Encryption != Protection
Tue, Jan 24th 2012 7:23a John James And there you have it. Encryption is not necessarily going to protect you or your company.
http://www.wired.com/threatlevel/2012/01/judge-orders-laptop-decryption/
Encryption != Protection is a post written by John Lawren James from Wildunknown. [read] Keywords: laptop
79
Data Privacy Day 2012
Mon, Jan 23rd 2012 6:23a John James It’s here again. It’s not guaranteed to be more fun than Ground Hog Day, but it is important none the less.
Data Privacy Day 2012 is on January 28th.
There are numerous events being hosted across Canada and the US to make people more aware of data privacy issues. You can find a list of events here, or if you are in Halifax, attend this one.
The Privacy Commissioner of Canada has also released a calendar that you can share with your teams.
Data Privacy Day 2012 is a post writ [read] Keywords: security
131
Fixing CVE-2009-3555 in Lotus Domino
Wed, Jan 18th 2012 7:43a John James A vulnerability assessment turned up a potential issue with my Domino servers. CVE-2009-3555, or a security concern with SSL renegotiation.
There is an easy work around for Domino, add the following parameter in your notes.ini file.
SSL_DISABLE_RENEGOTIATE=1
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
http://www-01.ibm.com/support/docview.wss?uid=swg21430331
Fixing CVE-2009-3555 in Lotus Domino is a post written by John Lawren James from Wildunknown. [read] Keywords: domino
ibm
lotus
notes
security
126
SANS Ouch! – January 2012
Mon, Jan 16th 2012 8:23a John James The latest edition of SANS Ouch! is out.
Every month they publish a newsletter directed at the typical web user. Not those of us with a heightened awareness of security, but people like your office manger, mail room clerk or your parents.
This month’s newletter deals with how to securely set up a wireless network.
I encourage you to take a look, and disseminate it to your staff. In fact, they even encourage you to do that.
http://www.securingthehuman.org/resources/newsletters/ouch
It [read] Keywords: facebook
network
office
security
twitter
wireless
150
Canadian House of Commons Employees Downloading Illegal Content
Wed, Jan 11th 2012 7:42a John James According to the activist group, The Pirate Party of Canada, House of Commons employees are downloading illegal content before Canada’s bill C-11, the strict copyright protection legislation comes into effect.
The party used youhavedownloaded.com a site that scrapes torrent sites for IP addresses to find addresses owned by the House of Commons.
When you work in such a high profile, public place, even if your network administrators turn a blind eye to what you do, chances are that someone [read] Keywords: network
profile
96
Starting the New Year
Tue, Jan 3rd 2012 12:03p John James I’m starting 2012 optimistically. I have a few goals for the year:
Achieve my CISSP certification.
Finish the renovations to the basement.
Find time to start running again.
As a ways to an end, I have joined a CISSP study group, loaded some study resources on my iPod and ebook reader, and will take the bus one day a week in order to allow myself the time during the 2 hour commute to study.
Renovations are under way in the basement. I have the drywall up, and have started with the m [read] Keywords: ipod
80
Security Theatre in the Hospital
Wed, Dec 21st 2011 7:02a John James I was listening to the radio this morning and heard this story about how the local children’s hospital is reducing waste.
One of the things they are removing from the emergency rooms is the paper that lays across the examination tables.
An emergency room doctor explained that the paper doesn’t really contribute to the infection control program at the hospital, it’s only really there for patient peace of mind. You know, so it looks clean and fresh, and through its use, convin [read] Keywords: security
wiki
40
Happy Thanksgiving!
Thu, Nov 24th 2011 7:23a John James Just a quick note to wish all of my American friends a happy thanksgiving.
(Even though they didn’t wish me one on my thanksgiving.)
Happy Thanksgiving! is a post written by John Lawren James from Wildunknown. [read] Keywords: wiki
79
Domino Disk Performance
Fri, Nov 18th 2011 11:23a John James So, today marks the first day that I’ve had a chance to play with our new Domino server. Most of the hardware is pretty standard. IBM 3650M2 hardware, 12GB of RAM and 2 quad core CPUs.
Usually, the performance bottleneck I run into is disk access. Today, I’m trying some new hardware to see if we can eliminate that bottleneck.
Here are my first results:
This spike was the result of starting a compact -C on a database with a size of 1.6GB and 150,000 documents. It took 2 mi [read] Keywords: domino
ibm
database
server
60
RCMP Camera Gaffe and Security Policies
Thu, Nov 17th 2011 5:03p John James I read about the RCMP’s gaffe with leaving images from past investigations on a camera used for surveillance of a suspected graffiti artist, and immediately thought of this article entitled “IT Security policies Widely Ignored, Survey Suggests”.
Is that what happened? Was it a process issue, or a policy issue?
I wonder if we’ll ever know?
RCMP Camera Gaffe and Security Policies is a post written by John Lawren James from Wildunknown. [read] Keywords: policies
security
36
Anonymous and the City of Toronto
Wed, Nov 16th 2011 7:03a John James Toronto Mayor Rob Ford is confident that City of Toronto systems are secure after a threat from hacking group Anonymous.
I read that in an article from SC Magazine. He really couldn’t say anything else, but I wonder if he really believes it. I also wonder what City of Toronto CIO David Wallace is thinking… After large takedowns of Sony and the like by Anonymous, he’s probably not as confident.
Anonymous and the City of Toronto is a post written by John Lawren James from [read] Keywords:
35
Help: Domino ACLs and Email Address as User Login
Tue, Nov 15th 2011 10:42a John James It’s not often I resort to the LazyWeb method of looking for information, but I haven’t had any luck finding what I was looking for otherwise.
I have a client who wants to use their email address to log in to a Domino web application.
My memory tells me that there is/was an issue with this and using Groups in the ACL of the Domino database.
Can anyone point me to any resources on how to do this, or that it can’t be done, or anything along those lines?
Thanks.
