And there you have it. Encryption is not necessarily going to protect you or your company. http://www.wired.com/threatlevel/2012/01/judge-orders-laptop-decryption/
Read more →It’s here again. It’s not guaranteed to be more fun than Ground Hog Day, but it is important none the less. Data Privacy Day 2012 is on January 28th. There are numerous events being hosted across Canada and the US to make people more aware of data privacy issues. You can find a list of events [...]
Read more →A vulnerability assessment turned up a potential issue with my Domino servers. CVE-2009-3555, or a security concern with SSL renegotiation. There is an easy work around for Domino, add the following parameter in your notes.ini file. SSL_DISABLE_RENEGOTIATE=1 Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://www-01.ibm.com/support/docview.wss?uid=swg21430331
Read more →The latest edition of SANS Ouch! is out. Every month they publish a newsletter directed at the typical web user. Not those of us with a heightened awareness of security, but people like your office manger, mail room clerk or your parents. This month’s newletter deals with how to securely set up a wireless network. [...]
Read more →According to the activist group, The Pirate Party of Canada, House of Commons employees are downloading illegal content before Canada’s bill C-11, the strict copyright protection legislation comes into effect. The party used youhavedownloaded.com a site that scrapes torrent sites for IP addresses to find addresses owned by the House of Commons. When you work in such [...]
Read more →I’m starting 2012 optimistically. I have a few goals for the year: Achieve my CISSP certification. Finish the renovations to the basement. Find time to start running again. As a ways to an end, I have joined a CISSP study group, loaded some study resources on my iPod and ebook reader, and will take the bus [...]
Read more →I was listening to the radio this morning and heard this story about how the local children’s hospital is reducing waste. One of the things they are removing from the emergency rooms is the paper that lays across the examination tables. An emergency room doctor explained that the paper doesn’t really contribute to the infection [...]
Read more →So, today marks the first day that I’ve had a chance to play with our new Domino server. Most of the hardware is pretty standard. IBM 3650M2 hardware, 12GB of RAM and 2 quad core CPUs. Usually, the performance bottleneck I run into is disk access. Today, I’m trying some new hardware [...]
Read more →I read about the RCMP’s gaffe with leaving images from past investigations on a camera used for surveillance of a suspected graffiti artist, and immediately thought of this article entitled “IT Security policies Widely Ignored, Survey Suggests”. Is that what happened? Was it a process issue, or a policy issue? I wonder if we’ll ever know?
Read more →Toronto Mayor Rob Ford is confident that City of Toronto systems are secure after a threat from hacking group Anonymous. I read that in an article from SC Magazine. He really couldn’t say anything else, but I wonder if he really believes it. I also wonder what City of Toronto CIO David Wallace is [...]
Read more →It’s not often I resort to the LazyWeb method of looking for information, but I haven’t had any luck finding what I was looking for otherwise. I have a client who wants to use their email address to log in to a Domino web application. My memory tells me that there is/was an issue with [...]
Read more →A group called www.thc.org released a tool called THC-SSL-DOS. Here’s a clip from their site: THC-SSL-DOS is a tool to verify the performance of SSL. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off [...]
Read more →