Interhack Corporation announced today that Lee Ayres has joined the firm.

Lee Ayres joins Interhack's forensic computing and information assurance practices as senior analyst. His work focuses on the analysis and use of data in the legal process.

Previously, Ayres was the lead developer at Mercury Markets in Chicago building automated trading systems for the global financial markets using proprietary algorithms.

Lee holds a bachelor's degree in computer science and engineering from The Ohio State University. He resides in central Ohio.

About Interhack

Interhack is a pioneering professional services firm, active in security and privacy research, with a forensic computing practice that has been involved in cutting-edge litigation on electronic privacy matters.

Established in 2000, Interhack's forensic computing practice helps in-house counsel, incident response teams, law enforcement agencies and law firms establish facts that can be used in litigation or criminal prosecution.

Interhack Corporation has announced that Bob Mathis has joined the firm.

Bob Mathis joins Interhack's forensic computing practice as a staff scientist, focusing on analysis of data and computer systems in the context of adjudication.

Prior to joining Interhack, Mathis has directed three small businesses in the software technology industry, most recently serving as president and chief consultant at Pithecanthropus Consulting, Inc., a start-up that specializes in Java tools and software development. Mathis has also served as an expert witness on behalf of the US Air Force in a multi-million dollar computer software contract dispute and a private company dispute related to compiler implementation.

Bob's extensive background also includes work to standardize the Lisp, Java, Prolog, Scheme, and ECMAScript programming languages. Bob remains a senior lecturer at The Ohio State University's Department of Computer Science and Engineering.

About Interhack

Interhack is a pioneering professional services firm, active in security and privacy research, with a forensic computing practice that has been involved in cutting-edge litigation on electronic privacy matters.

Established in 2000, Interhack's forensic computing practice helps in-house counsel, incident response teams, law enforcement agencies and law firms establish facts that can be used in litigation or criminal prosecution.

On February 1, 2007, Teradata will host a Web seminar on the protection of information in Teradata EDWs. Interhack founder Matt Curtin will speak on the topics of attacks against centralized data sources and the use of cryptography as a protection mechanism.

In this web seminar, Curtin and his fellow experts will show you how to:

• Prevent hackers from penetrating your security framework
• Preempt typical hacker attacks on enterprise data security
• Anticipate the implications of broad Active Data Warehouse use on security requirements
• Implement Protegrity Enterprise Data Security in your Teradata Enterprise Data Warehouse (EDW)

Ensuring Data Security and Privacy in Teradata EDWs will illustrate how industry leaders are currently implementing centralized data security policies, including the encryption and auditing of sensitive data with Protegrity solutions to complement the scalability, high performance, and parallel functionality of their Teradata EDWs. Here you'll discover how securing a centralized Teradata EDW is more effective, simpler and far less expensive than securing multiple data marts or multiple applications, thereby reducing the risk from insecure data of customer dissatisfaction, legal penalties and compliance issues.

The increasing amounts of data going into Teradata warehouses are sharpening an already compelling interest in protecting the security and confidentiality of this sensitive data. At the same time, a growing body of legislative and industry standards is aimed at increasing management accountability and data privacy—including SOX, HIPAA, GLBA, U.S. state laws, and Payment Card Industry standards. This web seminar is an excellent way to keep pace with these developments.

About Interhack

Interhack is a pioneering professional services firm, active in security and privacy research, with a forensic computing practice that has been involved in cutting-edge litigation on electronic privacy matters.

Implementation of Fast Key-Cracking Open to Review

SAN FRANCISCO, CA (February 6, 2007). Ten years ago, a battle raged over the future of cryptography, the technology that keeps electronic data safe from prying eyes. On one hand, private-sector cryptographers argued that a stronger standard needed to be adopted and that restrictions on the use of cryptography needed to be relaxed. On the other hand, government officials complained to Congress that greater restrictions were needed to help law enforcement police the Internet. Wiretaps, they argued, were a critical component of online law enforcement and a single message encrypted with the sitting government standard would require a $30 million supercomputer one year and eight-seven days to break—time and expense simply unavailable to the authorities.

RSA Data Security, Inc., (now RSA, the Security Division of EMC) launched a contest, offering $10,000 to the first group that could break the message encrypted with the sitting government standard. The team that came to be known as DESCHALL, led by Rocke Verser of Loveland, Colorado, won that contest, breaking the message that said, “Strong Cryptography Makes the World a Safer Place.” The project was one of the largest computations ever performed, using thousands of computers all over the U.S. and Canada; the machine that found it was not a supercomputer, but a regular 90 MHz Pentium-powered desktop computer.