Help: Domino ACLs [read] Keywords: acl
domino
notes
noteslotus
application
database
email
74
Security Notice: THC-SSL-DOS, Lotus Domino and SSL Regegotiation
Fri, Nov 4th 2011 7:03a John James A group called www.thc.org released a tool called THC-SSL-DOS. Here’s a clip from their site:
THC-SSL-DOS is a tool to verify the performance of SSL.
Establishing a secure SSL connection requires 15x more processing
power on the server than on the client.
THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet.
This problem affects all SSL implementations today. The vendors are aware
of this problem since 2003 and the topic has been wi [read] Keywords: admin
domino
lotus
notes
security
server
smtp
19
National IT Day in Canada
Wed, Nov 2nd 2011 7:37a John James Today is National IT Day in Canada.
I guess this is the day I get some respect…
Hmm. Nothing yet. Guess I’ll keep waiting.
http://www.nationalitday.ca/
National IT Day in Canada is a post written by John Lawren James from Wildunknown. [read] Keywords:
22
Greece, a Referendum and Security
Tue, Nov 1st 2011 5:23p John James About now, some people will be pontificating that if Greek citizens vote down austerity measures, Greece will run out of money in a matter of days, and that the world/European economy will go into a tailspin shortly thereafter.
I suspect that if that occurs, there will be a rather public hack of Greece’s infrastructure, taking advantage while they are down. Quite possibly, it will be an inside job, by someone disgruntled that they are broke.
Greece, a Referendum and Security is a pos [read] Keywords: security
41
Spoofing a Cell Tower
Tue, Nov 1st 2011 5:03p John James It’s interesting that a little more than a year after a security researcher proved at DefCon that he could spoof a cell tower, the UK police have purchased a system to do the same thing.
Spoofing a Cell Tower is a post written by John Lawren James from Wildunknown. [read] Keywords: security
14
Keyloggers 101
Tue, Nov 1st 2011 9:43a John James Great video post from the Ethical Hacker Network on Keyloggers.
Shows the basics about keyloggers, how hidden they are, and how to detect them.
Keyloggers 101 is a post written by John Lawren James from Wildunknown. [read] Keywords: network
19
VirusTotal – Free Online Virus, Malware, and URL Scanning
Thu, Oct 27th 2011 12:23p John James I found out about VirusTotal today.
It’s run by a Spanish company, and offers free, online virus checking.
http://www.virustotal.com/index.html
The best part in my mind? It’s crowd-sourcing your anti-virus.
You submit a suspect file, it’s scanned by 42 different anti-virus applications, and the results get displayed to you. If the file is picked up by at least one of the 42 anti-virus programs, then they each get a copy of the file to test to improve their products.
By you [read] Keywords: applications
virus
17
Reading List for 24 Oct 2011
Tue, Oct 25th 2011 8:03a John James A few good articles I read today:
Tool lets low-end PC crash much more powerful webserver
Hackers have released software that they say allows a single computer to knock servers offline by targeting a well-documented flaw in secure sockets layer implementations.
http://www.theregister.co.uk/2011/10/24/ssl_dos_tool_released/
Down the Rabbithole Podcast Episode 4 – Effective Small Business Security
http://podcast.wh1t3rabbit.net/down-the-rabbithole-episode-4-effective-small-business-secur [read] Keywords: mobile
podcast
security
34
Electronic Communications Privacy Act targeted by Internet Rivals
Fri, Oct 21st 2011 11:43a John James Both Facebook and Google have also come out against the ECPA to protect information entrusted to them by their users.
CNet: Google, Facebook go retro in push to update 1986 privacy law
Ars Technica: The Shocking Strangeness of our 25-year-old Digital Privacy Law
Electronic Communications Privacy Act and the Cloud
Electronic Communications Privacy Act targeted by Internet Rivals is a post written by John Lawren James from Wildunknown. [read] Keywords: facebook
google
17
Electronic Communications Privacy Act and the Cloud
Fri, Oct 21st 2011 8:03a John James Great article from Threat Level. Worth the read, and giving some thought to how you or your company may be affected, especially if you are a foreign company with cloud services in the United States.
ECPA allows the government to obtain, without a warrant, any content stored in the cloud — such as files in a Dropbox account, if it’s older than six months. It goes without saying that there was no such thing as cloud-storage services available for the average Joe Sixpack when Reagan was pres [read] Keywords:
23
Running a Security Program without a Budget
Thu, Oct 20th 2011 5:23p John James I’ve been thinking more and more about small businesses and security recently. Most small businesses don’t have the budget to run their own security program. These organizations, that employ many, many people, are often left vulnerable. Larger organizations have the budget to fund a security program, while most small businesses don’t.
I’ve pointed out before that most small businesses don’t have an information security program.
I spotted a great articl [read] Keywords: office
podcast
security
virus
10
SANS Ouch! – October 2011
Wed, Oct 19th 2011 6:43a John James The latest edition of SANS Ouch! is out.
Every month they publish a newsletter directed at the typical web user. Not those of us with a heightened awareness of security, but people like your office manger, mail room clerk or your parents.
This month’s newletter deals with a critical step in protecting your data. Backups.
I encourage you to take a look, and disseminate it to your staff. In fact, they even encourage you to do that.
http://www.securingthehuman.org/resources/newsletter [read] Keywords: facebook
office
security
twitter
12
Conference Call Systems and Security
Fri, Oct 14th 2011 10:57a John James I found a very interesting article talking about the security surrounding conference call systems, and the ease there is with some systems to allow you to eavesdrop in on calls.
Your competitors are simply dialing into insecure conference call lines and silently listening in. This happens at all levels … from the executive team making bajillion dollar decisions all the way down to those of us in the trenches talking shop on the technologies we use to build solutions. And the problem is only go [read] Keywords: security
20
Trade Magazines: eWeek
Thu, Oct 13th 2011 8:03p John James I’ve been reading eWeek on and off for quite a few years now.
