Tag Archives: Passwords

Law Offices Targeted By Hackers.

26 Tuesday Jan 2016

Posted by in Cybersecurity, Disaster Preparedness, Law Office Management, Legal Technology, Passwords, Technology

Comments Off on Law Offices Targeted By Hackers.

Tags

, , , ,

The Lawyers’ Guide to Hacking Threats, by Karen Conroy, Lawyerist.com

http://bit.ly/1POLdz2

International security authorities spent close to two years pursuing a criminal site called Darkode, where hackers could buy and sell malware meant to steal information. On the international site, which could only be accessed with a referral and a password, hackers advertised and sold their homemade software. Criminals who bought it could steal anything from Facebook follower lists to database account passwords.

*        *        *

Law firms are especially tempting to cyber criminals because of the value of the sensitive information stored on their networks. A majority of law firms have experienced some sort of hacking, with law firms that handle government contracts and international business being targeted most often. About 80% of the largest 100 law firms have experienced some sort of violation. . . .

Continue reading

Lawyers Have Ethical Duty To Ensure Password Security.

19 Friday Jun 2015

Posted by in Cybersecurity, Legal Technology, Passwords

Comments Off on Lawyers Have Ethical Duty To Ensure Password Security.

Tags

, , , ,

Hackers Are Hacking; You Need A Password Manager, by Jeff Richardson, iPhone J.D.

http://tinyurl.com/ofet7ar

Password security has been in the news again this week, and I’m using this as an opportunity to remind all iPhone J.D. readers — especially all of us attorneys with a duty a protect confidential attorney-client information — that we ought to be using complex, different passwords. . . .

Continue reading

iPriviledge – Is It Legal To Be Forced To Use Your Fingerprint To Unlock Your iPhone?

05 Wednesday Nov 2014

Posted by in Admissibility, Appellate Law, Apple, Cell Phones, Civil Rights, Criminal Law, Evidence, Fifth Amendment, iPad, iPhones, Legal Technology, Passwords

Comments Off on iPriviledge – Is It Legal To Be Forced To Use Your Fingerprint To Unlock Your iPhone?

Tags

, , , , , , , , ,

iPrivilege: Virginia Beach Judge Finds Prosecution Can Force Defendant To Supply Fingerprint To Unlock iPhone, by Evidence ProfBlogger, Editor Colin Miller, EvidProf Blogger

 http://tinyurl.com/lyvlk4o

In relevant part, the Fifth Amendment states that:

“No person…shall be compelled in any criminal case to be a witness against himself….”

The Supreme Court has stated that the Fifth Amendment only covers “testimonial” evidence that results from compelled communicative acts, i.e., acts which disclose the content of one’s mind. Therefore, the Fifth Amendment does not cover a suspect’s act of appearing in a lineup or giving a blood sample to determine whether there are drugs in his system. The Fifth Amendment also does not cover the act of completing a handwriting exemplar. Imagine that the police find an alleged confession note written by the defendant. The prosecution can force the defendant to complete a handwriting exemplar in which the defendant writes a pre-printed paragraph in his handwriting so that a handwriting expert can compare the exemplar and the confession note. All of these and similar acts are not communicative because they are nontestimonial in that they do not force the defendant to disclose the contents of his mind.

What about if the defendant has encrypted files on his computer? Can the prosecution force the defendant to decrypt them? Some courts have said no. Other courts have said yes.

Can the prosecution force a defendant to supply his fingerprint to use for the TouchID on his iPhone? For the last year, I’ve used this article to teach my students that a judge could likely order a defendant to supply his fingerprint to unlock his iPhone. Recently, this possibility has become a reality.

According to an article in SlashGear:

[A] judge has ruled that you can be forced to relinquish your fingerprint to investigators seeking access to your device. The reason, says the judge, is that the fingerprint isn’t knowledge like a password, but is instead a physical object of sorts, like a key or a DNA sample.

The ruling was made recently by Virginia Beach Circuit Court Judge Steven Frucci, and was the result of a case against EMS captain David Baust, who was accused of attempted murder. The case’s prosecutors wanted access to Baust’s phone, believing that it might have a video of the alleged crime, but the defendant’s lawyer argued against this.

