Vulnerability assessments and exploitation, like so many other areas of technology, have progressed from being understood by a few elite practitioners to being automated for the masses.
Each day information security professionals are releasing new software or improving on existing software to make identifying and exploiting network vulnerabilities easier. Unfortunately, these automated tools have produced a “there’s an app for that” attitude toward information security. Many business owners and managers believe that an automated tool can determine if their network is secure, which is ridiculous. Information security encompasses not only vulnerability scanning and exploitation but risk management, user management, and other business processes. No automated tool can identify vulnerabilities in business processes – only a qualified information security professional can do that.
Vulnerability scanners are designed to identify specific issues in network services, operating systems, web applications and software but cannot identify vulnerabilities in the underlying vulnerability management and configuration management processes. Exploitation frameworks, like Metasploit and Core Impact, can exploit a machine but have no ability to determine the value of the data on the compromised machine or the affect the loss of that data would have on the business. In other words when it comes to information security there is not an app for that.
Read More
Attorneys: Be Aware When Reviewing Emails in Outlook
Bill Dean, Director of Computer Forensics
I am well aware that the use of Microsoft Outlook to review email is a perceivably convenient and low cost method to review small volumes of email. However, this method is laced with potential issues that just aren’t worth the risks – and there are risks. This article will address some of these risks to hopefully encourage the use of better technology to review email, or at least educate you enough to understand the risks.
So your client produced his or her email for you to review in a PST format (Microsoft Outlook Email Database). You are already proficient in the use of Microsoft Outlook as it likely already dictates much of your day. Either you already know how to attach this file to Outlook or your “friendly” IT staff will do it for you. You have the email loaded and you are ready to begin, but before you start, let’s talk about keyword searching.
Google has been a great asset to our culture in many ways. For the litigation field, it has inadvertently educated you how to perform Boolean searches. When you search Google for “Trade secret theft” and “Case Law” in the same query, you have performed a powerful Boolean search. However, Boolean search features such as this are not as intuitive in Microsoft Outlook and require extensive effort to execute. Difficulty performing Boolean searches is the good news. The bad news is that Microsoft Outlook, by default, will not search the contents of attachments for the keywords. Your searches will only address the email fields and the contents of an email message, which could potentially omit responsive information. We will visit the danger of attachments later in this article.
The read receipt option on sent emails presents another concern. If an unread email you are reviewing has the read receipt option set, your review of that email could inadvertently send a message to the sender that the email has been read. Consider the implications for that for a moment. There is one instance in which the custodian was deceased and his widow received a read receipt “from beyond the grave”.
Read More »