Skip to main content

Posts

Showing posts from January, 2012

Data Privacy Day 2012

It's here again.   It's not guaranteed to be more fun than Ground Hog Day, but it is important none the less. Data Privacy Day 2012 is on January 28th. There are numerous events being hosted across Canada and the US to make people more aware of data privacy issues.  You can find a list of events here, or if you are in Halifax, attend this one . The Privacy Commissioner of Canada has also released a calendar that you can share with your teams.

Fixing CVE-2009-3555 in Lotus Domino

A vulnerability assessment turned up a potential issue with my Domino servers.  CVE-2009-3555, or a security concern with SSL renegotiation. There is an easy work around for Domino, add the following parameter in your notes.ini file. SSL_DISABLE_RENEGOTIATE=1   Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://www-01.ibm.com/support/docview.wss?uid=swg21430331

SANS Ouch! - January 2012

The latest edition of SANS Ouch! is out. Every month they publish a newsletter directed at the typical web user.  Not those of us with a heightened awareness of security, but people like your office manger, mail room clerk or your parents. This month's newletter deals with how to securely set up a wireless network. I encourage you to take a look, and disseminate it to your staff.   In fact, they even encourage you to do that. http://www.securingthehuman.org/resources/newsletters/ouch It is available in English, French, Arabic, Italian, Korean, Malaysian, Polish, Portuguese, Spanish, and both Simple and Traditional Chinese. You can now follow Securing the Human on Facebook and Twitter too. http://www.facebook.com/securethehuman http://www.twitter.com/securethehuman

Canadian House of Commons Employees Downloading Illegal Content

According to the activist group, The Pirate Party of Canada, House of Commons employees are downloading illegal content before Canada's bill C-11, the strict copyright protection legislation comes into effect. The party used  youhavedownloaded.com  a site that scrapes torrent sites for IP addresses to find addresses owned by the House of Commons. When you work in such a high profile, public place, even if your network administrators turn a blind eye to what you do, chances are that someone out there won't.   Smarten up people. Further reading can be found here: Canadian Officials Downloading Illegal Content - SC Magazine Copyright Infringement in Canadian Parliament - Pirate Party of Canada Piracy in the House of Commons - Pirate Party of Canada

Starting the New Year

I'm starting 2012 optimistically.  I have a few goals for the year: Achieve my CISSP certification. Finish the renovations to the basement. Find time to start running again. As a ways to an end, I have joined a CISSP study group, loaded some study resources on my iPod and ebook reader, and will take the bus one day a week in order to allow myself the time during the 2 hour commute to study. Renovations are under way in the basement.   I have the drywall up, and have started with the mud process. Running will involve the completion of one of the other two goals I'm afraid.