SlideShare a Scribd company logo

Social Connections 12. We hired hackers to hack us

Robert Farstad
Robert Farstad

This is the presentation I gave at Social Connections 12 in Vienna 17. oct 2017.

Presentations & Public Speaking
1 of 45
Download to read offline
Vienna, October 16-17 2017 We hired hackers to hack us; A case study about cloud-based authentication and security in IBM Connections Robert Farstad @robertfarstad
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 PLATINUM SPONSORS GOLD SPONSORS SILVER SPONSORS BRONZE SPONSORS
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 This session… …is mainly for you tech-people. But very useful for everyone to see. Might be an eye- opener. No talk about: •  What IBM Connections is… •  What IBM Cnx can give you… •  No ROI talk, what so ever! •  How to use IBM Cnx!!
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 This session… …is a case study where I will show you •  an integration with Auth0. •  how we hired hackers to hack us.
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Vienna, October 16-17 2017
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Vienna, October 16-17 2017 The customer
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 The customer - •  Political party, won the election 2017, second time in a row. •  Norways Prime Minister is Høyres leader. •  60.000 members •  Was a white-space customer. •  Now: Connections + Docs + Sametime •  IBM Reference Customer. •  Security is a priority, more and more. •  Election year = hacking attempts. •  We hacked them first!
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 - cloud based authentication Høyre used Auth0 for all websites. Requirement for them to become a Connections customer was: •  Authentication integration with Auth0! •  è POC – Item Consulting developed a TAI mechanism towards Auth0.
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Vienna, October 16-17 2017 What is Auth0?
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 - cloud based authentication You can connect any application. •  Custom credentials: username + passwords •  Social network logins: •  Google, Facebook, Twitter, and any OAuth2, OAuth1 or OpenID Connect provider. •  Enterprise directories: •  LDAP, Google Apps, Office 365, ADFS, AD, SAML-P, WS- Federation, etc. •  Passwordless systems: •  Touch ID, one time codes on SMS, or email. •  Supports several 2-factor solutions.
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 •  JSON Web Token •  Secure API: (TLS v1.2, AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism. ) •  Extensible admin tool. •  Monitoring, (#logins, where from, who fails, hack attempts, alarms.) •  Blocking •  Logs •  Synced with Høyres back-end member system via MSSQL DB, securely! - cloud based authentication
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 - cloud based authentication
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 - cloud based authentication
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 + TAI •  Item developed a WebSphere Application •  TAI – Trust Association Interceptors. •  èLTPA after authenticated •  New Auth0 login page. •  Logout pages are modified •  Logs out of Auth0 •  Logs out of Websphere
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Devices used Login occurs from: •  Browsers •  Apps •  Desktop plugins. Technically, the login procedures are quite different.
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Web-browsers
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Apps + Plugins
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Tivoli Directory server - TDS ◘  FREE/Bundled LDAP server for IBM Connections ◘  Standard setup between WebSphere and TDS ◘  Import of users via TDI/SDI to TDS. ◘  From MSSQL Database – over site2site vpn. ◘  Imports only the most relevant fields Name, email, mobile, position, company, department
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Tivoli Directory server – TDS + PTA ◘  Password field in TDS is blank! ◘  PTA is triggered. ◘  What is PTA? ◘  Pass Through Authentication ◘  PTA is configured to search in alternative LDAP source. ◘  The password is stored in Auth0 ◘  Our PTA source is TDI / SDI ◘  TDI calls the TAI application – gets response code 200 if OK. ◘  è logged in
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 What is TDI/SDI? ◘ Tivoli Directory Integrator / Security Directory Integrator ◘ Data manipulation system, limitless possibilities. ◘ Eclipse based – Javascript coding. ◘ Used to move, consolidate, manipulate data. ◘ Used in Connections for profile data import. ◘ Best tool ever, once you´ve learned the jift of the gui and debugger.
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 TDI – acting as an LDAP server. ◘ Simulates an LDAP server ◘ Gets attempted username and password from TDS PTA. ◘ Credentials è WebSphere Auth0login app. ◘ WAS app è REST lookup to Auth0 API. ◘ Gets return code OK or NOT_OK. ◘ TDI receives same code from the WAS app. ◘ TDS PTA receives same code from TDI. ◘ TDI runs multiple instances – Can handle large load.
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 TDI – acting as an LDAP server. Simple code – extremely powerful!
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 TDI – acting as an LDAP server.
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Did they get in? We hired hackers
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 What they tested Login attempts SSL + headers Apps Stolen laptop Me! Sensitive information
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 SSL tests www.ssllabs.com Grade was bad After hardening SSLChipersSuite, honorChipersOrder and SSLV2 +V3 disabling. TLS only
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 SSL tests – http config for Grade A SSLEnable SSLProtocolEnable TLS SSLProtocolDisable SSLv2 SSLv3 # Disable SSLCompression -> CRIME ATTACK SSLCompression off #Prefer ECDHE-RSA ciphers SSLCipherSpec ALL NONE SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 SSLCipherSpec ALL TLS_RSA_WITH_AES_128_GCM_SHA256 SSLCipherSpec ALL TLS_RSA_WITH_AES_256_GCM_SHA384 SSLCipherSpec ALL TLS_RSA_WITH_AES_128_CBC_SHA256 SSLCipherSpec ALL TLS_RSA_WITH_AES_256_CBC_SHA256 # Enabling this 3 ciphers mean A- rating on ssllabs SSLCipherSpec ALL TLS_RSA_WITH_AES_128_CBC_SHA SSLCipherSpec ALL TLS_RSA_WITH_AES_256_CBC_SHA SSLCipherSpec ALL SSL_RSA_WITH_3DES_EDE_CBC_SHA
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Headers securityheaders.io Grade was bad After hardening HTTP config to achieve Grade A: Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload” Header set Referrer-Policy "same-origin” Header set X-Content-Type-Options "nosniff” Header set X-XSS-Protection "1; mode=block” Header set X-Frame-Options "DENY” Header set X-Frame-Options SAMEORIGIN
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 The Mobile App Decompile • Android app is decompilable • Broken down to study code Test • Tried every url found in code Result • Found no insecurities! • But MITM attacks were possible!
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 MITM - Man-in-the-middle attack An employee is out traveling and connects to a public network such as a hotel or airport WIFI. But instead, connects to a hackers wifi hotspot. Then clicks on “Continue”…. He/she will give the hacker running a MITM attack, full visibility over the traffic.
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 MITM - Man-in-the-middle attack
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 MITM - Man-in-the-middle attack mobile-config.xml has the solution for the connections app. Don´t press “Continue”!. Tell your admins to fix it.
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Demo time The demo consisted of showing a MITM attack + username/password “cluster bomb” attack using free tool Burp Suite.
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Accident waiting to happen
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 What did they find when they got in? Stolen Laptop Scenario
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Stolen Laptop Scenario •  Not hard to find password on PC •  Once in, passwords to sites are normally stored in browser. •  Saved wifi hotspots gives hackers GPS coordinates => can drive up alongside your company's building and connect. •  Hackers found sensitive information open to all of the IBM Connections users. Don´t expose login information available to everyone!
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 They hacked me! Or at least, they tried to…
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 They hacked me! •  They knew who I was. •  Googled me, found my blog. •  In one of the screenshots, a password was censored.
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 They hacked me! I was a weak link… How hard is it for hackers to find IT staff at your company? LinkedIn search… Google search… Google is both your friend and your enemy. •  Bad censoring!! •  Found 6 out of 9 chars by matching font, size and studied curves.
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Avoid stress
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 •  Mask/hide better! •  Hackers are clever bastards. •  Hackers has A LOT of free time. •  Implement 2-factor authorization mechanism, like Auth0 •  Hide your stuff. •  Once again: Hackers are clever bastards. •  Lockout policy – i.e. 5 attempts => locked out… Hackers has tools for that! •  Train your users!
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Useful links: Check SSL: https://ssllabs.com Check Headers: https://securityheaders.io Analyze CSP: https://report-uri.io/home/analyse What can your browser support? http://caniuse.com/#search=referrer%20policy Auth0 multi-factor authentication: https://auth0.com/docs/multifactor-authentication Burp Suite: https://portswigger.net/burp Ethical Hacker Certification: https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/ My blog: http://blog.robertfarstad.com Twitter: https://www.twitter.com/robertfarstad Item Consulting: https://www.item.no
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 PLATINUM SPONSORS GOLD SPONSORS SILVER SPONSORS BRONZE SPONSORS