They bill themselves as:
Enterprise IT’s trusted source for product information in an actionable context, including expert labs analysis and practical tools for evaluating, acquiring, installing, configuring and maintaining technology products and services.
It’s a trade magazine for Enterprise IT professionals. If you qualify, you can get a free print or digital subscription if you live in the US or Canada.
They [read] Keywords: applications
enterprise
55
Domino not starting on Windows 2008 R2
Thu, Oct 13th 2011 9:43a John James If you are like me and setup your Domino server on one IP address and move it to another, under Windows 2008 R2, you may end up in a situation where the server refuses to start after you change the IP address.
To fix it, add the following line to your notes.ini file, replacing 192.168.100.50 with the IP of your server:
TCPIP_ControllerTCPIPAddress=192.168.100.50:2050
Domino not starting on Windows 2008 R2 is a post written by John Lawren James from Wildunknown. [read] Keywords: domino
notes
noteslotus
server
14
Facial Recognition on Spark
Thu, Oct 6th 2011 6:43p John James There are many privacy concerns about facial recognition.
Imagine being able to identify someone by taking their photo with your phone. What about combining that with cloud computing to determine someone’s address, and date of birth? Or perhaps their Social Security Number?
Worse yet, who is already using facial recognition? What if the police were using it in conjunction with CCTV feeds to track you, or someone you know? What if criminals were instead?
There was a great pi [read] Keywords: security
Every Application and Device Needs a Retirement Plan
Fri, Sep 30th 2011 7:23a John James Here’s a great headline that grabbed my attention this morning:
Air traffic control data found on eBayed network gear
Turns out this fellow in the UK bought a Cisco switch on Ebay for £20. When he saw the sticker on the back that said NATS (National Air Traffic Services), he started poking around.
He found internal VLAN estate data, information about the SNMP community strings (read and write, named after aircraft funnily enough), some ideas about password composition, VTP Trunk in [read] Keywords: application
community
network
password
snmp
24
Canadian Government Proposes Mandatory Data Breach Reporting
Fri, Sep 30th 2011 7:23a John James The Canadian Government proposed changes to the Personal Information Protection and Electronic Documents Act (PIPEDA) that would force organizations to report personal information breaches to both the privacy commissioner and the affected individuals.
The changes are part of a proposed bill that died on the floor of parliment when Canada went to the polls to elect a new government this past May.
“Ensuring trust and confidence through the protection of personal information is essential to [read] Keywords: security
27
How To: Mitigate the SSL/TLS Vulnerability for Lotus Domino
Tue, Sep 27th 2011 9:47p John James I’ve been doing quite a bit of research into the BEAST (Browser Exploit Against SSL/TLS) vulnerability that security researchers Juliano Rizzo and Thai Duong demonstrated at the ekoparty security conference in Buenos Aires on Friday.
The session at ekoparty revealed the technical details about how the exploit works and the vulnerability it exploits. The vulnerability has been known for quite a while.
The vulnerability affects SSL/TLS ciphers that use the Cipher Block Chaining (CBC) m [read] Keywords: domino
ibm
lotus
archive
google
mac
microsoft
security
server
wiki
19
NIST Releases Guide for Conducting Risk Assessments
Tue, Sep 27th 2011 5:03p John James National Institute of Standards and Technology (NIST) has released the Guide for Conducting Risk Assessments (NIST Special Publication 800-30, Revision 1).
As threats to cyber systems grow more and more complex, risk assessments help companies determine appropriate responses to mitigate risks to their organizations, guide investment strategies and maintain ongoing situational awareness of the state of their systems.
Overall guidance for risk assessment for information security can be found in M [read] Keywords: security
21
Microsoft Releases a TLS 1.1 Fix Tool for Windows
Tue, Sep 27th 2011 4:43p John James Microsoft has released a security advisory relating to the SSL/TLS vulnerability previously discussed. Included in the advisory are a workaround and a tool that can implement a fix on Windows 7 and Windows Server 2008 R2 systems.
If you’re using a version of Windows prior to version 7 or Server 2008 R2, your system doesn’t even support TLS 1.1. Your only hope is that server admins fix the SSL/TLS problem on their web servers.
Interestingly enough, the RC4 cipher suite is unaffe [read] Keywords: archive
microsoft
security
server
18
Pssst… Want to buy some patient records?
Fri, Sep 23rd 2011 8:03a John James You know, probably not the best words in an article about lost patient records to link ads from if you want your website to look legit.
Just saying…
Pssst… Want to buy some patient records? is a post written by John Lawren James from Wildunknown. [read] Keywords:
25
Swedish Computer System Crash; 50 000 lost medical records
Fri, Sep 23rd 2011 6:40a John James A computer system crash in Region Skåne, Sweden have resulted in the loss of appointment and prescription records, but may have resulted in the loss of over 50 000 medical records.
The affected hard drives have been shipped to a Norwegian company to attempt to recover the information lost in the crash that occurred on August 22, 2011. (Almost a month ago as of the publication of this post.)
The cause of the crash is still under investigation, and the extent of the data loss is still [read] Keywords:
13
My ATM is running Windows 98?
Thu, Sep 22nd 2011 7:23p John James Picture this, you walk up to an ATM belonging to your bank and find the error below on the screen.
Do you change banks?
My ATM is running Windows 98? is a post written by John Lawren James from Wildunknown. [read] Keywords:
16
(IN)SECURE Magazine number 31 is available
Thu, Sep 22nd 2011 6:48a John James If you work in IT security, and you don’t read (IN)SECURE Magazine, you should take a look at it.
Here is the article list for issue 31:
The changing face of hacking
Review: [hiddn] Crypto Adapter
A tech theory coming of age
SecurityByte 2011: Cyber conflicts, cloud computing and printer hacking
The need for foundational controls in cloud computing
A new approach to data centric security
The future of identity verification through keystroke dynamics
Visiting Bitdefender’s headquarte [read] Keywords: domino
applications
security
23
IBM Lotus Domino and the SSL/TLS known vulnerability
Wed, Sep 21st 2011 9:02a John James Based on this article, I started thinking about how the fallout from the SSL/TLS vulnerability may affect me.