Matt Curtin, a DESCHALL project coordinator supporting Verser, documented the inside story of the project in his book, Brute Force: Cracking the Data Encryption Standard (Copernicus Books, 2005). One critical component of the project, however, has been a secret for ten years: the code that powered the fast key-cracking clients. Today, the code for the classic fast clients for 486, Pentium, and Pentium Pro processors is released, along with code for the client distribution system, joining the code for the firewall-traversing gateways that was previously released.

Source code is available for download from the Interhack Research site that maintains the project history, including mailing list archives. http://www.interhack.net/projects/deschall/. Curtin will be signing copies of Brute Force at the conference.

Interhack founder Matt will join with Keith Fricke of the Cleveland Clinic Health System to conduct incident response drills at the Ohio Information Security Conference 2007 (OISC '07), presented by the Greater Dayton IT Alliance on March 14, 2007.

Abstract

Role-playing drills have become popular in organizations seeking to train staff for the ways they engage workers that plain classroom lectures do not. But organizations endeavoring to bring greater realism and value to their training should consider taking it to the next level.

Curtin and Fricke will demonstrate how to use live drills to help manage information security breaches and how to test the effectiveness of response plans. Critical issues to be covered include: resources necessary to develop a successful drill; the objectives of live drills; how to identify the important take-aways for staff; and how to staff who might be called upon to respond to real-world security incidents to apply their newfound knowledge.

About Interhack

Based in Columbus, Ohio, Interhack Corporation is a professional services firm with clients all over North America. Founded in 1997 by a team of information security researchers, Interhack accepted the mission to make global computing and communications infrastructures worthy of trust. Interhack's two practice areas, Information Assurance and Forensic Computing, support that mission. The company is a supporting member of The Usenix Association. Additional information about Interhack is available at web.interhack.com.

COSI Electronic Education

The nightmare began when local and state police broke through the front door of the suburban home of a doctor and his family in a pre-dawn raid. Police analysis of the computer used by the doctor's seventeen-year-old son, an honors student halfway through his senior year of high school, led to charges against the boy of four felonies and a misdemeanor. Father and son discussed the situation and vowed not to bow to pressure to enter into a plea bargain requiring the boy to admit guilt in a crime he did not commit. This is the story of how forensic computer analysis of the son's machine led the prosecutor to drop the charges and expunge the boy's record.

Forensic computer scientist Matt Curtin performed the analysis and prepared expert testimony for the court.

Presentation Dates

• March 26, 2007
• October 30, 2007

About the Experts Program

Experts is an educational program conducted via videoconference which allows us to connect to classrooms all over the country and offer students an interactive experience with experts in science, math, and technology related fields. The purpose of the program is to expose students to a wide variety of science-related careers, hopefully sparking a desire to further their math and science education while exciting them about the multitude of opportunities which exist in these fields. Last year we connected to over 32,000 students in 39 different states.

About Interhack

Interhack is a pioneering professional services firm, active in security and privacy research, with a forensic computing practice that has been involved in cutting-edge litigation on electronic privacy matters.

Established in 2000, Interhack's forensic computing practice helps in-house counsel, incident response teams, law enforcement agencies and law firms establish facts that can be used in litigation or criminal prosecution.

Interhack proudly continues its sponsorship of the CIO Solutions Gallery at the Ohio State University's Fisher College of Business. The April 2007 theme is “Industries in Transition: Lessons From Leaders Meeting Exponential Challenges.”

The total U.S. healthcare spending today has reached $2 trillion, or 16 percent of our gross domestic product. Yet in other large countries that percentage is noticeably less; however, these very same nations are also providing healthcare that is seen to be as good as, if not better than, that of the U.S. While clearly there are major opportunities for IT to play a significant role in improving the cost effective delivery of healthcare in this country, there are also potential pitfalls in doing so. What lessons can we all learn from this? In this session, successful leaders will share their stories.

This session is part of the nationally acclaimed CIO Solutions Gallery and this particular event is the first in a series of sessions that will highlight specific industries in transition, while also drawing parallels to other industries undergoing similar change.

This noted program was specifically designed by senior IT leaders to add value to senior IT leaders. Unlike many other offerings available today, this highly acclaimed new program is organized around CIO peer learning; i.e., learning from the experiences of others, and solving real-life problems collaboratively. This provocative series is targeted toward CIOs and/or senior executives in the technology and/or operations leadership community. It will help to build and foster an active and creative network of IT leaders/executives devoted to sharing best practices, renewing their skills on an ongoing basis, and raising the level of technical literacy within their organizations.

More information on the CIO Solutions Gallery Executive Education Program is available online at http://fisher.osu.edu/programs/executive-education/current-programs/cio-solutions-gallery/.

About Interhack

Interhack is a pioneering professional services firm, active in security and privacy research, with a forensic computing practice that has been involved in cutting-edge litigation on electronic privacy matters.

