Comments on: Ethics of spilled COFEE

By: tim breen

tim breen — Sat, 13 Feb 2010 07:27:38 +0000

What is the big issue with this? Surely not keeping it secret doesn’t give the hackers a leg up in the race? Its just another forensic tool.

By: Network Security Blog » Network Security Podcast, Episode 173

Network Security Blog » Network Security Podcast, Episode 173 — Tue, 10 Nov 2009 23:10:12 +0000

[...] COFEE Forensic tool leaked to What.cd, admins ban it – It’s an interesting toy, but the open source community can do better. [...]

By: mjpinvestor

mjpinvestor — Mon, 09 Nov 2009 19:17:20 +0000

I think the hype or obscurity made the leak more of an event than it should be. It really does look like another forensics framework that uses the same ideas and concepts of others that are readily available. Since it was kept under wraps, people become suspicious of what MS, the owner of the operating system, might have in their tool that others do not have.

From what I’ve seen, it really does look like the typical framework that launches the builtin tools and sysinternals utilities. The random name generation is something I have not seen in the other frameworks.

http://praetorianprefect.com/archives/2009/11/more-cofee-please-on-second-thought/

By: Michael Dundas

Michael Dundas — Mon, 09 Nov 2009 15:41:37 +0000

It is out there and all the amount of attempting to hide it won’t work — I think we all no that.

There are people that have had access to the tool for sometime that are not law enforcement, don’t believe everything you read.

It is really just a wrapper GUI, for freeware and open source with a GUI reporting front end. And you can set specific profiles etc.

Ethically, I think companies are naive for doing this type of security through obscurity. There are many ‘better’ software packages out there, and I really hope that if Law enforcement is investigating serious breeches such as critical infastructure they use other better software instead of or as well as COFEE and most importantly, please use trained investigators ….. if you don’t and it goes to court it won’t be a good thing .. we want the bad guys in jail not free.

By: Brian

Brian — Mon, 09 Nov 2009 15:16:20 +0000

For people who believe in security by obscurity, this is a big deal. But if, as you say, this is just a re-packaging of existing tools, then I would be interested in which targets would have the security risks measurably increased. Copyright issues aside, I don’t have any interest in this tool.

I would be very interested if this spurs competition in the security-tools-for-the-average-cop market. I doubt that it will, as I suspect that the “average police officer” trusts security by obscurity more than they should.

By: Martin

Martin — Sun, 08 Nov 2009 23:03:02 +0000

I checked with my contacts at Microsoft and was told they are aware of the issue. I’m not sure what they can do about it at this point, but they’ve been informed.

By: freck

freck — Sun, 08 Nov 2009 20:55:55 +0000

ahahhaha yeah i just got it, i love the internet

By: Khürt L Williams

Khürt L Williams — Sun, 08 Nov 2009 18:42:04 +0000

I think what you do about depends on what kind of “security professional” you are. As a CISSP, I feel ethically bound to reportt people who make it available. Anything less would be ignoring my responsiblity to the public.