Vista For Forensic Investigators

← Back to Stories (view on slashdot.org)

Vista For Forensic Investigators

Posted by kdawson on Tuesday April 17, 2007 @10:30AM from the recovering-it dept.

Ant writes "SecurityFocus has a two-part article offering a high-level look at changes in Windows Vista that a computer forensic investigator needs to know about. Part 1 covers the different versions of Vista available and Vista's built-in encryption, backup, and system protection features. Part 2 continues with a look at typical user activities such as Web browser and email usage."

125 comments

Min score:

Reason:

Sort:

Oh n0es by mboverload · 2007-04-17 10:36 · Score: 4, Interesting

The smart people already use drive encryption via TrueCrypt and other methods.

This may make it easier for the not so completely stupid criminals to protect themselves, but I doubt it will have any real effect.

People are stupid. Thats why they get caught.
1. Re:Oh n0es by mboverload · 2007-04-17 10:39 · Score: 3, Informative
  
  If you didn't RTFA, which I don't blame you, it's short on any radical ideas or editorials, there is one thing I didn't know before:
  
  Bitlocker (which encrypts the whole windows volume ala Truecrypt but bootable) requires a TPM 1.2 chip in it, which you'd be hard pressed to find in ANY computer.
2. Re:Oh n0es by PitaBred · 2007-04-17 11:01 · Score: 2, Informative
  
  The notebook I bought last September has a TPM v1.2 chip in it... and I know many current other notebooks do. But TPM is primarily useful in the mobile space, anyway, not on the desktop space where most people keep their machines reasonably physically secure.
  
  --
  My blog. Good stuff (when I remember to update it). Read it.
3. Re:Oh n0es by morgan_greywolf · 2007-04-17 11:01 · Score: 2, Interesting
  
  Bitlocker (which encrypts the whole windows volume ala Truecrypt but bootable) requires a TPM 1.2 chip in it, which you'd be hard pressed to find in ANY computer.
  
  At the risk of sounding like an overly-eager Apple fanboi (bleck!), recent Macs have an Infineon TPM 1.2 chip in them.
  
  --
  My blog
4. Re:Oh n0es by THESuperShawn · 2007-04-17 11:57 · Score: 4, Informative
  
  Actually, that's not correct. Bitlocker does not "require" TPM 1.2, it CAN be used without it. You can boot from a USB drive, make a few edits in the local policy, or manually set the 48 digit recovery password just to name a few.
  
  And just about any computer manufactured after January 2006 will have TPM 1.2.
  
  --
  Repant. Thy end is sheer.
5. Re:Oh n0es by stratjakt · 2007-04-17 12:02 · Score: 0, Troll
  
  If they have reasonable cause to suspect there's evidence on the HDD, but it's encrypted, they go get a judge to issue a warrant for your keys/passphrase.
  
  Then when you refuse to give it up, you're burned for violating a direct court order, and impeding in an investigation, etc.. You may end up in deeper sh!t than where you started. Judges dont cotton to hiding/destroying evidence, and they really get pissed off when you directly defy their orders.
  
  People are stupid - case in point - your idea is stupid.
  
  --
  I don't need no instructions to know how to rock!!!!
6. Re:Oh n0es by Detritus · 2007-04-17 12:34 · Score: 4, Insightful
  
  See the Fifth Amendment.
  The defendant has no obligation to provide the prosecution with incriminating information.
  
  --
  Mea navis aericumbens anguillis abundat
7. Re:Oh n0es by Ash-Fox · 2007-04-17 12:54 · Score: 1
  
  The defendant has no obligation to provide the prosecution with incriminating information.
  But aren't they obligated to follow court orders (such as the one, the grand parent was speaking of)?
  
  --
  Change is certain; progress is not obligatory.
8. Re:Oh n0es by Detritus · 2007-04-17 13:04 · Score: 1
  
  A court order doesn't override the defendant's constitutional rights. If the prosecutor really wants the information badly enough, the defendant can be granted immunity or "use immunity". Then the defendant could be held in contempt of court if he refused to testify, the grant of immunity having negated the possibility of self-incrimination.
  
  --
  Mea navis aericumbens anguillis abundat
9. Re:Oh n0es by flosofl · 2007-04-17 13:11 · Score: 1
  
  I thought that part of the Fifth Amendment referred to self-incrimination during testimony (you know, that ...nor shall be compelled in any criminal case to be a witness against himself... part). I don't think it allows you to refuse to turn over evidence legally requested via a search warrant. If the police/DA have a warrant for the contents of your drive (plaintext/non-encrypted), I'm pretty sure you are legally obligated to give up the key/passphrase.
  
  It would be similar to them naming the contents of your safe. You can't just hand over a locked safe sans combination and say "best of luck, guys." I'm thinking that would get you a contempt of court. I also think that courts treat the destruction/obfuscation of evidence as if the evidence would have shown whatever it is the prosecution was trying find.
  
  I think you may be thinking of the Fourth Amendment which would cover which evidence is admissible and how evidence can be collected (i.e. warrants).
  
  Disclaimer: I'm sure it's obvious by now, but just in case - IANAL
  
  --
  "This calls for a very special blend of psychology and extreme violence" - Vyvyan "The Young Ones"
10. Re:Oh n0es by Detritus · 2007-04-17 13:31 · Score: 4, Interesting
  
  There is a legal distinction between testimony and material objects like diaries and journals. From what I've read, a court can compel someone to hand over material objects, like a safe, but it can't compel someone to say the combination. This issue came up quite often during Prohibition. Many rum runners kept their business records in code. The government would often seize these records during a raid. The government used their own cryptanalysts to break the codes and testify in court as expert witnesses.
  
  --
  Mea navis aericumbens anguillis abundat
11. Re:Oh n0es by ucblockhead · 2007-04-17 13:39 · Score: 3, Informative
  
  In the past, courts have rules that an encryption key is analogous to a physical key, and like a physical key, can be demanded with a warrant.
  
  --
  The cake is a pie
12. Re:Oh n0es by Anonymous Coward · 2007-04-17 13:41 · Score: 2, Informative
  
  I'm sure it's obvious by now, but just in case - IANAL
  Indeed, it is obvious. IANAL either and while there is some truth to your argument it is mostly false. The fifth amendment applies at any time. If the police go to your house and ask if you killed your wife, your refusal to answer can not be used as evidence of your guilt. If they ask for the combination to your safe, you can claim the fifth amendment and decline to answer.
  You can even invoke the fifth amendment as a witness. For example, if the police ask for your safe in order to prosecute your neighbor you can decline to answer on the grounds that you may incriminate yourself. There is a catch however. The court can grant you immunity from prosecution for any statements you make. If you still refuse to answer you can be held in contempt. Furthermore, if your statements lead to other evidence the other evidence can be used against you even if your own statements can not. So while telling the court that the combination is "I did it" can't be used against you, any evidence discovered inside the safe could be.
  Also note there is a huge difference between a search warrant and a subpoena. A search warrant is where a judge has granted the police the power to personally search your home and seize any evidence they find. A subpoena is where you are handed a document compelling you to present evidence.
  Also note the fifth amendment protection against self-incrimination only applies to criminal cases. If you are sued and refuse to supply evidence, such as a password, the court can assume that the evidence you are hiding favors the other party.
13. Re:Oh n0es by Beefysworld · 2007-04-17 13:49 · Score: 3, Informative
  
  I can't believe this didn't get a bite. US citizens aside, this article relates to any other country that uses Vista, so it's a worthwhile topic. Just because one country's constitution states something, doesn't mean that all has been said and done.
14. Re:Oh n0es by Opportunist · 2007-04-17 14:02 · Score: 1
  
  Pity that Alzheimer strikes me in such young years. Oh, the humanity...
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
15. Re:Oh n0es by Beryllium+Sphere(tm) · 2007-04-17 14:07 · Score: 1
  
  I have yet to investigate a machine used by somebody smart.
  