I wasn’t ready for what I found.
As it turns out, as detailed in this IBM tech note, there is no support for TLS 1.0, TLS 1.1 or TLS 1.2 for Domino’s http server. There is only support for SMTP (through STARTTLS) and SIP (for Sametime) within Domino. All other Lotus Domino Internet based protocols (HTTP, LDAP, POP3, IMAP) support SSL up to 3.0.
So… As for a p [read] Keywords: domino
ibm
lotus
sametime
server
smtp
websphere
9
Looking for a Lotus job?
Wed, Sep 21st 2011 7:23a John James If you are looking for a job revolving around one of the IBM/Lotus technologies, make sure you take a look at Tom Duff’s website. He posts daily on the new jobs that surface in the Lotus world.
Duffbert’s Lotus Jobs
Looking for a Lotus job? is a post written by John Lawren James from Wildunknown. [read] Keywords: ibm
lotus
notes
archive
14
Known Vulnerability in SSL/TLS is now a Problem
Wed, Sep 21st 2011 6:43a John James In case you didn’t read it here, or here, there has been a successful exploit for a long known vulnerability in all versions of SSL and TLS 1.0.
Although the vulnerability has been known since the early iterations of SSL, up until now, it was thought to be un-exploitable.
Thanks to the work of Juliano Rizzo and Thai Duong (who previously brought an issue to light with ASP.NET that caused Microsoft to release an ‘out-of-band’ patch), the vulnerability has been exploited through [read] Keywords: microsoft
security
wiki
7
Cybersecurity Awareness Month
Tue, Sep 20th 2011 5:43a John James The Department of Homeland Security (DHS) in the United States has set October as Nati0nal Cybersecurity Awareness month.
Despite choosing one month to bring public awareness to cybersecurity, most security professionals recommend practicing cybersecurity year round, not just in October.
You’ll probably want to think about things on the list below during October.
Anti-Virus
Firewalls
Backups
Software Updates
You should also review the list of what to do when things go wrong (as most th [read] Keywords: security
virus
15
Talk Like a Pirate
Mon, Sep 19th 2011 7:03a John James Hey!
It’s talk like a Pirate day.
Arrr…
Talk Like a Pirate is a post written by John Lawren James from Wildunknown. [read] Keywords:
19
Great Deal – Games on Sale
Fri, Sep 16th 2011 7:03a John James Mrs. Tiggy Winkle’s in Ottawa has a Groupon deal today.
$15 for $30 Worth of Toys and Games
They have a fairly good selection of board games, and a fair number of Euro games.
http://www.groupon.com/r/uu6221433
Great Deal – Games on Sale is a post written by John Lawren James from Wildunknown. [read] Keywords:
18
Great Cryptography Reference
Thu, Sep 15th 2011 6:26p John James Do you know some of the basics of cryptography, like what a Caeser cipher is? How about a Vignere table? Are you looking for an easy reference on what data encryption is?
Check it out!
http://library.thinkquest.org/27158/concept1_5.html
Great Cryptography Reference is a post written by John Lawren James from Wildunknown. [read] Keywords:
15
Securing The Human
Thu, Sep 15th 2011 5:05p John James Part of SANS security awareness program is a site called ‘Securing The Human’.
Every month they publish a newsletter directed at the typical web user. Not those of us with a heightened awareness of security, but people like your office manger, mail room clerk or parents.
This month’s newletter, appropriately called ‘OUCH!’, deals with privacy and security surrounding social networking.
I encourage you to take a look, and disseminate it to your staff. In fact, [read] Keywords: networking
office
security
16
Using Comics to Teach a Lesson
Thu, Aug 11th 2011 7:03a John James I’m a closet comic fan, I always have been. I’ve found it can be a great way to get a lesson across, especially to children and teens.
As a result, I always enjoy when I find a comic that I can use as part of a training I am giving, or a presentation I make. I found one of those yesterday, and I wanted to share it.
Post it in your lunchroom, post it on a bulletin board. Post it where people will read it, and hopefully learn from it.
Using Comics to Teach a Lesson is a post w [read] Keywords:
24
Wikimania Prize Package
Wed, Aug 10th 2011 11:42a John James I got my Wikimania prize package in the mail the other day.
There were numerous items including a Spam Sentinel t-shirt, some IBM bottle openers, IBM bottle sleeves, and the best part, a copy of the Mastering XPages book.
Gotta love it!
Wikimania Prize Package is a post written by John Lawren James from Wildunknown. [read] Keywords: ibm
lotus
xpages
17
Admin Notes: The Hidden Field
Wed, Aug 10th 2011 8:43a John James I was implementing a third party plugin to Domino this morning, and was asked to put a certain value in a certain field.
However, search as I did, I couldn’t find the field in the server document.
As you know, the server document uses the server form (server) in the address book (names.nsf). I opened Domino Designer, opened the form, found the field I was looking for, checked the ‘hise when’ value, and discovered what I had to do to make it visible.
Could only happen in Domi [read] Keywords: admin
domino
notes
server
25
Insider Threat: Your Data Is For Sale
Wed, Jul 27th 2011 6:43a John James Security firm SailPoint released the results of a recent survey that shows that your corporate information may be for sale. The SailPoint Market Pulse Survey examined the current state of employee compliance with corporate policy related to private and sensitive data.
Here’s what they found:
22% of US, 29% of Australian and almost half of British (48%) employees who have access to their employer’s or client’s private data, and who answered the question, indicated they would [read] Keywords: mobile
security
11
Ontario Cancer Screening Records Go Missing
Tue, Jul 26th 2011 2:23p John James Ontario’s Privacy Commissioner is looking into reports that the whereabouts for up to 15 screening activity reports is unknown. These reports contain the Personal Health Information (PHI) of up to 6,490 Ontarians.
