Recently in Desktop Operating Systems Category

Note: Interesting litigation. With our split supreme court, I'm curious to see how this turns out.
------------

The Colorado prosecution of a woman accused of a mortgage scam will test whether the government can punish you for refusing to disclose your encryption passphrase.

The Obama administration has asked a federal judge to order the defendant, Ramona Fricosu, to decrypt an encrypted laptop that police found in her bedroom during a raid of her home.

Because Fricosu has opposed the proposal, this could turn into a precedent-setting case. No U.S. appeals court appears to have ruled on whether such an order would be legal or not under the U.S. Constitution's Fifth Amendment, which broadly protects Americans' right to remain silent.

In a brief filed last Friday, Fricosu's Colorado Springs-based attorney, Philip Dubois, said defendants can't be constitutionally obligated to help the government interpret their files. "If agents execute a search warrant and find, say, a diary handwritten in code, could the target be compelled to decode, i.e., decrypt, the diary?"

To the U.S. Justice Department, though, the requested court order represents a simple extension of prosecutors' long-standing ability to assemble information that could become evidence during a trial. The department claims:

Public interests will be harmed absent requiring defendants to make available unencrypted contents in circumstances like these. Failing to compel Ms. Fricosu amounts to a concession to her and potential criminals (be it in child exploitation, national security, terrorism, financial crimes or drug trafficking cases) that encrypting all inculpatory digital evidence will serve to defeat the efforts of law enforcement officers to obtain such evidence through judicially authorized search warrants, and thus make their prosecution impossible.

Prosecutors stressed that they don't actually require the passphrase itself, meaning Fricosu would be permitted to type it in and unlock the files without anyone looking over her shoulder. They say they want only the decrypted data and are not demanding "the password to the drive, either orally or in written form."

The question of whether a criminal defendant can be legally compelled to cough up his encryption passphrase remains an unsettled one, with law review articles for at least the last 15 years arguing the merits of either approach. (A U.S. Justice Department attorney wrote an article in 1996, for instance, titled "Compelled Production of Plaintext and Keys.")

Much of the discussion has been about what analogy comes closest. Prosecutors tend to view PGP passphrases as akin to someone possessing a key to a safe filled with incriminating documents. That person can, in general, be legally compelled to hand over the key. Other examples include the U.S. Supreme Court saying that defendants can be forced to provide fingerprints, blood samples, or voice recordings.

On the other hand are civil libertarians citing other Supreme Court cases that conclude Americans can't be forced to give "compelled testimonial communications" and extending the legal shield of the Fifth Amendment to encryption passphrases. Courts already have ruled that that such protection extends to the contents of a defendant's mind, so why shouldn't a passphrase be shielded as well?

In an amicus brief (PDF) filed on Friday, the San Francisco-based Electronic Frontier Foundation argues that the Justice Department's request be rejected because of Fricosu's Fifth Amendment rights. The Fifth Amendment says that "no person...shall be compelled in any criminal case to be a witness against himself."

"Decrypting the data on the laptop can be, in and of itself, a testimonial act--revealing control over a computer and the files on it," said EFF Senior staff attorney Marcia Hofmann. "Ordering the defendant to enter an encryption password puts her in the situation the Fifth Amendment was designed to prevent: having to choose between incriminating herself, lying under oath, or risking contempt of court."

The EFF says it's interested in this case because it wants to ensure that, as computers become more portable and encrypting data becomes more commonplace, passphrases and encrypted files receive full protection under the Fifth Amendment.

Because this involves a Fifth Amendment claim, Colorado prosecutors took the unusual step of seeking approval from headquarters in Washington, D.C.: On May 5, Assistant Attorney General Lanny Breuer sent a letter to John Walsh, the U.S. Attorney for Colorado, saying "I hereby approve your request."

While the U.S. Supreme Court has not confronted the topic, a handful of lower courts have.

In March 2010, a federal judge in Michigan ruled that Thomas Kirschner, facing charges of receiving child pornography, would not have to give up his password. That's "protecting his invocation of his Fifth Amendment privilege against compelled self-incrimination," the court ruled (PDF).

A year earlier, a Vermont federal judge concluded that Sebastien Boucher, who a border guard claims had child porn on his Alienware laptop, did not have a Fifth Amendment right to keep the files encrypted. Boucher eventually complied and was convicted.

