Does anyone believe this guy?
I got a funny sound file sent to me today:
http://www.m00k.net/to_catch_a_thief.mp3 (totally work-safe)
This sounds to me like a real recording, but I fear that the professor is merely blowing smoke. Does anyone here believe ANYTHING that this professor claims about his laptop? I'm truly interested. I'd love to discuss the feasibilty of this scenario. While I know there are many things about security I don't know, I feel the things I do know make this guy's claims total bunk.
For those of you who would rather skip the audio, this recording is of a professor whose laptop was stolen, apparently by a student attempting to get the next exam for the class. This professor is attempting to "persuade" the student thief to return his laptop he stole during the last lecture -- for his own sake. He says the perpetrator neglected to do 3 things when he stole his laptop:
1) Immediately uninstall Windows. This professor claims that he installed the same copy of Windows on another computer and within 15 minutes, Redmond contacted him and was very interested why he was running 2 copies of Windows.
2) Immediately disable the wireless card and "transponder" on that system. While the thief didn't access the school network, the school's network was able to detect his wireless card and transponder from various points on campus.
3) Steal only the exam. The professor explains that there is confidential information from the National Institutes of Health (for a $100,000,000 trial the professor is consulting on), trade secrets from a Fortune 1000 Biotech company (the largest one in the country that he consults for), and proprietary data from a pre-public company planning to go public.
The professor claims that among other agencies, the Federal Marshals, the FTC, and the SEC are all interested in the theft.
Here's why I believe this recording to be total bunk:
1) If Microsoft was receiving signals from every installation of Windows on the planet (every 15 minutes, at least), the internet backbone going into Washington would be a bit warm to the touch. If you ever wanted to discover the upper limit of bandwidth on fiber optics, this might be a good test to try.
2) Transponder? If this guy had a transponder, why would he even need to address the class about this? Any tracking system worth it's salt should be able to pinpoint the location of it's charge within 2-3 feet on a standard GPS. If you know where the kid is...just go get him. If you want to give him a chance...talk to him about it. You're not embarassing him by telling the class...they don't know who it is! As for the wireless card, I don't know if you're able to detect a wireless enabled card on a typical college network if that system isn't attempting to connect to the campus wireless network, but this at least sounds feasible, and simple triangulation between 3 points could easily find the perpetrator.
3) All that data, and questionable security to protect it? As far as I know, any government information classified as top-secret, secret, or confidential carries extremely rigid standards of encryption. I would think the professor would be in deeper trouble with the government than the kid for leaving this data on an unsecured system.
Finally, he claims that he's the only one that can verify the "integrity" of the data on the laptop, and so he's the only one that can soften the blow for the student. From a security standpoint, there would be nothing that professor could say to me as a security admin that would convince me the data on his system was anything but hopelessly compromised. You can't verify what copies have been made, or who has seen the data. As a security admin, I'd be operating from this point on like all stolen data was on the front page of CNN.com.
Anyway, I just thought it was a funny clip, and thought AOers would get a kick out of it. The professor sounds nervous. I'm wondering if he wasn't trying to protect some "other" data instead, like his leather-fetish porn collection. :bigsmile:
