In an era where supposedly secure products turn out to be full of holes, Lotus Notes stood alone with little said about its security problems. That ended during a panel at Def Con 8, the annual hackers' conference held last week in Las Vegas. Dutch security consultants The Trust Factory, sitting alongside of ex-hacker Chris Goggins, director of operations for Security Design, announced a veritable flood of problems for Notes installations. Lotus has been aware of the issues for some time, planned to have patches made available soon, and had fixed one problem since the release of Notes 4.6.
Def Con grows up -- sort of
Def Con has come a long way since the tiny conference I witnessed in 1994.
Def Con used to be a small gathering that fit into a single, tiny, windowless room at the Sands Hotel in Las Vegas. It was easy to pick out the Feds back then, as most of the attendees were young, and visiting law enforcement personnel were not only not young, but dressed very differently. There was a clear distinction between the phone phreaks, who clustered around a young man with a scanner, and the computer hackers, who listened intently as Dan Farmer or other old-timers gave lectures about security. The real action occurred late at night, in closed sessions, featuring smoky rooms and drunken teenagers.
This year, more than 6,000 people attended, many more than could fit into the three rooms where sessions were presented. I punted this year, as leaving one desert in Arizona for another, even hotter one in Nevada just didn't make sense to me, but I'm almost sorry I didn't go.
Unlike any other conferences related to security, it's not uncommon for a serious presentation at Def Con to suddenly morph into theatre. During the Cult of the Dead Cow's panel session, the lights were dimmed, strange music played, and a young man was bloodily "sacrificed." And the Jeopardy game was completely unlike anything you would ever see on television.
Lotus Notes is a secure groupware platform. Unlike Microsoft's Exchange-based groupware, Notes has always relied on strong security techniques such as the use of digital certificates for user authentication and encryption. If users stay with traditional Notes clients, any problems are greatly diminished. It is Domino, Notes' Web interface, that presents the greatest security threat.
Where Google Chrome security fails: the password I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Surviving Windows is easier than you think… MKS offers the power of an integrated all-in-one environment and provides you with the Power of UNIX on Windows Learn More
Brought to you by:
contests & free stuff
We have 5 copies of these two new books to give to some lucky readers. The deadline for entries is November 30, 2009.
AISO founders envisioned a Web hosting company that was environmentally friendly. While the company employed energy-efficient innovations like solar panels, its infrastructure produced unacceptable power and cooling requirements. Find out how AISO leveraged AMD technology to overcome their challenge in this case study white paper.
In this whitepaper, Scalar explores the opportunity to change the landscape with respect to mission critical databases
built around Oracle. Leveraging technologies such as Linux, high-end commodity processing power and Oracle RAC
technology to architect, design, build and maintain database infrastructure that delivers maximum availability, reliability
and performance at a fraction of traditional cost.
On a typical day, weather.com, the Web site for The Weather Channel in Atlanta, serves up between 15 million and 20 million page views. But in September 2004, when back-to-back hurricanes ransacked Florida, the peak traffic on one day more than tripled: over 70 million page views by more than 7 million unique visitors. Read the full success story now.
Esther Schindler
claird
pasmith
Sandra Henry-Stocker
jfruh
mikelgan
Quick, practical advice for IT pros. Made fresh daily.