One argument published in the University of Chicago Legal Forum in 1996--constitutional arguments among legal academics have long preceded actual prosecutions--says:

The courts likely will find that compelling someone to reveal the steps necessary to decrypt a PGP-encrypted document violates the Fifth Amendment privilege against compulsory self-incrimination. Because most users protect their private keys by memorizing passwords to them and not writing them down, access to encrypted documents would almost definitely require an individual to disclose the contents of his mind. This bars the state from compelling its production. This would force law enforcement officials to grant some form of immunity to the owners of these documents to gain access to them.

Translation: One way around the Fifth Amendment is for prosecutors to offer a defendant, in this case Fricosu, immunity for what they say. But it appears as though they've stopped far short of granting her full immunity for whatever appears on the hard drive (which may not, of course, even be hers).

Fricosu was born in 1974 and living in Peyton, Colo., as of last fall. She was charged with bank fraud, wire fraud, and money laundering as part of an alleged attempt to use falsified court documents to illegally gain title to homes near Colorado Springs that were facing "imminent foreclosure" or whose owners were relocating outside the state. Some of the charges include up to 30 years in prison; she pleaded not guilty. Her husband, Scott Whatcott, was also charged.

A ruling is expected from either Magistrate Judge Michael Hegarty or District Judge Robert Blackburn.

Jennifer Guevin contributed to this report.


Enhanced by Zemanta
Note: Received via email from Microsoft. I've been testing/using Windows 7 for a few months now. Great OS!

--

-

On April 30th, the RC became available to MSDN subscribers and TechNet Plus subscribers.

-

On Tuesday, May 5 (PST), the RC will be available to everyone via our Customer Preview Program. As with the Beta, the Windows 7 RC Customer Preview Program is a broad public program that offers the RC free to anyone who wants to download it. It will be available at least through June 30, 2009, with no limits on the number of downloads or product keys available.


So you don't need rush to make sure you get your copy. When you're ready to download the RC, it'll be waiting for you.


To get the RC please use one of the following links:

-

Developers

-

IT Pros/Microsoft Partners

-

Tech Enthusiasts/Consumers



IMPORTANT: If you are running Windows 7 Beta you'll need to back up your data (preferably on an external device) and then do a clean install of the Windows 7 Release Candidate. After installing Windows 7, you will need to reinstall applications and restore your files. If you need help with the installation process, please see the Installation Instructions.


If you're running Windows Vista, you can install Window 7 RC without having to back up and reinstall your programs and data. But to be on the safe side, please do backup your data before you start.


Windows 7 to have an 'XP mode'

| No Comments
Note: Why? Why continue looking backwards and adding additional bloat to what was sounding like a great VISTA replacement!
--

Microsoft is trying to make it easier to sway users of Windows XP onto the latest version of its operating system.

For some time now, the company has been quietly building a "Windows XP mode" that uses virtualization to allow Windows 7 to easily run applications designed for Windows XP. According to sources familiar with the product, the application compatibility mode is built on the Virtual PC technology that Microsoft acquired in 2003, when it scooped up the assets of Connectix.

By adding the compatibility mode, Microsoft is aiming to address one of the key shortcomings of Windows Vista: its compatibility issues with software designed for Windows XP and earlier versions of the operating system.

Details of the Windows XP mode, previously known as Virtual Windows XP, were first published earlier Friday by the Windows SuperSite blog.

The technology has not been part of the beta version of Windows 7 or previously disclosed by Microsoft, but is expected to be released alongside the upcoming release candidate version. Microsoft said on Friday that it will release it to developers next week and publicly starting May 5.

According to the SuperSite report, written by bloggers Paul Thurrott and Rafael Rivera, the XP mode won't come in the box with Windows 7, but will be made available as a free download for those who buy the professional, enterprise, or "ultimate" versions of Windows 7. The site also has some screenshots of the mode in action.

There had been rumors of a secret user interface, but until Friday, no mention of the XP mode.

Update: Late on Friday, Microsoft confirmed XP Mode in a blog posting.

"Windows XP Mode is specifically designed to help small businesses move to Windows 7," Microsoft's Scott Woodgate said in the blog. "Windows XP Mode provides you with the flexibility to run many older productivity applications on a Windows 7 based PC."

According to the post, "all you need to do is to install suitable applications directly in Windows XP Mode which is a virtual Windows XP environment running under Windows Virtual PC. The applications will be published to the Windows 7 desktop and then you can run them directly from Windows 7."

