Microsoft Gives Vista Backdoor Keys To The Police

from the meaning-the-crooks-have-it-too dept

It's long been assumed that Microsoft has built in various "backdoors" for law enforcement to get around its own security, but now reader Kevin Stapp writes in to let us know that the company has also been literally handing out the keys to law enforcement. Apparently, they're giving out special USB keys that simply get around Microsoft's security, allowing the holder of the key to very quickly get forensic information (including internet surfing history), passwords and supposedly encrypted data off of a laptop. While you can understand why police like this, the very fact that the backdoor is there and that a bunch of these USB keys are out there pretty much guarantees that those with nefarious intent also have such keys. The second you build in such backdoors, no matter how noble the reason, you can rest assured that they will be used by criminals as well. No matter what, for those of you who didn't already know it, now you have more evidence as to why trusting Microsoft's "security" isn't such a good idea. Update: Some folks in the comments, and Ed Bott, claim that this post is a misreading of the original story. The USB key includes a bunch of standard tools, not access to a "backdoor." The confusion, on my part, was due to the original article claiming that the device "can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer." In saying so, it appeared that the device must have access to a backdoor to decrypt the password -- but an update claims that it's merely "password security auditing technologies."


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Ima Fish, Apr 29th, 2008 @ 12:04pm

    I guess it's a good no one uses Vista.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    GeneralEmergency (profile), Apr 29th, 2008 @ 12:07pm

    Unbelievable, Mr. Balmer.

    Steve...Stevie buddy...What a monumentally stupid thing to do.

    This single action will do more to kill off closed source OS software in private and corporate use than anything else I could imagine.

    Mr. Balmer, you have a great deal of explaining to do and if you had one ounce of sense you would offer a test program to confirm this back door's existence on any particular machine and a matching patch to rip out this vulnerability.

    Oh...and if you were still clinging to any wild imaginings that Vista had a future, kiss them goodbye. Right now.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Todd, Apr 30th, 2008 @ 3:13pm

      Re: Unbelievable, Mr. Balmer.

      GeneralEmergency regurgitated:

      Steve...Stevie buddy...What a monumentally stupid thing to do.
      This single action will do more to kill off closed source OS software in private and corporate use than anything else I could imagine.

      GE, GE Buddy, what a monumentally stupid post. Try reading the story (stories) and thinking a bit before posting. (Note: This may require removal of a cranial-rectal impaction) Do you really think that MS NT-based Operating Systems, having been around for about 15 years, would have not been discovered to contain backdoors by now. Surely, you must admit that the hackerz and haters would have found and revealed them by now.

      If the key were to exist, it would be illegal in many locales - do you think MS would PUBLICLY announce the presence of a tool to exploit this supposed backdoor and expose themselves to untold legal liabilities? Usually conspiracy creators at least try to make them plausible. Please insert another quarter andtry again. It's almost as if you are biased or something....

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Cow, May 3rd, 2008 @ 11:03pm

        Re: Re: Unbelievable, Mr. Balmer.

        =====
        GE, GE Buddy, what a monumentally stupid post. Try reading the story (stories) and thinking a bit before posting. (Note: This may require removal of a cranial-rectal impaction) Do you really think that MS NT-based Operating Systems, having been around for about 15 years, would have not been discovered to contain backdoors by now. Surely, you must admit that the hackerz and haters would have found and revealed them by now.

        If the key were to exist, it would be illegal in many locales - do you think MS would PUBLICLY announce the presence of a tool to exploit this supposed backdoor and expose themselves to untold legal liabilities? Usually conspiracy creators at least try to make them plausible. Please insert another quarter andtry again. It's almost as if you are biased or something....
        ===

        Uhh, they already have a known backdoor check out the NSAKEY scandal that broke some years ago.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Joe Smith, Apr 29th, 2008 @ 12:08pm

    does it work

    If the back door works as well as the rest of Vista, maybe there isn't a problem. Of course, if this is the one part of Vista that does work properly then Vista is not secure and anyone concerned about security needs to use a third party product for sensitive data.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 29th, 2008 @ 12:11pm

    Wait!!! Vista was secure? it had security features?
    wow.Since when?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Article is Unclear, Apr 29th, 2008 @ 12:19pm

    The article isn't really clear, and journalists often get stuff wrong. It's possible that this does nothing to bypass the BitLocker encryption and is basically just a handy script to run ntpasswd type utitlities and copy over all of a user's files.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      James (profile), Apr 29th, 2008 @ 12:33pm

      Re:

      Probably not. If the machine is on a domain then enterprise admins can bypass bitlocker, so there is already proof that bitlocker can be bypassed. I am sure the key will work even on a stand alone machine.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Todd, Apr 30th, 2008 @ 3:15pm

        Re: Re:

        >>then enterprise admins can bypass bitlocker, so there is already proof that bitlocker can be bypassed. I am sure the key will work even on a stand alone machine.




        Please supply some of this proof.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 29th, 2008 @ 12:25pm

    "More than 2,000 officers in 15 countries, including Poland, the Philippines, Germany, New Zealand and the United States, are using the device, which Microsoft provides free."

    Wow, it staggers the mind they would even put something like this out in the wild. Ok, place your bets. How long until the hacker community gets hold of one of these USB's?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Jason, Apr 29th, 2008 @ 12:32pm

    There are already disks you can use to boot windows by erasing or replacing the admin password.....

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      chris (profile), Apr 29th, 2008 @ 1:27pm

      Re:

      There are already disks you can use to boot windows by erasing or replacing the admin password.....

      old and busted: brute forcing a new password.

      new hotness: cracking the password so no one knows you have it.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Apr 29th, 2008 @ 1:58pm

        Re: Re:

        new hotness: cracking the password so no one knows you have it.

