Pixar talks backups and testing
Wed, May 16th 2012 10:44a John James This could be a PSA. It’s worth watching.
Think about your personal life backup. Your home movies, the photos of your children.
Are you protected? [read] Keywords:
Ottawa: Food Aid BBQ
Fri, May 4th 2012 2:04p John James Food Aid BBQ
The annual Food Aid BBQ is taking place at Festival Plaza, City Hall on Friday, June 1 this year. The BBQ will bring the Ottawa Food Bank that much closer to raising the necessary funds to sustain its beef program for a year.
For only $10, hamburgers prepared by The WORKS will be served alongside chips and a drink from 11AM to 2PM. There will be plenty to see and do at Festival Plaza, with music, a live broadcast by 580 CFRA, and celebrity milking competitions at 10:30 am and 12 [read] Keywords: community
office
Visualization: InMaps from LinkedIn Labs
Wed, May 2nd 2012 6:44a John James I came across this the other day on our corporate social network and thought I would share it here.
It creates an interesting visual of your LinkedIn network.
http://inmaps.linkedinlabs.com/share/John_Lawren_James/316949539857534123863686369623422544527 [read] Keywords: linkedin
network
152
Cancer: Let’s Beat This!
Tue, May 1st 2012 8:04a John James I’ve been touched by cancer many times in my life. Through friends, family, and this year, it hit close to home, with my wife.
I’m participating in this year’s Canadian Cancer Society Relay For Life so that hopefully, someday, my children will never have to go through what I’ve gone through.
http://convio.cancer.ca/site/TR/RelayForLife/RFL_ON_even_?px=4366288&pg=personal&fr_id=10562
As for my wife, she’s doing pretty well. The surgery went successfully [read] Keywords:
142
Abandoned Vehicles
Sun, Apr 29th 2012 4:44p John James These are not in a location related to these photos, but I did run across them the same day.
Snow Plow: I couldn't say for certain how long this snow plow had sat here, but the size of the trees surrounding it suggests quite a while.
Caterpillar: No rubber to hit the road. All steel.
Engine #5: A fire truck from the town I grew up around.
Fire Engine: Silent, forgotten, but once essential equipment.
Hose: Dry, except for when it rains.
Gauges
Feeder line
Siren and Lights
Rust pitting the whe [read] Keywords:
142
Abandoned Farmstead
Sun, Apr 29th 2012 8:44a John James I was driving back from making a pickup on Sunday morning when I spotted this house and barn, long since abandoned.
I couldn’t resist walking through the fence and exploring.
Red door: This lead into what once looked to be a chicken coop.
Log Structures: Some of the buildings on the property were the original log structures that probably dated from the original settlement of the property.
The Mow: Traditionally, the mow (pronounced MAU) would have been where the farmer stored his winter ha [read] Keywords:
187
How to: Restore the Sametime Emoticon Palette
Fri, Apr 27th 2012 2:44p John James Problem
Client reports that they cannot add new emotions to Sametime.
and/or
Client does not have the emoticons palette in the Preferences menu.
Solution
Close the Lotus Notes client.
Copy the contents of the workspace.metadata.pluginscom.ibm.collaboration.realtime.palettespalettes folder to somewhere safe. This will allow the user to keep any existing emoticons.
Delete the contents of the workspace.metadata.pluginscom.ibm.collaboration.realtime.palettespalettes folder.
Launch Lotus Not [read] Keywords: collaboration
ibm
lotus
notes
notes client
sametime
wiki
workspace
Surgery Update
Mon, Apr 16th 2012 12:04p John James Surgery was a success. They removed her entire thyroid gland, but did not need to remove the para-thyroids or lymph nodes. As well there was no long term damage done to the nerves leading to the vocal cords.
Please people, tell the women you know to check their neck.
http://www.thyroidcancercanada.org/about-thyroid-cancer.php [read] Keywords:
255
Cancer
Sun, Apr 15th 2012 7:23p John James I guess I’ve kind of surprised myself by not doing this earlier. I’m not sure why I didn’t.
Back in the middle of February my wife and I bought a new house. 15 hours later, we discovered that she had thyroid cancer.
We let the house deal fall through, there was no way we were going to deal with cancer treatment and move at the same time. There is no way that we were going to allow that much stress into our lives.
It was a shock, but I came to terms with it. It’s [read] Keywords: wiki
245
Reminder: Increase the maximum available memory on your Lotus Notes client JVM today!
Tue, Mar 27th 2012 9:43a John James Yup, that’s right. Public Service Announcement time.
If you haven’t increased the maximum memory available to your Lotus Notes JVM yet, what are you waiting for?
By default, the Notes JVM only has 256mb of memory available to it. On a system with 4GB+ of memory, you should be easily able to increase it to 1/4 to 1/3 of the system memory and improve the end user performance.
Here’s how:
Shut down Lotus Notes.
In order to make sure that all processes are stopped, run this [read] Keywords: ibm
lotus
notes
notes client
nsd
password
properties
workspace
144
How to create a blank file with a fixed size
Thu, Mar 22nd 2012 8:04a John James I had the need today to create a number of blank files with a fixed size. I thought I would share the method.
fsutil is the program needed to create a blank file. Under Windows 7, it needs to be run as the administrator.
It’s used in the following way:
fsutil file createnew
For example the following line would create a 10mb blank Word document:
fsutil file createnew C:file.doc 10485760
Just as the following line would create a 1gb blank Excel document:
fsutil file createnew C: [read] Keywords:
108
Hello world!
Wed, Mar 21st 2012 12:44p John James Welcome to WordPress. This is your first post. Edit or delete it, then start blogging! [read] Keywords: blogging
158
Error (and solution) to “Cannot find external name:”
Thu, Mar 15th 2012 9:43a John James I’ve been meaning to share this for a while. I’ve had this show up numerous times recently. Sometimes you’ll see it in the Lotus Notes client, but I’ve been seeing it in the server log most frequently.