  Of course the smart ones may never come to my attention.
  
  Also I haven't been looking at criminal cases, so the motivation level might be lower -- but don't overestimate the level of computer knowledge in the general population.
16. Re:Oh n0es by etymxris · 2007-04-17 14:10 · Score: 1
  
  Really? Could you cite the precedents you're referring to?
17. Re:Oh n0es by silas_moeckel · 2007-04-17 14:54 · Score: 1
  
  In the UK they can require you to give up your encryption keys. This is one of the reasons you have things like the multiple keys in truecrypt where you have one key with some tame stuff and a second key with your real system. I don't know the case law in the US but would think they can lock you up for contempt in a criminal case or just award the case to the other party in a civil case. Anyway if you really have something to hide the previous mentioned method should work fine or just use a server in another country an there are very very few things that can not be done via a text mode ssh session to some server in north korea, cuba, iran etc with plenty of strong crypto on the link and the far end.
  
  --
  No sir I dont like it.
18. Re:Oh n0es by MoralHazard · 2007-04-17 15:59 · Score: 1
  
  (This should NOT be modded insightful. It should be modded 'Wrong'. Read the goddamn Wikipedia article before you start modding, especially if you don't know anything about the law.)
  
  You misunderstand the use of the 5th Amendment. In its broadest form, it applies only to direct admissions by the defendant. A defendant cannot be ordered to confess, or punished for not doing so, or be forced to provide testimony that amounts to a confession.
  
  HOWEVER... Defendants CAN be compelled by the court to provide:
  
  - fingerprints
  - DNA samples (blood/saliva/etc)
  - access codes for properties to be searched
  - encryption keys to enciphered data
  
  Note the difference: None of these latter group are direct admissions of guilt. The information may lead to evidence that the defendant is guiltly, but that's not what the 5th Amendment protects against.
  
  (Also note that this protection only applies in situations where the crimes that are actually prosecutable. If the prosecutor so chooses, he/she can grant someone immunity from prosecution for a particular act, and then have the judge compel that person to testify about the crime.)
  
  In any case, someone who refuses to testify when asked a question in court can be held in contempt of court: The judge orders that the recalcitrant witness be fined or held in prison, possibly indefinitely, until they change their tune. There might even be an obstruction of justice charge. A general rule is that the actual penalty (fine or prison time) levied for contempt or for obstruction is roughly equal to the penalty for the crime for which you're being tried. The defendant has nothing to gain by clamming up and refusing the court's order.
19. Re:Oh n0es by Ash+Vince · 2007-04-17 18:36 · Score: 1
  
  Of course here in Britain we have the Regulation of Investigatory Powers Bill. (RIP)
  
  One of the clauses states that if you fail to decrypt something at the courts request you get a 5 year statutory term in prison.
  
  --
  I dont read /. to RTFA, I read /. to offend people in ignorance.
20. Re:Oh n0es by madcow_bg · 2007-04-17 18:38 · Score: 1
  
  A court order doesn't override the defendant's constitutional rights. If the prosecutor really wants the information badly enough, the defendant can be granted immunity or "use immunity". Then the defendant could be held in contempt of court if he refused to testify, the grant of immunity having negated the possibility of self-incrimination. Even then I believe you can refuse. Imagine a child-obscene picture case, held before a grand jury. If I know there are pictures there that will compromise my image, I don't want to reveal them, even for immunity. The public outrage and the possibility of loosing my reputations is too big. Now, substitute that for your petty (pretty major for some) crime and then talk to me about honestly.
  Besides, what is the point of the pictures if I am granted immunity? To incriminate others... so either persuade me or go f#ck yourself, that is.
21. Re:Oh n0es by Anonymous Coward · 2007-04-17 20:03 · Score: 0
  
  Since when does having a TPM hobble in your machine A GOOD THING?
  Being proud of that really does make you an Apple fanboy. You does realise that a TPM is a hardware DRM chip -- it was design to cripple the machine and ensure that it never really belongs to the mug punter who paid money to buy it.
22. Re:Oh n0es by Richard_at_work · 2007-04-17 21:31 · Score: 1
  
  At the risk of sounding like a .... person replying to a comment on slashdot, recent recent Macs (Core 2 Duo Macbook Pros etc) do not have the TPM chip installed, only the first Intel Mac generations do. Its totally missing from ioreg on C2D Macs while present in ioreg on CD Macs.
23. Re:Oh n0es by grahamm · 2007-04-17 23:15 · Score: 2, Interesting
  
  In the past, courts have rules that an encryption key is analogous to a physical key, and like a physical key, can be demanded with a warrant. Does anyone know why they came to that decision rather than treating encrypted computer documents the same way as paper documents (journals, diaries etc) which are written in code? IANAL but AFAIK the precedent with the latter is that they cannot force you to decode them. In both cases they are in possession of the physical document - that they are unable to understand it is their problem.
24. Re:Oh n0es by AmiMoJo · 2007-04-17 23:38 · Score: 1
  
  Actually, in the UK they can compel you. The RIP Act basically says that the police can demand your passwords, and if you don't give them you could be prosecuted and thrown in jail. The key is that the police need to prove you know the password. Obviously, if it's your computer, your account... but it is not clear what happens if you just forgot the password. How can they prove you remember something?
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
25. Re:Oh n0es by morgan_greywolf · 2007-04-18 00:29 · Score: 1
  
  Being proud of that really does make you an Apple fanboy
  Who said I was proud? I don't even own a Mac. I just read an article about it on Apple.com.
  
  --
  My blog
26. Re:Oh n0es by computational+super · 2007-04-18 00:38 · Score: 1
  
  it is not clear what happens if you just forgot the password.
  Or if there's no encrypted file to begin with. If I, um, had something to hide, I'd make it as non-obvious as possible that file X is actually an encrypted file to begin with. "Officer, I don't know what that file is or what it's for - it's in that 'windows\system' folder, and I don't know what any of those files do". For all they know, WeatherBug could have installed that file whose contents just happen to not be plain text.
  