Microsoft said it "will be soon releasing the beta of Windows XP Mode and Windows Virtual PC for Windows 7 Professional and Windows 7 Ultimate."


Back in the old days when TVs and radios had tubes, it took a couple of minutes for a set to warm up before you could watch or listen. But even then, you could turn it off instantly. That's not true with Windows PCs. Not only does it sometimes take seemingly forever for them to boot, but it can take several minutes for one to shut down. Even worse, if a program stops responding, you may or may not be able to shut it down. And even if it does terminate, it may take awhile.

And by the way, I'm not just talking about Windows XP and Vista. I'm having the same problem with Windows 7 though, to be fair, the new operating system is still in beta so it's possible that Microsoft could amaze and delight me by fixing this in the final version.

I can understand why it takes at least some time for a PC to boot from a power-off situation because the operating system and some software and drivers have to be copied from storage into memory. But I can't understand why it takes more than a few seconds for the computer or one of its applications to shut down. I realize that sometimes there is a bit of housekeeping to do in the form of closing files but--give me a break--should that really have to take up to five minutes? And there have been countless times in my experience when it simply never shuts down, forcing me to hold the power button for several seconds. I've even had laptops that were so stubborn that I had to remove the battery to turn them off.

I'm particularly annoyed at how Windows often fails to terminate programs that have crashed. In theory, pressing Ctrl Alt and Delete to bring up the Task Manager followed by clicking End Task should simply stop the program and return you to the operating system. But that doesn't always work. Sometimes the program just hangs there forever, sometimes it quits after a random period of time and sometimes the entire computer just crashes. Imagine if you had a lamp in your house that was malfunctioning and the only way to turn it off was to turn off all the power to your house from the main breaker.

I haven't raised this particular issue with people at Microsoft, but a couple of years ago- when I was researching a story for The New York Times on technology energy hogs, the standard response from folks in Redmond was to blame third party applications and drivers for the fact that Windows machines often fail to properly go to or wake up from from sleep mode. Third party applications may very well be to blame, but it's no excuse. One of Windows strongest selling points is its ability to work with software and hardware from thousands of sources so it seems to me that a company with the resources and experience of Microsoft should have by now figured out how to handle errant programs and drivers.

I do like many of the improvements in Windows 7 and appreciate that it boots a little faster and--at least on my machine--seems better at going to sleep and waking up. Now all I want is the ability to turn off the darn machine and terminate a misbehaving program without having to dedicate my entire afternoon to the task.

March 26, 2009 (Computerworld) Dell Inc. announced on Tuesday a new PC that, among its other impressive specs, can be upgraded to sport as much as 192GB of ultrafast DDR3 RAM.

The Precision T7500 sports 12 memory slots, each of which can take a PC10600 stick (1333 MHz) of up to 16GB.

Most new desktop PCs have two to four RAM slots that can take up to 4GB modules of DDR2 memory that runs between 400 MHz and 1066 MHz in speed.

Not a high-end gamer PC, the Precision T7500 workstation (which starts at $1,800) is aimed at video game designers, engineers and digital animators.

Xobni, the Outlook e-mail helper launched at the TechCrunch 40 conference in 2007, is finally leaving its official beta phase. It's getting some needed updates in the 1.0 release, although no major new features. Xobni is also announcing that it's closed its B round of funding.

Xobni logo

The software updates for Xobni are all in the performance and compatibility areas. The product is now faster, co-founder Matt Brezina told me. In other words, it should work acceptably quickly for users with large e-mail installations, such as Xobni investor Josh Kopelman. Passing "The Kopelman Experiment," Brezina says, was a key milestone during development.

The product now has caching and other performance tweaks so it doesn't drag Outlook performance down during message switching, and it has a feature that allows it to be installed but not automatically run at Outlook start-up; users can turn on Xobni when they want it, or turn it off to free up resources.

Download Xobni here.

It's also supposed to be more compatible with key products that interact with Outlook, such as Microsoft's Dynamic CRM and Outlook Business Contact Manager, and the enterprise versions of McAfee virus scanner, version 8.5 and up (I'm sad to report it doesn't work with version 8.0, which is what I have installed on my laptop).

"We truly needed this beta period," Brezina said as he ran down the tweaks the team made with the product. Installed software, he reminded me, is much harder to develop than Web apps, since the compatibility testing is so much more complex.

