- Market surges, Gates predicts 9% unemployment
- Obama the first presidential hopeful to advertise in games
- Microsoft reveals critical holes in Active Directory
- BlackBerry Storm vs. the iPhone
- How will economy affect network equipment vendors?
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
If there is one security technique that has proven to be as effective and realistic as keeping diamonds safe in a paper bag it is security through obscurity.
The idea of security through obscurity is an old one: In the desk there’s the hidden compartment for the property deeds. Or there’s the secret door that looks like a bookcase that leads to the vault and the key to the vault is hidden in the suit of armor.
The problem is that these ploys are always overturned by the simplest events. Scooby-Doo jumps on the desk looking for a Scooby snack and the desk breaks revealing the hidden compartment. Shaggy casually leans on the bookcase pressing the false book spine that unlocks the door and he falls through. Velma runs into the suit of armor and knocks it over, sending the key flying through the air to land in Shaggy’s hand.
But apparently these well-documented examples of the weakness of security through obscurity have not been enough for some people. Not convinced by the incontrovertible evidence demonstrated by Scooby-Doo and friends, some companies will persist in believing that hiding stuff will keep it safe.
But, that said, it is one thing for a company to believe that security through obscurity will work and quite another for that company to provide a tool that makes it possible for selected people to get around that security.
At this point you might be thinking, “Wow! Now that’s dumb. It couldn’t get any worse!” And guess what, my friend, you’d be wrong because, if that company should then tell the world about what they’ve done, well, they are sitting ducks for anyone who is clever enough and has enough time to figure out how to break the security.
As you might guess, I have an example of this insane thinking for you. And lest you think my example concerns some young, naive, dementedly optimistic startup, let me disabuse you of the notion: The company in question is . . . wait for it, wait for it … yes, it’s Microsoft!
According to several sources, including The Seattle Times, Microsoft has a tool called COFEE – Computer Online Forensic Evidence Extractor – that the company has made available to some law enforcement agencies. Consisting of a USB drive that reportedly provides 150 special programs that make decrypting and analyzing the contents of Windows-based computers much easier, COFEE has been distributed to more than 2,000 officers in 15 countries.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (7)
Exactly, but it did giveBy Annonymous on May 8, 2008, 4:18 pmExactly, but it did give Gibbs a chance to attack Microsoft again, which is what he does best.
Reply | Read entire comment
Update after update, amenBy Robert Lewis on May 7, 2008, 11:56 amAnd it leads to another bit of speculation: Now that Microsoft sells COFEE to help break its security, and then as you predict spends a bunch of time developing...
Reply | Read entire comment
Microsoft merely selling anything they can get away with sellingBy George Nezlek on May 7, 2008, 11:50 amDear Sage of Digital Column-land, As for the security through obscurity analogy, I thought carrying my wife's diamond ring home in the grocery bag while leaving...
Reply | Read entire comment
amazing By Anonymous on May 6, 2008, 10:39 amdistibuted in 15 countries, eh? Probably already in the hands of every foreign hacker.
Reply | Read entire comment
Real Microsoft Backdoor dislcosedBy Anonymous on May 3, 2008, 11:22 pmWhile you were sleeping and worried about COFEE see what you really missed http://www.infiltrated.net/?p=91
Reply | Read entire comment
View all comments