The error is: ‘Cannot find external name:’ followed by a name in capital letters.
This is an error that is a result of having an agent signed by one ID file and an included script library signed by a different ID, usually the server ID.
The solution? Res [read] Keywords: agent
lotus
notes
notes client
script library
server
477
Two useful Domino fields you may not be using
Wed, Feb 15th 2012 8:43a John James Every once in a while you come across something you thought was common knowledge and discover someone who hasn’t seen it.
Here is my example.
There are a few fields that were added back in Domino 7 that people may not be aware of…
$$HTMLFrontMatter allows you to add a custom doctype declaration to a form. Quite handy if your designer developed for something other than HTML 4.01 Transitional.
$$HTMLTagAttributes allows you to add your own options to the HTML tag.
Reference
http:/ [read] Keywords: domino
ldd
lotus
253
Bad Vendor. Go sit in the corner.
Tue, Feb 14th 2012 8:22a John James Here is a synopsis of a recent project over the last month.
—
Asked vendor about specific feature.
Vendor said feature was available.
Brought unit in.
Tested unit.
Feature not available.
Sent unit back.
Asked vendor about lack of feature.
Vendor replied that it would be available in future release.
Stopped using vendor.
Bad Vendor. Go sit in the corner. is a post written by John Lawren James from Wildunknown. [read] Keywords:
306
Encryption != Protection
Tue, Jan 24th 2012 7:23a John James And there you have it. Encryption is not necessarily going to protect you or your company.
http://www.wired.com/threatlevel/2012/01/judge-orders-laptop-decryption/
Encryption != Protection is a post written by John Lawren James from Wildunknown. [read] Keywords: laptop
200
Data Privacy Day 2012
Mon, Jan 23rd 2012 6:23a John James It’s here again. It’s not guaranteed to be more fun than Ground Hog Day, but it is important none the less.
Data Privacy Day 2012 is on January 28th.
There are numerous events being hosted across Canada and the US to make people more aware of data privacy issues. You can find a list of events here, or if you are in Halifax, attend this one.
The Privacy Commissioner of Canada has also released a calendar that you can share with your teams.
Data Privacy Day 2012 is a post writ [read] Keywords: security
269
Fixing CVE-2009-3555 in Lotus Domino
Wed, Jan 18th 2012 7:43a John James A vulnerability assessment turned up a potential issue with my Domino servers. CVE-2009-3555, or a security concern with SSL renegotiation.
There is an easy work around for Domino, add the following parameter in your notes.ini file.
SSL_DISABLE_RENEGOTIATE=1
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
http://www-01.ibm.com/support/docview.wss?uid=swg21430331
Fixing CVE-2009-3555 in Lotus Domino is a post written by John Lawren James from Wildunknown. [read] Keywords: domino
ibm
lotus
notes
security
220
SANS Ouch! – January 2012
Mon, Jan 16th 2012 8:23a John James The latest edition of SANS Ouch! is out.
Every month they publish a newsletter directed at the typical web user. Not those of us with a heightened awareness of security, but people like your office manger, mail room clerk or your parents.
This month’s newletter deals with how to securely set up a wireless network.
I encourage you to take a look, and disseminate it to your staff. In fact, they even encourage you to do that.
http://www.securingthehuman.org/resources/newsletters/ouch
It [read] Keywords: facebook
network
office
security
twitter
wireless
271
Canadian House of Commons Employees Downloading Illegal Content
Wed, Jan 11th 2012 7:42a John James According to the activist group, The Pirate Party of Canada, House of Commons employees are downloading illegal content before Canada’s bill C-11, the strict copyright protection legislation comes into effect.
The party used youhavedownloaded.com a site that scrapes torrent sites for IP addresses to find addresses owned by the House of Commons.
When you work in such a high profile, public place, even if your network administrators turn a blind eye to what you do, chances are that someone [read] Keywords: network
profile
165
Starting the New Year
Tue, Jan 3rd 2012 12:03p John James I’m starting 2012 optimistically. I have a few goals for the year:
Achieve my CISSP certification.
Finish the renovations to the basement.
Find time to start running again.
As a ways to an end, I have joined a CISSP study group, loaded some study resources on my iPod and ebook reader, and will take the bus one day a week in order to allow myself the time during the 2 hour commute to study.
Renovations are under way in the basement. I have the drywall up, and have started with the m [read] Keywords: ipod
165
Security Theatre in the Hospital
Wed, Dec 21st 2011 7:02a John James I was listening to the radio this morning and heard this story about how the local children’s hospital is reducing waste.
One of the things they are removing from the emergency rooms is the paper that lays across the examination tables.
An emergency room doctor explained that the paper doesn’t really contribute to the infection control program at the hospital, it’s only really there for patient peace of mind. You know, so it looks clean and fresh, and through its use, convin [read] Keywords: security
wiki
101
Happy Thanksgiving!
Thu, Nov 24th 2011 7:23a John James Just a quick note to wish all of my American friends a happy thanksgiving.
(Even though they didn’t wish me one on my thanksgiving.)
Happy Thanksgiving! is a post written by John Lawren James from Wildunknown. [read] Keywords: wiki
161
Domino Disk Performance
Fri, Nov 18th 2011 11:23a John James So, today marks the first day that I’ve had a chance to play with our new Domino server. Most of the hardware is pretty standard. IBM 3650M2 hardware, 12GB of RAM and 2 quad core CPUs.
Usually, the performance bottleneck I run into is disk access. Today, I’m trying some new hardware to see if we can eliminate that bottleneck.