  --
  Proud neuron in the Slashdot hivemind since 2002.
27. Re:Oh n0es by AmiMoJo · 2007-04-18 05:17 · Score: 1
  
  We are talking about full disk encryption here though, so...
  
  The idea is everything is encrypted. If someone steals my laptop, I don't want them to get into any of my files, see my browsing history, see what drivers I have installed for expensive hardware at my house etc.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
28. Re:Oh n0es by Anonymous Coward · 2007-04-18 07:51 · Score: 0
  
  So I'm a day behind, big deal...
  
  Not to mention you need Vista Ultimate or Corporate editions to even get bitlocker. I'd call this a non-issue. It's easier to download a FOSS disk encryption utility and use that. Heck it would be easier and cheaper to spend up to $350 on a piece of encryption software.
29. Re:Oh n0es by stratjakt · 2007-04-18 08:57 · Score: 1
  
  HOWEVER... Defendants CAN be compelled by the court to provide: ...
  
  - encryption keys to enciphered data
  
  is that not exactly what I said?
  
  --
  I don't need no instructions to know how to rock!!!!
30. Re:Oh n0es by Anonymous Coward · 2007-04-25 09:41 · Score: 0
  
  You are part of people, so you are stupid too.
Vista is for criminals, it assists encryption by Anonymous Coward · 2007-04-17 10:40 · Score: 4, Funny

If someone uses encryption, then obviously they are trying to hide somthing illegal or unlawful.

In Linux, encryption is done with unusual and special commands in conjuction with mounting a "loop" device to a filesystem; requiring administrator privileges to try to encrypt data like that, and adding to the subversion of a system with evidence of a corrupt administrator.

What kind of administrator would allow encryption on a filesystem? Obviously, a criminal.

Information is meant to be free, and open source. Encryption is somthing we would expect Mycrow$oft to use to help criminals be found by the good god-fearing men and women of the DEA/FBI/CIA/GATT/IMF/IRS just to atone for their sins.

Good people use OSX.

Call me,
Eve.
1. Re:Vista is for criminals, it assists encryption by hkmarks · 2007-04-17 11:09 · Score: 1
  
  ...Or someone with sensitive financial or legal data. Customer profiles. Business plans. Credit card numbers.
  
  Are you kidding me?
2. Re:Vista is for criminals, it assists encryption by Checkmait · 2007-04-17 11:15 · Score: 1
  
  That's not quite the case. Imagine your average information thief. He/she can steal information in one of two ways: online or physically. Now let's say some innocent government or corporate employee left a laptop with sensitive data on it (such as proprietary secrets). Our thief can pick up this laptop, and if it's not encrypted as you suggest because the employee and his/her company are innocent of any criminal activity, the criminal can read the entire contents of the disk.
  
  An encrypted drive makes this harder and is in use by many large corporations, many of which are not tainted by corruption and/or criminal activity.
  
  --
  "All you need is ignorance and confidence; then success is sure." -- Mark Twain
3. Re:Vista is for criminals, it assists encryption by session_start · 2007-04-17 11:36 · Score: 1
  
  Taken directly from TechNet
  Who should use BitLocker Drive Encryption?
  This guide is intended for the following audiences:
  -IT planners and analysts who are evaluating the product
  -Security architects
  So they do not even plan for criminals or anyone else for that matter to use it...nice...
4. Re:Vista is for criminals, it assists encryption by compro01 · 2007-04-17 11:54 · Score: 1
  
  Are you kidding me?
  
  yes.
  
  It's Funny! Laugh!
  
  --
  upon the advice of my lawyer, i have no sig at this time
5. Re:Vista is for criminals, it assists encryption by pipatron · 2007-04-17 11:55 · Score: 1
  
  Wooo...
  ...ooo...
  ...ooosh!
  
  --
  c++; /* this makes c bigger but returns the old value */
6. Re:Vista is for criminals, it assists encryption by pandrijeczko · 2007-04-17 21:27 · Score: 1
  
  If someone uses encryption, then obviously they are trying to hide somthing illegal or unlawful.
  As someone who works in telecomms security, I find your statement above laughable.
  Whilst I agree a lot of people are worried about security to point of paranoia, encryption is usually implemented to *stop* those with criminal intent from getting information you don't want them to see.
  About 18 months ago, I worked with a major financial organisation in tracking down someone who was using "man in the middle" attacks to try to intrude on some of their VoIP calls. Fortunately, the calls were themselves encrypted and, as such, the attack failed (although it was causing a one-way speech problem which is what highlighted the issue in the first place). I dread to think what that person could have done had he/shs been able to intrude on calls.
  
  --
  Gentoo Linux - another day, another USE flag.
Wow. by eviloverlordx · 2007-04-17 10:40 · Score: 4, Funny

I would've figured that the investigators' computers would be too slow from running Vista to investigate much of anything.

--
'Loose' is when your pants are three sizes too big. 'Lose' is when you misuse 'loose'.
No encryption by default by 5,+Troll · 2007-04-17 10:41 · Score: 4, Informative

One misconception is that encryption in Vista is turned on "by default." Actually, it is not. In fact, it is not even available in most versions of Vista. Vista is available in five SKUs, only two of which support encryption (a feature known as "BitLocker", or "BitLocker Drive Encryption" - BDE). Vista Home Basic, Media Edition, and Business *do not* support BDE. Vista Enterprise and Ultimate - the two more expensive editions - do support BDE. Also, encryption is not turned on by default. An important step during encryption involves defining the encryption and decryption keys. This cannot be done by default by someone other than the owner of the system. If it could, then that someone else would be able to gain access to the secure data - exactly what is trying to be controlled.

--
Please mod me only (+) Underrated or (-) Troll
1. Re:No encryption by default by RedElf · 2007-04-17 10:45 · Score: 4, Insightful
  
  With Vista, the OS from MS that phones home more than any previous release, can we really trust it not to "Phone Home" the encryption keys of bitlocker once it's enabled?
  
  --
  You know, I have one simple request. And that is to have sharks with frickin' laser beams attached to their heads!
2. Re:No encryption by default by mboverload · 2007-04-17 10:55 · Score: 1
  
  While a great example of "Microsoft Gone Wild!" they would never risk something like that being exposed. It would kill them.
  
  Yes, I am aware of the "NSA secret backdoor thing".
3. Re:No encryption by default by Anonymous Coward · 2007-04-17 10:56 · Score: 0
  
  > With Vista, the OS from MS that phones home more than any previous release, can we really trust it not to "Phone Home" the encryption keys of bitlocker once it's enabled?
  Why would it phone home? There's a good reason many encryption technologies support "recovery" options -- the canonical example being that if you get run over by a bus, your boss or sysadmin can recover the data.
  What makes you think there isn't a s00per-s33kr1t recovery key (in addition to any recovery keys the user may or may not have installed) available only to... but of course, there's no such agency that would ever ask to take part in such shenanigans. :)
4. Re:No encryption by default by CCFreak2K · 2007-04-17 11:15 · Score: 1
  
  One misconception is that encryption in Vista is turned on "by default." Actually, it is not. In fact, it is not even available in most versions of Vista.
  It also requires a TCPM chip. I tried it on my Pentium 4 box with Windows Vista RC1. No dice.
  
