News from 2006

Discussing Identity Theft with TechColumbus

TechColumbus will discuss identity theft with members of the Central Ohio ISSA, including Interhack founder Matt Curtin.

TechColumbus and Platform Lab continue their well-received series of TechTalk in conjunction with the Central Ohio chapter of the Information Security Systems Association. ISSA will lead a panel discussion topic of Identity Theft.

Participate in a lively panel discussion regarding securing critical customer data, best practices and the latest threats and countermeasures. Panelists will include:

Clarke Cummungs: Information Control Corporation
Kevin Flanagan: RSA Security
Matt Curtin: Interhack Corporation (Slides available)

Guest Moderator will be the Central Ohio ISSA President David Garcia. A copy of Matt Curtin's latest book, Brute Force: Cracking the Data Encryption Standard, will be given away to one attendee.

This event will be held on Wednesday, January 18th from 7:30am-9:00am at Platform Lab in the Business Technology Center facility.

For directions, please see the Platform Lab website.

7:30-7:45 a.m.: Registration/Continental Breakfast
7:45-9:00 a.m.: Program

Interested attendees may choose to attend the ISSA monthly meeting, held immediately afterward in the same room. Feature speaker will be Dave Criminski, the security team leader of a local Fortune 500 retailer, discussing PCI.

Pre-registration for the event is required; see the TechColumbus Web Site for details.

About Interhack

Interhack is a pioneering professional services firm, active in security and privacy research, with an information assurance practice that has been helping organizations large and small to safeguard information in the face of threats such as identity theft.

Privacy Foundation February 2006 Seminar

Matt Curtin will present at the Privacy Foundation's February 2006 privacy seminar at the University of Denver's Sturm College of Law.

Matt Curtin will speak at the February 10, 2006 privacy seminar held by the Privacy Foundation at the Sturm College of Law at the University of Denver.

Curtin will discuss the technical details of digital rights management (DRM) systems studied in Interhack's Digital Media Project and how these systems affect usability and consumer privacy.

About Interhack

Interhack is a pioneering professional services firm, active in security and privacy research, with a forensic computing practice that has been involved in cutting-edge litigation on electronic privacy matters.

Brute Force: Cracking the Data Encryption Standard

Matt Curtin will be signing copies of Brute Force: Cracking the Data Encryption Standard in Lone Tree, Colorado.

Interhack announces the completion of Matt Curtin's new book, Brute Force: Cracking the Data Encryption Standard. This book is the story of the formation of the world's most widely-used system to protect sensitive information and how a group of independent cryptographers, civil libertarians, and hobbyists managed to demonstrate the system's weakness in June of 1997, even as the U.S. Congress debated the government's control over cryptography.

As one of the coordinators of the DESCHALL project that broke a secret message encrypted with what was then the government standard, Curtin presents a unique insider view of how the project came together and what happened behind the scenes to demonstrate the weakness of the standard and ultimately to usher in the age of unrestricted cryptography.

With a Foreword by John Gilmore of the Electronic Frontier Foundation, Brute Force is a story of cryptography, distributed computing, and most importantly, of people protecting themselves in the digital age.

Brute Force is generally available in bookstores everywhere and online at Amazon.com.

Errata for the book can be found on Curtin's personal Web site at ergo-sum.us.

Appearances and Signings

Booksignings and talks about the material are being given around the country.

February 6, 2007, 3:00-3:30 p.m. (sold out, more on the way) February 8, 2007, 3:00-3:30 p.m.: RSA Conference, San Francisco. (Signing at conference bookstore.)
November 17, 2006, 7:00-8:30 p.m.: Barnes & Noble, The Ohio State University, South Campus Gateway, 1598 N High St Columbus, OH 43201
March 13, 2006: Rotary Club of Columbus, Hyatt Regency Columbus, 350 N High St
February 15, 2006, 1:30 p.m.: RSA Conference, San Jose. (Signing at conference bookstore.)
February 11, 2006: Barnes & Noble, 8374 S. Willow St., Lone Tree, CO 80124
November 10, 2005: Central Ohio Chapter of the Information Systems Audit and Control Association (ISACA)
June 11, 2005: Lennox Barnes & Noble, Columbus.
April 18, 2005: Guest lecture for security course at The Ohio State University, Department of Computer Science and Engineering.
April 5, 2005: itWORKS.OHIO Conference, Columbus. (Lecture only.)
March 15, 2005: Greater Dayton IT Alliance Security Seminar, Dayton, Ohio. (Lecture only.)
February 15, 2005: RSA Conference, San Francisco. (Signing at conference bookstore, Digital Guru.)

