Category Archives: Google

Google to offer up $3.14159 million if you can crack Chrome OS

Quote

Posted on by
Reply

Google quite frequently offers up cash to those who can find security holes in its software, and if you are headed to Pwnium this year, you can walk away with a serious amount of cash.

Google is offering up $3.14159 million to anyone able to hack the Chrome OS. Now, they will not be giving this amount to one individual but will be offering up a piece of that Pi to anyone who can find and exploit a flaw in Chrome OS via a web page.

Google will be giving out $110,000 for each temporary compromise or $150,000 for each compromise that is able to survive a reboot of the machine. One stipulation is that the flaw must be executed on a Samsung 550 Chromebook that is using a WiFi connection

For Google, while this may sound expensive, it’s actually a cheap way to have someone else do your security work and find holes before they are uncovered in the wild and executed. While this is not a lazy approach as Google has a security team working on the OS, no single entity is perfect. By crowdsourcing its security efforts alongside its internal procedures, it helps to make the OS more secure which is a benefit to the end user.

The Pwnium contest will take place in Vancouver in March

Google to offer up $3.14159 million if you can crack Chrome OS – Neowin.

Eric Schmidt: Chinese Hacking Will Leave US Disadvantaged Economically

Quote

Posted on by
Reply

eric Eric Schmidt: Chinese Hacking Will Leave US Disadvantaged EconomicallyGoogle executive chairman Eric Schmidt has predicted that China’s relentless culture of hacking and cyber espionage will put the US at a huge disadvantage and lead to a two-tier internet system. The option open to the US in the face of this future? Form closer alliances between the technology industry and the government.

The revelation was made in The New Digital Age: Reshaping the Future of People, Nations and Business, a book penned by Schmidt and collaborator Jared Cohen, director of Google Ideas, which the Wall Street Journal has managed to get a sneak peak at. The warnings are particularly worth noting considering, as WSJ points out, the fact that the last time Schmidt and Cohen got together to put a few ideas down on paper, they predicted the Arab Spring.

Eric Schmidt: Chinese Hacking Will Leave US Disadvantaged Economically | DFI News.

15,000 Raspberry Pi PCs go to UK students, courtesy of Google

Quote

Posted on by
Reply

The Raspberry Pi Foundation recently announced that it has now sold around one million of its $35 “Model B” Linux-powered PCs. Today, the company can add 15,000 more units to its total, but these PCs will be sent out to school children in the UK for free.

In a post on the foundation’s blog, it announced that it has received a grant from Google Giving, the charity arm of Google. The foundation said:

We’re going to be working with Google and six UK educational partners to find the kids who we think will benefit from having their very own Raspberry Pi. CoderDojo, Code Club, Computing at Schools, Generating Genius, Teach First and OCR will each be helping us identify those kids, and will also be helping us work with them.

The grant will also help to pay for 15,000 teaching and learning packs to go along with the Raspberry Pi PCs. The foundation celebrated the Google donation in a school in Cambridge today which Google’s executive chairman Eric Schmidt attended.

The Raspberry Pi Foundation launched the $35 Model B PC as an educational tool first and foremost, and the group believes that Google’s new grant will help generate more interest in computer science in UK schools.

15,000 Raspberry Pi PCs go to UK students, courtesy of Google.

Google Report Reveals Warrantless Surveillance of Users’ Data

Quote

Posted on by
Reply
google 2 Google Report Reveals Warrantless Surveillance of Users Data
       Courtesy of Annette Shaff/Shutterstock.com

In the first part of 2012, Google demonstrated that surveillance of Gmail and other accounts had skyrocketed to new levels. Now, in a transparency report, the company shows that the trend of increased snooping continued unabated in the second half of the year — with much of it authorized without a search warrant.

U.S. authorities lodged 8,438 requests for user data between July and December, in comparison with 7,969 between January and June (an increase of 6 percent). On average, in 2012 Google complied with about 89 percent of the U.S. requests it received.

For the first time, Google has broken down the kinds of legal processes authorities used to request access to the data. The company reported that 68 percent of the requests it received from government entities in the United States were made without a search warrant and instead via subpoenas, which it says “are the easiest to get because they typically don’t involve judges.”

Google Report Reveals Warrantless Surveillance of Users’ Data | DFI News.

