SecuSolutions Blog

Sorry. The line was there. I had to use it. Besides, Valleywag already has the best title for this story: At Microsoft, COFEE serves you — to the police

In latest designed-to-scare-the-crap-out-of-you news, Microsoft has confirmed that it’s developed an innocuous-looking and addictively-named peripheral the size of a key fob that plugs into your computer, vacuums up a copy of everything on that computer, cracks all your passwords, decrypts all your encryption, and just generally does whatever it likes with whatever you’ve got until it’s done.

And it’s giving them away free.

That was the bad news. The good news is, they’re only giving them to the Good Guys.

The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB “thumb drive” that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday.
The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence…it also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.
More than 2,000 officers in 15 countries, including Poland, the Philippines, Germany, New Zealand and the United States, are using the device…
Smith acknowledged Microsoft’s efforts are not purely altruistic. It benefits from selling collaboration software and other technology to law-enforcement agencies, just like everybody else, he said.

Well, that should all make us feel better, no? After all, the police hardly ever lose anything important.

With more and more users carrying around net-tops, wifi-capable smart phones, and most every computing device these days shipping with a wireless interface card integrated, it seems only natural to implement a wireless network.

You purchase a router of your choice, configure the basic options, then it comes time to configure your wireless security options.
Most routers/access points come pre-configured with WEP as the default option – and most users think that the 64-bit hexadecimal key must be more secure than setting your own WPA(2) passphrase that can be as short as 5 characters. Think again.

In one study, WEP was shown to be cracked in less than a minute due to various flaws in the authentication protocol.

The next option would be to use WPA which was brought to replace WEP and fix all the security issues that came with it. But this time, there were issues with the de-authentication protocol – the passphrase was sent plain text when clients disconnected from the access point!

Next time you configure a wireless access point, be sure it is configured to use WPA2 – which is as of today not crackable using conventional methods.