  --
  "Beware of he who would deny you access to information, for in his heart he dreams himself your master."
5. Re:No encryption by default by Anonymous Coward · 2007-04-17 11:21 · Score: 0
  
  There is no "Media Edition". Vista is available in 5 SKUs: Home Basic, Home Premium, Business, Enterprise and Ultimate. Ultimate and Home Premium contain Media Center. Enterprise and Ultimate contain BitLocker.
6. Re:No encryption by default by cortana · 2007-04-17 11:26 · Score: 0, Troll
  
  Do you really think it's beyond Microsoft to program in a covert channel that transmits sensitive data back to them or another party?
7. Re:No encryption by default by mordejai · 2007-04-17 11:30 · Score: 1
  
  No, we can't.
  
  Next question...
8. Re:No encryption by default by Cheapy · 2007-04-17 11:34 · Score: 1
  
  Why stop there?
  
  They could be sending credit card numbers, or SSNs, or your personal files, or your porn, or even every single piece of data on your computer!
  
  --
  Would you kindly mod me +1 insightful?
9. Re:No encryption by default by mboverload · 2007-04-17 11:39 · Score: 1, Funny
  
  > Do you really think it's beyond Microsoft to program in a covert channel that transmits sensitive data back to them or another party?
  
  Yes.
10. Re:No encryption by default by pipatron · 2007-04-17 12:00 · Score: 1
  
  There's a good reason many encryption technologies support "recovery" options
  Sounds more like an obfuscation system than en encryption system. The point with encryption is that no one except those you give the key to, should be able to decrypt the information.
  
  --
  c++; /* this makes c bigger but returns the old value */
11. Re:No encryption by default by x2A · 2007-04-17 12:54 · Score: 1
  
  Do you think it's beyond everyone else to not notice if they did? The amount of people paranoid about MS, who'll run it behind eg, a linux firewall, watching all the traffic that goes through during installation etc?
  
  I don't think MS would be able to get away with doing anything like that now, too many eyes on packets comin from Windows.
  
  --
  The revolution will not be televised... but it will have a page on Wikipedia
12. Re:No encryption by default by Anonymous Coward · 2007-04-17 13:45 · Score: 0
  
  So... it would kill them like releasing the least secure operating system kills them?
13. Re:No encryption by default by Cow+Jones · 2007-04-17 14:01 · Score: 1
  
  I used to be concerned about this, because in the end, you have to trust somebody. Trust Microsoft, trust the device driver programmers, trust your AV vendor, trust the TrueCrypt programmers. In the case of OSS, trust that enough eyes are watching, and that they're watching closely enough, and that they're even checking every single update and patch that you automatically install.
  
  It simply is not possible to personally check and verify every piece of code that gets executed on your computer.
  
  So yes, it's possible that Microsoft (or any of the other "trusted" parties) has built backdoors into Windows and into the Bitlocker component. But even if they could read your private encrypted data at will, they could *never* reveal it, because that would permanently destroy their credibility. I believe that most of our secrets simply aren't worth enough for MS to risk that.
  
  --
  
  Ah, arrogance and stupidity, all in the same package. How efficient of you. -- Londo Mollari
14. Re:No encryption by default by sunwukong · 2007-04-17 16:07 · Score: 3, Funny
  
  They could be sending credit card numbers, or SSNs, or your personal files, or your porn, or even every single piece of data on your computer!
  
  I've never read a more self-redundant sentence.
15. Re:No encryption by default by asninn · 2007-04-17 19:49 · Score: 1
  
  Short answer: no.
  
  Long answer: no, but which software *can* you trust? If you install, say, Mandriva, how do you know that it's not going to "phone home" any of your data? Oh, sure, there's no such functionality in the source code, but how do you know that the binaries you're running do correspond to the source code you're getting? And while you might think that simply recompiling everything will help, it's not actually going to - Ken Thompson demonstrated this nicely. If you're using the shipped compiler, you can't trust that it won't bug your binaries again; and recompiling the compiler won't help, either, since the compiler might also be bugged to bug itself. So unless you have a trusted compiler binary already, you're basically stuck.
  
  But to an extent, all that is besides the point: the real question is not "can you trust Vista" (or "can you trust Linux") but rather "can you trust Microsoft" (or "can you trust Mandriva", to pick up the example from above again). For MS, I'd probably answer that question as "no, you can't"; for Mandriva, I'd say "I don't know - I have no evidence either way". Ultimately, though, even when you do trust someone, that doesn't automatically make them trustworthy, so there's always a chance something bad will happen.
  
  If you really want to be sure that nothing gets sent to anyone, get a second computer that is not connected to any network (well, other than the power grid) and use that for sensitive documents.
  
  --
  butter the donkey
16. Re:No encryption by default by jimicus · 2007-04-17 20:36 · Score: 1
  
  Sounds more like an obfuscation system than en encryption system. The point with encryption is that no one except those you give the key to, should be able to decrypt the information.
  
  You're technically correct. But it hasn't stopped lots of things which claimed to offer "encryption" being sold on the open market.
  
  For instance:
  
  http://it.slashdot.org/article.pl?sid=07/04/13/123 0223
17. Re:No encryption by default by Magada · 2007-04-17 22:16 · Score: 1
  
  If you're that concerned, do not use binaries provided by anyone else. There are also defences against a compiler-based attack, if you stop to think about it. There is no need to trust Microsoft or Mandriva.
  
  --
  Something bad is coming when people are suddenly anxious to tell the truth.
18. Re:No encryption by default by secPM_MS · 2007-04-18 05:44 · Score: 1
  
  Adding to the thread. In addition to the bitlocker functionality, which was introduced with Vista, Microsoft has supported the Encrypting File System (on NTFS formated discs) since Win 2K. If you export the key, security is quite good. EFS can be managed by group policy in enterprises. Note, if you export your key and loose it and your password, you are not going to be recovering your data. There is a reason that enterprises publish the recovery key to AD.
  As to why you should trust MS to handle its crypto and privacy obligations, I would suggest several reasons.
  MS's design and implementation has been carefully reviewed by trusted outside examiners as part of the Common Criteria effort. This includes access to source code and the running of explicit tests against interfaces and API's.
  Governments and companies that are security critical deploy these systems. If MS were not behaving properly, these customers would not be buying and deploying.
Very sceptical about this by Anonymous Coward · 2007-04-17 10:42 · Score: 0

I think this video walkthrough is prima facae evidence

http://www.youtube.com/watch?v=EPeUAF_CuR8
If they want to bust you, they will by heretic108 · 2007-04-17 10:44 · Score: 3, Insightful

I see from TFA that they're shitting themselves at the prospect of widespread drive-level encryption. They console themselves with the fact that only the high-end Vista versions support BitLocker.

