SlideShare a Scribd company logo

Meet the hackers: Seattle Tech Law CLE December 2018

Download as PPTX, PDF
Wendy Knox Everette
Wendy Knox Everette

An overview of some recent technology law cases, and a review of how to secure your communications as an attorney.

Technology
1 of 67
Aaron Alva, Wendy Knox Everette & Brendan O’Connor Meet the Hackers Photo credit Santiago Zavala CC BY-NC 2.0
Disclaimers Aaron’s Government Disclaimer and a reminder that none of this is legal advice, nor are we your hacker lawyers
Wendy Knox Everette Wendy Knox Everette (@wendyck) is a hacker lawyer who began her career as a software developer, before going to law school, where she focused on national security law and computer security issues. Currently she lives in Washington State where she advises companies on risk and security regulations. She created and hosted the first student webserver to host personal homepages at her undergrad in 1995, and registered her personal domain in 2000, but only recently got it moved to TLS.
Brendan Francis O’Connor Described by coworkers as "not the lawyer we need, but the lawyer we deserve" (and he's pretty sure that wasn't meant as a compliment), Brendan O'Connor does security for a user- generated content company, and occasionally works as a security researcher, consultant, and/or attorney based in Seattle. His day job is building security programs, but at night, he transforms into a person who spends too much time arguing with people who are wrong on the Internet. If caught, his companies will deny all knowledge of this presentation.
Aaron Alva Aaron Alva (@aalvatar) is a lawyer (not yours) and hacker who works as a technologist at the Federal Trade Commission's Office of Technology Research and Investigation (OTech). He was a recipient of the NSF CyberCorps scholarship for his MS/JD work at the University of Washington. At the FTC, he explains technical issues to attorneys working on behalf of consumers, and conducts research on areas that impact us all. He fights to protect the future in which his daughter will grow, lead, and amaze.
Things to Cover in 1 hour Updates on computer security, privacy, and tech law topics End user security for lawyers Ask us questions: you have three (semi tame) hacker lawyers, what do you want to know?
Tech Law Updates A smorgasboard of updates on computer security, privacy, and tech law topics
An Update from Aaron
Some topics Rule 41 & Network Investigative Techniques update GDPR & Vendor Security Review SMS, Phone Security & You CFAA & DMCA §1201
Rule 41 & the NIT (Network Investigative Technique) Warrant Rule 41 was updated in December 2016, and we’re now seeing the impact. ● [G]rants courts jurisdiction to issue remote search warrants when the location of a sought-after device or data has been concealed due to technological means, and it allows for the issuance of multi-jurisdictional remote search warrants in certain circumstances (https://www.justsecurity.org/35136/rule- 41-updated-needed/)
Rule 41 & the NIT (Network Investigative Technique) Warrant NIT Warrants are sometimes called “FBI Hacking” warrants ● These are not stored content warrants, but they’re not quite Title 3 wiretaps, either. Usually an implant or web bug of some kind that will reveal an end user’s IP address. https://www.lawfareblog.com/examining- fbi-hacking-warrant
https://motherboard.vice.com/en_us/article/d3b3xk/the-fbi-created-a-fake-fedex-website-to-unmask-a-cybercriminal
GDPR & Vendor Security Review I know what GDPR is, but what’s a Vendor Security Review?
Most security breaches are not caused by China.
A lot of the worst security breaches you’ve heard about weren’t even caused by the company you blamed.
Vendor Breaches ● Target (HVAC Vendor) ● T-Mobile 2017 (Credit Check Vendor, Experian) ● Equifax (How many of you actually use Equifax? They’re a vendor!) ● Delta/Sears/Best Buy (24[7].ai, they do chat stuff) But lest you think lawyers are better... ● 13 of the AmLaw 15 (in 2016 alone) ● Mossack Fonseca (Panama Papers) ● Paradise Papers (See, lawyers are vendors….)
“Standard of care” == “not caring”
So… what can you do about this? As lawyers that advise your clients about risk?
Things Your Clients Can Do Seriously, nothing is stopping them. ● Ask for affirmative evidence of security from EVERY vendor (even the ones that sell to “the big guys) ● Create a standard, hold vendors to the standard, and require C Suite risk acceptance for deviating, including a written justification ● Require a substantive “application security assessment” (not “did you do a pentest”)
You know who’s doing this? (Or, how to sell this)
Pika pika!
Oh, also you kind of have to do this, because GDPR. Article 24: the controller shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation. Recital 78: When developing, designing, selecting and using applications, services and products that are based on the processing of personal data or process personal data to fulfil their task, producers of the products, services and applications should be encouraged to take into account the right to data protection when developing and designing such products, services and applications and, with due regard to the state of the art, to make sure that controllers and processors are able to fulfil their data protection obligations.
Oh, also you kind of have to do this, because GDPR. Article 28: [the processor] makes available to the controller all information necessary to demonstrate compliance with the obligations laid down in this Article and allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the controller.
So: go forth and demand answers from your vendors. (Also, hey lawyers: Rule 1.6(c)...)
SMS, SIM Swapping, 2FA, and You (It’s… not good)
Meet: Your SIM Card!
We’re… not talking about actually swapping any SIMs, though.
SIM Swapping: “Hey $Carrier, I got a new SIM Card.”
70% Think at this point: “so… who cares? It’s just fraud, just go set it back.”
0 Number of extra things I need to destroy your entire life if I can answer cell phone calls and receive text messages at your number
Such as: ● Email (Forgot Password) ● Amazon (Reset Password + 2FA) ● Cable Bill (Hi, I’m you) ● Power Bill (Same thing) ● Netflix (once I have email) ● Most 2FA ● Your clients ● Washington State Bar Association (I mean… I’m just guessing)
Solution: A Special, Random, Long PIN to Prevent Port-Out/SIM Swap Scams
Solution: ● “Port Security PIN” (T-Mobile) ● “Extra Security Passcode” (AT&T) ● “Don’t Share Your Account Information” (Sprint) ● “Nothing” (Verizon Wireless) ...well, hey, 2 is better than 0, right?
One Other Thing: Use non-SMS 2FA Wherever Possible
CFAA & DMCA §1201 Photo by Peter Wick CC BY-NC-ND 2.0
18 U.S. Code § 1030 - Fraud and related activity in connection with computers CFAA covers “knowingly accessed a computer without authorization or exceeding authorized access” Often used in “web scraping”cases, like hiQ v. LinkedIn, which was argued before the 9th Circuit Court of Appeals and is pending a decision ● LinkedIn sent a Cease & Desist letter to hiQ to ask it to stop scraping content off its website, claimed it was a TOS violation ● hiQ asked for declaratory judgement that it was not violating the CFAA; won a preliminary injunction against LinkedIn
DMCA §1201 “Anti-circumvention” copyright law; the latest Triannual Review occured in 2018: https://www.copyright.gov/1201/2018/ All existing exemptions were renewed, so we can conduct security research! “The Acting Register found that good-faith security research involving devices beyond those covered by the current exemption is likely to be a fair use. As the Register found in 2015, the Acting Register concluded that good-faith security research promotes several of the activities identified in section 107 as examples of favored purposes, including criticism, comment, teaching, scholarship, and research.”
End user security Do attorneys have an obligation to secure their devices and communications?
Security 101: Passwords 1. Randomization 2. Length 3. Memorization vs saving it https://www.csoonline.com/article/3228106/pa ssword-security/want-stronger-passwords- understand-these-4-common-password- security-myths.html
Elements of a strong password ● The best option: generated by a password manager like LastPass or 1Password ● Make it long​: 10 or more characters ● Make it unpredictable​ ● Make it complex​: vary uppercase, lowercase, numbers and symbols ● Make it unique​: use a unique password for each service ● Keep it secret: if you have to share it with someone, switch to a temporary password, share that, then change it back
