Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Helps Police Crack Your Computer

timothy posted more than 6 years ago | from the not-linux-enabled dept.

Windows 558

IGnatius T Foobar writes "Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that "may have been used in crimes." It basically bypasses all of the Windows security (decrypting passwords, etc.) in order to eliminate all that pesky privacy when the police have physical access to your computer. Just one more reason not to run Windows on your computer."

Sorry! There are no comments related to the filter you selected.

Well, no windows for me (2, Funny)

ChuckSchwab (813568) | more than 6 years ago | (#23238354)

I sure don't want investigators to find my child pornography!

I guess I'll have to go with Ubuntu, although it's probably expensive, and I haven't worked out the illegality of those torrents people are posting.

Re:Well, no windows for me (-1, Troll)

Anonymous Coward | more than 6 years ago | (#23238636)

I guess I'll have to go with Ubuntu
Don't forget to pay your $699 SCO licensing fee you tea-smoking bag of roosters!

Flaw (5, Insightful)

Narpak (961733) | more than 6 years ago | (#23238356)

Seems to me that if all you need to do to get full access to anyones computer (anyone running Windows that is) is a Microsoft made device; that is a serious security flaw.

Re:Flaw (4, Funny)

EMeta (860558) | more than 6 years ago | (#23238424)

Ah, but since the cracking device itself is made by Microsoft, it's not likely to work most of the time anyway. Just MS doing their own part to safeguarding our liberties.

Really? (5, Insightful)

SatanicPuppy (611928) | more than 6 years ago | (#23238604)

No unix using a non-encrypted file system is secure if you have physical access to the machine...Why would you assume it's any different with Windows?

I'd just boot knoppix and mount the partition. There, I have access to all the files. That goes for windows AND unix/linux.

If you really depend on the password for anything other than stopping casual or remote access, you're just fooling yourself.

Re:Really? (1)

Narpak (961733) | more than 6 years ago | (#23238742)

Ah these are facts I will not dispute. I just figured that an USB device that "can dramatically cut the time it takes to gather digital evidence," would aid those with malicious intent as much as the authorities (that always have your best interests in mind; honest!). ;)

Re:Really? (1)

SatanicPuppy (611928) | more than 6 years ago | (#23238850)

Physical access is always a killer. Your only safeguard at that point is encryption.

I can't think it would take all that long anyway. I reset the admin password on my windows laptop the other day, and it was fairly trivial.

Re:Flaw (5, Insightful)

gstoddart (321705) | more than 6 years ago | (#23238702)

Seems to me that if all you need to do to get full access to anyones computer (anyone running Windows that is) is a Microsoft made device; that is a serious security flaw.

And, a scary precedent.

When the man kicks in your door, hooks up his thumb drive to your Linux box and doesn't get what he wants ... you will have committed a crime by not making your information available in a format accessible to law enforcement. Only terrorists would do that.

The above is a deliberately absurd example. One which I fear is less far fetched than one would have previously hoped.

Mostly, I agree with some of the other posters here ... if Microsoft can make this, that means there's a defined mechanism you can use to completely defeat any form of security in Windows. And, that's bad; someone will figure this out.

Cheers

Re:Flaw (1)

ozmanjusri (601766) | more than 6 years ago | (#23238774)

someone will figure this out.

Someone HAS figured this out.

At least, that's the only safe assumption you can make about any Windows box now.

Re:Flaw (2, Funny)

esocid (946821) | more than 6 years ago | (#23238762)

Don't worry, it's Certified for Windows Vista!

Anonymous Coward (0)

Anonymous Coward | more than 6 years ago | (#23238358)

Like we are surprised-

What could possibly go wrong? (4, Insightful)

mrbah (844007) | more than 6 years ago | (#23238362)

Reverse engineering and (more) malicious usage in 3... 2... 1.

Re:What could possibly go wrong? (4, Funny)

nawcom (941663) | more than 6 years ago | (#23238466)

Reverse engineering and (more) malicious usage in 3... 2... 1.
Link to torrent of the COFEE thumb drive image on TPB in 3... 2... 1.

