Category Archives: Cybersecurity

The New Standard for Password Protection.

08 Friday Sep 2017

Posted by in Cybersecurity, Legal Technology, Passwords

Leave a comment

Tags

, ,

Best Practices for Passwords Updated After Original Author Regrets His Advice, by Nick Statt, The Verge

http://bit.ly/2ujlSyz

Did you ever use the word “password” as your password or work for someone who did? Maybe you added “1” at the end to make it more difficult to crack? Before we knew about the dangers of Internet hacking, we often used the same password for everything.

Now most of us use intricate passwords with upper and lowercase letters, numbers, and symbols, and never use the same password twice. Why? Because people like Bill Burr told us that was the best way to stay secure on the Internet.

Unfortunately, using irregular capitalization, numbers, and special characters, made our passwords easier to predict. We made it worse. We got lazy.  When we changed our passwords, often we would replace only a character or two at the most. This made our passwords easier to crack, and did little or nothing to make them more secure.

Now Mr. Burr encourages us to ignore his earlier advice, even though some of these complex passwords have stood the test of time. Unless you use a password generator, the advice now is to use random phrases that have no apparent connection. Happily, they are easier to remember and harder to crack at the same time. -CCE

Advertisements

Hacks and Cyberware Are Becoming More Commonplace Than Ever. Do You Know How to Safeguard Your Firm And Home Computer?

06 Sunday Nov 2016

Posted by in Cybersecurity, Legal Technology

Comments Off on Hacks and Cyberware Are Becoming More Commonplace Than Ever. Do You Know How to Safeguard Your Firm And Home Computer?

Tags

, ,

Seven Rules to Stay Safe Online in a Scary Digital Age, by Larry Port, Legal Productivity

http://bit.ly/2eegLYd

If your nerves haven’t been rattled by the October 21st DNS attacks, they should have been. The hysterical tenor of the US election drowns everything out, but this news was a real doozy. Many sites, including Twitter, Spotify, and AirBnB were inaccessible due to one of the largest denial of service attack ever.

*     *     *

So given the state of a possible escalating cyberwar, how is an attorney to stay safe? Start by making sure you understand and live by these basic security rules . . . .

Continue reading

“Smart” Cars and Hackers – We Should Have Seen This One Coming.

06 Wednesday Apr 2016

Posted by in Computer Forensics, Computer Fraud and Abuse Act, Cybersecurity, Identity Theft

Comments Off on “Smart” Cars and Hackers – We Should Have Seen This One Coming.

Tags

, , , ,

Markey Report Reveals Automobile Security and Privacy Vulnerabilities, by Sabrina I. Pacifici, BeSpacific Blog

http://www.bespacific.com/markey-report-reveals-automobile-security-privacy-vulnerabilities/

New standards are needed to plug security and privacy gaps in our cars and trucks, according to a report released today by Senator Edward J. Markey (D-Mass.). The report, called Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk and first reported on by CBS News’ 60 Minutes, reveals how sixteen major automobile manufacturers responded to questions from Senator Markey in 2014 about how vehicles may be vulnerable to hackers, and how driver information is collected and protected. . . .

Continue reading

E-Filing Your Tax Return? Read This Before You Hit “Send.”

13 Saturday Feb 2016

Posted by in Cybersecurity, E-Filing, Encryption, Identity Theft, Internal Revenue Service, Legal Technology, Tax Law

Comments Off on E-Filing Your Tax Return? Read This Before You Hit “Send.”

Tags

, , , , ,

Hackers Trying to Steal Your Tax Refund With Stolen SSNs, by Angela Moscaritolo, PC World

http://bit.ly/1O8kgVv

[T]he IRS on Tuesday announced that hackers recently attempted to use some 464,000 stolen Social Security numbers and an automated bot to generate E-file PINs, which can be used to electronically file a tax return. The incident occurred last month, and the hackers were able to successfully access an E-file PIN with 101,000 of the SSNs.

*     *     *

Last year, Turbo Tax temporarily halted e-filing for state returns across the U.S. after it found ‘an increase in suspicious filings and attempts by criminals to use stolen identity information to file fraudulent state tax returns and claim tax refunds.’

Technology is Great, But Are You Safe?

