Remote-Nuke a stolen iMac?
R. D. Bridges
on the machine, so if the thieves ever get online I can send a file to
it.
I was thinking I could send an Applescript to the stolen machine's
Startup Items folder to have it execute at the next restart. Any ideas
on a good Applescript I could send to erase the hard drive? National
Security's not involved, but my sister is understandably creeped out
that crooks are looking through her personal files.
C. Montgomery Burns
"R. D. Bridges" <snipthis...@swbell.net> wrote:
> My sister's iMac was stolen in a burglary. She had Timbuktu installed
> on the machine, so if the thieves ever get online I can send a file to
> it.
How would you distinguish that iMac from a million other iMacs on the
net?
just curious
--
MB
doug rogers
leave a text file on the desktop. Something to the effect of "Hey, I found
you through the net. I can track down your ISP and your name. We are
calling the police with this information."
Perhaps you could find someway of disabling the trash can so they can't
delete anything.
R. D. Bridges
Montgomery Burns <mo...@nooky.gov> wrote:
> How would you distinguish that iMac from a million other iMacs on the
> net?
The Timbuktu extension that's installed on it posts a unique identifier
to Netopia's IP Locator server (findme.netopia.com) whenever it
connects to the internet.
R. D. Bridges
rogers <sa...@golden.net> wrote:
> If you could find her particular computer, the thing to do would be to
> leave a text file on the desktop. Something to the effect of "Hey, I found
> you through the net. I can track down your ISP and your name. We are
> calling the police with this information."
If they get online I should be able to spot them because of the
Timbuktu software installed on the thing. The trouble is they would be
connecting with my sister's account, so the only identifying
information would be my sister's account and ISP - not all that
helpful. That's why I was thinking of throwing a script over there
that would erase the hard drive or at least trash the personal info on
it.
> Perhaps you could find someway of disabling the trash can so they can't
> delete anything.
I don't know how I'd do that without patching the System.
One thing I thought of is that, if I catch them online, I'll have a
record of their IP address at a particular time. I wonder if ISP's log
incoming phone numbers on calls to their modem banks? Or maybe I could
write an Applescript to have the stolen machine call my number at some
set time, and I would then have a caller ID record of the thieves'
phone number and maybe name.
Marc K. Myers
How about this?
tell application "Finder"
set itemList to items of startup disk as alias list
repeat with anItem in itemList
if name of anItem is not "System Folder" then
delete (contents of anItem)
end if
end repeat
set itemList to items of the desktop as alias list
set AppleScript's text item delimiters to {":"}
repeat with anItem in itemList
if ((count of (text items of (anItem as text))) > 2) then
delete (contents of anItem)
end if
end repeat
set AppleScript's text item delimiters to {""}
empty trash
shut down
end tell
Marc K. Myers <Ma...@AppleScriptsToGo.com>
http://AppleScriptsToGo.com
4020 W.220th St.
Fairview Park, OH 44126
(440) 331-1074
[10/15/01 8:50:12 PM]
doug rogers
"R. D. Bridges" <snipthis...@swbell.net> wrote:
>That's why I was thinking of throwing a script over there
>that would erase the hard drive or at least trash the personal info on
>it.
I would think that you would want to ensurethe personal information didn't
get deleted in order to identify the machine as stolrn...
>Or maybe I could
>write an Applescript to have the stolen machine call my number at some
>set time, and I would then have a caller ID record of the thieves'
>phone number and maybe name.
Thats a good idea...
R. D. Bridges
<Ma...@ChezMyers.com> wrote:
> How about this?
>
> tell application "Finder"
> set itemList to items of startup disk as alias list
> repeat with anItem in itemList
> if name of anItem is not "System Folder" then
> delete (contents of anItem)
> end if
> end repeat
> set itemList to items of the desktop as alias list
> set AppleScript's text item delimiters to {":"}
> repeat with anItem in itemList
> if ((count of (text items of (anItem as text))) > 2) then
> delete (contents of anItem)
> end if
> end repeat
> set AppleScript's text item delimiters to {""}
> empty trash
> shut down
> end tell
Thanks. Obviously I can't run this on my machine to check it (!) and I
may just get one shot at this, if that.
So basically this runs through the folders first, deleting the contents
of all folders except the System Folder. Then it deletes everything on
the desktop. What does this part do?
> repeat with anItem in itemList
> if ((count of (text items of (anItem as text))) > 2) then
> delete (contents of anItem)
> end if
> end repeat
> set AppleScript's text item delimiters to {""}
Thanks again.
R. D. Bridges
rogers <sa...@golden.net> wrote:
> I would think that you would want to ensurethe personal information didn't
> get deleted in order to identify the machine as stolen...
Well, that's a good point, although I think the serial number is going
to prove more useful there. I think the script Marc Myers posted would
be a good solution -- nuke everything but the System Folder. Then you
have the bulk of the personal correspondence, contact numbers, etc.,
deleted, but there are still preference files that would have
identifying information in them.
doug rogers
kind of 'security'. really, you have to let the Mac community know if it
successfully works.
doug rogers
rather than a Startup Folder item... it will be much harder for the
thieves to remove.
Also makes a great case for installing Multiple Users even on a single
usewr Mac - for the voice password protection alone.
R. D. Bridges
rogers <sa...@golden.net> wrote:
More than happy to, although it's a long shot. I'm going to have to
catch the machine online and hope the crooks don't tumble to what I'm
doing.
R. D. Bridges
rogers <sa...@golden.net> wrote:
> Further: Its likely a good idea to make the script an invisible extension
> rather than a Startup Folder item... it will be much harder for the
> thieves to remove.
Is that just a matter of changing attributes for the saved script? I
only see compiled script, classic applet, etc. in the save dialog of my
editor...
Marc K. Myers
> So basically this runs through the folders first, deleting the contents
> of all folders except the System Folder. Then it deletes everything on
> the desktop. What does this part do?
>
> > repeat with anItem in itemList
> > if ((count of (text items of (anItem as text))) > 2) then
> > delete (contents of anItem)
> > end if
> > end repeat
> > set AppleScript's text item delimiters to {""}
It excludes any volumes (disks) from the delete. If you try to drop a
non-removable disk into the trash you get an error message. Anything
other than a volume would have at least three text items because it
would have at least two colons. (I set AppleScript's text item
delimiters to {":"} before that snippet.)
You could "test" the script by commenting out the delete lines and
adding "display dialogs" for "(contents of anItem) as text)". That way
you'd get to see what would be deleted. You would also want to comment
out the "shut down" and maybe the "empty trash" (if there's anything in
the trash you want to keep) for testing purposes.
Your testing version would then look like this:
tell application "Finder"
set itemList to items of startup disk as alias list
repeat with anItem in itemList
if name of anItem is not "System Folder" then
-- delete (contents of anItem)
display dialog (contents of anItem) as text
end if
end repeat
set itemList to items of the desktop as alias list
set AppleScript's text item delimiters to {":"}
repeat with anItem in itemList
if ((count of (text items of (anItem as text))) > 2) then
-- delete (contents of anItem)
display dialog (contents of anItem) as text
end if
end repeat
set AppleScript's text item delimiters to {""}
-- empty trash
-- shut down
end tell
Marc K. Myers <Ma...@AppleScriptsToGo.com>
http://AppleScriptsToGo.com
4020 W.220th St.
Fairview Park, OH 44126
(440) 331-1074
[10/16/01 12:10:41 PM]
doug rogers
>only see compiled script, classic applet, etc. in the save dialog of my
>editor...
Track down a little app called 'ScriptFBA'. It creates an extension out of
any script. As to how you would (set the visible with resedit) actually
handle an invisible file from your end I haven't thre foggiest idea....
Eddie Albert
Write a script that pops up a window saying "You have won a special
500.00 prize. Your machine has run for 3000 hours without a major
problem!"
Create fields for them to enter name, address and phne numbers to
receive the prize.
Make the script write that data to disk and you can pull it with timbuktu
Then call the police.
Crooks often fall for the stupidest tricks, especially if you appeal to
GREED!!!
or think up some other way to get them to enter their personal info.
"You have gone 432 days without registering your machine. Please
register your machine so that it can be identified as your property."
get the idea!
Ed
In article <151020010937126493%snipthis...@swbell.net>,
"R. D. Bridges" <snipthis...@swbell.net> wrote:
Jason Davies
Have the computer call 911 and report itself as stolen.
This program might be able to do it.
http://www.bingsoftware.com/phonepro.html
--
Jason Davies
Master Gizmologist
Cream City Traction Club
http"//www.geocities.com/jason_e_davies/cct.html
R. D. Bridges
<Ma...@ChezMyers.com> wrote:
> It excludes any volumes (disks) from the delete. If you try to drop a
> non-removable disk into the trash you get an error message. Anything
> other than a volume would have at least three text items because it
> would have at least two colons. (I set AppleScript's text item
> delimiters to {":"} before that snippet.)
I kinda thought you were doing something with the path when I saw the
colon, but couldn't figure out where you were going with it. Excellent
idea.
Speaking of messages -- I got to thinking, is there going to be a
confirmation dialog on the "empty trash" command? I always disable
that feature of the trash can, but I know my sister's machine has it
on.
> You could "test" the script by commenting out the delete lines and
> adding "display dialogs" for "(contents of anItem) as text)". That way
> you'd get to see what would be deleted. You would also want to comment
> out the "shut down" and maybe the "empty trash" (if there's anything in
> the trash you want to keep) for testing purposes.
Another great idea. Thanks a bunch.
R. D. Bridges
rogers <sa...@golden.net> wrote:
> Track down a little app called 'ScriptFBA'. It creates an extension out of
> any script. As to how you would (set the visible with resedit) actually
> handle an invisible file from your end I haven't thre foggiest idea.
