Microsoft Gives Vista Backdoor Keys To The Police

from the meaning-the-crooks-have-it-too dept

It's long been assumed that Microsoft has built in various "backdoors" for law enforcement to get around its own security, but now reader Kevin Stapp writes in to let us know that the company has also been literally handing out the keys to law enforcement. Apparently, they're giving out special USB keys that simply get around Microsoft's security, allowing the holder of the key to very quickly get forensic information (including internet surfing history), passwords and supposedly encrypted data off of a laptop. While you can understand why police like this, the very fact that the backdoor is there and that a bunch of these USB keys are out there pretty much guarantees that those with nefarious intent also have such keys. The second you build in such backdoors, no matter how noble the reason, you can rest assured that they will be used by criminals as well. No matter what, for those of you who didn't already know it, now you have more evidence as to why trusting Microsoft's "security" isn't such a good idea. Update: Some folks in the comments, and Ed Bott, claim that this post is a misreading of the original story. The USB key includes a bunch of standard tools, not access to a "backdoor." The confusion, on my part, was due to the original article claiming that the device "can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer." In saying so, it appeared that the device must have access to a backdoor to decrypt the password -- but an update claims that it's merely "password security auditing technologies."

Filed Under: backdoor, security, vista
Companies: microsoft

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 29 Apr 2008 @ 1:42pm

    Re: Backdoor?

    I don't see anything in the article (or several others that I read on the topic) about there being a back door. The article says:

    The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords...
    Well, you may not think that the ability to decrypt all the passwords on the system is any kind of backdoor, but plenty of people would disagree.

    Microsoft's password-hashing algorithm used on local PCs has never been that hard to crack, and as others have pointed out you can use any number of products to reset the password from a non-Windows boot disk if you don't want to crack it. So that's not a new capability.
    Resetting the password will NOT give you access to the user's BitLocker encrypted files. And brute force cracking isn't practical with strong passwords.

    Finally, if you have access to a PC's hard disk it is trivial to run any number of disk tools to scan/analyze the hard disk. You certainly don't need a password, let alone an MS tool to do it.
    Good luck with encrypted areas.

    There's nothing in the article anywhere that refers to there being a backdoor, or anything that even sounds like a backdoor.
    Again, most security people would disagree with that. A built-in ability that Microsoft can use to decrypt passwords is a backdoor in most people's books.

    Mike should probably remove references to that, but then he loses his "story".
    Why should he? If the what the story says is true, then it's a backdoor.

    Furthermore there is absolutely nothing in the article that indicates a capability to circumvent disk encryption, though that didn't stop some posters here from speculating that the capability existed.
    If you have the user's password on the system, you can decrypt their BitLocker files. That seems pretty straight forward to me.

    Maybe I should buy each of you a "jump to conclusions" map.
    Maybe you should buy yourself a clue first.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.