The Privacy Commissioner’s office is still investigating the status of 11 other reports that could jeopardise the PHI of another 5,440 individuals.
The records contain information such as names, birth dates, gender, health card numbers and cancer screening test infor [read] Keywords: office
31
Admin Notes: Domino and Encryption
Tue, Jul 26th 2011 8:22a John James I often find myself running for this information, and I’m going to keep it here. That way, it may benefit someone else as well.
Lotus Domino Server/User ID
- RSA dual-key Cryptosystem and RC2, RC4 and AES algorithms for encryption
- RSA keys can be at any of the following strengths:
– 630 bit (Domino R6+)
– 1024 bit (Domino R7+)
– 2048 bit (Domino R8+)
- RC4 algorithm key
- 128bit (Domino R6+)
- RC2 algorithm key
- 128bit (Domin [read] Keywords: admin
domino
ibm
ldd
lotus
notes
notesdomino
noteslotus
R6
R7
R8
apple
database
mac
network
server
27
Lotus Domino Denial of Service Attack
Wed, Jul 20th 2011 1:04p John James Credits to Tom Duff.
Packet Storm is reporting a Lotus Domino Denial of Service issue…
# Exploit Title: Lotus Domino SMTP router, EMAIL server and client DoS - all 3 may crash
# Date: July 16, 2011
# Author: None - looks like a malformed Kerio generated calendar invitation was the reason this was discovered -http://forums.kerio.com/index.php?t=msg&th=19863&start=0
# Software Link: none - cut/paste the malformed meeting invitation show below, send into some Domino shop as a mim [read] Keywords: domino
ibm
lotus
lotusdomino
email
server
smtp
82
Admin Notes: Is your SMTP server running TLS?
Wed, Jul 20th 2011 12:43p John James I found a great website today that allows you to check if the mail server for your domain supports TLS.
This is a great tool to see if an email you send a client, colleague or even your buddy will be transmitted as open text. It’s also a great tool for troubleshooting your Domino mail server.
Check it out here: http://www.checktls.com
Admin Notes: Is your SMTP server running TLS? is a post written by John Lawren James from Wildunknown.com [read] Keywords: admin
domino
notes
noteslotus
email
server
smtp
22
Policies and Controls are King in the IT Security world
Wed, Jun 29th 2011 12:18p John James I came across an article by Roger Grimes over at Infoworld on how security policies and controls are the real power when it comes to IT security.
Roger mentions the SANS 20 Critical Security Controls for Effective Cyber Defence, which are a great read for anyone looking at updating or auditing your policies for completeness.
The SANS top 20 controls are a must for any organization:
Inventory of Authorized and Unauthorized Devices
Inventory of Authorized and Unauthorized Software
Secure Configur [read] Keywords: policies
application
network
security
wireless
29
Me Personally? I love DAOS…
Tue, Jun 28th 2011 11:28a John James I think DAOS is great, and why? Because of the screenshot below. A database a quarter of that size would make most admins cry, but with DAOS, it hums along beautifully.
Makes me wonder if this type of scenario is what IBM had in mind when they designed DAOS.
Oh, and the size is not an error. Logically, it actually is 140GB in size, with about 53,000 attachments.
Me Personally? I love DAOS… is a post written by John Lawren James from Wildunknown.com [read] Keywords: domino
ibm
database
49
Indian users of Groupon subsidiary face password breach
Tue, Jun 28th 2011 7:06a John James An Australian security consultant, Daniel Grzelak, discovered an SQL file with over 300,000 usernames and plain text passwords from Sosasta.com by conducting a Google search.
The entire user database of Groupon’s Indian subsidiary Sosasta.com was accidentally published to the Internet and indexed by Google.
The database includes the e-mail addresses and clear-text passwords of the site’s 300,000 users. It was discovered by Australian security consultant Daniel Grzelak as he searched for pu [read] Keywords: database
google
password
security
sql
24
Bioware Account Breach
Mon, Jun 27th 2011 7:06p John James I got an email the other day, one I wasn’t expecting to receive, because I wasn’t even aware that the organization had a data breach. (But then, how could I? They’ve been coming fast and furious for a while now.)
The email looked like this:
We recently learned that hackers gained unauthorized access to the decade-old BioWare server system supporting the Neverwinter Nights forums. We immediately took appropriate steps to protect our consumers’ data and launched a th [read] Keywords: email
password
security
server
16
Is speed a good thing in disclosing security breaches?
Fri, Jun 24th 2011 8:06a John James How quickly do you feel a company should notify you that your personal data has been exposed as the result of a security breach?
There have been a number of high profile data breaches recently, such as Sony, Epsilon and Honda Canada. Each company took a different amount of time to notify customers, but that is because they are allowed to. There are no laws that specify how quickly they must advise you that your private information may have become public.
Sony, who has lost more than 100 mill [read] Keywords: email
network
profile
security
20
Basic Information Security Practices missing at Small Business
Thu, Jun 23rd 2011 7:26a John James As I read this article earlier today, I have to say that I am not really all that surprised.
Most small businesses are more concerned with their day-to-day operations and where the next client is coming from than they are around spending the time to creating policies and processes to manage security.
Although 78.6% of respondents were aware of the legal requirements of storing, keeping, and disposing confidential data, 31.1% never trained staff on the company’s information security procedures [read] Keywords: policies
security
17
Canadian Privacy Commissioner criticizes Staples
Tue, Jun 21st 2011 8:25p John James The Canadian Privacy Commissioner, Jennifer Stoddart, has found that Staples Canada Inc. failed to fully wipe customer data from returned devices such as laptops, hard drives or USB keys prior to reselling them.
The Staples audit included tests on data storage devices (ie. computers, laptops, USB hard drives and memory cards) that had undergone a “wipe and restore” process and were destined for resale. Of the 149 data storage devices tested, over one-third (54 devices) still contai [read] Keywords: policies
21
IamLUG – North American Lotus User Group
Fri, Jun 17th 2011 7:23a John James Once again, I beleive for the third year, St. Louis is opening its doors to Loti from across North America.
