SlideShare a Scribd company logo

We hired hackers to hack us; A case study about cloud-based authentication and security in IBM Connections

LetsConnect
LetsConnect

One of our customers is a political party in Norway. This year is an election year, and before and during every election, hackers try to hack them, big time! Item Consulting is the business partner who introduced them to IBM Connections, which is now used broadly within the organisation and to collaborate with the government. So, we thought it´d be best to run a security test before the election. We hired hackers! This case study will show how Item Consulting integrated the cloud-based third-party authentication mechanism, Auth0, into IBM Connections, and you will learn about the hack attempt and what the hackers were able to find out. Did they manage to hack IBM Connections?

Business
1 of 45
Download to read offline
Vienna, October 16-17 2017 We hired hackers to hack us; A case study about cloud-based authentication and security in IBM Connections Robert Farstad @robertfarstad
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 PLATINUM SPONSORS GOLD SPONSORS SILVER SPONSORS BRONZE SPONSORS
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 This session… …is mainly for you tech-people. But very useful for everyone to see. Might be an eye- opener. No talk about: •  What IBM Connections is… •  What IBM Cnx can give you… •  No ROI talk, what so ever! •  How to use IBM Cnx!!
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 This session… …is a case study where I will show you •  an integration with Auth0. •  how we hired hackers to hack us.
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Vienna, October 16-17 2017
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Vienna, October 16-17 2017 The customer
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 The customer - •  Political party, won the election 2017, second time in a row. •  Norways Prime Minister is Høyres leader. •  60.000 members •  Was a white-space customer. •  Now: Connections + Docs + Sametime •  IBM Reference Customer. •  Security is a priority, more and more. •  Election year = hacking attempts. •  We hacked them first!
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 - cloud based authentication Høyre used Auth0 for all websites. Requirement for them to become a Connections customer was: •  Authentication integration with Auth0! •  è POC – Item Consulting developed a TAI mechanism towards Auth0.
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Vienna, October 16-17 2017 What is Auth0?
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 - cloud based authentication You can connect any application. •  Custom credentials: username + passwords •  Social network logins: •  Google, Facebook, Twitter, and any OAuth2, OAuth1 or OpenID Connect provider. •  Enterprise directories: •  LDAP, Google Apps, Office 365, ADFS, AD, SAML-P, WS- Federation, etc. •  Passwordless systems: •  Touch ID, one time codes on SMS, or email. •  Supports several 2-factor solutions.
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 •  JSON Web Token •  Secure API: (TLS v1.2, AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism. ) •  Extensible admin tool. •  Monitoring, (#logins, where from, who fails, hack attempts, alarms.) •  Blocking •  Logs •  Synced with Høyres back-end member system via MSSQL DB, securely! - cloud based authentication
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 - cloud based authentication
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 - cloud based authentication
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 + TAI •  Item developed a WebSphere Application •  TAI – Trust Association Interceptors. •  èLTPA after authenticated •  New Auth0 login page. •  Logout pages are modified •  Logs out of Auth0 •  Logs out of Websphere
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Devices used Login occurs from: •  Browsers •  Apps •  Desktop plugins. Technically, the login procedures are quite different.
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Web-browsers
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Apps + Plugins
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Tivoli Directory server - TDS ◘  FREE/Bundled LDAP server for IBM Connections ◘  Standard setup between WebSphere and TDS ◘  Import of users via TDI/SDI to TDS. ◘  From MSSQL Database – over site2site vpn. ◘  Imports only the most relevant fields Name, email, mobile, position, company, department
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Tivoli Directory server – TDS + PTA ◘  Password field in TDS is blank! ◘  PTA is triggered. ◘  What is PTA? ◘  Pass Through Authentication ◘  PTA is configured to search in alternative LDAP source. ◘  The password is stored in Auth0 ◘  Our PTA source is TDI / SDI ◘  TDI calls the TAI application – gets response code 200 if OK. ◘  è logged in
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 What is TDI/SDI? ◘ Tivoli Directory Integrator / Security Directory Integrator ◘ Data manipulation system, limitless possibilities. ◘ Eclipse based – Javascript coding. ◘ Used to move, consolidate, manipulate data. ◘ Used in Connections for profile data import. ◘ Best tool ever, once you´ve learned the jift of the gui and debugger.
