Publishing is an important part of what we do. It is
the means by which we help people to understand this
technology and how they can use it, communicate with
our peers in the research community, and document
what we've discovered in the course of looking at
the Internet to see how it's used in practice. This
is not a complete index of all of our publications,
but rather a selection of some highlights.
Persons interested in a more complete index of our
publications are free to visit our research site's
publications
index.
As crime goes high-tech, the criminal justice system
must follow. In this presentation, Matt Curtin
discusses his work as a forensic computer scientist
hired in the defense of a young man charged with
several serious crimes because of what police found on
his computer.
Cryptography is one of the best tools to avoid the
kind of exposure that feeds identity theft and related
fraud today. While many organizations struggle to
implement cryptographic controls to become compliant
with regulation such as GLBA, HIPAA, and the Payment
Card Industry data security standard, the situation is
improving.
Many organizations and individuals think of security
as a step to be taken on the end, “locking
down” a system after basic functionality is
added. As we demonstrate with real examples, this
approach is fraught with trouble. We show another way
that security can be addressed effectively.
Spyware has become an increasingly hot topic. What is
spyware, how does it work, why does it work, and how
can it be managed? These issues are explored in this
whitepaper.
In June 2003, several schemes went around the
Internet, attempting to lure people into divulging
their eBay and Best Buy site credentials and credit
card numbers. This is an analysis of the scheme
against eBay users.
A crossreferenced, hypertext version of the HIPAA
Security Rule, available for use online free of
charge.
Among purchasers of security services, a great deal of
confusion exists about what kinds of services are
available and what can be expected of each type of
service. Here, we discuss assessment,
evaluation, and penetration testing
in terms of deliverables and key benefits for
achieving the high-order goal of information
assurance.
Slides from a presentation on what cryptography can
and cannot do in practice, including some discussion
on its impact on law enforcement.
A discussion of the basic objectives of information
security, written for IT and operational staff in
health care and related organizations.
A gentle introduction to the basic issues of secure
networking, written for people whose job includes
(among other things) making computing technology
work.
Malware like ILOVEYOU, Melissa, Happy99, and the
like are just getting started. All of the anti-virus
software and firewalls in the world won't stop
it. But there is something that can. The bad news is
that it requies effort, which tends not to be a
popular option.
An articulate privacy policy helps, but if reality
and the policy don't agree, you still have a
problem. That's what TRUSTe is all about: helping
people identify sites with privacy policies that
reflect reality. Oversights are still possible,
which is why policy alone is insufficient to protect
privacy.
A more complete discussion of firewalls, their
history, and what they can do for you. Aimed
primarily at system and network administrators.
