Wildunknown

Encryption != Protection

John Lawren James — Tue, 24 Jan 2012 13:15:34 +0000

And there you have it. Encryption is not necessarily going to protect you or your company.

http://www.wired.com/threatlevel/2012/01/judge-orders-laptop-decryption/

Encryption != Protection is a post written by John Lawren James from Wildunknown.

Data Privacy Day 2012

John Lawren James — Mon, 23 Jan 2012 13:15:32 +0000

It’s here again. It’s not guaranteed to be more fun than Ground Hog Day, but it is important none the less.

Data Privacy Day 2012 is on January 28th.

There are numerous events being hosted across Canada and the US to make people more aware of data privacy issues. You can find a list of events here, or if you are in Halifax, attend this one.

The Privacy Commissioner of Canada has also released a calendar that you can share with your teams.

Data Privacy Day 2012 is a post written by John Lawren James from Wildunknown.

Fixing CVE-2009-3555 in Lotus Domino

John Lawren James — Wed, 18 Jan 2012 14:26:15 +0000

A vulnerability assessment turned up a potential issue with my Domino servers. CVE-2009-3555, or a security concern with SSL renegotiation.

There is an easy work around for Domino, add the following parameter in your notes.ini file.

SSL_DISABLE_RENEGOTIATE=1

Reference:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555

http://www-01.ibm.com/support/docview.wss?uid=swg21430331

Fixing CVE-2009-3555 in Lotus Domino is a post written by John Lawren James from Wildunknown.

SANS Ouch! – January 2012

John Lawren James — Mon, 16 Jan 2012 14:59:42 +0000

The latest edition of SANS Ouch! is out.

Every month they publish a newsletter directed at the typical web user. Not those of us with a heightened awareness of security, but people like your office manger, mail room clerk or your parents.

This month’s newletter deals with how to securely set up a wireless network.

I encourage you to take a look, and disseminate it to your staff. In fact, they even encourage you to do that.

http://www.securingthehuman.org/resources/newsletters/ouch

It is available in English, French, Arabic, Italian, Korean, Malaysian, Polish, Portuguese, Spanish, and both Simple and Traditional Chinese.

You can now follow Securing the Human on Facebook and Twitter too.

http://www.facebook.com/securethehuman
http://www.twitter.com/securethehuman

SANS Ouch! – January 2012 is a post written by John Lawren James from Wildunknown.

Canadian House of Commons Employees Downloading Illegal Content

John Lawren James — Wed, 11 Jan 2012 14:28:55 +0000

According to the activist group, The Pirate Party of Canada, House of Commons employees are downloading illegal content before Canada’s bill C-11, the strict copyright protection legislation comes into effect.

The party used youhavedownloaded.com a site that scrapes torrent sites for IP addresses to find addresses owned by the House of Commons.

When you work in such a high profile, public place, even if your network administrators turn a blind eye to what you do, chances are that someone out there won’t. Smarten up people.

Starting the New Year

John Lawren James — Tue, 03 Jan 2012 18:26:49 +0000

I’m starting 2012 optimistically. I have a few goals for the year:

Achieve my CISSP certification.
Finish the renovations to the basement.
Find time to start running again.

As a ways to an end, I have joined a CISSP study group, loaded some study resources on my iPod and ebook reader, and will take the bus one day a week in order to allow myself the time during the 2 hour commute to study.

Renovations are under way in the basement. I have the drywall up, and have started with the mud process.

Running will involve the completion of one of the other two goals I’m afraid.

Starting the New Year is a post written by John Lawren James from Wildunknown.

Security Theatre in the Hospital

John Lawren James — Wed, 21 Dec 2011 13:48:44 +0000

I was listening to the radio this morning and heard this story about how the local children’s hospital is reducing waste.

One of the things they are removing from the emergency rooms is the paper that lays across the examination tables.

An emergency room doctor explained that the paper doesn’t really contribute to the infection control program at the hospital, it’s only really there for patient peace of mind. You know, so it looks clean and fresh, and through its use, convinces us that the room is clean.

Sounds a lot like security theatre.

Security Theatre in the Hospital is a post written by John Lawren James from Wildunknown.

Happy Thanksgiving!

John Lawren James — Thu, 24 Nov 2011 14:05:15 +0000

Just a quick note to wish all of my American friends a happy thanksgiving.

(Even though they didn’t wish me one on my thanksgiving.)

Happy Thanksgiving! is a post written by John Lawren James from Wildunknown.

Domino Disk Performance

John Lawren James — Fri, 18 Nov 2011 17:49:39 +0000

So, today marks the first day that I’ve had a chance to play with our new Domino server. Most of the hardware is pretty standard. IBM 3650M2 hardware, 12GB of RAM and 2 quad core CPUs.

Usually, the performance bottleneck I run into is disk access. Today, I’m trying some new hardware to see if we can eliminate that bottleneck.

Here are my first results:

This spike was the result of starting a compact -C on a database with a size of 1.6GB and 150,000 documents. It took 2 minutes to complete.

I’ll let you know how performance continues.

Domino Disk Performance is a post written by John Lawren James from Wildunknown.

RCMP Camera Gaffe and Security Policies

John Lawren James — Thu, 17 Nov 2011 23:59:23 +0000

I read about the RCMP’s gaffe with leaving images from past investigations on a camera used for surveillance of a suspected graffiti artist, and immediately thought of this article entitled “IT Security policies Widely Ignored, Survey Suggests”.

Is that what happened? Was it a process issue, or a policy issue?

I wonder if we’ll ever know?

RCMP Camera Gaffe and Security Policies is a post written by John Lawren James from Wildunknown.