Password managers ● LastPass: https://www.lastpass.com/ ● 1Password: https://1password.com/ ● Not Ever KeePass: https://www.techdirt.com/articles/20171220/1813463885 9/keeper-security-files-bullshit-slapp-suit-against-ars- technica-letting-many-more-people-know-not-to-use- software.shtml ● What about saving passwords in the browser? ● What about Mac’s KeyChain to save passwords?
Why do strong passwords matter?
BUT... ● Modern password cracking utilities don’t use pure brute force ● They do know that you substituted a 4 for an A (so leet!) ● They know phrases and quotations, not just words ● They do know that a shockingly high percentage of “strong” passwords are ○ Xxxxxxxxx...1! (One upper case, N lower case, followed by a single number and a single special character, usually an exclamation point) ● Seriously, just use a password manager
Security 101: Multi Factor Authentication Something you know + something you have https://www.nist.gov/itl/tig/back- basics-multi-factor-authentication
Security 101: Updating your devices Applying updates quickly & regularly
Would someone SPY on a LAWYER? ● United States - Measures Affecting the Production and Sale of Clove Cigarettes (Indonesia v. US) (DS406, WTO DSB, 2012) ● GTMO ● https://www.csoonline.com/article/3070110/security/fbi-hid-microphones-for- secret-warrantless-surveillance-near-california-courthouses.html (San Francisco / federal) ● https://www.nytimes.com/2008/04/28/us/28lawyers.html (Oregon state/federal)
SBTx, Comm. on Prof. Ethics, Opinion 648 (2015) “In general, considering the present state of technology and email usage, a lawyer may communicate confidential information by email. In some circumstances, however, a lawyer should consider whether the confidentiality of the information will be protected if communicated by email and whether it is prudent to use encrypted email or another form of communication. Examples of such circumstances are: […] sending an email if the lawyer is concerned that the NSA or other law enforcement agency may read the lawyer’s email communication, with or without a warrant.”
SBCa, St. Comm. on Prof. Resp., Opinion 2010-179 “Similarly, encrypting email may be a reasonable step for an attorney to take in an effort to ensure the confidentiality of such communications remain so when the circumstance calls for it….”
ABA Formal Ethics Opinion 11-459 “A lawyer sending or receiving substantive communications with a client via e-mail or other electronic means ordinarily must warn the client about the risk of sending or receiving electronic communications using a computer or other device, or e- mail account, where there is a significant risk that a third party may gain access.”
Messaging security ● Messaging applications like iMessages or Signal can be more secure than email ● Seriously, use Signal. Download it right now, don’t wait for the end of class. https://signal.org/download/
Email Security ● Using a webmail provider like GMail or Proton Mail ○ Use a strong password ○ Use multifactor authentication ● Email Attachments ○ When is it safe to open an attachment?
Mobile Phone Security 1. Use a lock code or PIN to lock your phone. Longer is better. Alphanumeric is better than numeric. 2. Don’t leave your phone unlocked and unattended. 3. Do not install unknown and unverified programs on your phone. Only install apps from the official Apple App Store or Google Play. 4. If you plan to dispose of, give away, sell or re-use your phone, make sure that all information is deleted. 5. Backup your phone information regularly to a computer or the cloud. This will allow you to restore the data if you lose your phone or it is damaged or compromised. 6. When your carrier makes an update available, install the update. This helps to protect your phone from being compromised.Consider using only trusted phone dealers and repair shops if you are worried that your phone may be tampered with before you purchase it or while being repaired. You may want to use an authorized but randomly chosen phone dealer or service provider. 7. Your phone may allow you to disable “Location Services” altogether if there are times you do not want your location to be tracked and made available to third-party apps. Note that your location information will still available to the mobile phone network provider as your phone pings nearby cell phone towers.
Be very wary when connecting to WiFi access points that don't require passwords, or to WiFi networks in public spaces such as a coffee shop. It may be better to incur data charges than incur the risk of connecting to a public WiFi network. When you use a web browser, look at the address bar and check to see if there is a green lock icon. The URL should also begin with “https” -this means that the browser is using HTTPS, which is a form of encryption. If anyone on the network sees your traffic, they can’t read any of it! Read more: https://support.google.com/chrome/answer/956 17?hl=en
For your home WiFi: ● WPA2-PSK (not “mixed mode” WPA) ● Make sure you update your router software (https://arstechnica.com/information-technology/2018/06/widely-used-d-link- modemrouter-under-mass-attack-by-potent-iot-botnet/, https://arstechnica.com/information-technology/2018/06/vpnfilter-malware- infecting-50000-devices-is-worse-than-we-thought/)
Secure file exchange There are many ways to securely exchange documents, from password-protecting them to using a strong encryption method. Which one you use will be based on how sensitive the information is and what you & your client agree on. Lifehacker has a list of five encryption tools they recommend for local encryption of files: http://lifehacker.com/five- best-file-encryption-tools-5677725
Secure file exchange: Password Protected PDFs Saving a PDF file with a password helps to protect the information from being easily read by someone who is sniffing traffic on the network (as could happen on an open wifi network that is not protected by a password), or if they gained access to your email. Creating one on Windows: https://www.digitaltrends.com/computing/pas sword-protect-pdf/ Creating one on Mac: https://support.apple.com/guide/preview/pas sword-protect-a-pdf-prvw587dd90f/mac
Secure file exchange: Password Protected Zip files 7Zip for Windows: ● Download: http://www.7-zip.org/ ● Tutorial: http://www.gofree.com/Tutorials/ZipCo mpFiles.php Keka for Mac OS X: ● Download: http://www.kekaosx.com/en/ ● Tutorial: http://www.kekaosx.com/en/doc.php
Secure file exchange: Veracrypt Veracrypt runs on Windows and Macs, and allows you to create encrypted containers, which are like disk images, to hold files. These encrypted containers can then be exchanged through use of Box or some other shared drive service, or with USB keys. This is a good tool if you have especially sensitive files that you need to exchange, and your client has agreed to install the software and exchange encrypted containers. ● https://www.veracrypt.fr/en/Home.html
Backups As ransomware has increased as a threat, it’s important to take time to make sure that you have backed up your critical files, especially if you are in a small law office and store important client files. This handout will point you to some options for making backup copies of your data. If you can, you should encrypt your backups. However, it is better to have unencrypted backups than to not backup anything because you haven’t gotten around to setting up an encrypted system. ● Backblaze! (We’re not shilling for them, but there’s a reason all of Brendan’s family and many friends use it)
Backups: Windows 10 built-in backup: https://lifehacker.com/how-to- back-up-your-computer- automatically-with-windows- 1762867473
Backups: Mac OS X Mac OS X Time Machine (built-in backup software) tutorial: http://osxdaily.com/2015/07/12/set-up- time-machine-backups-mac-os-x/
Web Applications ● How to secure a google apps or O365 account ● https://landing.google.com /advancedprotection/ ● Vendor security analysis is hard--for lawyers, just rely on the big vendors
Learning more Attorney Specific 1. Operational Security for Lawyers: https://lawyerist.com/series/operational-security-for-lawyers/ 2. Computer Security Tools and Concepts for Lawyers: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2831739
Questions (Lots) Aaron, @aalvatar Wendy: @wendyck, wck@wendyk.org Brendan: @USSJoin, brendan@maliceafterthought.com

Recommended

Cyber of things 2.0
Cyber of things 2.0Cyber of things 2.0
Cyber of things 2.0Deepak Kumar (D3)
 
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsManaging Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsDinesh O Bareja
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerceSensePost
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?Legal Services National Technology Assistance Project (LSNTAP)
 
Lofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and EncryptionLofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and EncryptionSean Whalen
 
Edith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyEdith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyHamisi Kibonde
 
Building a cybercrime case
Building a cybercrime caseBuilding a cybercrime case
Building a cybercrime caseOnline
 

Recommended

Cyber of things 2.0
Cyber of things 2.0Cyber of things 2.0
Cyber of things 2.0Deepak Kumar (D3)
 
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsManaging Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsDinesh O Bareja
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerceSensePost
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?Legal Services National Technology Assistance Project (LSNTAP)
 
Lofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and EncryptionLofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and EncryptionSean Whalen
 
Edith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyEdith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyHamisi Kibonde
 
Building a cybercrime case
Building a cybercrime caseBuilding a cybercrime case
Building a cybercrime caseOnline
 
Web Application Security Session for Web Developers
Web Application Security Session for Web DevelopersWeb Application Security Session for Web Developers
Web Application Security Session for Web DevelopersKrishna Srikanth Manda
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9UISGCON
 
Hacking3e ppt ch04
Hacking3e ppt ch04Hacking3e ppt ch04
Hacking3e ppt ch04Skillspire LLC
 
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Sean Whalen
 
Hackers and cyber crimes
Hackers and cyber crimesHackers and cyber crimes
Hackers and cyber crimesSweta Kumari Barnwal
 
Unit ii-hackers and cyber crimes
Unit ii-hackers and cyber crimesUnit ii-hackers and cyber crimes
Unit ii-hackers and cyber crimesSweta Kumari Barnwal
 
Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9UISGCON
 
Chapter 4 E-Safety and Health & Safety
Chapter 4 E-Safety and Health & SafetyChapter 4 E-Safety and Health & Safety
Chapter 4 E-Safety and Health & SafetyAnjan Mahanta
 
Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...IJwest
 
2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get Interesting2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get InterestingIBM Security
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & ChallengesDeepak Kumar (D3)
 
Cyber Threat Intel : Overview
Cyber Threat Intel : OverviewCyber Threat Intel : Overview
Cyber Threat Intel : OverviewDeepak Kumar (D3)
 
