I sell Macs and i'm looking for a way for our security and to combat purchase fraud to have the machines phone home the first time they are booted up to show that machine has been in use at the clients IP address.
Now I know the client might set the computer up at a location other than their home and could spoof their IP (although the potential scammer wouldn't realise this system was in place so wouldn't be expecting to do this) but any system is better than no system.
In terms of privacy we'd put it in our privacy policy but of course we're not looking to collect any information from the user apart from their IP address and the script should delete once its connected to the internet for the first time.
How would users recommend the best way to do it? I have full access to the computers before hand and we already launch a script on first boot of user account to show a welcome and help guide - so we could add simple scripting there, but maybe a helper program which attempts until internet connection is first established, makes contact and deletes itself is best.
And of course we'd need a two pronged approach, a URL or API of some sort on our server that the computer connects to. Ideally the information to send would be the serial number and the IP address of the user, the MAC address could be useful too - as often if fraud has been committed the police will also check to see if the original MAC address of the system has connected via the ISP server logs.
I suppose the final piece of the puzzle would be that our logged data would somehow need to prove it was sent from that computer and not just generated ourselves in a database (eg we haven't just pretended its connected from their IP we've picked up from an e-mail address or something) i'm not sure if there would be any secure legal way to do this?
=============
Edit: Thinking of ways to make it legally binding in terms of presenting the information to the police or the courts I think the receiving server would need to be hosted and maintained by an independent third party whom you had a contract with and didn't allow you any write access to the information what so ever, all you could do is visit a website and pull up the data to pretend the evidence to the police.
(I seem to have been voted down because someone likes committing fraud?)
I have looked into similar solutions for macbooks in the past with little luck. One thing I have found however, if you have a web server, is to create a php page in an obscure hidden directory that will capture the ip address and send an email on access. From here you can create a page specific to each computer with MAC and serial number and set this as safari's homepage in a different tab. So every time someone attempts to access the internet you will be notified.
(This php page can be a simple blank page that just looks like a new tab, or can even display warnings such as "You are being tracked")
You could also create a python script on startup to send the information you are looking for such as ip, mac and serial number back, but again you would need another server setup as a listener.
And lastly, if possible, create a business account in icloud and use Find My Iphone/mac. This is probably the easiest if you can get away with it but unfortunately will not provide you with instant notifications.
-M
Related
guys I just want to ask a couple of questions about security problems, if this is not the place to ask these questions then please close the question.
I want to make a web application with Laravel where u can watch movies (it would be used only by me and a few friends of mine). I'm going to turn my old pc into a server and use it for the app. My questions are: (if the answers are too long then please provide a link where I could read about this).
What can a hacker do if he hacks into my server (don't care about data that much since there will be no personal information inside of it) and how to prevent it? Keep in mind I don't want to pay for any firewalls if it's not absolutely necessary.
if the hackers gain access into my server and the server is connected to my router. Can he gain access to the router and then other devices connected to the router. How can I prevent this from happening?
Security is not my area of expertise. I am working on a lightweight administrative Laravel web app for internal use by company (small) employees:
The app is intended to be used only by the employees
Remote work (from home) is not uncommon
Smartphones and laptops are usually used when working remotely
I would like to secure it as much as possible - beyond authentication, access controls or 2FA. I am trying to think of ways to make it virtually invisible to the public, but still available for the employees. Defining proper rules for crawlers might make it a bit more obscure but I think more could be done. Network based restrictions would limit the employee flexibility.
Based on this I got the idea that the app could be made available only if the request is made by an authorized device. I am not sure however whether or not this is a good approach. Neither do I know how to tackle the problem of authorizing the various devices and making that information available to the server during communication.
i.e. How would I tag a device as authorized so that I only have to do it once and can reliably validate the information in a web app? Regular authentication as well as role based access would still be in place but the app could return a 404 response if the accessing device is not whitelisted.
Is there a way to achieve something like this while not making it too restrictive for the users or painful to set up? Or is there a better method for achieving the same result?
Consider a VPN?
If you are hosting the device on an internal network, you could see if the IT dept. can set up VPN access to work remotely (in most cases, this is already in place) and then it does not need to be accessed over the internet via a URI. Instead you can simply navigate to the internal address once you're in the network through the VPN - no public access and no need to worry about pesky web crawlers!
It also makes it easier to moderate your application. For example, if an employee leaves the company you can simply revoke their VPN access and they'll no longer be able to access the application.
I've written a Windows TCP (NOT IIS) server program in VB that provides the backend for an enterprise iPhone app that I have also developed. The system utilizes Apple Push Notifications, and that works fine, unless the server reboots for whatever reason.
Part of the Push Notification system is the inclusion of Apple certificates on the server. I followed the steps shown here to install the necessary certificates, and even though it's for ASP.NET applications, it works for my Windows-based server. Except, as I said, a reboot requires installing the certificates all over again.
I found this page on Server Fault that suggests adding a user to the certificate through the MMC snap-in, but that didn't work either.