Re:What could possibly go wrong? (1)

Narpak (961733) | more than 6 years ago | (#23238472)

I am sure they are already easily available at a market in Kairo.

Re:What could possibly go wrong? (3, Informative)

tokul (682258) | more than 6 years ago | (#23238580)

Reverse engineering and ...

Why do you have to reverse engineer it when tools already exist?

This works! (3, Funny)

towelie-ban (1234530) | more than 6 years ago | (#23238386)

They're already selling these online. Just check the box next to "I certify I'm a cop. Seriously, I am." and it's all yours for $19.95.

Re:This works! (0)

Anonymous Coward | more than 6 years ago | (#23238758)

..and this is the first we've heard of this? Where are they being sold?

Here it comes... (3, Funny)

NewbieProgrammerMan (558327) | more than 6 years ago | (#23238388)

Cue the "if you have nothing to hide..." responses (and possibly some Hans Reiser jokes).

Re:Here it comes... (0)

Anonymous Coward | more than 6 years ago | (#23238476)

I have nothing to hide, except my journal.

Do not pass "go", do not collect... (3, Funny)

Anonymous Coward | more than 6 years ago | (#23238544)

"Where do you want to go today?"
Jail?

To save your time (1)

trifish (826353) | more than 6 years ago | (#23238392)

The summary and article in one word:

FUD

Re:To save your time (1)

Enderandrew (866215) | more than 6 years ago | (#23238622)

Not this time actually.

Fear, Uncertainty and Doubt is how they sway you away from competing products. Here they are just selling one of their own, with no mention of a competing product.

LIAR! (1)

SatanicPuppy (611928) | more than 6 years ago | (#23238680)

This is huge! Windows passwords aren't enough to secure my porn! Call the government! Call nasa! Call a lawyer! This is an outrage!

Seriously. Does anyone here NOT know how to pull all the data off a windows machine without a password? I can think of a half-dozen ways to do it, and there is plenty of commercial software out there if you wanted to purchase some.

If someone has physical access to your machine, it is NOT secure. This is why people use encryption.

How the - (5, Funny)

Fynd (1132303) | more than 6 years ago | (#23238394)

...bypasses all of the Windows security...
All of the Windows security - I can't even fathom how complex that device must be, that sure is a lot of security to bypass.

Re:How the - (1)

VeNoM0619 (1058216) | more than 6 years ago | (#23238596)

You are attempting to bypass all the security on this system:

Cancel or Allow?

UAC (1, Funny)

Anonymous Coward | more than 6 years ago | (#23238720)

No big deal. It's a USB keyboard with only an "I agree" button, and it's stuck.

What changed? (0)

Anonymous Coward | more than 6 years ago | (#23238402)

How is this different than anybody else cracking a Windows box ;-)

Interesting thought (1)

Oxy the moron (770724) | more than 6 years ago | (#23238408)

This article poses a question I've always wondered about. Do most criminal investigations of the computer-related nature have experts that are well-versed in multiple operating systems? Seeing as to how this is government, I would guess the answer is "no," and that is partly why we have this... uhh... "benefit" from Microsoft to aid our investigators.

Makes me curious as to what would happen if, for some reason, my computer were seized and the police booted up to an Ubuntu welcome screen... heh...

Re:Interesting thought (2, Funny)

AltGrendel (175092) | more than 6 years ago | (#23238448)

Makes me curious as to what would happen if, for some reason, my computer were seized and the police booted up to an Ubuntu welcome screen... heh...

They would probably post questions to "Ask Slashdot".

Re:Interesting thought (0)

Anonymous Coward | more than 6 years ago | (#23238598)

yeah I use Ubuntu just to escape the awful windows environments. sadly I must use XP at work.

Really though, if someone really really really wants to gain access to your information, nothing can stop them if they have the available time.

Re:Interesting thought (0)

Anonymous Coward | more than 6 years ago | (#23238532)

Makes me curious as to what would happen if, for some reason, my computer were seized and the police booted up to an Ubuntu welcome screen
Arrested for treason. Filthy communist.

