Black Phones to combat Police Software

Things that can be undeleted from your phone using police software:

Things that can be undeleted from your phone using police software

Things that can be undeleted from your phone using police software

Software like Oxygen Forensic and AccessData allows anyone to recover data from phones and other mobile devices even after it has been deleted or undergone a factory reset.

Almost all of all handsets sold to recycling companies are reused, not recycled in the “conventional” context, making phone recycling a prime target for hackers using forensic data retrieval software. Here are the more concerning of the things that can be recovered from your phone using FDR software:

1. Images and videos

Even if you take a quick photo and delete it immediately after, along with all your other pictures and videos, it can be recovered.

What most people don’t know is that when you delete information off your phone or undergo a factory reset, the data itself is not being deleted, it still remains in areas of the flash chip called solid state memory. Factory resets only destroy the paths to the data. This obviously allows forensic software users to re-establish their own pathways and retrieve the data.

A YouGov poll showed 26 percent of people (in the UK, at least) believe that manually deleting a piece of data completely removes it from the device, whereas 37 percent believe a factory reset is enough (neither will fully remove personal data).

A full removal of personal data is not possible using a device’s in-built factory reset or by re-flashing the operating system.

2. Bank details on apps

Despite banks doing their best to make smartphone banking as secure as possible, as long as a code or pin is required to access a customer’s details, they are susceptible to forensic recovery.

The flat information that can be retrieved from the solid state memory also includes passwords and cryptograms that have been used within the phone’s apps.

This actually applies to any app that has ever been uploaded on a mobile device, which is a worrying thought for people who have sold their old phones or unwanted upgrades. To make matters worse, recent EU data security regulations have pushed legislation making it the responsibly of the handset owner to wipe all their data, not the recyclers or phone buyers. Despite this possibly being one of the most absurd legislations in history, until it is revisited (which should be March 2014), mobile phone consumers have been forced into a subjugate position.

However, if you happen to live outside of Europe, you aren’t affected by this legislation.

3. SMS and email messages (sent and received)

This could apply to all messages involving SMS, email, Whatsapp, WeChat, instant messaging, Skype, and MMS logs that have ever been used on the phone.

The level of detail a hacker could undelete from your phone depends solely on the level of patience the hacker has. Forensic retrieval and the replacement of data pathways can be a laborious process because there are so many areas within the phone where the solid state memory can hide the flat data.

4. Web browsing history

Over the years, more people have been using their phones to search Google and browse the Internet. To accommodate that, smartphone technology has become more sophisticated. The downside to this is that the more complex and intrinsic something becomes, the more it can be exploited.

5. Geo-positioning and location sensors

If having access to your private photos, messages, and passwords wasn’t enough, another concerning bit of information a potential hacker can get their hands on is the smartphone’s position sensor history.

So whenever a smartphone user has gone to lunch with their friends and tagged them all in a Facebook status update, all this logged information can be salvaged.

This could lead to a hacker being able to discover a former phone owner’s home address or hangout spots.

A military-standard data wipe is the only known way to properly erase not just the data paths but the data itself. There are many different terms for this kind of wipe, but it essentially works in a similar way to forensic retrieval software itself: it reforms the deleted pathways, but instead of recovering the data, it deletes it.

Companies like Cashinyourgadgets, Bozowi Sell My Mobile, and Money4urmobile offer this level of permanent data removal.  In the U.S., cell recycling companies like Cellularreturns, Celltradein, and Gadgetgobbler offer military-standard wipes.

Costs for this service vary significantly, but the price is usually about 5 percent to 15 percent of the phone’s recycle value. So if your handset could be recycled for $150, the cost to have it properly wiped would be somewhere around $15. However, the more aware the world is of forensic data retrieval software, the quicker companies like these will begin offering such a service for free (because they will have no choice).

A word of warning: If you are going to use an external company to perform a permanent wipe on your phone, always make sure they provide you with both a tracking number and a certificate of destruction. Companies like these will almost always arrange for a delivery service to pick up your phone from your home and drop it off afterwards, so a tracking number is important to monitor the process and make sure you are getting the full data removal. A certificate of destruction is useful because it means the company is accepting full responsibility for the data, so if your phone still manages to get hacked after the service, they will be legally accountable.