About Interhack

Based in Columbus, Ohio, Interhack is a professional services firm with practice areas in forensic computing, information assurance, and management of information technology infrastructure. Known for its forward-thinking technical reports and elite consulting teams, Interhack seeks to close the gap between the possible and the sustainable. Interhack can be found online at web.interhack.com.

Booksigning at RSA 2006

Matt Curtin will be at the RSA Conference 2006, signing copies of his book, Brute Force: Cracking the Data Encryption Standard.

Interhack founder Matt Curtin will be at the RSA 2006 conference in San Jose, signing copies of his latest book, Brute Force: Cracking the Data Encryption Standard.

Brute Force is the inside story of how thousands of people who never met worked together to defeat the U.S. Government's standard for data encryption and change the debate in Washington over public policy governing cryptography. The DESCHALL Project, as it was known, was started by Rocke Verser and further organized by Curtin and Ohio State University graduate student Justin Dolske in response to a $10,000 prize offered at the 1997 RSA Conference.

In “a compelling and wide-ranging narrative,” Curtin explains how technology, social networking, and public policy came crashing together in the summer of 1997.

About Interhack

Based in Columbus, Ohio, Interhack is a professional services firm with practice areas in forensic computing, information assurance, and management of information technology infrastructure. Known for its forward-thinking technical reports and elite consulting teams, Interhack seeks to close the gap between the possible and the sustainable. Interhack can be found online at web.interhack.com.

Electronic Evidence in Criminal Defense

"Electronic Evidence in Criminal Defense" is the topic of Matt Curtin's presentation for the Greater Dayton IT Alliance's D-RISC '06 conference.

Presented:

May 18, 2006: ASTAR (Advanced Science and Technology Adjudication Resources) Conference, Columbus
May 17, 2006: INFOSEC Forum VIII, Central Ohio ISSA
April 25, 2006: itWORKS.OHIO Information Technology Educators Conference
April 21, 2006: Colorado Bar Association
March 27, 2006: Greater Dayton IT Alliance Legal IT Peer Group
March 14, 2006: Greater Dayton IT Alliance D-RISC '06

As crime goes high-tech, the legal system must follow. Both law enforcement and criminal defense attorneys must have the tools and experts available to ensure proper investigation, prosecution, and defense.

In a case that has important lessons for attorneys working with electronic evidence and parents of teenagers with computers, Interhack's Matt Curtin served as a forensic computer scientist for the defense of a high school senior hit with a variety of felony and misdemeanor charges that could well have sent the young man to prison instead of the university he was expecting to attend.

This presentation discusses the investigation, charges, prosecution, and defense. Critical examination will be made surrounding analysis by investigators and Curtin's team. Broader questions will be raised for possible discussion.

Slides for the presentation are available online: Electronic Evidence in Criminal Defense.

About Interhack

Interhack is a pioneering professional services firm, active in security and privacy research, with a forensic computing practice that has been involved in cutting-edge litigation on electronic privacy matters.

Introduction to Forensic Computing

Volume 3, 2006 of Control, the journal of the Information Systems Audit and Control Association (ISACA) includes a feature article by Matt Curtin, “Introduction to Forensic Computing.”

The article defines “forensic computing” the use of computers or analysis of computer data for use in legal argumentation. Common activities such as electronic discovery, data recovery, and forensic analysis are discussed.

Drawing from Curtin's own practice as a forensic computer scientist, the article covers three cases that demonstrate how forensic analysis of computer data have been interpreted by police and the courts. These cases show both the power and the limitations of the use of data in legal proceedings.

Finally, the article discusses the need to build forensic computing capabilities within organizations of almost all sizes and types, as legal proceedings and compliance are ultimately a part of doing business. Understanding the organization's legal context, operational needs, and internal capabilities form the basis of a successful effort to building capability into an organization.

The article is available for download.

About Interhack

Interhack is a pioneering professional services firm, active in security and privacy research, with a forensic computing practice that has been involved in cutting-edge litigation on electronic privacy matters.

Computer Science and Related Technologies Seminar

Matt Curtin will present at the Computer Science and Related Technologies Seminar coordinated by the Advanced Science and Technology Adjudication Resource (ASTAR) Program.

Interhack founder Matt Curtin will present at the Computer Science and Related Technologies Seminar, coordinated by the Advanced Science and Technology Adjudication Resource (ASTAR) Program in cooperation with The Ohio State University, where Curtin also holds an academic appointment.

Taking place on May 18 and 19, 2006, Curtin will deliver three lectures to attendees, judges around the state of Ohio.

Seminar Keynote: Electrons are the New Paper
Computer Forensics: A Case Study of Data Analysis in a criminal trial
How the Internet and Cyberspace Works

The program is closed, but Bar associations interested in using these talks for CLEs may contact Interhack for rates and availability.