Re:Interesting thought (2)

EasyTarget (43516) | more than 6 years ago | (#23238556)

No.
They'll get my FreeBSD box, fail to understand it, probably reformat the RAID drives trying to run a 'disk checker' on them. Then use this as evidence of my wrongoing.

"He had a 'so called' open computer, that no 'normal' person can understand, breaking all Microsoft's standards and patents. It's made of Demons! burn the TERRORIST!!!"

Re:Interesting thought (1)

SatanicPuppy (611928) | more than 6 years ago | (#23238726)

They just hire consultants. It's pointless to have a bunch of computer security guys on your staff when it's a tiny minority of your crimes that are dealing with computer issues.

Re:Interesting thought (1)

gzipped_tar (1151931) | more than 6 years ago | (#23238728)

Give me your root password or I'll fire.

Re:Interesting thought (1)

Mia'cova (691309) | more than 6 years ago | (#23238824)

If there's a valid reason to perform a full search, they'll pay to get the job done, regardless of weather or not they can do it internally. Of course, by handling the windows case in-house, most searches can be handled internally.

They don't just give up if they get a unix shell and let the killer go.

I dunno... (2, Informative)

Otter (3800) | more than 6 years ago | (#23238416)

It basically bypasses all of the Windows security...

The article is extremely vague, but I don't see where this assertion came from. It sounds like they're distributing USB drives with a collection of cracking and monitoring tools; like what any self-respecting 1337 h4x0r carries around with him. If that's correct, there's no reason to think the same thing couldn't be done for Linux.

Re:I dunno... (0)

AngelKurisu (1173447) | more than 6 years ago | (#23238478)

Yes, but the difference is Linux isn't made with intentional security holes that the maker obscures and then peddles to law enforcement agencies. It's no doubt in the works that Microsoft will charge for these services at some point down the line. Who'd have thought, shoddy security is just another revenue stream!

Re:I dunno... (1)

Otter (3800) | more than 6 years ago | (#23238666)

Yes, but the difference is Linux isn't made with intentional security holes that the maker obscures and then peddles to law enforcement agencies.

Could you please point out the part of the story where you and the submitter are getting this "bypassing security" thing from?

Re:I dunno... (1)

BigJClark (1226554) | more than 6 years ago | (#23238672)



Perhaps I'm the only one versed in extremely low level haxoring techniques, employed over generations and generations of haxingors, but why not serve a warrant, obtain said computer, then use the boot disk? :)

Ram-resident data can be lost (1)

davidwr (791652) | more than 6 years ago | (#23238788)

Part of modern computer forensics is preserving as much of the state of the computer as possible BEFORE power is lost.

Granted, the state is in constant flux, but the cops really do want to grab any and all RAM-resident security keys, the contents of RAM disks, data not yet fully saved to files, etc.

The wet dream of a computer forensics expert is a computer he can put into hibernation without risking the loss of any data that has a "I'm going into hibernation mode, I better erase myself" detector.

Re:I dunno... (1)

CSMatt (1175471) | more than 6 years ago | (#23238832)

In this day and age, the police no longer need warrents.

Re:I dunno... (1)

QuantumRiff (120817) | more than 6 years ago | (#23238706)

Right, but what happens when that cop tries to copy c:\windows\system32 (cause IIS defaults to putting its logfiles in there) from the hard drive to the pen drive; that's what step 18 in the carefully laid out instructions say. He really doesn't want to tinker, because evidence has to be gathered a certain way, to be used in court. He got promoted from a different post last year, and has been sent to lots of training on forensics for windows systems.

Thankfully I run Linux (0)

Anonymous Coward | more than 6 years ago | (#23238422)

All linux boxes come with a depleted uranium case that prevents physical access to the machine.

Re:Thankfully I run Linux (0)

Anonymous Coward | more than 6 years ago | (#23238560)

Yeah, I bought mine from Dell.

It's okay! (1)

AngelKurisu (1173447) | more than 6 years ago | (#23238428)

There's no way this could fall into the hands of someone unsavory. Newp.

If this isn't just vicious rumour... (1)

L4t3r4lu5 (1216702) | more than 6 years ago | (#23238434)

My PC is going on eBay.