Funsec3e ppt ch05
Funsec3e ppt ch05Funsec3e ppt ch05
Funsec3e ppt ch05Skillspire LLC
 
What is Importance of Cyber Security
What is Importance of Cyber Security What is Importance of Cyber Security
What is Importance of Cyber Security Wee Tang
 
Cybersecurity and Legal lessons after Apple v FBI
Cybersecurity and Legal lessons after Apple v FBICybersecurity and Legal lessons after Apple v FBI
Cybersecurity and Legal lessons after Apple v FBIBenjamin Ang
 
Modern Cyber Threat Protection techniques for Enterprises
Modern Cyber Threat Protection techniques for EnterprisesModern Cyber Threat Protection techniques for Enterprises
Modern Cyber Threat Protection techniques for EnterprisesAbhinav Biswas
 
Hacking3e ppt ch11
Hacking3e ppt ch11Hacking3e ppt ch11
Hacking3e ppt ch11Skillspire LLC
 
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...Benjamin Ang
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
Network Security
Network SecurityNetwork Security
Network SecurityBeth Hall
 
When Worlds Collide: Ethics and Technology for Lawyers
When Worlds Collide: Ethics and Technology for LawyersWhen Worlds Collide: Ethics and Technology for Lawyers
When Worlds Collide: Ethics and Technology for Lawyersrtrautz
 

More Related Content

What's hot

Web Application Security Session for Web Developers
Web Application Security Session for Web DevelopersWeb Application Security Session for Web Developers
Web Application Security Session for Web DevelopersKrishna Srikanth Manda
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9UISGCON
 
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Sean Whalen
 
Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9UISGCON
 
Chapter 4 E-Safety and Health & Safety
Chapter 4 E-Safety and Health & SafetyChapter 4 E-Safety and Health & Safety
Chapter 4 E-Safety and Health & SafetyAnjan Mahanta
 
Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...IJwest
 
2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get Interesting2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get InterestingIBM Security
 
What is Importance of Cyber Security
What is Importance of Cyber Security What is Importance of Cyber Security
What is Importance of Cyber Security Wee Tang
 
Cybersecurity and Legal lessons after Apple v FBI
Cybersecurity and Legal lessons after Apple v FBICybersecurity and Legal lessons after Apple v FBI
Cybersecurity and Legal lessons after Apple v FBIBenjamin Ang
 
Modern Cyber Threat Protection techniques for Enterprises
Modern Cyber Threat Protection techniques for EnterprisesModern Cyber Threat Protection techniques for Enterprises
Modern Cyber Threat Protection techniques for EnterprisesAbhinav Biswas
 
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...Benjamin Ang
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 

What's hot (20)

Web Application Security Session for Web Developers
Web Application Security Session for Web DevelopersWeb Application Security Session for Web Developers
Web Application Security Session for Web Developers
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
 
Hacking3e ppt ch04
Hacking3e ppt ch04Hacking3e ppt ch04
Hacking3e ppt ch04
 
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
 
Hackers and cyber crimes
Hackers and cyber crimesHackers and cyber crimes
Hackers and cyber crimes
 
Unit ii-hackers and cyber crimes
Unit ii-hackers and cyber crimesUnit ii-hackers and cyber crimes
Unit ii-hackers and cyber crimes
 
Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9
 
Chapter 4 E-Safety and Health & Safety
Chapter 4 E-Safety and Health & SafetyChapter 4 E-Safety and Health & Safety
Chapter 4 E-Safety and Health & Safety
 
Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...
 
2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get Interesting2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get Interesting
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & Challenges
 
Cyber Threat Intel : Overview
Cyber Threat Intel : OverviewCyber Threat Intel : Overview
Cyber Threat Intel : Overview
 
Funsec3e ppt ch05
Funsec3e ppt ch05Funsec3e ppt ch05
Funsec3e ppt ch05
 
What is Importance of Cyber Security
What is Importance of Cyber Security What is Importance of Cyber Security
What is Importance of Cyber Security
 
Cybersecurity and Legal lessons after Apple v FBI
Cybersecurity and Legal lessons after Apple v FBICybersecurity and Legal lessons after Apple v FBI
Cybersecurity and Legal lessons after Apple v FBI
 
Modern Cyber Threat Protection techniques for Enterprises
Modern Cyber Threat Protection techniques for EnterprisesModern Cyber Threat Protection techniques for Enterprises
Modern Cyber Threat Protection techniques for Enterprises
 
Hacking3e ppt ch11
Hacking3e ppt ch11Hacking3e ppt ch11
Hacking3e ppt ch11
 
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 

Similar to Meet the hackers: Seattle Tech Law CLE December 2018

Network Security
Network SecurityNetwork Security
Network SecurityBeth Hall
 
When Worlds Collide: Ethics and Technology for Lawyers
When Worlds Collide: Ethics and Technology for LawyersWhen Worlds Collide: Ethics and Technology for Lawyers
When Worlds Collide: Ethics and Technology for Lawyersrtrautz
 
A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...Erin Moore
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersRishabh Gupta
 
E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & SecurityNetstarterSL
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end usersNetWatcher
 
Cyber Security and GDPR Made Easy
Cyber Security and GDPR Made EasyCyber Security and GDPR Made Easy
Cyber Security and GDPR Made EasyChristoanSmit
 
The top 5 basics fundamentals of network security cyberhunter solutions
The top 5 basics fundamentals of network security cyberhunter solutionsThe top 5 basics fundamentals of network security cyberhunter solutions
The top 5 basics fundamentals of network security cyberhunter solutionsCyberhunter Cyber Security
 
Effects of using IT
Effects of using ITEffects of using IT
Effects of using ITMirza Ćutuk
 
Building security into the internetofthings
Building security into the internetofthingsBuilding security into the internetofthings
Building security into the internetofthingsPrayukth K V
 
All About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxAll About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxInfosectrain3
 