Here are my first results:
This spike was the result of starting a compact -C on a database with a size of 1.6GB and 150,000 documents. It took 2 mi [read] Keywords: domino
ibm
database
server
129
RCMP Camera Gaffe and Security Policies
Thu, Nov 17th 2011 5:03p John James I read about the RCMP’s gaffe with leaving images from past investigations on a camera used for surveillance of a suspected graffiti artist, and immediately thought of this article entitled “IT Security policies Widely Ignored, Survey Suggests”.
Is that what happened? Was it a process issue, or a policy issue?
I wonder if we’ll ever know?
RCMP Camera Gaffe and Security Policies is a post written by John Lawren James from Wildunknown. [read] Keywords: policies
security
86
Anonymous and the City of Toronto
Wed, Nov 16th 2011 7:03a John James Toronto Mayor Rob Ford is confident that City of Toronto systems are secure after a threat from hacking group Anonymous.
I read that in an article from SC Magazine. He really couldn’t say anything else, but I wonder if he really believes it. I also wonder what City of Toronto CIO David Wallace is thinking… After large takedowns of Sony and the like by Anonymous, he’s probably not as confident.
Anonymous and the City of Toronto is a post written by John Lawren James from [read] Keywords:
112
Help: Domino ACLs and Email Address as User Login
Tue, Nov 15th 2011 10:42a John James It’s not often I resort to the LazyWeb method of looking for information, but I haven’t had any luck finding what I was looking for otherwise.
I have a client who wants to use their email address to log in to a Domino web application.
My memory tells me that there is/was an issue with this and using Groups in the ACL of the Domino database.
Can anyone point me to any resources on how to do this, or that it can’t be done, or anything along those lines?
Thanks.
Help: Domino ACLs [read] Keywords: acl
domino
notes
noteslotus
application
database
email
164
Security Notice: THC-SSL-DOS, Lotus Domino and SSL Regegotiation
Fri, Nov 4th 2011 7:03a John James A group called www.thc.org released a tool called THC-SSL-DOS. Here’s a clip from their site:
THC-SSL-DOS is a tool to verify the performance of SSL.
Establishing a secure SSL connection requires 15x more processing
power on the server than on the client.
THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet.
This problem affects all SSL implementations today. The vendors are aware
of this problem since 2003 and the topic has been wi [read] Keywords: admin
domino
lotus
notes
security
server
smtp
64
National IT Day in Canada
Wed, Nov 2nd 2011 7:37a John James Today is National IT Day in Canada.
I guess this is the day I get some respect…
Hmm. Nothing yet. Guess I’ll keep waiting.
http://www.nationalitday.ca/
National IT Day in Canada is a post written by John Lawren James from Wildunknown. [read] Keywords:
54
Greece, a Referendum and Security
Tue, Nov 1st 2011 5:23p John James About now, some people will be pontificating that if Greek citizens vote down austerity measures, Greece will run out of money in a matter of days, and that the world/European economy will go into a tailspin shortly thereafter.
I suspect that if that occurs, there will be a rather public hack of Greece’s infrastructure, taking advantage while they are down. Quite possibly, it will be an inside job, by someone disgruntled that they are broke.
Greece, a Referendum and Security is a pos [read] Keywords: security
86
Spoofing a Cell Tower
Tue, Nov 1st 2011 5:03p John James It’s interesting that a little more than a year after a security researcher proved at DefCon that he could spoof a cell tower, the UK police have purchased a system to do the same thing.
Spoofing a Cell Tower is a post written by John Lawren James from Wildunknown. [read] Keywords: security
45
Keyloggers 101
Tue, Nov 1st 2011 9:43a John James Great video post from the Ethical Hacker Network on Keyloggers.
Shows the basics about keyloggers, how hidden they are, and how to detect them.
Keyloggers 101 is a post written by John Lawren James from Wildunknown. [read] Keywords: network
64
VirusTotal – Free Online Virus, Malware, and URL Scanning
Thu, Oct 27th 2011 12:23p John James I found out about VirusTotal today.
It’s run by a Spanish company, and offers free, online virus checking.
http://www.virustotal.com/index.html
The best part in my mind? It’s crowd-sourcing your anti-virus.
You submit a suspect file, it’s scanned by 42 different anti-virus applications, and the results get displayed to you. If the file is picked up by at least one of the 42 anti-virus programs, then they each get a copy of the file to test to improve their products.
By you [read] Keywords: applications
virus
57
Reading List for 24 Oct 2011
Tue, Oct 25th 2011 8:03a John James A few good articles I read today:
Tool lets low-end PC crash much more powerful webserver
Hackers have released software that they say allows a single computer to knock servers offline by targeting a well-documented flaw in secure sockets layer implementations.
http://www.theregister.co.uk/2011/10/24/ssl_dos_tool_released/
Down the Rabbithole Podcast Episode 4 – Effective Small Business Security
http://podcast.wh1t3rabbit.net/down-the-rabbithole-episode-4-effective-small-business-secur [read] Keywords: mobile
podcast
security
68
Electronic Communications Privacy Act targeted by Internet Rivals
Fri, Oct 21st 2011 11:43a John James Both Facebook and Google have also come out against the ECPA to protect information entrusted to them by their users.
CNet: Google, Facebook go retro in push to update 1986 privacy law
Ars Technica: The Shocking Strangeness of our 25-year-old Digital Privacy Law
Electronic Communications Privacy Act and the Cloud
Electronic Communications Privacy Act targeted by Internet Rivals is a post written by John Lawren James from Wildunknown. [read] Keywords: facebook
google
51
Electronic Communications Privacy Act and the Cloud
Fri, Oct 21st 2011 8:03a John James Great article from Threat Level. Worth the read, and giving some thought to how you or your company may be affected, especially if you are a foreign company with cloud services in the United States.