I'll game on a console from now on, and get a laptop that is compatible with Ubuntu.

The ultimate zero-day exploit (1)

G4from128k (686170) | more than 6 years ago | (#23238436)

This sounds like the ultimate exploit. MSFT is hardly going to close these security holes. I wonder when copies of this USB drive (and network-enabled variants of the attacks) will be employed by malware and botnet vendors.

Re:The ultimate zero-day exploit (1)

syd02 (595787) | more than 6 years ago | (#23238594)

Don't worry...it was designed by Microsoft, so you know it's secure.

If It's Possible... (1)

D Ninja (825055) | more than 6 years ago | (#23238438)

So, the sheer fact that there is a device that can do this also means that anybody can do this because the methods are in place for bypassing security. It's only a matter of time before someone spends enough energy to develop a device that can do this (outside of Microsoft).

The implications of a device like this are scary to say the least. Although I'm not a Microsoft hater, this alone is more than enough to make me take a second look at options other than Microsoft Windows.

Re:If It's Possible... (5, Insightful)

vux984 (928602) | more than 6 years ago | (#23238626)

So, the sheer fact that there is a device that can do this also means that anybody can do this because the methods are in place for bypassing security. It's only a matter of time before someone spends enough energy to develop a device that can do this (outside of Microsoft).

No. The ONLY question that is of any interest is whether or not this device actually has a back door to Windows encryption. Somehow I seriously doubt that it does. Its probably little more than a bootable drive with NTFS support, and some tools. If you've got a password on your login, it doesn't mean you are using encryption. And this tool probably just lets you get straight to searching the -unencrypted- disk without cracking the login, or without pulling the drive and installing it somewhere else to scan through.

The implications of a device like this are scary to say the least. Although I'm not a Microsoft hater, this alone is more than enough to make me take a second look at options other than Microsoft Windows.

I suspect your average Linux LiveCD Recovery Disk has all the same tools on it. MS is just getting on board with their own version, to remove another area, where, right now, you have to use Linux. If that's the case the implications aren't scary at all.

And this whole are article is pure FUD.

Unless they've provided a back door to the encryption. That is the -only- question. But I really doubt they have.

Re:If It's Possible... (3, Insightful)

SatanicPuppy (611928) | more than 6 years ago | (#23238796)

Yea, look at linux...No way would it be possible to reset the root password [linuxgazette.net] if you had physical access to the machine.

I can't believe all the people who are freaking out about this. This isn't a remote exploit. This isn't a massive security hole. This is trivial stuff that anyone who is reasonably computer savvy should be able to do.

This is very smart on Microsoft's part... (2, Insightful)

ConceptJunkie (24823) | more than 6 years ago | (#23238444)

...it's just one more nail in the coffin of being "allowed" to use OSS. After all, if you have nothing to hide then you have nothing to fear, and only criminals would use OSS that would allow them to evade government snooping.

I'm sure some lobbyist is sitting with a Congressional staffer right now, explaining how requiring Windows on every computer is essential to the War on Terrorism.

Re:This is very smart on Microsoft's part... (1)

KiltedKnight (171132) | more than 6 years ago | (#23238608)

Considering that one interpretation of the MS Windows EULA basically says that while you own the computer, you don't really own the computer... All you need is some creative lawyer to use that interpretation to say, "Well, you don't really own the box. It's just on loan to you from Microsoft. This device allows Microsoft to examine their property."

How is this different? (1)

Kaptain Kruton (854928) | more than 6 years ago | (#23238446)

In the past, if I wanted to get information from another Windows machine, all I had to do was stick it in my Windows machine, log in as Administrator on my machine and change the permissions on the old hard drive. Then I could access all of the information, and bypass the Windows security from the other machine. The only thing I couldn't do is access some of the information that is actually stored in data files (such as IE's cache), even though it looks like a regular directory when ran within it's own windows installation. This is not new stuff.