Thanks for the tip on ScriptFBA.
Yeah, I don't know how I'd wrangle the visibility issue. Setting its
invisible flag with ResEdit wouldn't be a problem, but then I couldn't
transfer it because Timbuktu doesn't see invisible files.
My only option there would be to transfer it and then switch Timbuktu
to Control, launch ResEdit on the stolen machine, and do my business.
Not the most likely thing to get away with. Kinda pushing my luck,
since in all likelihood they'd be watching the cursor move around and
just generally freaking out over a haunted iMac.
If it's named something innocuous and sitting in the Extensions folder
with everything else (isn't that where Faceless Background Apps go?),
it ought to survive a little scrutiny. Besides, I only need it to run
once.
R. D. Bridges
<ealbert_NOSPAM-F04...@news1.southeast.rr.com>, Eddie
Albert <ealbert...@sc.rr.com> wrote:
> I have got a much better idea!
>
> Write a script that pops up a window saying "You have won a special
> 500.00 prize. Your machine has run for 3000 hours without a major
> problem!"
>
> Create fields for them to enter name, address and phne numbers to
> receive the prize.
>
> Make the script write that data to disk and you can pull it with timbuktu
>
> Then call the police.
>
>
> Crooks often fall for the stupidest tricks, especially if you appeal to
> GREED!!!
>
>
> or think up some other way to get them to enter their personal info.
>
> "You have gone 432 days without registering your machine. Please
> register your machine so that it can be identified as your property."
>
>
> get the idea!
It's true enough, they run stings all the time where they have crooks
show up to collect vacation packages or whatever then arrest them.
I also had the idea of sending a script to have it call me (or my
sister, or whoever with caller ID) and getting a name and phone number
that way. The advantage of that is it takes the human factor out of
it, don't have to rely on their greed to get the info.
Marc K. Myers
> Speaking of messages -- I got to thinking, is there going to be a
> confirmation dialog on the "empty trash" command? I always disable that
> feature of the trash can, but I know my sister's machine has it on.
When you empty the trash with an AppleScript command there is no
confirmation message.
Marc K. Myers <Ma...@AppleScriptsToGo.com>
http://AppleScriptsToGo.com
4020 W.220th St.
Fairview Park, OH 44126
(440) 331-1074
[10/17/01 10:35:06 AM]
R. D. Bridges
<Ma...@ChezMyers.com> wrote:
> R. D. Bridges wrote:
> > Speaking of messages -- I got to thinking, is there going to be a
> > confirmation dialog on the "empty trash" command? I always disable that
> > feature of the trash can, but I know my sister's machine has it on.
>
> When you empty the trash with an AppleScript command there is no
> confirmation message.
Thanks, I ran it through as a test with the dialog boxes enabled and
the delete commands commented out - threw an empty folder in the trash
to see if the "empty trash" command generated the message, and it
didn't.
R. D. Bridges
Death Script on the stolen iMac. Timbuktu reported the stolen machine
was online about an hour ago -- I just missed it this time, but I may
get lucky.
R. D. Bridges
doug rogers
"R. D. Bridges" <snipthis...@swbell.net> wrote:
>I caught the machine online and inserted the script...more to follow.
coooool.....
Rowland McDonnell
> In article <B7F0D3819...@as53-01-73.cas-lon.golden.net>, doug
> rogers <sa...@golden.net> wrote:
>
> > If you could find her particular computer, the thing to do would be to
> > leave a text file on the desktop. Something to the effect of "Hey, I found
> > you through the net. I can track down your ISP and your name. We are
> > calling the police with this information."
>
> If they get online I should be able to spot them because of the
> Timbuktu software installed on the thing. The trouble is they would be
> connecting with my sister's account, so the only identifying
> information would be my sister's account and ISP - not all that
> helpful.
It should be possible to track them down via the telephone company -
after all, dialling up means dialling up.
[snip]
> > Perhaps you could find someway of disabling the trash can so they can't
> > delete anything.
>
> I don't know how I'd do that without patching the System.
>
> One thing I thought of is that, if I catch them online, I'll have a
> record of their IP address at a particular time. I wonder if ISP's log
> incoming phone numbers on calls to their modem banks?
The easy way to find that out for your ISP is to ask them.
[snip]
Rowland.
--
Remove the animal for email address: rowland....@dog.physics.org
PGP pub key 0x62DCCA78 Sorry - the spam got to me
http://www.mag-uk.org
UK biker? Join MAG and help keep bureaucracy at bay
R. D. Bridges
rogers <sa...@golden.net> wrote:
> >I caught the machine online and inserted the script...more to follow.
>
> coooool.....
That's what I thought. They had even changed the owner name, so that
ought to come in handy if that's a real name (and it looks real enough
-- I snapped a screenshot). Also, I was on long enough to manually
trash some tax returns and other personal stuff, so that's good, even
if the script doesn't work - although I think the script will work just
fine.