        Doesn't work with long (>14 characters) passwords.

         

        reply to this | link to this | view in chronology ]

    •  
      identicon
      Todd, Apr 30th, 2008 @ 1:59pm

      Re:

      As far as I know, this technique only works on machienes which maintain LanMan security compatiblity; if this feature is disabled (which it was/is not by default on XP, and I don't know about Vista), this technique fails. I'm open to being shown to be incorrect (rather than most of the spewheads here), but that is my understanding.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      D. Davis, May 1st, 2008 @ 8:18am

      Re: Replacing Passwod

      Do you have info on where I can obtain this disk, I have a computer that I lost password to.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous of Course, Apr 29th, 2008 @ 12:35pm

    It's not much of a backdoor

    It decrypts passwords, you can get tools
    to do that already.

    It seems that cofee is a collection of tools
    on a USB drive for live forenisic analysis.

    This is interesting,
    http://www.techsec.com/pdf/Tuesday/On%20Demand%20Mike%20Duren.pdf

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Joel, Apr 29th, 2008 @ 12:38pm

    Did you even read the article

    How on earth is this a backdoor? First off all the investigators need physical access, which is already a big step (and the only step unless the drive is encrypted or the "evidence" resides only in memory). You're pulling some pretty large assumptions out of thin air (e.g. backdoor to drive encryption) when in fact the only difference between this and simply using one of the numerous Live CD forensics kits is the potential to pull data out of memory (which in the case of Vista is likely to be on the disk somewhere anyways) and possibly gain access to an encrypted volume, but that still depends on the scheme, and is not at all indicated in the article.

    The article is sadly anemic on the details besides it being apparent that MS is providing forensics tools tailored to its OS, tools which in your fearmongering scenario would be useless against any intelligent criminal, and the unintelligent criminals probably aren't going to be using security features which this, in your mind, works around. All we really glean from this is you can more quickly obtain a password (which was already crackable on windows machines). It doesn't mention the ability to bypass any drive encryption, even BitLocker, which MS also says is secure from any backdoors.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Apr 29th, 2008 @ 1:24pm

      Re: Did you even read the article

      How on earth is this a backdoor?
      You've got to be kidding or you have no idea what a backdoor is (or you're a Microsoft apologist).

      All we really glean from this is you can more quickly obtain a password (which was already crackable on windows machines).
      As far as I know, there is no other tool that will directly reveal a user's Windows password (not counting key-loggers). The only other method is brute force guessing which is ineffective against suitably strong passwords.

      It doesn't mention the ability to bypass any drive encryption, even BitLocker, which MS also says is secure from any backdoors.
      Once you've got a user's password on the machine you can login as that user and access all of that user's BitLocker files. This tool provides those passwords. Understand how that works?

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        chris (profile), Apr 29th, 2008 @ 1:40pm

        Re: Re: Did you even read the article

        As far as I know, there is no other tool that will directly reveal a user's Windows password (not counting key-loggers). The only other method is brute force guessing which is ineffective against suitably strong passwords.

        you use john.

        if you want to use a few extra PCs to help you crack a truely "strong" password there is distributed john.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Apr 29th, 2008 @ 1:50pm

          Re: Re: Re: Did you even read the article

          you use john.
          John The Ripper, even the distributed version, is a brute force password guesser. It isn't practical with suitably strong passwords.

           

          reply to this | link to this | view in chronology ]

      •  
        identicon
        Joel, Apr 29th, 2008 @ 2:16pm

        Re: Re: Did you even read the article

        AC, you appear to have me mistaken for a MS apologist. Rather, I have no faith in Microsoft's security systems and painting it as a "backdoor" would either catch MS in (yet another) blatant security lie. The existence of such tools should be neither surprising nor something someone should be unprepared for. The article is vague and most likely loaded with errors. Mike is, as usual, adding useless commentary.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Apr 29th, 2008 @ 2:21pm

          Re: Re: Re: Did you even read the article

          AC, you appear to have me mistaken for a MS apologist.
          OK. Sorry about that then.

           

          reply to this | link to this | view in chronology ]

    •  
      identicon
      James, Apr 29th, 2008 @ 3:37pm

      Re: Did you even read the article

      The whole idea is that when law enforcement needs access to evidence on a pc whether desktop or laptop they will have access to the files on the hard drive assuming Windows is even passworded. Supervisor passwords can be reset by simply removing the battery from the motherboard then waiting a few seconds and putting it back in. Sorry to go off topic. :p

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Bob, Apr 29th, 2008 @ 12:38pm

    FTC

    Microsoft Counsel Brad Smith - "Children are particularly at risk to anonymous predators or those with false identities. "Criminals seek to win a child's confidence in cyberspace and meet in real space," Smith cautioned."

    Oh, It's for the Children....

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Overcast, Apr 29th, 2008 @ 12:38pm

    If it requires physical access - then it's kind of a moot point anyway.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Yoorah, Apr 29th, 2008 @ 12:51pm

    Microsoft security = lol

    PGP Whole Disk Encryption, anyone? I would never have trusted Microsoft's built-in security, anyway.

    I don't know how probable this really is, but I've had the feeling that all (most?) of those really extreme security holes in Windows products have been created intentionally, to let organizations like the CIA, NSA, FBI, etc. have backdoor access to computer systems when they deem they have the need for it. I remember reading an article about China not choosing to run their government systems on Windows for this very reason, as the source is closed and they couldn't easily check it for backdoors.

    Wouldn't building a secure OS that cannot be backdoor hacked by someone like the NSA be considered a dangerous weapon/national security risk? At least, that's how they used to (or maybe they still are?) look at secure encryption systems, with export bans/restrictions and all that good stuff.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Apr 29th, 2008 @ 2:21pm

      Re: Microsoft security = lol

      "I remember reading an article about China not choosing to run their government systems on Windows for this very reason, as the source is closed and they couldn't easily check it for backdoors."

