Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Corcordance Security Vulnerability May Invite Data Breach

March 15, 2012

Evan Koblentz, who penned a very interesting story for Law Technology News recently, was kind enough to write me with a link to the story. He was a little late, since his story was actually sitting beside my keyboard awaiting a few minutes to turn it into a blog post. Thanks for motivating me Evan.

The essence of the story is that Concordance software, used by many law firms, has a security weakness which might allow hackers to hijack database passwords, putting client data at risk of theft. Let me hasten to add that customers who follow Lexis' advice to lock their databases are safe. Unfortunately, many customers run Concordance in its default unlocked configuration.

They do this out of a mistaken belief that everything is secure or, perhaps, in the silly conviction that "it can't happen here." In point of fact, although Lexis acknowledges the vulnerability, no known breach has taken place. And with his customary good sense, our friend Craig Ball points out that many kinds of software used by attorneys probably have similar security weaknesses.

This, however, does not entirely explain why a legal software vendor would fail to tighten the security of its software once the vulnerability has been demonstrated. Another friend of ours is Matt Kesner, Fenwick & West's CIO. He was quoted as saying "I don't think that law firms and law-specific software vendors have felt they needed to be particularly concerned about security." Continuing, he said "I think that all law firm products are going to need to get better. I hope that Lexis makes Concordance better."

Matt's law firm is safe because it locks its Concordance databases. But what struck me most was Matt's revelation that "we use white-hat hackers to test our system every six months . . . we tell them, 'go do your worst.'" Very commendable, though I note that what is possible for a 300-lawyer firm is not possible for a small law firm. But this is certainly the trend among large law firms, to be highly proactive about security.

And I join Matt in hoping that Concordance shores up its security.

E-mail: Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Corcordance Security Vulnerability May Invite Data Breach

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer