Personal tools
Interhack Publications


Publishing is an important part of what we do. It is the means by which we help people to understand this technology and how they can use it, communicate with our peers in the research community, and document what we have discovered in the course of looking at the Internet to see how it is used in practice. This is not a complete index of all of our publications, but a selection of some highlights.

Persons interested in a more complete index of our publications are free to visit our research site's publications index.

Protection of Data and Prevention: Advice for Chief Executive Officers, Managers, and Information Technology Staff

You and your people are both the problem and solution in cybersecurity and managing the organization's risk.

Forensic Analysis of Mobile Devices

When looking to answer questions, mobile devices can yield tremendous data that lead to insight.

Incident Handling: When the Breach Occurs

Preparing for a data breach, there are four questions every chief information officer needs to answer.  

Discovery Beyond Documents

How do data in electronic medical records differ from the electronic documents that we're most used to, and what does that mean for discovery?  Computer expert C. Matthew Curtin relates his experience as a computer science expert in a wrongful death case that hinged on interpretation of such data.  Outside and in-house counsel learn how to prepare their organizations for discovery beyond documents.  This information was presented at the Medical Liability and Health Care Law Seminar for the Defense Research Institute (DRI) on March 12, 2009.

Using Science to Combat Data Loss: Analyzing Breaches by Type and Industry

Introducing a taxonomy for classifying data loss incidents with public information, Interhack examined publicized data breaches by type and industry and found significant results for Finance, Education, Public Administration, and Health Care. A firm understanding of the rates at which types of breaches occur, proportionate to one another, helps with the distribution of limited security budgets, by helping guide the expenditure of capital to where it will have the greatest impact.

The Next Twenty-Five Years in Computer Science

How can Information Technology professionals enjoy long-term success when many of the skills they develop as students and early-stage professionals become obsolete so quickly? This discussion shows how a solid foundation built on computer science theory enables long-term success in IT practice. A practitioner who has nurtured solid theoretical foundations and a disposition toward life-long learning is thereby well-prepared for a long and rewarding career.

Introduction to Forensic Computing

Just because a vendor labels software as "forensic" does not make it useful, and just because employees have attended a training class to make them "forensically qualified" does not mean that they know what they are doing. When the outcome of complex legal issues is at stake, what sort of expert would you like to have working on your case? Matt Curtin's article, published in 2006 by ISACA, can help you to decide.

Electronic Evidence in Criminal Defense

As crime goes high-tech, the criminal justice system must follow. In this presentation, Matt Curtin discusses his work as a forensic computer scientist hired in the defense of a young man charged with several serious crimes because of what police found on his computer.

Identity Theft: If We Didn't Dodge a Bullet

Cryptography is one of the best tools to avoid the kind of exposure that feeds identity theft and related fraud today. While many organizations struggle to implement cryptographic controls to become compliant with regulation such as GLBA, HIPAA, and the Payment Card Industry data security standard, the situation is improving.

Security: Built-in or Bolt-on?

Many organizations and individuals think of security as a step to be taken on the end, “locking down” a system after basic functionality is added. As we demonstrate with real examples, this approach is fraught with trouble. We show another way that security can be addressed effectively.

Spying on Spyware

Spyware has become an increasingly hot topic. What is spyware, how does it work, why does it work, and how can it be managed? These issues are explored in this whitepaper.

Anatomy of Online Fraud

In June 2003, several schemes went around the Internet, attempting to lure people into divulging their eBay and Best Buy site credentials and credit card numbers. This is an analysis of the scheme against eBay users.

HIPAA Security HyperRule

A crossreferenced hypertext version of the HIPAA Security Rule, available for use online free of charge.

Understanding Information Assurance Services

Among purchasers of security services, a great deal of confusion exists about what kinds of services are available and what can be expected of each type of service. Here, we discuss assessment, evaluation, and penetration testing in terms of deliverables and key benefits for achieving the high-order goal of information assurance.

Cryptography in Practice

Slides from a presentation on what cryptography can and cannot do in practice, including some discussion on its impact on law enforcement.

Information Security: Friend or Foe?

A discussion of the basic objectives of information security, written for IT and operational staff in health care and related organizations.

Introduction to Network Security

A gentle introduction to the basic issues of secure networking, written for people whose job includes (among other things) making computing technology work.

Why Anti-Virus Software Cannot Stop the Spread of Email Worms

Malware such as ILOVEYOU, Melissa, and Happy99 are just getting started. All of the anti-virus software and firewalls in the world won't stop it. But there is something that can. The bad news is that it requires effort, which tends not to be a popular option.

A Failure To Communicate: When a Privacy Seal Doesn't Help

An articulate privacy policy helps, but if reality and the policy don't agree, you still have a problem. That's what TRUSTe is all about: helping people identify sites with privacy policies that reflect reality. Oversights are still possible, which is why policy alone is insufficient to protect privacy.

Internet Firewalls: Frequently Asked Questions

A complete discussion of firewalls, their history, and what they can do for you, aimed primarily at system and network administrators.

Document Actions