Microsoft Helps Police Crack Your Computer 558
IGnatius T Foobar writes "Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that "may have been used in crimes." It basically bypasses all of the Windows security (decrypting passwords, etc.) in order to eliminate all that pesky privacy when the police have physical access to your computer. Just one more reason not to run Windows on your computer."
Not new (Score:5, Interesting)
Anyone can boot from a Knoppix live CD and mount NTFS drives in Linux and poke around. NTFS security is not applied under Linux so you can have a look at anything you want. I don't see how this is a big deal.
The only thing that might be a problem is browsing the registry, but I wonder if wine's regedit can load native Windows registry hives. If so, then all Microsoft has done is taken existing Linux functionality and made it user friendly for the police.
Speaking of which, anyone wanna place bets as to how long it takes for this tool to spread across p2p and torrent sites?
My laptop was stolen a few weeks ago ... (Score:1, Interesting)
Lesson for anyone reading this post: Use secure wipe when buying a used laptop and encrypt if you value your privacy. It is probably standard police procedure to snoop in people's files whenever the opportunity presents itself. I am grateful for recovering my laptop but its feel like a second violation with such intrusive methods.
Re:Flaw (Score:2, Interesting)
_NSAKEY [wikipedia.org]
Re:Really? (Score:4, Interesting)
Police over here in WA have a special distro designed for forensics [zdnet.com.au].
Re:Really? (Score:4, Interesting)
I'd just boot knoppix and mount the partition. There, I have access to all the files. That goes for windows AND unix/linux.
If you really depend on the password for anything other than stopping casual or remote access, you're just fooling yourself.
Re:Really? (Score:1, Interesting)
Also, this is probably fully automated, like plugging in a flash drive. Just wait until a few of these get lost.....
Re:Really? (Score:3, Interesting)
http://support.microsoft.com/kb/268019/en-us [microsoft.com]
http://support.microsoft.com/kb/308421/en-us [microsoft.com]
Re:Really? (Score:4, Interesting)
http://en.wikipedia.org/wiki/FileVault [wikipedia.org]
I was in an Apple store once when someone brought in their file vaulted laptop computer. They had 'forgotten' their password (Their actual story was that the OS changed the password on them). Apple Genius told them they were SOL. There are ways, but none of them are easy and most require something like cooling the RAM immediately after shutdown or catching the computer when it is sleeping.
Re:Flaw (Score:2, Interesting)
Re:Flaw (Score:4, Interesting)
Wow. Just fucking wow.
So, either an AC is trolling by claiming to be a police officer who abuses due process. In which case I'm feeding trolls, and it's my bad.
Or, an actual police officer is pointing out how he can basically stomp over the intent of the law and your rights by pulling out an unsubstantiated claim of obstruction of justice.
If so, you're a perfect example of what is wrong in law enforcement, and why people have come to believe the cops are just thugs with authority. No wonder you posted anonymously. Thank you for demonstrating a new reason for increased cynicism about such things. No wonder people hate cops.
Cheers
Re:Customs (Score:4, Interesting)
Comment removed (Score:3, Interesting)
Re:Really? (Score:3, Interesting)
See: http://rentzsch.com/macosx/securingFirewire [rentzsch.com]
"Firewire provides direct memory access. So I can plug in my PowerBook into an Xserve, and arbitrarily read and write to all of the Xserve's RAM, sans any logical protection."
"Paul claims enabling the Open Firmware password also automatically disables Firewire DMA, preventing tricks like Quinn's."
Go figure
As for your question. I'm not familiar with File Vault.
But with all such tech, it's very dependent on the details. A lot of cases the encryption is done with a "secret", and your passphrase is used to unlock that secret. If the secret is destroyed and there are no copies, even if you have your passphrase you won't be able to access the data.
With some tech, there is a way for you to create multiple keys with access to the data. So you use one key, and you store another key somewhere else safe, so if you screw up you can still go dig it out (if you can still get it
Another issue: if you or someone else ever makes a copy of the encrypted partition or container file, and stores it somewhere, then an attacker might be able to compare the two versions.
Thus if the attacker can sneak in and make copies of your drives, you may have a problem. The attacker could do a "chosen plaintext attack" on you. For example the attacker could send you contrived spam emails, and compare the changes in the drive images.
Now the other problem is backups, what do you do with backups. If you don't encrypt the backups then you have an obvious problem.
If you make copies of the encrypted containers - see the above "chosen plaintext" thing.
So you need to use backup software that does things correctly, and which can actually restore stuff
Crypto and security isn't easy to do right. You have to consider the costs and impact.
Re:Flaw (Score:2, Interesting)
> extract forensic data from computers that "may have been used in crimes." It basically
> bypasses all of the Windows security (decrypting passwords, etc.)
Two days later:
"Here's a list of 347 web sites where you can download this.
Thirty seven days later:
"Microsoft has issued a security alert because of a hack that will allow anyone to remotely access and take control of your computer."
Six months later:
"Microsoft has issued a patch via their patch update system. Also, there is no more backdoor utility."
Three days later:
"Here are 4,277 web sites where you can download the new government backdoor spying Microsoft utility."
etc.
Actually, I wondered a long time ago if the government didn't get all up in Microsoft's face about monopoly violations so they could induce them to secretly give up ways to invade computers remotely. A few show trials and penalties, and then the government decides it's done.
Re:Flaw (Score:4, Interesting)
The article says