Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Counter Microsoft COFEE With Some DECAF

Posted by kdawson on from the please-mister-moto dept.

An anonymous reader writes "Two developers have created 'Detect and Eliminate Computer Assisted Forensics' (DECAF). The tool tries to stop Microsoft's Computer Online Forensic Evidence Extractor (COFEE), which helps law enforcement officials grab data from password-protected or encrypted sources. After COFEE was leaked to the Web, Microsoft issued takedown notices to sites hosting the software." The article notes that DECAF is not open source, so you aren't really going to know for sure what it will do to your computer.

13 of 154 comments (clear)

  1. Perfect trojan horse by Anonymous Coward · · Score: 5, Insightful

    DECAF is not open source, so you aren't really going to know for sure what it will do to your computer.

    Haha, that'd be the perfect trojan horse. Have people with (illicit) things to hide run a program that claims to prevent them from being caught, all the while this program is just reporting them. And even if they post code, they could just post any old source code and claim it was used to generate the executable.

    1. Re:Perfect trojan horse by Ihmhi · · Score: 4, Insightful

      And even if they post code, they could just post any old source code and claim it was used to generate the executable.

      Well yeah, until someone who has an I.Q. greater than a water buffalo compiles the source code and finds out that it doesn't match up with the finished DECAF product...

      That's the point of having source code out there in the first place. It can be inspected for everything from your everyday uh-ohs to your big time no-nos.

      --
      Random Thoughts From A Diseased Mind (Not For Dummies)
  2. The Site... by JBG667 · · Score: 5, Informative

    http://www.decafme.org/

    --
    There are 10 kinds of people in the world > > Those who understand binary and those who don't
  3. So let me get this straight... by publiclurker · · Score: 5, Insightful

    I have incriminating information on my computer so I'm supposed to download and run some closed-source software from people who now know I have this information, and it will make my problems go away. Right.....

    1. Re:So let me get this straight... by Anonymous Coward · · Score: 5, Funny

      Linux: optimized for child porn!

  4. Disable autorun, lock your computer by OverlordQ · · Score: 4, Informative

    AFAIK, if your computer is locked COFEE relies on autorun to work, so disable autorun and lock your computer will pretty much thwart COFEE, since it would somehow require bypassing MS's supplied GINA dll, which given it's Microsoft, might know how to do, but would find it highly unlikely.

    --
    Your hair look like poop, Bob! - Wanker.
  5. This is the best idea they've come up with yet... by robot256 · · Score: 4, Insightful

    ...to distribute rootkits and create botnets. Even better than those "Free Antivirus Software" downloads.

    Seriously, is anybody going to trust something like this without the source? Somebody intelligent enough not to open unsolicited email attachments, at any rate.

    (And yes, I realize there might be "legitimate" reasons for keeping the source out of law enforcement's hands, but frankly [at risk of trolling] I would rather be spied on by the government than identity thieves.)

  6. Re:DECAF: A welcoming news by skine · · Score: 5, Funny

    I prefer to RAGE against the machine.

    BAH-duh BAH BAH-duh BAH DAH-duh.

  7. Arguments by Demonantis · · Score: 5, Insightful

    I realize a large number of people won't trust it because its not opensource. I can see the authors view point though of not wanting Microsoft to turn around and make a patch against it. If you don't want it don't run it, but if it is a trojan a firewall can easily defeat that. If it is a virus word will spread and people will avoid it. It is like the Antivirus 2009 programs, other then being blatantly obvious viruses, don't work anymore because people know they are bad.

  8. Re:DECAF: A welcoming news by Anonymous Coward · · Score: 5, Funny

    Coding in the name of!

  9. Just wait!!! by Monkeedude1212 · · Score: 4, Funny

    Soon I'll Release my Beta version of FRENCH VANILA

    (Forensic Reducing Emulator Named Coherantly and Handsomely for Very Awesome Naughty and Illicit Activities)

  10. Re:DECAF: A welcoming news by Anonymous Coward · · Score: 5, Funny

    Fuck you, I won't code what you tell me!

  11. Re:DECAF: A welcoming news by Per+Wigren · · Score: 5, Funny

    Some of those who share sources
    are the same that hate bosses

    --
    My other account has a 3-digit UID.