Publishing is an important part of what we do. It is the
means by which we help people to understand this
technology and how they can use it, communicate with our
peers in the research community, and document what we
have discovered in the course of looking at the Internet
to see how it is used in practice. This is not a
complete index of all of our publications, but a
selection of some highlights.
Persons interested in a more complete index of our
publications are free to visit our research site's publications
index.
Just because a vendor labels software as
"forensic" does not make it useful, and just
because employees have attended a training class to make
them "forensically qualified" does not mean
that they know what they are doing. When the outcome of
complex legal issues is at stake, what sort of expert
would you like to have working on your case?
Matt Curtin's article, published in 2006 by ISACA, can
help you to decide.
As crime goes high-tech, the criminal justice system
must follow. In this presentation, Matt Curtin discusses
his work as a forensic computer scientist hired in the
defense of a young man charged with several serious
crimes because of what police found on his computer.
Cryptography is one of the best tools to avoid the kind
of exposure that feeds identity theft and related fraud
today. While many organizations struggle to implement
cryptographic controls to become compliant with
regulation such as GLBA, HIPAA, and the Payment Card
Industry data security standard, the situation is
improving.
Many organizations and individuals think of security as
a step to be taken on the end, “locking
down” a system after basic functionality is added.
As we demonstrate with real examples, this approach is
fraught with trouble. We show another way that security
can be addressed effectively.
Spyware has become an increasingly hot topic. What is
spyware, how does it work, why does it work, and how can
it be managed? These issues are explored in this
whitepaper.
In June 2003, several schemes went around the Internet,
attempting to lure people into divulging their eBay and
Best Buy site credentials and credit card numbers. This
is an analysis of the scheme against eBay users.
A crossreferenced hypertext version of the HIPAA
Security Rule, available for use online free of
charge.
Among purchasers of security services, a great deal of
confusion exists about what kinds of services are
available and what can be expected of each type of
service. Here, we discuss assessment,
evaluation, and penetration testing in
terms of deliverables and key benefits for achieving the
high-order goal of information assurance.
Slides from a presentation on what cryptography can and
cannot do in practice, including some discussion on its
impact on law enforcement.
A discussion of the basic objectives of information
security, written for IT and operational staff in health
care and related organizations.
A gentle introduction to the basic issues of secure
networking, written for people whose job includes (among
other things) making computing technology work.
Malware such as ILOVEYOU, Melissa, and Happy99 are just
getting started. All of the anti-virus software and
firewalls in the world won't stop it. But there is
something that can. The bad news is that it requires
effort, which tends not to be a popular option.
An articulate privacy policy helps, but if reality and
the policy don't agree, you still have a problem. That's
what TRUSTe is all about: helping people identify sites
with privacy policies that reflect reality. Oversights
are still possible, which is why policy alone is
insufficient to protect privacy.
A complete discussion of firewalls, their history, and
what they can do for you, aimed primarily at system and
network administrators.