My sister's calling her ISP today to see if she can get the dialin
number for that IP address at that time.
Jason Boor
information, ie Remoate Access username and e-mails it to you. You can then
forward that to the police!
-Jason
"R. D. Bridges" <snipthis...@swbell.net> wrote in message
news:151020010937126493%snipthis...@swbell.net...
> My sister's iMac was stolen in a burglary. She had Timbuktu installed
> on the machine, so if the thieves ever get online I can send a file to
> it.
>
> I was thinking I could send an Applescript to the stolen machine's
> Startup Items folder to have it execute at the next restart. Any ideas
> on a good Applescript I could send to erase the hard drive? National
> Security's not involved, but my sister is understandably creeped out
> that crooks are looking through her personal files.
-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 80,000 Newsgroups - 16 Different Servers! =-----
Steve
"Jason Boor" <jas...@ez-net.com> wrote:
> Perhaps a better script would be one that grabs this persons dial-in
> information, ie Remoate Access username and e-mails it to you. You can then
> forward that to the police!
>
> -Jason
Acutally, just sending the email would suffice. From the email you'd
have their IP address from the header information, which the ISP could
use to determine who is was.
Steve
Brennan Young
> I also had the idea of sending a script to have it call me (or my
> sister, or whoever with caller ID) and getting a name and phone number
> that way. The advantage of that is it takes the human factor out of
> it, don't have to rely on their greed to get the info.
This is a really interesting thread. I hope it works out for you, and I'm
sure we'd all like to hear what happens!
Makes me think it's worth installing something on every Mac so that it can
report itself stolen as a precautionary measure.
--
_____________
Brennan Young
Artist, Composer and Multimedia programmer
mailto:bre...@young.net
Someone asked Mulla Nasrudin what his house was like. In reply he brought
this man a brick, saying: 'It is just a collection of these.'
R. D. Bridges
<bre...@young.net> wrote:
> This is a really interesting thread. I hope it works out for you, and I'm
> sure we'd all like to hear what happens!
>
> Makes me think it's worth installing something on every Mac so that it can
> report itself stolen as a precautionary measure.
Well, good news and bad news.
Good news is, I caught them online and was able to insert the Death
Script, as I came to call it, into the Startup Items folder. Also,
they had changed the owner name of the iMac to presumably one of their
names (first and last). Also, another name (first and last) was on a
folder on the Desktop. The final good thing is that I was able to
trash some tax returns and other stuff that had personal info on it
while they were apparently away from the keyboard (Timbuktu reports
idle time when the mouse is not moved or a key pressed). The down side
is that I didn't want to risk taking control of the stolen machine and
telling it to empty the trash. Figured if they saw the cursor mousing
around they'd panic and disconnect.
On the bad news side, I got to tinkering with the Death Script here on
my machine and noticed that, if any of the items in the trash can are
locked when the script executes an "Empty Trash" command, a dialog pops
up saying the trash cannot be emptied because one or more items are
locked. I can't say for sure that any items on the stolen machine were
locked, but since it threw everything except the System Folder into the
trash, the odds are good that at least one or two obscure items were
locked. Silver lining: the Death Script's last command is to shut
down the computer. So barring some keen insight into stopping the
script before it finishes, it should be useless to the thieves as it
will shut down almost immediately after starting up.
Also bad news, my sister's ISP doesn't log incoming phone numbers.
Silver lining there is that they provided their incoming modem line
number and its rollovers for that connection so hopefully when my
sister (or the police more probably) goes to the phone company they can
see where the originating call came from at that time.
The stolen machine has not reconnected to the internet (at least not
with Timbuktu access enabled) since last Saturday afternoon when I
caught them, so hopefully the script has been useful in that regard
even if it couldn't empty the trash as designed.
Marc K. Myers
> On the bad news side, I got to tinkering with the Death Script here on
> my machine and noticed that, if any of the items in the trash can are
> locked when the script executes an "Empty Trash" command, a dialog pops
> up saying the trash cannot be emptied because one or more items are
> locked. I can't say for sure that any items on the stolen machine were
> locked, but since it threw everything except the System Folder into the
> trash, the odds are good that at least one or two obscure items were
> locked.
If you ever get the chance, you could add this line right before the
script empties the trash:
set locked of (every item of entire contents of the trash whose locked
is true) to false
The "entire contents" reference is kind of buggy in that it doesn't
always hit everything, but it usually works if the files aren't too
deeply nested in folders. Unfortunately it's the only way to go in
"vanilla" AppleScript unless you put in a recursive loop to look at
every file individually. This would take so long that the evildoers
would probably figure out that something odd was going on.