Cisco is in
The company has also closed a $10.5 million second round of venture funding, led by Cisco ($5 million) (previous story), with participation of the Blackberry Partner Fund ($3.2 million) and all the previous investors.

Cisco's participation in the Xobni project is telling, and hopefully will help push Xobni beyond the world of just Microsoft e-mail and toward creating products for other platforms. Brezina told me the company's vision is to diversify its products but keep a focus on helping people index personal (as oppose to the world's) information.

Xobni "hasn't made a penny yet," Brezina said, but it will be announcing a premium product this summer, as well as paid online services. Brezina would not elaborate on these plans.

Read previous Xobni coverage.

This screenshot shows varying frequencies of keystrokes, with the arrow pointing to what a stroke on the space bar looks like on a spectrogram.


VANCOUVER, B.C.--Presenters at the CanSecWest security conference detailed on Thursday how they can sniff data by analyzing keystroke vibrations using a laser trained on a shiny laptop or through electrical signals coming from a PC connected to a PS/2 keyboard and plugged into a socket.

Using equipment costing about $80, researchers from Inverse Path were able to point a laser on the reflective surface of a laptop between 50 feet and 100 feet away and determine what letters were typed.

Chief Security Engineer Andrea Barisani and hardware hacker Daniele Bianco used a handmade laser microphone device and a photo diode to measure the vibrations, software for analyzing the spectrograms of frequencies from different keystrokes, as well as technology to apply the data to a dictionary to try to guess the words. They used a technique called dynamic time warping that's typically used for speech recognition applications, to measure the similarity of signals.

Line-of-sight on the laptop is needed, but it works through a glass window, they said. Using an infrared laser would prevent a victim from knowing they were being spied on.

The only real way to mitigate against this type of spying would be to change your typing position and mistype words, Barisani said.

In the second attack method, the researchers were able to spy on the keystrokes of a computer which was using a PS/2 keyboard through a ground line from a power plug in an outlet 50 feet away.

"Information leaks to the electric grid," said Barisani. "It can be detected on the power plug, including nearby ones sharing the same electric line" as the victim's computer.

The researchers used a digital oscilloscope and analog-digital converter, as well as filtering technology to isolate the victim's keystroke pulses from other noise on the power line.

Their initial test, which took about five days to prepare and perform, enabled them to record individual keystrokes but not continuous data such as words and sentences, though they expect to be able to do that within a few months, Barisani said.

In addition to being used to sniff a neighbor's keystrokes in a nearby room, the attack could be used to sniff data from ATM machines that use PS/2 or similar keypads, Barsani said. The attack does not work against laptops or USB keyboards, he said.

The attacks are similar to other recent research that involves sniffing keystrokes through a wireless antenna.

And of course there is the big daddy of these types of remote sniffing attacks, TEMPEST, which allows someone with a lot of expensive equipment to sniff the electromagnetic radiation emanating from a video display.

The new attacks are easier and can be accomplished at lower cost, the researchers said.

LAS VEGAS--Aiming to better compete against a growing list of rivals, Microsoft on Thursday is launching Internet Explorer 8, the latest version of its Web browser.

Click for gallery

IE 8, as the browser is known, was first shown a year ago and has been in testing for months. The new browser adds security improvements, a private browsing option, as well as the ability to save pre-defined "slices" of a Web page for at-a-glance viewing.

But perhaps the biggest change in the browser is one made behind the scenes--the decision to make the browser better adhere to Web standards. That should make life easier for Web developers in the future, but also poses compatibility challenges for sites that are optimized specifically for older versions of IE. In part to address this, Microsoft has a "compatibility" mode that lets Web sites indicate if they would prefer to be run by an engine that is more like older versions of the browser.

As expected, Microsoft is using the Mix 09 conference for Web developers as the launchpad for IE 8.

The release of IE 8 comes as Microsoft has been losing share to leading rival Firefox and also seeing stepped-up competition from Google and Apple, among others. The global market share of Internet Explorer, which was more than 90 percent in 2004, ended last year at just above 70 percent, according to Net Applications.

Both Google and Apple have been touting the performance of their new JavaScript engines, but Microsoft has sought to downplay speed concerns. The company last week released a video it says shows that, in many cases, IE 8 is just as fast as other browsers in loading popular Web sites.

