IBM Updates on SHA-2 and POODLE

Two new Technotes have been published

How is IBM Domino impacted by the POODLE attack?

The Short version it is and IBM will provide Interim Fixes for the following Domino releases:

    • 9.0.1 Fix Pack 2
    • 9.0
    • 8.5.3 Fix Pack 6
    • 8.5.2 Fix Pack 4
    • 8.5.1 Fix Pack 5

Planned SHA-2 deliveries for IBM Domino 9.x

The Short version

SHA-2 support for Domino 9.x is planned to be delivered over the next several weeks via an Interim Fix.

  • With this Interim Fix, Domino administrators will be able to configure Domino 9.x to use a SHA-2 certificate over HTTP, SMTP, LDAP, POP, and IMAP. With a SHA-2 certificate in place, users will be able to use a browser to connect to iNotes, XPages, traditional Domino Web apps, and Sametime (based on Domino HTTP).
  • Once the Interim Fix is applied, browser users will not receive a security alert since Domino will be configured with SHA-2. Domino administrators will be able to import a 3rd-party SHA-2 cert or generate SHA-2 certs with the Domino Administrator client with Domino 9.x running the Interim Fix on all supported platforms.
  • As mentioned in the above section, the cryptographic infrastructure needed to provide these features was new to Domino 9.x. For this reason, we will not be able to support SHA-2 on Domino 8.5.x.

IBM Domino, Google, and SHA-1

There is a lot of talk these days about Google’s decision to accelerate the deprecation of SHA-1, and IBM Domino’s lack of support for SHA-2 .  Right off lets get this straight IBM absolutely should have plans to add SHA-2 support in Domino and an implementation date should be communicated ASAP.  At the same time the pressure should really be on Google to back down from what is an arbitrary deadline they announced out of the blue, and to support the previously announced 2017 date for the deprecation of SHA-1.

While it is easy to blame IBM here (and again IBM needs to communicate a date they will support SHA-2 in Domino) the immediate deprecation by Google is an arbitrary move that does not have a lot of support.

Some facts

  • Microsoft previously announced their plans to deprecate SHA-1 in 2017
  • Currently 92% of certificates on the Internet are SHA-1 signed
  • Google then decided to begin deprecating SHA-1 in November of this year
  • SHA-1 has not been compromised or hacked
  • Google as an Intermediate CA is issuing them with SHA-1 (but their deprecation policy exempts their own certificates)

 

Here is a statement from the CA Security Council 

Although the CA Security Council (CASC), comprised of the seven largest Certificate Authorities, supports migration to SHA-2, members are concerned about the impact on website users and administrators alike. Considering many users may still use software lacking SHA-2 support, primarily Windows XP SP2, and the still unknown impact on a complete SHA-1 migration, this 12 week timeline is aggressive. In addition, many devices still lack SHA-2 support, making necessary possibly unplanned and expensive upgrades.

With fall shopping season nearly here, this policy may be particularly concerning for small internet stores, which could be impacted just before the holiday rush. Because many large sites have lockdown periods leading up to the end of the year, companies that have not transitioned may find themselves restricted from making the move until January, or beyond, due to lack of SHA-2 support. Although a migration to SHA-2 is necessary as computing power increases, because of the significant impact in migration and the lack of a practical attack until 2018, the CASC members recommends thetimelines announced by Microsoft in November 2013, which deprecate SHA-1 in code signing certificates by January 1, 2016 and in SSL certificates by January 1, 2017.

If you want a clear explanation on all this, listen to what Steve Gibson has to say about it on Security Now (If it does not begin there automatically pick up the podcast at 48:37 for the SHA-1 discussion)

IBM ConnectED 2015 Call for Abstracts is now open

social-collab_leadspace-980x300

The Call for Abstracts for IBM ConnectEd 2015 has gone out.  You have until October 8th to submit your abstract for the upcoming event.   You can see the seven available tracks and their descriptions here, and the Agenda overview here.

IBM ConnectED 2015 Call for Abstracts

IBM Notes Traveler and support for iOS8

If you support an IBM Notes Traveler environment this question should be on your mind

ios8

 

Looks like good news if you are reasonably current in your Traveler environment.  We have had a beta device connected to a 9.0.1 IF4 Traveler server and it worked with out any issue, I know I will be watching closely when Apple releases iOS8 to make sure everything keeps working.

See the technote fo the Full Q&A including updates on Traveler Companion and To Do .

Nice job by IBM getting this document published in advance of today’s Apple announcements.

Technote 1683614: Q&A about IBM Notes Traveler support for Apple iOS 8.x

IBM SmartCloud rebranding to IBM Connections Cloud

We heard last January at IBM Connect that the IBM Collaboration Solutions would all be rebranded under the IBM Connections name.   IBM SmartCloud for Social Business is no exception and will be changing later in September.

Current Name New Name
IBM SmartCloud Engage Advanced IBM Connections Cloud S1
IBM SmartCloud Engage Standard IBM Connections Cloud S2
IBM SmartCloud iNotes IBM Connections Web Mail Cloud
IBM SmartCloud Archive Essentials IBM Connections Archive Essentials Cloud
IBM SmartCloud Connections IBM Connections Social Cloud
IBM SmartCloud Docs IBM Connections Docs Cloud
IBM SmartCloud Meetings IBM Connections Meetings Cloud
(New Offering) IBM Connections Chat Cloud

Looks like they are holding off on changing the Notes Mail product names until Mail Next launches.

The URLs will not be changing, just the product names.

Nominations are open for the next class of IBM Champions

IBM Champion

 

 

It is that time of year again, nominations are open for the next class of IBM Champions.  Take a few minutes and nominate yourself, or even better nominate someone else to show appreciation for their contributions to the community.

Nominate an IBM Champion

Making Two Factor Authentication (even) easier

If you pay attention to the news you know you should be protecting your accounts with strong unique passwords, and two factor authentication wherever it is supported.  Two factor authentication improves your security by requiring (as the name implies) as second piece of information to authenticate which is usually a number generated by an app on your phone or received via text or email.  A while ago I posted this tip to make two factor authentication a little easier, now I want to follow that up with another tip.

I recently moved all my two factor authentication from Google Authenticator  to Authy.  The big difference is Authy will let you sync your two factor authentication between multiple devices as well as serve them up via a Chrome App.

I recently replaced my phone and instead of having to open up all my QR codes I was able to simply authorize my new phone in Authy and decrypt all my sites in seconds

I’m Looking Forward to this

From my Inbox last night

mail-next-acceptance

IBM Mail Next 

Nominations are Open for the IBM Mail Next Design Advisory Program

Interested in IBM Mail Next? Want a voice in shaping the product? Nominate yourself to participate in the Design Advisory Program for Mail Next.

You need to be an IBM SmartCloud Notes Customer, or a Business Partner with a SmartCloud Demo Account to participate.

Kramer Reeves: IBM Mail Next – Design Advisory Program – Open for Nominations!

IBM Design Advisory Program for IBM Mail Next – Nomination Form

IBM Connections Next – The Trailer

IBM Connections Next is coming, with the details being announced on May 21st.   I love this trailer that Luis Benitez put together ahead of the announcement.

Don’t forget to register for the May 21st Webcast