Recommended

Socconx12 integrating ibm connections docs 2 and box
Socconx12 integrating ibm connections docs 2 and boxSocconx12 integrating ibm connections docs 2 and box
Socconx12 integrating ibm connections docs 2 and boxRoberto Boccadoro
 
Building cognitive apps with Watson Work Services
Building cognitive apps with Watson Work ServicesBuilding cognitive apps with Watson Work Services
Building cognitive apps with Watson Work ServicesLetsConnect
 
Using Watson Work Services Java SDK
Using Watson Work Services Java SDKUsing Watson Work Services Java SDK
Using Watson Work Services Java SDKLetsConnect
 
Get plugged with Connections!
Get plugged with Connections!Get plugged with Connections!
Get plugged with Connections!LetsConnect
 
IBM Connections Customizer – A Whole New World of Possibilities
IBM Connections Customizer – A Whole New World of PossibilitiesIBM Connections Customizer – A Whole New World of Possibilities
IBM Connections Customizer – A Whole New World of PossibilitiesLetsConnect
 
Calling all Developers: Building Connections Apps and Integrating with Pink
Calling all Developers: Building Connections Apps and Integrating with PinkCalling all Developers: Building Connections Apps and Integrating with Pink
Calling all Developers: Building Connections Apps and Integrating with PinkLetsConnect
 
How to attract more users – The evolving story of the Eurapco IBM Connections...
How to attract more users – The evolving story of the Eurapco IBM Connections...How to attract more users – The evolving story of the Eurapco IBM Connections...
How to attract more users – The evolving story of the Eurapco IBM Connections...LetsConnect
 
The Pink road – Dorothy’s journey through an all pink wonderland
The Pink road – Dorothy’s journey through an all pink wonderlandThe Pink road – Dorothy’s journey through an all pink wonderland
The Pink road – Dorothy’s journey through an all pink wonderlandLetsConnect
 

Recommended

Socconx12 integrating ibm connections docs 2 and box
Socconx12 integrating ibm connections docs 2 and boxSocconx12 integrating ibm connections docs 2 and box
Socconx12 integrating ibm connections docs 2 and boxRoberto Boccadoro
 
Building cognitive apps with Watson Work Services
Building cognitive apps with Watson Work ServicesBuilding cognitive apps with Watson Work Services
Building cognitive apps with Watson Work ServicesLetsConnect
 
Using Watson Work Services Java SDK
Using Watson Work Services Java SDKUsing Watson Work Services Java SDK
Using Watson Work Services Java SDKLetsConnect
 
Get plugged with Connections!
Get plugged with Connections!Get plugged with Connections!
Get plugged with Connections!LetsConnect
 
IBM Connections Customizer – A Whole New World of Possibilities
IBM Connections Customizer – A Whole New World of PossibilitiesIBM Connections Customizer – A Whole New World of Possibilities
IBM Connections Customizer – A Whole New World of PossibilitiesLetsConnect
 
Calling all Developers: Building Connections Apps and Integrating with Pink
Calling all Developers: Building Connections Apps and Integrating with PinkCalling all Developers: Building Connections Apps and Integrating with Pink
Calling all Developers: Building Connections Apps and Integrating with PinkLetsConnect
 
How to attract more users – The evolving story of the Eurapco IBM Connections...
How to attract more users – The evolving story of the Eurapco IBM Connections...How to attract more users – The evolving story of the Eurapco IBM Connections...
How to attract more users – The evolving story of the Eurapco IBM Connections...LetsConnect
 
The Pink road – Dorothy’s journey through an all pink wonderland
The Pink road – Dorothy’s journey through an all pink wonderlandThe Pink road – Dorothy’s journey through an all pink wonderland
The Pink road – Dorothy’s journey through an all pink wonderlandLetsConnect
 
Developing Enterprise Collaboration in the Cognitive Era
Developing Enterprise Collaboration in the Cognitive EraDeveloping Enterprise Collaboration in the Cognitive Era
Developing Enterprise Collaboration in the Cognitive EraLetsConnect
 
