top of page

LITIGATION SUPPORT TIP OF THE NIGHT

Featured on the ACEDS blog.

The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer. All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information. This policy is subject to change at any time. The owner is not an attorney, and nothing posted on this site should be construed as legal advice. Litigation Support Tip of the Night does not provide confirmation that any e-discovery technique or conduct is compliant with legal, regulatory, contractual or ethical requirements.

See my post on Running Regex Searches With a Grep Utility on the ILTA litigation support blog.

New tips for paralegals and litigation support profesionals are posted to this site each week. Click on the blog headings for better detail.

See How-To Videos on my YouTube channel.

Certificate Revocation Lists

Jan 6, 2021

Last night's Tip discussed the use of certificate authorities to authenticate web site owners, and encrypt communications. Certificate authorities do not remain valid indefinitely. Expired certificates will generate an error message. Certificate authorities that have been revoked for some other reason will be put on a Certificate Revocation List (CRL). This is an example of an error message you'll see in a browser if a CA has been put on a CRL.

ree

Some CAs on a CRL will only be on hold, and are not necessarily permanently revoked.

Digital certificates will be placed on a CRL when public keys have been compromised, a certificate is believed to be a fake, the issuer of the CA is compromised, or a web site owner no longer owns a server or domain name.

Certificate Authorities

Jan 5, 2021

Certificate authorities prepare digital certificates to associate public keys with entities that a user communicates with using the secure HTTPS protocol in a web browser. The key is used by the browser to encrypt data transmitted by users to the servers of the entity owning the web site. In order to prevent the transmission from being hacked by someone pretending to be the trusted entity, the user's browser checks the certificate and the public key it receives against public keys received from the certificate authority.

In Chrome you can find a list of the certificate authorities it uses under Settings . . . Privacy and security . . . Security . . . Manage certificates . . . on the Trusted Root Certification Authorities tab.

ree

IdenTrust, Comodo (Sectigo), VeriSign, DigiCert and GoDaddy are some of the most widely used certificate authorities.

Note that It is possible to import a certificate authority into your web browser.

Be Sure to Change Your Router's Default Password

Dec 29, 2020

The Tip of the Night for February 9, 2018, discussed how you can easily look up the default password for a router. After receiving a new router, it is imperative that the default password be changed. In order to do this, in a web browser enter the IP address associated with the router, and access your account using the default user name and password. In order to find this IP address, in command prompt enter: ipconfig

At the end of the data generated by this command will be an IP address listed as the default gateway. This is the address of the site where your router's password can be reset.

ree

Often the default password for a router will be printed on the back of the router. Obviously leaving your password set to this is not wise. If someone gains control of your router, they can execute a pharming attack. A pharming attack will re-direct your internet traffic to a different DNS server (domain name server) that will translate web address names into the IP addresses of sites set up for malicious purposes.

It is possible to have a computer direct traffic directly to a DNS, rather than through a router, and thus avoid the problems which come from having a compromised router. Note that the router password is different from a wifi password. A home network, or local work network should have one of each.

bottom of page