Cyber security for Developers
Cyber security for DevelopersCyber security for Developers
Cyber security for Developerstechtutorus
 
GBS - Prevent network security fires
GBS - Prevent network security firesGBS - Prevent network security fires
GBS - Prevent network security firesKristin Helgeson
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyClickSSL
 

Similar to Meet the hackers: Seattle Tech Law CLE December 2018 (20)

Network Security
Network SecurityNetwork Security
Network Security
 
When Worlds Collide: Ethics and Technology for Lawyers
When Worlds Collide: Ethics and Technology for LawyersWhen Worlds Collide: Ethics and Technology for Lawyers
When Worlds Collide: Ethics and Technology for Lawyers
 
Internet Security Essay
Internet Security EssayInternet Security Essay
Internet Security Essay
 
NewIinternet security
NewIinternet securityNewIinternet security
NewIinternet security
 
New internet security
New internet securityNew internet security
New internet security
 
A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 
E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & Security
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end users
 
Cyber Security and GDPR Made Easy
Cyber Security and GDPR Made EasyCyber Security and GDPR Made Easy
Cyber Security and GDPR Made Easy
 
120 i143
120 i143120 i143
120 i143
 
The top 5 basics fundamentals of network security cyberhunter solutions
The top 5 basics fundamentals of network security cyberhunter solutionsThe top 5 basics fundamentals of network security cyberhunter solutions
The top 5 basics fundamentals of network security cyberhunter solutions
 
Effects of using IT
Effects of using ITEffects of using IT
Effects of using IT
 
Building security into the internetofthings
Building security into the internetofthingsBuilding security into the internetofthings
Building security into the internetofthings
 
All About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxAll About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptx
 
Cyber security for Developers
Cyber security for DevelopersCyber security for Developers
Cyber security for Developers
 
GBS - Prevent network security fires
GBS - Prevent network security firesGBS - Prevent network security fires
GBS - Prevent network security fires
 
Enterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISEEnterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISE
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption Strategy
 

More from Wendy Knox Everette

FedRAMP Is Broken (And here's how to fix it)
FedRAMP Is Broken (And here's how to fix it)FedRAMP Is Broken (And here's how to fix it)
FedRAMP Is Broken (And here's how to fix it)Wendy Knox Everette
 
Weaponizing Your Fitness Tracker Against You_ Health, Fitness, & Location Tra...
Weaponizing Your Fitness Tracker Against You_ Health, Fitness, & Location Tra...Weaponizing Your Fitness Tracker Against You_ Health, Fitness, & Location Tra...
Weaponizing Your Fitness Tracker Against You_ Health, Fitness, & Location Tra...Wendy Knox Everette
 
Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Wendy Knox Everette
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Wendy Knox Everette
 
BSidesPDX "An update from the crypto wars 2.0"
BSidesPDX "An update from the crypto wars 2.0"BSidesPDX "An update from the crypto wars 2.0"
BSidesPDX "An update from the crypto wars 2.0"Wendy Knox Everette
 
Security engineering 101 when good design & security work together
Security engineering 101 when good design & security work togetherSecurity engineering 101 when good design & security work together
Security engineering 101 when good design & security work togetherWendy Knox Everette
 
Incident Response and the Attorney Client Privilege - ShmooCon 2019
Incident Response and the Attorney Client Privilege - ShmooCon 2019Incident Response and the Attorney Client Privilege - ShmooCon 2019
Incident Response and the Attorney Client Privilege - ShmooCon 2019Wendy Knox Everette
 
SeaSec East: Green Locks For You & Me
SeaSec East: Green Locks For You & MeSeaSec East: Green Locks For You & Me
SeaSec East: Green Locks For You & MeWendy Knox Everette
 
Fingerprints, Passcodes, and Self Incrimination - BSides Nova
Fingerprints, Passcodes, and Self Incrimination - BSides NovaFingerprints, Passcodes, and Self Incrimination - BSides Nova
Fingerprints, Passcodes, and Self Incrimination - BSides NovaWendy Knox Everette
 
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Wendy Knox Everette
 
Security Vulnerabilities, the Current State of Consumer Protection Law, & how...
Security Vulnerabilities, the Current State of Consumer Protection Law, & how...Security Vulnerabilities, the Current State of Consumer Protection Law, & how...
Security Vulnerabilities, the Current State of Consumer Protection Law, & how...Wendy Knox Everette
 

More from Wendy Knox Everette (13)

FedRAMP Is Broken (And here's how to fix it)
FedRAMP Is Broken (And here's how to fix it)FedRAMP Is Broken (And here's how to fix it)
FedRAMP Is Broken (And here's how to fix it)
 
Weaponizing Your Fitness Tracker Against You_ Health, Fitness, & Location Tra...
Weaponizing Your Fitness Tracker Against You_ Health, Fitness, & Location Tra...Weaponizing Your Fitness Tracker Against You_ Health, Fitness, & Location Tra...
Weaponizing Your Fitness Tracker Against You_ Health, Fitness, & Location Tra...
 
Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
 
BSidesPDX "An update from the crypto wars 2.0"
BSidesPDX "An update from the crypto wars 2.0"BSidesPDX "An update from the crypto wars 2.0"
BSidesPDX "An update from the crypto wars 2.0"
 
Security engineering 101 when good design & security work together
Security engineering 101 when good design & security work togetherSecurity engineering 101 when good design & security work together
Security engineering 101 when good design & security work together
 
Incident Response and the Attorney Client Privilege - ShmooCon 2019
Incident Response and the Attorney Client Privilege - ShmooCon 2019Incident Response and the Attorney Client Privilege - ShmooCon 2019
Incident Response and the Attorney Client Privilege - ShmooCon 2019
 
SeaSec East: Green Locks For You & Me
SeaSec East: Green Locks For You & MeSeaSec East: Green Locks For You & Me
SeaSec East: Green Locks For You & Me
 
Green Locks for You and Me
Green Locks for You and MeGreen Locks for You and Me
Green Locks for You and Me
 
An Encyclopedia of Wiretaps
An Encyclopedia of WiretapsAn Encyclopedia of Wiretaps
An Encyclopedia of Wiretaps
 
Fingerprints, Passcodes, and Self Incrimination - BSides Nova
Fingerprints, Passcodes, and Self Incrimination - BSides NovaFingerprints, Passcodes, and Self Incrimination - BSides Nova
Fingerprints, Passcodes, and Self Incrimination - BSides Nova
 
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
 
Security Vulnerabilities, the Current State of Consumer Protection Law, & how...
Security Vulnerabilities, the Current State of Consumer Protection Law, & how...Security Vulnerabilities, the Current State of Consumer Protection Law, & how...
Security Vulnerabilities, the Current State of Consumer Protection Law, & how...
 