Project Pink Note – New Note Editor Based on IBM Docs Technology
Project Pink Note – New Note Editor Based on IBM Docs TechnologyProject Pink Note – New Note Editor Based on IBM Docs Technology
Project Pink Note – New Note Editor Based on IBM Docs TechnologyLetsConnect
 
Announcing the Connections Cloud Catalog: How to Get new Apps fresh out of th...
Announcing the Connections Cloud Catalog: How to Get new Apps fresh out of th...Announcing the Connections Cloud Catalog: How to Get new Apps fresh out of th...
Announcing the Connections Cloud Catalog: How to Get new Apps fresh out of th...LetsConnect
 
Rostelecom Social Platform (100,000+ employees)
Rostelecom Social Platform (100,000+ employees)Rostelecom Social Platform (100,000+ employees)
Rostelecom Social Platform (100,000+ employees)LetsConnect
 
Automate IBM Connections Installations and more
Automate IBM Connections Installations and moreAutomate IBM Connections Installations and more
Automate IBM Connections Installations and moreLetsConnect
 
Customization & Extensibility in IBM Connections Pink
Customization & Extensibility in IBM Connections Pink Customization & Extensibility in IBM Connections Pink
Customization & Extensibility in IBM Connections PinkLetsConnect
 
Five Steps to Successful Adoption of IBM Connections in your Organisation
Five Steps to Successful Adoption of IBM Connections in your OrganisationFive Steps to Successful Adoption of IBM Connections in your Organisation
Five Steps to Successful Adoption of IBM Connections in your OrganisationLetsConnect
 
The next wave of change
The next wave of changeThe next wave of change
The next wave of changeLetsConnect
 
Top 5 Challenges of Social Business Adaptation & How to Resolve Them Effectively
Top 5 Challenges of Social Business Adaptation & How to Resolve Them EffectivelyTop 5 Challenges of Social Business Adaptation & How to Resolve Them Effectively
Top 5 Challenges of Social Business Adaptation & How to Resolve Them EffectivelyLetsConnect
 
IBM Connections REST-API Waltz
IBM Connections REST-API WaltzIBM Connections REST-API Waltz
IBM Connections REST-API WaltzHenning Schmidt
 
IBM Connections REST API Klompendans
IBM Connections REST API KlompendansIBM Connections REST API Klompendans
IBM Connections REST API KlompendansHenning Schmidt
 
Introduction to Box Administration – See Why it Rocks!
Introduction to Box Administration – See Why it Rocks!Introduction to Box Administration – See Why it Rocks!
Introduction to Box Administration – See Why it Rocks!LetsConnect
 
Christian Brothers Services Journey from On Premises Lotus Collaboration to C...
Christian Brothers Services Journey from On Premises Lotus Collaboration to C...Christian Brothers Services Journey from On Premises Lotus Collaboration to C...
Christian Brothers Services Journey from On Premises Lotus Collaboration to C...LetsConnect
 
Writing your first Watson Work application, and why you’d want to
Writing your first Watson Work application, and why you’d want toWriting your first Watson Work application, and why you’d want to
Writing your first Watson Work application, and why you’d want toLetsConnect
 
Enterprise collaboration driven by IBM Connections at Raytheon
Enterprise collaboration driven by IBM Connections at RaytheonEnterprise collaboration driven by IBM Connections at Raytheon
Enterprise collaboration driven by IBM Connections at RaytheonLetsConnect
 
Migration from 5 to Connections 6 - been there, done that
Migration from 5 to Connections 6 - been there, done thatMigration from 5 to Connections 6 - been there, done that
Migration from 5 to Connections 6 - been there, done thatSharon James
 
O365Engage17 - What’s New in Office 365 Security
O365Engage17 - What’s New in Office 365 SecurityO365Engage17 - What’s New in Office 365 Security
O365Engage17 - What’s New in Office 365 SecurityNCCOMMS
 
Extend your development skills set using MS Graph
Extend your development skills set using MS GraphExtend your development skills set using MS Graph
Extend your development skills set using MS GraphBIWUG
 
Session Flow advanced - Serge Luca, Isabelle van Campenhoudt
Session Flow advanced - Serge Luca, Isabelle van CampenhoudtSession Flow advanced - Serge Luca, Isabelle van Campenhoudt
Session Flow advanced - Serge Luca, Isabelle van CampenhoudtaOS Community
 
O365Engage17 - The Latest and Greatest on Hybrid Exchange
O365Engage17 - The Latest and Greatest on Hybrid ExchangeO365Engage17 - The Latest and Greatest on Hybrid Exchange
O365Engage17 - The Latest and Greatest on Hybrid ExchangeNCCOMMS
 
IBM Connections Cloud extreme customization
IBM Connections Cloud extreme customizationIBM Connections Cloud extreme customization
IBM Connections Cloud extreme customizationDaniele Vistalli
 
IBM Connections Middleware – Connecting Blue/Green and PINK
IBM Connections Middleware – Connecting Blue/Green and PINKIBM Connections Middleware – Connecting Blue/Green and PINK
IBM Connections Middleware – Connecting Blue/Green and PINKLetsConnect
 

More Related Content

What's hot

Developing Enterprise Collaboration in the Cognitive Era
Developing Enterprise Collaboration in the Cognitive EraDeveloping Enterprise Collaboration in the Cognitive Era
Developing Enterprise Collaboration in the Cognitive EraLetsConnect
 
Project Pink Note – New Note Editor Based on IBM Docs Technology
Project Pink Note – New Note Editor Based on IBM Docs TechnologyProject Pink Note – New Note Editor Based on IBM Docs Technology
Project Pink Note – New Note Editor Based on IBM Docs TechnologyLetsConnect
 
Announcing the Connections Cloud Catalog: How to Get new Apps fresh out of th...
Announcing the Connections Cloud Catalog: How to Get new Apps fresh out of th...Announcing the Connections Cloud Catalog: How to Get new Apps fresh out of th...
Announcing the Connections Cloud Catalog: How to Get new Apps fresh out of th...LetsConnect
 
Rostelecom Social Platform (100,000+ employees)
Rostelecom Social Platform (100,000+ employees)Rostelecom Social Platform (100,000+ employees)
Rostelecom Social Platform (100,000+ employees)LetsConnect
 
Automate IBM Connections Installations and more
Automate IBM Connections Installations and moreAutomate IBM Connections Installations and more
Automate IBM Connections Installations and moreLetsConnect
 
Customization & Extensibility in IBM Connections Pink
Customization & Extensibility in IBM Connections Pink Customization & Extensibility in IBM Connections Pink
Customization & Extensibility in IBM Connections PinkLetsConnect
 
Five Steps to Successful Adoption of IBM Connections in your Organisation
Five Steps to Successful Adoption of IBM Connections in your OrganisationFive Steps to Successful Adoption of IBM Connections in your Organisation
Five Steps to Successful Adoption of IBM Connections in your OrganisationLetsConnect
 
The next wave of change
The next wave of changeThe next wave of change
The next wave of changeLetsConnect
 
Top 5 Challenges of Social Business Adaptation & How to Resolve Them Effectively
Top 5 Challenges of Social Business Adaptation & How to Resolve Them EffectivelyTop 5 Challenges of Social Business Adaptation & How to Resolve Them Effectively
Top 5 Challenges of Social Business Adaptation & How to Resolve Them EffectivelyLetsConnect
 
IBM Connections REST-API Waltz
IBM Connections REST-API WaltzIBM Connections REST-API Waltz
IBM Connections REST-API WaltzHenning Schmidt
 
IBM Connections REST API Klompendans
IBM Connections REST API KlompendansIBM Connections REST API Klompendans
IBM Connections REST API KlompendansHenning Schmidt
 
Introduction to Box Administration – See Why it Rocks!
Introduction to Box Administration – See Why it Rocks!Introduction to Box Administration – See Why it Rocks!
Introduction to Box Administration – See Why it Rocks!LetsConnect
 
Christian Brothers Services Journey from On Premises Lotus Collaboration to C...
Christian Brothers Services Journey from On Premises Lotus Collaboration to C...Christian Brothers Services Journey from On Premises Lotus Collaboration to C...
Christian Brothers Services Journey from On Premises Lotus Collaboration to C...LetsConnect
 
Writing your first Watson Work application, and why you’d want to
Writing your first Watson Work application, and why you’d want toWriting your first Watson Work application, and why you’d want to
Writing your first Watson Work application, and why you’d want toLetsConnect
 
Enterprise collaboration driven by IBM Connections at Raytheon
Enterprise collaboration driven by IBM Connections at RaytheonEnterprise collaboration driven by IBM Connections at Raytheon
Enterprise collaboration driven by IBM Connections at RaytheonLetsConnect
 
Migration from 5 to Connections 6 - been there, done that
Migration from 5 to Connections 6 - been there, done thatMigration from 5 to Connections 6 - been there, done that
Migration from 5 to Connections 6 - been there, done thatSharon James
 
O365Engage17 - What’s New in Office 365 Security
O365Engage17 - What’s New in Office 365 SecurityO365Engage17 - What’s New in Office 365 Security
O365Engage17 - What’s New in Office 365 SecurityNCCOMMS
 
Extend your development skills set using MS Graph
Extend your development skills set using MS GraphExtend your development skills set using MS Graph
Extend your development skills set using MS GraphBIWUG
 
Session Flow advanced - Serge Luca, Isabelle van Campenhoudt
Session Flow advanced - Serge Luca, Isabelle van CampenhoudtSession Flow advanced - Serge Luca, Isabelle van Campenhoudt
Session Flow advanced - Serge Luca, Isabelle van CampenhoudtaOS Community
 
O365Engage17 - The Latest and Greatest on Hybrid Exchange
O365Engage17 - The Latest and Greatest on Hybrid ExchangeO365Engage17 - The Latest and Greatest on Hybrid Exchange
O365Engage17 - The Latest and Greatest on Hybrid ExchangeNCCOMMS
 

What's hot (20)

Developing Enterprise Collaboration in the Cognitive Era
Developing Enterprise Collaboration in the Cognitive EraDeveloping Enterprise Collaboration in the Cognitive Era
Developing Enterprise Collaboration in the Cognitive Era
 
Project Pink Note – New Note Editor Based on IBM Docs Technology
Project Pink Note – New Note Editor Based on IBM Docs TechnologyProject Pink Note – New Note Editor Based on IBM Docs Technology
Project Pink Note – New Note Editor Based on IBM Docs Technology
 
Announcing the Connections Cloud Catalog: How to Get new Apps fresh out of th...
Announcing the Connections Cloud Catalog: How to Get new Apps fresh out of th...Announcing the Connections Cloud Catalog: How to Get new Apps fresh out of th...
Announcing the Connections Cloud Catalog: How to Get new Apps fresh out of th...
 
Rostelecom Social Platform (100,000+ employees)
Rostelecom Social Platform (100,000+ employees)Rostelecom Social Platform (100,000+ employees)
Rostelecom Social Platform (100,000+ employees)
 
Automate IBM Connections Installations and more
Automate IBM Connections Installations and moreAutomate IBM Connections Installations and more
Automate IBM Connections Installations and more
 
Customization & Extensibility in IBM Connections Pink
Customization & Extensibility in IBM Connections Pink Customization & Extensibility in IBM Connections Pink
Customization & Extensibility in IBM Connections Pink
 
Five Steps to Successful Adoption of IBM Connections in your Organisation
Five Steps to Successful Adoption of IBM Connections in your OrganisationFive Steps to Successful Adoption of IBM Connections in your Organisation
Five Steps to Successful Adoption of IBM Connections in your Organisation
 
The next wave of change
The next wave of changeThe next wave of change
The next wave of change
 
Top 5 Challenges of Social Business Adaptation & How to Resolve Them Effectively
Top 5 Challenges of Social Business Adaptation & How to Resolve Them EffectivelyTop 5 Challenges of Social Business Adaptation & How to Resolve Them Effectively
Top 5 Challenges of Social Business Adaptation & How to Resolve Them Effectively
 
IBM Connections REST-API Waltz
IBM Connections REST-API WaltzIBM Connections REST-API Waltz
IBM Connections REST-API Waltz
 
IBM Connections REST API Klompendans
IBM Connections REST API KlompendansIBM Connections REST API Klompendans
IBM Connections REST API Klompendans
 
Introduction to Box Administration – See Why it Rocks!
Introduction to Box Administration – See Why it Rocks!Introduction to Box Administration – See Why it Rocks!
Introduction to Box Administration – See Why it Rocks!
 