And, according to an article in the Huffington Post:

[I]t’s unclear how the ruling will impact Baust’s case. If his phone is protected by Touch ID, prosecutors could access it using Frucci’s ruling. If the phone is protected by a passcode or both a passcode and Touch ID, they can’t . . . .

One workaround to this issue could be to just turn off your phone if cops approach. In that case, you’d have to enter your four-digit pin when you turn it back on, even if you use Touch ID. . . .

Want Stronger Passwords? Here’s How.

11 Saturday Oct 2014

Posted by in Legal Technology, Passwords

Comments Off on Want Stronger Passwords? Here’s How.

Tags

, , , , , ,

Make Your Passwords Harder To Crack, by Kerry Davis, PCWorld

http://tinyurl.com/ahnpsk4

There’s nothing you can do if hackers get into a database with your password in it, but you can still protect yourself for all the other worst-case scenarios involving hacking. In this video, we go over ways to make your passwords harder to crack. [Video found at PCWorld link.-CCE]

First, don’t make it easy on hackers by choosing a common password. Splashdata uses security breaches to gather ‘most popular passwords’ lists each year. The word ‘password’, number sequences, and other simplistic phrases or numbers fill the top spots. Also, don’t use your name, a password related to another one you might have on a different site, or a login name.

Instead, experts recommend using 15 characters, upper-case letters, better yet nonsensical words with special characters and numbers inside them.

Need help? Check out some free websites, like Strong Password Generator. This Macworld article on security in the iCloud age also has some suggestions on strong password creation.

Log In With Your Thumb – Now There’s An App For That.

20 Saturday Sep 2014

Posted by in Apple, Apps, Cybersecurity, iPad, iPhones, Legal Technology, Mac, Passwords

Comments Off on Log In With Your Thumb – Now There’s An App For That.

Tags

, , , , , , , ,

App of the Week: 1Password – Login to Apps and Sites with Your Thumb, by Tim Baran, Legal Productivity Blog

http://tinyurl.com/kw24hjs

Everyone should be using a password manager. It provides a strong, unique password for each online account and keeps them all in a secure, encrypted, yet quickly accessible place. Our favorite, 1Password, just got even better.

Here are three of the many new enhancements:

  • Login to Apps – Use 1Password to log into a growing list of your favorite apps and even update your passwords—all with just a tap!
  • Login to sites in Safari browser on your iPhone – You can now fill 1Password Logins directly within Safari.
  • Unlock with your thumb – After unlocking with your Master Password, get back into your vault in 1Password, Safari, and your favorite apps with just your thumb on devices with Touch ID. Check Settings > Security to learn how this works and pick your auto-lock time.

And, for the first time, 1Password is free for iOS devices.

I’ve used 1Password for a couple of years on my desktop, phone and iPad, and it’s quickly become indispensable. And, it keeps getting better!

Apple iCloud’s Two-Step Verification – Why It Didn’t Stop Hackers.

01 Monday Sep 2014

Posted by in Apple, Cell Phones, Clouds, Cybersecurity, Encryption, iPad, iPhones, Legal Technology, Mac

Comments Off on Apple iCloud’s Two-Step Verification – Why It Didn’t Stop Hackers.

Tags

, , , , , ,

Apple Says It Is “Actively Investigating” Celeb Photo Hack, by Arik Hesseldahl,

http://tinyurl.com/les3wqe

Apple said Monday it was ‘actively investigating’ the violation of several of its iCloud accounts, in which revealing photos and videos of prominent Hollywood actresses were taken and posted all over the Web.

*     *     *

Security experts said the hacking and theft of revealing pictures from the Apple iCloud accounts of a few celebrities might have been prevented if those affected had enabled two-factor authentication on their accounts.

Apple hasn’t yet said anything definitive about how the attacks were carried out, but security researchers at the security firm FireEye, examined the evidence that has emerged so far, and said it appears to have been a fairly straightforward attack. That said, it is also one that could have been thwarted had some additional steps to secure the targeted accounts been taken.

That additional step is known as two-factor authentication. Apple calls it ‘two-step verification,’ although it doesn’t work very hard to tell people about it, said Darien Kindlund, director of threat research at FireEye.

‘In general Apple has been a little late to the game in offering this kind of protection, and doesn’t advertise it,’ he said. ‘You have to dig through the support articles to find it.’

When enabled, two-factor authentication requires users to enter a numerical code that is sent to their phone or another device, in addition to using their regular password. Since the number constantly changes, it makes it much more difficult for attackers to gain access the account, even if they know the password.

Assuming the compromised accounts were running without the two-step option turned on, it would then have been relatively easy for the attacker to gain access to the accounts.

As The Next Web reported earlier today the attack may be linked to software on GitHub called iBrute that is capable of carrying out automated brute-force attacks against iCloud accounts. In this scenario, an attacker simply guesses a password again and again until they succeed. While tedious and time-consuming for a person, it’s a simple and infinitely faster process for a computer.

The as-yet unknown attacker had one other thing going for him: Apple allows an unlimited number of password guesses. Normally, systems limit the number of times someone can try to log in to a system with an incorrect password before the account is locked down entirely. Apple has since fixed that aspect of the vulnerability.

‘The attackers never should have been allowed to make an unlimited number of guesses,’ Kindlund said. . . . [Emphasis added.]

Is It Time For A “Bring Your Own Device” Policy for Your Law Office?

01 Tuesday Jul 2014

Posted by in Android Phones, Apple, Blackberry Phones, Cell Phones, Clouds, Computer Forensics, Confidentiality, Cybersecurity, Disaster Preparedness, Emails, Encryption, Google, Intellectual Property, iPad, iPhones, Law Office Management, Legal Blogs, Legal Ethics, Legal Technology, Mac, Management, Marketing, Passwords, PC Computers, Social Media, Supervising Support Staff, Tablets, Technology, Using Social Media

Comments Off on Is It Time For A “Bring Your Own Device” Policy for Your Law Office?

Tags

, , , , , , , , , , , ,

Mobile Device Security for Lawyers: How Solos and Small Firms can Ethically Allow Bring Your Own Device, by Will Harrelson, Curo Legal Blog (with hat tip to Jeff Richardson, iPhone J.D. Blog!)

http://tinyurl.com/lrrnp7g

The Start of Bring Your Own Device Policies

It really is the iPhone’s fault. Yes, Apple is to blame for designing the most desirable piece of technology of the last decade. So desirable, in fact, that employees of all stripes requested (and, often, begged) their IT departments to toss the increasingly-‘corporate’ Blackberry out the window and allow the use of their personal iPhones for corporate emails and calls. As a result, we have been living in the age of ‘Bring Your Own Device’ where employees use a single personal mobile phone (or tablet) for both their personal email, texting, and social media while also using it for work email, word processing, and other enterprise applications.

Before the Bring Your Own Device era, a company’s greatest out-of-office security concern was an employee who left a briefcase in a taxi. Today, the worry is an employee misplacing a device the size of wallet containing almost limitless amounts of data that criminals or hackers would easily and quickly exploit if given the chance. Clearly, there is an obvious financial motivation for all businesses to protect their own or customer’s sensitive data.

However, lawyers face particular ethical consequences if they fail to take reasonable efforts to either investigate the technologies that they implement or protect their client’s confidential information. . . .

Worst Passwords in 2013.

27 Sunday Apr 2014

Posted by in File Naming Conventions, Law Office Management, Legal Technology, Office Procedures, Passwords

Comments Off on Worst Passwords in 2013.

Tags

, , , ,

 The 25 Worst Passwords Of 2013: ‘Password’ Gets Dethroned, by Jared Newman, PC World

http://bit.ly/1ePbr3c

‘123456’ is finally getting some time in the spotlight as the world’s worst password, after spending years in the shadow of ‘password.’

Security firm Splashdata, which every year compiles a list of the most common stolen passwords, found that ‘123456’ moved into the number one slot in 2013. Previously, ‘password’ had dominated the rankings.

