Skip to main content

Posts

Showing posts from July, 2011

Insider Threat: Your Data Is For Sale

Security firm SailPoint released the results of a recent survey that shows that your corporate information may be for sale.  The SailPoint Market Pulse Survey examined the current state of employee compliance with corporate policy related to private and sensitive data. Here's what they found: 22% of US, 29% of Australian and almost half of British (48%) employees who have access to their employer's or client's private data, and who answered the question, indicated they would feel comfortable doing something with that data, regardless if that access was intentional or accidental 10% of American, 12% of Australian and 27% of British employees with access admitted they would forward electronic files to a non-employee 9% of Americans, 8% of Australians and 24% of Britons of these same groups admitted they would copy electronic data and files to take with them when they leave a company While only 5% of American and 4% of Australian employees with access who answered the questio

Ontario Cancer Screening Records Go Missing

Ontario's Privacy Commissioner is looking into reports that the whereabouts for up to 15 screening activity reports is unknown.   These reports contain the Personal Health Information (PHI) of up to 6,490 Ontarians. The Privacy Commissioner's office is still investigating the status of 11 other reports that could jeopardise the PHI of another 5,440 individuals. The records contain information such as names, birth dates, gender, health card numbers and cancer screening test information.   The whereabouts of the documents has been unknown since their being sent to doctors during the February - March 2011 time frame. "Medical test results rank among the most sensitive personal information about an individual," said Commissioner Cavoukian. "I am astounded that such a loss could take place. The first step is to minimize any harm by locating as many of these reports as possible. As part of our investigation, we will be looking at steps that can be taken to ensure that

Admin Notes: Domino and Encryption

I often find myself running for this information, and I'm going to keep it here.   That way, it may benefit someone else as well. Lotus Domino Server/User ID - RSA dual-key Cryptosystem and RC2, RC4 and AES algorithms for encryption - RSA keys can be at any of the following strengths:     - 630 bit (Domino R6+)     - 1024 bit (Domino R7+)     - 2048 bit (Domino R8+) - RC4 algorithm key     - 128bit (Domino R6+) - RC2 algorithm key     - 128bit (Domino R6+) - AES algorithm key     - 128bit (Domino R8.0.1+) (Required for FIPS)     - 256bit (Domino R8.0.1+) (Required for FIPS)  Lotus Network Encryption - RC4 key     - 128bit (Domino R6+) Local Database Encryption - RC2     - 128bit (Domino 6+) - AES     - 128bit (Domino 8.0.1+ based on UserID/ServerID encryption level)  (Required for FIPS)     - 256bit (Domino 8.0.1+ based on UserID/ServerID encryption level)  (Required for FIPS) Internet User - X.509 certificate SSL Encryption -  SSLv3 Cipher Settings     - AES encryption with 128bit

Lotus Domino Denial of Service Attack

Credits to Tom Duff . Packet Storm is reporting a  Lotus Domino Denial of Service  issue... # Exploit Title: Lotus Domino SMTP router, EMAIL server and client DoS - all 3 may crash # Date: July 16, 2011 # Author: None - looks like a malformed Kerio generated calendar invitation was the reason this was discovered -http://forums.kerio.com/index.php?t=msg&th=19863&start=0 # Software Link: none - cut/paste the malformed meeting invitation show below, send into some Domino shop as a mime type text/calendar with a filename.ics # Version: 8.5.3 and very likely all 7.x and 8.x # Tested on: W2K3, W2K8, XP running 8.5.3 # CVE : none - but IBM has patches for this and other items https://www-304.ibm.com/support/docview.wss?q1=vulnerability%20OR%20vulnerabilities&rs=0&uid=swg21461514&cs=utf-8?=en&loc=en_US&cc=us https://www-304.ibm.com/support/docview.wss?uid=swg21504183 Particularly ugly in that the rest of the page has the cut and paste code for making the attachment

Admin Notes: Is your SMTP server running TLS?

I found a great website today that allows you to check if the mail server for your domain supports TLS. This is a great tool to see if an email you send a client, colleague or even your buddy will be transmitted as open text.   It's also a great tool for troubleshooting your Domino mail server. Check it out here:  http://www.checktls.com