Microsoft

Subscribe to Microsoft

The bane of data security is the patch. The patch is what your IT guys are doing in the background to fix vulnerabilities in software that are known to the manufacturers, and to attempt to fix the vulnerability before hackers can exploit it.

Patching is a very important part of a security plan, but the

Security researchers at Radboud University in the Netherlands have discovered a flaw in several manufacturers’ solid state hard drive firmware that can be exploited to read data from self-encrypting drives (SED). The researchers published their findings in a paper on November 5th. The authors identified several methods they were able to use to bypass hardware

Many companies are migrating their email systems to Microsoft Office 365 (O365). The majority of security incidents in which we have been engaged in over the past six months involve a hacker successfully phishing an employee of the company (most of the time someone who is an executive in the company) and then spoofing the

On March 23, 2018, the President signed into law the Consolidated Appropriations Act of 2018 (H.R. 1625), an omnibus spending bill that includes the Clarifying Lawful Overseas Use of Data Act (the CLOUD Act). Among other provisions, the CLOUD Act amends the Stored Communications Act of 1986 (18 U.S.C. §§ 2701-2712, hereinafter the

Courts are often faced with the dilemma of applying centuries, or even decades, old law to constantly evolving technological advancements.  See, e.g., Transcript of Oral Argument, United States v. Microsoft, No. 17-2 (U.S. Feb. 27, 2018) (attempting to ascertain the relationship between the Stored Communications Act, a 1986 law, and modern cloud computing

In an order issued on October 16, 2017, the U.S. Supreme Court granted certiorari in United States v. Microsoft Corporation, a case with potentially far-reaching implications for the privacy of electronic data maintained by technology companies across the globe.

The case, which Robinson+Cole has previously discussed here, here, and here, arises from a warrant obtained by the Department of Justice (DOJ) under the Stored Communications Act (SCA).[1] The SCA was enacted in 1986 to protect the privacy of electronic communications, including by extending privacy protections to electronic records analogous to those afforded under the Fourth Amendment to the U.S. Constitution.[2] In relevant part, the SCA requires a governmental entity in most instances to secure a warrant in accordance with the Federal Rules of Criminal Procedure to compel disclosure of electronic communications stored by a service provider.[3]
Continue Reading Supreme Court to Hear Microsoft Emails Case

On June 23, 2017, the Office of the Solicitor General (OSG) filed a petition for a writ of certiorari with the United States Supreme Court requesting reversal of a 2016 decision in which the U.S. Court of Appeals for the Second Circuit quashed a warrant obtained by the Department of Justice (DOJ) under the Stored Communications Act (SCA) seeking the contents of a Microsoft customer’s emails.

In its July, 2016 decision in United States v. Microsoft Corp., a Second Circuit panel unanimously held that the DOJ’s attempt to procure the contents of the emails – which allegedly pertained to illegal drug trafficking – via an SCA warrant constituted an impermissible extraterritorial application of the SCA because the server on which the emails were stored was located in Ireland. The Second Circuit subsequently denied a request for an en banc rehearing in January, 2017 (see previous analysis of that denial here).
Continue Reading Solicitor General Urges Supreme Court Review of Second Circuit Microsoft Decision

We have read multiple reports on WannaCry and if you are reading this and don’t know what WannaCry is, Google it for the background story. The clear message is this is not the last major attack we will see, and future attacks will only get more sophisticated. It is being estimated that the cost associated with responding to WannaCry will exceed $4 billion.

Here are our take-aways that may be a useful summary for our readers:

  • The healthcare industry is particularly vulnerable to future attacks and should get prepared for them
  • Make cybersecurity a risk management priority in the organization
  • Implement patches as soon as they are pushed by product companies
  • Share cyber intrusion information with authorities to stave off attacks and the spread of attacks
  • Get that back-up plan up and running and TEST it
  • You get what you pay for if you buy pirated software—which is a crime
  • Pay attention to industry alerts as you receive them from the FBI and other governmental authorities
  • Consider purchasing appropriate cyber liability insurance to cover losses associated with cyber attacks, data breaches, ransomware and business interruption, and use a broker who is familiar with appropriate coverage
  • Check out the resources published by US-CERT and the Disaster Information Management Research Center on WannaCry
  • Get involved in the debate of whether the government should share known cyber vulnerabilities with companies—the debate is around whether government intelligence services should balance the use of vulnerabilities in software for espionage and cyber warfare with sharing their findings with technology companies so they can secure the flaw.

Continue Reading Take-Aways from WannaCry