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 TDI – acting as an LDAP server. ◘ Simulates an LDAP server ◘ Gets attempted username and password from TDS PTA. ◘ Credentials è WebSphere Auth0login app. ◘ WAS app è REST lookup to Auth0 API. ◘ Gets return code OK or NOT_OK. ◘ TDI receives same code from the WAS app. ◘ TDS PTA receives same code from TDI. ◘ TDI runs multiple instances – Can handle large load.
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 TDI – acting as an LDAP server. Simple code – extremely powerful!
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 TDI – acting as an LDAP server.
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Did they get in? We hired hackers
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 What they tested Login attempts SSL + headers Apps Stolen laptop Me! Sensitive information
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 SSL tests www.ssllabs.com Grade was bad After hardening SSLChipersSuite, honorChipersOrder and SSLV2 +V3 disabling. TLS only
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 SSL tests – http config for Grade A SSLEnable SSLProtocolEnable TLS SSLProtocolDisable SSLv2 SSLv3 # Disable SSLCompression -> CRIME ATTACK SSLCompression off #Prefer ECDHE-RSA ciphers SSLCipherSpec ALL NONE SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 SSLCipherSpec ALL TLS_RSA_WITH_AES_128_GCM_SHA256 SSLCipherSpec ALL TLS_RSA_WITH_AES_256_GCM_SHA384 SSLCipherSpec ALL TLS_RSA_WITH_AES_128_CBC_SHA256 SSLCipherSpec ALL TLS_RSA_WITH_AES_256_CBC_SHA256 # Enabling this 3 ciphers mean A- rating on ssllabs SSLCipherSpec ALL TLS_RSA_WITH_AES_128_CBC_SHA SSLCipherSpec ALL TLS_RSA_WITH_AES_256_CBC_SHA SSLCipherSpec ALL SSL_RSA_WITH_3DES_EDE_CBC_SHA
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Headers securityheaders.io Grade was bad After hardening HTTP config to achieve Grade A: Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload” Header set Referrer-Policy "same-origin” Header set X-Content-Type-Options "nosniff” Header set X-XSS-Protection "1; mode=block” Header set X-Frame-Options "DENY” Header set X-Frame-Options SAMEORIGIN
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 The Mobile App Decompile • Android app is decompilable • Broken down to study code Test • Tried every url found in code Result • Found no insecurities! • But MITM attacks were possible!
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 MITM - Man-in-the-middle attack An employee is out traveling and connects to a public network such as a hotel or airport WIFI. But instead, connects to a hackers wifi hotspot. Then clicks on “Continue”…. He/she will give the hacker running a MITM attack, full visibility over the traffic.
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 MITM - Man-in-the-middle attack
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 MITM - Man-in-the-middle attack mobile-config.xml has the solution for the connections app. Don´t press “Continue”!. Tell your admins to fix it.
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Demo time The demo consisted of showing a MITM attack + username/password “cluster bomb” attack using free tool Burp Suite.
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Accident waiting to happen
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 What did they find when they got in? Stolen Laptop Scenario
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Stolen Laptop Scenario •  Not hard to find password on PC •  Once in, passwords to sites are normally stored in browser. •  Saved wifi hotspots gives hackers GPS coordinates => can drive up alongside your company's building and connect. •  Hackers found sensitive information open to all of the IBM Connections users. Don´t expose login information available to everyone!
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 They hacked me! Or at least, they tried to…
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 They hacked me! •  They knew who I was. •  Googled me, found my blog. •  In one of the screenshots, a password was censored.
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 They hacked me! I was a weak link… How hard is it for hackers to find IT staff at your company? LinkedIn search… Google search… Google is both your friend and your enemy. •  Bad censoring!! •  Found 6 out of 9 chars by matching font, size and studied curves.
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Avoid stress
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 •  Mask/hide better! •  Hackers are clever bastards. •  Hackers has A LOT of free time. •  Implement 2-factor authorization mechanism, like Auth0 •  Hide your stuff. •  Once again: Hackers are clever bastards. •  Lockout policy – i.e. 5 attempts => locked out… Hackers has tools for that! •  Train your users!
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Useful links: Check SSL: https://ssllabs.com Check Headers: https://securityheaders.io Analyze CSP: https://report-uri.io/home/analyse What can your browser support? http://caniuse.com/#search=referrer%20policy Auth0 multi-factor authentication: https://auth0.com/docs/multifactor-authentication Burp Suite: https://portswigger.net/burp Ethical Hacker Certification: https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/ My blog: http://blog.robertfarstad.com Twitter: https://www.twitter.com/robertfarstad Item Consulting: https://www.item.no
Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 PLATINUM SPONSORS GOLD SPONSORS SILVER SPONSORS BRONZE SPONSORS