"In most cases the difference could literally be measured by a blink of an eye," said Microsoft Senior Director Amy Barzdukas. "That kind of speed becomes almost a push."

Despite IE's waning share, the European Union has said it is considering sanctioning Microsoft for bundling a Web browser into its operating system in the first place, a move that it says appears to violate its antitrust laws.

As for IE 8, Microsoft will make it available for download beginning at 9 a.m. PDT on Thursday, but will wait a while before it begins to push it to Windows users who have their computers set to get the latest updates automatically.

A version of Internet Explorer 8 will also be built into Windows 7, though it is one of many Windows components that users will be able to turn off if they wish.

As for the future, Microsoft isn't saying much about its browser plans, but corporate vice president Mike Nash did seek to quash speculation that IE 8 will be the end of the road.

"I can't say what it will be called," he said of the next version of the browser. "But we're not done."


The return of L0phtCrack (v6)

| No Comments
Softpedia

The rights for L0phtCrack, one of the favorite tools of now old-school hackers, have been reacquired by its original developers from Symantec. They plan to release version 6 of the application at the upcoming SOURCE Conference in Boston, on March 11th.

To have a glimpse at the history of L0phtCrack, we have to go back in time to around 1992, when a bunch of students from Boston formed a group named L0pht Heavy Industries, which was later to become one of the most famous hacking collectives in the history of the Internet.

The hacking outfit was headquartered in a loft apartment, hence its name, from where it ran various websites and released hacking software. L0pht Heavy Industries was one of the few underground hacking groups to evolve into a security consultancy company.

Its members included the likes of Christien "Dildog" Rioux, former Symantec researcher and author of the controverted Back Orifice 2000 remote administration application, Peiter "Mudge" Zatko, who was summoned by President Clinton, along with other security professionals in 2000 to discuss the major DDoS attacks on the Internet at the time, Chris "Weld Pond" Wysopal, named in 2008 by eWeek one of the "100 Most Influential People in IT" for his achievements and contribution to the industry along the years, and Joe "Kingpin" Grand, electrical engineer and inventor, currently one of the stars of Discovery Channel's "Prototype This!" TV series.

The group members are also famous for testifying in 1998 before the U.S. Senate that they could bring the Internet down in 30 minutes. The L0pht underground hacking think tank came to an end in 2000, when it merged into a security company known as @stake, which was acquired by Symantec in 2004 along with the successful L0phtCrack password auditing tool.

L0phtCrack logo
Enlarge picture
L0phtCrack was much appreciated by the hacking community for its ability to use dictionary and brute-force attacks, as well as rainbow tables in order to crack weak passwords. The graphical interface version required purchasing a license, however, the command-line one was offered for free. Symantec discontinued sales of and support for the product in 2006, allegedly because it was conflicting with regulations in the U.S.

"Space Rogue," one of the former L0pht members, announced yesterday on his blog that "L0phtCrack, the original and still the best password auditing tool for MS windows based systems, will be re-released at Source Boston by the original authors." Meanwhile, the l0phtcrack.com website confirms the come-back. "At a special information session at SOURCE Boston (Thursday, 10:15am), the team that brought you L0phtCrack will be releasing version 6 of the highly-acclaimed Windows password auditing tool," the website announces.

Details on the new version are scarce, but, according to "Space Rogue," new features include support for 64-bit platform and upgraded rainbow tables. "Details on potential additional new features, and pricing have not yet been released, but you can bet that it will be better than Symantec's," the former-hacker writes.




 Where is James King?


 

Language Translation




 

Other Links:


 Main
 Public Trail Maps
 Archives
 CMS
 About/Contact
 Twitter @BruteForce
 Facebook
 LinkedIn
 Geocaching
 View DGP stats

 

My Audio & Video:


 Flickr
 YouTube
 Pandora

 

Elsewhere:


 ATV Utah
 Our ATV Obsession
 Bogley Outdoor Community
 ATV Escape
 Trish's Cake Shop
 Dennis Udink's Site
 Army Ranger
 Alex's World
 Grizzly Guy
 Adventure World TV
 WeatherCam: UofU
 Delta Bravo Sierra Comics  
 PowerPoint Ranger Comics
 Reversaroller ATV Winch

March 2022

Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    

Recent Photos

About this Archive

This page is an archive of recent entries in the Desktop Operating Systems category.

Communications is the previous category.

Exploits and Security is the next category.

Find recent content on the main index or look in the archives to find all content.