13 Saturday Feb 2016

Posted by in Clouds, Cybersecurity, Legal Technology, Video, Wi-Fi

Comments Off on Technology is Great, But Are You Safe?

Tags

, , , ,

The Unintended Consequences of the Internet of Things, by Jim Calloway, Jim Calloway’s Law Practice Tips Blog

http://www.lawpracticetipsblog.com/2016/02/the-unintended-consequences-of-the-internet-of-things.html

How close is Big Brother – or someone worse? Too darn close, says Jim Calloway. The question? What do we do about it? -CCE

Refrigerators that automatically help you prepare your shopping list. Thermostats that adjust the temperature to your liking when they detect you are heading home on your commute. A device on the front door that sends a picture to you of everyone who rings the doorbell while you are away. All of these ideas seem great and maybe even a bit magical, and they are headed your way right now. The concept of the Internet of Things (IoT) holds a lot of promise.

Unfortunately, as with all things related to technology, it may not be quite that simple. . . .

Continue reading

Law Offices Targeted By Hackers.

26 Tuesday Jan 2016

Posted by in Cybersecurity, Disaster Preparedness, Law Office Management, Legal Technology, Passwords, Technology

Comments Off on Law Offices Targeted By Hackers.

Tags

, , , ,

The Lawyers’ Guide to Hacking Threats, by Karen Conroy, Lawyerist.com

http://bit.ly/1POLdz2

International security authorities spent close to two years pursuing a criminal site called Darkode, where hackers could buy and sell malware meant to steal information. On the international site, which could only be accessed with a referral and a password, hackers advertised and sold their homemade software. Criminals who bought it could steal anything from Facebook follower lists to database account passwords.

*        *        *

Law firms are especially tempting to cyber criminals because of the value of the sensitive information stored on their networks. A majority of law firms have experienced some sort of hacking, with law firms that handle government contracts and international business being targeted most often. About 80% of the largest 100 law firms have experienced some sort of violation. . . .

Continue reading

2016 Tech Resolutions.

02 Saturday Jan 2016

Posted by in Android Phones, Cell Phones, Cybersecurity, Legal Technology, Passwords, Windows 10

Comments Off on 2016 Tech Resolutions.

Tags

, , , , ,

7 Technology Resolutions for a Better 2016, by Ian Paul, PC World

http://bit.ly/1R6wrcE

You may be ahead of the tech curve – maybe not. My bet is that you already have a smart phone and you probably have an iPad or some type of tablet reader. What about the rest of the things on this list? You have not want more than the tech you already have, but here’s some food for thought that scrapes the top of the tech iceberg. -CCE

Seventh Circuit Denies Neiman Marcus’ Rehearing of Data Breach Class Action.

29 Tuesday Sep 2015

Posted by in 7th Circuit Court of Appeals, Appellate Law, Computer Forensics, Computer Virus, Cybersecurity, Identity Theft, Malware

Comments Off on Seventh Circuit Denies Neiman Marcus’ Rehearing of Data Breach Class Action.

Tags

, , , , , ,

Seventh Circuit Denies En Banc Review For Data Breach Class Action, Privacy & Information Security Law Blog posted by Hunton and Williams

https://www.huntonprivacyblog.com/2015/09/29/seventh-circuit-denies-en-banc-review-for-data-breach-class-action/

Plaintiffs, Neiman Marcus cardholders, brought a class action against the store for damages caused by a 2013 data breach. Hackers accessed customers’ credit and debit cards, as well as other personal information. The Northern District of Illinois, Eastern Division, ruled that the individual Plaintiffs and the class action against Neiman Marcus lacked standing under Article III of the Constitution.

Plaintiffs appealed to the United States Court of Appeals for the Seventh Circuit. The link takes you to the Seventh Circuit’s opinion explaining how Plaintiffs prevailed and why it reversed and remanded the case. Neiman Marcus filed for rehearing. The Seventh Circuit followed its usual habit, and denied it.

The Seventh Circuit’s analysis of its reasons ruling that Plaintiffs had met the three requirements for Article III standing is well worth the read. An added bonus is the link to the 2014 edition of The Practitioner’s Handbook for Appeals to the United States Court of Appeals for the Seventh Circuit, -CCE

What Is Your Opinion Of Microsoft’s New Windows 10?