But in the end, encryption offers only limited protection. If some well-resourced hostile authority wants to take you down, there's endless options for framing you up. For instance, they could mess with your ISP's logs to fabricate http hits to k1dd13 pr0n sites, or infect your box with a bot that hits such sites on your behalf, which will cause the hits without messing with the ISP's logs...

--
-- In the beginning was the WORD, and the WORD was UNSIGNED, and the main(){} was without form and void...
1. Re:If they want to bust you, they will by mboverload · 2007-04-17 10:53 · Score: 3, Informative
  
  Criminals usually aren't smart enough to enable drive encryption or buy a $400 copy of Windows Vista. They are probably not smart enough to even install TrueCrypt, which is by far the most incredibly easy to use encryption product on the market.
  
  And by the way, what kind of bozo puts incriminating evidence on a computer period? Unless they deal in child pornography they wouldn't even have that data on the computer. (Unless you're that one idiot that used Microsoft word to print off a fake suicide note)
  
  Like I've said, "civilians with encryption" mean nothing. We've had strong encryption for over a decade and I don't see the average pimp encrypting his Microsoft Money 2007 databases that keep track of his hoes. Most people don't use encryption and never will until it's a box click away. Until they forget their password and realize that Uncle Jimmy with his magical computer toolkit can't save them.
2. Re:If they want to bust you, they will by nine-times · 2007-04-17 10:57 · Score: 3, Insightful
  
  I see from TFA that they're shitting themselves at the prospect of widespread drive-level encryption.
  
  Whenever it comes to these things, I find myself in a bit of a quandary. Of course I want various criminals to get busted, but these investigators are essentially relying on poor security to get their information. I generally want computers to have good security. I don't like the idea of people being able to see my personal info or browsing history, but I'm also not really hiding anything.
  oh well...
3. Re:If they want to bust you, they will by mboverload · 2007-04-17 10:59 · Score: 2, Funny
  
  IF YOU HAVE NOTHING TO HIDE THEN YOU WON'T MIND US LOOKING THROUGH YOUR BROWSER HISTORY, MR NINE
  
  *mboverload is sad because he hears these arguments from people but doesn't know how to fight against it. Someone help.*
4. Re:If they want to bust you, they will by Qzukk · 2007-04-17 11:34 · Score: 3, Insightful
  
  *mboverload is sad because he hears these arguments from people but doesn't know how to fight against it. Someone help.*
  
  "If you have nothing to hide, then you won't mind taking out a newspaper ad with your SSN, your DOB, your credit card numbers, your mother's maiden name, and your driver's license number. Either you have something to hide, or you'll quickly learn that you had something you should have kept hidden."
  
  --
  If I have been able to see further than others, it is because I bought a pair of binoculars.
5. Re:If they want to bust you, they will by vux984 · 2007-04-17 12:22 · Score: 2, Informative
  
  If you look through my browser history then you don't respect and trust me.
  If you don't respect and trust me, than there is something fundamentally wrong with our relationship.
  
  If there is something fundamentally wrong with our relationship then I wish to end it. **OR**
  If there is something fundamentally wrong with our relationship then we need to fix that.
  
  As far as society, and police/government initiatives its the same baseic question of trust and respect. Do we want to live in a police state? What fundamentally separates a prisoner from a free citizen? Indeed what is freedom?
  
  Anyone who seriously advocates living in a world where 'if you have nothing to hide then you won't mind us looking' is right about not needing to worry about being arrested - they're whole world is a prison. They will accept having their papers inspected at borders, building entrances, and street corners. They will accept random searches of their homes, car, computer, and person. They will not flinch when they are required to account for their whereabouts 24x7 and subject to being monitored the whole time, for they live a perfect life.
  
  And when the state decides to finally reel them in the rest of the way and lock them in an even smaller cell, they'll have a perfectly rational explanation: people can't be trusted. We watch them all around the clock, but we only catch them after the damage is done.
  
  Better to prevent the damage outright! Why take a chance?
  
  And more importantly, the truly innocent will finally be safe.
  
  Who could object to that!?
6. Re:If they want to bust you, they will by quanticle · 2007-04-17 15:02 · Score: 2, Interesting
  
  I've found that the most effective counterargument is to point out that the whole "nothing to hide, nothing to fear" argument is based upon the presumption that the government is infallible and perfectly competent. Sure, I have nothing to hide. However, I do fear the government looking at bits and pieces of my personal data and then coming to an erroneous conclusion about my future behavior because they didn't get the whole picture.
  
  Also, I don't like the thought of government being able to make arbitrary decisions restricting your freedoms without at least giving you the chance to address their concerns. Encrypting my data makes the government come to me for the decryption key (chance are, they'll do this at least see if I'm willing to cooperate). This is a chance for me to ask what's going on and why they need this data.
  
  --
  We all know what to do, but we don't know how to get re-elected once we have done it
7. Re:If they want to bust you, they will by Anonymous Coward · 2007-04-17 15:58 · Score: 0
  
  IF YOU HAVE NOTHING TO HIDE THEN YOU WON'T MIND US LOOKING THROUGH YOUR BROWSER HISTORY, MR NINE
  
  If I'm living in a free society, then I should have the right to not be inspected, to not produce identity papers if I'm not doing anything obviously wrong. If it's a free country, I should be able to refuse to be searched or have my car or house searched, without refusal to submit to a search counting against me as "evidence of wrongdoing". Free people should be allowed to go about their activities without being searched, inspected, monitored, and identified. Not wanting to be searched or interrogated should not be a cause for suspicion.
  
  If THE MAN believes somebody has done something illegal, then THE MAN should apply to a judge to get a search warrant, and if the warrant is granted, then THE MAN can perform their search. If THE MAN doesn't have a warrant, then THE MAN should allow people who aren't obviously doing something wrong to carry on with what they're doing, and leave them in peace to do it without being searched or harassed.
8. Re:If they want to bust you, they will by Oktober+Sunset · 2007-04-18 01:05 · Score: 2, Insightful
  
  The correct reply to that arguement is: "cool, can I come over to your house and install these Web Cams in your house, specifically, your bedroom and your shower, they are gunna broadcast on the internet 24/7"
  Also, demand all government officials (including senators and the president) must be bugged and have their movements and conversation monitored 24/7, and the full details made public, with archives and live feed to ensure that they aren't corrupt. Remember, they won't object if they have nothing to hide.
  
  --
  What if Tetris was invented by Nazis?
BitLocker is no impediment to police... by Anonymous Coward · 2007-04-17 10:46 · Score: 0

...since they'll get you to provide them your encryption key by using the same old fashioned methods they've always used to get information.
1. Re:BitLocker is no impediment to police... by pipatron · 2007-04-17 12:04 · Score: 3, Informative
  
  This is why you should use TrueCrypt with the hidden volume feature. You can, after some extortion, give them your key to the main truecrypt volume, but there is no way to know if there is another volume inside the one you just gave them access to.
  