      Are you sure you are not thinking of the Tom Clancy novel "The Bear and the Dragon"? This is exactly what happened in that story. Or maybe the Chinese read the novel instead.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 29th, 2008 @ 12:51pm

    just mount the partition under linux with knopix or such. it won't get you past encryption but it will bypass passwords.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    DW, Apr 29th, 2008 @ 12:52pm

    Mhm. And there are *no* dirty law enforcement officers out there. None at all. I should be glad that no cops in my town are snorting coke, or taking bribes, or selling any of these keys to "criminals".

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Todd, Apr 30th, 2008 @ 3:22pm

      And I thought the article itself reached peak stupidity

      Yes, let's get rid of all of the police along with all of the computers.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Kevin, Apr 29th, 2008 @ 1:01pm

    Backdoor?

    I don't see anything in the article (or several others that I read on the topic) about there being a back door. The article says:

    The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer.

    Most people who do computer forensics already have a similar toolkit. This sounds like Microsoft just saved people the trouble of compiling their own. From the article, it sounds like the improvement here is the law enforcement equivalent of a script kiddie. Instead of actually having to understand and know how to use the technology, you can use a collection of scripts to do it all for you automatically.

    News flash: Microsoft's password-hashing algorithm used on local PCs has never been that hard to crack, and as others have pointed out you can use any number of products to reset the password from a non-Windows boot disk if you don't want to crack it. So that's not a new capability.

    If you have a password to log onto the system, especially for an admin account, it is trivial to pull the IE browsing history. There are several logs, and parsing them all can be a pain in the butt, but there are already tools that exist to simplify this process.

    Finally, if you have access to a PC's hard disk it is trivial to run any number of disk tools to scan/analyze the hard disk. You certainly don't need a password, let alone an MS tool to do it.

    There's nothing in the article anywhere that refers to there being a backdoor, or anything that even sounds like a backdoor. Mike should probably remove references to that, but then he loses his "story". Furthermore there is absolutely nothing in the article that indicates a capability to circumvent disk encryption, though that didn't stop some posters here from speculating that the capability existed.

    Maybe I should buy each of you a "jump to conclusions" map.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Apr 29th, 2008 @ 1:42pm

      Re: Backdoor?

      I don't see anything in the article (or several others that I read on the topic) about there being a back door. The article says:

      The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords...
      Well, you may not think that the ability to decrypt all the passwords on the system is any kind of backdoor, but plenty of people would disagree.

      Microsoft's password-hashing algorithm used on local PCs has never been that hard to crack, and as others have pointed out you can use any number of products to reset the password from a non-Windows boot disk if you don't want to crack it. So that's not a new capability.
      Resetting the password will NOT give you access to the user's BitLocker encrypted files. And brute force cracking isn't practical with strong passwords.

      Finally, if you have access to a PC's hard disk it is trivial to run any number of disk tools to scan/analyze the hard disk. You certainly don't need a password, let alone an MS tool to do it.
      Good luck with encrypted areas.

      There's nothing in the article anywhere that refers to there being a backdoor, or anything that even sounds like a backdoor.
      Again, most security people would disagree with that. A built-in ability that Microsoft can use to decrypt passwords is a backdoor in most people's books.

      Mike should probably remove references to that, but then he loses his "story".
      Why should he? If the what the story says is true, then it's a backdoor.

      Furthermore there is absolutely nothing in the article that indicates a capability to circumvent disk encryption, though that didn't stop some posters here from speculating that the capability existed.
      If you have the user's password on the system, you can decrypt their BitLocker files. That seems pretty straight forward to me.

      Maybe I should buy each of you a "jump to conclusions" map.
      Maybe you should buy yourself a clue first.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Desmond Haynes, Jr., May 7th, 2008 @ 6:14pm

      Re: Backdoor?

      Thanks for the clarification!
      -Des
      http://techwatch.reviewk.com/

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    DannyB, Apr 29th, 2008 @ 1:07pm

    Physical access can still mean 'back door'

    A back door is a built in quick way to bypass security. It does not imply remote access. If there is a way to quickly bypass all security when you have physical access, that still qualifies as a back door.

    Also, just because it might not be remotely exploitable doesn't mean that once in the hands of bad guys it won't have devastating consequences.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 29th, 2008 @ 1:12pm

    Yes. Lets all start the conspiracies.

    So, instead lets make an OS that ties the hands of law enforcement and gives terrorists the tool they need to kill us all.

    idiots. complacent idiots. All of you.

    Someone else out there said it best. If it requires physical access (and a USB key would) then its a moot point you are all making.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      norights left, Apr 29th, 2008 @ 3:38pm

      Re:

      Any law, amendment, or God given right that prevents the capture of terrorist should just be erased. I prefer a government where I have to be scared of what I think, read, or say.
      By the way the root of "terrorist" is terror. Obviously worked on you since you are so willing to give up your rights. America is not just a piece of land, it was a concept of true democracy. Therefore when you give up your rights that the people voted for, you just allowed terrorist to attack "America".

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 29th, 2008 @ 1:27pm

    No, Mike knows what he is talking about anyone who thinks he is stretching the truth is an idiot. Mike is right about everything. Mike is my personal lord and saviour.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    The great apatheist, Apr 29th, 2008 @ 1:29pm

    Who cares!

    I don't commit anti-national activities. So any police can come and copy my whole hard drive.

    I don't use computer to store sensitive material because I am not stupid. I only use vista to watch porn and watch legal DVDs.

