680 research outputs found
Ethics_ How to Discuss Security with Your Clients
Meeting proceedings of a seminar by the same name, held February 8, 2022
Managing law practice technology
Presented by Barron K. Henley, at a seminar by the same name, held November 17, 2020
ETHICS_ Communication Breakdown - It\u27s Always the Same (But it\u27s Avoidable)
Meeting proceedings of a seminar by the same name, held February 22, 2022
Making Technology Work For You
Meeting proceedings of a seminar by the same name, held May 5, 2021
Applying Lessons from Cyber Attacks on Ukrainian Infrastructures to Secure Gateways onto the Industrial Internet of Things
Previous generations of safety-related industrial control systems were ‘air gapped’. In other words, process control
components including Programmable Logic Controllers (PLCs) and smart sensor/actuators were disconnected and
isolated from local or wide area networks. This provided a degree of protection; attackers needed physical access to
compromise control systems components. Over time this ‘air gap’ has gradually been eroded. Switches and
gateways have subsequently interfaced industrial protocols, including Profibus and Modbus, so that data can be
drawn from safety-related Operational Technology into enterprise information systems using TCP/IP. Senior
management uses these links to monitor production processes and inform strategic planning. The Industrial Internet
of Things represents another step in this evolution – enabling the coordination of physically distributed resources
from a centralized location. The growing range and sophistication of these interconnections create additional
security concerns for the operation and management of safety-critical systems. This paper uses lessons learned
from recent attacks on Ukrainian critical infrastructures to guide a forensic analysis of an IIoT switch. The intention
is to identify and mitigate vulnerabilities that would enable similar attacks to be replicated across Europe and North
America
Ethics_ Security is Only as Good as the Weakest Link - Legal Tech Security Measures Every Lawyer Must Take
Meeting proceedings of a seminar by the same name, held August 2, 2022
Recommended from our members
2007 Circumvention Landscape Report: Methods, Uses, and Tools
As the Internet has exploded over the past fifteen years, recently reaching over a billion users, dozens of national governments from China to Saudi Arabia have tried to control the network by filtering out content objectionable to the countries for any of a number of reasons. A large variety of different projects have developed tools that can be used to circumvent this filtering, allowing people in filtered countries access to otherwise filtered content. In this report, we describe the mechanisms of filtering and circumvention and evaluate ten projects that develop tools that can be used to circumvent filtering: Anonymizer, Ultrareach, DynaWeb Freegate, Circumventor/CGIProxy, Psiphon, Tor, JAP, Coral, and Hamachi. We evaluated these tools in 2007 -- using both tests from within filtered countries and tests within a lab environment -- for their utility, usability, security, promotion, sustainability, and openness. We find that all of the tools use the same basic mechanisms of proxying and encryption but that they differ in their models of hosting proxies. Some tools use proxies that are centrally hosted, others use proxies that are peer hosted, and others use re-routing methods that use a combination of the two. We find that, in general, the tools work in the sense that they allow users to access pages that are otherwise blocked by filtering countries but that performance of the tools is generally poor and that many tools have significant, unreported security vulnerabilities.
The report was completed in 2007 and released to a group of private sponsors. Many of the findings of the report are now out of date, but we present them now, as is, because we think that the broad conclusions of the report about these tools remain valid and because we hope that other researchers will benefit from access to the methods used to test the tools.
Responses from developers of the tools in question are included in the report
Legal Technology for Senior Lawyers
Meeting proceedings of a seminar by the same name, held October 25, 202
- …