There have been some studies suggesting that multiple factory resets could also deleted the flat data due to it slowly wearing down the solid state memory, but the results were inconclusive.

One piece of good news: It’s likely this threat won’t be a permanent issue. The major mobile device developers will eventually find ways to bypass it altogether. Already we’re hearing about the upcoming Blackphone, which is apparently NSA-proof and allegedly impossible to hack. However, until it’s released, we won’t know for sure.

It’s unlikely forensic software will ever be outlawed, and even if developers fully bypass the threats it poses, another more advanced incarnation will be conjured up (the police still need to recover data, remember). What’s important is that mobile phone users are aware of the threat and begin to pressure electrical recyclers to do everything they can to prevent it.

Microsoft security is worthless

Microsoft security is worthless:

Microsoft security is worthless

Microsoft security is worthless

A assessment of Dennis Technology Labs , users antivirus software Microsoft might want to think about installing other malware protection .

Dennis Technology Labs, the independent testing laboratory software based in London , released a quarterly assessment of nine screening programs most popular in the market and found that virus Microsoft Security Essentials detected 39 percent of all malware tested .

The Microsoft program , available for free download to anyone with a validated copy of Windows rated well below the other programs evaluated , all of which drew 87 percent or higher. Kaspersky Internet Security 2014 ranked first , protection against 99 percent of the virus. Avast! Free Antivirus 8 was rated the best free program not only detects 2 percent of malware.

“We are fully committed to protecting our clients consumer and business against malware ,” a Microsoft spokesperson said in a statement . ” Our strong comprehensive solutions provide the necessary protection against malicious code and attacks. Supporting our antimalware partners helps in building a strong and diverse ecosystem to combat malware .”

Microsoft has a history of poor performance on tests of Dennis Technology Labs . A test from the beginning of this year found that it has lost 41 percent of all malware.  Microsoft has defended the performance of the product , saying it is not intended to be the only line of defense a user .

“We’ve had an epiphany a few years ago , back in 2011 when we realized that we had a higher calling and that was to protect all customers of Microsoft , ” Holly Stewart , senior manager of the Center Malware Protection Microsoft , told PC Pro . ” But you can not do that with a monoculture and you can not do that with an ecosystem of malware that is not attractive solid and diverse. ”

Stewart explained that instead of concentrating resources on your computer to have Microsoft ‘s own software will be able to identify all the latest viruses , which would focus on the search for new threats and send that information to other companies producing anti software virus .

This strategy makes sense if the ultimate goal is to keep users safe from malware Windows , but has the potential to leave some people believing that they have robust antivirus protection when you only have what Microsoft calls a ” baseline” from which users are encouraged to add additional virus protection .

Supreme Court addresses software patent

Supreme Court agrees to address key issue: Can software be patented?

 

Supreme Court agrees to address key issue: Can software be patented?

Supreme Court agrees to address key issue: Can software be patented?

 

Over the past few years, two aspects of patent law in the United States have come under increasing scrutiny. First, there’s been the rise of patent trolls who scoop up broad patents on particular methods or ways of performing an activity, then sue a number of companies (or even the end users) of that technology, claiming that their rights have been violated. Second, there’ve been an increasing number of lawsuits over the topic of software patents and the question of what is — or isn’t — patentable.

Now, the Supreme Court has agreed to take a case — Alice Corporation Pty. Ltd v CLS Bank International — that deals directly with the question of what is, or isn’t, patentable. Lower courts have been tangling with this issue for years — the question of specific software patents was at the heart of Google’s recent court spat with Oracle, which ended in a win for Google but may be lost on appeal.

Rise of the patent trolls

The central problem with software patents is the gray area between “Doing X on a computer” (clearly unpatentable) and the development of a new method of performing a task or function. The pro-patent argument is that a person who discovers a new algorithm or method of doing things in software has clearly invented something and is entitled to patent it. The anti-patent argument is that such “inventions’ are nothing but an application of mathematics. Mathematics cannot be patented in the US, so why should software carry patents?

