Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Microsoft Security Software Technology

Microsoft Issues Takedown Notices Over COFEE 69

Eugen tips news that Microsoft has sent DMCA takedown notices to several websites to stop them from offering the Computer Online Forensic Evidence Extractor (COFEE) tool for download after it was leaked earlier this month. One of the sites, Cryptome.org, has posted their correspondence with Microsoft over the software. "... Microsoft contacted Network Solutions, which hosts Cryptome, and since John Young, the owner of the website, wasn't too keen on losing his whole website for the sake of a single 15MB file, he removed the download link and sent Network Solutions a notice of compliance."
This discussion has been archived. No new comments can be posted.

Microsoft Issues Takedown Notices Over COFEE

Comments Filter:
  • by Monkeedude1212 ( 1560403 ) on Thursday November 26, 2009 @10:32AM (#30237274) Journal

    Everything goes somewhere, and I go everywhere.

    Once something is leaked you can take down all the websites you want, but you won't stop P2P Sharing.

    • Re: (Score:3, Insightful)

      by wvmarle ( 1070040 )

      Just put it on a server outside of the USA. Then at least you won't have an issue with DMCA notices.

      • by mysidia ( 191772 )

        In this case, it doesn't matter where the website is hosted, since the domain is registered with a US-based registrar, they can always send DMCA notices to the US-based registrar to ask them to "remove the domain name"

        Gotta insulate DNS first.

        If DNS is protected from takedown, you can have servers all over the world ready to step in with a simple records change.

        If not, they just gotta take down DNS, and then it doesn't matter where you put the server, you have to get a new name.....

        • by Zemran ( 3101 )

          ??? We do have other DNS servers out here and your government can only try to stop you guys in the US from using them. If a site is removed from your DNS it will still remain on ours and if you change your settings to use our DNS servers you will still be able to access whatever you want.

          • by mysidia ( 191772 )

            It doesn't matter where their DNS servers are.

            If their domain is registered with (network solutions) as it is, only Network Solutions holds the auth codes for the domain.

            A court can order network solutions to establish a REGISTRAR-LOCK and freeze the domain, i.e. use the ordinary technical means available, to block any transfer attempt.

            And then remove delegations to the DNS servers.

            In this manner, it doesn't matter where their DNS servers themselves are located, once they are no longer authoritati

            • by Zemran ( 3101 )

              I am sure that you believe this but do you really think that those of in the rest of the world would really put up with that? If the US closed a European, Russian or Chinese site for something that is illegal in the US but not in Europe, Russia or China you would break the internet. It is stupid. We have lots of sites that openly provide films, music etc. to those that can read russian without a care for your laws. The Mafiaa would love to stop this but it is outside your control.

              • by mysidia ( 191772 )

                Then they should register their domains through a russian domain registrar that is outside the US jurisdiction, or through their .RU ccTLD.

                Because Network Solutions is a US-based competitive registrar, which has to obey any lawful order made by a US court, under penalty of contempt, and has to obey DMCA notices from companies like Microsoft or risk liability.

                Registrars are not immune, and the only reason they haven't frozen DNS for the domain is they weren't ordered to, and Microsoft may not have req

                • by Zemran ( 3101 )

                  We are at cross purposes as I meant using different different tlds. .su is popular with the real rebels now and they allow cyrillic. ICANN have been trying to close .su for a long time but if it comes to a fight they know that it will just strengthen the alternatives.

    • by Burz ( 138833 )

      Once something is leaked you can take down all the websites you want, but you won't stop P2P Sharing.

      Indeed, it has already shown up on the anonymous I2P network.

  • by Telecommando ( 513768 ) on Thursday November 26, 2009 @10:33AM (#30237280)

    I suspect that anyone who wanted it has already downloaded a copy by now.

  • I can relate. (Score:5, Interesting)

    by Jazz-Masta ( 240659 ) on Thursday November 26, 2009 @10:40AM (#30237342)

    "... Microsoft contacted Network Solutions, which hosts Cryptome, and since John Young, the owner of the website, wasn't too keen on losing his whole website for the sake of a single 15MB file, he removed the download link and sent Network Solutions a notice of compliance."

    I can relate to this. Around 2002 I received notice over a few files that a website had on one of my servers. I talked it over with the individual (owner) and he agreed it wasn't worth the effort and removed them. Everyone was happy.

    I know /. regularly crucifies people who comply with these notices as wimps, corporate sellouts, etc, but when someone has to put food on the table, and really does not care about the content more than their own livelihood, then there really is no issue. This is why we have wikileaks, etc, so that individuals do not have to bear the brunt of responsibility for hosting these leaked files or other sensitive info.

    In the case of COFEE, it was a 'stealing software' issue, and not a 'this is my right to leak this program' issue. Or maybe it is...maybe some reverse engineers can find out COFEE is putting innocent people beind bars?

    • Re: (Score:3, Insightful)

      by Guspaz ( 556486 )

      It won't matter anyhow, Microsoft just ignorantly invoked the Streisand effect.

      Note to everyone out there faced with a "leak": The best thing to do is NOTHING. By trying to have something removed, it will only be spread more widely.

      If Microsoft had simply ignored the incident, Cryptome would have hosted it and the vast majority of people would have never even heard of COFEE. Now, tons of people are downloading it just BECAUSE of the reports of their takedown campaign.

      • Re: (Score:2, Interesting)

        by jonadab ( 583620 )
        > It won't matter anyhow, Microsoft just ignorantly invoked the Streisand effect.