The change in leadership is largely thanks to Adobe, whose major security breach in October affected upwards of 48 million users. A list of passwords from the Adobe breach had ‘123456’ on top, followed by ‘123456789’ and ‘password.’ The magnitude of the breach had a major impact on Splashdata’s results, explaining why ‘photoshop’ and ‘adobe123’ worked their way onto this year’s list.

Fans of ‘password’ could reasonably petition for an asterisk, however, given that the stolen Adobe passwords included close to 100 million test accounts and inactive accounts. Counting those passwords on the list is kind of like setting a home run record during batting practice. Don’t be surprised if “password” regains the throne in 2014. . . .

The Mashable Hit List.

13 Sunday Apr 2014

Posted by in Android Phones, Apps, Cell Phones, Clouds, Computer Virus, Disaster Preparedness, Dropbox, Emails, Encryption, Google, Heartbleed, Identity Theft, Law Firm Web Sites, Law Office Management, Legal Blogs, Legal Technology, Malware, Office Procedures, Passwords, PC Computers, Search Enginges, Technology, Using Social Media

Comments Off on The Mashable Hit List.

Tags

, , , , , , , ,

The Heartbleed Hit List: The Passwords You Need to Change Right Now, The Mashable Team

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

If you wondered whether any main specific websites are affected, such as Yahoo, this list will help you.  It will also help explain the Heartbleed bug,  and why you should pay attention to what it is. If you want to know whether your specific bank was compromised, this list may not answer all your questions. So, if you’re not sure whether you should change your password, go ahead and do it.

Even better, find a password manager in this list of the best of the best from PC Magazine by Neil J. Rubenking — http://www.pcmag.com/article2/0,2817,2407168,00.asp. If you use one password for more than one website — and lots of people do — this is a good solution and a wise move regardless of the Heartbleed bug. -CCE

 

More on Heartbleed.

12 Saturday Apr 2014

Posted by in Android Phones, Apple, Apps, Cell Phones, Chrome, Clouds, Heartbleed, Malware

Comments Off on More on Heartbleed.

Tags

, , , , , , ,

Heartbleed Security Flaw Got You Worried? Good., by Lee Rosen, Divorce Discourse

http://www.divorcediscourse.com/heartblead-security-flaw-worried-good/

If I haven’t gotten your attention yet, more on Heartbleed. -CCE

The Heartbleed Bug – What Is It And What To Do About It.

12 Saturday Apr 2014

Posted by in Android Phones, Apps, Cell Phones, Chrome, Clouds, Computer Virus, Legal Technology, Malware

Comments Off on The Heartbleed Bug – What Is It And What To Do About It.

Tags

, , , , , , , ,

Heartbleed: The Complete Rundown, by PCMag Staff http://tinyurl.com/muscrx5 The Heartbeat Bug was THE news this week.  Knowing that it is here, and cannot be avoided is one thing.  Knowing about to do about it is critical. Change your passwords, especially to to online banking, e-mail, apps, and other things we’ve taken for granted. -CCE

The Heartbleed bug is the big news in tech this week, an exploit that has been in the wild since 2012 and has left countless Internet users open to scammers. PCMag and the SecurityWatch team have been keeping tabs on all the news, so check out our coverage below, and check back for updates. . . .

Stolen Passwords – Is It Too Late?

07 Saturday Dec 2013

Posted by in Adobe Acrobat, Passwords, Search Enginges, Using Social Media

Comments Off on Stolen Passwords – Is It Too Late?

Tags

, , , ,

How to find out if your password has been stolen, by Larry Seltzer for Zero Day, ZDNet Blog

http://tinyurl.com/qcgnlzx 

There are many public databases of breached accounts, the largest breach being that of Adobe.com, but no way to search across all of them. Until now.

App to Secure Your Logins, Documents, and Pictures

19 Saturday Oct 2013

Posted by in Android Phones, Apps, iPad, iPhones, Legal Technology, Passwords, Tablets

Comments Off on App to Secure Your Logins, Documents, and Pictures

Tags

, , , , , ,

App Of The Week: OneSafe Password Manager – Secure Your Logins, Documents And Pictures, by Tim Baran, Legal Productivity
http://bit.ly/16ncoLv