LITIGATION SUPPORT TIP OF THE NIGHT

LITIGATION SUPPORT TIP OF THE NIGHT NO LONGER RECOMMENDS USING THE KASPERSKY PASSWORD CHECKER OR ANY OTHER KASPERSKY PRODUCTS. KASPERSKY IS BEING INVESTIGATED BY THE FBI. AS THE NEW YORK TIMES HAS REPORTED KASPERSKY IS SUSPECTED FOR USING ITS ANTIVIRUS SOFTWARE TO STEAL CLASSIFIED GOVERNMENT DOCUMENTS.

I'VE LEARNED MY LESSON, AND I'M SURE YOU WILL TOO. LITTLE HOPE THAT THE MORON WHO IS CURRENTLY PRESIDENT OF THE UNITED STATES WILL LEARN THIS LESSON AS WELL.

There are several utilities on line that you can use test the strength of a password. Kaspersky Lab (which was rated as having the best virus protection software in 2015 by AV Comparatives - see the Tip of the Night for February 15, 2016) has a password checker here, It will give you estimate as to how long it will take someone to crack your password. If you just use a few digits, your password can be cracked in a number of seconds. It can a few years to crack a password that uses a combination of numbers, special symbols, upper case letter, and lower case numbers.

The site, http://www.passwordmeter.com will show you which features of your password are making it stronger or weaker. Repeating characters or using consecutive lower case letters will make your password weaker.

Keep in mind that password cracking programs have libraries not just of commonly used words from dictionaries and books, but commonly used passwords. A password strength tester may indicate that a password with any combination of upper case letters, lower case letters, numbers and special characters is a strong password. The Kaspersky password checker accounts for commonly used combinations. So if you test the password, 'Abc123??' Kaspersky will let you know that this password can be cracked in 3 minutes.

You can find out if a web account you access with a particular mail address has been compromised by going to, https://haveibeenpwned.com/ . This site has a large database of more than a billion hacked accounts. Pwn is simply a slang term for hack. This is a good, simple way to show attorneys that you're serious about data security.

When engaging an electronic discovery vendor make sure that they provide an adequate level of data security for encrypted data transferred over a network, by checking to see if they are validated under FIPS 140-2. Federal Information Processing Standard 140-2 is a standard set up for the National Institute of Standards and Technology (NIST) on Security Requirements for Cryptographic Modules. The validation process involves evaluation by an independent laboratory and review of the lab's report by a joint U.S. / Canadian body named the Cryptographic Module Validation Program. Be sure to distinguish between vendors that claim to be FIPS 140-2 compliant and those which have FIPS 140-2 validation. A FIPS 140-2 compliant organization will merely be using a cryptographic module of another business which obtained FIPS 140-2 validation.

FIPS 140-2 validation involves a review in 11 different areas:

An organization will receive a grade from 1 to 4 in each of these areas and an overall score, with 4 indicating the highest level of security.

• Cryptographic Module Specification

• Cryptographic Module Ports and Interfaces

• Roles, Services and Authentication

• Finite State Model

• Physical Security

• Operational Environment

• Cryptographic Key Management

• Electromagnetic Interference/Electromagnetic Compatibility (EMI/EMC)

• Self Tests

• Design Assurance

• Mitigation of Other Attacks