        Maybe.

        > Note to everyone out there faced with a "leak": The best thing to do is NOTHING.

        That depends on your goal.

        > By trying to have something removed, it will only be spread more widely.

        True.

        > If Microsoft had simply ignored the incident, Cryptome would have hosted
        > it and the vast majority of people would have never even heard of COFEE.

        Also true.

        > Now, tons of people are downloading it just BECAUSE
        > of t
    • by Nikker ( 749551 )
      I would bet this program was 'leaked' as a social experiment to test it out.
      1. 1) Let a bunch of curious geeks get interested and run the program
      2. 2) Scan their system and send data back to test out this software
      3. 3) Show law enforcement how good of a job they can do
      4. 4) Get contract for COFFEE
      5. 5) Lock in said law enforcement to more copies of windows to use said program
      6. 6) Profit
    • I've seen several C&D's (Cease and Desist) in my time. Most were for copyrighted photos, where someone had copied them without permission and used them. Depending on the offense and the usage, they were treated from removing the offending pictures, to removing the whole site. The whole site treatment was only if (and only if) they constituted the entire site. The customer was always notified, which kept everyone out of legal trouble.

      As much as we may not like the topic

  • by Anonymous Coward on Thursday November 26, 2009 @10:41AM (#30237350)

    ...as the hot COFEE incident?

  • by Ellis D. Tripp ( 755736 ) on Thursday November 26, 2009 @10:46AM (#30237388) Homepage
  • by Anonymous Coward

    Funny story, just visited cryptome and the files are still downloadable.

  • Takedown notice... (Score:5, Insightful)

    by Trebawa ( 1461025 ) <trbawa@[ ].com ['aol' in gap]> on Thursday November 26, 2009 @11:01AM (#30237490)
    Thus guaranteeing thousands of frantic downloads.
  • by Anonymous Coward

    But did he email his copy back to Microsoft?

    • Re: (Score:3, Funny)

      by Abstrackt ( 609015 )

      But did he email his copy back to Microsoft?

      No, but he did send them a drawing of a spider.

  • Want... (Score:2, Funny)

    I have no idea what this is. I havn't even read the article. But on the basis that Microsoft don't want me to have it, I'm going to hunt it down.
    • Re: (Score:3, Insightful)

      by JWSmythe ( 446288 )

      That's why most people are going to grab it.

          1) They don't want you to have it.
          2) They are making a big deal about it.
          3) (the lesser reason) To see what MS is giving up to LEO.

  • COFEE is available on Freenet, as are most things like this.

    Freenet is very usable at the moment. Speeds are pretty good considering the constraints of encryption and anonymity, and there is a lot of filesharing going on.

    • by arth1 ( 260657 ) on Thursday November 26, 2009 @08:50PM (#30241690) Homepage Journal

      Freenet and other anonymous forwarder schemes arent's secure, unless you already can trust any and all of the nodes you connect directly to. And if you can trust them, you might as well use a network share -- it's much faster.

      Why it isn't safe? Funneling. The easiest imaginable (but far from most efficient) version is a cluster of N nodes, where N equals the maximum number of jumps a packet can take, the internal max TTL of the protocol used. The nodes are firewalled in a chain, so that only one end of the chain is open from the outside, and only the other end of the chain can send requests out to the internet. Then those who run the nodes know that any traffic that makes it through to the end of the chain must be from directly connected hosts. It doesn't matter if the TTL is randomized and encrypted in an onion layer; as long as there is a max, even if only one out of a million packets make it to the endpoint host, for all the traffic that does make it, they know the source and the destination.

      The problem is that with a design where the next hop gets to choose its next hop, you can't prevent someone from creating funnels where traffic can't go to other nodes, only to other malicious hosts or the outside.

      Another problem is if you have a single pipe. Then it's dead easy to sit at your ISP and drop the pipe to you intermittently. When there are outgoing requests when the pipe to you is down, the snoops know that the traffic originates from you. And again, with a funnel, they can find out where the traffic is going. Do they know what the traffic is? Well, they may be the ones that host the materials you try to access, in which case, yes, they do.

      And yes, a large portion of the so-called darknets are run by law enforcement agencies and institutions working closely with them. Letting a thousand people getting away with downloading pipe bomb recipes, child porn and sedition against king Dumbledore is apparently acceptable if they can nab one every now and then, and thus justify their own existence.

      • I had an idea to solve this problem, and further hide identities in the process.

        You (through a nice friendly interface) get it to generate a Pri/Pub key pair. Then the public key is used to both encrypt traffic that is for you AND to id your node on the network. You then send your public key to your trusted friends out-of-band (OOB) e.g. by having a button that exports the key and your current internet-facing IP (grab it automatically from whats-my-ip.com or suchlike) in a way that's dead easy to paste in
      • It sounds like you aren't very familiar with how Freenet works. There is no "outside" in Freenet - everything is internal. It's not like Tor where you have content hosted in a specific place and Tor just handles the transport - Freenet hosts all the content too.

        A file in Freenet won't be stored in one place, it is split into chunks of 32kB and those will be stored all over Freenet, usually highly redundantly.

        Freenet is designed so that even if a large minority of nodes are compromised by law enforcement or

  • All versions I could find. Search TPB. And I'm not going to stop.

% APL is a natural extension of assembler language programming; ...and is best for educational purposes. -- A. Perlis

Working...