Patent trolls, meanwhile, have inadvertently given a great deal of ammunition to the anti-software patents crowd by launching massive lawsuit campaigns to assert ownership over such mundane tasks as connecting a printer to a network. Companies now acquire huge war chests of patents specifically to use against other companies that engage in patent warfare. This is generally seen as one reason Google acquired Motorola several years ago, and Microsoft earns more from its patent licensing fees from Android than it does from Windows Phone.

One final thing to note is that patents and copyrights are two entirely different things. If software can’t be patented, Microsoft still retains a coypright on the code of Windows, Oracle still has a copyright on Java, and it would still be illegal to copy a program without an appropriate license. Lower courts have had little luck creating a clear-cut example of when a software invention is or is not patentable, so the hope is that the Supreme Court will issue clearer rules.

Raytheon secret software tracks social media ‘predicts’ future behavior

Rights groups slam Raytheon secret software that tracks social media and ‘predicts’ people’s future behavior:

Rights groups slam Raytheon secret software that tracks social media and ‘predicts’ people’s future behavior

Rights groups slam Raytheon secret software that tracks social media and ‘predicts’ people’s future behavior

 

A video obtained by the Guardian reveals how an “extreme-scale analytics” system created by Raytheon, the world’s fifth largest defence contractor, can gather vast amounts of information about people from websites including Facebook, Twitter and Foursquare. Raytheon says it has not sold the software – named Riot, or Rapid Information Overlay Technology – to any clients. But the Massachusetts-based company has acknowledged the technology was shared with US government and industry as part of a joint research and development effort, in 2010, to help build a national security system capable of analysing “trillions of entities” from cyberspace. The power of Riot to harness popular websites for surveillance offers a rare insight into controversial techniques that have attracted interest from intelligence and national security agencies, at the same time prompting civil liberties and online privacy concerns. The sophisticated technology demonstrates how the same social networks that helped propel the Arab Spring revolutions can be transformed into a “Google for spies” and tapped as a means of monitoring and control. Using Riot it is possible to gain an entire snapshot of a person’s life – their friends, the places they visit charted on a map – in little more than a few clicks of a button. In the video obtained by the Guardian, it is explained by Raytheon’s “principal investigator” Brian Urch that photographs users post on social networks sometimes contain latitude and longitude details – automatically embedded by smartphones within so-called “exif header data.” Riot pulls out this information, showing not only the photographs posted onto social networks by individuals, but also the location at which the photographs were taken. “We’re going to track one of our own employees,” Urch says in the video, before bringing up pictures of “Nick,” a Raytheon staff member used as an example target. With information gathered from social networks, Riot quickly reveals Nick frequently visits Washington Nationals Park, where on one occasion he snapped a photograph of himself posing with a blonde haired woman. “We know where Nick’s going, we know what Nick looks like,” Urch explains, “now we want to try to predict where he may be in the future.” Riot can display on a spider diagram the associations and relationships between individuals online by looking at who they have communicated with over Twitter. It can also mine data from Facebook and sift GPS location information from Foursquare, a mobile phone app used by more than 25 million people to alert friends of their whereabouts. The Foursquare data can be used to display, in graph form, the top 10 places visited by tracked individuals and the times at which they visited them. The video shows that Nick, who posts his location regularly on Foursquare, visits a gym frequently at 6am early each week. Urch quips: “So if you ever did want to try to get hold of Nick, or maybe get hold of his laptop, you might want to visit the gym at 6am on a Monday.” Mining from public websites for law enforcement is considered legal in most countries. In February last year, for instance, the FBI requested help to develop a social-media mining application for monitoring “bad actors or groups”. However, Ginger McCall, an attorney at the Washington-based Electronic Privacy Information Centre, said the Raytheon technology raised concerns about how troves of user data could be covertly collected without oversight or regulation. “Social networking sites are often not transparent about what information is shared and how it is shared,” McCall said. “Users may be posting information that they believe will be viewed only by their friends, but instead, it is being viewed by government officials or pulled in by data collection services like the Riot search.” Raytheon, which made sales worth an estimated $25bn (£16bn) in 2012, did not want its Riot demonstration video to be revealed on the grounds that it says it shows a “proof of concept” product that has not been sold to any clients. Jared Adams, a spokesman for Raytheon’s intelligence and information systems department, said in an email: “Riot is a big data analytics system design we are working on with industry, national labs and commercial partners to help turn massive amounts of data into useable information to help meet our nation’s rapidly changing security needs. “Its innovative privacy features are the most robust that we’re aware of, enabling the sharing and analysis of data without personally identifiable information [such as social security numbers, bank or other financial account information] being disclosed.” In December, Riot was featured in a newly published patent Raytheon is pursuing for a system designed to gather data on people from social networks, blogs and other sources to identify whether they should be judged a security risk. In April, Riot was scheduled to be showcased at a US government and industry national security conference for secretive, classified innovations, where it was listed under the category “big data – analytics, algorithms.” According to records published by the US government’s trade controls department, the technology has been designated an “EAR99″ item under export regulations, which means it “can be shipped without a licence to most destinations under most circumstances”.

