Slashdot Mirror
Microsoft Helps Police Crack Your Computer
IGnatius T Foobar writes "Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that "may have been used in crimes." It basically bypasses all of the Windows security (decrypting passwords, etc.) in order to eliminate all that pesky privacy when the police have physical access to your computer. Just one more reason not to run Windows on your computer."
Seems to me that if all you need to do to get full access to anyones computer (anyone running Windows that is) is a Microsoft made device; that is a serious security flaw.
The Long Now Foundation
Reverse engineering and (more) malicious usage in 3... 2... 1.
They're already selling these online. Just check the box next to "I certify I'm a cop. Seriously, I am." and it's all yours for $19.95.
Cue the "if you have nothing to hide..." responses (and possibly some Hans Reiser jokes).
[b.belong('us') for b in bases if b.owner() == 'you']
The summary and article in one word:
FUD
...bypasses all of the Windows security... All of the Windows security - I can't even fathom how complex that device must be, that sure is a lot of security to bypass.This article poses a question I've always wondered about. Do most criminal investigations of the computer-related nature have experts that are well-versed in multiple operating systems? Seeing as to how this is government, I would guess the answer is "no," and that is partly why we have this... uhh... "benefit" from Microsoft to aid our investigators.
Makes me curious as to what would happen if, for some reason, my computer were seized and the police booted up to an Ubuntu welcome screen... heh...
Proudly supporting the Libertarian Party.
The article is extremely vague, but I don't see where this assertion came from. It sounds like they're distributing USB drives with a collection of cracking and monitoring tools; like what any self-respecting 1337 h4x0r carries around with him. If that's correct, there's no reason to think the same thing couldn't be done for Linux.
What I'm listening to now on Pandora...
There's no way this could fall into the hands of someone unsavory. Newp.
Whack a Catgirl: You know you want to!
My PC is going on eBay.
I'll game on a console from now on, and get a laptop that is compatible with Ubuntu.
Finally had enough. Come see us over at https://soylentnews.org/
This sounds like the ultimate exploit. MSFT is hardly going to close these security holes. I wonder when copies of this USB drive (and network-enabled variants of the attacks) will be employed by malware and botnet vendors.
Two wrongs don't make a right, but three lefts do.
So, the sheer fact that there is a device that can do this also means that anybody can do this because the methods are in place for bypassing security. It's only a matter of time before someone spends enough energy to develop a device that can do this (outside of Microsoft).
The implications of a device like this are scary to say the least. Although I'm not a Microsoft hater, this alone is more than enough to make me take a second look at options other than Microsoft Windows.
...it's just one more nail in the coffin of being "allowed" to use OSS. After all, if you have nothing to hide then you have nothing to fear, and only criminals would use OSS that would allow them to evade government snooping.
I'm sure some lobbyist is sitting with a Congressional staffer right now, explaining how requiring Windows on every computer is essential to the War on Terrorism.
You are in a maze of twisty little passages, all alike.
In the past, if I wanted to get information from another Windows machine, all I had to do was stick it in my Windows machine, log in as Administrator on my machine and change the permissions on the old hard drive. Then I could access all of the information, and bypass the Windows security from the other machine. The only thing I couldn't do is access some of the information that is actually stored in data files (such as IE's cache), even though it looks like a regular directory when ran within it's own windows installation. This is not new stuff.
It's going to be called Windows 7, right?
Say hello to my little sig.
unless the hardware itself is secured and tamper-resistant enough (ie cost of successfull tampering is higher than value of data).
This has always been true.
i wish i had known about this during last months pwn to own contest.
Then i'd be running ubuntu on my cracked and pwned vista machine right now, instead of runnung ubuntu on my purchased and formatted vista machine.
-I only code in BASIC.-
News at 11!
I wonder if some jurisdictions will begin requiring this, in the sense that if someone is using a system that does not support easily bypassing security that will be enough for 'probable grounds'.
It is dangerous to be right when the government is wrong.
Disable Autorun, that way the automated tool can't start. ;)
And if the USB software interacts with the computer while the OS is running, how can that be considered untainted evidence? AFAIK computer forensics rely on having snapshots of the machine with no possible interference from the OS and running programs.
Jonah HEX
Horror & SciFi Erotic Nudes
Anyone can boot from a Knoppix live CD and mount NTFS drives in Linux and poke around. NTFS security is not applied under Linux so you can have a look at anything you want. I don't see how this is a big deal.
The only thing that might be a problem is browsing the registry, but I wonder if wine's regedit can load native Windows registry hives. If so, then all Microsoft has done is taken existing Linux functionality and made it user friendly for the police.
Speaking of which, anyone wanna place bets as to how long it takes for this tool to spread across p2p and torrent sites?
"Where do you want to go today?"
Jail?
Ok - in principle I think this is a bad thing but.. We already know that you're guilty until proven innocent now - anything that can speed up the time from accusation to aquital for innocent suspects is a good thing. Also this development will hopefully put the brakes on the UK gov's plans for increasing the time you can be be held without charge to 42 days - their excuse was that it takes a long time to obtain computer evidence. Of course it won't take long for this device to be found on the black market - another reason to move away from Windows, or is the plan to brand anyone who uses a non-windows OS as a possible criminal?
I've had the following tool in my collection for a long time: http://home.eunet.no/pnordahl/ntpasswd/bootdisk.html
It's quite easy, boot up the computer from that disk and you can reset the passwords in a few minutes. Linux-based too for that matter.
FTFA:
The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer. It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.
Apparently just some tools-on-a-disk. If it can bypass the encrypted file systems and other secure stuff, then there is a problem and the so-called "NSA-key" is not just myth (http://en.wikipedia.org/wiki/NSAKEY).
Custom electronics and digital signage for your business: www.evcircuits.com
I really doubt that it can decrypt your passwords, other than a brute force attack. Maybe the trivial passwords on word 2003 files and the like.
Anything else you can easily do when you have physical access to the computer.
locally stored passwords for websites have been crackable for a while now, and in Windows Server has been disabled by default for this reason.
User login passwords for Windows itself is something else and you can't "just decrypt" them.
Apart from that, it just sounds like MS have provided a bunch of analysis tools.
Is this really news or am I missing something here?
throw new NoSignatureException();
Unless there's a huge public backlash before then, I predict that Customs will roll these out to every major airport within the year.
...who was a computer forensics expert/consultant.
He said that if one is going to use one's computer as an aid to their criminal career, use a Mac. The RCMP and all the rest were completely ignorant when it came to the Mac OS as well as everything else not Windows.
Guaranteed! This comment 100% Anthrax free!
The only thing I use Windows for is to run TurboTax and games. And I'm wondering about the TurboTax even.
But all hope is not lost -- running Windows on a hypervisor would be a bit more secure -- at least you can restart with the same snapshot, eliminating any attempts to embed a rootkit or snooping ware.
But really, with Linux these days, who needs Windows?
Ruby Neural Evolution of Augmenting Topologies
This sounds too scary to be true - and if true, it won't be long for this to be reverse-engineered.
Bypassing passwords/security: that sounds like a built-in back door. Not a security flaw: "this bug is a feature". And those back doors if confirmed to exist will be found soon.
The most unbelievable part is "decrypting passwords". Since when is the actual password stored, instead of a cryptographic hash of it? If decryption were possible, they are using a two-way encryption and a secret key is somewhere hidden in Windows. Every single copy of it. And that I can't believe, really. I call hoax. Still it won't make me use Windows anytime soon.
For local data privacy, I would use TrueCrypt, not Windows EFS. Use Full Disk Encryption on TrueCrypt, and their COFEE thumbdrive won't be of any help.
No unix using a non-encrypted file system is secure if you have physical access to the machine...Why would you assume it's any different with Windows?
I'd just boot knoppix and mount the partition. There, I have access to all the files. That goes for windows AND unix/linux.
If you really depend on the password for anything other than stopping casual or remote access, you're just fooling yourself.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
...a USB drive that boots something like Knoppix with NTFS file system support! ;)....
People have been using that to recover data from broken and otherwise defective Microsoft Windows boxes for a long time now...
Naturally they don't want police to have to carry around Knoppix CDs.
Intron: the portion of DNA which expresses nothing useful.
Since when has physical access to a machine ever been safe for any operating system? Also, it's not like Microsoft programmed in back doors for law enforcement; they are just bundling their version of script kiddie hacks.
"It basically bypasses all of the Windows security (decrypting passwords, etc.) in order to eliminate all that pesky privacy when the police have physical access to your computer."
WOW; that's a really biased summary. Here's what the article actually says:
"The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer."
Between those lines, I do not see what you see...
If I were a CIO, I'd want to make sure that either I could decrypt and analyze all the bits in my enterprise, or that nobody outside my enterprise could.
In other words, if there is a back door and I don't have it, the OS is not welcome in my shop.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Isn't the same old story? If you can't fix it, sell it! Vulnerabilities are now being 'sold' as police investigator tools. What next? Also, if you read the EULA for Vista (Probably applies to XP also) Microsoft can already access any files on any machine remotely, so long as it has an active internet connection. I think it was also determined recently as a part of that there is a special root login that only Microsoft has for all Windows machines giving more access than a normal administrator. Remember, they own it, and you lease the right to use it. :)
Want Big Business out of government? Take away the incentive and start by getting government out of big business!
This is huge! Windows passwords aren't enough to secure my porn! Call the government! Call nasa! Call a lawyer! This is an outrage!
Seriously. Does anyone here NOT know how to pull all the data off a windows machine without a password? I can think of a half-dozen ways to do it, and there is plenty of commercial software out there if you wanted to purchase some.
If someone has physical access to your machine, it is NOT secure. This is why people use encryption.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
So how long do you think it will be before the files on these thumb drives show up on TPB?
So as soon as a law enforcement type plugs this into the Bad Guy's computer, a virus is installed on the thumb drive and gets installed on every other machine that the drive is plugged into. (Like Mr. Law Enforcement's own desktop!!!)
Great Idea(tm) (:-)
Imagine the TSA was using these. Every businessman's computer would be owned. If the virus also disabled the detection systems, our Bad Guy could also attack other bad guy's systems. He'd rule the world... Bwa Ha Ha Ha....
All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
With the right tools you can read files regardless of permissions, change passwords, add users, etc, almost anything. Building a linux live cd which can read most file formats and ignores ACL's and that's not even counting the various and sundry tools available which allow you to change even a root password to a machine you've forgotten the credentials to.
If the cops or anyone else has your PC they have access to anything on it that's not ecrypted, whether Microsoft wins some quick PR with law enforcement by making it easy for them or not. This is essentially a non story.
No big deal. It's a USB keyboard with only an "I agree" button, and it's stuck.
Seriously though, I'm curious to know more about what exactly this does. At first I assumed this was typical
Spelling mistakes, grammatical errors, and stupid comments are intentional.
Anybody have a torrent of the files on this thumb drive? Might be fun to play with! ;-)
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
I'm all for protecting personal privacy, but if investigators are using these tools to comb through your PC, you don't need to stop using windows - you need to stop committing crimes.
Part of modern computer forensics is preserving as much of the state of the computer as possible BEFORE power is lost.
Granted, the state is in constant flux, but the cops really do want to grab any and all RAM-resident security keys, the contents of RAM disks, data not yet fully saved to files, etc.
The wet dream of a computer forensics expert is a computer he can put into hibernation without risking the loss of any data that has a "I'm going into hibernation mode, I better erase myself" detector.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
hmm.
I have a compact distro on a thumb drive that I can boot on, mount ntfs vfat and rifle through a computer should I wish - but this sounds like its more comprehensive then that. And if it is designed for widespread cop usage then it must be extremely user friendly as well. And TFA implies you do not even need to power down the PC.
So.. I would a guess an auto run application that is designed from the bottom up the bypass security, promote to admin rights, scan for files matching keywords, copy log files, backup fat, scan partition information, mount any unmounted partitions, get internet history, scan for deleted files, log torrent trackers. Hell there is an awful lot that could be obtained quickly and then analyzed later on once saved on the thumb drive. It could even alert officers for clear violations to prompt for arrest.
Clever little toy.
1. its going to help drive a lot of people to not use Windows - I already do not.
2. If windows had a rigorous and well implemented security system this would not be possible in any case.
3. Its an open challenge to the wares communities to copy and reverse engineer
4. It promotes the belief that there must be back doors into Windows that this gizmo utilizes.
5. I guarantee that something like this will become the norm at customs/airports for a lot of cases if it is fast enough - something on the lines of hold on sir, please plug your PC into this for 30 seconds whilst we scan for illegal behavior
6. Running Linux will simply open you to suspicion and a more in depth analysis.
And was one of the easiest things that Microsoft has ever done.
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
If you use TrueCrypt or other similar products to encrypt the entire hard drive I don't think this doohickey will be very effective. My laptop uses an encryption product for the entire hdd and when I boot into Ubuntu LiveCD I can't see a thing.
Bottom Line: Encrypt the entire thing and be done with it. Truecrypt FTW!
the future is but past forgotten
Here are the top four password recovery tools for Windows according to about.com's article.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
The cops busted the thieves as they were still on my property and with the loot. Although the thieves did not have enough time to crack my laptop, the police kept it for forensic analysis instead of returning it immediately.
Lesson for anyone reading this post: Use secure wipe when buying a used laptop and encrypt if you value your privacy. It is probably standard police procedure to snoop in people's files whenever the opportunity presents itself. I am grateful for recovering my laptop but its feel like a second violation with such intrusive methods.
Truly, a non-working computer is the ultimate in protection.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
huh? just so you know, you can boot up and get access to all the files in a linux distro just as easily as this article says you can on Microsoft distros.
-- Betting on the survival of the media industry is a serious risk. I advise investing elsewhere.
In unrelated news, it is now a felony not to run Windows on your machine, and Linus Torvalds has gone into hiding.
Life would be easier if I had the source code.
You'd always have to shut it down, image the drive, and then run your test against the image. If you ever so much as boot the image and use the device at that point, you've still just changed a shit load of files during the boot up process and a lawyer may still be able to get you off.
This device is only helpful if it contains a standalone script that can be pointed to a set of files on a write-blocked drive. Blindly letting it have full read/write access to any drive would be instant not-guilty result.
Unless this device gets some hefty certs, I'd be surprised if any law enforcement agency that reports to the public courts would ever use this device as reported.
When I said you should have your computer dual boot, with networking disabled on the windows side (which is how my PC was set up before the power supply burned out last week) so you wouldn't get viruses, spyware, and other nasties on your PC I was modded "troll".
Now the summary says "Just one more reason not to run Windows on your computer."
I guess the submitter was trolling? But at any rate, it seems to me that since Windows can't read hda, as long as you keep your terrorism plans, drug dealers' phone books, child pornography, and stolen state secterts off the windows side of your computer you're safe, right?
Wrong. If I have physical access to your machine I can probably get in pretty easily, and I'm no security expert. The cops have the funding to hire top notch guys who WILL decode that drive.
I can't for the life of me figure out why Microsoft would produce this tool, as it only makes them look bad. If someone made a Linux tool to crack windows, the Microsoft apologists and astroturfers would be screaming "FUD!"
The malware boys wil get a copy and make it so it works online. What fun!
(as one slashdotter's sig says, "karma: excellent. Try again, modboy!")
-mcgrew
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
...as in, selling the means to bypass copy protection?
rj
Investigators can probably find anything on your computer no matter what O/S you use.
Microsoft just made it alot easier.
He who knows best knows how little he knows. - Thomas Jefferson
is that a program CAN be written to bypass all windows security using a dongle.
hmmm
The Kruger Dunning explains most post on
This is not something new people, I can dump your RAM from my USB key already(After a reboot!) and go through for whatever I'd like.
http://tourian.jchost.net/shadow/liveusb/boot.png
http://tourian.jchost.net/shadow/liveusb/memoryremenance.png
http://tourian.jchost.net/shadow/liveusb/memoryremenance-filecarving.png
http://citp.princeton.edu/memory/
http://mcgrewsecurity.com/projects/msramdmp/ (The MS isn't for microsoft)
www.isoHunt.com
The police won't be using it without a warrant
If only that were true! If they'll open my garage door and have a look around without a warrant (on Memorial Day, when we salute those who died defending the Constitution and its 4th amendment), what makes you think they won't open your computer and have a look around without a warrant?
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
Not sure what the big deal is.
If you are a computer forensic investigator you already have many available tools (EnCase, etc) to do the same thing, not to mention the obvious linux based free tools (Helix, etc) that let you pound away on a computer (or captured image) and get whatever you want off it.
Keeping your computer completely secure is about as practical as copyright owners keeping their data totally protected. Its always an escalating two way battle and the winner is just the one who's willing to go the farthest with it, but nothing is 100% safe.
Privacy and DRM are both doomed for the same reasons.
Get over it.
-- Senior Software Engineer, Attorney appearance services, locallawyerapp.com.
"We're doing this to help ensure that the Internet stays safe."
Thank God! I'd hate to have someone murder me over the internet!
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
I don't get it. Let's stop throwing out the Men in Black Helicopters theories and Bill gates is Trampling My First Amendment Rights crap. If a computer is held for evidence in a child porn case, for example, then why would anyone here have a problem with a tool that makes it easier to collect said evidence from the computer to prosecute the offenders?
Let's forget there are already plenty of tools available to do this. So bitching about this is just farking stupid in the first place...
I turned in a client over a year ago for possession of child porn. I don't have one regret in doing so. When I turned the kid's computer in, I saw first-hand how carefully the police treat such things in order to preserve all evidence. If there's a tool out there that makes this process easier to nail people, then I say go for it. Stop bitching. No one's out to nail you for your WaRez.
It basically bypasses all of the Windows security
Windows has security?
Just because it CAN be done, doesn't mean it should!
If you have physical access to a computer, you can read the hard disk of any computer now -- Windows or otherwise -- without some special gizmo. All you need is a Linux live CD, or something like that.
Frankly, I don't understand the need for this gizmo in the first place.
Proverbs 21:19
On the black market?
Imagine the chaos this will produce once someone sells it off and its modified to work over a network!. Money talks and we all know the man is just as corruptible as the consumer. Sorry I meant citizen.
Well this is a good time and excuse to finally really try to wheen myself off windows.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
when someone else has your passwords.
To decide how harmful something is, you need to consider the worst thing it will do. Obviously, the police don't need this cracker kit from the soft to boot knoppix and read your unencrypted cruft they want what you consider safe. That might be SatanicPuppy's kiddie porn but there's real potential for abuse here.
Without privacy, you get political and economic abuse. For instance, the people who kept Code Pink, aka political opposition, out of Canada by falsifying information in a database would also love to know who else to harm by reading their contacts at the border. Microsoft would love to read the business secrets or their competitors.
The bootom line is that Microsoft has just admitted it's systems are backdoored so that they can get passwords. Those systems and anything made by Microsoft is suspect - don't use it if you value your business, privacy or freedom.
This has probably been possible since XP SP2, if not shortly thereafter.
And suspect that at some point the 'police' will 'accidentally' or 'inadvertantly' leak this to the outside, and woops, there it is...
The only unanswered questions are:
- Is this 'feature' part of foreign language versions? I expect these governments will be interested in this feature...
- What other government agencies will have access to this tool, and under what circumstances?
Well, we can be pwned with a warrant, want, or secret finding.
Again, as if we didn't know this was possible. So much for secrecy in Windows. Get yer Ubuntu running, gang, and your PGPDisk. I recommend the full disk encryption option as best.
deleting the extra space after periods so i can stay relevant, yeah.
Use a VMware machien that has it's disk file loaded on an ecrapted partition and have the machyne itself installed on a encrapted partition, but hide the VMware machine files on a partition that is mounted to a folder name deep within the windows file system so it can't easily be seen. Let them pull your data, all of it will be from your normal "clean" parition on your C drive, do some regualr surfing on the main machine and keep a seprate clean E-mail account on it as well. When their little keys finds nothing of interest you can get away with anything with your Virtual Desktop and they can't prove a thing!
Tsukasa: All I really want, is to be left alone...
Discussions there led to the creation of COFEE. I normally make coffee before I start discussions. one lump or two ?
.....this is the body .....
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
It's _when_ it will be used. Console access with nifty commands isn't new or earth shattering. Access with a feature set of brainless tools is something different.
:)
Legitimate investigations aside; I can see the benefits here. I'm curious how tools like this would apply to other types of searches.
Using live CD's or rebooting from CD/source is slightly more technical and hugely invasive to forensics (to the point of completely destructive many would agree), so the effect is that MS is selling a collection of hacking tools designed to make investigations easier.
By extension, if its easier, I think it could gain some momentum for gray area investigations or researches.
- traffic stops
- border/us customs
- Oh, you want to be a big brother/foster parent?
I dunno, I could have had an extra cup of 'Extremist' this AM also.
Hell i want one, no more uac prompts in Vista. This would be a benefit too all sa's if they had one.
make sure to read that both ways... not only should a computer-savvy person be perfectly capable of doing this, there shouldn't be anything in the way to STOP them from doing this. They SHOULD be able to do this. Being able to access a drive's contents externally can save your ass if you hose the O/S / boot sector / whatever. Getting around basic password systems that are only meant to prevent unauthorized access when already in the same system is something that is -by design-. If you don't want the contents available even if hooked up to a secondary machine, or even to forensics, then you should encrypt the thing (keeping in mind that if you then screw something up, you may be SOL.)
Hit the nail on the head, even when not using the heart-string tugging example of child porn. If the polive have physical posession of your computer, that means they have already secured a search warrant and have every right to get in to your computer and look through your stuff. And, frankly, they should. There is not a single privacy issue with this tool.
Here is the original link if anyone wants it: http://scissec.scis.ecu.edu.au/wordpress/conference_proceedings/2006/forensics/Proceedings_Forensics2006.doc
If you scan down about 15% of the way down, there is a blurb about COFEE mixed in with the rest:
Interestingly, this article if from 2006. So COFEE has been around for 2 years already. Fascinating that we are just hearing about it now.
Official Heretic from the "Church of Global Warming". Proven right thanks to whistle blowers. AGW = Flat Earth Theory
According to the article it can be attached to an actively networked pc allowing a search without rebooting, if this is true, they could access data in locations that they have do not have a search warrant for... right?
Please excuse my typo. The article *IS* from 2006, not "if". I gotta proofread more carefully. (When are we gonna get an edit feature Slashdot?)
Official Heretic from the "Church of Global Warming". Proven right thanks to whistle blowers. AGW = Flat Earth Theory
Well, computer games are not exactly art, but anyway. In CSI:Hard Evidence, one of the tools you can use to gather evidence at the places you visit is a USB pendrive that can find "encrypted files" in any computer.
From TFA:
The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer.
Who the hell owns your computer? What happened top the 4th and 5th ammendment?
This is totally unacceptable. Even using an "encypted volume" on Windows, I bet the password is stored in a format which will be decrypted by the tools on this device.
I use Linux, and while my system is on a UPS, it is also on a switch that I can turn off quickly and my home volume is encrypted.
Listen, in our browser history, regardless of how straight and narrow you may live, exists pictures and words that can be used against you in the court of public opinion. Even a recent picture by Fran Lebovitz of a 15year old girl on major news outlets could be called kiddie porn to the press.
The police and government use terror and public destruction to intimidate would-be criminals or people who have the mind to speak against them. It is best not to have your personal data as something they can use against you.
Just remember this:
"If you give me six lines written by the most honest man, I will find something in them to hang him."
Cardinal Richelieu (1585)
Since a computer (or the evidenciary data) has to be in pristine condition to stand up in a court of law, the current process is to make an identical, bit-by-bit exact copy of the drives and RAM, and examine those in a lab setting, apart from the suspect computer.
I wonder if this little MS device follows those rules or is it invasive, and leaves tracks like regular commands would??
"Yes, I have a Disaster Recovery Plan. It's called my Resume"
Today, information is valuable. People and companies expend effort to protect their information. The more the government seeks access that information, the more people will expend resources to protect that information.
This leads to waste.
If you are really paranoid, use Truecrypt.
WHERE DO I GET ONE????
who, other than the police, knows about and can use this?
"We're doing this to help ensure that the Internet stays safe."
Bit like doing something to help ensure the sky stays filled with Unicorns, eh?
Because these drives won't get stolen and duplicated, so criminals can comb through your PC. Nosir.
No tyrant thrives when every subject says no.
"Just one more reason not to run Windows on your computer." ...whaaat? oh come on...soo absurd, yet I bet the /. crowd just eats it up...
A more realistic closing statement might be "Just one more reason to ensure you use encryption if you value privacy" - considerably more fair.
The fact that there is an intentional back door, even if it's for 'law enforcement' purposes, means that all the Windows claims of security are meaningless. It's a pretend security.
If I manufacture locks, and and put in a glitch so that it will unlock if you shake/tap it a certain way, then I'm not making a lock, I'm making a device 'similar to a lock'.
God this pisses me off. How long until these devices end up on ebay? Or a knock-off gets out into the public's hands.
Utter bs. I love that my Windows password is not one-way hashed. That's why my personal stuff I wouldn't want a thief to see is in a TruCrypt hidden volume. And this is also why I no longer bring my laptop with me when I cross the border into the USA. Stupid.
...yet
(Although it's amazing how many former coffee drinkers misspell coffee.)
I agree, but people won't move from Windows until the alternatives get a library of games/software comparable to Windows, and solve stupid issues like these:
http://linux.slashdot.org/article.pl?sid=08/04/28/012238
I'm a techie/developer and even I find Linux confusing.
It's nothing new. While other products might not be Microsoft made, there are tools out there. UBCD (Ultimate Boot CD) comes with a utility for blanking XP passwords (I don't know if theres one for Vista yet, but if not, there will be soon). I've used it to blank passwords on US Army Secret computers (FYI, I work for the army and had permission) that users had lost their password to, took me 10 minutes max. Windows isn't/hasn't been secure. While I shake my finger at MS for providing a back door to anyone that allows access to others data (and I'm sure it's only a matter of time until this gets leaked to a torrent site), it's not exactly groundbreaking.
... its not my computer. Some guy just ran through here a few seconds ago and handed it to me. I've never seen any of this Goatse stuff before.
Have gnu, will travel.
This is a very good thing for Linux and the Open Source community for the following reasons:
Finally we have 100% proof that Microsoft have been lying all along when denying there is a security backdoor in Windows.
Now we know beyond doubt that you just can't trust any Microsoft-developed security system to even be intended to be fully secure.
This will ensure all worldwide military, and most (non-US) government departments will be obliged to migrate away from Windows and other Microsoft products simply for security reasons.
The first big business bust made with evidence gained by COFEE will ensure the rest of the commercial world will shortly follow.
...How long before some hacker group gets their nefarious hands on this 'plugin'?
OSS Community; Code me a viable alternative to Outlook and Office PRONTO, so I can use Linux! (And no, OO is no option, it is TeH SuX0000rrrZZ)
Presumably Sting is helping the RIAA find illegal downloads of "Message In A Bottle"?
Gentoo Linux - another day, another USE flag.
My 14yo neighbor kid did it in half the LEO's time using his $15 512mb USB loaded w/ Linux distro. We'll bring you more exciting revelations as they become available, STAY TUNED!
Imagination drew in bold strokes, instantly serving hopes and fears, while knowledge advanced by slow increments...
The kids call it 'pwning' or 'fragging' these days.
In all honesty, I don't know why it always ends up stirring an anti-microsoft apple/linux/unix fanboi debate. Every operating system is open to forensics, the fact microsoft threw a product together to help the police win cases with less effort or knowledge is a good thing. Who wants to go through the trouble of pulling out a hard drive, toss a write blocker, open encase/adftk etc and document a billion boring steps and try and stay awake doing long boring searches anyways. Who says lazy can't win!!!
I don't mind if tools are being used - but when the company that someone buys something from gives them a defective product (as in windows, since it seems that this takes advantage of security flaws) and then goes and gives someone else a way to exploit the defects in their own product, that's just wrong.
Show this to your friends and family that don't know what a real hacker is
I really look at this as more of a security issue than a privacy one. I think its less about privacy because one would have to assume in order to place this device on your computer police would have to have the correct authorization (ie: a warrant). I'm more concerned about the security implications of a device that simply plugs in and extracts all that information. However, I guess this would require physical access to the machine, and generally speaking, once someone has physical access, you're done for anyway.
Microsoft USA and China Technology Center (CTC) working together to assure the states future. Eat your heart out Mother Russia (MR)! What M$ lacks in desirability will always be the need for Viagra free Corporatists'/Politicians' functionality!
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
I don't know how careful the NIST actually evaluates the items to be certified, but if it is anything like the ISO 9000 certification a previous employer of mine got there will be holes you can drive a truck through ;-)
C - the footgun of programming languages
Comment removed based on user account deletion
Concur. TFA is ultimately nothing more than an illustration of how exploitable the trust model for USB device usage is. Though it pains me to say it, Linux is just as culpable on that front as Windows is.
Oh, you take me back to the good old days of Quake and Quake II when I ran the Springfield Fragfest site!
I guess I did get killed over the internet. A lot! Damn but it's dangerous in here.
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
First, whoever wrote that article has NO clue what the hell they are talking about. No set of tools for taking information about a live/running system is going to take the place of a full disk image and analysis by a tool like Encase. Furthermore, this sounds like nothing more than a set of tools for gathering information on a running system. Since most of the tools that digital forensics investigators utilize for live system analysis for Windows boxes were part of the Winternals suite that Microsoft acquired, I doubt this is anything all that special. I'll probably have access to one sooner or later, as I am a forensic investigator in the private sector with friends in the law enforcement world, and I'm not expecting anything earth shattering. But this article is clearly FUD written by someone who thinks computers are magic.
Remember the Alamo, and God Bless Texas...
Police help Microsoft crack your Windows computer's competition.
Sorry to attach this to your +5 post but I wanted this to get seen:
http://www.microsoft.com/presspass/features/2008/apr08/04-28CrantonQA.mspx
From the ms press release:
"COFEE, a preconfigured, automated tool fits on a USB thumb drive. Prior to COFEE the equivalent work would require a computer forensics expert to enter 150 complex commands manually through a process that could take three to four hours. With COFEE, you simply plug into a running computer to extract the data with the click of one button --completing the work in about 20 minutes."
Its little more than an automated tool that can be run by 'joe-beat-cop' instead of sending a forensics computer expert along. It doesn't do anything that couldn't already be done.
This all... MUCH ADO ABOUT NOTHING!!
To be honest the reason why anyone would use Linux in face of such an incredible disclosure would be because they value their privacy. I've been saying for the past couple years that privacy is important no matter what.
With Ubuntu (or Linux in general) you aren't going to be making it easier for a company such as Microsoft to build such a tool which can and will be abused more than you can possibly imagine.
With Linux the privacy is protected by disclosure. You disclose your coding so that millions of eyes can see it. No surprises can crop up for this sort of thing because people have seen the code. No special facilities will be built that will allow companies to allow other entities undisclosed access to your computer.
I don't want to hear the shit about how if you aren't guilty you shouldn't be worried. That's absolute bullshit. You protect your privacy to keep others from invading your privacy in the future.
With Microsoft Windows you have your privacy violated all the time (especially in Vista). You let this go and down the road you are probably going to find more nefarious aspects to that privacy violations such as the ability of the federal government to invade undetectably into your computer.
It is my right to say what is disclosed about me and what I say to others in private conversation. Our laws were written to put the burden on the government to prove their cases and our laws are there to permit us to protect ourselves against self incrimination. These are there to keep government agencies from misusing their power, which happens regularly.
You give up your privacy today you give up your children's privacy tomorrow and they may not feel the same way about it as you do. And consider that our federal government has been monitoring all electronic and digital communications for some time without warrants is just one aspect of you allowing them to do it because you feel you have nothing to hide. Well, the vast majority of American's don't have anything serious to hide, but that's not enough reason to justify this blanket ability to invade
You can lead a man with reason but you can't make him think.
I would hate an edit feature. That is what proofreading is for. Once you commit your post that should be it. I can't tell you how many times I've been in forums that allow editing of posts and suddenly I don't know what anyone is talking about simply because I showed up late. One person makes a comment, other people discuss, then that person edits his post to something else.
Not only that, it would be horrible for avoiding the trolls. All they would need to do is get a +5 informative on a post then edit it to be a link to a virus filled site or something else.
Stop Global Warming!
Just say no to irreversible processes!
Or just one more reason not to commit crimes.
Beauty is in the beholder of the eye.
Do you know if this distro is available publicly? I'm really interested in it because by default it blocks write access to IDE devices. Would be a great help in rescuing disks (something I do too much of sadly).
Great thougth! In my case, the comp is setting next to the only escape route (the window) and if the guy actually got away (having to jump over the 21" monitor and out the window) he would be seriously injured!
Whats the ignition point of thermite? Maybe I can sandwich it betwen the proc and heatsink, and just turn off the fan in software to ignite it!
How much is your data worth? Back it up now.
Allways zipcrypt with a plausible deniability folder. For instance, I work in a field where occasionally I have to have demographics on my comp. so, I encrypt a file, called *demographics.zip in it I put ... wait for it.
Demographics!
Then one tiny file is actually a textfile attached to an encrypted zip file with a txt extension. If you open the text file, it looks like text, for the first 30 or so pages, and then it looks as if it's corrupted. Yank your text, rename file, open, enter password, ahh 20G of pron is safe from wife.
Unless she sneaks up behind you, in which case your sol. Luckily for me, she just asks why I keep opening Mr. Andersons file.
How much is your data worth? Back it up now.
Free, European full disk encryption!
http://www.ce-infosys.com/english/downloads/free_compusec/index.html
I killed da wabbit -Elmer Fudd
Whew! I bet shipping was a bitch.
blah
"Just one more reason not to run Windows on your computer."
Yup, as once that tool is hacked/stolen into software and available on a USB drive, there won't be one computer that's safe.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
"...in order to eliminate all that pesky privacy when the police have physical access to your computer." Sorry, but the Search Warrant is what eliminates all your "peaky privacy", not something from Microsoft. And before you even think of the word "Patriot Act", any agency utilizing that act to search doesn't need anything from Microsoft. Believe it or not, criminals use computers too, and smaller agencies can use all the help they can get.
Interestingly, this article if from 2006. So COFEE has been around for 2 years already. Fascinating that we are just hearing about it now.
You must be new around here.
Edit should also be limited to a short time period.
And those same agencies use weapons that they might not want civilians to own.
"It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator CAN [emphsis added] scan for evidence on site."
Regardless of which, they will still disconnect and confiscate. They will follow the tenet "You don't let the murder keep the gun", ignoring the fact that they're depriving the (gun/computer) owner of ownership rights despite not having shown that the person and/or particular device was actually involved in any wrong doing. Remember Steve Jackson's G.U.R.P.S Cyberpunk vs. the Secret Service? There's been a great deal of progress in clone-imaging the machines since then, but they still confiscate. Making it even more unnecessary will not stop it, because law enforcement seek as much as possible to inflict punishment in its attempt to leverage a guilty verdict against the guilty. In the process they fuck the innocent over because their violation of ownership rights happens outside the venue of judicial oversight and remains allowed even when placed in that venue.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
Ubuntu Hardy Heron using the alternative installer allows full disk encryption with a passphrase during the install. http://www.phoronix.com/scan.php?page=article&item=873&num=1 Debian has had this since Etch I think. Slackware and SUSE also have a good set of docs on how to set up full disk encrytion. Not as easy as Ubuntu or Debian though. Actually it is more a fully encrypted root partition. The /boot needs to unencrypted to function. You can use an integrity checker to ensure this is not tampered with.
There is no excuse in 2008 for not using encryption.
And use a real operating system. Not Windows!
"Flags are bits of colored cloth that governments use first to shrink-wrap people's brains..."