    I DONT CARE

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      GeneralEmergency (profile), Apr 29th, 2008 @ 2:06pm

      Re: Who cares!

      You should.

      How would you like to spend years in prison for an "Information Crime" that you did not commit?

      All it takes is:

      a) Some who dislikes you.
      b) Physical access to a computer you use.
      c) A Microsoft(tm) USB Vista(tm) Backdoor key.
      d) Kiddie porn.
      e) A dime phone call to the local PD.

      Enjoy your time in prison thinking about who to trust next time.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        James, Apr 29th, 2008 @ 2:36pm

        Re: Re: Who cares!

        You can still makes calls for a dime??

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        Todd, Apr 30th, 2008 @ 1:57pm

        Re: Re: Who cares!

        Where the heck do you get phone calls for a dime? They are 75-cents here! Why don't you consipiracy whackos investigate the price-fixing in the payphone business instead of blathering on about a completely bogus speculation of the existence of a backdoor.

        When this tool is analyzed, it will be shown to be nothing more than a collection of tools which automate already existing processes of finding evidence on a Windows machine. Period.

         

        reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Apr 29th, 2008 @ 2:17pm

      Re: Who cares!

      "I don't commit anti-national activities. So any police can come and copy my whole hard drive.

      I don't use computer to store sensitive material because I am not stupid."

      Yes, let's willingly give up more of our freedoms and privacy. What a brilliant idea!

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 29th, 2008 @ 1:37pm

    yes the terrorist are only loosing becasue they dont have a 100% secure laptop.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Cookie, Apr 29th, 2008 @ 1:55pm

    Remote exploit

    Wireless USB - 'nuff said.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    MSosa, Apr 29th, 2008 @ 2:10pm

    I wonder if Apple's File Vault has a similar back door? Its supposed to have 128key encryption. If they can get your user password, then the drive would be safe right?

    BTW Anonymous Coward, You don't need criminal intention to want security of your data. If this backdoor allows access to personal information stored on a computer even if encrypted,then caveat emptor!

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      apple encryption, Apr 29th, 2008 @ 3:47pm

      Re:

      I have vista and a mac. Was using vista for my business financial stuff... may be reconsidering that real soon! I don't know much about cracking and what not and never used file vault. I have created a diskimage with its own separate 128 bit encryption password. Even if someone got my mac's user password, its not the same. I feel comfortable locking up my taxes and other important personal data in that.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Nasch, Apr 30th, 2008 @ 9:38am

        Re: Re: Encryption

        Consider using TrueCrypt. Its password is separate from the OS, so if someone gains access to your account they still won't be able to decrypt your files. Pick a good algorithm (the app will help you choose) and a strong password, and you're all set.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Info Seeker, Apr 30th, 2008 @ 11:36am

          Re: Re: Re: Encryption

          Thanks for this information. At least there is some way to protect our selfs from legal criminals. I think that it is unconstatutional to give someones information away and who gives them the right to do so. I am disgusted. I do have Vista and removing it today. I also had One Care.

          No Privacy Rights

           

          reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 29th, 2008 @ 2:11pm

    mean to say "if they cannot get to your user password"

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    wasnt me, Apr 29th, 2008 @ 3:47pm

    i wonder how long it will take before i can download those encryption codes from the net.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Scott Gardner, Apr 29th, 2008 @ 4:50pm

    Encryption

    I just use TrueCrypt (available for OS X and Windows, among other platforms).

    I have a volume set up using AES-Twofish-Serpent encryption, a 768-bit key, and a 20-character password made up of numbers, upper/lowercase letters, and symbols. The password and volume information aren't stored in Keychain or cached anywhere in the system, nor are they written down anywhere.

    Mathematically, it's pretty much uncrackable - The only potential problem is if someone finds a flaw in TrueCrypt's implementation of the encryption algorithms. Given that it's open-source, that at least improves the chances of any such flaws being discovered.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Yakumo, Apr 30th, 2008 @ 6:40am

      Re: Encryption

      Your still boned if you have a firewire port on that machine, they supply DMA, there are tools in the wild as of several months ago that will provide access to a complete dump of your ram and hibernation files whatever state your system is in, and whatever OS you use.
      And even if you've switched off there are tools available that can pull enough of your pre-power-down ram state to explorer for your truecrypt pass.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Todd, Apr 30th, 2008 @ 2:07pm

        Re: Re: Encryption

        >>And even if you've switched off there are tools available that can pull enough of your pre-power-down ram state to explorer for your truecrypt pass.

        I tried to go to the links you used as references, but they didn't seem to exist.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Bruce Barnett, Apr 29th, 2008 @ 5:05pm

    COFEE

    Here's a paper on COFEE

    In year 2006, inspired by WFT, Ricci Ieong started the development of Computer Online Forensic Evidence Extractor (COFEE) (Ieong 2006):

    http://www.marcomattiucci.it/ieong.pdf

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    mms, Apr 29th, 2008 @ 5:13pm

    Windows passwords

    Is MS going to go through all the trouble of producing and distributing USB keys to law enforcements, and equip them with john?

    No, because MS wrote the password hashing code and likely planned in advance to distribute a tool to LE to get around Vista passwords. Since no one outside MS sees the source, no one knows what methods exist to do this.

    It seems :stupid: to hand LE a brute-force tool to solve the password hashed by your own code, since they already know how to brute-force if they want. The tool adds nothing, so why spend $$$ distributing it?

    But, if your tool has a much more efficient method of cracking (or retrieving) passwords, then you're giving LE an amazing advantage in forensic tech. This seems worth the $$$ invested.