Russia’s underground cybercrime market

The Russian underground economy has democratized cybercrime:

Russian cybercrime

Russian cybercrime

If you want to buy a botnet, it’ll cost you somewhere in the region of $700. If you just want to hire someone else’s for an hour, though, it can cost as little as $2—that’s long enough to take down, say, a call center, if that’s what you were in the mood for. Maybe you’d like to spy on an ex—for $350 you can purchase a trojan that lets you see all their incoming and outgoing texts. Or maybe you’re just in the market for some good, old-fashioned spamming—it’ll only cost you $10 for a million e-mails. That’s the hourly minimum wage in the UK. This is the current state of Russia’s underground market in cybercrime—a vibrant community of ne’er-do-wells offering every conceivable kind of method for compromising computer security. It’s been profiled in security firm Trend Micro‘s report, Russian Underground 101, and its findings are as fascinating as they are alarming. It’s an insight into the workings of an entirely hidden economy, but also one that’s pretty scary. Some of these things are really, really cheap. Rik Ferguson, Trend Micro’s director of security research and communications, explains to Wired.co.uk that Russia’s cybercrime market is “very much a well-established market.” He says: “It’s very mature. It’s been in place for quite some time. There are people offering niche services, and every niche is catered for.” Russia is one of the major centers of cybercrime, alongside other nations like China and Brazil (“the spiritual home of banking malware”). Russian Underground 101 details the range of products on offer in this established market—Ferguson says that they can be for targeting anyone “from consumers to small businesses.” He points to ZeuS, a hugely popular trojan that’s been around for at least six years. It creates botnets that remotely store personal information gleaned from users’ machines, and has been discovered within the networks of large organizations like Bank of America, NASA, and Amazon. In 2011, the source code for ZeuS was released into the wild—now, Ferguson says, “it’s become a criminal open source project.” Versions of ZeuS sell for between $200 and $500. Cybercriminal techniques go in and out of fashion like everything else—in that sense, ZeuS is a bit unusual in its longevity. That’s in large part because viruses and trojans can be adapted to take advantage of things in the news to make their fake error messages or spam e-mails seem more legitimate. For example, fake sites, and fake ads for antivirus software, aren’t as popular as they once were because people are just more computer literate these days. Exploits which take advantage of gaps in browser security to install code hidden in the background of a webpage have also become less common as those holes are patched up—but programs which embed within Web browsers still pose a threat, as the recent hullabaloo over a weakness in Java demonstrates. Ferguson points to so-called “ransomware” as an example of a more recent trend, where the computer is locked down and the hard drive encrypted. All the user sees on the screen is that tells them that their local law enforcement authority (so, in the UK, often the Metropolitan Police) has detected something like child pornography or pirated software on their PC, and if they want to unlock it they’ll have to send money to a certain bank account. No payment, no getting your hard drive back. Amazingly, if you pay that “fine,” then you will actually get your information back, says Ferguson. “But you’ve labeled yourself as an easy mark, and there’s no telling if they haven’t left behind a backdoor which will let them come back and try again,” he says. Child pornography and pirated software have been in the news a lot over the past few years, for obvious reasons, and that kind of thing directly influences the thinking of hackers and programmers. Taking the time to adapt these tools to recent trends can be very lucrative. DNSChanger, a popular trojan from 2007 to 2011, would infect a machine and change its DNS settings. When the user went to a webpage with ads on it, that traffic would give affiliate revenue to the scammers. One prominent DNSChanger ring (Rove Digital) was busted in Estonia in 2011—the FBI had been tracking them for six years, and during that time it was estimated that they’d earned around $14 million from this little trick. It also meant that the FBI was left with some critical Web infrastructure on its hands—those infected machines (which included machines at major organizations) could only access the Web through those Rove Digital servers. Months were spent trying to get people to check their computers for infection and ensuring that when those Estonian servers were shut off, it didn’t take down, say, a bank. The most recent trends in cybercrime, though, are very much focused on mobile—particularly Android, Ferguson explains: “We’ve seen so far 175,000 malicious threats for Android, and we expect that to be a quarter of a million by next year. Those threats come from malicious apps—if you want to stay safe, stick to official channels like Google Play, don’t just download from any site. Similarly, there aren’t any malicious iOS apps in the wild, on the App Store, but that only applies to iPhones aren’t jailbroken—downloading from other places puts your phone at risk.” These threats aren’t going away, either. In fact, according to Ferguson, “prices are going down” across the Russian underground: “Let’s not pretend that these people aren’t taking advantage of technology just like normal businesses—improvements in technology are getting faster, and there are things like cloud services which they also use. The bad guys are using technologies to drive down costs in the same way businesses are.” Ferguson cites the recent case of someone claiming to have bought the personal information of 1.1 million Facebook users for only $5 (£3.19) as further evidence of the growing problem of online information leaking into the hands of these cybercrime communities. Hackers and other cybercriminals make it their job to analyze security measures and find ways around them, because that information is where the value lies. While hackers and other cyber criminals can save by buying in bulk, the cost to the individual (or the business) that falls victim to one of these techniques is potentially much higher.

