Ed Bott of "Ed Bott's Microsoft Report" takes issue with many of the blogger's who reported on this story (I'd assume he includes this blog in his "echo chamber" comment). Here's a quote
OK, now go read the linked story from the Seattle Times. There’s not a word - not one word - about back doors or encryption. Sadly, the usual suspects in the Techmeme echo chamber are whipping the inaccuracy around the infield at major league speeds. CrunchGear says Microsoft has “developed a thumb drive that helps Johnny Law quickly extract information, encrypted or otherwise, from computers.” And Valleywag talks about “a USB dongle that plugs into a computer, bypasses any Windows passwords or encryption, and quickly downloads sensitive data such as your Web browsing history.”
In fact, if this rather unremarkable collection of Microsoft-developed hacker tools actually did contain anything new, I would certainly expect that the highly vocal security community would have said something. If there turned out to be a back door in BitLocker or any other form of encryption, the real experts would be publishing the results. But they haven’t said a thing, because there isn’t a story here.
Let’s see how long it takes for the corrections to begin appearing. I’m not holding my breath.
The problem is this: While Ed Bott rightfully "calls everyone out" for jumping to negative conclusions on limited facts he then takes the same limited facts and jumps to the opposite (positive) conclusion. He even goes further by assuming Microsoft's COFEE is the equivalent of another tool on the market (again, based on no real evidence)...
For anyone who is ill-informed enough to think that these tools are going to land in the hands of bad guys, I have some bad news. They’re way ahead of you. The community-developed USB Switchblade has been around since at least September 2006. And as security expert Jesper Johansson points out, it has an impressive feature set:
In truth, Microsoft is vague on what exactly is in this device and their claims lead one to think there are "back doors" involved. When they say that the device can retrieve password protected data off a PC in "as little as 20 minutes" they open themselves up to suspicion. Especially as the maker of the system doing the password protection.
As for corrections, I said this (bold added for this post)...
Microsoft's job when making an OS is to make it as secure as possible. I, as a Microsoft customer, trust that they will do everything they can to make their system secure (as they claim to do). The fact that they'd even build a device like this seems like a violation of that trust. Especially since it seems they put hooks into the OS to facilitate its creation.
and I stand by it. The logical conclusion based on the comments Microsoft had made was that Microsoft used their extensive knowledge of Windows (including the source code) to create this device and make it as effective as it is (for the record, Microsoft has since denied using any "back doors")
Finally, even if it doesn't contain a single piece of inside information I still take offense at Microsoft pointing out ways to crack my OS. Again, it comes down to me as a customer putting faith in them as a software developer to do everything they can to boost my security (as opposed to circumventing it). Creating a way to crack that security and giving it away as marketing is still very upsetting.
P.S. Given how condescending Mr. Bott's post was I think I deserve some kind of karma credit for getting through this entire post without once using the phrase "poor man's Mary Jo Foley"