Ethics_ How to Discuss Security with Your Clients

Meeting proceedings of a seminar by the same name, held February 8, 2022

Managing law practice technology

Presented by Barron K. Henley, at a seminar by the same name, held November 17, 2020

ETHICS_ Communication Breakdown - It\u27s Always the Same (But it\u27s Avoidable)

Meeting proceedings of a seminar by the same name, held February 22, 2022

UT Digital Repository: 08-09 Annual Report

UT Librarie

Making Technology Work For You

Meeting proceedings of a seminar by the same name, held May 5, 2021

Applying Lessons from Cyber Attacks on Ukrainian Infrastructures to Secure Gateways onto the Industrial Internet of Things

Previous generations of safety-related industrial control systems were ‘air gapped’. In other words, process control components including Programmable Logic Controllers (PLCs) and smart sensor/actuators were disconnected and isolated from local or wide area networks. This provided a degree of protection; attackers needed physical access to compromise control systems components. Over time this ‘air gap’ has gradually been eroded. Switches and gateways have subsequently interfaced industrial protocols, including Profibus and Modbus, so that data can be drawn from safety-related Operational Technology into enterprise information systems using TCP/IP. Senior management uses these links to monitor production processes and inform strategic planning. The Industrial Internet of Things represents another step in this evolution – enabling the coordination of physically distributed resources from a centralized location. The growing range and sophistication of these interconnections create additional security concerns for the operation and management of safety-critical systems. This paper uses lessons learned from recent attacks on Ukrainian critical infrastructures to guide a forensic analysis of an IIoT switch. The intention is to identify and mitigate vulnerabilities that would enable similar attacks to be replicated across Europe and North America

Ethics_ Security is Only as Good as the Weakest Link - Legal Tech Security Measures Every Lawyer Must Take

Meeting proceedings of a seminar by the same name, held August 2, 2022

2007 Circumvention Landscape Report: Methods, Uses, and Tools

As the Internet has exploded over the past fifteen years, recently reaching over a billion users, dozens of national governments from China to Saudi Arabia have tried to control the network by filtering out content objectionable to the countries for any of a number of reasons. A large variety of different projects have developed tools that can be used to circumvent this filtering, allowing people in filtered countries access to otherwise filtered content. In this report, we describe the mechanisms of filtering and circumvention and evaluate ten projects that develop tools that can be used to circumvent filtering: Anonymizer, Ultrareach, DynaWeb Freegate, Circumventor/CGIProxy, Psiphon, Tor, JAP, Coral, and Hamachi. We evaluated these tools in 2007 -- using both tests from within filtered countries and tests within a lab environment -- for their utility, usability, security, promotion, sustainability, and openness. We find that all of the tools use the same basic mechanisms of proxying and encryption but that they differ in their models of hosting proxies. Some tools use proxies that are centrally hosted, others use proxies that are peer hosted, and others use re-routing methods that use a combination of the two. We find that, in general, the tools work in the sense that they allow users to access pages that are otherwise blocked by filtering countries but that performance of the tools is generally poor and that many tools have significant, unreported security vulnerabilities. The report was completed in 2007 and released to a group of private sponsors. Many of the findings of the report are now out of date, but we present them now, as is, because we think that the broad conclusions of the report about these tools remain valid and because we hope that other researchers will benefit from access to the methods used to test the tools. Responses from developers of the tools in question are included in the report

Legal Technology for Senior Lawyers

Meeting proceedings of a seminar by the same name, held October 25, 202