31 Friday Jul 2015

Posted by in Cybersecurity, Legal Technology, Microsoft Office, Windows, Windows 10

Comments Off on What Is Your Opinion Of Microsoft’s New Windows 10?

Tags

, , ,

10 Reasons You Should NOT Install Windows 10 (Yet), by Ted Brooks, Court Technology and Trial Presentation Blawg

http://trial-technology.blogspot.com/2015/07/10-reasons-you-should-not-install.html

I have been reading both positive and negative reviews of Windows 10. Some reviewers have suggested that Microsoft learned a lot from its mistakes made in Windows 8. I am keeping an open mind, but I admit that Mr. Brooks has asked interesting questions. -CCE

  1. What could possibly go wrong? Just quietly ponder that on your own for a moment.

  2. Have you ever done something like this on your own before? Although Microsoft has made it appear to be a very simple process, the potential consequences are significant. Seriously – this is the Operating System for your computer. It’s like the techie version of open-heart surgery. . . .

Continue reading

Who Has Your Back – Digitally Speaking?

04 Saturday Jul 2015

Posted by in 1986 Electronic Communications Act, Computer Forensics, Cybersecurity, Intellectual Property, Internet, Legal Technology, Public Domain

Comments Off on Who Has Your Back – Digitally Speaking?

Tags

, , , , , ,

Report – Who Has Your Digital Back? by Sabrina I. Pacifici, BeSpacific Blog

http://www.bespacific.com/report-who-has-your-back/

Technology is changing literally all the time. Unfortunately, the law does not. Congress has yet to update the 1986 Electronic Communications Privacy Act. For example, there is no law that emails stored longer than 6 months has the same protection emails stored less than 6 months.

To date, there are no NSA reforms for surveillance of online communication. It is possible that Congress will go farther and mandate “back doors” to allow government to access more digital information. Reports of hackers accessing our financial and private information are no longer surprising. Although companies assure us that our information is secure, is it?

These matters go the heart of digital privacy issues for companies and individuals and FOIA requests. Some of you will be surprised how vulnerable we are. -CCE

Lawyers Have Ethical Duty To Ensure Password Security.

19 Friday Jun 2015

Posted by in Cybersecurity, Legal Technology, Passwords

Comments Off on Lawyers Have Ethical Duty To Ensure Password Security.

Tags

, , , ,

Hackers Are Hacking; You Need A Password Manager, by Jeff Richardson, iPhone J.D.

http://tinyurl.com/ofet7ar

Password security has been in the news again this week, and I’m using this as an opportunity to remind all iPhone J.D. readers — especially all of us attorneys with a duty a protect confidential attorney-client information — that we ought to be using complex, different passwords. . . .

Continue reading

Another Major Hack. Checked Your Law Firm’s Cyber Security Lately?

05 Friday Jun 2015

Posted by in Computer Forensics, Confidentiality, Cybersecurity, Disaster Preparedness, Law Office Management, Legal Ethics, Legal Technology, Technology, Technology

Comments Off on Another Major Hack. Checked Your Law Firm’s Cyber Security Lately?

Tags

, , , , ,

The Real Reason You Need Cyber Liability Insurance, by Brian Focht, The Cyber Advocate

http://tinyurl.com/p8y5k2y

Another day, another hack. Yesterday brought news that four million current and former government employees may have had their personal information stolen by Chinese hackers.

Of course, this comes on the heels of what has been a staggering 18 months of hacks. Starting with the Home Depot and Target hacks, we’ve been barraged with story after story about major companies and retailers being hacked for their customers’ data. It’s not just big companies and big-box retailers, though. Law firms are increasingly the target of hackers, due to a combination of factors including relatively lax security and large quantities of organized, valuable information. . . .

Continue reading

Would You Report A Data Breach At Your Law Firm?

10 Friday Apr 2015

Posted by in Cybersecurity, Discovery, E-Discovery, Law Office Management, Legal Ethics, Legal Technology

Comments Off on Would You Report A Data Breach At Your Law Firm?