Re:How is this different? (0)

Anonymous Coward | more than 6 years ago | (#23238828)

The only thing I couldn't do is access some of the information that is actually stored in data files (such as IE's cache)

To reveal the cache directories (if that's what you mean), you just edit and neuter index.dat and paste the neutered file in each one (Google it). You can do it on the host drive - no need for a different boot.

Oh, I've heard of this. (1)

xactuary (746078) | more than 6 years ago | (#23238450)

It's going to be called Windows 7, right?

Maybe I'm weird... (0)

Anonymous Coward | more than 6 years ago | (#23238474)

But this sounds okay to me. The police won't be using it without a warrant, as then they couldn't use any evidence they found against you in court. At least that's how the courts are supposed to work. If they are already allowed to look through your house for evidence, why not the computer? And if you're a smart criminal, you're not going to trust Windows security. If you're a dumb criminal, you deserve to get busted.

I can see potential for abuse, but police can abuse the handguns, handcuffs, flashlights, etc. they carry as well.

Now, such a device getting away from the police... That could be a problem.

Physical access equals ownage under any OS (3, Insightful)

Mashiara (5631) | more than 6 years ago | (#23238480)

unless the hardware itself is secured and tamper-resistant enough (ie cost of successfull tampering is higher than value of data).

This has always been true.

wow (1)

theheadlessrabbit (1022587) | more than 6 years ago | (#23238506)

i wish i had known about this during last months pwn to own contest.

Then i'd be running ubuntu on my cracked and pwned vista machine right now, instead of runnung ubuntu on my purchased and formatted vista machine.

Box 0wned by person with physical access! (1, Insightful)

Anonymous Coward | more than 6 years ago | (#23238508)

News at 11!

Required? (1)

dotancohen (1015143) | more than 6 years ago | (#23238520)

I wonder if some jurisdictions will begin requiring this, in the sense that if someone is using a system that does not support easily bypassing security that will be enough for 'probable grounds'.

Simple Protection (1)

Jonah Hex (651948) | more than 6 years ago | (#23238540)

Disable Autorun, that way the automated tool can't start. ;)

And if the USB software interacts with the computer while the OS is running, how can that be considered untainted evidence? AFAIK computer forensics rely on having snapshots of the machine with no possible interference from the OS and running programs.

Jonah HEX

Re:Simple Protection (1)

Applekid (993327) | more than 6 years ago | (#23238642)

AFAIK computer forensics rely on having snapshots of the machine with no possible interference from the OS and running programs.
This is a war on terror / pedophiles / drugs / little chocolate donuts! How dare you use semantics to cloud our investigations to protect the people / children / teens / diabetics.

Not new (4, Interesting)

The MAZZTer (911996) | more than 6 years ago | (#23238542)

Anyone can boot from a Knoppix live CD and mount NTFS drives in Linux and poke around. NTFS security is not applied under Linux so you can have a look at anything you want. I don't see how this is a big deal.

The only thing that might be a problem is browsing the registry, but I wonder if wine's regedit can load native Windows registry hives. If so, then all Microsoft has done is taken existing Linux functionality and made it user friendly for the police.

Speaking of which, anyone wanna place bets as to how long it takes for this tool to spread across p2p and torrent sites?

It seems... (1)

poormanjoe (889634) | more than 6 years ago | (#23238546)

that all the "device" does is speed up what the police were already able to do. Sounds like a PR stunt.

African computer crime units (0)

Anonymous Coward | more than 6 years ago | (#23238550)

Jean-Michel Louboutin, Interpol's executive director of police services, said only 10 of 50 African countries have dedicated cybercrime investigative units.


Oh the humanity.. thinking that the police forces of these African countries are more concerned with murder and rape!

Priorities, people!

Maybe not so bad... (1)

spasticfantastic (1118431) | more than 6 years ago | (#23238554)

Ok - in principle I think this is a bad thing but.. We already know that you're guilty until proven innocent now - anything that can speed up the time from accusation to aquital for innocent suspects is a good thing. Also this development will hopefully put the brakes on the UK gov's plans for increasing the time you can be be held without charge to 42 days - their excuse was that it takes a long time to obtain computer evidence. Of course it won't take long for this device to be found on the black market - another reason to move away from Windows, or is the plan to brand anyone who uses a non-windows OS as a possible criminal?