Recommended

Developing Enterprise Collaboration in the Cognitive Era
Developing Enterprise Collaboration in the Cognitive EraDeveloping Enterprise Collaboration in the Cognitive Era
Developing Enterprise Collaboration in the Cognitive EraLetsConnect
 
The Pink road – Dorothy’s journey through an all pink wonderland
The Pink road – Dorothy’s journey through an all pink wonderlandThe Pink road – Dorothy’s journey through an all pink wonderland
The Pink road – Dorothy’s journey through an all pink wonderlandLetsConnect
 
Building cognitive apps with Watson Work Services
Building cognitive apps with Watson Work ServicesBuilding cognitive apps with Watson Work Services
Building cognitive apps with Watson Work ServicesLetsConnect
 
Calling all Developers: Building Connections Apps and Integrating with Pink
Calling all Developers: Building Connections Apps and Integrating with PinkCalling all Developers: Building Connections Apps and Integrating with Pink
Calling all Developers: Building Connections Apps and Integrating with PinkLetsConnect
 
Project Pink Note – New Note Editor Based on IBM Docs Technology
Project Pink Note – New Note Editor Based on IBM Docs TechnologyProject Pink Note – New Note Editor Based on IBM Docs Technology
Project Pink Note – New Note Editor Based on IBM Docs TechnologyLetsConnect
 
Announcing the Connections Cloud Catalog: How to Get new Apps fresh out of th...
Announcing the Connections Cloud Catalog: How to Get new Apps fresh out of th...Announcing the Connections Cloud Catalog: How to Get new Apps fresh out of th...
Announcing the Connections Cloud Catalog: How to Get new Apps fresh out of th...LetsConnect
 
Pink Apps for Everyone: Introducing LiveGrid
Pink Apps for Everyone: Introducing LiveGridPink Apps for Everyone: Introducing LiveGrid
Pink Apps for Everyone: Introducing LiveGridLetsConnect
 
IBM Connections Middleware – Connecting Blue/Green and PINK
IBM Connections Middleware – Connecting Blue/Green and PINKIBM Connections Middleware – Connecting Blue/Green and PINK
IBM Connections Middleware – Connecting Blue/Green and PINKLetsConnect
 

Recommended

Developing Enterprise Collaboration in the Cognitive Era
Developing Enterprise Collaboration in the Cognitive EraDeveloping Enterprise Collaboration in the Cognitive Era
Developing Enterprise Collaboration in the Cognitive EraLetsConnect
 
The Pink road – Dorothy’s journey through an all pink wonderland
The Pink road – Dorothy’s journey through an all pink wonderlandThe Pink road – Dorothy’s journey through an all pink wonderland
The Pink road – Dorothy’s journey through an all pink wonderlandLetsConnect
 
Building cognitive apps with Watson Work Services
Building cognitive apps with Watson Work ServicesBuilding cognitive apps with Watson Work Services
Building cognitive apps with Watson Work ServicesLetsConnect
 
Calling all Developers: Building Connections Apps and Integrating with Pink
Calling all Developers: Building Connections Apps and Integrating with PinkCalling all Developers: Building Connections Apps and Integrating with Pink
Calling all Developers: Building Connections Apps and Integrating with PinkLetsConnect
 
Project Pink Note – New Note Editor Based on IBM Docs Technology
Project Pink Note – New Note Editor Based on IBM Docs TechnologyProject Pink Note – New Note Editor Based on IBM Docs Technology
Project Pink Note – New Note Editor Based on IBM Docs TechnologyLetsConnect
 
Announcing the Connections Cloud Catalog: How to Get new Apps fresh out of th...
Announcing the Connections Cloud Catalog: How to Get new Apps fresh out of th...Announcing the Connections Cloud Catalog: How to Get new Apps fresh out of th...
Announcing the Connections Cloud Catalog: How to Get new Apps fresh out of th...LetsConnect
 