Tags

, , , ,

Has the Law Firm Holding Your Data Ever Suffered a Breach? You May Never Know: eDiscovery Trends, by Doug Austin, eDiscoverydaily Blog

http://tinyurl.com/lruvc2j

In February, we discussed a report about data breach trends in 2014 and how those trends compared to data breaches in 2013. That report provided breach trends for several industries, including the healthcare industry, which suffered the most breaches last year (possibly because stolen health records are apparently worth big money). But, according to a recent report, you won’t see any trends for law firms because the legal profession almost never publicly discloses a breach. . . .

Continue reading

Teensy Change To Rule 41 Would Change Scope of Technology Search Warrants.

22 Sunday Feb 2015

Posted by in Computer Forensics, Criminal Law, Cybersecurity, Federal Rules of Criminal Procedure, Law Enforcement, Legal Technology, PC Computers, Rule 41, Search Warrants

Comments Off on Teensy Change To Rule 41 Would Change Scope of Technology Search Warrants.

Tags

, , , , , , , , ,

Small Rule Change That Could Give the U.S. Government Sweeping New Warrant Power, posted by Richard Salgado, Legal Director, Law Enforcement and Information Security, by Sabrina I Pacifici, BeSpacific Blog

http://www.bespacific.com/small-rule-change-give-u-s-government-sweeping-new-warrant-power/

‘At the request of the Department of Justice, a little-known body — the Advisory Committee on the Rules of Criminal Procedure — is proposing a significant change to procedural rules that could have profound implications for the privacy rights and security interests of everyone who uses the Internet. Last week, Google filed comments opposing this change. It starts with the Federal Rule of Criminal Procedure 41, an arcane but important procedural rule on the issuance of search warrants. Today, Rule 41 prohibits a federal judge from issuing a search warrant outside of the judge’s district, with some exceptions. The Advisory Committee’s proposed change would significantly expand those exceptions in cases involving computers and networks. The proposed change would allow the U.S. government to obtain a warrant to conduct ‘remote access’ searches of electronic storage media if the physical location of the media is ‘concealed through technological means,’ or to facilitate botnet investigations in certain circumstances. The implications of this expansion of warrant power are significant, and are better addressed by Congress. First, in setting aside the traditional limits under Rule 41, the proposed amendment would likely end up being used by U.S. authorities to directly search computers and devices around the world. Even if the intent of the proposed change is to permit U.S. authorities to obtain a warrant to directly access and retrieve data only from computers and devices within the U.S., there is nothing in the proposed change to Rule 41 that would prevent access to computers and devices worldwide. The U.S. has many diplomatic arrangements in place with other countries to cooperate in investigations that cross national borders, including Mutual Legal Assistance Treaties (MLATs). Google supports ongoing efforts to improve cooperation among governments, and we are concerned that the proposed change to Rule 41 could undermine those efforts. The significant foreign relations issues associated with the proposed change to Rule 41 should be addressed by Congress and the President, not the Advisory Committee.’

Don’t Have A PIN Lock On Your Phone? Hope Your Malpractice Insurance Is Up To Date.

16 Monday Feb 2015

Posted by in Android Phones, Attorney Discipline, Blackberry Phones, Cell Phones, Confidentiality, Cybersecurity, E-Filing, Emails, iPad, iPhones, Law Office Management, Legal Ethics, Legal Technology, Malpractice, Office Procedures, Passwords, Rules of Professional Responsibility, Supervising Support Staff, Technology, Technology

Comments Off on Don’t Have A PIN Lock On Your Phone? Hope Your Malpractice Insurance Is Up To Date.

Tags

, , , , , , , , , ,

Most Consumers Don’t Lock Mobile Phone Via PIN, by Ed Hansberry, DARKReading, InformationWeek©

http://tinyurl.com/plw76ut

My guess is that most people who use a smart phone access some kind of confidential information, such as your bank account or conversations with a client or the office. If you do not have a PIN lock on your smart phone, this truly is special kind of stupid.

This is not a hard one to understand. If you use your cell phone to communicate with clients, sync your phone to your office computer and docket, or attach yourself to your office and confidential information – without taking simple, basic security measures – you are  inviting a dangerous breach of confidentiality. -CCE

44% of respondents say it’s too much of a hassle, new survey reports.