ECPA allows the government to obtain, without a warrant, any content stored in the cloud — such as files in a Dropbox account, if it’s older than six months. It goes without saying that there was no such thing as cloud-storage services available for the average Joe Sixpack when Reagan was pres [read] Keywords:
63
Running a Security Program without a Budget
Thu, Oct 20th 2011 5:23p John James I’ve been thinking more and more about small businesses and security recently. Most small businesses don’t have the budget to run their own security program. These organizations, that employ many, many people, are often left vulnerable. Larger organizations have the budget to fund a security program, while most small businesses don’t.
I’ve pointed out before that most small businesses don’t have an information security program.
I spotted a great articl [read] Keywords: office
podcast
security
virus
33
SANS Ouch! – October 2011
Wed, Oct 19th 2011 6:43a John James The latest edition of SANS Ouch! is out.
Every month they publish a newsletter directed at the typical web user. Not those of us with a heightened awareness of security, but people like your office manger, mail room clerk or your parents.
This month’s newletter deals with a critical step in protecting your data. Backups.
I encourage you to take a look, and disseminate it to your staff. In fact, they even encourage you to do that.
http://www.securingthehuman.org/resources/newsletter [read] Keywords: facebook
office
security
twitter
37
Conference Call Systems and Security
Fri, Oct 14th 2011 10:57a John James I found a very interesting article talking about the security surrounding conference call systems, and the ease there is with some systems to allow you to eavesdrop in on calls.
Your competitors are simply dialing into insecure conference call lines and silently listening in. This happens at all levels … from the executive team making bajillion dollar decisions all the way down to those of us in the trenches talking shop on the technologies we use to build solutions. And the problem is only go [read] Keywords: security
50
Trade Magazines: eWeek
Thu, Oct 13th 2011 8:03p John James I’ve been reading eWeek on and off for quite a few years now.
They bill themselves as:
Enterprise IT’s trusted source for product information in an actionable context, including expert labs analysis and practical tools for evaluating, acquiring, installing, configuring and maintaining technology products and services.
It’s a trade magazine for Enterprise IT professionals. If you qualify, you can get a free print or digital subscription if you live in the US or Canada.
They [read] Keywords: applications
enterprise
125
Domino not starting on Windows 2008 R2
Thu, Oct 13th 2011 9:43a John James If you are like me and setup your Domino server on one IP address and move it to another, under Windows 2008 R2, you may end up in a situation where the server refuses to start after you change the IP address.
To fix it, add the following line to your notes.ini file, replacing 192.168.100.50 with the IP of your server:
TCPIP_ControllerTCPIPAddress=192.168.100.50:2050
Domino not starting on Windows 2008 R2 is a post written by John Lawren James from Wildunknown. [read] Keywords: domino
notes
noteslotus
server
45
Facial Recognition on Spark
Thu, Oct 6th 2011 6:43p John James There are many privacy concerns about facial recognition.
Imagine being able to identify someone by taking their photo with your phone. What about combining that with cloud computing to determine someone’s address, and date of birth? Or perhaps their Social Security Number?
Worse yet, who is already using facial recognition? What if the police were using it in conjunction with CCTV feeds to track you, or someone you know? What if criminals were instead?
There was a great pi [read] Keywords: security
Every Application and Device Needs a Retirement Plan
Fri, Sep 30th 2011 7:23a John James Here’s a great headline that grabbed my attention this morning:
Air traffic control data found on eBayed network gear
Turns out this fellow in the UK bought a Cisco switch on Ebay for £20. When he saw the sticker on the back that said NATS (National Air Traffic Services), he started poking around.
He found internal VLAN estate data, information about the SNMP community strings (read and write, named after aircraft funnily enough), some ideas about password composition, VTP Trunk in [read] Keywords: application
community
network
password
snmp
51
Canadian Government Proposes Mandatory Data Breach Reporting
Fri, Sep 30th 2011 7:23a John James The Canadian Government proposed changes to the Personal Information Protection and Electronic Documents Act (PIPEDA) that would force organizations to report personal information breaches to both the privacy commissioner and the affected individuals.
The changes are part of a proposed bill that died on the floor of parliment when Canada went to the polls to elect a new government this past May.
“Ensuring trust and confidence through the protection of personal information is essential to [read] Keywords: security
82
How To: Mitigate the SSL/TLS Vulnerability for Lotus Domino
Tue, Sep 27th 2011 9:47p John James I’ve been doing quite a bit of research into the BEAST (Browser Exploit Against SSL/TLS) vulnerability that security researchers Juliano Rizzo and Thai Duong demonstrated at the ekoparty security conference in Buenos Aires on Friday.
The session at ekoparty revealed the technical details about how the exploit works and the vulnerability it exploits. The vulnerability has been known for quite a while.
The vulnerability affects SSL/TLS ciphers that use the Cipher Block Chaining (CBC) m [read] Keywords: domino
ibm
lotus
archive
google
mac
microsoft
security
server
wiki
37
NIST Releases Guide for Conducting Risk Assessments
Tue, Sep 27th 2011 5:03p John James National Institute of Standards and Technology (NIST) has released the Guide for Conducting Risk Assessments (NIST Special Publication 800-30, Revision 1).
As threats to cyber systems grow more and more complex, risk assessments help companies determine appropriate responses to mitigate risks to their organizations, guide investment strategies and maintain ongoing situational awareness of the state of their systems.
Overall guidance for risk assessment for information security can be found in M [read] Keywords: security
61
Microsoft Releases a TLS 1.1 Fix Tool for Windows
Tue, Sep 27th 2011 4:43p John James Microsoft has released a security advisory relating to the SSL/TLS vulnerability previously discussed. Included in the advisory are a workaround and a tool that can implement a fix on Windows 7 and Windows Server 2008 R2 systems.