    Vista uses NTLM passwords by default (when not in a domain), so I don't really fear anyone with a brute force trying to break my strong login password. (LM, however, scares the hell out of me and I disable it in the XP registry to be safe.) Also, an attacker armed with this key scares the hell out of me because I'm sure my NTLM 14+ char passwd is no match for a retrieval solution that doesn't care how well-crafted my login is.

    Physical access to my Vista laptop = knowing when I'm out of my room + cutting my Kensington lock. A real problem, and not a moot point for laptop installs.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Old_Paranoid, Apr 29th, 2008 @ 5:16pm

    Windows USB "Backdoor" NOT

    This is a very badly written summary.

    I have worked for Microsoft doing Windows security for a few years now, but the truth of the situation is clearly much different than reported.

    There is no Microsoft USB backdoor key to Windows. But both the USB bus and the 1394 (Firewire) bus were designed with inadequate attention to security. A compliant implementation of both can cause security issues for the OS supporting them. With Vista, Microsoft supports the ability to restrict the security vulnerabilities associated with the USB bus. This security policy significantly reduces the usability of consumer usage scenarios and is off by default (it can be set by Group Policy). The 1394 interface is insecure by default -- the cure for hostile 1394 devices is epoxy. For the more paranoid organizations, the cure for USB interface vulnerabilities is epoxy as well, requiring HW that supports PS2 plugs – as you never know if the USB device you are talking to is actually what it reports itself to be.

    Evidence gathered by the police is only useable if it meets very stringent standards of data gathering and clear control and possession. Hence, specialized forensic tools have to be used that do not alter data on the system. And it is important to gather evidence, typically a table of hashes, that allows the investigators to show that data / evidence was not altered if and when such evidence may be used at a trial. As such, having certified scripted data acquisition tools that create memory and disc images and associated hashes are invaluable. I am not familiar with this particular tool set, but it would appear that Microsoft has made such a tool set for the gathering of forensic evidence from systems. Other providers supply such tools as well.

    If the user has enabled bitlocker and EFS, configured them correctly, and the system is powered down (enough for transient charges and polarization of dielectrics to discharge), there is no technical attack against the system. There is a legal one – hold one or more parties who have knowledge of the key until they divulge it. Depending upon the perceived value of the data in question, governments have shown themselves to be quite persuasive. Attackers with physical access to a running system have more opportunities to compromise the system, and it does not matter what OS is running on it. A physically compromised system must be viewed as compromised; it is a question of time and resources to break it.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Apr 29th, 2008 @ 7:52pm

      Re: Windows USB

      I have worked for Microsoft doing Windows security for a few years now, but the truth of the situation is clearly much different than reported.
      Well, if you want us to believe that you're really a Microsoft employee then you should provide your name and tell us what you official position in the company is. I could claim to be Bill Gates, but people would be foolish to believe me.
      There is no Microsoft USB backdoor key to Windows.
      You mean, that you know of? If you can prove that, then please do so. But an anonymous claim on a blog isn't exactly convincing and I haven't seen The Seattle Times retracting their story.
      I am not familiar with this particular tool set,...
      Then how is it that you can say that it does not do what the Seattle Times article says it does? And do you mean for us to believe that someone who has "worked for Microsoft doing Windows security for a few years now" isn't familiar with this tool? Then I'd question if you were really in the know at MS (if you actually worked there).

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Jake, Apr 29th, 2008 @ 5:37pm

    As has already been pointed out, there are numerous third-party software tools in existence that do much the same thing, only not as well as something made by the people with access to the source code of everything Microsoft have ever made. Before 9/11 I would have been reluctantly okay with Microsoft selling such devices to reputable law-enforcement agencies, since their use would be controlled by adequately tight search-and-seizure regulations that nobody was seriously proposing to do away with, and our major police organisations had finally stamped out corruption about as much as they were ever going to; I'd have thought the biggest problem was making sure the devices were kept somewhere very, very secure when not in use.
    Now, however, it's sadly no longer possible to trust any government agency with any such device. The most depressing part is that someone shoving one of these into one of my computer's USB ports without a warrant is probably the least of my civil liberties worries these days.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    asdsad, Apr 29th, 2008 @ 6:26pm

    You're a bloody moron.

    Honestly, how can any self respecting person go on about 'backdoors' and the rubbish you posted when you're blatantly lying.

    Do the world a favour, stop writing, please. Keep your stupidity to yourself, hypocritical whore.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Ray, Apr 29th, 2008 @ 7:21pm

    The software is called Cofee

    and my guess would be.. downloads will start appearing... yesterday... when the news hit from PC world that microshaft invited so many people to their Washington State USA headquarters for training... I wont run Vista... not even a Vista Certified machine that my mother purchased 6 months ago has withstood the test of a non-computer savvy user. the worst part... she didn't ask me to help her pick one out.. she spent 2800.00 on a Compaq (gaming Rig) that cant even seem to boot correctly... if she had asked me... i would have sold her my personal rig, and built another from scratch for 1000.00 Compaq has made the machine pretty much useless... they wont even offer a XP alternative... you would think that for the kind of money spent... she wont let me put xp on it because i told her that if she buys a Vista rig.. i cant support it...

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Rekrul, Apr 29th, 2008 @ 8:09pm

    So, instead lets make an OS that ties the hands of law enforcement and gives terrorists the tool they need to kill us all.

    I have an idea how to keep us all safe; Let's install close-circuit TV cameras in every room of everyone's home so that they can be monitored at will by the police, or the FBI, or the NSA. I'm sure you won't mind since you obviously have nothing to hide, right? Sure, there's a chance that a humorous video of you sitting on the toilet having an attack of explosive diarrhea might find it's way onto YouTube, but if that's the price we have to pay to be safe, it's worth it, right?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 29th, 2008 @ 8:14pm

    Microsoft NSA_KEY

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 29th, 2008 @ 9:13pm

    where's the .iso ?

    please

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Sean, Apr 29th, 2008 @ 9:47pm

    Vista

    What the hell is this "Vista" you guys keep babbling about?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 29th, 2008 @ 10:55pm

    What time is it?