Two questions: Following the steps shown on the Server Fault page, do I need to add a specific user? The only users that pop up are SYSTEM (which I tried), Administrators(ComputerName/Administrators) (also tried) and "S-1-1-5-blah, blah" (didn't try). Would there need to be a different user added to make it work?
Q2: If this won't ever work, is there a different way?
Full disclosure: This is the second time I have submitted this question, but the previous one (four months ago) was never responded to. I'm hoping someone who knows will see this.
Thanks for any advice.
AFTERTHOUGHT: The instructions I linked to above say to install the certificates to Personal/Certificates. Maybe this is wrong? This stuff is way over my head, so I don't understand the function of all the different stores.
Found the problem.
The page on Server Fault left out something. I needed to add a user that the system would recognize to the Permissions list. I added my user authentication, selected it, and after that the certificate persisted after a restart.
It is at least working on my development server. I haven't tried it yet on my production server.
Update: Works the same on the production server. Also, instead of using my user authentication, I used the IUSR authentication, meaning that it should work even after my name is removed from the active directory.
We have a custom Active Directory integrated web app that helps users perform some self-service on their accounts (e.g. update photo, change phone number, reset password etc.) Our app runs on domain-joined servers, as Local System, and is thus able to authenticate to the AD using the server account(s).
We use a service connection point, that the app's clients use to locate an instance of our app. (Our app clients are hard-coded to look for certain keywords which are published on the servie connection point's keywords attribute.)
We recently had a situation wherein someone (we believe accidentally) changed the keywords on one of the service connection points resulting in an outage, since the clients could no longer find our SCP when querying the AD for our keyword(s).
The customer is a bit upset about this and wishes for us to provide them the ability to determine who can change the keywords on our SCPs. This feedback was passed on from our sales guys to us, and now we need to provide some way of helping them figure out who can change the keywords on our SCPs.
So, we're looking for an API to help us to determine Effective Permissions on our Active Directory service connection point objects, so we can alleviate this situation for the customer. We couldn't quite find an Effective Permissions / Access API that could help us list all the users who have effective write access to the keyword and other attributes on our SCPs.
Is there an API/other way that one can use to determine Effective Permissions on an Active Directory object?
It needs to be able to list all the users who have a specified access on a specified set of attributes of an Active Directory object.
This stack overflow post may be able to help you. LINQ to LDAP should also allow you to access the information pretty easily as well.
Just wondered if it was possible to send a toast from one WP7 phone to another.
Example of use:
User A presses a button on their phone to alert other users driving nearby with status "empty" that they are needed at the GPS location of User A
If anyone can provide some insight on if this is possible, and how it can be done, it would be great.
Thanks,
Can you?
No.
If I understand your question correctly, no it is not possible.
I understand your question to be "can I do this without having to implement something on a server somewhere?" And the answer to that is unfortunately "no".
What you will need to do as #softarn and #MrMDavidson alude to, you will need to implement something on the server.
But why not?
The reason for this is pretty simple. IF it was possible to do this, then it would open the door for abuse. Imagine if, without having to go through a Microsoft server, I could write a bit of code that would send push notifications constantly to all my users (who had downloaded my app of course). What happens if my users are on data plans that charge per bit? Well I've just screwed over a whole bunch of my users, and not only are they upset with me, they're upset with their stupid phone. Alternatively, what if Microsoft wants to give all windows phone users the option to get push notifications only every 15 minutes instead of immediately? Well, without operating as a go-between, Microsoft would be entirely unable to provide such functionality.
Here's how to fake it
So, in order to interact with toast notifications, it's a requirement that Microsoft gets to play middle man, so if needed, they can pull the plug on / monitor / regulate toast notifications on behalf of the user.
If you wanted to implement a bit of server code that emulated this behavior, that is certainly possible. As #MrMDavidson says, you'd basically need to take the following steps in the architecture of your app:
User's GPS location changes
WP7 app contacts a server that you own, notifying it that the user has moved
Your server code makes note of this, storing the data in a SQL database
After storing your new location, the server scans the SQL database for all other users of your app who are "nearby" and have their status set as "empty"
For each of the users in the database that match the criteria of being (a) nearby, and (b) having an empty status, the server code calls the user's "channel uri", sending the desired message
To your users, it's all the same
This would effectively accomplish your goal, and from the perspective of users, the experience would be seemless, and for all intents and purposes it will appear as if they got a notification directly from another user's phone.
Hope that clarifies things, I did assume you're familiar with the general workflow of sending Toast Notifications.
Happy coding!
Provided that User A's phone knows the push notification URI for User B's phone then, yes, you can send notifications from one phone to the other. However the question becomes; How do you distribute User B's notification URI to User A's phone? You'll either need an "offline" mechanism (email, for instance) or a server to act as a central repository. You're probably better off having a service layer over the top of the push notifications though to manage user-to-user relationships. Then User A's phone can say "Tell my friends that they're needed!". This can be an async-fire-and-forget call to your server. Your server can then implement retries and parallel execution to notify all User A's friends that they're needed at the location.
Yes of course it is possible. Read on to how push notifications work, though I don't think it will be as easy as you think. You'll need (I think) a server that the phones communicate through.