Pages: [1] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Cpt Placeholder
|
Posted - 2009.12.08 03:14:00 -
[1]
Well then you're outta luck, your trustworthy Microsoft has sold you out. http://izanbardprince.wordpress.com/2009/11/26/microsoft-leaks-tool-that-lets-law-enforcement-turn-off-your-hard-disk-encryption-clear-your-passwords-and-scoop-up-batches-of-evidence/
p.s. yes, you can really find it on torrent sites.
|
red righthand
|
Posted - 2009.12.08 04:09:00 -
[2]
There was a post about this in OOPE like a month ago. Can't be bothered digging it up though.
|
Victor Valka
Caldari Preta Light Industries Naraka.
|
Posted - 2009.12.08 04:12:00 -
[3]
Show of hands from people who assumed that this was not the case from the very start, please!
Originally by: Spaztick You are not outnumbered, you are in a target-rich environment.
|
KingsGambit
Caldari Knights
|
Posted - 2009.12.08 09:14:00 -
[4]
Interesting. That there would be backdoors into systems was always a safe bet, having a tool that bypasses BitLocker entirely, whose entire raison d'etre is to provide security, seems laughable. I personally wouldn't want to use BL anyway, on the off-chance I should for some reason to access my data from a different PC. But then if I download COFEE I guess that wouldn't be a problem anymore anyway (or does it only work on the correct PC? Hmmmm).
There are better solutions for maintaining privacy anyway. If someone is downloading illicit photos of kids or plans to buildings, I hope the police do catch them and lock them away. For those protecting commercial interests, they'd be fools to rely on BL alone for security. PGP, amongst others, is an incredible program that can encrypt/decrypt Emails, files, portions of the HDD, etc. With asymmetrical keys up to 4096-bits long, all the computing power currently on the planet combined couldn't brute force that before our grandkids have grandkids of their own.
Staying offline and not doing anything naughty are the main ways to really stay out of trouble. But for protecting privacy, using reasonable security measures with unguessable passwords is generally pretty safe. And for everyone else, get PGP -------------
|
Ana'Lingus
|
Posted - 2009.12.08 11:30:00 -
[5]
PGP?
|
|
Chribba
Otherworld Enterprises Otherworld Empire
|
Posted - 2009.12.08 11:35:00 -
[6]
While maybe hard to evad the law enforcement or goverments from looking at your laptop, using encryption probably manages to deny 99.9% of the potential theives from poking around in your data if your laptop gets stolen though.
That's the main reason I use encryption, to prevent my data from spreading in the case of my laptop getting stolen or similar. At least it is one step further to protect the data, I'm sure the police and the likes would have an easier time getting encryption keys via various sanctions than the average theif.
My corpse needs a new home |
|
Wuff Wuff
Deep Core Mining Inc.
|
Posted - 2009.12.08 11:45:00 -
[7]
Originally by: Ana'Lingus PGP?
PGP
- Wuffles
|
Christopher Scott
Blue Republic
|
Posted - 2009.12.08 22:02:00 -
[8]
Originally by: Chribba While maybe hard to evad the law enforcement or goverments from looking at your laptop, using encryption probably manages to deny 99.9% of the potential theives from poking around in your data if your laptop gets stolen though.
That's the main reason I use encryption, to prevent my data from spreading in the case of my laptop getting stolen or similar. At least it is one step further to protect the data, I'm sure the police and the likes would have an easier time getting encryption keys via various sanctions than the average theif.
Except the actual law-enforcement program for bypassing Bitlocker(named COFEE) is now leaked onto the web, and anyone can use it to bypass any instance of Bitlocker protection.
Bitlocker is now completely and utterly worthless.
|
Caldari Citizen20090217
|
Posted - 2009.12.09 15:04:00 -
[9]
IIRC (caution: anecdotal "evidence" incoming) it is law in many countries that any encryption system has to include backdoors or some other system which allows the state access or be below a certain level of difficulty to crack open. This definitely includes PGP after version 2.something (i think, was a long time ago).
/tinfoil
|
Brujo Loco
Amarr Brujeria Teologica
|
Posted - 2009.12.09 21:43:00 -
[10]
LOL ... I foresee a lot of pwnage in the future for some people ... ---
Viva VENEZUELA!!! Archipelago Theory
|
|
Xen Gin
Silurian Operations
|
Posted - 2009.12.09 22:30:00 -
[11]
Edited by: Xen Gin on 09/12/2009 22:30:04
Originally by: Caldari Citizen20090217 IIRC (caution: anecdotal "evidence" incoming) it is law in many countries that any encryption system has to include backdoors or some other system which allows the state access or be below a certain level of difficulty to crack open. This definitely includes PGP after version 2.something (i think, was a long time ago).
/tinfoil
The actual way they go about it (The later versions of pgp don't have back doors, or programs used by governments/authorities) is to subpoena the owner for the password/decryption key, with the penalty of perverting the course of justice (at least that's how we do it in the UK), or look for a way to gain the password/decryption key found in and around the location of where the device was seized. Some people keep an unlock disk, or even a post-it note with the password on, in the room with the computer.
## You got that? Right I'll be back in approximately 300 seconds to retort! ## |
Feilamya
Pelennor Swarm THE KLINGONS
|
Posted - 2009.12.09 22:39:00 -
[12]
Quoted from the article:
"If you use Microsoft Bitlocker or EFS, youÆre wasting your time, because Microsoft gives these devices out to law enforcement on down to your local police department. If the police get a warrant and seize your machine, and youÆre using Bitlocker or EFS, youÆve essentially just handed them the evidence and the only difference the ôMicrosoft securityö will make is that it might cost the cops an extra 2 minutes to boot off the COFEE key and unlock your hard drive."