If you’re using a version of Windows prior to version 7 or Server 2008 R2, your system doesn’t even support TLS 1.1. Your only hope is that server admins fix the SSL/TLS problem on their web servers.
Interestingly enough, the RC4 cipher suite is unaffe [read] Keywords: archive
microsoft
security
server
44
Pssst… Want to buy some patient records?
Fri, Sep 23rd 2011 8:03a John James You know, probably not the best words in an article about lost patient records to link ads from if you want your website to look legit.
Just saying…
Pssst… Want to buy some patient records? is a post written by John Lawren James from Wildunknown. [read] Keywords:
70
Swedish Computer System Crash; 50 000 lost medical records
Fri, Sep 23rd 2011 6:40a John James A computer system crash in Region Skåne, Sweden have resulted in the loss of appointment and prescription records, but may have resulted in the loss of over 50 000 medical records.
The affected hard drives have been shipped to a Norwegian company to attempt to recover the information lost in the crash that occurred on August 22, 2011. (Almost a month ago as of the publication of this post.)
The cause of the crash is still under investigation, and the extent of the data loss is still [read] Keywords:
38
My ATM is running Windows 98?
Thu, Sep 22nd 2011 7:23p John James Picture this, you walk up to an ATM belonging to your bank and find the error below on the screen.
Do you change banks?
My ATM is running Windows 98? is a post written by John Lawren James from Wildunknown. [read] Keywords:
55
(IN)SECURE Magazine number 31 is available
Thu, Sep 22nd 2011 6:48a John James If you work in IT security, and you don’t read (IN)SECURE Magazine, you should take a look at it.
Here is the article list for issue 31:
The changing face of hacking
Review: [hiddn] Crypto Adapter
A tech theory coming of age
SecurityByte 2011: Cyber conflicts, cloud computing and printer hacking
The need for foundational controls in cloud computing
A new approach to data centric security
The future of identity verification through keystroke dynamics
Visiting Bitdefender’s headquarte [read] Keywords: domino
applications
security
92
IBM Lotus Domino and the SSL/TLS known vulnerability
Wed, Sep 21st 2011 9:02a John James Based on this article, I started thinking about how the fallout from the SSL/TLS vulnerability may affect me.
I wasn’t ready for what I found.
As it turns out, as detailed in this IBM tech note, there is no support for TLS 1.0, TLS 1.1 or TLS 1.2 for Domino’s http server. There is only support for SMTP (through STARTTLS) and SIP (for Sametime) within Domino. All other Lotus Domino Internet based protocols (HTTP, LDAP, POP3, IMAP) support SSL up to 3.0.
So… As for a p [read] Keywords: domino
ibm
lotus
sametime
server
smtp
websphere
33
Looking for a Lotus job?
Wed, Sep 21st 2011 7:23a John James If you are looking for a job revolving around one of the IBM/Lotus technologies, make sure you take a look at Tom Duff’s website. He posts daily on the new jobs that surface in the Lotus world.
Duffbert’s Lotus Jobs
Looking for a Lotus job? is a post written by John Lawren James from Wildunknown. [read] Keywords: ibm
lotus
notes
archive
52
Known Vulnerability in SSL/TLS is now a Problem
Wed, Sep 21st 2011 6:43a John James In case you didn’t read it here, or here, there has been a successful exploit for a long known vulnerability in all versions of SSL and TLS 1.0.
Although the vulnerability has been known since the early iterations of SSL, up until now, it was thought to be un-exploitable.
Thanks to the work of Juliano Rizzo and Thai Duong (who previously brought an issue to light with ASP.NET that caused Microsoft to release an ‘out-of-band’ patch), the vulnerability has been exploited through [read] Keywords: microsoft
security
wiki
30
Cybersecurity Awareness Month
Tue, Sep 20th 2011 5:43a John James The Department of Homeland Security (DHS) in the United States has set October as Nati0nal Cybersecurity Awareness month.
Despite choosing one month to bring public awareness to cybersecurity, most security professionals recommend practicing cybersecurity year round, not just in October.
You’ll probably want to think about things on the list below during October.
Anti-Virus
Firewalls
Backups
Software Updates
You should also review the list of what to do when things go wrong (as most th [read] Keywords: security
virus
41
Talk Like a Pirate
Mon, Sep 19th 2011 7:03a John James Hey!
It’s talk like a Pirate day.
Arrr…
Talk Like a Pirate is a post written by John Lawren James from Wildunknown. [read] Keywords:
66
Great Deal – Games on Sale
Fri, Sep 16th 2011 7:03a John James Mrs. Tiggy Winkle’s in Ottawa has a Groupon deal today.
$15 for $30 Worth of Toys and Games
They have a fairly good selection of board games, and a fair number of Euro games.
http://www.groupon.com/r/uu6221433
Great Deal – Games on Sale is a post written by John Lawren James from Wildunknown. [read] Keywords:
56
Great Cryptography Reference
Thu, Sep 15th 2011 6:26p John James Do you know some of the basics of cryptography, like what a Caeser cipher is? How about a Vignere table? Are you looking for an easy reference on what data encryption is?
Check it out!
http://library.thinkquest.org/27158/concept1_5.html
Great Cryptography Reference is a post written by John Lawren James from Wildunknown. [read] Keywords:
55
Securing The Human
Thu, Sep 15th 2011 5:05p John James Part of SANS security awareness program is a site called ‘Securing The Human’.
Every month they publish a newsletter directed at the typical web user. Not those of us with a heightened awareness of security, but people like your office manger, mail room clerk or parents.
This month’s newletter, appropriately called ‘OUCH!’, deals with privacy and security surrounding social networking.