Pink Apps for Everyone: Introducing LiveGrid
Pink Apps for Everyone: Introducing LiveGridPink Apps for Everyone: Introducing LiveGrid
Pink Apps for Everyone: Introducing LiveGridLetsConnect
 
IBM Connections Middleware – Connecting Blue/Green and PINK
IBM Connections Middleware – Connecting Blue/Green and PINKIBM Connections Middleware – Connecting Blue/Green and PINK
IBM Connections Middleware – Connecting Blue/Green and PINKLetsConnect
 
How IBM Watson Workspace is bringing cognitive conversations to the Mears Group
How IBM Watson Workspace is bringing cognitive conversations to the Mears GroupHow IBM Watson Workspace is bringing cognitive conversations to the Mears Group
How IBM Watson Workspace is bringing cognitive conversations to the Mears GroupLetsConnect
 
Rostelecom Social Platform (100,000+ employees)
Rostelecom Social Platform (100,000+ employees)Rostelecom Social Platform (100,000+ employees)
Rostelecom Social Platform (100,000+ employees)LetsConnect
 
Get plugged with Connections!
Get plugged with Connections!Get plugged with Connections!
Get plugged with Connections!LetsConnect
 
How to attract more users – The evolving story of the Eurapco IBM Connections...
How to attract more users – The evolving story of the Eurapco IBM Connections...How to attract more users – The evolving story of the Eurapco IBM Connections...
How to attract more users – The evolving story of the Eurapco IBM Connections...LetsConnect
 
Social Connections take team collaboration to the next level with IBM Watson ...
Social Connections take team collaboration to the next level with IBM Watson ...Social Connections take team collaboration to the next level with IBM Watson ...
Social Connections take team collaboration to the next level with IBM Watson ...LetsConnect
 
Creating innovative and exceptional business value in ATLAS Company using IBM...
Creating innovative and exceptional business value in ATLAS Company using IBM...Creating innovative and exceptional business value in ATLAS Company using IBM...
Creating innovative and exceptional business value in ATLAS Company using IBM...LetsConnect
 
IBM Connections Customizer – A Whole New World of Possibilities
IBM Connections Customizer – A Whole New World of PossibilitiesIBM Connections Customizer – A Whole New World of Possibilities
IBM Connections Customizer – A Whole New World of PossibilitiesLetsConnect
 
Reboot 2.0: How’s Your Digital Transformation Journey Going?
Reboot 2.0: How’s Your Digital Transformation Journey Going?Reboot 2.0: How’s Your Digital Transformation Journey Going?
Reboot 2.0: How’s Your Digital Transformation Journey Going?LetsConnect
 
“Why Connections, Spark or Box?” made simple
“Why Connections, Spark or Box?” made simple“Why Connections, Spark or Box?” made simple
“Why Connections, Spark or Box?” made simpleLetsConnect
 
Top 5 Challenges of Social Business Adaptation & How to Resolve Them Effectively
Top 5 Challenges of Social Business Adaptation & How to Resolve Them EffectivelyTop 5 Challenges of Social Business Adaptation & How to Resolve Them Effectively
Top 5 Challenges of Social Business Adaptation & How to Resolve Them EffectivelyLetsConnect
 
IBM Connections Cloud extreme customization
IBM Connections Cloud extreme customizationIBM Connections Cloud extreme customization
IBM Connections Cloud extreme customizationDaniele Vistalli
 
Customization & Extensibility in IBM Connections Pink
Customization & Extensibility in IBM Connections Pink Customization & Extensibility in IBM Connections Pink
Customization & Extensibility in IBM Connections PinkLetsConnect
 
Using Watson Work Services Java SDK
Using Watson Work Services Java SDKUsing Watson Work Services Java SDK
Using Watson Work Services Java SDKLetsConnect
 
The next wave of change
The next wave of changeThe next wave of change
The next wave of changeLetsConnect
 
Five Steps to Successful Adoption of IBM Connections in your Organisation
Five Steps to Successful Adoption of IBM Connections in your OrganisationFive Steps to Successful Adoption of IBM Connections in your Organisation
Five Steps to Successful Adoption of IBM Connections in your OrganisationLetsConnect
 
Social Connections 12. We hired hackers to hack us
Social Connections 12. We hired hackers to hack usSocial Connections 12. We hired hackers to hack us
Social Connections 12. We hired hackers to hack usRobert Farstad
 
Future of Collaboration
Future of CollaborationFuture of Collaboration
Future of CollaborationLetsConnect
 