Christian Brothers Services Journey from On Premises Lotus Collaboration to C...
Christian Brothers Services Journey from On Premises Lotus Collaboration to C...Christian Brothers Services Journey from On Premises Lotus Collaboration to C...
Christian Brothers Services Journey from On Premises Lotus Collaboration to C...
 
Writing your first Watson Work application, and why you’d want to
Writing your first Watson Work application, and why you’d want toWriting your first Watson Work application, and why you’d want to
Writing your first Watson Work application, and why you’d want to
 
Enterprise collaboration driven by IBM Connections at Raytheon
Enterprise collaboration driven by IBM Connections at RaytheonEnterprise collaboration driven by IBM Connections at Raytheon
Enterprise collaboration driven by IBM Connections at Raytheon
 
Migration from 5 to Connections 6 - been there, done that
Migration from 5 to Connections 6 - been there, done thatMigration from 5 to Connections 6 - been there, done that
Migration from 5 to Connections 6 - been there, done that
 
O365Engage17 - What’s New in Office 365 Security
O365Engage17 - What’s New in Office 365 SecurityO365Engage17 - What’s New in Office 365 Security
O365Engage17 - What’s New in Office 365 Security
 
Extend your development skills set using MS Graph
Extend your development skills set using MS GraphExtend your development skills set using MS Graph
Extend your development skills set using MS Graph
 
Session Flow advanced - Serge Luca, Isabelle van Campenhoudt
Session Flow advanced - Serge Luca, Isabelle van CampenhoudtSession Flow advanced - Serge Luca, Isabelle van Campenhoudt
Session Flow advanced - Serge Luca, Isabelle van Campenhoudt
 
O365Engage17 - The Latest and Greatest on Hybrid Exchange
O365Engage17 - The Latest and Greatest on Hybrid ExchangeO365Engage17 - The Latest and Greatest on Hybrid Exchange
O365Engage17 - The Latest and Greatest on Hybrid Exchange
 

Similar to Social Connections 12. We hired hackers to hack us

IBM Connections Cloud extreme customization
IBM Connections Cloud extreme customizationIBM Connections Cloud extreme customization
IBM Connections Cloud extreme customizationDaniele Vistalli
 
IBM Connections Middleware – Connecting Blue/Green and PINK
IBM Connections Middleware – Connecting Blue/Green and PINKIBM Connections Middleware – Connecting Blue/Green and PINK
IBM Connections Middleware – Connecting Blue/Green and PINKLetsConnect
 
The Collaboration Decathlon
The Collaboration DecathlonThe Collaboration Decathlon
The Collaboration DecathlonLetsConnect
 
The World of Team Space Tools: Watson Workspace vs. Slack, Teams, Skype, and ...
The World of Team Space Tools: Watson Workspace vs. Slack, Teams, Skype, and ...The World of Team Space Tools: Watson Workspace vs. Slack, Teams, Skype, and ...
The World of Team Space Tools: Watson Workspace vs. Slack, Teams, Skype, and ...LetsConnect
 
Creating innovative and exceptional business value in ATLAS Company using IBM...
Creating innovative and exceptional business value in ATLAS Company using IBM...Creating innovative and exceptional business value in ATLAS Company using IBM...
Creating innovative and exceptional business value in ATLAS Company using IBM...LetsConnect
 
“Why Connections, Spark or Box?” made simple
“Why Connections, Spark or Box?” made simple“Why Connections, Spark or Box?” made simple
“Why Connections, Spark or Box?” made simpleLetsConnect
 
App dev and partner ecosystem for pink social connections 2017
App dev and partner ecosystem for pink social connections 2017App dev and partner ecosystem for pink social connections 2017
App dev and partner ecosystem for pink social connections 2017Heath McCarthy
 
Turning the IBM Collaboration Ecosystem Pink
Turning the IBM Collaboration Ecosystem PinkTurning the IBM Collaboration Ecosystem Pink
Turning the IBM Collaboration Ecosystem PinkLetsConnect
 
Pink Apps for Everyone: Introducing LiveGrid
Pink Apps for Everyone: Introducing LiveGridPink Apps for Everyone: Introducing LiveGrid
Pink Apps for Everyone: Introducing LiveGridLetsConnect
 
How IBM Watson Workspace is bringing cognitive conversations to the Mears Group
How IBM Watson Workspace is bringing cognitive conversations to the Mears GroupHow IBM Watson Workspace is bringing cognitive conversations to the Mears Group
How IBM Watson Workspace is bringing cognitive conversations to the Mears GroupLetsConnect
 
IBM Connections 6 Component Pack
IBM Connections 6 Component PackIBM Connections 6 Component Pack
IBM Connections 6 Component PackLetsConnect
 
Social Connections take team collaboration to the next level with IBM Watson ...
Social Connections take team collaboration to the next level with IBM Watson ...Social Connections take team collaboration to the next level with IBM Watson ...
Social Connections take team collaboration to the next level with IBM Watson ...LetsConnect
 
Top 5 Challenges of Social Business Adaptation & How to Resolve Them Effectively
Top 5 Challenges of Social Business Adaptation & How to Resolve Them EffectivelyTop 5 Challenges of Social Business Adaptation & How to Resolve Them Effectively
Top 5 Challenges of Social Business Adaptation & How to Resolve Them Effectivelypanagenda
 
IBM Connections vs. Office 365 – Episode III
IBM Connections vs. Office 365 – Episode IIIIBM Connections vs. Office 365 – Episode III
IBM Connections vs. Office 365 – Episode IIILetsConnect
 
Data Science Weekend 2017. Intento. Machine to Machine Communication in the ...
Data Science Weekend 2017. Intento. Machine to Machine Communication in the ...Data Science Weekend 2017. Intento. Machine to Machine Communication in the ...
Data Science Weekend 2017. Intento. Machine to Machine Communication in the ...Newprolab
 
