Locations of visitors to this page

only search Wiseman.La

The World NEXT ends 


For over 8 years, there's been post after post, PMR after PMR, IdeaJam idea after idea on upgrade Domino's SSL security in order to keep it current.
(Here's a google search for:
Please upgrade Domino SSL )

While they've been very busy apparently doing nothing about this, IBM's also been very quiet about it, although they have acknowledged that IBM's PAYING CUSTOMERS think it's important (
see here).

Now, we expect to hear something about how to fix this. SOON. It's not like IBM hasn't had time to prepare.

Give me details!

Bill Malchisky covers the actual vulnerability very well, so I'll send you his way for the techy detail:
New SSL3 Exploit: The POODLE Is Here and Lifting Its Leg ( http://planetlotus.org/c4db50 )

Update
See the comments for some mitigation options for Domino. UNTIL IBM FIXES THIS.

Comments (3)
Craig Wiseman October 15th, 2014 07:50:22 AM

 Comments
1) Poor Domino users. For folks who care about security, looks like now is when IBM’s disrespect (contempt) for its userbase bites us: new Poodle SSL v3 hack

NONE of these are 'easy', but they are good to be aware of:

Mr. Duke has a very nice post on a mitigation stratgy for Domino: { Link }

Also, nginx can be a good approach:

Jesse Gallagher: Domino and SSL: Come with Me If You Want to Live. ( { Link } )

Richard Moy: Installing Nginx Reverse Proxy on CentOS for Domino Our Experience. { Link }

Ray Davies: Domino Interface: Installing Nginx Reverse Proxy on CentOS for Domino Our Experience. { Link }

2) Poor Domino users. For folks who care about security, looks like now is when IBM’s disrespect (contempt) for its userbase bites us: new Poodle SSL v3 hack
Bill Malchisky http://billmal.com 10/15/2014 11:01:16 AM

Craig - Thanks for the mention in your post. I appreciate the kind words and link. Added this to my internal IBM documentation too.

3) Poor Domino users. For folks who care about security, looks like now is when IBM’s disrespect (contempt) for its userbase bites us: new Poodle SSL v3 hack

The lack of any significant communication from IBM over months in addition to the obvious lack of attention for Domino's security stack is pretty sad.

That said, this is a welcome message: { Link }


Discussion for this entry is now closed.