Established in 2000, Interhack's forensic computing practice helps in-house counsel, incident response teams, law enforcement agencies and law firms establish facts that can be used in litigation or criminal prosecution.

Interhack's Matt Curtin will present on the educational needs for students headed toward careers in information technology at the Ohio Department of Education's itWORKS.OHIO Conference in Columbus, Ohio, on April 18-19, 2007.

Presentations

Curtin will participate in three sessions at this year's conference.

• Why Security Matters: a discussion of architecture and a demonstration of breach through WiFi vulnerability.
• Why Care About Business Process: a panel discussion on the need for technologists to understand how to work with the rest of the business and how teachers need to present such material to students.
• The IT Business Process Discussion: a panel discussion on managing information technology efforts and working with the rest of the business.

About itWORKS.OHIO

itWORKS.OHIO is a broad-based educational response to Ohio's need for a skilled information technology workforce. The Joint Council of the Ohio Board of Regents and the State Board of Education developed the Ohio Information Technology Competency Profile, which provides guidance for IT training in the state, and is the framework supporting itWORKS.OHIO.

About Interhack

Interhack is a pioneering professional services firm, active in security and privacy research, with a forensic computing practice that has been involved in cutting-edge litigation on electronic privacy matters.

Established in 2000, Interhack's forensic computing practice helps in-house counsel, incident response teams, law enforcement agencies and law firms establish facts that can be used in litigation or criminal prosecution.

We are pleased to announce the Promotion of Abby Park to Marketing Manager. Ms. Park joined Interhack Corporation in 2001, supporting technical and business development functions. Since 2003, she has carried the title of Associate, supporting the development and delivery of our elite professional services.

“Abby has brought unique and valuable insight to the firm,” remarked Interhack founder Matt Curtin. “We continue to look to her wisdom and experience as we work to make Interhack one of the most trusted professional service firms in the business.”

In her new role, Ms. Park will oversee development and execution of marketing activity in both the Forensic Computing and Information Assurance practices.

About Interhack

Interhack is a pioneering professional services firm, active in security and privacy research, with a forensic computing practice that has been involved in cutting-edge litigation on electronic privacy matters.

Established in 2000, Interhack's forensic computing practice helps in-house counsel, incident response teams, law enforcement agencies and law firms establish facts that can be used in litigation or criminal prosecution.

Interhack scientist Bob Mathis will present at the State of Information Security 2007 Executive Forum in Columbus, Ohio at the Blackwell Inn on October 23, 2007.

Abstract

If your company's attorneys had to represent to a court that your organization did not have a particular record, could they do so correctly and with confidence?

Corporate information technology (IT) departments are widely tasked with ensuring that information is always available when needed by the business. Requirements for integrity and confidentiality have driven additional changes in policy for information management and the mechanisms used to implement such policy. To a large degree, these matters have widely been considered “technology” issues and handled exclusively within the domain of IT management.

Risk, however, goes far beyond the matter of hostile actors breaking into systems with sensitive data. With legal, regulatory, and contractual issues binding the organization, a failure of effective information management poses considerable risks to the organization. The possibility of indictment of executives and firms, fines paid to regulators, and settlements paid to plaintiffs weigh on the consciousness of businesses of all types.

To illustrate how technologists and lawyers need to work together to identify and to manage risk in the organization, Matt Curtin will discuss his work as a forensic computer scientist and a case where his analysis led to findings contrary to assertions made by the company sued for violating the privacy of people using the Web. Attendees should understand the need for cooperation among disciplines in the organization and strategies for ensuring success.

About the State of Information Security 2007

The State of Information Security 2007 is a luncheon and executive-level security forum hosted by Sun Microsystems, Simplesoft, and PricewaterhouseCoopers. It will be held in Columbus, Ohio at the Blackwell Inn on Tuesday, October 23, 2007 from 11:30 a.m. until 4:30 p.m.

To RSVP call Sue Hachten at +1 614 448 4050.

About Interhack

Interhack is a pioneering professional services firm, active in security and privacy research, with a forensic computing practice that has been involved in cutting-edge litigation on electronic privacy matters.

Established in 2000, Interhack's forensic computing practice helps in-house counsel, incident response teams, law enforcement agencies and law firms establish facts that can be used in litigation or criminal prosecution.

Interhack founder Matt Curtin will present at the annual conference of the Central and Southern Ohio Chapter of HIMSS with a discussion of the role of information security in clinical informatics.

Abstract

When thinking of security, many people think immediately of technologies like firewalls and cryptography. In fact, security is a property ascribed to information when it is well-managed. We will discuss the fundamental principles of information security and show how these support the objectives of clinical informatics. Going a step further, we will demonstrate how the goals of clinical informatics cannot be met without security.

About Interhack

Interhack is a pioneering professional services firm with practice areas in forensic computing and information assurance. Based in Columbus, Ohio, and with clients all over North America, Interhack's work has been used to establish legal precedent and to set standards for technology.