You can get around the trash warning dialog using commands from the free
"Jon's Commands" scripting addition, which you'd have to place in the
iMac's Scripting Additions folder. It would work like this:
tell application "Finder"
set trashItems to (contents of the trash) as alias list
end tell
deleteFile trashItems with unlocking without safety net
This would replace the "empty" command at the end of the Finder tell
block, and place the "deleteFile" command outside the block.
Marc K. Myers <Ma...@AppleScriptsToGo.com>
http://AppleScriptsToGo.com
4020 W.220th St.
Fairview Park, OH 44126
(440) 331-1074
[10/26/01 12:45:23 PM]
R. D. Bridges
<Ma...@ChezMyers.com> wrote:
> If you ever get the chance, you could add this line right before the
> script empties the trash:
>
> set locked of (every item of entire contents of the trash whose locked
> is true) to false
>
> The "entire contents" reference is kind of buggy in that it doesn't
> always hit everything, but it usually works if the files aren't too
> deeply nested in folders. Unfortunately it's the only way to go in
> "vanilla" AppleScript unless you put in a recursive loop to look at
> every file individually. This would take so long that the evildoers
> would probably figure out that something odd was going on.
>
> You can get around the trash warning dialog using commands from the free
> "Jon's Commands" scripting addition, which you'd have to place in the
> iMac's Scripting Additions folder. It would work like this:
>
> tell application "Finder"
> set trashItems to (contents of the trash) as alias list
> end tell
> deleteFile trashItems with unlocking without safety net
>
> This would replace the "empty" command at the end of the Finder tell
> block, and place the "deleteFile" command outside the block.
Thanks, Marc. I'll punch up the script so if the machine ever shows up
again I'll have a New & Improved version for 'em.
I toyed with the idea of trying to rig up a bogus form for the thieves
to fill out, like maybe a fake "Personalize Your iMac" dialog that
would pop up and solicit an owner name, address, etc. -- but it seemed
kind of ambitious and also relied too heavily on them being both
gullible and honest in their answers.
R. D. Bridges
about 5 hours. They are no longer using my sister's ISP (since she
changed passwords that was predictable) but are now apparently using
AOL (the IP reported resolves back to AOL). So while they've figured
out that a script was running at Startup and have found a way to
disable it, they still haven't snapped that Timbuktu is snitching them
out.
I think the good news is that Timbuktu is reporting an IP at all. I
was under the impression AOL was a gateway and you didn't get an IP
when you connected, since your machine wasn't a real node, but
apparently they've changed things around there.
If I can catch them online I think I'll try to manually trash whatever
personal stuff needs trashing and then send a script to change the
dialup number to my sister's home number so she can capture the crooks'
info with her Caller ID.
More to follow hopefully.
R. D. Bridges
commands into the stolen machine?
-----
tell application "Finder"
set itemList to items of startup disk as alias list
repeat with anItem in itemList
if name of anItem is not "System Folder" then
delete (contents of anItem)
end if
end repeat
set itemList to items of the desktop as alias list
set AppleScript's text item delimiters to {":"}
repeat with anItem in itemList
if name of anItem is not "Trash" then
if ((count of (text items of (anItem as text))) > 2) then
delete (contents of anItem)
end if
end if
end repeat
set AppleScript's text item delimiters to {""}
set trashItems to (contents of the trash) as alias list
deleteFile trashItems with unlocking without safety net
end tell
-----
Thanks
Marc K. Myers
That should work fine. The only possible problem I see is that "as
alias list" throws an error if there is a single item but there's not
much likelihood of that on the first pass, but that would be the
condition on the subsequent passes. Don't forget to put in a "shut
down" command as the last command in your tell block to the Finder.
It's wonderfully irritating when your computer shuts itself down as
you're starting up. Also name the applet so that it's the first thing
in the Startup Items folder.
This modification should do the trick. It gets rid of all the "as alias
list" coercions, as they weren't really necessary. It also simplifies
the the use of "deleteFile", which seems to be quite happy working with
Finder references rather than aliases:
tell application "Finder"
set itemList to items of startup disk
repeat with anItem in itemList
if name of anItem is not "System Folder" then
delete (contents of anItem)
end if
end repeat
set itemList to items of the desktop
set AppleScript's text item delimiters to {":"}
repeat with anItem in itemList
if name of anItem is not "Trash" then
if ((count of (text items of (anItem as text))) > 2) then
delete (contents of anItem)
end if
end if
end repeat
set AppleScript's text item delimiters to {""}
deleteFile (get contents of the trash) with unlocking without safety net
shut down
end tell
Needless to say, this wasn't tested. I was scared enough just having it
open in Script Editor. Nuclear weapons make me nervous!
Marc K. Myers <Ma...@AppleScriptsToGo.com>
http://AppleScriptsToGo.com
4020 W.220th St.
Fairview Park, OH 44126
(440) 331-1074
[11/6/01 2:34:22 PM]
R. D. Bridges
<Ma...@ChezMyers.com> wrote:
> Needless to say, this wasn't tested. I was scared enough just having it
> open in Script Editor. Nuclear weapons make me nervous!