Cellebrite’s Experts Identify Mobile Forensics Trends for 2013

Quote

Posted on by
Reply

To gather this list, Cellebrite interviewed a number of prominent experts from law enforcement, corporations and universities, as well as industry analysts, familiar with mobile forensics, information security and e-discovery and the most advanced mobile forensic products available today. They highlighted the following nine trends as the most critical for investigative and legal professionals to prepare for the upcoming year:

  1. BYOD impacts the forensics industry. While “Bring Your Own Device” (BYOD) seemed to infiltrate the enterprise in 2012, the mobile forensics industry will confront the impact of this growing trend in the year ahead. BYOD adoption across the enterprise means that forensics professionals will encounter a greater number of compromised phones. According to John Carney, Chief Technology Officer, Carney Forensics, “For e-discovery experts, BYOD will mean contending with more devices that contain both personal and corporate evidence as well as an increase in legal challenges related to device access and privacy during corporate investigations.”
  2. Critical data: there’s an app for that. According to a 2012 Nielsen report, the average smartphone user has approximately 41 apps installed on a single device. “Whether it’s mobile messaging, personal navigation, social media or improving productivity – apps are going to dominate smartphones and tablets in 2013,” said Carney. “The ability to extract critical data stored in apps will become the new measuring stick by which investigators gauge the superiority of mobile forensics tools.”
  3. Smarter phones mean tougher encryption. “Expect to see more encryption of data on smartphones to protect personal privacy and corporate data, which will make forensic examination more challenging,” said Eoghan Casey, founding partner at CASEITE.Password technology, too, has advanced; pattern-screen locks have hindered forensic data extraction efforts. In 2013, look for mobile forensics tools to continue to find ways to bypass a greater number of passwords and device locks, as well as address advanced encryption technology.
  4. Investigators can’t put all their eggs into one mobile operating system. Though Android took 75 percent of the market in Q3 of 2012,for mobile forensics professionals, market share isn’t everything. As Paul Henry, security and forensics analyst, vNet Security, noted, “While Android is the predominant operating system, the bulk of the bandwidth is still taking place on Apple devices, making them critical to many investigations.” In addition, despite BlackBerry’s decline in recent years, Carney said: “Their popularity for over a decade will make them an important legacy device pertinent to investigations for years to come.”
  5. Windows 8 is the wildcard. Notwithstanding all the attention garnered by Android and Apple, the real wildcard for 2013 will be the rise of Microsoft in the mobile device market. While questions remain regarding how prevalent Microsoft devices will become, Cellebrite’s panel of experts predicts that the need for mobile forensic tools providing support for Windows 8 will increase in the New Year.
  6. Mobile devices advance as witnesses. Look for mobile devices and the data they contain to take center stage in both civil and criminal investigations in the year ahead. “Civil litigators are discovering that mobile device evidence is just as important as digital documents and email evidence,” said Carney. According to Heather Mahalik, mobile forensics technical lead at Basis Technology, “Now, more than ever before, e-discovery experts need comprehensive training in order to ensure the proper extraction of all relevant data from mobile devices.”
  7. The regulatory and legislative landscape remains uncertain. “Lawmakers and judges are looking at cell phones much more critically than they did computers,” said Gary Kessler, associate professor, Embry-Riddle Aeronautical Univ. and a member of the ICAC North Florida Task Force. “However, because few understand the nature of the technology, they are erring greatly on the side of caution. This speaks to the need for greater education regarding the scope and possibilities of mobile forensics and what it means for privacy and pre-trial discovery.”
  8. Mobile malware’s incidence will rise. In 2013, look for malware on smartphone platforms and tablets to increase exponentially, particularly on Android devices. According to Cindy Murphy, detective, computer crimes/computer forensics, Madison Wisconsin Police Department, “The intended uses of mobile malware will be very similar to non-mobile malware – steal money, steal information and invade privacy. For law enforcement and forensics professionals, mobile malware means dealing with potentially compromised devices that may help perpetrators cover their tracks, making it increasingly difficult for investigators to meet the threshold of reasonable doubt.”
  9. Data breaches via mobile will rise. “Mobile forensics vendors should resolve to provide stronger capabilities for enterprise wide smartphone investigations to support the investigation of data breaches targeting smartphones and the needs of e-discovery,” said Casey. Malware together with large-scale targeted intrusions into smartphones (targeting sensitive data) will raise enterprises’ risks for data destruction, denial of service, data theft and espionage.

“From the increasing use of mobile evidence to challenges stemming from the rise in tougher encryption methods, there are a number of areas that will demand the attention of mobile forensics professionals in the year ahead,” said Ron Serber, Cellebrite co-CEO. “As the industry continues to evolve, it will be critical for the law enforcement community, as well as the enterprise, to invest in proper training and ensure that their budgets allow them to meet the growing demand for comprehensive device analysis and data extraction.”