Matt Curtin will present on electronic information in litigation with Susan Hastings, labor and employment group leader of the firm Squire, Sanders, and Dempsey, LLP at the OSBA Midwest Labor Law Conference in Columbus on October 26, 2007. The session will be coordinated by Pam Krivda of the Krivda Law Offices in Columbus.

The presentation will include highlights from the recent updates to the Federal Rules of Civil Procedure on the handling of electronic information in discovery. Consideration will be given to information by comparison to data and metadata and how these differences can affect the use of information in litigation.

About Interhack

Interhack is a pioneering professional services firm, active in security and privacy research, with a forensic computing practice that has been involved in cutting-edge litigation on electronic privacy matters.

Established in 2000, Interhack's forensic computing practice helps in-house counsel, incident response teams, law enforcement agencies and law firms establish facts that can be used in litigation or criminal prosecution.

Interhack founder Matt Curtin will team up with Keith Fricke of the Cleveland Clinic Health System to present a class in conducting incident response drills at the Information Security Summit in Independence on November 2, 2007.

Abstract

Tabletop exercises have become increasingly popular in organizations looking to train staff. These role-playing drills tend to involve people in ways that classroom-style lecture and interaction do not. Organizations looking to bring more realism and greater value to their training, however, should consider moving beyond the tabletop.

This presentation will discuss the management of live drills for information security incidents to augment staff training and to test for the effectiveness of response plans. Critical issues covered will include the resources necessary to develop a successful drill, the objectives of such drills, how to bring out the important take-aways for staff, and how to integrate the newfound knowledge into the experience of staff who might be called upon to respond to real-world incidents.

About Interhack

Based in Columbus, Ohio, Interhack Corporation is a professional services firm with clients all over North America. Founded in 1997 by a team of information security researchers, Interhack accepted the mission to make global computing and communications infrastructures worthy of trust. Interhack's two practice areas, Information Assurance and Forensic Computing, support that mission. The company is a supporting member of The Usenix Association. Additional information about Interhack is available at web.interhack.com.

Matt Curtin presents Intrusion Detection and Prevention Technology and Strategy to the CIO Circle at Health Foundation in Norwood, Ohio, on November 7, 2007.

Abstract

Intrusion detection and prevention systems (IDPS) have come a long way since the security principle of "compromise recording" was introduced into the research literature of computer science by Saltzer and Schroeder in 1975. In this discussion we look at IDPS technology, how it works with other security technology, and what problems are and are not solved by IDPS.

About Interhack

Based in Columbus, Ohio, Interhack Corporation is a professional services firm with clients all over North America. Founded in 1997 by a team of information security researchers, Interhack accepted the mission to make global computing and communications infrastructures worthy of trust. Interhack's two practice areas, Information Assurance and Forensic Computing, support that mission. The company is a supporting member of The Usenix Association. Additional information about Interhack is available at web.interhack.com.

On November 11, 2007, Interhack Founder and CEO Matthew Curtin addresses a gathering of senior level IT and business leaders at CIOhio at the Hilton Columbus at Easton in Columbus, Ohio to present Identifying Management Fraud and Forensics in the Twenty-First Century.

Abstract

Following closely the recent surge of interest in computer forensics, vendors now offer a wide variety of tools that claim forensic capability. Gobs of money are spent on training people to make them "forensically qualified." But what do such terms mean, and what should practitioners know about forensic computing in order to be effective collectors and preservers of information critical for investigation?

Matt Curtin's presentation addresses these questions. He shows ways in which competent and experienced forensic computing expertise can support the legal process, and how doing so differs from the slam dunk methods utilized by some practitioners, as presented in the popular media.

About Interhack

Based in Columbus, Ohio, Interhack Corporation is a professional services firm with clients all over North America. Founded in 1997 by a team of information security researchers, Interhack accepted the mission to make global computing and communications infrastructures worthy of trust. Interhack's two practice areas, Information Assurance and Forensic Computing, support that mission. The company is a supporting member of The Usenix Association. Additional information about Interhack is available at web.interhack.com.

On November 13, 2007, Matt Curtin speaks at Platform Lab about 3X System's new disaster recovery solution.

Abstract

Matt first reviews the history of disaster recovery technologies to provide perspective on what follows—a discussion about 3X System's recently rolled out data backup appliance.

About Interhack

Based in Columbus, Ohio, Interhack Corporation is a professional services firm with clients all over North America. Founded in 1997 by a team of information security researchers, Interhack accepted the mission to make global computing and communications infrastructures worthy of trust. Interhack's two practice areas, Information Assurance and Forensic Computing, support that mission. The company is a supporting member of The Usenix Association. Additional information about Interhack is available at web.interhack.com.