I encourage you to take a look, and disseminate it to your staff. In fact, [read] Keywords: networking
office
security
60
Using Comics to Teach a Lesson
Thu, Aug 11th 2011 7:03a John James I’m a closet comic fan, I always have been. I’ve found it can be a great way to get a lesson across, especially to children and teens.
As a result, I always enjoy when I find a comic that I can use as part of a training I am giving, or a presentation I make. I found one of those yesterday, and I wanted to share it.
Post it in your lunchroom, post it on a bulletin board. Post it where people will read it, and hopefully learn from it.
Using Comics to Teach a Lesson is a post w [read] Keywords:
79
Wikimania Prize Package
Wed, Aug 10th 2011 11:42a John James I got my Wikimania prize package in the mail the other day.
There were numerous items including a Spam Sentinel t-shirt, some IBM bottle openers, IBM bottle sleeves, and the best part, a copy of the Mastering XPages book.
Gotta love it!
Wikimania Prize Package is a post written by John Lawren James from Wildunknown. [read] Keywords: ibm
lotus
xpages
62
Admin Notes: The Hidden Field
Wed, Aug 10th 2011 8:43a John James I was implementing a third party plugin to Domino this morning, and was asked to put a certain value in a certain field.
However, search as I did, I couldn’t find the field in the server document.
As you know, the server document uses the server form (server) in the address book (names.nsf). I opened Domino Designer, opened the form, found the field I was looking for, checked the ‘hise when’ value, and discovered what I had to do to make it visible.
Could only happen in Domi [read] Keywords: admin
domino
notes
server
76
Insider Threat: Your Data Is For Sale
Wed, Jul 27th 2011 6:43a John James Security firm SailPoint released the results of a recent survey that shows that your corporate information may be for sale. The SailPoint Market Pulse Survey examined the current state of employee compliance with corporate policy related to private and sensitive data.
Here’s what they found:
22% of US, 29% of Australian and almost half of British (48%) employees who have access to their employer’s or client’s private data, and who answered the question, indicated they would [read] Keywords: mobile
security
51
Ontario Cancer Screening Records Go Missing
Tue, Jul 26th 2011 2:23p John James Ontario’s Privacy Commissioner is looking into reports that the whereabouts for up to 15 screening activity reports is unknown. These reports contain the Personal Health Information (PHI) of up to 6,490 Ontarians.
The Privacy Commissioner’s office is still investigating the status of 11 other reports that could jeopardise the PHI of another 5,440 individuals.
The records contain information such as names, birth dates, gender, health card numbers and cancer screening test infor [read] Keywords: office
105
Admin Notes: Domino and Encryption
Tue, Jul 26th 2011 8:22a John James I often find myself running for this information, and I’m going to keep it here. That way, it may benefit someone else as well.
Lotus Domino Server/User ID
- RSA dual-key Cryptosystem and RC2, RC4 and AES algorithms for encryption
- RSA keys can be at any of the following strengths:
– 630 bit (Domino R6+)
– 1024 bit (Domino R7+)
– 2048 bit (Domino R8+)
- RC4 algorithm key
- 128bit (Domino R6+)
- RC2 algorithm key
- 128bit (Domin [read] Keywords: admin
domino
ibm
ldd
lotus
notes
notesdomino
noteslotus
R6
R7
R8
apple
database
mac
network
server
80
Lotus Domino Denial of Service Attack
Wed, Jul 20th 2011 1:04p John James Credits to Tom Duff.
Packet Storm is reporting a Lotus Domino Denial of Service issue…
# Exploit Title: Lotus Domino SMTP router, EMAIL server and client DoS - all 3 may crash
# Date: July 16, 2011
# Author: None - looks like a malformed Kerio generated calendar invitation was the reason this was discovered -http://forums.kerio.com/index.php?t=msg&th=19863&start=0
# Software Link: none - cut/paste the malformed meeting invitation show below, send into some Domino shop as a mim [read] Keywords: domino
ibm
lotus
lotusdomino
email
server
smtp
316
Admin Notes: Is your SMTP server running TLS?
Wed, Jul 20th 2011 12:43p John James I found a great website today that allows you to check if the mail server for your domain supports TLS.
This is a great tool to see if an email you send a client, colleague or even your buddy will be transmitted as open text. It’s also a great tool for troubleshooting your Domino mail server.
Check it out here: http://www.checktls.com
Admin Notes: Is your SMTP server running TLS? is a post written by John Lawren James from Wildunknown.com [read] Keywords: admin
domino
notes
noteslotus
email
server
smtp
60
Policies and Controls are King in the IT Security world
Wed, Jun 29th 2011 12:18p John James I came across an article by Roger Grimes over at Infoworld on how security policies and controls are the real power when it comes to IT security.
Roger mentions the SANS 20 Critical Security Controls for Effective Cyber Defence, which are a great read for anyone looking at updating or auditing your policies for completeness.
The SANS top 20 controls are a must for any organization:
Inventory of Authorized and Unauthorized Devices
Inventory of Authorized and Unauthorized Software
Secure Configur [read] Keywords: policies
application
network
security
wireless
67
Me Personally? I love DAOS…
Tue, Jun 28th 2011 11:28a John James I think DAOS is great, and why? Because of the screenshot below. A database a quarter of that size would make most admins cry, but with DAOS, it hums along beautifully.
Makes me wonder if this type of scenario is what IBM had in mind when they designed DAOS.
Oh, and the size is not an error. Logically, it actually is 140GB in size, with about 53,000 attachments.
Me Personally? I love DAOS… is a post written by John Lawren James from Wildunknown.com [read] Keywords: domino
ibm
database
98
Indian users of Groupon subsidiary face password breach
Tue, Jun 28th 2011 7:06a John James An Australian security consultant, Daniel Grzelak, discovered an SQL file with over 300,000 usernames and plain text passwords from Sosasta.com by conducting a Google search.
