Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Counter Microsoft COFEE With Some DECAF

Posted by kdawson on from the please-mister-moto dept.

An anonymous reader writes "Two developers have created 'Detect and Eliminate Computer Assisted Forensics' (DECAF). The tool tries to stop Microsoft's Computer Online Forensic Evidence Extractor (COFEE), which helps law enforcement officials grab data from password-protected or encrypted sources. After COFEE was leaked to the Web, Microsoft issued takedown notices to sites hosting the software." The article notes that DECAF is not open source, so you aren't really going to know for sure what it will do to your computer.

18 of 154 comments (clear)

  1. Perfect trojan horse by Anonymous Coward · · Score: 5, Insightful

    DECAF is not open source, so you aren't really going to know for sure what it will do to your computer.

    Haha, that'd be the perfect trojan horse. Have people with (illicit) things to hide run a program that claims to prevent them from being caught, all the while this program is just reporting them. And even if they post code, they could just post any old source code and claim it was used to generate the executable.

    1. Re:Perfect trojan horse by Ihmhi · · Score: 4, Insightful

      And even if they post code, they could just post any old source code and claim it was used to generate the executable.

      Well yeah, until someone who has an I.Q. greater than a water buffalo compiles the source code and finds out that it doesn't match up with the finished DECAF product...

      That's the point of having source code out there in the first place. It can be inspected for everything from your everyday uh-ohs to your big time no-nos.

      --
      Random Thoughts From A Diseased Mind (Not For Dummies)
    2. Re:Perfect trojan horse by b4dc0d3r · · Score: 3, Informative

      It's .NET and they ran Dotfuscator over it, so you're going to have to graduate past bovine intelligence on this one.

  2. Microsue by GuNgA-DiN · · Score: 3, Funny

    Oh Microsoft.... is there *anything* that can't be handled by a lawsuit?

  3. The Site... by JBG667 · · Score: 5, Informative

    http://www.decafme.org/

    --
    There are 10 kinds of people in the world > > Those who understand binary and those who don't
  4. So let me get this straight... by publiclurker · · Score: 5, Insightful

    I have incriminating information on my computer so I'm supposed to download and run some closed-source software from people who now know I have this information, and it will make my problems go away. Right.....

    1. Re:So let me get this straight... by Bios_Hakr · · Score: 3, Informative

      So, set up a VM and then port it through WireShark. It shouldn't be too hard to figure out if it's communicating with some central server.

      --
      I'd rather you do it wrong, than for me to have to do it at all.
    2. Re:So let me get this straight... by Anonymous Coward · · Score: 5, Funny

      Linux: optimized for child porn!

  5. Disable autorun, lock your computer by OverlordQ · · Score: 4, Informative

    AFAIK, if your computer is locked COFEE relies on autorun to work, so disable autorun and lock your computer will pretty much thwart COFEE, since it would somehow require bypassing MS's supplied GINA dll, which given it's Microsoft, might know how to do, but would find it highly unlikely.

    --
    Your hair look like poop, Bob! - Wanker.
  6. This is the best idea they've come up with yet... by robot256 · · Score: 4, Insightful

    ...to distribute rootkits and create botnets. Even better than those "Free Antivirus Software" downloads.

    Seriously, is anybody going to trust something like this without the source? Somebody intelligent enough not to open unsolicited email attachments, at any rate.

    (And yes, I realize there might be "legitimate" reasons for keeping the source out of law enforcement's hands, but frankly [at risk of trolling] I would rather be spied on by the government than identity thieves.)

  7. Re:DECAF: A welcoming news by skine · · Score: 5, Funny

    I prefer to RAGE against the machine.

    BAH-duh BAH BAH-duh BAH DAH-duh.

  8. Arguments by Demonantis · · Score: 5, Insightful

    I realize a large number of people won't trust it because its not opensource. I can see the authors view point though of not wanting Microsoft to turn around and make a patch against it. If you don't want it don't run it, but if it is a trojan a firewall can easily defeat that. If it is a virus word will spread and people will avoid it. It is like the Antivirus 2009 programs, other then being blatantly obvious viruses, don't work anymore because people know they are bad.

  9. Re:DECAF: A welcoming news by Anonymous Coward · · Score: 5, Funny

    Coding in the name of!

  10. Just wait!!! by Monkeedude1212 · · Score: 4, Funny

    Soon I'll Release my Beta version of FRENCH VANILA

    (Forensic Reducing Emulator Named Coherantly and Handsomely for Very Awesome Naughty and Illicit Activities)

  11. Wait, what--? by girlintraining · · Score: 3, Insightful

    ...so you aren't really going to know for sure what it will do to your computer.

    You're saying you don't know how to run a debugger in a VM session? or registry and file monitoring utilities? I get that analyzing machine code may be a bit of a lost art, but if you have the binary file you have everything you need to figure out what it does -- eventually. Someone will reverse-engineer it. In fact, I rather expect the authors knew this when they released it.

    --
    #fuckbeta #iamslashdot #dicemustdie
  12. Re:DECAF: A welcoming news by Anonymous Coward · · Score: 5, Funny

    Fuck you, I won't code what you tell me!

  13. Re:DECAF: A welcoming news by Per+Wigren · · Score: 5, Funny

    Some of those who share sources
    are the same that hate bosses

    --
    My other account has a 3-digit UID.
  14. Re:LiveCD by ZeroExistenZ · · Score: 3, Funny

    were I living in a communist country like China, i'd use a linux livecd with no attached hard drive.

    I first encrypted all my temporary data, encrypted everything in cache, it was a sweet algorithm. But I figured that wasn't enough, an onion-rings didn't help either. (I tried, I failed.)

    So then I decided to use my PC without keyboard, so they couldn't log my keystrokes or via processing the audio for my keystrokes discover what I was typing. From there up, everything was a success, I could later remove my monitor so noone could see what I was doing and I could just imagine keyboardinupt on my PC.

    I wasn't ever so productive and most of all SECURE.

    Soon enough, I felt my mousemovements could also be secured by removing my mouse. Once I mastered this way of working, they suggested I also could work without turning on my PC, as they could measure my work by reading radiation from my CPU "if they really would be wanting to read my work", just tossing out my HD wasn't sufficient. So, right now, I'm 100% secure, sitting at my desk, imagening my work.

    I did read something about mindreading, but I think that's just FUD.

    --
    I think we can keep recursing like this until someone returns 1