    Is it time to buy a Mac?

    God I hate those commercials.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Officer C. Randall, Apr 29th, 2008 @ 11:14pm

    Key for sale

    I have one of these keys and will sell it to the first bidder at $5,000

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Blast off!, Apr 30th, 2008 @ 12:06am

    Microsoft hosts its own police academy

    OMG They are arming the ratbots!

    http://www.news.com/8301-10784_3-9930664-7.html

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Ajay, Apr 30th, 2008 @ 1:47am

    Good Work

    hey this is really good step taken by ms.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    hans, Apr 30th, 2008 @ 3:35am

    Vista security backdoors no problem for Linux users

    10 years ago I switched from MS products to Linux OS. As a professional/full time user of computers I have no problem doing my job to my fullest satisfaction using always most current and updated openSuSE Linux.
    Hence such rumors about MS scewing people have been out there since many years ...
    They have no effect for serious security oriented ppl using Linux. If governments such as Swiss federal government can run their top level servers all on such SuSE/Novell Linux servers - and many other governments and largest companies as well, then just move on in life into the secure environment of open source operating system.

    Welcome in the world of freedom!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Mathew, Apr 30th, 2008 @ 6:35am

    and you trust cops with this..?

    Well looks like we just need to make a workaround to stop this, like any other security threat. I consider it equivelent to an exploit myself.

    On the plus side, they gave it to cops, which means it will be easy for us to buy a copy off of some degenerate gambling alchoholic with a badge.

    Let me first say that I am a huge Microsoft and Vista supported. I fight and argue every bad thing some ignorant half educated citizen has to say about them. And yes, Vista is the best OS. However on this one action, damn, how stupid. There is no way to stick up for you this time Bill.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Todd, Apr 30th, 2008 @ 2:05pm

      Re: and you trust cops with this..?

      Try reading and thinking, and you won't have to stick up for Microsoft on this one since it's completely bogus.

      BTW, your good friend "Bill" isn't running the company anymore.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Mischa G, Apr 30th, 2008 @ 7:10am

    Oy

    That's really special. I wonder how long till the program shows up on the internet for download. So much for Vista's security.
    More at Impatient Sufferance.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    draciron, Apr 30th, 2008 @ 9:14am

    Old news

    You don't need a special USB device. Just boot into any Nix variant live CD with custom tools. I've saved many a windows admin who couldn't get into a machine and once or twice took over networks from fired admins who did not pass on the admin passwords. The encryption on the windows password DB has been very weak for a long time. The last copy I have was of tools that break the NT encryption but I'm sure there's equivs out for XP and Vista. It's been a long standing problem with windows.

    What is a bigger problem security wise is even though you THINK you deleted something it has a nasty habit of just getting moved around. Take a sector editor to any windows machine and you'd be amazed what you find just sitting around on the HD. Especially since the default moves the cache files all over the HD. So you've got cache files basically scattered all over your drive just waiting to be seen. Internet history, documents and all sorts of potentially sensitive data is cached as well. When recovering documents for users I've found copies of those documents in some really strange places. The user was just glad I recovered some or all of their lost work. I just sat there scratching my head as to why there was a copy there and not in the normal temp dir where you'd think such files would be kept. Varies from version to version as to where those things turn up.

    If you want security on any machine with any OS you have to zero out the free space periodically to truly erase files. Even then if a well funded agency wants that data merely zeroing it out is not enough. There are several good free multi-platform utilities that allow for obliterating the data. Unfortunately windows does not work and play well with multiple partitions so it's a real pain on a windows machine to move everything off a partition and wipe it good. Luckily it's only necessary if your facing somebody that REALLY might want your data like spies from other countries, law enforcement and such. The average hacker today is a glorified script kitty who wouldn't know what to do with a hex dump and probably has never heard of a sector walker. Hacking windows is so easy they don't need much skill or knowledge to accomplish it. Enough people don't even know to empty their trash cans, erase cache files and temp files that it's no challenge. Think about it, every time your app crashes all those cache files remain. So whatever you were in the middle of, a snapshot of it sits there on the hard drive until you manually delete it. If you were in the middle of a sensitive document it's there. Thumbnails from images you deleted long ago generally sit around forever. I've made a buck or two doing data forensics for suspicious spouses and it's not hard to figure out where and what a windows user has been up to. Microsoft is messy, very messy. Leaves all sorts of stuff laying around.

    Social engineering is easier anyway. Most people have a copy of their passwords stuck in a drawer, on them or it's something related to them. Birthdays, SSNs, pet names, stuff like that. A little knowledge about a person and with most people you can figure out their password pretty quickly. Just a stacked dictionary attack will find most passwords. When doing security audits on passwords it's usually %75 to %80 of passwords are easily cracked if you don't have stringent controls on what can be used as a password. However the more stringent the controls the more likely their password is to be written down nearby the computer. Admins are often lazy too. The more stringent the controls the more often users show up at your door asking for a password reset because they forgot theirs. Some every friggin weekend grrrrr.

    Last lets look at Microsoft's philosophy. Microsoft was eager to put the Clipper chip into effect. Microsoft was happy to filter the MSN search engine results for China. It doesn't stop at China. Do a search on Google, Yahoo and MSN about something Microsoft doesn't want you to know and you'll see dramatically different results. Two searches especially show the manipulation of Microsoft. Search for Linux topics on MSN and you'll find anti-Linux sites all over the top 2 or 3 pages, maybe more, I only went 2 to 3 pages. The results from Yahoo and Google are fairly close. Look for searches on a windows vulnerability and you again see from Google and Yahoo close results and often example exploit code. You won't find that on the MSN search engines.