Offline NT password and registry editor? (1)

guruevi (827432) | more than 6 years ago | (#23238558)

I've had the following tool in my collection for a long time: http://home.eunet.no/pnordahl/ntpasswd/bootdisk.html [eunet.no]

It's quite easy, boot up the computer from that disk and you can reset the passwords in a few minutes. Linux-based too for that matter.

FTFA:
The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer. It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.

Apparently just some tools-on-a-disk. If it can bypass the encrypted file systems and other secure stuff, then there is a problem and the so-called "NSA-key" is not just myth (http://en.wikipedia.org/wiki/NSAKEY).

Re:Offline NT password and registry editor? (1)

Fast Thick Pants (1081517) | more than 6 years ago | (#23238852)

If it can bypass the encrypted file systems
Probably uses rainbow tables to crack the passwords like ophcrack -- user could then decrypt the EFS content without any backdoor, or just log in as the user and let Windows do the work.

What can it really do? (1)

Nukenbar (215420) | more than 6 years ago | (#23238566)

I really doubt that it can decrypt your passwords, other than a brute force attack. Maybe the trivial passwords on word 2003 files and the like.

Anything else you can easily do when you have physical access to the computer.

TFA very light on details (1)

Toreo asesino (951231) | more than 6 years ago | (#23238570)

locally stored passwords for websites have been crackable for a while now, and in Windows Server has been disabled by default for this reason.

User login passwords for Windows itself is something else and you can't "just decrypt" them.

Apart from that, it just sounds like MS have provided a bunch of analysis tools.

Is this really news or am I missing something here?

Customs (1)

Hemogoblin (982564) | more than 6 years ago | (#23238574)

Unless there's a huge public backlash before then, I predict that Customs will roll these out to every major airport within the year.

I recall a quote from a Canadian gentleman... (1)

Chris Tucker (302549) | more than 6 years ago | (#23238578)

...who was a computer forensics expert/consultant.

He said that if one is going to use one's computer as an aid to their criminal career, use a Mac. The RCMP and all the rest were completely ignorant when it came to the Mac OS as well as everything else not Windows.

Re:I recall a quote from a Canadian gentleman... (1)

Maximum Prophet (716608) | more than 6 years ago | (#23238724)

Won't work in the USA. If you are using a non-Windows machine, they'll just assume that you *are* a terrorist.

Well, why am I not surprised? (1)

flajann (658201) | more than 6 years ago | (#23238582)

Well, golly. This of course means there is *no* security on Windows computers. It's only a matter of time that this backdoor is cracked and becomes generally available to everyone.

The only thing I use Windows for is to run TurboTax and games. And I'm wondering about the TurboTax even.

But all hope is not lost -- running Windows on a hypervisor would be a bit more secure -- at least you can restart with the same snapshot, eliminating any attempts to embed a rootkit or snooping ware.

But really, with Linux these days, who needs Windows?

Scary - and unbelievable (1)

wvmarle (1070040) | more than 6 years ago | (#23238586)

This sounds too scary to be true - and if true, it won't be long for this to be reverse-engineered.

Bypassing passwords/security: that sounds like a built-in back door. Not a security flaw: "this bug is a feature". And those back doors if confirmed to exist will be found soon.

The most unbelievable part is "decrypting passwords". Since when is the actual password stored, instead of a cryptographic hash of it? If decryption were possible, they are using a two-way encryption and a secret key is somewhere hidden in Windows. Every single copy of it. And that I can't believe, really. I call hoax. Still it won't make me use Windows anytime soon.

TrueCrypt ! (2, Informative)

unrealmp3 (1179019) | more than 6 years ago | (#23238600)

For local data privacy, I would use TrueCrypt, not Windows EFS. Use Full Disk Encryption on TrueCrypt, and their COFEE thumbdrive won't be of any help.

Maybe this "security device" is simply... (1)

dyfet (154716) | more than 6 years ago | (#23238644)

...a USB drive that boots something like Knoppix with NTFS file system support! ;)....