Soccnx11 Two wrongs don't make a right - Troubleshooting Connections
Soccnx11 Two wrongs don't make a right - Troubleshooting Connections Soccnx11 Two wrongs don't make a right - Troubleshooting Connections
Soccnx11 Two wrongs don't make a right - Troubleshooting Connections Nico Meisenzahl
 
Two wrongs don’t make a right – Troubleshooting Connections
Two wrongs don’t make a right – Troubleshooting ConnectionsTwo wrongs don’t make a right – Troubleshooting Connections
Two wrongs don’t make a right – Troubleshooting ConnectionsLetsConnect
 
SocCnx11 - Two wrongs don't make a right - Troubleshooting Connections
SocCnx11 - Two wrongs don't make a right - Troubleshooting ConnectionsSocCnx11 - Two wrongs don't make a right - Troubleshooting Connections
SocCnx11 - Two wrongs don't make a right - Troubleshooting Connectionspanagenda
 
IBM Connections REST API Hip-Hop
IBM Connections REST API Hip-HopIBM Connections REST API Hip-Hop
IBM Connections REST API Hip-HopHenning Schmidt
 
Developing IBM Connections Community Apps using Domino
Developing IBM Connections Community Apps using DominoDeveloping IBM Connections Community Apps using Domino
Developing IBM Connections Community Apps using DominoLetsConnect
 

Similar to Social Connections 12. We hired hackers to hack us (20)

IBM Connections Cloud extreme customization
IBM Connections Cloud extreme customizationIBM Connections Cloud extreme customization
IBM Connections Cloud extreme customization
 
IBM Connections Middleware – Connecting Blue/Green and PINK
IBM Connections Middleware – Connecting Blue/Green and PINKIBM Connections Middleware – Connecting Blue/Green and PINK
IBM Connections Middleware – Connecting Blue/Green and PINK
 
The Collaboration Decathlon
The Collaboration DecathlonThe Collaboration Decathlon
The Collaboration Decathlon
 
The World of Team Space Tools: Watson Workspace vs. Slack, Teams, Skype, and ...
The World of Team Space Tools: Watson Workspace vs. Slack, Teams, Skype, and ...The World of Team Space Tools: Watson Workspace vs. Slack, Teams, Skype, and ...
The World of Team Space Tools: Watson Workspace vs. Slack, Teams, Skype, and ...
 
Creating innovative and exceptional business value in ATLAS Company using IBM...
Creating innovative and exceptional business value in ATLAS Company using IBM...Creating innovative and exceptional business value in ATLAS Company using IBM...
Creating innovative and exceptional business value in ATLAS Company using IBM...
 
“Why Connections, Spark or Box?” made simple
“Why Connections, Spark or Box?” made simple“Why Connections, Spark or Box?” made simple
“Why Connections, Spark or Box?” made simple
 
App dev and partner ecosystem for pink social connections 2017
App dev and partner ecosystem for pink social connections 2017App dev and partner ecosystem for pink social connections 2017
App dev and partner ecosystem for pink social connections 2017
 
Turning the IBM Collaboration Ecosystem Pink
Turning the IBM Collaboration Ecosystem PinkTurning the IBM Collaboration Ecosystem Pink
Turning the IBM Collaboration Ecosystem Pink
 
Pink Apps for Everyone: Introducing LiveGrid
Pink Apps for Everyone: Introducing LiveGridPink Apps for Everyone: Introducing LiveGrid
Pink Apps for Everyone: Introducing LiveGrid
 
How IBM Watson Workspace is bringing cognitive conversations to the Mears Group
How IBM Watson Workspace is bringing cognitive conversations to the Mears GroupHow IBM Watson Workspace is bringing cognitive conversations to the Mears Group
How IBM Watson Workspace is bringing cognitive conversations to the Mears Group
 
IBM Connections 6 Component Pack
IBM Connections 6 Component PackIBM Connections 6 Component Pack
IBM Connections 6 Component Pack
 
Social Connections take team collaboration to the next level with IBM Watson ...
Social Connections take team collaboration to the next level with IBM Watson ...Social Connections take team collaboration to the next level with IBM Watson ...
Social Connections take team collaboration to the next level with IBM Watson ...
 
Top 5 Challenges of Social Business Adaptation & How to Resolve Them Effectively
Top 5 Challenges of Social Business Adaptation & How to Resolve Them EffectivelyTop 5 Challenges of Social Business Adaptation & How to Resolve Them Effectively
Top 5 Challenges of Social Business Adaptation & How to Resolve Them Effectively
 
IBM Connections vs. Office 365 – Episode III
IBM Connections vs. Office 365 – Episode IIIIBM Connections vs. Office 365 – Episode III
IBM Connections vs. Office 365 – Episode III
 
Data Science Weekend 2017. Intento. Machine to Machine Communication in the ...
Data Science Weekend 2017. Intento. Machine to Machine Communication in the ...Data Science Weekend 2017. Intento. Machine to Machine Communication in the ...
Data Science Weekend 2017. Intento. Machine to Machine Communication in the ...
 
Soccnx11 Two wrongs don't make a right - Troubleshooting Connections
Soccnx11 Two wrongs don't make a right - Troubleshooting Connections Soccnx11 Two wrongs don't make a right - Troubleshooting Connections
Soccnx11 Two wrongs don't make a right - Troubleshooting Connections
 
Two wrongs don’t make a right – Troubleshooting Connections
Two wrongs don’t make a right – Troubleshooting ConnectionsTwo wrongs don’t make a right – Troubleshooting Connections
Two wrongs don’t make a right – Troubleshooting Connections
 
SocCnx11 - Two wrongs don't make a right - Troubleshooting Connections
SocCnx11 - Two wrongs don't make a right - Troubleshooting ConnectionsSocCnx11 - Two wrongs don't make a right - Troubleshooting Connections
SocCnx11 - Two wrongs don't make a right - Troubleshooting Connections
 
IBM Connections REST API Hip-Hop
IBM Connections REST API Hip-HopIBM Connections REST API Hip-Hop
IBM Connections REST API Hip-Hop
 
Developing IBM Connections Community Apps using Domino
Developing IBM Connections Community Apps using DominoDeveloping IBM Connections Community Apps using Domino
Developing IBM Connections Community Apps using Domino
 