People put a lot of sensitive info on their phones, but they often give little though to how secure their data is. In a survey by a security company, over half of the respondents said they didn’t bother with a PIN lock. This takes on a whole new dimension when you begin to understand how many of these people keep corporate data on the device.

Losing an unlocked phone can be far worse than losing a wallet. Emails on the device alone can reveal a wealth of information about the person, including where they bank, where they live, names of family members, and more. If company email is on the device, and it often is, there can be competitive information, salaries, system passwords, etc. If any of those emails contain links, often clicking on it will take you into the website, be it Facebook or a corporate portal.

According to Confident Technologies, 65% of users have corporate data on their phone, even though only 10% actually have a corporate issued device.

For that majority that don’t lock their phone at all, 44% said it is too much of a hassle to lock it and 30% said they weren’t worried about security. These are likely the same people that store things like social security numbers, passwords, and other sensitive information in text files or basic note applications. They may even store their computer’s password on a Post-It Note in their center desk drawer. . . .

Continue reading

Problems With Automobile Security and Privacy Vulnerabilities.

11 Wednesday Feb 2015

Posted by in Cybersecurity, Litigation, Motor Vehicle, Product Liability

Comments Off on Problems With Automobile Security and Privacy Vulnerabilities.

Tags

, , , , , , ,

Markey Report Reveals Automobile Security and Privacy Vulnerabilities, by Sabrina I. Pacifici, BeSpacific Blog

http://www.bespacific.com/markey-report-reveals-automobile-security-privacy-vulnerabilities/

‘New standards are needed to plug security and privacy gaps in our cars and trucks, according to a report released today by Senator Edward J. Markey (D-Mass.). The report, called Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk and first reported on by CBS News’ 60 Minutes, reveals how sixteen major automobile manufacturers responded to questions from Senator Markey in 2014 about how vehicles may be vulnerable to hackers, and how driver information is collected and protected. The responses from the automobile manufacturers show a vehicle fleet that has fully adopted wireless technologies like Bluetooth and even wireless Internet access, but has not addressed the real possibilities of hacker infiltration into vehicle systems. The report also details the widespread collection of driver and vehicle information, without privacy protections for how that information is shared and used. ‘Drivers have come to rely on these new technologies, but unfortunately the automakers haven’t done their part to protect us from cyber-attacks or privacy invasions. Even as we are more connected than ever in our cars and trucks, our technology systems and data security remain largely unprotected,’ said Senator Markey, a member of the Commerce, Science and Transportation Committee. ‘We need to work with the industry and cyber-security experts to establish clear rules of the road to ensure the safety and privacy of 21st-century American drivers.’ Senator Markey posed his questions after studies showed how hackers can get into the controls of some popular vehicles, causing them to suddenly accelerate, turn, kill the brakes, activate the horn, control the headlights, and modify the speedometer and gas gauge readings. Additional concerns came from the rise of navigation and other features that record and send location or driving history information. Senator Markey wanted to know what automobile manufacturers are doing to address these issues and protect drivers.’

Verizon Zombie Cookies Must Die!

20 Tuesday Jan 2015

Posted by in Android Phones, Cell Phones, Consumer Contracts, Consumer Law, Contract Law, Cybersecurity, Legal Technology

Comments Off on Verizon Zombie Cookies Must Die!

Tags

, , , , , ,

Zombie Cookies Slated to be Killed, by Julia Angwin and Mike Tigas, ProPublica

http://tinyurl.com/n9d7ago

Tech company Turn said it would stop using tracking cookies that are impossible to delete. The decision came in response to a ProPublica article this week that revealed the controversial practice.

‘We have heard the concerns and are actively re-evaluating this method,’ Max Ochoa, Turn’s chief privacy officer, wrote in a blog post.

He said the company plans aims to suspend the practice by ‘early February.’

Turn’s zombie cookie was exploiting a hidden undeletable number that Verizon uses to track its customers on their smartphones on tablets. Turn used the Verizon number to respawn tracking cookies that users had deleted. The company said it will now re-evaluate its practices.

Turn’s decision to suspend the practice was a sharp reversal from its previous stance. It had previously argued that ‘clearing cookies is not a reliable way for a user to express their desire not to receive tailored advertising.’