About Interhack

Interhack is a pioneering professional services firm, active in security and privacy research, with a forensic computing practice that has been involved in cutting-edge litigation on electronic privacy matters.

Ensuring Data Security and Privacy in Teradata EDWs

Matt Curtin will discuss attacks against enterprise data warehouses and how cryptography can help in a Web Seminar hosted by Teradata.

On August 3, 2006, Teradata will host a Web seminar on the protection of information in Teradata EDWs. Interhack founder Matt Curtin will speak on the topics of attacks against centralized data sources and the use of cryptography as a protection mechanism.

Registration:
Registration for the event is handled online by Teradata.

In this web seminar, Curtin and his fellow experts will show you how to:

Prevent hackers from penetrating your security framework
Preempt typical hacker attacks on enterprise data security
Anticipate the implications of broad Active Data Warehouse use on security requirements
Implement Protegrity Enterprise Data Security in your Teradata Enterprise Data Warehouse (EDW)

Ensuring Data Security and Privacy in Teradata EDWs will illustrate how industry leaders are currently implementing centralized data security policies, including the encryption and auditing of sensitive data with Protegrity solutions to complement the scalability, high performance, and parallel functionality of their Teradata EDWs. Here you'll discover how securing a centralized Teradata EDW is more effective, simpler and far less expensive than securing multiple data marts or multiple applications, thereby reducing the risk from insecure data of customer dissatisfaction, legal penalties and compliance issues.

The increasing amounts of data going into Teradata warehouses are sharpening an already compelling interest in protecting the security and confidentiality of this sensitive data. At the same time, a growing body of legislative and industry standards is aimed at increasing management accountability and data privacy—including SOX, HIPAA, GLBA, U.S. state laws, and Payment Card Industry standards. This web seminar is an excellent way to keep pace with these developments.

About Interhack

Interhack is a pioneering professional services firm, active in security and privacy research, with a forensic computing practice that has been involved in cutting-edge litigation on electronic privacy matters.

Interhack Expands Forensic Computing Practice

John M. Pontious joins Interhack's rapidly growing forensic computing practice.

Interhack Corporation announced today that John M. Pontious has joined its rapidly growing forensic computing practice.

Pontious joins Interhack's forensic computing and information assurance practices as a senior analyst. He will support clients, focusing on security, scalability and implementation of information systems.

Previously, Pontious spent seven years as a professional software engineer with IBM in Research Triangle Park, North Carolina. In this role, he gained significant experience with both the development and quality assurance testing of enterprise class software solutions. Pontious' projects included Tivoli Privacy Manager, Tivoli Identity Manager and Websphere Extended Deployment.

Pontious holds a bachelor's degree in computer science and engineering from The Ohio State University. He resides in central Ohio.

About Interhack

Interhack is a pioneering professional services firm, active in security and privacy research, with a forensic computing practice that has been involved in cutting-edge litigation on electronic privacy matters.

Established in 2000, Interhack's forensic computing practice helps in-house counsel, incident response teams, law enforcement agencies and law firms establish facts that can be used in litigation or criminal prosecution.

IT and the Law: Dealing with Privacy and Compliance

IT and the Law. CIO Solutions Gallery, Fisher College of Business, the Ohio State University.

On September 28, 2006, a full day of discussing the intersection of information technology and the law will be held at the Fisher College of Business at the Ohio State University as part of its recurring CIO Solutions Gallery program. Interhack is proud to continue its sponsorship of the program.

Registration is available online at http://fisher.osu.edu/Programs/Executive-Education/CIO-Register/.

