Every once in a while you come across something you thought was common knowledge and discover someone who hasn’t seen it. Here is my example. There are a few fields that were added back in Domino 7 that people may not be aware of… $$HTMLFrontMatter allows you to add a custom doctype declaration to a [...]
Read more →A vulnerability assessment turned up a potential issue with my Domino servers. CVE-2009-3555, or a security concern with SSL renegotiation. There is an easy work around for Domino, add the following parameter in your notes.ini file. SSL_DISABLE_RENEGOTIATE=1 Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://www-01.ibm.com/support/docview.wss?uid=swg21430331
Read more →So, today marks the first day that I’ve had a chance to play with our new Domino server. Most of the hardware is pretty standard. IBM 3650M2 hardware, 12GB of RAM and 2 quad core CPUs. Usually, the performance bottleneck I run into is disk access. Today, I’m trying some new hardware [...]
Read more →It’s not often I resort to the LazyWeb method of looking for information, but I haven’t had any luck finding what I was looking for otherwise. I have a client who wants to use their email address to log in to a Domino web application. My memory tells me that there is/was an issue with [...]
Read more →A group called www.thc.org released a tool called THC-SSL-DOS. Here’s a clip from their site: THC-SSL-DOS is a tool to verify the performance of SSL. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off [...]
Read more →If you are like me and setup your Domino server on one IP address and move it to another, under Windows 2008 R2, you may end up in a situation where the server refuses to start after you change the IP address. To fix it, add the following line to your notes.ini file, replacing 192.168.100.50 with [...]
Read more →Due to issues I had with Scribd, I’m posting my paper entitled “Securing Lotus Domino For The Web – Email Relay” here on my site. Enjoy! Securing Lotus Domino for the Web – Email Relay
Read more →I’ve been doing quite a bit of research into the BEAST (Browser Exploit Against SSL/TLS) vulnerability that security researchers Juliano Rizzo and Thai Duong demonstrated at the ekoparty security conference in Buenos Aires on Friday. The session at ekoparty revealed the technical details about how the exploit works and the vulnerability it exploits. The vulnerability has been [...]
Read more →Based on this article, I started thinking about how the fallout from the SSL/TLS vulnerability may affect me. I wasn’t ready for what I found. As it turns out, as detailed in this IBM tech note, there is no support for TLS 1.0, TLS 1.1 or TLS 1.2 for Domino’s http server. There is [...]
Read more →I got my Wikimania prize package in the mail the other day. There were numerous items including a Spam Sentinel t-shirt, some IBM bottle openers, IBM bottle sleeves, and the best part, a copy of the Mastering XPages book. Gotta love it! Update: I just got a note from one of the organizers asking if I got the [...]
Read more →