily.

On windows 7 (And 8 I believe) the default settings for Account Lockouts on the initial login is set to 0 which means there is no lockout threshold for bad passwords. This means you can run as many passwords with a password cracking program as you want and never be locked out. I suggest anyone that uses windows to set a lockout threshold if you don't have one already.

Anyone (Even those that aren't to technical) can easily find a offline password cracker and a password dictionary (Which usually contain millions if not billions of passwords) and run that and have quite a good success ratio.

And really that is just the very basic ways of bypassing login. There are quite a few other ways that are also quite easy to do and anyone can do it (For example Kon-Boot). You don't need technical experience with all the tools available out there now days.

_{Zereo wrote:}

Anyone (Even those that aren't to technical) can easily find a offline password cracker and a password dictionary (Which usually contain millions if not billions of passwords) and run that and have quite a good success ratio.

Yes, but why would you? http://pogostick.net/~pnh/ntpasswd/ physical access is total access.

A BIOS password is a pretty good step toward privacy but as someone who has actually done security audits I can tell you the only one that that's reliable is Tough-book. I've been able to socially engineer my way through every other manufacturer that didn't already have their by-pass process leaked online (there are of course some I've never come up against) and I can tell you it isn't about the intelligence of the phone agent, if anything the ones who sound dumb as a stump are more cautious. But that doesn't matter because it won't stop someone from calling back and getting a different agent. They don't use back door passwords anymore, or at least they don't hand them out to people calling up. Usually to reset a BIOS password you either cut the power and\or short two pins on the board while pressing some button combination. EDIT: As for Tough Book I believe an authorized\licensed repair shop has to special order a new BIOS chip that they then have to solder in to replace the locked one, but it's been awhile since I've looked into it.

@ OP: It's best practice to assume any accounts that you haven't already changed the password for have been compromised. Although J4ke is right, the guy who actually stole it isn't the one who is going after your personal data unless there is some reason you were specifically targeted. Otherwise if he's smart he's going to move it as far away from himself as he can (flea markets or swap meets), if he's stupid he'll end up giving it to his nephew or cousin or something.

As for best practices? How about you don't save your log in data. Seriously how difficult is it to remember a thirteen character sequence?

Seriously how difficult is it to remember a thirteen character sequence?

So when you signed up for this site, you have the same password for this login as you do for the e-mail that you used to sign up with ?

Though i do agree with you on that, i tend not to save my passwords on my computer cause i don't trust the developers as they probably just store the saved password as plain text.

So when you signed up for this site, you have the same password for this login as you do for the e-mail that you used to sign up with ?

Heck no, and neither are any of them related to the PIN for my ATM card. You mean to tell me you can recall obscure quotes from authors, world leaders or song lyrics that you haven't heard in years but you can't remember a pass phrase? I don't buy it, you're more then capable of remembering multiple passwords and associating them with the context of the site, you just choose not to for whatever reason. The only thing I often reuse is my screen name, and that has more to do with having an identity then remembering anything.

EDIT: I removed a challenge here that would probably derail this thread.

I don't if by "you" you are referring to me specifically or just in general people that store their passwords. I do not store my passwords idk where you got that i did... I remember all my passwords... I have 20-30 of them, as means of associating them with websites that isn't always possible due to restrictions. It's sad but one website i know actually places a max password char limit of 8.

I don't buy it, you're more then capable of remembering multiple passwords and associating them with the context of the site, you just choose not to for whatever reason.

You must have a lot of faith in humanity. You obviously don't know what the average human being is/isn't capable of.

I was referring to everyone here but no one in particular. It was more of an open statement to anyone who would challenge the idea that it is impossible to remember multiple complex passwords.

[...] I remember all my passwords... I have 20-30 of them,[...]

I'm a Sys Admin, trust me when I say you have room for a lot more in your head.

I've seen stupid password restrictions on stuff to. I once had to deal with a proprietary application where the password had to be exactly 8 characters long, no control characters were allowed, capitol letters MUST precede lower case letters and numbers must be at the end of the sequence. If you use the admin tool to break any of these rules (because input through that tool isn't checked of course) it breaks the log in interface for everyone.