Tag Archive: security

Security Scanner for Websphere Application Server

Came across this today, worth looking in to a bit.

Technote 4009963: IBM Security Scanner for Websphere Application Server

The Fallacy of Circles

As a follow on to my thoughts on creating and managing circles earlier in the week, as I continue to play with Google+ I find that the greater issue is not the time and effort to manage the lists, but rather the false sense of security they provide.

This morning for the first time I decided to Share someone elses post on Google+, the original post looked like this

image

This post originated with a person not in my stream, when I view their Profile I see other posts but not the one that was Shared by a person who is in my circle, which was shared with a Limited group of people.  I didn’t notice the Limited  on the screen until I went to Share the post when I was prompted with this:

image

This is very similar to when I wrote about protected Twitter accounts, sure you can protect your account, but any follower you approve can subsequently retweet or share your tweets with others.

I think Circles are going to lull people in to a false sense of security that when they share with a Circle it will stay within that circle only.  A simple pop up warning isn’t going to do it.  I am all for sharing just make sure you understand who you are sharing what information with, and what potential path that information may travel.

Security Vulnerability in WAS 7.0.11 Lotus Connections 3.0

Lotus Connections 3.0 runs on Websphere Application Server (WAS) 7.0.11, Technote 1462435 details a security vulnerability found in WAS 7.0.11.

“After installing fixpack 7.0.0.11 for WebSphere Application Server, an application may be able to invoke an internal login module in an incorrect fashion.
This only applies to an application internal login, and does not apply to a client login.”

The recommendation is to contact support and request Hotfix hotfix 7.0.0.11-WS-WAS-IFPK54565.

This is not listed as a critical vulnerability, but if you are starting a new install, or planning an upgrade might be worthwhile to get this fix on the system up front.

Security vulnerability in Lotus Connections login module