  --
  c++; /* this makes c bigger but returns the old value */
CSI-Redmond by WwWonka · 2007-04-17 10:51 · Score: 0

...the only time I see forensics being used in conjunction with Vista is when poor old Granny Millie takes her 4 year old PC to Best Buy and bashes poor young Timmy James(just working there to save up enough for prom) over the head with it (and thus killing him on the spot) after trying to install Windows Vista(the lifestyle simplifier) which she had recently been "coerced" into purchasing there on her last visit.
encypted backups? by RedElf · 2007-04-17 10:51 · Score: 5, Interesting

After reading the article (I know we're not supposed to do that) I'm a little confused on if you backup an encrypted volume if the backup is also encrypted. If not, doesn't that defeat the whole purpose of encrypting that data in the first place?

--
You know, I have one simple request. And that is to have sharks with frickin' laser beams attached to their heads!
1. Re:encypted backups? by rivaldufus · 2007-04-17 11:12 · Score: 1
  
  That's why you should always send your backups to /dev/null.
  
  That way, they can't be stolen.
2. Re:encypted backups? by Anonymous Coward · 2007-04-17 11:17 · Score: 0
  
  After reading the article (I know we're not supposed to do that)... I hope you make the hall of fame for that one ;)
3. Re:encypted backups? by RedElf · 2007-04-17 11:27 · Score: 1
  
  Since when did Microsoft add /dev/null to Windows Vista?
  
  --
  You know, I have one simple request. And that is to have sharks with frickin' laser beams attached to their heads!
4. Re:encypted backups? by nine-times · 2007-04-17 11:39 · Score: 1
  
  It depends on why you're encrypting and how you're backing up. In this case, copying the files to an unencrypted disk will give you unencrypted files.
  In short, the purpose of encrypting your hard drive in this way is to prevent hacking from someone who as physical access to the machine. For example, if you give me a standard XP system, I can use a boot CD to reset your passwords. I can boot to another OS and access your files directly. If your system is up and running, Windows will protect your files with its own permissions, but once I have physical access to the machine and can reboot into whatever OS I want, I have your files. By encrypting the disk, you close that security hole.
  Do does an unencrypted backup void the purpose of encrypting the disk? Not if your backup is in a secure location.
  So if I take my laptop out into the world, I can encrypt the disk and keep an unencrypted copy at home. If my laptop gets stolen, the thief can not boot into another OS, reset my passwords, or otherwise get my data. At most, he can overwrite the old disk and start over.
  Also, if I want to secure data on desktop systems, I can backup to a server with restricted physical access. In order to get access to the backup, they'd need to break into my server room first, and then reset my server's passwords.
5. Re:encypted backups? by ScytheBlade1 · 2007-04-17 11:42 · Score: 1
  
  http://www.windowsitpro.com/Article/ArticleID/1345 0/13450.html
  http://www.microsoft.com/resources/documentation/w indows/xp/all/proddocs/en-us/if.mspx?mfr=true (search page for "nul")
  
  It exists.
6. Re:encypted backups? by x2A · 2007-04-17 14:00 · Score: 1
  
  It's existed in the NUL form going right back to early DOS days (and before, in CPM etc I think), which exists whatever directory you're in. Other device names include CON (console), AUX, PRN, COM1, LPT1 etc.
  
  eg:
  copy con lpt1 -- send anything you type to printer on lpt1
  md newdir > nul -- redirect output to nul
  
  --
  The revolution will not be televised... but it will have a page on Wikipedia
7. Re:encypted backups? by x2A · 2007-04-17 14:02 · Score: 1
  
  Unless you backup the volume (take an image) rather than the files, then you get the raw encrypted data.
  
  --
  The revolution will not be televised... but it will have a page on Wikipedia
8. Re:encypted backups? by dotgain · 2007-04-17 14:33 · Score: 1
  
  It's existed in the NUL form going right back to early DOS days (and before, in CPM etc I think), which exists whatever directory you're in. Other device names include CON (console), AUX, PRN, COM1, LPT1 etc.
  And to really rub your nose in it, Windows won't allow you to create a file or directory anywhere with any of those names. Just what I need from a filesystem: An historically bound list of arbitrary letter combinations that I can't use as a filename anywhere. Oh well, at least it's saved them the trouble of making any changes to command.com for 12 years.
9. Re:encypted backups? by nine-times · 2007-04-17 15:36 · Score: 1
  
  Are you telling me that if you use bitlocker and you copy files from your computer (running the installed version of Windows) to another drive or a network share, you'll get gibberish on the other end? I'll admit that I've never used bitlocker, but if that's true then it's going to be damn near useless for most uses.
10. Re:encypted backups? by nwetters · 2007-04-17 18:30 · Score: 2, Interesting
  
  You should worry more about the disk cache. Previously opened files are cached in RAM in an unencrypted state.
  
  Firewire ports and PCMCIA slots have direct memory access, so can be used to copy an image of your computer's RAM even if no one is logged in. This can recover useful forensic material even after a reboot cycle, as modern BIOS's don't clear RAM.
  
  It looks like Vista's disk encryption is useless if you switch on the PC and access files.
11. Re:encypted backups? by x2A · 2007-04-17 19:18 · Score: 1
  
  "and you copy files from your computer"
  
  No, I said if you take an image of the volume instead of copying the files, ie, if you access the raw hdd data, before filesystem driver tries to translate it.
  
  --
  The revolution will not be televised... but it will have a page on Wikipedia
12. Re:encypted backups? by pe1chl · 2007-04-17 20:57 · Score: 1
  
  Not only with those reserved names, but with any extension as well.
  You cannot name your Word document AUX.DOC or NUL.DOC
  
  The funny thing is that not all applications recognize (like Word) that it is unwise to save your file as NUL.whatever. They just save the file and make you looking for it later.
13. Re:encypted backups? by nine-times · 2007-04-17 23:42 · Score: 1
  
  Just a point of fact, you said that unless you take an image, rather than copying files, you get raw encrypted data. That's the opposite of what you're saying now.
14. Re:encypted backups? by Anonymous Coward · 2007-04-18 03:29 · Score: 0
  
  No. He's saying the same thing both times.
15. Re:encypted backups? by sakasune · 2007-04-18 04:14 · Score: 1
  
  Just tried in Word 2003 to save NUL.doc and AUX.doc and it warned me that its a reserved device name. Notepad too.
  
  --
  "You're arguing for a universe with fewer waffles in it," I said. "I'm prepared to call that cowardice."
16. Re:encypted backups? by sakasune · 2007-04-18 04:21 · Score: 1
  
  Nevermind to above - thought you stated that you COULD save it in Word. Mod me "-1, Didn't read the parent post right"
  
  --
  "You're arguing for a universe with fewer waffles in it," I said. "I'm prepared to call that cowardice."
17. Re:encypted backups? by x2A · 2007-04-20 01:53 · Score: 1
  
  Let me introduce you to a thing called "CONTEXT"... if you read my post in context, you'll see it means totally the oposite thing.
  
