• Home
• About Me
• Archives
• Wishlist
• RSS

Microsoft Hands Cops Forensic Tools

Lucky day for users of Windows. It seems that Microsoft is handing tools to law enforcement around the world that gives quick and easy shortcuts to gather data from Windows machines for police forensics.

From the Seattle Times article today:

The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB “thumb drive” that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday.

The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer’s Internet activity, as well as data stored in the computer.

It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.

More than 2,000 officers in 15 countries, including Poland, the Philippines, Germany, New Zealand and the United States, are using the device, which Microsoft provides free.

I wonder if Apple does something similar for OS X for police or maybe Mac users don’t commit crimes? If they do, they probably don’t tell everyone. :-) Another reason to use Linux, it seems.

On one hand, I understand the need for law enforcement to be able to gather evidence for criminal investigations. On the other hand, I find it extremely creepy that an operating system manufacturer (with a monopoly or near monopoly, effectively, as an operating system) is in bed with cops and developing tools internally for them. It isn’t like these could be abused by someone, right?

I also dislike this comment, especially, from Microsoft General Counsel Brad Smith:

Smith compared the Internet of today to London and other Industrial Revolution cities in the early 1800s. As people flocked from small communities where everyone knew each other, an anonymity emerged in the cities and a rise in crime followed.

The social aspects of Web 2.0 are like “new digital cities,” Smith said. Publishers, interested in creating huge audiences to sell advertising, let people participate anonymously.

That’s allowing “criminals to infiltrate the community, become part of the conversation and persuade people to part with personal information,” Smith said.

The tying of anonymity on the net with criminality is hyperbole, as far as I’m concerned. I’m surprised he didn’t attempt to link it to “terrorists” either since that seems to be the method of making people more paranoid at the moment.

Sure, if you are anonymous, you can commit crimes and it is difficult to know who you are but the root of the problem is the criminal behavior, not the anonymity. I can be anonymous in my day to day life, walking around my city, and commit crimes. You don’t find people declaring that the problem is that the guy who mugged someone was anonymous but that he mugged someone. Otherwise, we’d all have our names emblazoned on our clothes or broadcast through RFID or somesuch.

The net has a long tradition of anonymity, which I think is actually essential to its well being and societal good. It has acted as a place where people can say things or think thoughts (or write thoughts, more importantly) without worry about the impact it will have on them by being associated with their name. Ask the Chinese bloggers if this is important…

Sometimes…it is a little odd here.

The Mozilla Corporation can be an odd place to work at times. Luckily, diversity is prized, as is our loose dress code.

One of our furrier coworkers…

Beta Users and Security Releases

Here is a problem that I am grappling with in my day to day work at Mozilla. I am the QA Lead for our security releases. These are the 2.0.0.x Firefox and Thunderbird releases that people not running Trunk builds (Firefox 3) receive every so often, depending on variables like exploits coming out or just a general need to fix issues that reduce stability.

The way that Mozilla, as a community, does a great job at making sure that releases are really solid is simply by running them and reporting issues in Bugzilla or otherwise. These are normally nightly builds of Firefox or Thunderbird. The problem with this is that the latest and greatest Firefox gets all of this lovin’ and not my (seemingly) tired security releases. (This makes me sad…)

The fact of the matter is that running the newest Firefox is exciting and what the early adopter and propeller heads really want to do. They want the shiny new thing. I completely sympathize and am writing this blog post on a Firefox 3 nightly as well. It isn’t that I don’t understand the desire. It is fun and interesting to see all of the new changes going into Firefox 3 as they are developed (if you don’t mind the risk). Running iterations of Firefox 2 is not nearly as exciting in this regard.

The funny thing is that the vast majority of Firefox users are running this same older and non-sexy code. (I don’t know the exact percentage but it is more than 99% given the numbers) This is the code that will take down everyone’s machines or, at least, productivity and Youtube time-wasting (same thing?), if it behaves badly. This leaves the problem that the code with the most effect on people receives the least love from the day to day Mozilla community.

To compensate for this to some degree, when we do a security release, we generally do a week long beta beforehand with a release candidate build. This is to get the final code in the hands of people for a little while before we give it everyone in the world. Unfortunately, the beta community is small, something like 40,000 people (compared to more than 100 million users otherwise). To make things worse, most of these people in the beta community, at a guess, don’t even know that they are in this group. This is because we use different “channels” to release software and offer updates to users. There is a “release” channel for normal builds of Firefox that you download after a release. When an update ships, it is offered there and Firefox will prompt people to download it. Unknown to many, there is also a “beta” channel. This is used during official beta releases before a major version of Firefox or Thunderbird ships. So, if you download Firefox 3 Beta 5 (or a previous Beta) and a new one comes out, the update to the new beta is offered to the users of the previous one. When Firefox 2 was in development, a lot of people had their update channel set to “beta” for Firefox 2 beta releases when they downloaded them. Many never changed the channel back to the “release” channel after Firefox 2 shipped. So, when there is a beta period for a Firefox 2.0.0.x update, these same users are offered an update, whether they really want to be beta users or not. They simply see the update offered in their browser.

There is an extension, the Update Channel Selector, that allows people to easily change their update channel but most people are unaware of it. For those that want to participate in betas, this is one of the easiest ways to join.

Ideally, I and others on the security team working on the various security releases would like to see an active beta community. The members of this community would be people people who have knowingly signed up to help and who make an active effort to report issues seen during the beta period before releases go out to the world.

So the real question in all of this “blah blah blah” from me is: How do we get more eyeballs on the betas for Firefox and Thunderbird 2.0.0.x who realize that they are beta users and will report issues in these betas?

One tactic that we took after one of the firedrills a couple of months ago was to create a Betatesters Mailing List for people that wanted to know about upcoming releases of Firefox 2 and to get the builds before they were shipped. There are a number of companies and groups that could have their web applications, for example, broken in a release that want to see the builds early in order to make sure that there are no troubles. This mailing list has been growing strongly and seems to be useful to people.

What I would like to know is what else could we do? How can we (1) improve the quality of our security releases and (2) get more people to look at these releases before we ship in order to find issues before it is too late? When you compare the amount of people using Firefox and Thunderbird to the amount of people either coding or testing them, it is clear that some kind of help from the massive base of users can make a real difference.

Please take a moment and ponder this. Let me know your thoughts. You can leave comments here or e-mail me as “albill” at this domain.

Next Page →

• Recently Written

  • Term Paper Pressure
  • Two Years!
  • Playing Zendo
  • “Dream” - Indian Shakespeare
  • Little Brother
  • Tantric Reading for Done for Class
  • Buddhist “Dead Sea Scrolls”?
  • Happy Birthday, My Mighty Wife!
  • Western Buddhism and Communities
  • Little Brother is Out

• Recently Read

  • Dishwasher Disaster Zone (609 readers)
  • Pantheacon 2005 - Day 1 (368 readers)
  • The Equinox (536 readers)
  • Lovecraft, meet Tentacle Porn (2091 readers)
  • Hitler vs. Stalin (937 readers)
  • Demons (6222 readers)
  • A little Dadaji to light the way (2171 readers)
  • Persian Collection of Austin Spare’s Writing (1075 readers)

• 10 Most Read Posts

  • IE and the Demise of Borgzilla (10451 readers)
  • IE8 Beta 1 is Released (8306 readers)
  • Soon from the Wrong End of the Pacific (8007 readers)
  • Zen in a Stone (7879 readers)
  • Mac OS X Camera? (7665 readers)
  • Big Internet Explorer News!! (7232 readers)
  • About Me (6833 readers)
  • A Teaching on Kurukulla by John Reynolds (6766 readers)
  • Demons (6222 readers)
  • Openness and IE or “Talk to us!” (5956 readers)

All original work is licensed under a Creative Commons License.