Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Microsoft Security Software Technology

Hackers Counter Microsoft COFEE With Some DECAF 154

Posted by kdawson from the please-mister-moto dept.
An anonymous reader writes "Two developers have created 'Detect and Eliminate Computer Assisted Forensics' (DECAF). The tool tries to stop Microsoft's Computer Online Forensic Evidence Extractor (COFEE), which helps law enforcement officials grab data from password-protected or encrypted sources. After COFEE was leaked to the Web, Microsoft issued takedown notices to sites hosting the software." The article notes that DECAF is not open source, so you aren't really going to know for sure what it will do to your computer.
This discussion has been archived. No new comments can be posted.

Hackers Counter Microsoft COFEE With Some DECAF More

Hackers Counter Microsoft COFEE With Some DECAF

Comments Filter:

  • DECAF: A welcoming news (Score:2, Insightful)

    by ub3r n3u7r4l1st ( 1388939 ) * on Tuesday December 15, 2009 @11:45PM (#30453732)

    Less innocent people will be going to jail. Less family will be broke up.

    The time has come to rise against the machine.

  • Perfect trojan horse (Score:5, Insightful)

    by Anonymous Coward on Tuesday December 15, 2009 @11:46PM (#30453734)

    DECAF is not open source, so you aren't really going to know for sure what it will do to your computer.

    Haha, that'd be the perfect trojan horse. Have people with (illicit) things to hide run a program that claims to prevent them from being caught, all the while this program is just reporting them. And even if they post code, they could just post any old source code and claim it was used to generate the executable.

  • So let me get this straight... (Score:5, Insightful)

    by publiclurker ( 952615 ) on Tuesday December 15, 2009 @11:48PM (#30453752)
    I have incriminating information on my computer so I'm supposed to download and run some closed-source software from people who now know I have this information, and it will make my problems go away. Right.....

  • This is the best idea they've come up with yet... (Score:4, Insightful)

    by robot256 ( 1635039 ) on Tuesday December 15, 2009 @11:59PM (#30453816)

    ...to distribute rootkits and create botnets. Even better than those "Free Antivirus Software" downloads.

    Seriously, is anybody going to trust something like this without the source? Somebody intelligent enough not to open unsolicited email attachments, at any rate.

    (And yes, I realize there might be "legitimate" reasons for keeping the source out of law enforcement's hands, but frankly [at risk of trolling] I would rather be spied on by the government than identity thieves.)

  • Re:Perfect trojan horse (Score:5, Insightful)

    by Ihmhi ( 1206036 ) <i_have_mental_health_issues@yahoo.com> on Wednesday December 16, 2009 @12:18AM (#30453908)

    And even if they post code, they could just post any old source code and claim it was used to generate the executable.

    Well yeah, until someone who has an I.Q. greater than a water buffalo compiles the source code and finds out that it doesn't match up with the finished DECAF product...

    That's the point of having source code out there in the first place. It can be inspected for everything from your everyday uh-ohs to your big time no-nos.

  • Arguments (Score:5, Insightful)

    by Demonantis ( 1340557 ) on Wednesday December 16, 2009 @12:31AM (#30453954)
    I realize a large number of people won't trust it because its not opensource. I can see the authors view point though of not wanting Microsoft to turn around and make a patch against it. If you don't want it don't run it, but if it is a trojan a firewall can easily defeat that. If it is a virus word will spread and people will avoid it. It is like the Antivirus 2009 programs, other then being blatantly obvious viruses, don't work anymore because people know they are bad.

  • Re:Perfect trojan horse (Score:2, Insightful)

    by Anonymous Coward on Wednesday December 16, 2009 @01:27AM (#30454234)

    And then some one with a little higher I.Q. takes the time to do something fun like disassemble the executable or hell, use wireshark to capture any network traffic the program might generate to see what it is actually doing.

  • Wait, what--? (Score:4, Insightful)

    by girlintraining ( 1395911 ) on Wednesday December 16, 2009 @01:38AM (#30454304)

    ...so you aren't really going to know for sure what it will do to your computer.

    You're saying you don't know how to run a debugger in a VM session? or registry and file monitoring utilities? I get that analyzing machine code may be a bit of a lost art, but if you have the binary file you have everything you need to figure out what it does -- eventually. Someone will reverse-engineer it. In fact, I rather expect the authors knew this when they released it.

  • Re:Arguments (Score:3, Insightful)

    by JonJ ( 907502 ) <jon.jahren@gmail.com> on Wednesday December 16, 2009 @01:38AM (#30454312)

    I can see the authors view point though of not wanting Microsoft to turn around and make a patch against it.

    One would think that Microsoft has little to no problems doing this without the source.

  • I am confused. (Score:2, Insightful)

    by TexasTroy ( 1701144 ) on Wednesday December 16, 2009 @02:37AM (#30454610)
    Someone please explain. How is Windows secure (no pun intended) if Microsoft can release a tool, or script, which can get information from a password or encrypted system? Surely this cannot be an exploit to a backdoor. Does the use of COFEE require a user to already be logged in for it to work? Seriously. If this is the case, what keeps an evil-doer from using the tool to get into any window system they want and do whatever they want? If the tool has been leaked, then there is plausible deniability regarding any type of evidence on any windows box. Even if it were not leaked, this is proof that the windows platform is inherently insecure because there is a built-in method for bypassing its security features. Someone knowledgeable care to enlighten the uninformed?

  • Re:DECAF: A welcoming news (Score:3, Insightful)

    by Wrath0fb0b ( 302444 ) on Wednesday December 16, 2009 @04:03AM (#30454888)

    Less innocent people will be going to jail. Less family will be broke up. [sic]

    Any particular reason to think innocent people are more likely to use DECAF than the guilty? I fail to see why technical savvy should be correlated with innocence or guilt.

  • Re:DECAF: A welcoming news (Score:3, Insightful)

    by camg188 ( 932324 ) on Wednesday December 16, 2009 @09:00AM (#30456418)
    Why do you care about popularity ratings? Just listen to what you like. End of problem.

  • Re:DECAF: A welcoming news (Score:1, Insightful)

    by Anonymous Coward on Wednesday December 16, 2009 @11:25AM (#30458028)

    Less innocent people will be going to jail. Less family will be broke up. [sic]

    Any particular reason to think innocent people are more likely to use DECAF than the guilty? I fail to see why technical savvy should be correlated with innocence or guilt.

    No correlation is implied. Fewer people go to jail, both innocent and guilty.

Slashdot Top Deals

Solutions are obvious if one only has the optical power to observe them over the horizon. -- K.A. Arsdall

Close