Slashdot Mirror


Microsoft Helps Police Crack Your Computer

IGnatius T Foobar writes "Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that "may have been used in crimes." It basically bypasses all of the Windows security (decrypting passwords, etc.) in order to eliminate all that pesky privacy when the police have physical access to your computer. Just one more reason not to run Windows on your computer."

7 of 558 comments (clear)

  1. Not new by The+MAZZTer · · Score: 4, Interesting

    Anyone can boot from a Knoppix live CD and mount NTFS drives in Linux and poke around. NTFS security is not applied under Linux so you can have a look at anything you want. I don't see how this is a big deal.

    The only thing that might be a problem is browsing the registry, but I wonder if wine's regedit can load native Windows registry hives. If so, then all Microsoft has done is taken existing Linux functionality and made it user friendly for the police.

    Speaking of which, anyone wanna place bets as to how long it takes for this tool to spread across p2p and torrent sites?

  2. Re:Really? by ozmanjusri · · Score: 3, Interesting
    I'd just boot knoppix and mount the partition.

    Police over here in WA have a special distro designed for forensics.

    --
    "I've got more toys than Teruhisa Kitahara."
  3. Re:Really? by MobileTatsu-NJG · · Score: 3, Interesting

    No unix using a non-encrypted file system is secure if you have physical access to the machine...Why would you assume it's any different with Windows?

    I'd just boot knoppix and mount the partition. There, I have access to all the files. That goes for windows AND unix/linux.

    If you really depend on the password for anything other than stopping casual or remote access, you're just fooling yourself. I just bought a Mac laptop and one of the things I ran across while I was reading about it was the File Vault. According to the really really enthusiastic article I read about it, it'll encrypt all the data on my home folder based on my login password. In theory, it sounds like even if somebody mirrored the drive, they'd have trouble (assuming the password is good...) getting at my data. I just wanted to ask: From a practical point of view, does this offer me much more protection? Or is there still some braindead easy way (short of beating the password out of me :P) that data can be recovered? Supposing it does work as advertised, am I at risk for having a single point of failure? Is there a realistic possibility of a badly timed computer freeze causing me to lose it all?
    --

    "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

  4. Re:Really? by 0100010001010011 · · Score: 3, Interesting

    From what I understand, No. There are ways, but nothing this simple. Your home folder is actually one massive 128bit AES disk image. So to crackers it just looks like one big file. You could do what I do and keep stuff 'private' (Tax Returns, financial stuff) on an encrypted disk image and have the OS NOT remember the password. Plus if you forget the password you don't lose all your music and other petty stuff.

    http://en.wikipedia.org/wiki/FileVault

    I was in an Apple store once when someone brought in their file vaulted laptop computer. They had 'forgotten' their password (Their actual story was that the OS changed the password on them). Apple Genius told them they were SOL. There are ways, but none of them are easy and most require something like cooling the RAM immediately after shutdown or catching the computer when it is sleeping.

  5. Re:Flaw by gstoddart · · Score: 3, Interesting

    It's hardly absurd. It's called "obstruction of justice". I've charged many people with obstruction for disobeying simple orders during a stop or arrest. It's a catch-all law that blurs the line between your civil rights and my ability to get what I want out of you, when I want it.

    Wow. Just fucking wow.

    So, either an AC is trolling by claiming to be a police officer who abuses due process. In which case I'm feeding trolls, and it's my bad.

    Or, an actual police officer is pointing out how he can basically stomp over the intent of the law and your rights by pulling out an unsubstantiated claim of obstruction of justice.

    If so, you're a perfect example of what is wrong in law enforcement, and why people have come to believe the cops are just thugs with authority. No wonder you posted anonymously. Thank you for demonstrating a new reason for increased cynicism about such things. No wonder people hate cops.

    Cheers
    --
    Lost at C:>. Found at C.
  6. Re:Customs by Ioldanach · · Score: 3, Interesting

    Unless there's a huge public backlash before then, I predict that Customs will roll these out to every major airport within the year.
    I hope so, because then the first slashdotter that has to go through customs can have his laptop automatically dd the entire contents of whatever usb drive gets attached to it, before they even realize it can't figure out what his laptop is running.
  7. Re:Flaw by SiChemist · · Score: 3, Interesting

    indeed it's a password reset, which is what i said, not a recovery. but do you trust a journalist to know the difference? i know i don't Good thing I wasn't replying to you :-)

    The article says

    It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site. Which implies that it can break in without cycling the power. That sounds more like password extraction rather than resetting. I can only go by what the article wrote, rather than speculating about what they might have meant.