The entire user database of Groupon’s Indian subsidiary Sosasta.com was accidentally published to the Internet and indexed by Google.
The database includes the e-mail addresses and clear-text passwords of the site’s 300,000 users. It was discovered by Australian security consultant Daniel Grzelak as he searched for pu [read] Keywords: database
google
password
security
sql
69
Bioware Account Breach
Mon, Jun 27th 2011 7:06p John James I got an email the other day, one I wasn’t expecting to receive, because I wasn’t even aware that the organization had a data breach. (But then, how could I? They’ve been coming fast and furious for a while now.)
The email looked like this:
We recently learned that hackers gained unauthorized access to the decade-old BioWare server system supporting the Neverwinter Nights forums. We immediately took appropriate steps to protect our consumers’ data and launched a th [read] Keywords: email
password
security
server
64
Is speed a good thing in disclosing security breaches?
Fri, Jun 24th 2011 8:06a John James How quickly do you feel a company should notify you that your personal data has been exposed as the result of a security breach?
There have been a number of high profile data breaches recently, such as Sony, Epsilon and Honda Canada. Each company took a different amount of time to notify customers, but that is because they are allowed to. There are no laws that specify how quickly they must advise you that your private information may have become public.
Sony, who has lost more than 100 mill [read] Keywords: email
network
profile
security
60
Basic Information Security Practices missing at Small Business
Thu, Jun 23rd 2011 7:26a John James As I read this article earlier today, I have to say that I am not really all that surprised.
Most small businesses are more concerned with their day-to-day operations and where the next client is coming from than they are around spending the time to creating policies and processes to manage security.
Although 78.6% of respondents were aware of the legal requirements of storing, keeping, and disposing confidential data, 31.1% never trained staff on the company’s information security procedures [read] Keywords: policies
security
55
Canadian Privacy Commissioner criticizes Staples
Tue, Jun 21st 2011 8:25p John James The Canadian Privacy Commissioner, Jennifer Stoddart, has found that Staples Canada Inc. failed to fully wipe customer data from returned devices such as laptops, hard drives or USB keys prior to reselling them.
The Staples audit included tests on data storage devices (ie. computers, laptops, USB hard drives and memory cards) that had undergone a “wipe and restore” process and were destined for resale. Of the 149 data storage devices tested, over one-third (54 devices) still contai [read] Keywords: policies
58
IamLUG – North American Lotus User Group
Fri, Jun 17th 2011 7:23a John James Once again, I beleive for the third year, St. Louis is opening its doors to Loti from across North America.
Founded on the ‘free’ conference ideal, IamLUG has offered more than 25 sessions each year with the optional ‘TackItOn’ full day of training on specific subjects.
This year’s session list looks great, and the speakers rock. It’s happening on August 1st and 2nd, with the ‘TackItOn’ day being Aug 3rd.
You can find more detail here.
IamLUG &# [read] Keywords: admin
lotus
57
Taking Security Too Far: Breaking the Business Process
Thu, Jun 16th 2011 10:22a John James Read the following statement:
apparently the advent of 3D projectors is severely cutting the amount of light that reaches the screen because projectionists are not changing out the 3D lenses for 2D screenings as they should
Would you believe that a poorly planned security process is at fault of our enjoyment of 3D movies? With more and more thought being given to security, and protecting the intellectual property of the organization, it is possible for those controls to go too far.
Hollywood [read] Keywords: security
53
Conservative Party of Canada Contributor information Leaked
Wed, Jun 8th 2011 9:22a John James According to a member of LulzSec (@LulzRaft), it looks like there was a data breach that went along with the fake news release when the Conservative Party of Canada website was breached.
Conservative Party of Canada Contributor information Leaked is a post written by John Lawren James from Wildunknown.com [read] Keywords:
51
Wed, Jun 8th 2011 7:43a John James Tod Maffin from the CBC interviews 2 lawyers about Canadian Law, and Technology in the workplace.
is a post written by John Lawren James from Wildunknown.com [read] Keywords:
56
Wikimania – Please don’t post (I want to win…)
Wed, Jun 8th 2011 6:23a John James Yeah, the title is a bit tongue in cheek, but seriously…
I entered an article in the Wikimania contest last year, and I even won a book, and a number of other small items.
I’ve entered again this year, on the very day the contest opened. I suspect that I was even pointed out for it.
Sharing with the community is a great way to develop friendships and share information. (And win prizes. After all, who doesn’t want to be recognized for their work.)
Wikimania – Please [read] Keywords: ldd
lotus
community
53
Security Review – 6/7/2011
Wed, Jun 8th 2011 5:23a John James Similar to a number of other breaches (Sony, Epsilon, Lockheed-Martin), hackers seem to mostly be targeting the ‘larger’ targets, that will bring a lot of public exposure.
The Conservative Party of Canada site was the target of such an attack this week, as were many branches of the Sony empire. The Kingston Police department just got their website back online on Tuesday following a breach.
It’s no surprise then that Vermont Democrat Senator Patrick Leahy has introduced a bil [read] Keywords: network
security
49
Hackers target Conservative Party website
Tue, Jun 7th 2011 8:57a John James Despite news on the Conservative Party of Canada website, Prime Minister Stephen Harper was not airlifted to a hospital in Toronto following a choking incident at breakfast with his children.
In fact, it was an attack by hackers targeting the Conservative Party website.
The CBC has more details.
Hackers target Conservative Party website is a post written by John Lawren James from Wildunknown.com [read] Keywords:
57
Hackers make off with Government of Canada data
Tue, Jun 7th 2011 7:40a John James Back in April 2010, two groups (The Citizen Lab and The SecDev Group) discovered that government computers in 103 countries were compromised by hackers from China. They wrote about it in a published report called Shadows in the Cloud.
