IBM Connections Cloud Meetings Get a New Look and Audio/Video

Another weekend another set of updates to IBM Connections Cloud, one of which is a new look and feel to IBM Connections Cloud Meetings.  The Meeting UI has been updated to the Verse theme, and gone is the blank gray box which used to be prominent and it is replaced with quick actions to share your screen or files.

Meetings

Coming next is Audio/Video integration in Meetings, I have been beta testing it for a while now and happy to see it coming to release shortly.

Check out Luis Benitez’s blog for more of the new capabilities releases this weekend

Why I still have faith in LastPass

I’m sure I am not the only one who saw this news from LastPass yesterday and almost had a heart attack.


After reading and digesting the news (and changing my master password) I concluded that I am still more secure with LastPass than without it.   I would also make that statement about any of the other popular secure password managers out there, I just happened to land with LastPass and am a satisfied user.

For those who are customers of other products, don’t be so quick to jump on LastPass, it was simply their turn now, clearly anyone in this space is going to be a target.

So I will continue to rest easy knowing my data is in LastPass for the following reasons

  • They were completely transparent about what happened, explained it clearly, and immediately implemented additional security measures to protect their users data
  • I have Two-Factor authentication enabled, so even if my master password was stolen (which it was not) I am still in pretty good shape
  • I take advantage of LastPass’s feature which allows me to limit the countries from which my account can be logged in t0 (sure  the United States is a big country and there are ways around this, but every little bit helps)
  • I like the way LastPass has reacted to other security issues (like Heartbleed) where instead of using it as a promotional opportunity which is what some of their competitors did, LastPass released a tool to help you figure out which passwords should be changed immediately

I am infinitely more secure having unique, secure passwords for every site, than what I had before I went all in with LastPass, so I think I will continue to use LastPass and sleep at night.

The 2015 Lotusphere Closing Ceremony

The name of the conference might change, but the traditions remain the same.  The conference ends around 4:30 in the afternoon, but many many hours later Mat Newman finally has his badge removed and only then is Lotusphere officially over.   The honor this year was given to Sandra Bühler.

Lotusphere 2014 Closing Ceremony

Lotusphere 2013 Closing Ceremony

Adding Two Factor Authentication to IBM Connections Cloud

Yes, it’s true :-)

When I looked at the schedule for IBMConnectED, there was one session that was a can’t miss.  Steve McDonagh was talking about adding Two Factor Authentication to IBM Connections Cloud.   If you know me, you know I do a lot of work with IBM Connections Cloud and I am obsessed with two factor authentication, of course I had a conflict and could not be there, so with the help of Devin I managed to get a video of the session which Steve was nice enough to let me publish.

On a side note, if IBM Connections Cloud and two factor authentication is of no interest to you, consider watching the first 5 minutes regardless it’s brilliant,

Check out Steve’s Blog for more on Two Factor Authentication with IBM Connections Cloud 

Where to Find me (or my sessions) at IBMConnectED

social-collab_leadspace-980x300

Sunday January 25th

1 PM-2 PM Swan 7-10 with Scott Souder

MAS102: Mail As You’ve Never Imagined It Before: IBM Verse

At a time when organizations are striving to be more efficient, we are faced with an overwhelmingly large volume of email that outpaces productivity. But IBM is changing all of this by re-imagining what mail should be and transforming the way we work. Enter “IBM Verse.” Optimized for web and mobile, Verse gets to know you — by identifying the people and patterns of how you work — and draws your attention to the messages, meetings and tasks that you care about. Join Scott Souder and IBM Champion Mitch Cohen for a candid discussion, overview and demos as we kick-off a great week where Verse is sure to be one of the hottest topics!

Monday January 26th

1 PM-2 PM Swan 1-2

BP210: Sunny Days, (Smart)Cloud-y Users (this title was better when SmartCloud was still the branding, but the content is good)

Learn how you can leverage the data in your existing on-premises or cloud systems (LDAP, Profiles, Active Directory, and others) to automatically provision users in IBM Smart Cloud for Social Business. This session will provide a basic introduction to Tivoli Directory Integrator, and how to connect to multiple data sources to create users in IBM SmartCloud. We will cover user the automation of user creation, changes, and deletions, as well as explain different enrollment and log in methods available to your users.

5 PM – 6 PM Swan 5-6

INV402: Strategies for Connecting the Global Workforce through Cloud – Customer Panel

Hear directly from companies how they’re using social cloud to connect employees to each other, to partners and to customers to energize their work. This customer panel will discuss their experiences in starting their social cloud journey, their insights on how to best use cloud to drive social adoption across diverse workforces globally, and share best practices for what works and what doesn’t. Gain insights on how to be successful using cloud to connect employees so they can be more effective in their daily work and learn where these companies are going next.

Wednesday January 28th 

10:30 AM – 11:30 AM Swan 5-6

Gurupalooza is back again this year hosted by Susan Bulloch.  If you are not familiar with this session it is many of the (non-IBM) speakers on stage, you ask the questions, and in theory you get answers.  This is always a fun and informative session.

Hope to see you in Orlando next week

IBM Verse – The Commercial

I am told this will air during the NFL Playoffs this weekend, I guess I will just have to watch Football now this weekend :-)

Speaking at IBM ConnectED 2015

social-collab_leadspace-980x300

 

IBM ConnectED 2015 is a little over a month away and it is shaping up to be a busy week for me.  Here are my sessions looking forward to seeing you there.