Me too!
Mark
Now, I only wonder, when will this iMac be returned to its rightful
owner? Can't you simply contact AOL and ask them to hand over the
appropriate information to the police?
Mark
R. D. Bridges
<ecognoom...@hotmail.com> wrote:
> Now, I only wonder, when will this iMac be returned to its rightful
> owner? Can't you simply contact AOL and ask them to hand over the
> appropriate information to the police?
My sister's going to call both AOL and the police tomorrow.
My main fear is they're using "throw-away" AOL accounts, maybe with
bogus info, and AOL won't be able to give us any good info.
But, I've been on the thing via Timbuktu and everything personal is
basically gone. So mission accomplished there.
What I want to do now is have the thing dial my home so I can capture
the crooks' phone number. Been having trouble scripting that, since
AOL doesn't go through PPP. I did grab the AOL config file and changed
the main dialup number to mine with hexedit, then put it back, but I
don't know if it'll work or not.
- pete -
Have you been able to determine whether they leave it on in the middle of
the night, or at some time when it's idle for a long time? If so, you could
still try to initiate a PPP connection - not through AOL at all. Doesn't
even have to be a PPP connection for that matter...I think ZTerm is
scriptable, and that can dial a number.
By the way, I think AOL requires a credit card number before they'll give
you even a free/temporary account, so there should be some kind of trail
there. But yeah...probably best to let the police handle something like
that.
Also, I don't know if anybody's mentioned it...but at some point it would be
a good idea to talk to a lawyer...preferably before talking to the cops...it
would suck to be unable to get the iMac back because the methods used to
find it were illegal/inadmissible...
- pete -
--------
R. D. Bridges
<no.email@don'tspam> wrote:
> Have you been able to determine whether they leave it on in the middle of
> the night, or at some time when it's idle for a long time? If so, you could
> still try to initiate a PPP connection - not through AOL at all. Doesn't
> even have to be a PPP connection for that matter...I think ZTerm is
> scriptable, and that can dial a number.
The trouble with ZTerm or another comm program is that my other script
has erased everything except the System Folder.
> By the way, I think AOL requires a credit card number before they'll give
> you even a free/temporary account, so there should be some kind of trail
> there. But yeah...probably best to let the police handle something like
> that.
>
> Also, I don't know if anybody's mentioned it...but at some point it would be
> a good idea to talk to a lawyer...preferably before talking to the cops...it
> would suck to be unable to get the iMac back because the methods used to
> find it were illegal/inadmissible.
Not a bad idea, but I think I'm good. It's my sister's computer and I
have her consent (and a Timbuktu account/password) to access it. I'm
not hacking anything or doing anything shady.
Probably the best news so far, I was able to insert a modified AOL
connection file into the stolen machine today, with my home number as
the primary dialin and my sister's number as the secondary.
Coincidentally, I've since gotten about 15 calls from a particular
person I don't know, and my sister has gotten about the same amount of
calls from the same person.
I think we have a winner. Hopefully the police can get an address from
the number and get a warrant.
Marc K. Myers
"Coincidentally" - I like that! This is getting very interesting.
You can get the name and address from the number yourself with a reverse
lookup from this URL: <http://www.anywho.com/rl.html>. I hope you're
not unpleasantly surprised to find that it's someone you know!
Marc K. Myers <Ma...@AppleScriptsToGo.com>
http://AppleScriptsToGo.com
4020 W.220th St.
Fairview Park, OH 44126
(440) 331-1074
[11/8/01 12:58:59 AM]
R. D. Bridges
<Ma...@ChezMyers.com> wrote:
> "Coincidentally" - I like that! This is getting very interesting.
>
> You can get the name and address from the number yourself with a reverse
> lookup from this URL: <http://www.anywho.com/rl.html>. I hope you're
> not unpleasantly surprised to find that it's someone you know!
Unpublished number, I already tried. My sister should be getting with
the police today, so we'll see what we have -- I think it's enough for
them to get a warrant.
Angus McIntyre
"R. D. Bridges" <snipthis...@swbell.net> wrote:
> What I want to do now is have the thing dial my home so I can capture
> the crooks' phone number.
Like everyone else here, I'm finding this thread very interesting -
there's a certain soap opera quality to watching the unfolding saga of
AppleScript vs. the Bad Guys.
One thought that occurs to me is that the original thieves may have sold
the iMac on to someone else. You may not be dealing with the crooks any
more. On the other hand, the new owners might be able to lead you back
to the people they got the machine from.
The whole thing makes me think that perhaps pre-emptive measures in case
of theft wouldn't be a bad idea. You're lucky enough to be able to get
to the stolen iMac because you have Timbuktu (and because the Mac has a
modem and is being hooked up). As an alternative, a pre-theft precaution
might be to tuck a little AppleScript away in the 'Startup Items' folder
as a kind of "dead man's handle". Once every few startups, the script
might pop up an innocuous-seeming dialog saying something like "Update
Location Manager Settings for set 'Bla bla bla'?" (the real Location
Manager does this from time to time). If the user clicks the wrong
button to dismiss the dialog, then the AppleScript goes into "I've been
stolen" mode, waits until the machine is idle for a little while, and
then starts shredding confidential documents and dialling the police.
