What's in your COFEE?

Sorry but this article is just scaremongering. COFEE would appear (from follow-up to the original Seattle Times article here http://blog.seattletimes.nwsource.com/techtracks/2008/04/looking_for_answers_on_microsofts_cofee_device.html ) to be just a collection of standard Publicly available forensics tools packaged together and provided to law enforcement types.

These tools can already be downloaded elsewhere... nothing to see here, move along.

While you were sleeping and worried about COFEE see what you really missed

http://www.infiltrated.net/?p=91

distibuted in 15 countries, eh? Probably already in the hands of every foreign hacker.

Dear Sage of Digital Column-land,

As for the security through obscurity analogy, I thought carrying my wife's diamond ring home in the grocery bag while leaving a decoy box in the jewelry store sack I was also carrying through a more or less rough neighborhood was kind of clever. Darn....

Anyway, back to COFEE. It seems to this irregular that Microsoft is merely continuing a long held policy of selling anything they can get away with selling. Back when Win 95 debuted (in the "before times" of the stone age, I know) there were all those "made for Windows 95" packages that everyone just HAD to buy, even though it could be argued that the principal difference was perhaps nothing more than a re-compilation using a real 32-bit compiler and changing the splash screen at sign in.

So, what makes this instance of this tired object class any different? Well, let's ponder. Oh yeah, now I remember. In the 21st century, people can't even seem to use a bathroom without doing something on-line related to whatever function they are undertaking, or downloading a new ring tone for their toilet seat: "can you flush me now?" or fiddling with their, um, MP3 player, or doing something else that is digital. Hence, the exploitable for profit paranoia about on-line security, just like the 911 pundits want us to have it. FEAR, the ill-fated commander of the first Death Star tells us, will keep the local systems in line so that the emperor can maintain control without the local bureaucracy. FEAR, of yet another security breach. FEAR, of lacking yet another pay to play tool that may be of marginal value, since it seems likely the hacker audience already has something at least as good.

Geez. Once I was a trend setter. Now, I feel like a luddite curmudgeon. The LESS I put on-line, the better I feel. The MORE I have stored on non-removable media on networked systems, the LESS anxious I become.

If only I could find a decent IP stack and a web browser for my Osborne One...

Caffeine-ately yours.

And it leads to another bit of speculation: Now that Microsoft sells COFEE to help break its security, and then as you predict spends a bunch of time developing and releasing security patches to fix the holes COFEE exploits … well, then it will develop an updated version of COFEE that can break through its fixes, after which ...

Shortly after the Civil War, Ambrose Bierce wrote a short piece titled The Ingenious Patriot. It goes like this (from Project Gutenberg):

Having obtained an audience of the King an Ingenious Patriot pulled a paper from his pocket, saying:

"May it please your Majesty, I have here a formula for constructing armour-plating which no gun can pierce. If these plates are adopted in the Royal Navy our warships will be invulnerable, and therefore invincible. Here, also, are reports of your Majesty's Ministers, attesting the value of the invention. I will part with my right in it for a million tumtums."

After examining the papers, the King put them away and promised him an order on the Lord High Treasurer of the Extortion Department for a million tumtums.

"And here," said the Ingenious Patriot, pulling another paper from another pocket, "are the working plans of a gun that I have invented, which will pierce that armour. Your Majesty's Royal Brother, the Emperor of Bang, is anxious to purchase it, but loyalty to your Majesty's throne and person constrains me to offer it first to your Majesty. The price is one million tumtums."

Having received the promise of another check, he thrust his hand into still another pocket, remarking:

"The price of the irresistible gun would have been much greater, your Majesty, but for the fact that its missiles can be so effectively averted by my peculiar method of treating the armour plates with a new—"

The King signed to the Great Head Factotum to approach.

"Search this man," he said, "and report how many pockets he has."

"Forty-three, Sire," said the Great Head Factotum, completing the scrutiny.

"May it please your Majesty," cried the Ingenious Patriot, in terror, "one of them contains tobacco."

"Hold him up by the ankles and shake him," said the King; "then give him a check for forty-two million tumtums and put him to death. Let a decree issue declaring ingenuity a capital offence."

- Bob