Critics across the Web vocally disagreed. Jason Kint, CEO of a trade association for digital content companies, wrote that ‘this kind of surreptitious behavior does nothing to build trust between consumers, advertisers and publishers.’ The Electronic Frontier Foundation, a digital rights organization, said Turn’s action made it ‘ impossible for customers to meaningfully control their online privacy.’

All Types Of 2015 Internet Privacy Protection Sites.

14 Sunday Dec 2014

Posted by in Clouds, Computer Forensics, Computer Virus, Cybersecurity, Document Retention, Health Law, HIPAA, Law Office Management, Legal Ethics, Legal Technology, Technology, Technology

Comments Off on All Types Of 2015 Internet Privacy Protection Sites.

Tags

, ,

Guide To Privacy Resources 2015, by Marcus P. Zillman, LLRX.com

http://www.llrx.com/features/privacyresources2015.htm

The Guide to Privacy Resources 2015 is a comprehensive listing of privacy resources currently available on the Internet. These include associations, indexes, search engines as well as individual websites and sources that supply the latest technology and information about privacy and how it relates to you and the Internet. These resources and sources will help you to discover the many pathways available to you through the Internet to find the latest privacy sources and sites. . . .

Westlaw Public Records Database Breached. Who Is Affected?

16 Sunday Nov 2014

Posted by in Cybersecurity, Encryption, Identity Theft, Legal Technology, Privacy, References, Research, Westlaw

Comments Off on Westlaw Public Records Database Breached. Who Is Affected?

Tags

, , , , ,

Westlaw Discloses Breach Of Public Records Database, by Sabrina I. Pacifici, BeSpacific Blog

http://tinyurl.com/pffqhny

News release: ‘West Publishing Corporation, a unit of Thomson Reuters, has notified the New Hampshire Attorney General’s Office of a breach involving their Westlaw subscription-only public records database. In a letter dated November 4th to those affected, Senior Vice President Andy Martens explained that on October 14, they detected unusual search activity. Investigation revealed that some subscribers’ passwords had been compromised and used to access the database. The types of information involved included addresses, date of birth, and in some cases, driver’s license numbers and Social Security numbers. No bank account or credit card information was involved. In response to the breach, West removed external access to full sensitive identifiers in public records, forced a password reset on all public user accounts, and implemented  additional technological controls to detect and respond to searches of more limited public records that also appeared unauthorized. Federal law enforcement was also contacted. West offered those affected two years of free credit monitoring with Experian ProtectMyID Elite. Nine NH residents were notified. The total number of individuals notified was not indicated in their report to New Hampshire.’

Permacookies – AT&T’s and Verizon’s Way Of Saying “Hello.”

16 Sunday Nov 2014

Posted by in Apple, Cell Phones, Cybersecurity, iPad, iPhones, Legal Technology, Mac, Search Engines, Tablets

Comments Off on Permacookies – AT&T’s and Verizon’s Way Of Saying “Hello.”

Tags

, , , , , , , , , , , ,

AT&T Kills The ‘Permacookie,’ Stops Tracking Customers’ Internet Usage (For Now), by Nick Mediati, PC World

http://tinyurl.com/kff7k94

In recent weeks, Verizon and AT&T have been caught up in a privacy firestorm over their use of so-called ‘permacookies,’ a method of tracking what their users do while browsing the Web with the intent of sharing that data with advertisers. Verizon’s permacookie program lives on, but AT&T has ceased the practice, ProPublica reported on Friday.

At least for now.

AT&T tells ProPublica that its use of permacookies was ‘part of a test,’ which has since wrapped up, but the company says that it ‘may still launch a program to sell data collected by its tracking number.’ For its part, AT&T says that it will allow customers to opt out of the program if—or when—it decides to use permacookies for advertising purposes.

The story behind the story: Permacookies aren’t cookies in the traditional sense: Instead, they’re unique identifiers appended to website addresses you type in on your device that let carriers see what kinds of sites you visit.

Permacookies exist for the same reason traditional tracking cookies exist—so advertisers can see what sorts of things you might be interested and serve up related ads in the hopes that you’ll click on them. But unlike regular tracking cookies, which you can easily delete from your browser or block entirely, there’s no way of removing or blocking permacookies since they’re handled entirely by the carrier. . . .