It's a little bit paranoid, and it would be better if the test were more
unobtrusive, but it might be worth doing. An alternative might be to
pre-install the 'suicide script', plus the necessary components from an
evaluation copy of Timbuktu (or the real thing if you have it), so that
you can remote-activate it if necessary. That and a copy of PGP to
protect your most important personal data, and you're golden.
Angus
--
an...@pobox.com http://pobox.com/~angus
"I am here by the will of the people ... and I "Metrophage"
will not leave until I get my raincoat back." Richard Kadrey
Marc K. Myers
I'd be nervous about having the suicide script triggerable by anyone who
might start up my machine other than myself. (Or by myself at 3AM.)
Even with my weekly backups, losing a week's worth of work would be nasty.
How about simply having your machine call your phone number
periodically? If it tries from your own phone it would get a busy
signal. If it called from elsewhere it would leave a trace on your
Caller ID and could be set up to trigger the suicide script. (Don't do
this on a laptop!)
Marc K. Myers <Ma...@AppleScriptsToGo.com>
http://AppleScriptsToGo.com
4020 W.220th St.
Fairview Park, OH 44126
(440) 331-1074
[11/8/01 2:08:52 PM]
Jason Davies
Ma...@ChezMyers.com wrote:
It probably wouldn't hurt to precede the number with "*82," in case they
have caller id on the line blocked.
--
Jason Davies
Master Gizmologist
Cream City Traction Club
http"//www.geocities.com/jason_e_davies/cct.html
R. D. Bridges
number every time (thanks to the modified connection file) so they have
taken to freshly installing AOL from the CD every time they want to use
it.
I was thinking I'd like to put a script in the Startup Items folder
that would have PPP dial my number at startup. I poked around in some
of my scripting additions' dictionaries but nothing jumped out at me.
Can anyone nudge me in the right direction?
C. Montgomery Burns
"R. D. Bridges" <snipthis...@swbell.net> wrote:
"PPP connect" from remote access commands. It's part of the system.
--
MB
R. D. Bridges
Montgomery Burns <mo...@nooky.gov> wrote:
> "PPP connect" from remote access commands. It's part of the system.
Thanks.
Pete
Careful, though - it's broken in Mac OS 9.1.
The addition you'll want to use is "Network Setup Scripting" or else "Remote
Access Commands"...one is supposed to take the place of the other. (I think
NSS is the more recent.)
To quote from Patrick Stadleman, from a different thread:
|The "Remote Access commands" scripting addition doesn't work with Mac OS
|9.1 (Remote Access 4.0 or later). You're supposed to use "Network
|Scripting Setup" instead, but the "status" property of Remote Access is
|broken in Mac OS 9.1.
|
|"Network Scripting Setup" was updated in Mac OS 9.2.1, so hopefully the
|"status" bug has been correted.
Good luck...I'm afraid you'll need it.
- pete -
--------
R. D. Bridges
both her stolen iMac and her printer. Don't know much else, will
follow up with details if anyone's still interested.
Marc K. Myers
Fantastic!!!!
It is really rare to have stolen property of any kind recovered, and
computers are almost impossible to locate. Please follow up and let us
know all the gory details, including how many years of prison the
malefactors are awarded. In the old West they used to hang horse
thieves. My Mac is at least as essential to my well-being as any
cowboy's horse!
Marc K. Myers <Ma...@AppleScriptsToGo.com>
http://AppleScriptsToGo.com
4020 W.220th St.
Fairview Park, OH 44126
(440) 331-1074
[11/15/01 3:03:09 AM]
R. D. Bridges
that belonged to the phone number that I had dial my number. A lady
there admitted she had it but said she got it from "some guy." She
agreed to bring it and the printer out for him but didn't want him
poking around the inside of her house.
He said the case probably wouldn't go anywhere. I was a little
underwhelmed.
I'm still jazzed she got her iMac back, and really appreciate all the
advice and code from Mr. Myers and everyone here.
Michel Lemieux
is a great user story for them...
Michel
Who me?
surprising.
In order to prosecute someone for possession of stolen property (their only
option in this case unless there was evidence to show that the lady was the
actual thief) you have to show that they knew or had reason to believe that
the computer was stolen, and that's a pretty hard thing to prove in court.
Most defendants in such cases merely say "Well, uh, I thought I was just
getting a good deal on a used --- ... I don't really know how much they're
worth." How do you *prove* they're lying?
It doesn't sound like the investigator got a search warrant from a judge in
this case (otherwise it wouldn't have mattered whether the lady wanted the
investigator "poking around" inside or not).
That's a little surprising, although it could have been that the police
didn't want to try to explain to the judge (or didn't understand themselves)
the digital evidence that the computer was inside that particular house.
("No, judge, the computer isn't IN timbuktu, it's being located BY
timbuktu... no, not NEAR it, BY it... no, timbuktu is a PROGRAM... ")
:)
nils
news:151120010829532655%snipthis...@swbell.net...
Needless to say, your story even made people come to this NG, even some PC
users here are aware of it ( France)
Now the cool thing you could do is make a small web page with the full story
:) and explain all details for people that are not aware of scripting ;)
would be really nice :)
Great case Dr Watson :)
N.
R. D. Bridges
<fake.a...@no.spam.please> wrote:
[snip]
> In order to prosecute someone for possession of stolen property (their only
> option in this case unless there was evidence to show that the lady was the
> actual thief) you have to show that they knew or had reason to believe that
> the computer was stolen, and that's a pretty hard thing to prove in court.
> Most defendants in such cases merely say "Well, uh, I thought I was just
> getting a good deal on a used --- ... I don't really know how much they're
> worth." How do you *prove* they're lying?
[snip]
Of course you're right, although the thief's continued use of the thing
after I put the attached startup screen on it a week ago would probably
convince any jury that she knew it was stolen.
I guess I was just kind of expecting that since the bulk of the
police's burglary cases are stone cold, they'd be a little more
enthusiastic about this one.
I keep reminding myself that it's a huge thing to get the iMac back at
all. And as I find myself drifting waaaaay off-topic, I'd just like to
close by saying thanks to everyone again for all the advice.
Kirk Klingbiel
"nils" <ni...@groupesyntheseREMOVEME.com> wrote:
>Needless to say, your story even made people come to this NG, even some PC
>users here are aware of it ( France)
>Now the cool thing you could do is make a small web page with the full story
>:) and explain all details for people that are not aware of scripting ;)
>would be really nice :)
>Great case Dr Watson :)
>N.
>
>
I agree. I have a good chunk of the thread and have removed all personal
info. I am inclined to post this story in the news. I have only to write
an intro explaining the situation...nice AppleScript Holmes and Dr.
Timbuktu feel to it.
"The text you are about to read was typed. Only the names have been
changed to protect the innocent."
If nobody objects, and unless Mr. Bridges does want to publish this with
Netopia....
Kirk
MacScripter.Net News
http://macscripter.net
R. D. Bridges
<ki...@macscripter.net> wrote:
> I agree. I have a good chunk of the thread and have removed all personal
> info. I am inclined to post this story in the news. I have only to write
> an intro explaining the situation...nice AppleScript Holmes and Dr.
> Timbuktu feel to it.
>
> "The text you are about to read was typed. Only the names have been
> changed to protect the innocent."
>
> If nobody objects, and unless Mr. Bridges does want to publish this with
> Netopia.
My sister's already said she was going to write an "atta boy" to
Netopia. I think they'd be tickled to hear about it, if they haven't
already.
R. D. Bridges
<dd...@free.fr> wrote:
> Hmmm... maybe, that no good to make potential thieves pay attention to
> carefully erase the drive ;-(((
>
> So, too much publicity may not be desirable.
I must admit the same thought crossed my mind. Make a big splash about
it, then the first thing thieves do is look for the Timbuktu extension
and disable it.
Marc K. Myers
> I agree. I have a good chunk of the thread and have removed all personal
> info. I am inclined to post this story in the news. I have only to write
> an intro explaining the situation...nice AppleScript Holmes and Dr.
> Timbuktu feel to it.
Please leave in my personal info. It's good advertising!
Marc K. Myers <Ma...@AppleScriptsToGo.com>
http://AppleScriptsToGo.com
4020 W.220th St.
Fairview Park, OH 44126
(440) 331-1074
[11/17/01 11:07:59 AM]
Pete
>> carefully erase the drive ;-(((
>>
>> So, too much publicity may not be desirable.
>
> I must admit the same thought crossed my mind. Make a big splash about
> it, then the first thing thieves do is look for the Timbuktu extension
> and disable it.
Seems like one of the good things that could come out of this thread are
some "doomsday" self-defense preparations we could make to our Macs. For
instance, making sure you keep an account on your Mac that gives Program
Linking access.
Outlook Express can be used as a script scheduler...so you could have
something in OE that periodically uses the default email address to send out
the current IP address back to you.
This way, you'd have a decent chance of tracking down at least *some* info
on the thief (e.g., their email address and the IP address they're using) if
they use OE (which is likely, especially if you keep it in Startup Items.)
If we just set up some stuff like this, we'll be in fairly good shape, even
without using Timbuktu Pro.
- pete -
--------
Patrick Tescher
Timbuktu.
in article 171120010550552447%snipthis...@swbell.net, R. D. Bridges at
snipthis...@swbell.net wrote on 11/17/01 3:46 AM: