Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Counter Microsoft COFEE With Some DECAF

Posted by kdawson on from the please-mister-moto dept.

An anonymous reader writes "Two developers have created 'Detect and Eliminate Computer Assisted Forensics' (DECAF). The tool tries to stop Microsoft's Computer Online Forensic Evidence Extractor (COFEE), which helps law enforcement officials grab data from password-protected or encrypted sources. After COFEE was leaked to the Web, Microsoft issued takedown notices to sites hosting the software." The article notes that DECAF is not open source, so you aren't really going to know for sure what it will do to your computer.

13 of 154 comments (clear)

  1. DECAF: A welcoming news by ub3r+n3u7r4l1st · · Score: 2, Insightful

    Less innocent people will be going to jail. Less family will be broke up.

    The time has come to rise against the machine.

    --
    New Economic Perspectives
    1. Re:DECAF: A welcoming news by Wrath0fb0b · · Score: 2, Insightful

      Less innocent people will be going to jail. Less family will be broke up. [sic]

      Any particular reason to think innocent people are more likely to use DECAF than the guilty? I fail to see why technical savvy should be correlated with innocence or guilt.

    2. Re:DECAF: A welcoming news by camg188 · · Score: 2, Insightful

      Why do you care about popularity ratings? Just listen to what you like. End of problem.

    3. Re:DECAF: A welcoming news by Anonymous Coward · · Score: 1, Insightful

      Less innocent people will be going to jail. Less family will be broke up. [sic]

      Any particular reason to think innocent people are more likely to use DECAF than the guilty? I fail to see why technical savvy should be correlated with innocence or guilt.

      No correlation is implied. Fewer people go to jail, both innocent and guilty.

  2. Perfect trojan horse by Anonymous Coward · · Score: 5, Insightful

    DECAF is not open source, so you aren't really going to know for sure what it will do to your computer.

    Haha, that'd be the perfect trojan horse. Have people with (illicit) things to hide run a program that claims to prevent them from being caught, all the while this program is just reporting them. And even if they post code, they could just post any old source code and claim it was used to generate the executable.

    1. Re:Perfect trojan horse by Ihmhi · · Score: 4, Insightful

      And even if they post code, they could just post any old source code and claim it was used to generate the executable.

      Well yeah, until someone who has an I.Q. greater than a water buffalo compiles the source code and finds out that it doesn't match up with the finished DECAF product...

      That's the point of having source code out there in the first place. It can be inspected for everything from your everyday uh-ohs to your big time no-nos.

      --
      Random Thoughts From A Diseased Mind (Not For Dummies)
    2. Re:Perfect trojan horse by Anonymous Coward · · Score: 2, Insightful

      And then some one with a little higher I.Q. takes the time to do something fun like disassemble the executable or hell, use wireshark to capture any network traffic the program might generate to see what it is actually doing.

  3. So let me get this straight... by publiclurker · · Score: 5, Insightful

    I have incriminating information on my computer so I'm supposed to download and run some closed-source software from people who now know I have this information, and it will make my problems go away. Right.....

  4. This is the best idea they've come up with yet... by robot256 · · Score: 4, Insightful

    ...to distribute rootkits and create botnets. Even better than those "Free Antivirus Software" downloads.

    Seriously, is anybody going to trust something like this without the source? Somebody intelligent enough not to open unsolicited email attachments, at any rate.

    (And yes, I realize there might be "legitimate" reasons for keeping the source out of law enforcement's hands, but frankly [at risk of trolling] I would rather be spied on by the government than identity thieves.)

  5. Arguments by Demonantis · · Score: 5, Insightful

    I realize a large number of people won't trust it because its not opensource. I can see the authors view point though of not wanting Microsoft to turn around and make a patch against it. If you don't want it don't run it, but if it is a trojan a firewall can easily defeat that. If it is a virus word will spread and people will avoid it. It is like the Antivirus 2009 programs, other then being blatantly obvious viruses, don't work anymore because people know they are bad.

    1. Re:Arguments by JonJ · · Score: 2, Insightful

      I can see the authors view point though of not wanting Microsoft to turn around and make a patch against it.

      One would think that Microsoft has little to no problems doing this without the source.

      --
      -- Linux user #369862
  6. Wait, what--? by girlintraining · · Score: 3, Insightful

    ...so you aren't really going to know for sure what it will do to your computer.

    You're saying you don't know how to run a debugger in a VM session? or registry and file monitoring utilities? I get that analyzing machine code may be a bit of a lost art, but if you have the binary file you have everything you need to figure out what it does -- eventually. Someone will reverse-engineer it. In fact, I rather expect the authors knew this when they released it.

    --
    #fuckbeta #iamslashdot #dicemustdie
  7. I am confused. by TexasTroy · · Score: 2, Insightful

    Someone please explain. How is Windows secure (no pun intended) if Microsoft can release a tool, or script, which can get information from a password or encrypted system? Surely this cannot be an exploit to a backdoor. Does the use of COFEE require a user to already be logged in for it to work? Seriously. If this is the case, what keeps an evil-doer from using the tool to get into any window system they want and do whatever they want? If the tool has been leaked, then there is plausible deniability regarding any type of evidence on any windows box. Even if it were not leaked, this is proof that the windows platform is inherently insecure because there is a built-in method for bypassing its security features. Someone knowledgeable care to enlighten the uninformed?