The Big Brother Microsoft will decrypt your passwords

This sounds very alarming to me... It's not that I have anything sensitive on my machine, but the very idea of extracting my data and decrypting my passwords (and how can you do it unless there's a keystroke spy built into Windows?) makes me think about switching to Linux right away. Very seriously this time.

==========
Microsoft device helps police pluck evidence from cyberscene of crime
http://seattletimes.nwsource.com/html/microsoft/2004379751_msftlaw29.html

"Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes."
"It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer."


Tell me I am simply misreading the article......

 

I'm sure the same type of technology would work on Linux or Mac. This is a USB device used so that investigators can work on computers at the site instead of bringing them in. Plus, they can get this data faster than with previous technology.

I'd say, if you're not being hunted for cyber-crimes, you don't have to worry about this development. One of the main things about this particular device is that it must be physically plugged into the machine.

 

It depends on what kind of encryption you are using. I believe that MS cannot ship Windows with any sort of built in encryption that is better than what the NSA can crack.
You can, of course, add on programs and what not that will give you encryption levels that can't be cracked (or would be extremely difficult).

Having taken computer forensics classes... I dunno about this thumb drive thing. Part of the evidence seizure requires absolutely 0 change in the suspects HDD during and after seizure. That means if data is written, there is the possibility of the evidence no longer being able to be used in court. That is why when the computer is seized (yes, it does have to be shut down) that the drives are put onto write blocking devices and imaged.

And if you are worried about that... you should probably be a bit more worried by the systems that are reading your email and tapping your phone conversations

 

I did not hear that AES256 has fallen.

Vista encryption developers had a written statement on MS website somewhere that no backdoors are designed and nobody/no agency can get past encryption except by brute force. Can they be sued now?


In any case, It's good that we now know that MS is looking over our shoulders. Linux users were right all the way.

 

Thanks for the article link! I wonder how COFEE works. That would be scary if MS does have a hidden keystroke recording program built in.

 

I'm not very happy about this, I'm also considering switching to Linux permanently....

 

With all due respect, but you didn't figure that last point until just now?

 

you really shouldn't be worried unless you are a criminal

 

I just don't feel nice about them being able to view my data like that, i feel it's like net neutrality. You shouldn't mess with it. Think of it this way, if i wanted to, i could sneak over to your house and get into your account and view all your files within minutes and be out before you know it.

 

You would have to break into my house first jk

But apparently this device is only in the possession of investigators and not the common identity thief (i hope)

 

It's just software on a usb as far as i can tell, so it'll be leaked soon enough...

 

You can do this with a knoppix live cd...for the last 10 years...big whoop.

 

But now it's endorsed by Microsoft.

 

I honestly think it always was, just not "officially".

 

yeah i already knew about this
a simple search with the correct term will give results on how to crack a windows password

 

That is an utterly absurd thing to say.

Are you familiar with customs agents seizing foreign citizens notebooks for no good reason other than the foreign citizen in question arousing suspicion?

 

Was about to say that myself.

 

I think the passwords the article is refering to are your login passwords, which is relatively easy to bypass. For a hidden keylogger to exist in your operating system, that is harder to hide from the public. For one, it has to log the keys, which can be tracked. The possiblility of a keylogger in Windows IMO is very very low. And considering the flocks of hackers who would love to expose Microsoft as evil, they would of found a hidden key logger by now.

Bitlocker is also not new technology.

Analyze a computer's internet activity? That's not hard either. There is already your cache and your DNS cache files and such unencrypted. The tools are just there to automate these things.

 

1. "would have" logics is rather week

2. unless one knows what the tools actually are, one can't say that.


Anyway, I doubt Knoppix CD is even remotely as useful as the flash drive in question at breaking your privacy. I'm surprised Knoppix was even mentioned; what passwords can it extract?

 

guys calm down
i was jk

 

In the US you can build and ship any kind of encryption you like. The NSA can't put any limits on you as the US Constitution says the NSA can't operate within the US

Now that we got that out of the way...

Without more details on the applications used on the device we can't say how it is working. It doesn't take MS secretly spying to crack passwords and the like. A lot of MS passwords are stored internally with very weak or no ecryption. Hense why you can download a ton of utilities to show you your WEP key or stored website passwords and the like.

This doesn't say the device can crack Windows EFS encryption or BitLocker encryption. It just says it can open up some stuff and search for others.

I'm sure it is using the same things other applications use to get data out of your PC. As very few people actually encrypt their HDs or data on it...

 

Well, the danger is greater (I think) of some tech-savvy kid like myself booting a Linux LiveCD on your computer and accessing your data that way than M$ accessing and leaking your data.

 

My data isn't very criminal. Besides several ripped CDs (which apparently is now illegal to do), I have no shame.

I know the Logon in password is encrypted in the registry. I have no idea what kind of encryption it uses though. All your website passwords are stored onto two files in Firefox, that encryption is a bit tougher to crack. It use a 256 bit key I believe.