Scott Souder and I will attempt to answer all your questions about IBM Verse

MAS102: Mail As You’ve Never Imagined It Before: IBM Verse

At a time when organizations are striving to be more efficient, we are faced with an overwhelmingly large volume of email that outpaces productivity. But IBM is changing all of this by re-imagining what mail should be and transforming the way we work. Enter “IBM Verse.” Optimized for web and mobile, Verse gets to know you — by identifying the people and patterns of how you work — and draws your attention to the messages, meetings and tasks that you care about. Join Scott Souder and IBM Champion Mitch Cohen for a candid discussion, overview and demos as we kick-off a great week where Verse is sure to be one of the hottest topics!

Interested in provisioning users into IBM Connections Cloud? I will share my experience and tell you everything you need to know to get started

BP210: Sunny Days, (Smart)Cloud-y Users (this title was better when SmartCloud was still the branding, but the content is good)

Learn how you can leverage the data in your existing on-premises or cloud systems (LDAP, Profiles, Active Directory, and others) to automatically provision users in IBM Smart Cloud for Social Business. This session will provide a basic introduction to Tivoli Directory Integrator, and how to connect to multiple data sources to create users in IBM SmartCloud. We will cover user the automation of user creation, changes, and deletions, as well as explain different enrollment and log in methods available to your users.

Finally I will also be participating in this customer panel

INV402: Strategies for Connecting the Global Workforce through Cloud – Customer Panel

Hear directly from companies how they’re using social cloud to connect employees to each other, to partners and to customers to energize their work. This customer panel will discuss their experiences in starting their social cloud journey, their insights on how to best use cloud to drive social adoption across diverse workforces globally, and share best practices for what works and what doesn’t. Gain insights on how to be successful using cloud to connect employees so they can be more effective in their daily work and learn where these companies are going next.

Should be a fun, busy, and hopefully warm few days in Orlando, what are you waiting for Register Now.

 

IBM Updates on SHA-2 and POODLE

Two new Technotes have been published

How is IBM Domino impacted by the POODLE attack?

The Short version it is and IBM will provide Interim Fixes for the following Domino releases:

    • 9.0.1 Fix Pack 2
    • 9.0
    • 8.5.3 Fix Pack 6
    • 8.5.2 Fix Pack 4
    • 8.5.1 Fix Pack 5

Planned SHA-2 deliveries for IBM Domino 9.x

The Short version

SHA-2 support for Domino 9.x is planned to be delivered over the next several weeks via an Interim Fix.

  • With this Interim Fix, Domino administrators will be able to configure Domino 9.x to use a SHA-2 certificate over HTTP, SMTP, LDAP, POP, and IMAP. With a SHA-2 certificate in place, users will be able to use a browser to connect to iNotes, XPages, traditional Domino Web apps, and Sametime (based on Domino HTTP).
  • Once the Interim Fix is applied, browser users will not receive a security alert since Domino will be configured with SHA-2. Domino administrators will be able to import a 3rd-party SHA-2 cert or generate SHA-2 certs with the Domino Administrator client with Domino 9.x running the Interim Fix on all supported platforms.
  • As mentioned in the above section, the cryptographic infrastructure needed to provide these features was new to Domino 9.x. For this reason, we will not be able to support SHA-2 on Domino 8.5.x.

IBM Domino, Google, and SHA-1

There is a lot of talk these days about Google’s decision to accelerate the deprecation of SHA-1, and IBM Domino’s lack of support for SHA-2 .  Right off lets get this straight IBM absolutely should have plans to add SHA-2 support in Domino and an implementation date should be communicated ASAP.  At the same time the pressure should really be on Google to back down from what is an arbitrary deadline they announced out of the blue, and to support the previously announced 2017 date for the deprecation of SHA-1.

While it is easy to blame IBM here (and again IBM needs to communicate a date they will support SHA-2 in Domino) the immediate deprecation by Google is an arbitrary move that does not have a lot of support.

Some facts

  • Microsoft previously announced their plans to deprecate SHA-1 in 2017
  • Currently 92% of certificates on the Internet are SHA-1 signed
  • Google then decided to begin deprecating SHA-1 in November of this year
  • SHA-1 has not been compromised or hacked
  • Google as an Intermediate CA is issuing them with SHA-1 (but their deprecation policy exempts their own certificates)

 

Here is a statement from the CA Security Council 

Although the CA Security Council (CASC), comprised of the seven largest Certificate Authorities, supports migration to SHA-2, members are concerned about the impact on website users and administrators alike. Considering many users may still use software lacking SHA-2 support, primarily Windows XP SP2, and the still unknown impact on a complete SHA-1 migration, this 12 week timeline is aggressive. In addition, many devices still lack SHA-2 support, making necessary possibly unplanned and expensive upgrades.

With fall shopping season nearly here, this policy may be particularly concerning for small internet stores, which could be impacted just before the holiday rush. Because many large sites have lockdown periods leading up to the end of the year, companies that have not transitioned may find themselves restricted from making the move until January, or beyond, due to lack of SHA-2 support. Although a migration to SHA-2 is necessary as computing power increases, because of the significant impact in migration and the lack of a practical attack until 2018, the CASC members recommends thetimelines announced by Microsoft in November 2013, which deprecate SHA-1 in code signing certificates by January 1, 2016 and in SSL certificates by January 1, 2017.

If you want a clear explanation on all this, listen to what Steve Gibson has to say about it on Security Now (If it does not begin there automatically pick up the podcast at 48:37 for the SHA-1 discussion)

IBM ConnectED 2015 Call for Abstracts is now open

social-collab_leadspace-980x300

The Call for Abstracts for IBM ConnectEd 2015 has gone out.  You have until October 8th to submit your abstract for the upcoming event.   You can see the seven available tracks and their descriptions here, and the Agenda overview here.

IBM ConnectED 2015 Call for Abstracts