Founded on the ‘free’ conference ideal, IamLUG has offered more than 25 sessions each year with the optional ‘TackItOn’ full day of training on specific subjects.
This year’s session list looks great, and the speakers rock. It’s happening on August 1st and 2nd, with the ‘TackItOn’ day being Aug 3rd.
You can find more detail here.
IamLUG &# [read] Keywords: admin
lotus
20
Taking Security Too Far: Breaking the Business Process
Thu, Jun 16th 2011 10:22a John James Read the following statement:
apparently the advent of 3D projectors is severely cutting the amount of light that reaches the screen because projectionists are not changing out the 3D lenses for 2D screenings as they should
Would you believe that a poorly planned security process is at fault of our enjoyment of 3D movies? With more and more thought being given to security, and protecting the intellectual property of the organization, it is possible for those controls to go too far.
Hollywood [read] Keywords: security
25
Conservative Party of Canada Contributor information Leaked
Wed, Jun 8th 2011 9:22a John James According to a member of LulzSec (@LulzRaft), it looks like there was a data breach that went along with the fake news release when the Conservative Party of Canada website was breached.
Conservative Party of Canada Contributor information Leaked is a post written by John Lawren James from Wildunknown.com [read] Keywords:
21
Wed, Jun 8th 2011 7:43a John James Tod Maffin from the CBC interviews 2 lawyers about Canadian Law, and Technology in the workplace.
is a post written by John Lawren James from Wildunknown.com [read] Keywords:
24
Wikimania – Please don’t post (I want to win…)
Wed, Jun 8th 2011 6:23a John James Yeah, the title is a bit tongue in cheek, but seriously…
I entered an article in the Wikimania contest last year, and I even won a book, and a number of other small items.
I’ve entered again this year, on the very day the contest opened. I suspect that I was even pointed out for it.
Sharing with the community is a great way to develop friendships and share information. (And win prizes. After all, who doesn’t want to be recognized for their work.)
Wikimania – Please [read] Keywords: ldd
lotus
community
14
Security Review – 6/7/2011
Wed, Jun 8th 2011 5:23a John James Similar to a number of other breaches (Sony, Epsilon, Lockheed-Martin), hackers seem to mostly be targeting the ‘larger’ targets, that will bring a lot of public exposure.
The Conservative Party of Canada site was the target of such an attack this week, as were many branches of the Sony empire. The Kingston Police department just got their website back online on Tuesday following a breach.
It’s no surprise then that Vermont Democrat Senator Patrick Leahy has introduced a bil [read] Keywords: network
security
18
Hackers target Conservative Party website
Tue, Jun 7th 2011 8:57a John James Despite news on the Conservative Party of Canada website, Prime Minister Stephen Harper was not airlifted to a hospital in Toronto following a choking incident at breakfast with his children.
In fact, it was an attack by hackers targeting the Conservative Party website.
The CBC has more details.
Hackers target Conservative Party website is a post written by John Lawren James from Wildunknown.com [read] Keywords:
23
Hackers make off with Government of Canada data
Tue, Jun 7th 2011 7:40a John James Back in April 2010, two groups (The Citizen Lab and The SecDev Group) discovered that government computers in 103 countries were compromised by hackers from China. They wrote about it in a published report called Shadows in the Cloud.
Fast forward to the fall of 2010 when Communications Security Establishment Canada (Canada’s electronic eavesdropping agency) started looking for signs that Canada’s governmental networks had been compromised.
Fast forward to January 2011, when a hack [read] Keywords: connections
network
security
wireless
6
Tomorrow is IPv6 day!
Wed, Jun 1st 2011 5:45a John James Tomorrow is the Internet Society’s World IPv6 day.
On June 8th, many major world organizations (including Google, Akamai and Yahoo!) will be turning on IPv6 services for a 24 hour test.
More information can be found here.
Tomorrow is IPv6 day! is a post written by John Lawren James from Wildunknown.com [read] Keywords: google
20
Computer Security Policy: Part 1 - Hierarchy of Management Direction
Tue, May 31st 2011 7:22a John James When writing computer security policy, or any policy for that matter, it is important to remember that there is a hierarchy when it comes to the types of documents that make up policy.
Laws & Regulations
Policy
Standards/Directives
Procedure
Guideline
Laws & Regulations
These are the compulsory rules, with sanctions, declared by the government for all citizens.
Here in Canada, the laws are passed by elected members of parliament. In the United States, laws are passed by elect [read] Keywords: domino
lotus
policies
blogger
enterprise
security
13
Computer Security Policy: Part 1 – Hierarchy of Management Direction
Tue, May 31st 2011 3:08a John James When writing computer security policy, or any policy for that matter, it is important to remember that there is a hierarchy when it comes to the types of documents that make up policy.
Laws & Regulations
Policy
Standards/Directives
Procedure
Guideline
Laws & Regulations
These are the compulsory rules, with sanctions, declared by the government for all citizens.
Here in Canada, the laws are passed by elected members of parliament. In the United States, laws are passed by elected membe [read] Keywords: domino
lotus
policies
blogger
enterprise
security
Domino databases can disappear when UNIX/LINUX server is shutdown
Fri, May 27th 2011 7:29a John James Abstract
In certain cases on a Domino 8.5.2 FP1 server, the contents of the Domino data directory can be deleted during shutdown on UNIX and Linux platforms. This does not happen frequently or on all Domino servers. However, if this does happen, a backup restore of the data will be necessary.
This IBM Alert addresses an issue with the ~notetmp.reg file on UNIX or LINUX servers running Domino 8.5.2 FP1.