Recently uploaded

Anne Frank A Beacon of Hope amidst darkness ppt.pptx
Anne Frank A Beacon of Hope amidst darkness ppt.pptxAnne Frank A Beacon of Hope amidst darkness ppt.pptx
Anne Frank A Beacon of Hope amidst darkness ppt.pptxnoorehahmad
 
PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.
PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.
PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.KathleenAnnCordero2
 
Early Modern Spain. All about this period
Early Modern Spain. All about this periodEarly Modern Spain. All about this period
Early Modern Spain. All about this periodSaraIsabelJimenez
 
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.comSaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.comsaastr
 
Dutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular PlasticsDutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular PlasticsDutch Power
 
Event 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptxEvent 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptxaryanv1753
 
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...marjmae69
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSebastiano Panichella
 
Call Girls In Aerocity 🤳 Call Us +919599264170
Call Girls In Aerocity 🤳 Call Us +919599264170Call Girls In Aerocity 🤳 Call Us +919599264170
Call Girls In Aerocity 🤳 Call Us +919599264170Escort Service
 
Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸mathanramanathan2005
 
Chizaram's Women Tech Makers Deck. .pptx
Chizaram's Women Tech Makers Deck. .pptxChizaram's Women Tech Makers Deck. .pptx
Chizaram's Women Tech Makers Deck. .pptxogubuikealex
 
Genshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptxGenshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptxJohnree4
 
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...Henrik Hanke
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSebastiano Panichella
 
miladyskindiseases-200705210221 2.!!pptx
miladyskindiseases-200705210221 2.!!pptxmiladyskindiseases-200705210221 2.!!pptx
miladyskindiseases-200705210221 2.!!pptxCarrieButtitta
 
PHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGYPHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGYpruthirajnayak525
 
The 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringThe 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringSebastiano Panichella
 
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...漢銘 謝
 
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRRINDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRRsarwankumar4524
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxmavinoikein
 

Recently uploaded (20)

Anne Frank A Beacon of Hope amidst darkness ppt.pptx
Anne Frank A Beacon of Hope amidst darkness ppt.pptxAnne Frank A Beacon of Hope amidst darkness ppt.pptx
Anne Frank A Beacon of Hope amidst darkness ppt.pptx
 
PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.
PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.
PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.
 
Early Modern Spain. All about this period
Early Modern Spain. All about this periodEarly Modern Spain. All about this period
Early Modern Spain. All about this period
 
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.comSaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
 
Dutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular PlasticsDutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
 
Event 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptxEvent 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptx
 
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
 
Call Girls In Aerocity 🤳 Call Us +919599264170
Call Girls In Aerocity 🤳 Call Us +919599264170Call Girls In Aerocity 🤳 Call Us +919599264170
Call Girls In Aerocity 🤳 Call Us +919599264170
 
Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸
 
Chizaram's Women Tech Makers Deck. .pptx
Chizaram's Women Tech Makers Deck. .pptxChizaram's Women Tech Makers Deck. .pptx
Chizaram's Women Tech Makers Deck. .pptx
 
Genshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptxGenshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptx
 
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation Track
 
miladyskindiseases-200705210221 2.!!pptx
miladyskindiseases-200705210221 2.!!pptxmiladyskindiseases-200705210221 2.!!pptx
miladyskindiseases-200705210221 2.!!pptx
 
PHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGYPHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGY
 
The 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringThe 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software Engineering
 
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
 
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRRINDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptx
 