Huge Cyberattack on JPMorgan Chase and Wall Street – How Far Does It Go?

05 Sunday Oct 2014

Posted by in Computer Forensics, Cybersecurity, Encryption, Identity Theft, Legal Technology

Comments Off on Huge Cyberattack on JPMorgan Chase and Wall Street – How Far Does It Go?

Tags

, , , , , , , , ,

Hackers’ Attack Cracked 10 Companies in Major Assault – NYT, by Matthew Goldstein, Nicole Perlroth, and David E. Sanger, New York Times, posted by Sabrina Pacifici, BeSpacific Blog

http://tinyurl.com/o3vf8fq

We have heard of other hacks on that stole information from credit/debit cards and other financial and personal data. This is far more serious. It was first discovered in July, and the investigation is ongoing.  Initial reports of the damage and who caused it have changed as the investigation progresses. -CCE  

‘The huge cyberattack on JPMorgan Chase that touched more than 83 million households and businesses was one of the most serious computer intrusions into an American corporation. But it could have been much worse. Questions over who the hackers are and the approach of their attack concern government and industry officials. Also troubling is that about nine other financial institutions — a number that has not been previously reported — were also infiltrated by the same group of overseas hackers, according to people briefed on the matter. The hackers are thought to be operating from Russia and appear to have at least loose connections with officials of the Russian government, the people briefed on the matter said. It is unclear whether the other intrusions, at banks and brokerage firms, were as deep as the one that JPMorgan disclosed on Thursday. The identities of the other institutions could not be immediately learned. The breadth of the attacks — and the lack of clarity about whether it was an effort to steal from accounts or to demonstrate that the hackers could penetrate even the best-protected American financial institutions — has left Washington intelligence officials and policy makers far more concerned than they have let on publicly. Some American officials speculate that the breach was intended to send a message to Wall Street and the United States about the vulnerability of the digital network of one of the world’s most important banking institutions.’ . .  .

Log In With Your Thumb – Now There’s An App For That.

20 Saturday Sep 2014

Posted by in Apple, Apps, Cybersecurity, iPad, iPhones, Legal Technology, Mac, Passwords

Comments Off on Log In With Your Thumb – Now There’s An App For That.

Tags

, , , , , , , ,

App of the Week: 1Password – Login to Apps and Sites with Your Thumb, by Tim Baran, Legal Productivity Blog

http://tinyurl.com/kw24hjs

Everyone should be using a password manager. It provides a strong, unique password for each online account and keeps them all in a secure, encrypted, yet quickly accessible place. Our favorite, 1Password, just got even better.

Here are three of the many new enhancements:

  • Login to Apps – Use 1Password to log into a growing list of your favorite apps and even update your passwords—all with just a tap!
  • Login to sites in Safari browser on your iPhone – You can now fill 1Password Logins directly within Safari.
  • Unlock with your thumb – After unlocking with your Master Password, get back into your vault in 1Password, Safari, and your favorite apps with just your thumb on devices with Touch ID. Check Settings > Security to learn how this works and pick your auto-lock time.

And, for the first time, 1Password is free for iOS devices.

I’ve used 1Password for a couple of years on my desktop, phone and iPad, and it’s quickly become indispensable. And, it keeps getting better!

Wait! Don’t Click On That Link!

16 Tuesday Sep 2014

Posted by in Computer Virus, Cybersecurity, Emails, Legal Technology, Malware, Trojans

Comments Off on Wait! Don’t Click On That Link!

Tags

, , , , ,

Three Warning Signs That Email Is Malicious, by Ian Paul, PC World

http://tinyurl.com/lsjgxv7

Email spam filtering is far better than it used to be. There was a time when nearly every scam email would land in your inbox. Thankfully that’s not the case anymore—especially if you’re a Gmail user.

But no system is perfect. Every now and then a scam message will manage to slip into your inbox. But how do you know when you’re looking at a scam or not?

Here are three basic tip-offs you can look for to figure out whether you’re looking at an email with dishonest intentions. They’re hardly an exhaustive list, but more often than not one of these tips will save you from getting suckered. . . .