People have been using that to recover data from broken and otherwise defective Microsoft Windows boxes for a long time now...

Re:Maybe this "security device" is simply... (0)

Anonymous Coward | more than 6 years ago | (#23238752)

I'll go you one better: I use Norton's Ghost in various capacities, and it's completely non-destructive and simple to use. I don't know if it's forensics-grade or not, but there's one advantage that nobody seems to have mentioned: This technique can be done in a suspect's home with no need to sieze any physical assets. This means that the cops don't have to physically take your computer to a crime lab somewhere to search it.

So tell me which you'd rather have: a consentual contact where a cop plugs a USB drive in to your PC and copies your data, or a half-dozen guys storming your place with a search warrant, carting all your gear off in vans, knowing full well that most of it will never be seen again.

MS is giving out for free (1)

Intron (870560) | more than 6 years ago | (#23238656)

Naturally they don't want police to have to carry around Knoppix CDs.

FUD (2, Insightful)

idlemind (760102) | more than 6 years ago | (#23238660)

Since when has physical access to a machine ever been safe for any operating system? Also, it's not like Microsoft programmed in back doors for law enforcement; they are just bundling their version of script kiddie hacks.

Seriously? (1, Informative)

Anonymous Coward | more than 6 years ago | (#23238664)

"It basically bypasses all of the Windows security (decrypting passwords, etc.) in order to eliminate all that pesky privacy when the police have physical access to your computer."

WOW; that's a really biased summary. Here's what the article actually says:

"The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer."

Between those lines, I do not see what you see...

Do they sell them to CIOs? (1)

davidwr (791652) | more than 6 years ago | (#23238668)

If I were a CIO, I'd want to make sure that either I could decrypt and analyze all the bits in my enterprise, or that nobody outside my enterprise could.

In other words, if there is a back door and I don't have it, the OS is not welcome in my shop.

It's not a bug, its a featutre! (1)

thtrgremlin (1158085) | more than 6 years ago | (#23238676)

Isn't the same old story? If you can't fix it, sell it! Vulnerabilities are now being 'sold' as police investigator tools. What next? Also, if you read the EULA for Vista (Probably applies to XP also) Microsoft can already access any files on any machine remotely, so long as it has an active internet connection. I think it was also determined recently as a part of that there is a special root login that only Microsoft has for all Windows machines giving more access than a normal administrator. Remember, they own it, and you lease the right to use it. :)

Pirate Bay (1)

street struttin' (1249972) | more than 6 years ago | (#23238682)

So how long do you think it will be before the files on these thumb drives show up on TPB?

Re:Pirate Bay (1)

thtrgremlin (1158085) | more than 6 years ago | (#23238780)

I think Microsoft just took Knoppix off of TPB and renamed it claiming First Sale Doctrine.

Viruses? (1)

Maximum Prophet (716608) | more than 6 years ago | (#23238684)

So as soon as a law enforcement type plugs this into the Bad Guy's computer, a virus is installed on the thumb drive and gets installed on every other machine that the drive is plugged into. (Like Mr. Law Enforcement's own desktop!!!)

Great Idea(tm) (:-)

Imagine the TSA was using these. Every businessman's computer would be owned. If the virus also disabled the detection systems, our Bad Guy could also attack other bad guy's systems. He'd rule the world... Bwa Ha Ha Ha....

There is no security without physical security (1)

Eskarel (565631) | more than 6 years ago | (#23238700)

Who really cares? With the exception of file or whole drive encryption, which this device isn't going to help with anyway, if someone has physical access to your box for any length of time, they have access to your machine, doesn't matter what OS you're running, or how complex your password is, phyiscal access to your box will give them any unencrypted data eventually.

With the right tools you can read files regardless of permissions, change passwords, add users, etc, almost anything. Building a linux live cd which can read most file formats and ignores ACL's and that's not even counting the various and sundry tools available which allow you to change even a root password to a machine you've forgotten the credentials to.

If the cops or anyone else has your PC they have access to anything on it that's not ecrypted, whether Microsoft wins some quick PR with law enforcement by making it easy for them or not. This is essentially a non story.

