Tag Archive for: Methods

[Webinar] 5 Reasons Why Your eDiscovery Process Should Integrate Forensics Methods – May 4th, 1:00 pm – 2:00 pm EDT | Association of Certified E-Discovery Specialists (ACEDS)

/in


Dr. Gavin Manes

Dr. Gavin Manes
CEO
Avansic

Dr. Gavin Manes is a nationally recognized eDiscovery and digital forensics expert. He founded Avansic in 2004 after completing his Doctorate in Computer Science from the University of Tulsa. At Avansic, Dr. Manes is committed to high-technology innovation, research, and mentorship, and has several patents pending. Avansic’s scientific approach to eDiscovery and digital forensics stems from his academic experience.

Dr. Manes routinely serves as an expert witness including consulting with attorneys on data preservation issues. He contributes academic content to peer-reviewed journals and delivers classroom lectures. See his full CV at gavinmanes.com.

Dr. Manes has published over fifty papers on eDiscovery, digital forensics, and computer security, countless blog posts, and educational presentations to attorneys, executives, professors, law enforcement, and professional groups on topics from eDiscovery to cyber law. He’s briefed the White House, the Department of the Interior, the National Security Council, and the Pentagon on computer security and forensics issues.

At the University, Dr. Manes formed the Tulsa Digital Forensics Center, housing Cyber Crime Units from local, state, and federal law enforcement agencies. He’s a founder of the University of Tulsa’s Institute for Information Security, leading the creation of nationally recognized research efforts in digital forensics and telecommunications security.

Craig Ball

Craig Ball
Adjunct Professor, Electronic Discovery and Digital Evidence
University of Texas School of Law

Craig Ball is a trial lawyer, computer forensic examiner, law professor and noted authority on electronic evidence. He limits his practice to serving as a court-appointed special master and consultant in computer forensics and electronic discovery and has served as the Special Master or testifying expert in computer forensics and electronic discovery in some of the most challenging and celebrated cases in the U.S. A founder of the Georgetown University Law Center E-Discovery Training Academy, Craig serves on the Academy’s faculty and teaches Electronic Discovery and Digital Evidence…

Source…

New Methods Could Improve Security Of Two-Factor Authentication Systems

/in


artist

When utilized as second-factor authentication, push notifications work as an additional layer of security to protect users’ online accounts from attackers.

Getty Images

 

As an extra layer of security, several online services have adopted push notification-based two-factor authentication systems, whereby users must approve login attempts through a mobile device. In current authentication systems, especially the “tap to approve” approach, there is no explicit link that indicates correspondence between the user’s browser session and the notification they receive on their device. This vulnerability can be exploited by an attacker.

To address this issue, a team of researchers that includes Nitesh Saxena, professor in the Department of Computer Science and Engineering at Texas A&M University, has designed new, easy-to-use methods to counter the vulnerabilities in push notification-based two-factor authentication systems.

“The mechanisms we designed have a similar usability to the original push notification-based authentication method, but they improve security against concurrent login attacks,” said Saxena. “If a user receives two notifications, the notification that corresponds to the browser’s session of the attacker will differ. Therefore, the user should be able to detect that something is amiss and not accept the wrong notification.”

The team’s paper describing the research was published in the proceedings from the 2021 Institute of Electrical and Electronics Engineers’ European Symposium on Security and Privacy (EuroS&P), one of the premier venues for cutting-edge cybersecurity research.

Push notifications are clickable pop-up messages sent directly to a user’s mobile or desktop device via an installed application. They can appear at any time and show various things such as the weather, breaking news, missed calls or text messages, reminders, etc.

They can also be utilized as second-factor authentication (or password-less authentication), which works as an additional layer of security to protect users’ online accounts from attackers. With push notification authentication, a push notification is sent directly to a mobile device —…

Source…

6 Security Methods to Protect You and Your Customers

/in


The fastest way to lose credibility with your customers is to breach their sense of security. Your clients trust you to protect them and their information whether you are interacting with them online or in person. You must consider their safety as one of the top priorities of every transaction you complete. Often your customers are providing you with sensitive personal information or with their financial details, so it is imperative that you protect them. Here are six ways to keep your sensitive information private and safe while you operate your business.

1. Malware Protection

Network security is a very important consideration for your business. You should start by ensuring all of your computers and devices have appropriate protection against malware. Without protection, malicious software can infiltrate your systems quickly and undetected. Your customers’ data can be compromised and misused before you even notice that a breach has happened. Every device that contains any personal information needs to have appropriate protection in order to help prevent such occurrences.

2. Virtual Private Network

Utilizing a Virtual Private Network can allow you to operate privately within a public network. You’ll likely be exchanging information with your customers from different locations and it can be difficult to ensure a secure connection. Utilizing a VPN can encrypt your communications and help prevent third parties from accessing your private data. You’ll be able to communicate more freely with consumers without worrying about being spied on.

3. Firewall

A firewall will filter information that is coming into your network and can help prevent suspicious sources from getting through. Any untrusted sources can be blocked before they get the chance to enter your network to complete their nefarious activities. A firewall is essential to help protect your customers and your business. You will be best protected by having both a software and a hardware firewall to completely filter the traffic coming to your site.

4. Backups

It is necessary to make sure that you backup your information regularly. If the worst happens and you do experience some sort of attack that wipes your…

Source…

Premier League clubs to tighten cyber security methods after Manchester United hack

/in


Premier League clubs are expected to tighten cyber security methods as investigators warn a hack on Manchester United is just the tip of an iceberg.

United are believed to be facing a seven-figure ransom demand over the attack, which has left the club unable to yet fully restore its computer systems. GCHQ cyber security agents have been called in to help.

The National Cyber Security Centre recently published a report showing 70 per cent of major sports organisations are targeted by hackers every 12 months.

Ciaran Martin, a professor at the University of Oxford’s Blavatnik School, told Telegraph Sport on Friday night how he saw attacks on sporting organisations rise while he was chief executive at the NCSC.

“The risk to sport was on the up, not markedly, but incrementally, because of the realisation by potential attackers of rich sources of data and money that might be available from sporting organisations,” he said. “It’s big business, as we all know.”

Manchester City say it is a “matter of public record” that they have also been repeatedly targeted. In February, an IT worker was arrested amid claims he got players’ personal details and records of confidential transfer talks from Pep Guardiola’s email account. Last week, it also emerged British athletes were among hundreds of female sports stars and celebrities whose personal photographs had been breached in an iCloud attack.

“Sports organisations are at risk from cyber attacks for two reasons,” Martin, one of the leading figures in the UK’s fight against cyber crime, said. Nation-state attacks – such as Russia’s breach against the World Anti-Doping Agency in August 2016 – are high profile, but rare, he explained. “The other, which looks more likely here – although I must stress I don’t know the details because I’m not in Government any more – would appear to be a standard criminal ransom attempt to extort money by encrypting data or otherwise compromising data.”

The Football Association beefed up its security ahead of the World Cup in Russia in 2018, but many Premier League clubs have yet to bring their security levels in line with some other sectors.

Government has no powers to…

Source…