Windows 8 Users Prefer Windows 7

Over Half Of Windows 8 Users Still Prefer Windows 7:

Over Half Of Windows 8 Users Still Prefer Windows 7

Over Half Of Windows 8 Users Still Prefer Windows 7

Windows 8 is finally launching next month. It’s do or die time for the folks at Microsoft, and they need this to be a hit. The response to Windows 8 has been relatively positive, but the new OS has had its fair share of detractors. It’s even rumored that Intel’s CEO privately stated that Windows 8 isn’t ready. A new survey indicates that more people may dislike Windows 8 than initially thought. Forumswindows8.com, the self-proclaimed “largest Windows 8 help and support forum on the Internet,” recently surveyed over 50,000 Windows 8 users. The survey covered everything from strengths and weaknesses to general thoughts on Windows 8 versus its predecessors. The good news is that Windows 8 isn’t universally hated. The bad news is that a majority of Windows 8 users still prefer its predecessor with 53 percent saying that they like Windows 7 more. In comparison, only 25 percent chose Windows 8 as their favorite. That being said, those surveyed dumped a fair amount of praise on the operating system. A majority of users (56 percent) chose the fast boot and shut down of Windows 8 as their favorite feature. Fifty percent of users listed the easy installation as their favorite. From there, the numbers drop somewhat dramatically with only 35 percent of users listing Internet Explorer 10 as their favorite feature. In what may be more damning than anything, only 23 percent of users listed the Windows Store as their favorite feature. The Metro WIndows 8 UI doesn’t fare much better with only 22 percent claiming the feature to be their favorite. These are the two big selling points of Windows 8. Without support from users, Microsoft doesn’t have much of a chance. The theme of hating the new UI carries over to the answers supplied by respondents when surveyed on weaknesses. A relatively small, but still significant, 18 percent say that Microsoft needs to improve the two UI style system on desktops. A much larger 35 percent say that the price of Windows 8, which is set at $199 after a promotional price of $69, is too high. Despite the complaints about the desktop version of Windows 8, Microsoft seems to have made the right move with their Surface tablet. Out of all of those surveyed, a sizable chunk of respondents (25 percent) said that they would choose the Microsoft Surface tablet over the competition. Overall, this survey represents something that Microsoft should be concerned about. They’re less than a month away from launch and people still prefer Windows 7. To some extent, it’s to be expected. Every new operating system is met with trepidation, but Windows 8 was supposed to be different. It represents a cool, hip new Microsoft that’s focused on the consumer and entertainment. We’ve reached out to Microsoft to find out if they have any plans leading up to launch to get people excited about  Windows 8. We also asked if they have any plans to help fix or allieve the complaints that the respondents had. We’ll update as soon as we hear back.

