David,
My bad, I didn't mean to imply that running DECAF was illegal. It was a toss off, a random speculation, that "Mike" might turn 180 degrees, collect IPs counter to his pro-privacy stance, and try to make the argument that anyone running DECAF had something to hide.
Let's say that Mike did collect IPs and turn them in to LE…so what? They'd probably laugh at him, if they bothered to do anything other than delete his email.
As to running, I'm planning to…because I want to see some things about how it works. Does that mean I'm trying to hide something?
Finally, given the current state of analysis, it really doesn't take a great deal to hide something…seriously. Check out the latest Verizon Business Security report…how many breached companies are notified by outside third parties, as opposed to their own monitoring?
Put another way, there's no reason for anyone in any community to trust DECAF.
True…like anything else, run it at your own risk.
Greetings,
All I was trying to get across is that Mike struck me as flaky in the podcast interview. I picked a oddball scenario simply to make the point, not to imply that it would actually happen, that if it happened anyone would be taken seriously, or that anyone running DECAF was a criminal.
-David
There's a term they use on fark.com for people always looking for attention. )
My question would be (and mind you I haven't looked at the site) why would you trust a v2 of this tool as a user, knowing they can disable it remotely. Heck they could be pushing all this press to create a nice botnet for all anyone knows.
Although kovar's comment about the PLA banner ad is pretty funny to me (for some personal reasons).
Tom
If, when v2 comes out, it doesn't call back home just block Internet access to the app if you are so paranoid.
Does anyone know anything about this guy Mike other than what has been said on his site and the CyberSpeak interview.
If, when v2 comes out, it doesn't call back home just block Internet access to the app if you are so paranoid.
Oh I'm not being paranoid, I was more pointing out the fact that when v1 was released, the community suddenly found out that the author put in a remote kill switch in the application (which no one seemed to know about).
So my point was with v2 what's to say they didn't do something else?
Tom
Point taken, just run it on a VM and check. Or wait for an analysis (If v2 comes out, obviously there will be some talk about it).
v2 is out and thought about running it in a VM and doing some reg shot, file and network packet analysis. However, there are a million more important things to do this weekend…
However, there are a million more important things to do this weekend…
Like hang out in Times Square? )
Happy New Year everybody!
Tom
xD
Version 2 is finished. We are now monitoring Microsoft COFEE, Helix, EnCase, Passware, Elcomsoft, FTK Imager Port, Forensic Toolkit, ISOBuster, and ophcrack. We also give the user the ability to add their own custom signatures. We have also added CD-Rom monitoring. We no longer execute a "self destructive lock-down mode" but rather give the user the ability to execute files, to disable the device where the signatures were found, and start-up in monitor mode.
Using a sniffer, no connection was detected from DECAF. You can just block internet access, nothing won't happen contrary to v1
Since when did it become acceptable in Forensics to Tamper with Live Evidence?
Yet by inserting a USB device which Accesses the Memory Controller that's exactly what your doing, and then to compound it further it uses a password cracking application to read and write Data to and from the suspects hard-disk, so I put it to you is that not Tampering with the so called Live Evidence?
Does that then not also pave the way for computer viruses like - Downadup, Conficker, and Kido, which all spread via a USB to contaminate the Suspects Hard-Disk or worse the USB device which has been inserted?
Maybe I am missing something here, perhaps I should stop drinking so much DECAF and change my diet to COFEE.
I see two things wrong with this; Pedophiles getting let off on a technicality and Microsoft doing what it does best by paving the way forward for a huge anti-trust lawsuit!