Recently uploaded

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 

Recently uploaded (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 

Meet the hackers: Seattle Tech Law CLE December 2018

  • 1. Aaron Alva, Wendy Knox Everette & Brendan O’Connor Meet the Hackers Photo credit Santiago Zavala CC BY-NC 2.0
  • 2. Disclaimers Aaron’s Government Disclaimer and a reminder that none of this is legal advice, nor are we your hacker lawyers
  • 3. Wendy Knox Everette Wendy Knox Everette (@wendyck) is a hacker lawyer who began her career as a software developer, before going to law school, where she focused on national security law and computer security issues. Currently she lives in Washington State where she advises companies on risk and security regulations. She created and hosted the first student webserver to host personal homepages at her undergrad in 1995, and registered her personal domain in 2000, but only recently got it moved to TLS.
  • 4. Brendan Francis O’Connor Described by coworkers as "not the lawyer we need, but the lawyer we deserve" (and he's pretty sure that wasn't meant as a compliment), Brendan O'Connor does security for a user- generated content company, and occasionally works as a security researcher, consultant, and/or attorney based in Seattle. His day job is building security programs, but at night, he transforms into a person who spends too much time arguing with people who are wrong on the Internet. If caught, his companies will deny all knowledge of this presentation.
  • 5. Aaron Alva Aaron Alva (@aalvatar) is a lawyer (not yours) and hacker who works as a technologist at the Federal Trade Commission's Office of Technology Research and Investigation (OTech). He was a recipient of the NSF CyberCorps scholarship for his MS/JD work at the University of Washington. At the FTC, he explains technical issues to attorneys working on behalf of consumers, and conducts research on areas that impact us all. He fights to protect the future in which his daughter will grow, lead, and amaze.
  • 6. Things to Cover in 1 hour Updates on computer security, privacy, and tech law topics End user security for lawyers Ask us questions: you have three (semi tame) hacker lawyers, what do you want to know?
  • 7. Tech Law Updates A smorgasboard of updates on computer security, privacy, and tech law topics
  • 9. Some topics Rule 41 & Network Investigative Techniques update GDPR & Vendor Security Review SMS, Phone Security & You CFAA & DMCA §1201
  • 10. Rule 41 & the NIT (Network Investigative Technique) Warrant Rule 41 was updated in December 2016, and we’re now seeing the impact. ● [G]rants courts jurisdiction to issue remote search warrants when the location of a sought-after device or data has been concealed due to technological means, and it allows for the issuance of multi-jurisdictional remote search warrants in certain circumstances (https://www.justsecurity.org/35136/rule- 41-updated-needed/)
  • 11. Rule 41 & the NIT (Network Investigative Technique) Warrant NIT Warrants are sometimes called “FBI Hacking” warrants ● These are not stored content warrants, but they’re not quite Title 3 wiretaps, either. Usually an implant or web bug of some kind that will reveal an end user’s IP address. https://www.lawfareblog.com/examining- fbi-hacking-warrant
  • 13.
  • 14.
  • 15.
  • 16. GDPR & Vendor Security Review I know what GDPR is, but what’s a Vendor Security Review?
  • 17. Most security breaches are not caused by China.
  • 18. A lot of the worst security breaches you’ve heard about weren’t even caused by the company you blamed.
  • 19. Vendor Breaches ● Target (HVAC Vendor) ● T-Mobile 2017 (Credit Check Vendor, Experian) ● Equifax (How many of you actually use Equifax? They’re a vendor!) ● Delta/Sears/Best Buy (24[7].ai, they do chat stuff) But lest you think lawyers are better... ● 13 of the AmLaw 15 (in 2016 alone) ● Mossack Fonseca (Panama Papers) ● Paradise Papers (See, lawyers are vendors….)
  • 20. “Standard of care” == “not caring”
  • 21. So… what can you do about this? As lawyers that advise your clients about risk?
  • 22. Things Your Clients Can Do Seriously, nothing is stopping them. ● Ask for affirmative evidence of security from EVERY vendor (even the ones that sell to “the big guys) ● Create a standard, hold vendors to the standard, and require C Suite risk acceptance for deviating, including a written justification ● Require a substantive “application security assessment” (not “did you do a pentest”)
  • 23. You know who’s doing this? (Or, how to sell this)
  • 25. Oh, also you kind of have to do this, because GDPR. Article 24: the controller shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation. Recital 78: When developing, designing, selecting and using applications, services and products that are based on the processing of personal data or process personal data to fulfil their task, producers of the products, services and applications should be encouraged to take into account the right to data protection when developing and designing such products, services and applications and, with due regard to the state of the art, to make sure that controllers and processors are able to fulfil their data protection obligations.
  • 26. Oh, also you kind of have to do this, because GDPR. Article 28: [the processor] makes available to the controller all information necessary to demonstrate compliance with the obligations laid down in this Article and allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the controller.
  • 27. So: go forth and demand answers from your vendors. (Also, hey lawyers: Rule 1.6(c)...)
  • 28. SMS, SIM Swapping, 2FA, and You (It’s… not good)
  • 29. Meet: Your SIM Card!
  • 30. We’re… not talking about actually swapping any SIMs, though.
  • 31. SIM Swapping: “Hey $Carrier, I got a new SIM Card.”
  • 32. 70% Think at this point: “so… who cares? It’s just fraud, just go set it back.”
  • 33. 0 Number of extra things I need to destroy your entire life if I can answer cell phone calls and receive text messages at your number
  • 34. Such as: ● Email (Forgot Password) ● Amazon (Reset Password + 2FA) ● Cable Bill (Hi, I’m you) ● Power Bill (Same thing) ● Netflix (once I have email) ● Most 2FA ● Your clients ● Washington State Bar Association (I mean… I’m just guessing)
  • 35. Solution: A Special, Random, Long PIN to Prevent Port-Out/SIM Swap Scams
  • 36. Solution: ● “Port Security PIN” (T-Mobile) ● “Extra Security Passcode” (AT&T) ● “Don’t Share Your Account Information” (Sprint) ● “Nothing” (Verizon Wireless) ...well, hey, 2 is better than 0, right?
  • 37. One Other Thing: Use non-SMS 2FA Wherever Possible
  • 38. CFAA & DMCA §1201 Photo by Peter Wick CC BY-NC-ND 2.0
  • 39. 18 U.S. Code § 1030 - Fraud and related activity in connection with computers CFAA covers “knowingly accessed a computer without authorization or exceeding authorized access” Often used in “web scraping”cases, like hiQ v. LinkedIn, which was argued before the 9th Circuit Court of Appeals and is pending a decision ● LinkedIn sent a Cease & Desist letter to hiQ to ask it to stop scraping content off its website, claimed it was a TOS violation ● hiQ asked for declaratory judgement that it was not violating the CFAA; won a preliminary injunction against LinkedIn
  • 40. DMCA §1201 “Anti-circumvention” copyright law; the latest Triannual Review occured in 2018: https://www.copyright.gov/1201/2018/ All existing exemptions were renewed, so we can conduct security research! “The Acting Register found that good-faith security research involving devices beyond those covered by the current exemption is likely to be a fair use. As the Register found in 2015, the Acting Register concluded that good-faith security research promotes several of the activities identified in section 107 as examples of favored purposes, including criticism, comment, teaching, scholarship, and research.”
  • 41. End user security Do attorneys have an obligation to secure their devices and communications?
  • 42. Security 101: Passwords 1. Randomization 2. Length 3. Memorization vs saving it https://www.csoonline.com/article/3228106/pa ssword-security/want-stronger-passwords- understand-these-4-common-password- security-myths.html
  • 43. Elements of a strong password ● The best option: generated by a password manager like LastPass or 1Password ● Make it long​: 10 or more characters ● Make it unpredictable​ ● Make it complex​: vary uppercase, lowercase, numbers and symbols ● Make it unique​: use a unique password for each service ● Keep it secret: if you have to share it with someone, switch to a temporary password, share that, then change it back
  • 44. Password managers ● LastPass: https://www.lastpass.com/ ● 1Password: https://1password.com/ ● Not Ever KeePass: https://www.techdirt.com/articles/20171220/1813463885 9/keeper-security-files-bullshit-slapp-suit-against-ars- technica-letting-many-more-people-know-not-to-use- software.shtml ● What about saving passwords in the browser? ● What about Mac’s KeyChain to save passwords?
  • 45. Why do strong passwords matter?