    Microsoft was a leader in the use and development of DRM. It is the archetect of it really. Microsoft partnered with the big record companies and movie studios and used it's weight to attempt to force Intel and AMD to include DRM as chip level hardware features.

    You didn't see any Microsoft programmers in jail along side the author of PGP when the Clinton administration cracked down on encryption software. Microsoft happily gave the Gov backdoor keys to it's encryption. You do not need a USB key for that, just the keys the Gov has had for over a decade.

    The examples go on and on of Microsoft cooperating with governments and not even informing people they have sold them out. If you use windows you HAVE NO PRIVACY. The use of Windows assures exactly that because of Microsoft's core ideals and philosophy. Think about it, Gates actually said we should all be constantly under camera survaliance so that if we are accused of a crime we can prove our innocence. Can you expect anything from Microsoft to not reflect that philosophy?

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Todd, Apr 30th, 2008 @ 3:31pm

      Re: Old news

      >>Microsoft happily gave the Gov backdoor keys to it's encryption. You do not need a USB key for that, just the keys the Gov has had for over a decade



      >>Think about it, Gates actually said we should all be constantly under camera survaliance so that if we are accused of a crime we can prove our innocence.



      citations, please

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Steve, Apr 30th, 2008 @ 10:47am

    Microsoft Gives Vista Backdoor Keys To The Police

    Actually, every copy of windows has a back door called the nsa key. And this was way before 9/11...

    Google these terms:
    windows back door nsa key


    It's fascinating reading.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Vlad, Apr 30th, 2008 @ 11:39am

    Why would anyone believe any "security" provided by Microsoft is beyond me. If the source code of an encryption program is not publicly available there is no guarantee of any security. Let the Big Brother try to decrypt my PGP encrypted files or TrueCrypt volumes, LOL.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Nick, Apr 30th, 2008 @ 1:46pm

    This article is misleading

    the tool provided by microsoft is only a suite of FREELY AVAILABLE TOOLS. this article takes advantage of flame inducing title to mislead readers with uneducated and under researched findings.

    if anyone wants to read an accurate article from "wired" on the topic:
    http://blog.wired.com/27bstroke6/2008/04/microsoft-gives.html

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Todd, Apr 30th, 2008 @ 1:51pm

    Grow up and learn to read...

    There is not a security backdoor built into Windows - if you say there is, prove it, rather than running around like children who think they have a secret.

    Do any of you seriously believe that such a conspiracy could be successfully hidden more than 30 minutes? Do you think that MS spokespersons would be attributed in a story about a tool to exploit the supposed backdoor if it were anything as nefarious as some fanboyz allege? Maybe, just maybe they would choose to not comment if there did exist such a tool? The only tools here are the ones running around half-cocked, spewing BS they have no ability to verify, validate, or even understand.

    I heard that the new Ubuntu has a built-in feature which reports every download to the RIAA and FBI. Sure it's supposedly open-source, but there's no guarantee that the Ubuntu distro is actually built from the open=source listings, is there? And Ubuntu developers HAVE NOT DENIED IT, have they?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Old_Paranoid, Apr 30th, 2008 @ 4:24pm

    RE: Windows USB "Backdoor" NOT

    An amazing amount of sound and fury over essentially nothing, a convenient set of forensic tools and scripts to automate evidence capture by law enforcement.

    Law enforcement cannot use arbitrary hacker tools for evidence gathering because of the issue of integrity and provenance - do you know what the tools do and who will stand up and testify as to what the tools do and do not do?

    As for much of the highly emotional flames, as an old security hand, I have a rather thick skin. If not, the fire from the feature teams I am bugging would long ago have incinerated me.

    Proving the absence of a specified characteristic in complex software is essentially impossible. Hence the Common Criteria evaluation, which looks for security relevant issues and has access to the source code, design documentation, and internal tools. Major governments also have source code reader access so that they can verify that the code is appropriate. Many major corporations do so as well.

    Do you think Microsoft's governmental or enterprise customers would deploy servers and clients with engineered-in back-doors? If so, you have a far lower opinion of the professional competence of their IT and Information Assurance experts than I. I have met some idiots, it is true, but I have met a lot of deeply knowledgeable professionals.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    ron, Apr 30th, 2008 @ 5:58pm

    vista back door

    no need to go to all this fuss just use a program ( I recommend Bestcrypt NP made in Sweden has 256 bit encryption
    no back doors ) makes containers on hard drive. Impossible to crack without pass sentence. no restriction as to bit strength.let THEM look at anything on your computer as long as you keep the pass sentence off the computer in your head! all your secrets will be safe not counting the truth drugs...

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Danny, Apr 30th, 2008 @ 9:18pm

    How is that you are qualified to write about anything?

    Wow...You must be one of the least informed tech "writers" alive if you are dumb enough to think (I use the term loosely) that you need a backdoor to break a password. Hilarious.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Mike (profile), May 1st, 2008 @ 3:26am

      Re: How is that you are qualified to write about anything?

      Wow...You must be one of the least informed tech "writers" alive if you are dumb enough to think (I use the term loosely) that you need a backdoor to break a password. Hilarious.

      Always nice to have people accuse you of sheer idiocy rather than take the time to understand what you wrote.

      I did not say that was the only way to break a password. But from the description in the original article, it was made to sound like this key would merely *give* the user the password. There was no indication that it involved an auditing tool to determine the password.

