Archive for the 'Security' Category

SRX100 Junos dynamic VPN, Win7, OSX, VPNTracker

Monday, March 3rd, 2014

(Update March 6, 2014: The Junos “standard” proposal actually includes 3DES in both phase 1 and phase 2, still making it hard for VPNTracker to connect. What we need to do is create a custom proposal for each phase with only AES in it. I updated the text to reflect that.) So this is what […]

Southend Enterprises scam

Tuesday, September 3rd, 2013

Just this afternoon I got a call from “iAssist” who wanted to fix my computer, since it had malware, or was out of support or something. It was the regular fare with them taking over my computer to “fix” it for me. So I let him do just that. While I “doddered” around and “tried” […]

An ode to Juniper

Friday, October 1st, 2010

I have a Juniper SSG-5 and the school I’m doing the network setup for also got one identical unit on my recommendation. I wanted to set up a fixed VPN between the two but failed miserably, so I logged a support request with Juniper on my machine, which is still in warranty but without any […]

EHR systems are liars

Thursday, July 29th, 2010

I’m just copying a post here I just did to a closed forum for CISSPs. A couple of days ago, I had to create a death certificate in Cosmic, the EHR system produced by Cambio Healthcare Systems and used in many provinces of Sweden and increasingly abroad. So, I opened up the records for the […]

OSX, FreeRadius, Netscreen, and me

Saturday, May 29th, 2010

Oh, wow, this was crazy. What I needed to get done is to have a Juniper SSG-5 firewall (which runs Netscreen OS 6.2) authenticate users from the FreeRadius server that runs by default in OSX Snow Leopard server (10.6.3). And I needed the SSG-5 to differentiate depending on groups on Open Directory on the OSX. […]

Design for updates

Monday, April 26th, 2010

When designing new system architectures, you really must design for updating unless the system is totally trivial. This isn’t hard to do if you only do it systematically and from the ground up. You can tack it on afterwards, but it’s more work than it needs to be, but it’s still worth it. I’ll describe […]

Welcome back, GPG Mail!

Tuesday, December 8th, 2009

A friend just sent me this link to a blog entry that describes the return of GPG Mail to Snow Leopard 10.6.2: http://carlton.oriley.net/blog/?p=20 The link to the download is: http://carlton.oriley.net/blog/wp-content/uploads/2009/12/GPGMail-1.2.1.mailbundle.zip And it works! Go get it.

Useless email limitation

Tuesday, October 27th, 2009

Something just happened here in old Sweden. A doctor sent an email with confidential patient info to a local government office, but fatfingered the adresses, so it ended up with 200 different people at that government office. Problem was, except for the numbers, that the patient he was divulging info about, actually works at that […]

DoS your kids

Tuesday, October 20th, 2009

Saw this “How old will you get?” site, in Swedish, linked from a friend’s Facebook page (or an ad, can’t really make it out, but that’s the nature of FB, right?): Stupid site, don’t go there. But if you do go there, they ask you to register. So you don’t, but click “Starta testet” instead. […]

.NET considered harmful

Monday, September 7th, 2009

A friend of mine just told me about what an MS evangelist said at a symposium on multicore (paraphrased), after getting the question: “Did MS consider that cache awareness for programmers in multicore development?” …and he answered: “The average developer is not capable of handling that kind of level of detail. … Most developers are […]