Went to Paul Mooney/Bluewave's Domino Ethical Hacking workshop last week, and I'm rather glad I did. Tom Duff's comment on Paul's post is pretty much on the money, very scary stuff indeed, and really made you think. Paul showed and discussed a whole range of tools and techniques that are used by the bad guys out there, and each time then brought the discussion back to what you need to do in your corporate and Domino environment to be able to guard against them. Not all the solutions, by any means, are in Domino. Some are plain and ordinary good practice. Some are education. Some are firewall and network configurations, and then there are things you can and should do in Domino - and hopefully you've already done the important ones in your own environment.
But seeing and discussing the techniques and tools Paul mentioned should make you more wary of your own internet usage, too. One hacking technique in use involves capturing logon information and stealing the web session - web sites that use SSL for logon only and then revert back to HTTP for the rest of the session are vulnerable to this technique, and there are other things that this session will make you more aware of, too.
If you get the chance, and you have an interest in keeping your Domino servers secure on the web, go along to Paul's session. And be ready to be scared.
Mick Moignard May 29th, 2012 07:51:17 AM