      I'm sorry if that makes me stupid -- but based on the initial information, it sounded like a backdoor. I updated the post to clarify once the details were known.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    BlueBoden, May 1st, 2008 @ 6:52am

    So many who have so much to hide, behold god sees all; there is no place to hide.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Trade Leads, May 2nd, 2008 @ 4:34am

    I hardly dont know anyone

    I hardly don't know anyone using Windows Original OS.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Fred Zamby, May 14th, 2008 @ 1:39pm

    Police access to your PC

    The Police have a simple way of forcing any PC to hibernate. This allows them to capture EVERYTHING for the logged in user. They arrest you (Based on any trumped up lie eg your competitor saw porno on your PC(s)) then they can get automatic search warrant then they hibernate your PC's and take them for checking which takes up to six months during which time they hack anything they want to. Please sign and support: www.un1503petition.com its to protect the vicious attacks by the SS, police and judiciary on children (eg abduction by state authorities of targeted "weak/vulnerable" mothers / parents to satisfy Goverment Adoption targets for one and there are many more deplorable acts ocuring.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    K. Davis, Jul 1st, 2008 @ 8:02am

    I do

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    K. Davis, Jul 1st, 2008 @ 8:10am

    For some reason so many people say vista is bad, I have had it on a Dell Inspiron Pc and never had any problems that I did not cause myself, such as accidentally shutting down programs myself. I just keep it constantly updated.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Christopher, Jul 2nd, 2008 @ 1:19am

    Nothing new...

    There already exist tools like this for XP that were not developed by Microsoft. Nothing new.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      brandon, Oct 25th, 2008 @ 12:25pm

      Re: Nothing new...

      if you have possession of the computer, all you have to do is copy the files onto another computer and take ownership. who cares if they have that usb key, if the cops knew what they were doing, they wouldn't even need it.
      __-=-__ brandon __-=-__
      -=- -=-

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    proofinlife, Nov 15th, 2008 @ 12:15am

    I think people are focussing on the issue of "Now there's a way in, now the coppers can find what I'm doing!!!". It was most likely never built for that reason (I can't say it wasn't, cause I didn't design anything), but my best guess for what it IS used for could be this:

    Government forensics has a lab situated in the FBI headquarters where technicians are paid ridiculous amounts of money to retrieve important "National security" information. If a laptop was retrieved in Texas, it would have to be sent out via secure delivery to HQ, then let the techs take their sweet time doing their jobs.

    This key wasn't made to place fear, but to save costs and improve efficiency and cut out the long process of sending out and confirming, they now have the power to take the PC back to the station, and plug in a key and get what they want.

    But key point, they need reason of confiscation to take it, so if you're not a security exploiter, media pirate, or any other "internet-illegal" position, then you have nothing to worry about.

    However, the probability of hackers gaining access and making this technology into line-level processes, then we definitely have something to talk about.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Kweezy57, Nov 20th, 2008 @ 10:32am

    100th comment

    100TH COMMENT WHOOOO!!!!!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    DA, Nov 27th, 2008 @ 12:44pm

    Right First Time

    When the USB device is plugged in, it initiates a connection the drive at the OS level. At this point, code is exchanged and regardless of the screen saver, the device now has access to the file system. (esp if it says "i'm a mass storage device" to Vista) Anything that is open and readable on the user's system is now open to any code that the thumb drive has managed to insert into the system through the standard USB loading protocol.

    Pretty much if you have USB on your system, you are hosed.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    ttt, Dec 10th, 2008 @ 9:24pm

    if a criminal wanted to view data over the net and not get caught they could use knoppix on a computer with no hard drive so this type of set of tools is useless in some situations and with out the hard drive data isp data is useless

    and is this set of keys remotely exploitable i am absolutely sure it is and if not as part of a Trojan it is still useful for criminal activity

    any time a backdoor is written for any purpose it is bad news this will get out to the hackers no doubt and they will at the very least pair it up with a remote admin/user hack and be able to download all your private data with ease as ms did half the work for em ms should be doing everything in their power to make the system uncrackable not a open book for the select few

    but micro$oft has a very big market share that they use as a product in it of the system so they can enforce computing rules of the rich and powerful and we all buy the product we have a problem of vendor lock in

    http://badvista.fsf.org/

    knoppix.org

    for those who fear terrorist do you the theft of your bank records being used to found terrorism yes banks use windows as well as you and me

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    john wright, Apr 10th, 2009 @ 3:47pm

    windows

    I wonder why Bill Gates named it Windows. Now he's got most of the world peeping through windows. It also makes me wonder about a lot of things.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Mike (profile), Nov 12th, 2009 @ 1:49pm

    This is James Bond stuff. Stick the USB in, wait a minute, and all the computers encrypted files are now yours for the taking. Why not upload some remote access software so you can just take the info dynamically?

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Krevco (profile), Nov 12th, 2009 @ 2:02pm

    This is James Bond stuff. Stick the USB in, wait a minute, and all the computers encrypted files are now yours for the taking. Why not upload some remote access software so you can just take the info dynamically?

    Now you're talking! That's not even James Bond though. That's Bourne Identity stuff!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Doors Melbourne, Apr 24th, 2011 @ 9:26pm

    This site is actually genuinely fascinating. You actually provide way up a few fantastic issues about the article. It is definitely my own newbie here in this web site and so ideal job

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Unanomiss, Jul 13th, 2012 @ 12:51pm

    Alright, first off, windows 7 and 8 are built off the same source as Vista, they are one and the same. Leave it to Mr Gates to sell you something that sucks, then fix it and add a new name and sell it to you again. Anyway, These keys dont matter, there are great programs in existance already that circumvent all windows security including passwords and ALL pc history including but not limited to keylogging and internet history, deleted files ect. I have written my own "USB Key" just for shits and giggles. You know how us Red Hat users feel about Mr. Gates and his lackluster security.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This