Fast forward to the fall of 2010 when Communications Security Establishment Canada (Canada’s electronic eavesdropping agency) started looking for signs that Canada’s governmental networks had been compromised.
Fast forward to January 2011, when a hack [read] Keywords: connections
network
security
wireless
20
Tomorrow is IPv6 day!
Wed, Jun 1st 2011 5:45a John James Tomorrow is the Internet Society’s World IPv6 day.
On June 8th, many major world organizations (including Google, Akamai and Yahoo!) will be turning on IPv6 services for a 24 hour test.
More information can be found here.
Tomorrow is IPv6 day! is a post written by John Lawren James from Wildunknown.com [read] Keywords: google
53
Computer Security Policy: Part 1 - Hierarchy of Management Direction
Tue, May 31st 2011 7:22a John James When writing computer security policy, or any policy for that matter, it is important to remember that there is a hierarchy when it comes to the types of documents that make up policy.
Laws & Regulations
Policy
Standards/Directives
Procedure
Guideline
Laws & Regulations
These are the compulsory rules, with sanctions, declared by the government for all citizens.
Here in Canada, the laws are passed by elected members of parliament. In the United States, laws are passed by elect [read] Keywords: domino
lotus
policies
blogger
enterprise
security
29
Computer Security Policy: Part 1 – Hierarchy of Management Direction
Tue, May 31st 2011 3:08a John James When writing computer security policy, or any policy for that matter, it is important to remember that there is a hierarchy when it comes to the types of documents that make up policy.
Laws & Regulations
Policy
Standards/Directives
Procedure
Guideline
Laws & Regulations
These are the compulsory rules, with sanctions, declared by the government for all citizens.
Here in Canada, the laws are passed by elected members of parliament. In the United States, laws are passed by elected membe [read] Keywords: domino
lotus
policies
blogger
enterprise
security
Domino databases can disappear when UNIX/LINUX server is shutdown
Fri, May 27th 2011 7:29a John James Abstract
In certain cases on a Domino 8.5.2 FP1 server, the contents of the Domino data directory can be deleted during shutdown on UNIX and Linux platforms. This does not happen frequently or on all Domino servers. However, if this does happen, a backup restore of the data will be necessary.
This IBM Alert addresses an issue with the ~notetmp.reg file on UNIX or LINUX servers running Domino 8.5.2 FP1.
This is what happens:
The problem occurs if ~notetmp.reg points to the Domino data directory [read] Keywords: domino
ibm
lotus
apple
blogger
linux
server
43
Domino databases can disappear when UNIX/LINUX server is shutdown
Fri, May 27th 2011 6:43a John James AbstractIn certain cases on a Domino 8.5.2 FP1 server, the contents of the Domino data directory can be deleted during shutdown on UNIX and Linux platforms. This does not happen frequently or on all Domino servers. However, if this does happen, a backup restore of the data will be necessary.This IBM Alert addresses an issue with the ~notetmp.reg file on UNIX or LINUX servers running Domino 8.5.2 FP1.
This is what happens:
The problem occurs if ~notetmp.reg points to the Domino data directory [read] Keywords: domino
ibm
lotus
apple
blogger
linux
server
43
Admin Notes: Fixes for File Viewer Vulverabilities in Lotus Notes
Tue, May 24th 2011 1:46p John James Just a quick note to make sure this gets out there.
I’m taking on more ‘security’ type duties at work. This is something that falls under both my hats.
IBM Support has released a Flash Alert regarding some vulnerabilities discovered in Lotus Notes.
More information can be found on the IBM Support site.
I do like the fact that they have provided work around information all the way back to Lotus Notes 5.x.
This post is written by John James of Wildunknown. John is a Lotus Dom [read] Keywords: admin
domino
ibm
lotus
notes
blogger
security
60
Admin Notes: Fixes for File Viewer Vulverabilities in Lotus Notes
Tue, May 24th 2011 1:22p John James Just a quick note to make sure this gets out there.
I'm taking on more 'security' type duties at work. This is something that falls under both my hats.
IBM Support has released a Flash Alert regarding some vulnerabilities discovered in Lotus Notes.
More information can be found on the IBM Support site.
I do like the fact that they have provided work around information all the way back to Lotus Notes 5.x.This post is written by John James of Wildunknown. John is a Lotus Domino Ad [read] Keywords: admin
domino
ibm
lotus
notes
blogger
security
47
Admin Notes: Lookup of IP address for host failed
Thu, May 19th 2011 8:03a John James If you come across and error like this in your Lotus Domino console, or log file:
“Lookup of IP address for host xxxxx.xxxxx.xxx failed”
Take a look at your Internet Site Documents, chances are one of them (a non-website one) has an invalid domain name.
This post is written by John James of Wildunknown. John is a Lotus Domino Administrator and Developer from Ottawa, Ontario, Canada.
He can be found at http://www.wildunknown.com.
Admin Notes: Lookup of IP address for host failed is a [read] Keywords: admin
domino
lotus
notes
apple
blogger
54
Admin Notes: Lookup of IP address for host failed
Thu, May 19th 2011 7:05a John James If you come across and error like this in your Lotus Domino console, or log file:
"Lookup of IP address for host xxxxx.xxxxx.xxx failed"
Take a look at your Internet Site Documents, chances are one of them (a non-website one) has an invalid domain name.This post is written by John James of Wildunknown. John is a Lotus Domino Administrator and Developer from Ottawa, Ontario, Canada.
He can be found at http://www.wildunknown.com. [read] Keywords: admin
domino
lotus
notes
apple
blogger