Apple iCloud’s Two-Step Verification – Why It Didn’t Stop Hackers.

01 Monday Sep 2014

Posted by in Apple, Cell Phones, Clouds, Cybersecurity, Encryption, iPad, iPhones, Legal Technology, Mac

Comments Off on Apple iCloud’s Two-Step Verification – Why It Didn’t Stop Hackers.

Tags

, , , , , ,

Apple Says It Is “Actively Investigating” Celeb Photo Hack, by Arik Hesseldahl,

http://tinyurl.com/les3wqe

Apple said Monday it was ‘actively investigating’ the violation of several of its iCloud accounts, in which revealing photos and videos of prominent Hollywood actresses were taken and posted all over the Web.

*     *     *

Security experts said the hacking and theft of revealing pictures from the Apple iCloud accounts of a few celebrities might have been prevented if those affected had enabled two-factor authentication on their accounts.

Apple hasn’t yet said anything definitive about how the attacks were carried out, but security researchers at the security firm FireEye, examined the evidence that has emerged so far, and said it appears to have been a fairly straightforward attack. That said, it is also one that could have been thwarted had some additional steps to secure the targeted accounts been taken.

That additional step is known as two-factor authentication. Apple calls it ‘two-step verification,’ although it doesn’t work very hard to tell people about it, said Darien Kindlund, director of threat research at FireEye.

‘In general Apple has been a little late to the game in offering this kind of protection, and doesn’t advertise it,’ he said. ‘You have to dig through the support articles to find it.’

When enabled, two-factor authentication requires users to enter a numerical code that is sent to their phone or another device, in addition to using their regular password. Since the number constantly changes, it makes it much more difficult for attackers to gain access the account, even if they know the password.

Assuming the compromised accounts were running without the two-step option turned on, it would then have been relatively easy for the attacker to gain access to the accounts.

As The Next Web reported earlier today the attack may be linked to software on GitHub called iBrute that is capable of carrying out automated brute-force attacks against iCloud accounts. In this scenario, an attacker simply guesses a password again and again until they succeed. While tedious and time-consuming for a person, it’s a simple and infinitely faster process for a computer.

The as-yet unknown attacker had one other thing going for him: Apple allows an unlimited number of password guesses. Normally, systems limit the number of times someone can try to log in to a system with an incorrect password before the account is locked down entirely. Apple has since fixed that aspect of the vulnerability.

‘The attackers never should have been allowed to make an unlimited number of guesses,’ Kindlund said. . . . [Emphasis added.]

Survey Says! iPhone Top Choice Among Attorneys.

24 Sunday Aug 2014

Posted by in Android Phones, Blackberry Phones, Cell Phones, Cybersecurity, iPad, iPhones, Law Office Management, Legal Ethics, Legal Technology, Mac, Passwords, Tablets, Technology, Technology

Comments Off on Survey Says! iPhone Top Choice Among Attorneys.

Tags

, , , , , , , , ,

2014 ABA Tech Survey Shows More Attorneys Using iPhones, But iPad Use Holds Steady, by Jeff Richardson, iPhone J.D. Blog

http://tinyurl.com/pxmhlf6

Every year, the ABA Legal Technology Resource Center conducts a survey to gauge the use of legal technology by attorneys in the United States.  My thoughts on the prior reports are located here:  2013, 2012, 2011, 2010.  No survey is perfect, but the ABA tries hard to ensure that its survey has statistical significance, and every year this is one of the best sources of information on how attorneys use technology.  Yesterday, the ABA released Volume VI of the report titled Mobile Lawyers.  This year’s report once again shows that a large number of attorneys are using iPhones and iPads.

Six out of ten attorneys now use an iPhone

In both 2014 and 2013, the survey revealed that 91% of attorneys use a smartphone.  (In 2012 the number was 89% and in 2011 the number was 88%.)  For the past four years, there has been a slight correlation between law firm size and smartphone use.  In 2014, for example, 86% of solo attorneys reported using a smartphone, 89% in firms of 2 to 9 attorneys, 95% in firms of 10 to 49 attorneys, and for firms with 100 or more attorneys, 96% use a smartphone.  As a whole, though, it is fair to say that the survey consistently shows around nine out of every ten attorneys use a smartphone. . . .