This is what happens:
The problem occurs if ~notetmp.reg points to the Domino data directory [read] Keywords: domino
ibm
lotus
apple
blogger
linux
server
16
Domino databases can disappear when UNIX/LINUX server is shutdown
Fri, May 27th 2011 6:43a John James AbstractIn certain cases on a Domino 8.5.2 FP1 server, the contents of the Domino data directory can be deleted during shutdown on UNIX and Linux platforms. This does not happen frequently or on all Domino servers. However, if this does happen, a backup restore of the data will be necessary.This IBM Alert addresses an issue with the ~notetmp.reg file on UNIX or LINUX servers running Domino 8.5.2 FP1.
This is what happens:
The problem occurs if ~notetmp.reg points to the Domino data directory [read] Keywords: domino
ibm
lotus
apple
blogger
linux
server
18
Admin Notes: Fixes for File Viewer Vulverabilities in Lotus Notes
Tue, May 24th 2011 1:46p John James Just a quick note to make sure this gets out there.
I’m taking on more ‘security’ type duties at work. This is something that falls under both my hats.
IBM Support has released a Flash Alert regarding some vulnerabilities discovered in Lotus Notes.
More information can be found on the IBM Support site.
I do like the fact that they have provided work around information all the way back to Lotus Notes 5.x.
This post is written by John James of Wildunknown. John is a Lotus Dom [read] Keywords: admin
domino
ibm
lotus
notes
blogger
security
21
Admin Notes: Fixes for File Viewer Vulverabilities in Lotus Notes
Tue, May 24th 2011 1:22p John James Just a quick note to make sure this gets out there.
I'm taking on more 'security' type duties at work. This is something that falls under both my hats.
IBM Support has released a Flash Alert regarding some vulnerabilities discovered in Lotus Notes.
More information can be found on the IBM Support site.
I do like the fact that they have provided work around information all the way back to Lotus Notes 5.x.This post is written by John James of Wildunknown. John is a Lotus Domino Ad [read] Keywords: admin
domino
ibm
lotus
notes
blogger
security
14
Admin Notes: Lookup of IP address for host failed
Thu, May 19th 2011 8:03a John James If you come across and error like this in your Lotus Domino console, or log file:
“Lookup of IP address for host xxxxx.xxxxx.xxx failed”
Take a look at your Internet Site Documents, chances are one of them (a non-website one) has an invalid domain name.
This post is written by John James of Wildunknown. John is a Lotus Domino Administrator and Developer from Ottawa, Ontario, Canada.
He can be found at http://www.wildunknown.com.
Admin Notes: Lookup of IP address for host failed is a [read] Keywords: admin
domino
lotus
notes
apple
blogger
20
Admin Notes: Lookup of IP address for host failed
Thu, May 19th 2011 7:05a John James If you come across and error like this in your Lotus Domino console, or log file:
"Lookup of IP address for host xxxxx.xxxxx.xxx failed"
Take a look at your Internet Site Documents, chances are one of them (a non-website one) has an invalid domain name.This post is written by John James of Wildunknown. John is a Lotus Domino Administrator and Developer from Ottawa, Ontario, Canada.
He can be found at http://www.wildunknown.com. [read] Keywords: admin
domino
lotus
notes
apple
blogger
Sharing: OSF DataLossDB
Wed, May 4th 2011 7:54a John James I just wanted to share a site that I refer to frequently, the DataLossDB from the Open Security Foundation.
They track both Incidents and Fringe Incidents relating to the loss of data by an organization.
I got thinking about it today because I just submitted my first report to them, not for myself, but for a news article that I spotted online.
This post is written by John James of Wildunknown. John is a Lotus Domino Administrator and Developer from Ottawa, Ontario, Canada.
He can be found at ht [read] Keywords: domino
lotus
blogger
security
16
Sharing: OSF DataLossDB
Wed, May 4th 2011 7:05a John James I just wanted to share a site that I refer to frequently, the DataLossDB from the Open Security Foundation.
They track both Incidents and Fringe Incidents relating to the loss of data by an organization.
I got thinking about it today because I just submitted my first report to them, not for myself, but for a news article that I spotted online.This post is written by John James of Wildunknown. John is a Lotus Domino Administrator and Developer from Ottawa, Ontario, Canada.
He can be found a [read] Keywords: domino
lotus
blogger
security
Shared Name
Fri, Apr 1st 2011 7:42a John James Turns out that there's a BBC journalist who shares the same name as me. He's in the Ivory Coast and was reporting on the CBC World Report news this morning.
In other news, we don't look alike. So, if you happen to run into him in Ivory Coast, he's not me.
Interestingly enough, there are 711 people who share my name on LinkedIn.This post is written by John James of Wildunknown. John is a Lotus Domino Administrator and Developer from Ottawa, Ontario, Canada.
He can be found at http://w [read] Keywords: domino
lotus
blogger
linkedin
22
To the Newbies: Want to be a 'Good' developer?
Thu, Mar 31st 2011 9:44a John James [mount soapbox]
So, I have a beef. I'll lay it out for you with a hypothetical situation. (Perhaps only partly hypothetical...)
You develop an application for a customer in a different time zone. Let's say a 'quite' different timezone. While they are conducting UAT (user acceptance testing) they mention that the Date Recorded of a document doesn't seem to be in their timezone. You look at the code and realize you are setting the field with @Now.
You implement a fix on that [read] Keywords: domino
lotus
notes
application
blogger
23
2011-03-28 - 1/365 - Yo. Yo. Reboot.
Mon, Mar 28th 2011 6:02p John James John James posted a photo:I'm re-commencing my 365 project. I got derailed last year at about this time, and I'm coming back to it now. I got this yo-yo at a conference. If you... [read] Keywords:
41
Admin Notes: Domino 8.5.2 Fix Pack 2 is out
Fri, Mar 25th 2011 10:02p John James Domino 8.5.2 Fix Pack 2 has been released. Links are below to the various versions:
Domino 8.5.2 FP2 Windows 32-bit
Domino 8.5.2 FP2 Windows 64-bit
Domino 8.5.2 FP2 AIX 32-bit
Domino 8.5.2 FP2 AIX 64-bit
Domino 8.5.2 FP2 Solaris
Domino 8.5.2 FP2 Linux
Domino 8.5.2 FP2 Z-Series
Domino 8.5.2 FP2 i-Series 5.4
Domino 8.5.2 FP2 i-Series 6.1/7.1
As per normal, you need to log into Fix Central to get access.This post is written by John James of Wildunknown. John is a Lotus Domino Admini [read] Keywords: admin
domino
ibm
lotus
notes
aix
blogger
linux
20
Water: Expectations
Sat, Mar 12th 2011 4:22p John James I'm almost certain, that if I had a therapist, I'd be told that I should talk about how I feel.