  Original post: "In this case, copying the files to an unencrypted disk will give you unencrypted files"
  My post: "Unless you backup the volume (take an image) rather than the files"
  
  IOW: Copying the files gives you unencrypted files, unless you backup the volume (take an image), rather than copy the files"
  
  Make sense now?
  
  --
  The revolution will not be televised... but it will have a page on Wikipedia
I find it funny. by figleaf · 2007-04-17 10:54 · Score: 3, Funny

that the article mentions Slashdot and Register as a reference for a Microsoft OS.
They're ReadyBoosting! by Mateo_LeFou · 2007-04-17 11:22 · Score: 1

Sorry, I can't resist a dig at that stupid concept.

If your OS is *disgustingly, *alarmingly inefficient with resources, you can stick a thumbdrive in it and cross your fingers that the email you just spent half an hour typing on will go through.

In other news if your car gets 1.4 miles per gallon, you can drive around with a few 50-gallon drums of gasoline to get you through out of those tight spots.

--
My turnips listen for the soft cry of your love
1. Re:They're ReadyBoosting! by drsmithy · 2007-04-17 15:19 · Score: 1
  
  Sorry, I can't resist a dig at that stupid concept.
  What stupid concept ? Disk caching ? Because that's all ReadyBoost ultimately is - a disk cache.
2. Re:They're ReadyBoosting! by Anonymous Coward · 2007-04-17 15:37 · Score: 0
  
  I think his sarcastic point was meant to be read more along the lines of ......
  
  "Well a 128mb hard drive oughta be plenty, you'll never fill it up." ... or aiws 'Dammit Jim! Keep throwing RAM at it or we'll never make it!
  
  YMMV
Quality by cortana · 2007-04-17 11:24 · Score: 1

10/10, would read again. ;)
Encryption use is low anyway... by Blittzed · 2007-04-17 11:33 · Score: 3, Interesting

Part of my job entails working with law enforcement officials in the field of digital forensics. They have told me that the use of any encryption system by criminals is very low, to the point of non-existent. This is fortunate for the Police, as it makes it easier for them to keep these scumbags off the streets (unfortunately a lot of the crime they deal with is child pornography). There are so many barriers to Bitlockers use (TPM, correct version of Vista, off by default etc etc), that its widespread use just doesn't seem likely. If the bad guys aren't using EFS and other encryption systems now, and these are easy to implement, why would they bother of going through the hassle to use Bitlocker? There are also laws being enacted in certain countries to force the bad guy to give up passwords/ keys etc (ie we are going to lock you up until you give it to use so you may as well do it now...).

--
"They looked deep into my soul and assigned me a number based on the order in which I joined"
1. Re:Encryption use is low anyway... by Anonymous Coward · 2007-04-17 11:55 · Score: 1, Insightful
  
  There are also laws being enacted in certain countries to force the bad guy to give up passwords/ keys etc (ie we are going to lock you up until you give it to use so you may as well do it now...).
  
  That's awesome - as long as you have some way to tell who the "bad guys" are before you get their password. Otherwise what you are talking about is making the use of encryption a jailable offence.
2. Re:Encryption use is low anyway... by Blittzed · 2007-04-17 19:46 · Score: 1
  
  Fair enough point, and I need to be a bit careful about what I say, but the guys I work with don't normally just grab people at random. If they show up at your door, then they usually already know what they are going to find. The seizure is so that a case can be made and put before a judge / court. They have more than enough work than they can handle now without doing random PC seizures.
  
  --
  "They looked deep into my soul and assigned me a number based on the order in which I joined"
3. Re:Encryption use is low anyway... by Jugalator · 2007-04-17 20:26 · Score: 1
  
  There are also laws being enacted in certain countries to force the bad guy to give up passwords/ keys etc (ie we are going to lock you up until you give it to use so you may as well do it now...).
  
  Wow...
  
  Well, good some encryption tools implement plausible deniability then.
  
  --
  Beware: In C++, your friends can see your privates!
4. Re:Encryption use is low anyway... by jonbryce · 2007-04-18 08:55 · Score: 1
  
  I guess there is a very big difference between the technical ability of child pornographers and the people who do things like sell crack cocaine by the tonne or arrange to fly planes into skyscrapers.
  
  Your experience of the use of encryption probably stems from the fact that you work with local police on small scale criminals rathern than for the CIA on big inernational operations.
5. Re:Encryption use is low anyway... by Blittzed · 2007-04-18 09:22 · Score: 1
  
  Your experience of the use of encryption probably stems from the fact that you work with local police on small scale criminals rathern than for the CIA on big inernational operations. Sorry, but you are incorrect in terms of my experience, but I would be happy to know what your experience is (your website appears to be offline BTW) that lead you to make your post. I believe that the title was 'encryption use is low', not 'its only used by small time crims'. The (sad) fact of the matter is that the vast quantity of computer related crimes IS small time, or corporate related. The CP example I gave was just one: there are others which I can't talk about. As to terrorism, if you would like to give me some actual examples of terrorists using sophisticated technology (I don't mean webmail or IM) for their info warfare operations, I would be happy to see them. Do you really believe that the CIA is going to be anything more than just delayed in getting a password to read an encrypted volume / file? I'm not just talking about brute force cracking either - there are other ways...
  
  --
  "They looked deep into my soul and assigned me a number based on the order in which I joined"
force the bad guy to give up passwords by nurb432 · 2007-04-17 11:47 · Score: 1

"oops, that was the destroy all data password".. sorry about that i was so shaken up by being jailed when i am innocent that i was confused and gave you the wrong one.

--
---- Booth was a patriot ----
1. Re:force the bad guy to give up passwords by x2A · 2007-04-17 14:04 · Score: 1
  
  "That's okay, we were working on an image we took directly off the drive... try again"
  
  --
  The revolution will not be televised... but it will have a page on Wikipedia
Re:BitLocker Backdoor by Vash24601 · 2007-04-17 11:57 · Score: 1

it's not a bug, it's a feature!
Vista For Forensic Investigators by Anonymous Coward · 2007-04-17 12:23 · Score: 0

"Vista For Forensic Investigators"

Aren't there already too many versions of Visa to choose from?
How's the Vista from there? by FMota91 · 2007-04-17 12:31 · Score: 1, Funny

How are they going to find anything looking through Windows?

--
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C1 bottles of beer on the wall. Take one down, pass it round... Oh, umm...
No problem by dereference · 2007-04-17 12:52 · Score: 1

"oops, that was the destroy all data password".. sorry about that i was so shaken up by being jailed when i am innocent that i was confused and gave you the wrong one. "Oh, we understand, that's fine. We only tried it on a copy of your drive; care to try again with another copy? We'll give you lots of time to calm down, relax, and think about it."
1. Re:No problem by nurb432 · 2007-04-17 13:13 · Score: 1
  
  With full TPM enabled in hardware ( which is coming soon to a nightmare near you ) you wont be able to use a copy of the HD.
  