Have to give MS props for this one (0)

Anonymous Coward | more than 6 years ago | (#23238710)

I hate MS as much as the next guy, but I have to admit MS has the lead over Linux in the field of community service. If the Linux community cared about society as much as MS did, there would be much less crime.

Torrent anyone? (0)

Anonymous Coward | more than 6 years ago | (#23238714)

OK... So where can we download that tool? I got a couple of FUBARed computers which could definitely be saved with something like that.

It's OK, theyre doing it to keep the internet safe (1)

LighterShadeOfBlack (1011407) | more than 6 years ago | (#23238730)

Best quote from Brad Smith (of Microsoft):

"We're doing this to help ensure that the Internet stays safe."
That's a relief.

Seriously though, I'm curious to know more about what exactly this does. At first I assumed this was typical /. FUD and was essentially just a bootable USB drive to dodge Windows user permissions etc. but from reading the article it does actually sound like it's taking advantage of real security flaws in a running instance of the OS.

Just one question... (1)

Phroggy (441) | more than 6 years ago | (#23238734)

Anybody have a torrent of the files on this thumb drive? Might be fun to play with! ;-)

Re:Just one question... (1)

mozkill (58658) | more than 6 years ago | (#23238816)

yeah, if it actually exists, why not share it with everyone? if you did that, then maybe someone would patch it right? lol. if nobody steps forward with a thumbdrive, ill assume this article is fake propaganda.

RE: Just one more reason not to run Windows (1, Insightful)

Gitcho (761501) | more than 6 years ago | (#23238778)

I'm all for protecting personal privacy, but if investigators are using these tools to comb through your PC, you don't need to stop using windows - you need to stop committing crimes.

No Big Deal (0)

Anonymous Coward | more than 6 years ago | (#23238786)

As someone in computer forensics, this type of tool is supposed to be used after the police have gotten access to your hard drive via court order.

Man, if I got an electron microscope and enough time, I can find your data. I understand people are worried about using this outside of the legal frame of the law, but as computers get more and more used to commit crimes we shouldn't be upset with the tools that are used but how they are being used.

interesting. (1)

apodyopsis (1048476) | more than 6 years ago | (#23238790)

hmm.

I have a compact distro on a thumb drive that I can boot on, mount ntfs vfat and rifle through a computer should I wish - but this sounds like its more comprehensive then that. And if it is designed for widespread cop usage then it must be extremely user friendly as well. And TFA implies you do not even need to power down the PC.

So.. I would a guess an auto run application that is designed from the bottom up the bypass security, promote to admin rights, scan for files matching keywords, copy log files, backup fat, scan partition information, mount any unmounted partitions, get internet history, scan for deleted files, log torrent trackers. Hell there is an awful lot that could be obtained quickly and then analyzed later on once saved on the thumb drive. It could even alert officers for clear violations to prompt for arrest.

Clever little toy.

1. its going to help drive a lot of people to not use Windows - I already do not.
2. If windows had a rigorous and well implemented security system this would not be possible in any case.
3. Its an open challenge to the wares communities to copy and reverse engineer
4. It promotes the belief that there must be back doors into Windows that this gizmo utilizes.
5. I guarantee that something like this will become the norm at customs/airports for a lot of cases if it is fast enough - something on the lines of hold on sir, please plug your PC into this for 30 seconds whilst we scan for illegal behavior
6. Running Linux will simply open you to suspicion and a more in depth analysis.

It basically bypasses all of the Windows security (2, Funny)

Cro Magnon (467622) | more than 6 years ago | (#23238802)

And was one of the easiest things that Microsoft has ever done.

And quite honestly... (1)

citizenklaw (767566) | more than 6 years ago | (#23238810)

If you use TrueCrypt or other similar products to encrypt the entire hard drive I don't think this doohickey will be very effective. My laptop uses an encryption product for the entire hdd and when I boot into Ubuntu LiveCD I can't see a thing.

Bottom Line: Encrypt the entire thing and be done with it. Truecrypt FTW!

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?