  • 46. BUT... ● Modern password cracking utilities don’t use pure brute force ● They do know that you substituted a 4 for an A (so leet!) ● They know phrases and quotations, not just words ● They do know that a shockingly high percentage of “strong” passwords are ○ Xxxxxxxxx...1! (One upper case, N lower case, followed by a single number and a single special character, usually an exclamation point) ● Seriously, just use a password manager
  • 47. Security 101: Multi Factor Authentication Something you know + something you have https://www.nist.gov/itl/tig/back- basics-multi-factor-authentication
  • 48. Security 101: Updating your devices Applying updates quickly & regularly
  • 49. Would someone SPY on a LAWYER? ● United States - Measures Affecting the Production and Sale of Clove Cigarettes (Indonesia v. US) (DS406, WTO DSB, 2012) ● GTMO ● https://www.csoonline.com/article/3070110/security/fbi-hid-microphones-for- secret-warrantless-surveillance-near-california-courthouses.html (San Francisco / federal) ● https://www.nytimes.com/2008/04/28/us/28lawyers.html (Oregon state/federal)
  • 50. SBTx, Comm. on Prof. Ethics, Opinion 648 (2015) “In general, considering the present state of technology and email usage, a lawyer may communicate confidential information by email. In some circumstances, however, a lawyer should consider whether the confidentiality of the information will be protected if communicated by email and whether it is prudent to use encrypted email or another form of communication. Examples of such circumstances are: […] sending an email if the lawyer is concerned that the NSA or other law enforcement agency may read the lawyer’s email communication, with or without a warrant.”
  • 51. SBCa, St. Comm. on Prof. Resp., Opinion 2010-179 “Similarly, encrypting email may be a reasonable step for an attorney to take in an effort to ensure the confidentiality of such communications remain so when the circumstance calls for it….”
  • 52. ABA Formal Ethics Opinion 11-459 “A lawyer sending or receiving substantive communications with a client via e-mail or other electronic means ordinarily must warn the client about the risk of sending or receiving electronic communications using a computer or other device, or e- mail account, where there is a significant risk that a third party may gain access.”
  • 53. Messaging security ● Messaging applications like iMessages or Signal can be more secure than email ● Seriously, use Signal. Download it right now, don’t wait for the end of class. https://signal.org/download/
  • 54. Email Security ● Using a webmail provider like GMail or Proton Mail ○ Use a strong password ○ Use multifactor authentication ● Email Attachments ○ When is it safe to open an attachment?
  • 55. Mobile Phone Security 1. Use a lock code or PIN to lock your phone. Longer is better. Alphanumeric is better than numeric. 2. Don’t leave your phone unlocked and unattended. 3. Do not install unknown and unverified programs on your phone. Only install apps from the official Apple App Store or Google Play. 4. If you plan to dispose of, give away, sell or re-use your phone, make sure that all information is deleted. 5. Backup your phone information regularly to a computer or the cloud. This will allow you to restore the data if you lose your phone or it is damaged or compromised. 6. When your carrier makes an update available, install the update. This helps to protect your phone from being compromised.Consider using only trusted phone dealers and repair shops if you are worried that your phone may be tampered with before you purchase it or while being repaired. You may want to use an authorized but randomly chosen phone dealer or service provider. 7. Your phone may allow you to disable “Location Services” altogether if there are times you do not want your location to be tracked and made available to third-party apps. Note that your location information will still available to the mobile phone network provider as your phone pings nearby cell phone towers.
  • 56. Be very wary when connecting to WiFi access points that don't require passwords, or to WiFi networks in public spaces such as a coffee shop. It may be better to incur data charges than incur the risk of connecting to a public WiFi network. When you use a web browser, look at the address bar and check to see if there is a green lock icon. The URL should also begin with “https” -this means that the browser is using HTTPS, which is a form of encryption. If anyone on the network sees your traffic, they can’t read any of it! Read more: https://support.google.com/chrome/answer/956 17?hl=en
  • 57. For your home WiFi: ● WPA2-PSK (not “mixed mode” WPA) ● Make sure you update your router software (https://arstechnica.com/information-technology/2018/06/widely-used-d-link- modemrouter-under-mass-attack-by-potent-iot-botnet/, https://arstechnica.com/information-technology/2018/06/vpnfilter-malware- infecting-50000-devices-is-worse-than-we-thought/)
  • 58. Secure file exchange There are many ways to securely exchange documents, from password-protecting them to using a strong encryption method. Which one you use will be based on how sensitive the information is and what you & your client agree on. Lifehacker has a list of five encryption tools they recommend for local encryption of files: http://lifehacker.com/five- best-file-encryption-tools-5677725
  • 59. Secure file exchange: Password Protected PDFs Saving a PDF file with a password helps to protect the information from being easily read by someone who is sniffing traffic on the network (as could happen on an open wifi network that is not protected by a password), or if they gained access to your email. Creating one on Windows: https://www.digitaltrends.com/computing/pas sword-protect-pdf/ Creating one on Mac: https://support.apple.com/guide/preview/pas sword-protect-a-pdf-prvw587dd90f/mac
  • 60. Secure file exchange: Password Protected Zip files 7Zip for Windows: ● Download: http://www.7-zip.org/ ● Tutorial: http://www.gofree.com/Tutorials/ZipCo mpFiles.php Keka for Mac OS X: ● Download: http://www.kekaosx.com/en/ ● Tutorial: http://www.kekaosx.com/en/doc.php
  • 61. Secure file exchange: Veracrypt Veracrypt runs on Windows and Macs, and allows you to create encrypted containers, which are like disk images, to hold files. These encrypted containers can then be exchanged through use of Box or some other shared drive service, or with USB keys. This is a good tool if you have especially sensitive files that you need to exchange, and your client has agreed to install the software and exchange encrypted containers. ● https://www.veracrypt.fr/en/Home.html
  • 62. Backups As ransomware has increased as a threat, it’s important to take time to make sure that you have backed up your critical files, especially if you are in a small law office and store important client files. This handout will point you to some options for making backup copies of your data. If you can, you should encrypt your backups. However, it is better to have unencrypted backups than to not backup anything because you haven’t gotten around to setting up an encrypted system. ● Backblaze! (We’re not shilling for them, but there’s a reason all of Brendan’s family and many friends use it)
  • 63. Backups: Windows 10 built-in backup: https://lifehacker.com/how-to- back-up-your-computer- automatically-with-windows- 1762867473
  • 64. Backups: Mac OS X Mac OS X Time Machine (built-in backup software) tutorial: http://osxdaily.com/2015/07/12/set-up- time-machine-backups-mac-os-x/
  • 65. Web Applications ● How to secure a google apps or O365 account ● https://landing.google.com /advancedprotection/ ● Vendor security analysis is hard--for lawyers, just rely on the big vendors
  • 66. Learning more Attorney Specific 1. Operational Security for Lawyers: https://lawyerist.com/series/operational-security-for-lawyers/ 2. Computer Security Tools and Concepts for Lawyers: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2831739
  • 67. Questions (Lots) Aaron, @aalvatar Wendy: @wendyck, wck@wendyk.org Brendan: @USSJoin, brendan@maliceafterthought.com

Editor's Notes

  1. Warrant from a NIT from https://motherboard.vice.com/en_us/article/d3b3xk/the-fbi-created-a-fake-fedex-website-to-unmask-a-cybercriminal
  2. For those of you who get your security news from FireEye, this may come as a shock.
  3. To be clear: there are more than this, this is just how many it took before I got bored looking up names.
  4. Subscriber Identity Module. For GSM phones (AT&T, T-Mobile, anything in Europe) this is what tells the phone what network and phone number it is. CC-BY: https://www.flickr.com/photos/kalleboo/4450303200
  5. This is naturally called something different on each carrier.
  6. Also: Password dumps from data breaches & password reuse
  7. Stuff about helping prevent phishing Apps like google authenticator vs a security key (some security keys are phishng resistant, apps & other keys are not) Can put multiple keys on your accounts - helps keep access to your account if you keep one on a keychain lose it SMS 2FA -> mention the issues here?
  8. Network connections
  9. Note: this is NOT THE SAME as a print password; it’s an open password you want