  --
  ---- Booth was a patriot ----
2. Re:No problem by Anonymous Coward · 2007-04-17 17:52 · Score: 1, Interesting
  
  This is true, but with fully TPM enabled hardware, they will, because they will be able to get the hardware key from the manufacturer.
nOhtign to ese hree by EmbeddedJanitor · 2007-04-17 12:54 · Score: 1

Move along please!

--
Engineering is the art of compromise.
BDE, a fitting name... by plasmacutter · 2007-04-17 13:13 · Score: 2, Insightful

if i remember correctly from 4-5 years ago.. BDE also stood for "borland database engine".. or in colloquial english, the spyware that kazza installed.

now microsoft has made it a feature in their new os, giving us greater spyware value by cutting out the middle man!

--
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
Gasp! by Opportunist · 2007-04-17 14:05 · Score: 1

You mean ... all those 3-letter-government-organisations are criminal organisations? Organized crime in the top echelons of the US government?

Now that I think of it... a lot starts to make sense, you know...

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Know what's interesting? by Opportunist · 2007-04-17 14:19 · Score: 2, Insightful

Reading those comments, more than the article itself.

Peruse them and you might notice something. Well? Right. A handful deals with the problem of having your notebook stolen, while the majority discusses the effects of it on a search. I.e. more people being concerned of the effects to a search than to having your computer stolen.

Makes me wonder... does it tell me something 'bout the people here or about the governments we live in?

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
1. Re:Know what's interesting? by QCompson · 2007-04-17 15:26 · Score: 1
  
  Reading those comments, more than the article itself.
  
  That's pretty obvious. The article is about Vista and computer forensic investigation. That would be why most of the comments are focusing on a search and seizure situation.
Haven't you ever seen Law and Order? by rah1420 · 2007-04-17 16:23 · Score: 1

When Lenny finds a locked door or something with a padlock on it, he'll ask the owner once, nicely, to effect an entry. And if they want to be a prick and not cooperate, out comes the bolt cutters or the ram.

--
Mit der Dummheit kämpfen Götter selbst vergebens.
The Law by bussdriver · 2007-04-17 17:14 · Score: 2, Informative

The past rulings indicate and its rather clear that the 5th amendment only applies if you hurt yourself with the information disclosed. There is a "Fisher Test" of requirements to get around the 5th:
1) evidence exists
2) the person has a key for getting/finding the evidence
3) producing the key does not link the evidence to the person (aka authentication)
Fisher v US

Its like you have evidence in your safe but so do other people, so they can force you to open the safe despite the 5th- is my understanding of the ruling. Where it gets really tricky is when they offer immunity to get around the 5th as a setup to tie the person into some other crime they trump up from that evidence.

Biometrics are another issue that I'm not sure they have rulings supporting. USA vs Dioniso has "The Fourth Amendment provides no protection for what "a person knowingly exposes to the public, even in his own home or office . . . ." 351?
They rule that publically available information can not be hidden later on is my understanding and the example given was a persons' face. To me this indicates its possible that biometrics being public (fingerprint) could be taken from you with no 5th amendment protection. Naturally, the police can attack your security any way their please without your help and can lift your biometrics in many ways without going threw the court and I suspect when that situation is raised they possibly will extend the line of thought started on this case.

I am not a lawyer.

--
Democracy Now! - uncensored, anti-establishment news
1. Re:The Law by ivan256 · 2007-04-18 06:34 · Score: 1
  
  Naturally, the police can attack your security any way their please without your help and can lift your biometrics in many ways without going threw the court and I suspect when that situation is raised they possibly will extend the line of thought started on this case.
  
  Repeat: Something you know, Something you have... Something you know, Something you have...
  
  Your biometric alone does not provide security or authentication.
how secure is vista, really? by v1 · 2007-04-17 23:57 · Score: 2, Interesting

The macintosh home folder security is called "filevault", and uses encryption to encrypt the entire user home folder, where most of the user information is. The actual key to the vault is large (128bit aes?) and is stored at the start of the vault, but the key is encrypted using the password the user provides when it is created. Another copy is stored there, encrypted using the master password's certificate, which is encrypted using the master password. So if you lose your password and lose the master password, the data is truly gone forever, and there is no "back door" at Apple. There's nothing stopping you from deleting the master key, it's one document easily located. There is no known back door to the filevault system, and the system is very careful to point out if you lose the password and master password, your data is irrecoverable. The master key requires you to enter a password because the key itself is also encrypted, so simply having access to the master key certificate is not useful in breaking into a locked vault, because the master password is required still.

From what I have heard, all rumor and third-party, windows' encrypted home folders is worthless from a true security standpoint. I have been told that there is a master key in use similar to the master password in OS X, but that it is not one that the user makes, it comes pre-made from microsoft. No one outside microsoft has the private key to unlock that certificate. So if you lose your password, YOU are screwed, but if microsoft really wanted into your data they could get into it. (or let someone else into it) I don't know if there is a documented way to erase this copy of the image's crypto key encrypted with microsoft's back door password. Also I wonder if an administrator could simply reset the password on the account and then login with the new password to just waltz by the entire security of the system?

How much of this is fact and how much is fiction? We have seen time and time again that security by secrecy and security by "but we would NEVER misuse our master key" is a complete laugh, because (A) the secret ALWAYS gets out, and (B) someone ALWAYS ends up misusing the master key. In this respect I feel sorry for the windows users because the wolves are guarding the sheep.

Sidenote: OS X also has a built-in feature that lets you create a regular encrypted disk image. When you make one of those, the machine's master password is not used to store another encrypted copy of the image key as with filevault, so those disk images have only one actual key. I use this to store a password list on my flash drive because of how easy they are to lose, and I am completely confident that anyone that finds the flash drive will be absolutely unable to access my information. I assume that a 3rd party solution is required for windows users?

Somewhat OT, but I have also been told that it's essentially impossible for even an administrator to just read another user's data on the same hard drive, that they have to "take ownership" of the files to read thm, thus altering the data. Yet viruses apparently can multiply at will, infecting all accounts on the computer. Why is it that the viruses have no problem circumventing windows security while at the same time it's nigh imposible for the administrator to do the same thing? Tha does not make sense.

--
I work for the Department of Redundancy Department.
Damn Straight by brunes69 · 2007-04-18 00:16 · Score: 1

People are stupid. Thats why they get caught.
Damn Straight. This is what you should remember whenever there is news coverage of a notorious cracker getting arrested, or some huge identity theft ring being broken up.
It is not the crimes you KNOW about, it's the ones you DON'T KNOW ABOUT that are the real issue.
Smart criminals not only do not get caught, they aren't even being looked for because their crimes go undetected.
Wait for DVD Jon to figure out the NSA Key. by ScrewTivo · 2007-04-18 01:09 · Score: 1

Considering the NSA were "consulted" by MS, they must have a key. DVD Jon is just the person to "jimmy" the lock on this door.

I wonder how the Chinese and Russians view this "consultation"?

--
Gizmos Gagets For Ninjas