Apparently this guy thinks that the only use of Bitlocker is to hide illegal stuff on your harddisk for the case that your machine gets seized. Says a lot about the author.
The mention of the _NSAKEY urban legend rounds it all up.
In times when the quality of Linux and open source is more and more going down the drain, and another commercial alternative to Windows is more popular than ever, crazy conspiracy theories about Microsoft is exactly when the world needs -.-
|
KingsGambit
Caldari Knights
|
Posted - 2009.12.09 23:07:00 -
[13]
Originally by: Caldari Citizen20090217 it is law in many countries that any encryption system has to include backdoors or some other system which allows the state access or be below a certain level of difficulty to crack open.
To my knowledge, PGP in particular at least has never included such a system. However it, and all encryption programs above a certain cipher strength were for a time illegal to export out of the USA. In fact, about 9-12 years ago, 128-bit encryption in our web browsers wasn't available outside the USA. In the UK and other places IE and Netscape Navigator were only 56-bit. Exporting the ciphers or programs was covered by the same laws about arms dealing.
In the UK, as XG said there are laws now that allow police to request passwords and decryption keys. They passed the Right to Information Privacy Bill (RIP) a few years back, and in it they basically say the police can demand any passwords, keys, ciphers/algorithms, personal information, etc if they believe it to be a security threat. Failing to comply can garner up to 2 years in prison under anti-terrorism laws. This can include PINs, alarm codes, absolutely anything. -------------
|
dr doooo
University of Caille
|
Posted - 2009.12.10 02:33:00 -
[14]
Originally by: Xen Gin Edited by: Xen Gin on 09/12/2009 22:30:04
Originally by: Caldari Citizen20090217 IIRC (caution: anecdotal "evidence" incoming) it is law in many countries that any encryption system has to include backdoors or some other system which allows the state access or be below a certain level of difficulty to crack open. This definitely includes PGP after version 2.something (i think, was a long time ago).
/tinfoil
The actual way they go about it (The later versions of pgp don't have back doors, or programs used by governments/authorities) is to subpoena the owner for the password/decryption key, with the penalty of perverting the course of justice (at least that's how we do it in the UK), or look for a way to gain the password/decryption key found in and around the location of where the device was seized. Some people keep an unlock disk, or even a post-it note with the password on, in the room with the computer.
You might want to check the comment in the OP's link about truecrypt if this is of interest to you. I know nothing about it myself though.
|
NeoNeTiC
LOCKDOWN.
|
Posted - 2009.12.10 03:49:00 -
[15]
Edited by: NeoNeTiC on 10/12/2009 03:51:45 That's interesting.
Everyone using Win7 professionally will have to switch then, given leaked COFFEE equals essantially no encryption at all. I'm referring to small-time businesses which do not necessarily belong to anything IT related but just wanted a reasonably well supported OS without requiring a large IT department to maintain all aspects of it. :\
The thought of having a backdoor in the OS is rather worrysome to me. I don't mind the use for police investigation in private sectors but industrial espionage (on any scale, even if it's 'lil Bob from next door selling your written songs for 5 bucks to random companies before you get the chance to) does not make me a happy panda. The police-access-concept also means that you give these parties a lot of responsibility to not abuse their powers. I mean, who'd find out if they look at someone's private documents just for giggles or to cut a nice deal with someone interested in them? You'd ultimately not even find out if they never mess up (not as global policy but I'd imagine there's always a weak link). :O
But on the other hand there's also me, not having anything to hide myself. Who'd really care about nudes of my ex-GF or ****ty poetry and songs I write? Let's hope there is no one - or I'd have to lose faith in humanity. (No, I won't post them.) :s
Edit: Reminds me of that movie "Sneakers" with Robert Redford I saw recently. It's a fun flick in case you like conspiracy/encryption stuff. :p
|
Xen Gin
Silurian Operations
|
Posted - 2009.12.10 09:20:00 -
[16]
Originally by: dr doooo
Originally by: Xen Gin Edited by: Xen Gin on 09/12/2009 22:30:04
Originally by: Caldari Citizen20090217 IIRC (caution: anecdotal "evidence" incoming) it is law in many countries that any encryption system has to include backdoors or some other system which allows the state access or be below a certain level of difficulty to crack open. This definitely includes PGP after version 2.something (i think, was a long time ago).
/tinfoil
The actual way they go about it (The later versions of pgp don't have back doors, or programs used by governments/authorities) is to subpoena the owner for the password/decryption key, with the penalty of perverting the course of justice (at least that's how we do it in the UK), or look for a way to gain the password/decryption key found in and around the location of where the device was seized. Some people keep an unlock disk, or even a post-it note with the password on, in the room with the computer.
You might want to check the comment in the OP's link about truecrypt if this is of interest to you. I know nothing about it myself though.
I am aware of the OP. We did push for the 'backdoor' software because it was going out with a major OS (Vista at the time) and encrypts a whole drive. Most encryption I came across was personal file encryption via PGP, we didn't bother to crack or hack the file.
## You got that? Right I'll be back in approximately 300 seconds to retort! ## |
|
|
|
Pages: [1] :: one page |
First page | Previous page | Next page | Last page |