Microsoft spy’s on you reports to Government

A patent filed by Microsoft reveals the company has voluntarily created software that provides the Government and other agencies seeking to spy on you:

Microsoft

A patent filed by Microsoft reveals the company has voluntarily created software that provides the Government and other agencies seeking to spy on you.

A patent filed by Microsoft seeks to give the company exclusive rights to intercept personal electronic communications and resend them directly to the Government and other agencies who may be seeking to spy on you.  By filing the patent, Microsoft clearly shows they have voluntarily created the software,  instead of waiting for a Government mandate to do so. The patent states that “the  government or one of its agencies may need to monitor communications” and software acts as a “recording agent” that is able to silently record the communication”.  The patent specifically names certain types of communications, such as Skype calls, instant messaging, video conferencing software, and even meeting software but does not stop there. Instead it goes on to label just about all electronic devices you can think of as a computer and requests for a patent to be able to intercept digital communications from those devices, and even access data stored in a variety of other storage mediums, and forward the to the Government.  A Gizmodo article on the patent points out that Microsoft appears to trying to patent Skype spying,  which is specifically named within the patent,  but the scope of patent goes far beyond the ability to just spy on Skype calls.  Only by digging into the patent can you see the deceptiveness in Microsoft’s the labeling of certain technologies and realize the true scope of what the software company is trying to provide the Government easy access to spy on.  For example, the label all packet-based communication as VoIP, which clearly nothing is further from the truth. All data that can be sent over the internet is a “packet-based communication”.

[…] the term VoIP is used to refer to standard VoIP as well as any other form of packet-based communication that may be used to transmit audio over a wireless and/or wired network. For example, VoIP may include audio messages transmitted via gaming systems, instant messaging protocols that transmit audio, Skype and Skype-like applications, meeting software, video conferencing software, and the like.

The patent goes on and deceptively labels all digital electronic devices as computers, say that everything from computers, to printers, gaming devices, automobile systems, even printers, home appliances and all other mobile based electronics are computers. The patent even applies to microcontroller which are often the brain of electronic devices and used in products ranging from automobile engine control systems, implantable medical devices, remote controls, office machines, appliances, power tools, and even toys.

A computer may include any electronic device that is capable of executing an instruction[…]

Examples of well known computing systems, environments, or configurations that may be suitable for use [include] personal computers, server computers, hand-held or laptop devices, multiprocessor systems, microcontroller-based systems, set-top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, personal digital assistants (PDAs), smartphones, gaming devices, printers, appliances including set-top, media center, or other appliances, automobile-embedded or attached computing devices, other mobile devices, distributed computing environments that include any of the above systems or devices, and the like.

The patent also doesn’t stop with computers or even communications for that matter. It targets a variety of offline mediums that can used to store data and even computer programs themselves.

[…] a variety of computer-readable media [including] any available media that can be accessed by the computer  removable and non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, program modules, or other data.

Computer storage media includes RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile discs (DVDs) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by the computer.

The patent further reveals that the software’s capability includes the ability to intercept all digital communications regardless of the medium, or whether they are online or offline, bluntly including the ability to intercept all modulated data signals.

Communication media typically embodies computer-readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. The term “modulated data signal” means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared and other wireless media. Combinations of any of the above should also be included within the scope of computer-readable media.