Agenda

7:15am - 8:00am	Continental Breakfast
8:00am - 8:10am	Welcome and Session Introduction Dr. Anil Makhija Chair, Finance and Associate Dean for Executive Education The Ohio State University Fisher College of Business
8:10am - 8:20am	Keynote Introduction Mr. Thornton A. May Nation's Leading IT Futurist
8:20am - 9:00am	Keynote Speaker Dr. Larry Ponemon Chairman & Founder, Ponemon Institute Board Member, The Privacy Council, Inc. What's really driving today's privacy efforts? Is it disclosure laws, public opinion, opportunities for business process improvement, all of the above? Here, a broad view of the leading issues that are behind today's privacy and compliance momentum will be discussed.
9:00am - 10:15am	Understanding The Law It begins by knowing the rules. What are the facts and hidden nuances concerning specific regulatory vehicles like SOX, HIPAA, and others? What must you be careful to understand, and what must you be careful to avoid? A panel of experts sheds light on these important issues Dr. Richard Dietrich (Department Chair, The Ohio State University Fisher College of Business) Mr. Tom Skoog (Partner, KPMG)
10:15am – 10:30am	Break
10:30am – 11:15am	Evaluating The Risks, a Panel Moderated by Mr. Thornton May Knowing then leads to assessing, as well as convincing. How do you assess your level of risk in your organizations, and how do you then plan and prioritize the attack? In addition to mitigating risk from the outside, how do you keep an eye on your employees……the enemy within? How do you also muster internal executive and cultural support for what may be a resulting massive (and costly) change? Top tier CIOs share their perspectives. Ms. Kathleen Ojala (Privacy Officer, Ohio State University Health System) Mr. John Rombough (Control Division, Canadian Imperial Bank of Commerce) Mr. David Bauer (Former CSO/CPO, Merrill-Lynch) Mr. Matthew T. Furton (Partner, Lord Bissell & Brook, LLP)
11:15am – Noon	Mining Value From The Auditor Relationship, as Moderated by Ms. Anne McCrory (Editor-In-Chief, CIO Decisions ) One of your best allies in helping to plan and execute game changing strategies related to privacy, compliance and regulation is your internal audits team. Yet, their abilities and contributions are often overlooked. Here, several top industry professionals turn state’s evidence on how senior IT and other corporate leaders be successful in this valuable relationship-building experience. Dr. Richard Dietrich Mr. Bruce Moulton (VP of Info Security Business Strategy, Symantec) (Former CISO, Fidelity Investments) Mr. Kirk M. Herath (Chief Privacy Officer, Nationwide Enterprise) Ms. Sandra R. Hughes (Global Privacy Executive, Procter & Gamble Company)**
Noon – 1:15pm	Lunch Break, including Keynote Speaker #2 (12:30pm – 1:15pm) Mr. David Bauer ( CTO, Asurion Corporation; Former Chief Security Officer and Privacy Officer Merrill-Lynch Company, Inc. )
1:30pm – 2:15pm	CTO/CISO Roundtable Panel, as Moderated by Ms. Anne McCrory *(Editor-In-Chief, CIO Decisions* ) So, how are you responding the call (and possibly the mandate) for immediate action? On which issues are you spending most of your time; e.g., two-factor authentication, wireless security, spyware, others? How are you preparing for the new requirements for electronic discovery? Listen as senior technology and security officers describe how they are moving forward. Mr. Dan Vermeire (CTO, Huntington National Bank) Ms. Kathy Starkoff (CTO, Limited Brands) Mr. Mark Bregman (CTO, Symantec)**
2:15pm – 2:30pm	Break
2:30pm – 3:00pm	What Yet Lies Ahead? What’s on the horizon regarding leading regulatory issues involving information security and privacy, as well as expected legislative reaction to those issues? While it might appear to some that a seemingly endless amount of money and time will be necessary in responding these mandates, how do you really determine, “How Much Is Really Enough?” What is the mood in our legislatures in that regard? Mr. Kenneth P. Mortensen, Esq. ( Acting Chief of Staff, Privacy Office, U.S. Department of Homeland Security)
3:00pm – 3:30pm	Untangling a Twisted Pair: CIOs and Lawyers – The New Alliance Mr. Thornton A. May Most CIOs admit that the legal stuff is the third rail of IT leadership. While this wasn’t always the case, new and more complex issues have entered the picture,…any one of which has the potential of being career-destroying. What is the current state of the collision between the legal and IT worlds?
3:30pm – 4:00pm	Session Summary and Wrap-Up Mr. Thornton May
4:00pm – 5:00pm	Adjournment and “ Decompression Session ”

About Interhack

Interhack is a pioneering professional services firm, active in security and privacy research, with a forensic computing practice that has been involved in cutting-edge litigation on electronic privacy matters.

Showing the Real World of IT to Ohio's Girls

Interhack founder Matt Curtin will discuss careers in technology for girls in grades 7-10 at the We Are IT event at Edison Community College in Piqua, Ohio.

Interhack founder Matt Curtin will be joining the “We Are IT” conference for area girls in Jr. High and High school who have expressed an interest careers in information technology.

Curtin will be presenting sessions on cryptography and forensic computing. He'll also be a “lunch buddy,” sitting and chatting over lunch with some of the attendees, answering their questions and helping them to understand just what it means to work in technology, balancing the demands of the projects at hand, personal development, and time for friends and family.

The pilot program will be held at Edison Community College on October 6. Around the state, a variety of other sites will hold the We Are IT event on November 17. Curtin will appear at the Columbus State Community College event.

About We Are IT

We Are IT is a state-wide, multi-site event for girls interested in information technology. Individual regional conferences offering information about the benefits for young women in IT-related fields.

The event is presented in conjunction with the Ohio IT Business Advisory Network and the Office of Career-Technical and Adult Education, Ohio Department of Education.

About Interhack

Interhack is a pioneering professional services firm, active in security and privacy research, with a forensic computing practice that has been involved in cutting-edge litigation on electronic privacy matters.