I'm upset.
I'm frustrated.
I'm stressed.
I went downstairs to the basement last night, innocently enough. I was looking for some rain pants.
I wasn't expecting the splash. Who expects that? Who expects to put their foot down on the carpet and have it splash.
I wasn't expecting to see the signs of water seepage along the edges of the hardwood floor in the basement either. [read] Keywords: domino
lotus
blogger
24
A Time for Free Books
Mon, Mar 7th 2011 12:00p John James I spotted this in my feed reader this morning. It lead me here to DB2 University.
I'm aware of the DB2 push toward university students to make them aware that DB2 is an option for their use as a free SQL database. I became aware of it a few years ago when looking for an SQL database.
I'm all in favour of it.
Of course, the question to ask is: When will other IBM technologies be given the same advantage?This post is written by John James of Wildunknown. John is a Lotus Domino Admi [read] Keywords: domino
ibm
lotus
blogger
database
db2
sql
16
Admin Notes: Setting up robots.txt on your Domino server
Fri, Mar 4th 2011 8:26a John James So, you're running a Domino server, and one of your co-workers finds the Domino help databases on your server indexed through Google.
What do you do?
The development team wants them left there so that they can be used, but they don't want to have to login to use them.
How do you get them unlisted from Google's index?
Easy, using a robots.txt file. But you say, how do I create it, what database do I put it in? And how do I get Google to remove the listing of my databases?
[read] Keywords: admin
domino
lotus
notes
blogger
database
development
google
server
20
Master XPages: Still only $9.99
Fri, Mar 4th 2011 7:53a John James I talked about it yesterday, Darren talked about it yesterday, Daniel talked about it yesterday.
Master XPages is still only $9.99 for the digital edition until midnight.
You may have missed it yesterday, but get it today...
Find it here: http://www.informit.com/deals/This post is written by John James of Wildunknown. John is a Lotus Domino Administrator and Developer from Ottawa, Ontario, Canada.
He can be found at http://www.wildunknown.com. [read] Keywords: domino
lotus
xpages blogger
planetlotus
planetlotus.org
30
Mastering XPages for $9.99
Thu, Mar 3rd 2011 5:43p John James I know other people have mentioned it, but I'm going to as well.
Available here for $9.99 USD, the Mastering XPages ebook. Yes, that one. The IBM Press one.
http://www.informit.com/deals/index.aspx
Go get it by midnight on March 3rd, 2011.
Now if only the site was built in XPages.This post is written by John James of Wildunknown. John is a Lotus Domino Administrator and Developer from Ottawa, Ontario, Canada.
He can be found at http://www.wildunknown.com. [read] Keywords: domino
ibm
lotus
xpages blogger
12
The largest Domino database I've ever seen
Wed, Mar 2nd 2011 11:24a John James I don't remember why I went looking at my local desktop with Domino Administrator, but I was a little shocked when I found this:
That would be about 106,809,893,190,000 or about 106 terabytes. Can anyone beat that?
This post is written by John James of Wildunknown. John is a Lotus Domino Administrator and Developer from Ottawa, Ontario, Canada.
He can be found at http://www.wildunknown.com. [read] Keywords: domino
lotus
blogger
database
desktop
19
Admin Notes: DoS Attack possible via Java JDK/JRE in Domino
Thu, Feb 24th 2011 11:26a John James If you are running Java agents or applications within your Lotus Domino framework and converting to binary floating point numbers, you could be exposed to a DoS attack. Read more here, and patch if you need to. IBM - Potential Denial of Service Attack with Java JDK/JRE hanging in IBM Lotus Notes and Domino (CVE-2010-4476)This post is written by John James of Wildunknown. John is a Lotus Domino Administrator and Developer from Ottawa, Ontario, Canada.
He can be found at http://www.wildunknown.com [read] Keywords: admin
domino
ibm
lotus
notes
applications
blogger
java
19
My Blackberry Playbook Sneak Peek
Tue, Feb 22nd 2011 5:02a John James I had the opportunity Saturday night to play with the new RIM Blackberry Playbook. Never thought I partied with the 'right' crowd, but it looks like I do.
It's pretty impressive. The OS on the version I saw was still in alpha, but the function and feel of it were very nice. I've played with the iPad, and between the two, I think I would probably go with the Playbook as my own tablet. I find it fit better in one hand than the iPad, which for me is more favorable to reading or the li [read] Keywords: domino
lotus
blackberry
blogger
rim
How To: Enable LZ1 Compression by default on new databases
Tue, Feb 1st 2011 6:23a John James Currently, in order to enable LZ1 compression on a database, you need to do it manually.
With the Notes.ini variable found in technote 1452490, you can have it do this by default.
COMPRESS_LZ1_CREATE = 1
Translated from the German post found here: http://www.madicon.de/aktuelles/index_files/00384.php#unique-entry-id-293 [read] Keywords: notes
apple
blogger
database
8
Looking for Domino/Network Administrator
Thu, Jan 27th 2011 11:02a John James I'm slightly biased, but the company I work for is hiring a Domino/Network Administrator. If you're interested after reading the description below, contact me and I'll pass your interest along.
Position Description:
The successful candidate will be responsible for ongoing development and administration of our web server farm and office server infrastructure including network and workstation hardware/software.
You need to be skilled in setup and support of TCP/IP networks, firewall, b [read] Keywords: administration
domino
lotus
aix
blogger
database
development
linux
network
office
security
server
