Hackers Counter Microsoft COFEE With Some DECAF 154
An anonymous reader writes "Two developers have created 'Detect and Eliminate Computer Assisted Forensics' (DECAF). The tool tries to stop Microsoft's Computer Online Forensic Evidence Extractor (COFEE), which helps law enforcement officials grab data from password-protected or encrypted sources. After COFEE was leaked to the Web, Microsoft issued takedown notices to sites hosting the software." The article notes that DECAF is not open source, so you aren't really going to know for sure what it will do to your computer.
DECAF: A welcoming news (Score:2, Insightful)
Less innocent people will be going to jail. Less family will be broke up.
The time has come to rise against the machine.
Perfect trojan horse (Score:5, Insightful)
Haha, that'd be the perfect trojan horse. Have people with (illicit) things to hide run a program that claims to prevent them from being caught, all the while this program is just reporting them. And even if they post code, they could just post any old source code and claim it was used to generate the executable.
So let me get this straight... (Score:5, Insightful)
This is the best idea they've come up with yet... (Score:4, Insightful)
...to distribute rootkits and create botnets. Even better than those "Free Antivirus Software" downloads.
Seriously, is anybody going to trust something like this without the source? Somebody intelligent enough not to open unsolicited email attachments, at any rate.
(And yes, I realize there might be "legitimate" reasons for keeping the source out of law enforcement's hands, but frankly [at risk of trolling] I would rather be spied on by the government than identity thieves.)
Re:Perfect trojan horse (Score:5, Insightful)
And even if they post code, they could just post any old source code and claim it was used to generate the executable.
Well yeah, until someone who has an I.Q. greater than a water buffalo compiles the source code and finds out that it doesn't match up with the finished DECAF product...
That's the point of having source code out there in the first place. It can be inspected for everything from your everyday uh-ohs to your big time no-nos.
Arguments (Score:5, Insightful)
Re:Perfect trojan horse (Score:2, Insightful)
And then some one with a little higher I.Q. takes the time to do something fun like disassemble the executable or hell, use wireshark to capture any network traffic the program might generate to see what it is actually doing.
Wait, what--? (Score:4, Insightful)
...so you aren't really going to know for sure what it will do to your computer.
You're saying you don't know how to run a debugger in a VM session? or registry and file monitoring utilities? I get that analyzing machine code may be a bit of a lost art, but if you have the binary file you have everything you need to figure out what it does -- eventually. Someone will reverse-engineer it. In fact, I rather expect the authors knew this when they released it.
Re:Arguments (Score:3, Insightful)
One would think that Microsoft has little to no problems doing this without the source.
I am confused. (Score:2, Insightful)
Re:DECAF: A welcoming news (Score:3, Insightful)
Less innocent people will be going to jail. Less family will be broke up. [sic]
Any particular reason to think innocent people are more likely to use DECAF than the guilty? I fail to see why technical savvy should be correlated with innocence or guilt.
Re:DECAF: A welcoming news (Score:3, Insightful)
Re:DECAF: A welcoming news (Score:1, Insightful)
Less innocent people will be going to jail. Less family will be broke up. [sic]
Any particular reason to think innocent people are more likely to use DECAF than the guilty? I fail to see why technical savvy should be correlated with innocence or guilt.
No correlation is implied. Fewer people go to jail, both innocent and guilty.