- Oct 23, 2020
top of page
LITIGATION SUPPORT TIP OF THE NIGHT
The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer. All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information. This policy is subject to change at any time. The owner is not an attorney, and nothing posted on this site should be construed as legal advice. Litigation Support Tip of the Night does not provide confirmation that any e-discovery technique or conduct is compliant with legal, regulatory, contractual or ethical requirements.
New tips for paralegals and litigation support profesionals are posted to this site each week. Click on the blog headings for better detail.
Search
- Oct 19, 2020
A potential security flaw in Windows is the ability of Internet Explorer to run Java scripts. A .dll file located in the system folder on the C drive enables IE to run Java:
. . . you can disable the ability of IE to run Java scripts in the Registry Editor under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
Change the value for 140D at this location to 3. This will cause the execution of the scripts to be disabled by default.
- Oct 16, 2020
Here's a quick rundown of hacking techniques to help you understand what may be going on when a computer system is hacked.
CODE INJECTION - this method involves using external inputs to run commands. SQL script can be used in a web form to get access to restricted areas of a web site. User input should be filtered for SQL queries.
CROSS SITE SCRIPTING (XSS) - with this technique a hacker may place javascript inside a link , designed to take personal information.
DENIAL OF SERVICE (DoS) - this widely known approach simply involves flooding a site with traffic so its servers crash. Note that most often DoS attacks will make use of computers that are unaware they are being used for the attack.
CROSS-SITE REQUEST FORGERY (XSRF) - this hack involves running malicious commands from a source that the victim trusts. Html image tags in an email message may have links which will be activated even if they are not clicked.
DNS SPOOFING - with this technique bad Domain Name System data will be used to redirect data to the hacker's computer - domain names get translated into the wrong IP addresses.
SOCIAL ENGINEERING - you have probably been phished by someone pretending to a be friend or co-worker. Be on the lookout for 'vishing' (using the phone system); 'phishing' (typically done through emails); 'smishing' (using SMS texts); spear phishing (customized email messages targeting an individual or small groups); water holing (a trap on a trusted web site); and baiting (placing malware on USB drives or discs which are left where people may pick them up).
bottom of page