Social Connections 12. We hired hackers to hack us

  • 1. Vienna, October 16-17 2017 We hired hackers to hack us; A case study about cloud-based authentication and security in IBM Connections Robert Farstad @robertfarstad
  • 2. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 PLATINUM SPONSORS GOLD SPONSORS SILVER SPONSORS BRONZE SPONSORS
  • 3. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 This session… …is mainly for you tech-people. But very useful for everyone to see. Might be an eye- opener. No talk about: •  What IBM Connections is… •  What IBM Cnx can give you… •  No ROI talk, what so ever! •  How to use IBM Cnx!!
  • 4. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 This session… …is a case study where I will show you •  an integration with Auth0. •  how we hired hackers to hack us.
  • 5. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Vienna, October 16-17 2017
  • 6. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Vienna, October 16-17 2017 The customer
  • 7. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 The customer - •  Political party, won the election 2017, second time in a row. •  Norways Prime Minister is Høyres leader. •  60.000 members •  Was a white-space customer. •  Now: Connections + Docs + Sametime •  IBM Reference Customer. •  Security is a priority, more and more. •  Election year = hacking attempts. •  We hacked them first!
  • 8. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 - cloud based authentication Høyre used Auth0 for all websites. Requirement for them to become a Connections customer was: •  Authentication integration with Auth0! •  è POC – Item Consulting developed a TAI mechanism towards Auth0.
  • 9. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Vienna, October 16-17 2017 What is Auth0?
  • 10. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 - cloud based authentication You can connect any application. •  Custom credentials: username + passwords •  Social network logins: •  Google, Facebook, Twitter, and any OAuth2, OAuth1 or OpenID Connect provider. •  Enterprise directories: •  LDAP, Google Apps, Office 365, ADFS, AD, SAML-P, WS- Federation, etc. •  Passwordless systems: •  Touch ID, one time codes on SMS, or email. •  Supports several 2-factor solutions.
  • 11. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 •  JSON Web Token •  Secure API: (TLS v1.2, AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism. ) •  Extensible admin tool. •  Monitoring, (#logins, where from, who fails, hack attempts, alarms.) •  Blocking •  Logs •  Synced with Høyres back-end member system via MSSQL DB, securely! - cloud based authentication
  • 12. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 - cloud based authentication
  • 13. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 - cloud based authentication
  • 14. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 + TAI •  Item developed a WebSphere Application •  TAI – Trust Association Interceptors. •  èLTPA after authenticated •  New Auth0 login page. •  Logout pages are modified •  Logs out of Auth0 •  Logs out of Websphere
  • 15. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Devices used Login occurs from: •  Browsers •  Apps •  Desktop plugins. Technically, the login procedures are quite different.
  • 16. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Web-browsers
  • 17. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Apps + Plugins
  • 18. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Tivoli Directory server - TDS ◘  FREE/Bundled LDAP server for IBM Connections ◘  Standard setup between WebSphere and TDS ◘  Import of users via TDI/SDI to TDS. ◘  From MSSQL Database – over site2site vpn. ◘  Imports only the most relevant fields Name, email, mobile, position, company, department
  • 19. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Tivoli Directory server – TDS + PTA ◘  Password field in TDS is blank! ◘  PTA is triggered. ◘  What is PTA? ◘  Pass Through Authentication ◘  PTA is configured to search in alternative LDAP source. ◘  The password is stored in Auth0 ◘  Our PTA source is TDI / SDI ◘  TDI calls the TAI application – gets response code 200 if OK. ◘  è logged in
  • 20. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 What is TDI/SDI? ◘ Tivoli Directory Integrator / Security Directory Integrator ◘ Data manipulation system, limitless possibilities. ◘ Eclipse based – Javascript coding. ◘ Used to move, consolidate, manipulate data. ◘ Used in Connections for profile data import. ◘ Best tool ever, once you´ve learned the jift of the gui and debugger.
  • 21. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 TDI – acting as an LDAP server. ◘ Simulates an LDAP server ◘ Gets attempted username and password from TDS PTA. ◘ Credentials è WebSphere Auth0login app. ◘ WAS app è REST lookup to Auth0 API. ◘ Gets return code OK or NOT_OK. ◘ TDI receives same code from the WAS app. ◘ TDS PTA receives same code from TDI. ◘ TDI runs multiple instances – Can handle large load.
  • 22. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 TDI – acting as an LDAP server. Simple code – extremely powerful!
  • 23. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 TDI – acting as an LDAP server.
  • 24. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Did they get in? We hired hackers
  • 25. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 What they tested Login attempts SSL + headers Apps Stolen laptop Me! Sensitive information
  • 26. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 SSL tests www.ssllabs.com Grade was bad After hardening SSLChipersSuite, honorChipersOrder and SSLV2 +V3 disabling. TLS only
  • 27. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 SSL tests – http config for Grade A SSLEnable SSLProtocolEnable TLS SSLProtocolDisable SSLv2 SSLv3 # Disable SSLCompression -> CRIME ATTACK SSLCompression off #Prefer ECDHE-RSA ciphers SSLCipherSpec ALL NONE SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 SSLCipherSpec ALL TLS_RSA_WITH_AES_128_GCM_SHA256 SSLCipherSpec ALL TLS_RSA_WITH_AES_256_GCM_SHA384 SSLCipherSpec ALL TLS_RSA_WITH_AES_128_CBC_SHA256 SSLCipherSpec ALL TLS_RSA_WITH_AES_256_CBC_SHA256 # Enabling this 3 ciphers mean A- rating on ssllabs SSLCipherSpec ALL TLS_RSA_WITH_AES_128_CBC_SHA SSLCipherSpec ALL TLS_RSA_WITH_AES_256_CBC_SHA SSLCipherSpec ALL SSL_RSA_WITH_3DES_EDE_CBC_SHA
  • 28. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Headers securityheaders.io Grade was bad After hardening HTTP config to achieve Grade A: Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload” Header set Referrer-Policy "same-origin” Header set X-Content-Type-Options "nosniff” Header set X-XSS-Protection "1; mode=block” Header set X-Frame-Options "DENY” Header set X-Frame-Options SAMEORIGIN
  • 29. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 The Mobile App Decompile • Android app is decompilable • Broken down to study code Test • Tried every url found in code Result • Found no insecurities! • But MITM attacks were possible!
  • 30. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 MITM - Man-in-the-middle attack An employee is out traveling and connects to a public network such as a hotel or airport WIFI. But instead, connects to a hackers wifi hotspot. Then clicks on “Continue”…. He/she will give the hacker running a MITM attack, full visibility over the traffic.
  • 31. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 MITM - Man-in-the-middle attack
  • 32. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 MITM - Man-in-the-middle attack mobile-config.xml has the solution for the connections app. Don´t press “Continue”!. Tell your admins to fix it.
  • 33. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Demo time The demo consisted of showing a MITM attack + username/password “cluster bomb” attack using free tool Burp Suite.
  • 34. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Accident waiting to happen
  • 35. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 What did they find when they got in? Stolen Laptop Scenario
  • 36. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Stolen Laptop Scenario •  Not hard to find password on PC •  Once in, passwords to sites are normally stored in browser. •  Saved wifi hotspots gives hackers GPS coordinates => can drive up alongside your company's building and connect. •  Hackers found sensitive information open to all of the IBM Connections users. Don´t expose login information available to everyone!
  • 37. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 They hacked me! Or at least, they tried to…
  • 38. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 They hacked me! •  They knew who I was. •  Googled me, found my blog. •  In one of the screenshots, a password was censored.
  • 39. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 They hacked me! I was a weak link… How hard is it for hackers to find IT staff at your company? LinkedIn search… Google search… Google is both your friend and your enemy. •  Bad censoring!! •  Found 6 out of 9 chars by matching font, size and studied curves.
  • 40. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Avoid stress
  • 41. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 •  Mask/hide better! •  Hackers are clever bastards. •  Hackers has A LOT of free time. •  Implement 2-factor authorization mechanism, like Auth0 •  Hide your stuff. •  Once again: Hackers are clever bastards. •  Lockout policy – i.e. 5 attempts => locked out… Hackers has tools for that! •  Train your users!
  • 42. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017
  • 43. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Useful links: Check SSL: https://ssllabs.com Check Headers: https://securityheaders.io Analyze CSP: https://report-uri.io/home/analyse What can your browser support? http://caniuse.com/#search=referrer%20policy Auth0 multi-factor authentication: https://auth0.com/docs/multifactor-authentication Burp Suite: https://portswigger.net/burp Ethical Hacker Certification: https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/ My blog: http://blog.robertfarstad.com Twitter: https://www.twitter.com/robertfarstad Item Consulting: https://www.item.no
  • 44.
  • 45. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 PLATINUM SPONSORS GOLD SPONSORS SILVER SPONSORS BRONZE SPONSORS