Cellebrite’s UFED provides cutting-edge solutions for physical, logical and file system extraction of data and passwords from thousands of legacy and feature phones, smartphones, portable GPS devices and tablets with ground-breaking physical extraction capabilities for the world’s most popular platforms — BlackBerry, iOS, Android, Nokia, Windows Mobile, Symbian and Palm and more. The extraction of vital evidentiary data includes call logs, phonebook, text messages (SMS), pictures, videos, audio files, ESN IMEI, ICCID and IMSI information and more.

Cellebrite’s panel of experts included:

  • Eoghan Casey, Founding Partner, CASEITE
  • John Carney, Chief Technology Officer, Carney Forensics; Attorney at Law, Carney Law Office
  • Paul Henry, Leading Security and Forensics Analyst, Principle at vNet Security; Vice President at Florida Association of Computer Crime Investigators; SANS Senior Instructor
  • Gary Kessler, Associate Professor, Embry-Riddle Aeronautical University; ICAC Northern Florida Task Force
  • Heather Mahalik, Mobile Forensics Technical Lead, Basis Technology; SANS Certified Instructor
  • Cindy Murphy, Detective Computer Crimes/Computer Forensics, Madison Wisconsin Police Department
  • Ron Serber, co-CEO, Cellebrite

Cellebrite’s Experts Identify Mobile Forensics Trends for 2013 | DFI News.

Manual Outlines Policies and Procedures for Digital Evidence

Quote

Posted on by
Reply

manual Manual Outlines Policies and Procedures for Digital EvidenceElectronic devices such as computers, cellphones and digital cameras must be properly seized, processed and stored to preserve the integrity of the data and ensure its evidentiary value. A manual developed by the Electronic Crime Technology Center of Excellence (ECTCoE) can provide agencies with much-needed guidance on drafting policies and procedures for handling digital evidence.

As stated in the text, the purpose of the sample Policy and Procedure Manual is to give law enforcement agencies a collection of documents that can serve as a starting point for developing policies and procedures for the collection, handling and processing of digital evidence. Once final, the manual will be posted to the National Law Enforcement and Corrections Technology Center (NLECTC) System website, in a Microsoft Word format to facilitate editing as needed by individual agencies. The NLECTC System is a program of the Office Justice Programs’ National Institute of Justice.

“The document was written in response to the many requests we’ve seen on the various computer forensic email lists requesting copies of policy and procedure
manuals by state and local officers and agents who have been tasked with developing such a document for their own agency,” explains Russell Yawn, ECTCoE deputy director.

In developing the manual, the ECTCoE was able to take advantage of in-house expertise along with information gathered from law enforcement agencies.

“The ECTCoE deals with the law enforcement community at large so we have contacts throughout the country and some internationally that we can rely on for input,” says ECTCoE Director Robert O’Leary. “We have a well-established network and relied on that network to provide us with examples that agencies were using at the state level, and combined it with the expertise in the ECTCoE. Every CoE staff member has criminal justice experience with digital evidence collection and examination, so we were able to leverage all those resources and put together this set of policies and procedures.”

Some of the agencies that provided assistance include the Southern Oregon High Tech Crimes Task Force, the New York Police Department, Orlando Police Department, Austin Police Department, Dallas Police Department and Charleston Police Department. The ECTCoE also looked at sample policies from the U.S. Department of Defense.

“We were able to get a great deal of information from a number of agencies and contacts, and look at the policies that had been implemented and ensure that we did not overlook any topics or points of interest that other agencies may have found important,” O’Leary says.

The manual should also help agencies performing the Commission on Accreditation for Law Enforcement Agencies (CALEA) accreditation process regarding digital evidence procedures. The purpose of CALEA accreditation programs is to improve the delivery of public safety services, primarily by maintaining a body of standards and establishing and administering an accreditation process.

“Another thing we tried to keep in mind was the CALEA standards,” O’Leary says. “We wanted to ensure that these procedures would lend themselves to compatibility, and we were able to rely on some of our contacts that perform CALEA reviews.”

The manual has sections covering case assignment and prioritization; equipment testing, validation and updates; evidence and property handling; search and seizure; storage of evidence and retention policy; reports; materials and supplies; computer forensic lab access; Manual Outlines Policies and Procedures for Digital Evidence2 release of information to the media; quality assurance policy and process; and sample forms (e.g., computer lab request for service, evidence inventory and details, and evidence access and tracking).

“Some forms we developed, others are based on forms received from other agencies. We simply wanted to give agencies a format they could work with as a guide,” O’Leary says.

Manual Outlines Policies and Procedures for Digital Evidence | DFI News.

Incoming search terms:

  • cell site analysis blog
  • local police department computer forensic procedure
  • give procedure of digital evidence collection and digital evidence preservation- *