AppFusions – Drive better outcomes and increased collaboration, engagement, a...
AppFusions – Drive better outcomes and increased collaboration, engagement, a...AppFusions – Drive better outcomes and increased collaboration, engagement, a...
AppFusions – Drive better outcomes and increased collaboration, engagement, a...LetsConnect
 
The Collaboration Decathlon
The Collaboration DecathlonThe Collaboration Decathlon
The Collaboration DecathlonLetsConnect
 
App dev and partner ecosystem for pink social connections 2017
App dev and partner ecosystem for pink social connections 2017App dev and partner ecosystem for pink social connections 2017
App dev and partner ecosystem for pink social connections 2017Heath McCarthy
 
IBM Connections REST-API Waltz
IBM Connections REST-API WaltzIBM Connections REST-API Waltz
IBM Connections REST-API WaltzHenning Schmidt
 
The World of Team Space Tools: Watson Workspace vs. Slack, Teams, Skype, and ...
The World of Team Space Tools: Watson Workspace vs. Slack, Teams, Skype, and ...The World of Team Space Tools: Watson Workspace vs. Slack, Teams, Skype, and ...
The World of Team Space Tools: Watson Workspace vs. Slack, Teams, Skype, and ...LetsConnect
 

More Related Content

What's hot

How IBM Watson Workspace is bringing cognitive conversations to the Mears Group
How IBM Watson Workspace is bringing cognitive conversations to the Mears GroupHow IBM Watson Workspace is bringing cognitive conversations to the Mears Group
How IBM Watson Workspace is bringing cognitive conversations to the Mears GroupLetsConnect
 
Rostelecom Social Platform (100,000+ employees)
Rostelecom Social Platform (100,000+ employees)Rostelecom Social Platform (100,000+ employees)
Rostelecom Social Platform (100,000+ employees)LetsConnect
 
Get plugged with Connections!
Get plugged with Connections!Get plugged with Connections!
Get plugged with Connections!LetsConnect
 
How to attract more users – The evolving story of the Eurapco IBM Connections...
How to attract more users – The evolving story of the Eurapco IBM Connections...How to attract more users – The evolving story of the Eurapco IBM Connections...
How to attract more users – The evolving story of the Eurapco IBM Connections...LetsConnect
 
Social Connections take team collaboration to the next level with IBM Watson ...
Social Connections take team collaboration to the next level with IBM Watson ...Social Connections take team collaboration to the next level with IBM Watson ...
Social Connections take team collaboration to the next level with IBM Watson ...LetsConnect
 
Creating innovative and exceptional business value in ATLAS Company using IBM...
Creating innovative and exceptional business value in ATLAS Company using IBM...Creating innovative and exceptional business value in ATLAS Company using IBM...
Creating innovative and exceptional business value in ATLAS Company using IBM...LetsConnect
 
IBM Connections Customizer – A Whole New World of Possibilities
IBM Connections Customizer – A Whole New World of PossibilitiesIBM Connections Customizer – A Whole New World of Possibilities
IBM Connections Customizer – A Whole New World of PossibilitiesLetsConnect
 
Reboot 2.0: How’s Your Digital Transformation Journey Going?
Reboot 2.0: How’s Your Digital Transformation Journey Going?Reboot 2.0: How’s Your Digital Transformation Journey Going?
Reboot 2.0: How’s Your Digital Transformation Journey Going?LetsConnect
 
“Why Connections, Spark or Box?” made simple
“Why Connections, Spark or Box?” made simple“Why Connections, Spark or Box?” made simple
“Why Connections, Spark or Box?” made simpleLetsConnect
 
Top 5 Challenges of Social Business Adaptation & How to Resolve Them Effectively
Top 5 Challenges of Social Business Adaptation & How to Resolve Them EffectivelyTop 5 Challenges of Social Business Adaptation & How to Resolve Them Effectively
Top 5 Challenges of Social Business Adaptation & How to Resolve Them EffectivelyLetsConnect
 
IBM Connections Cloud extreme customization
IBM Connections Cloud extreme customizationIBM Connections Cloud extreme customization
IBM Connections Cloud extreme customizationDaniele Vistalli
 
Customization & Extensibility in IBM Connections Pink
Customization & Extensibility in IBM Connections Pink Customization & Extensibility in IBM Connections Pink
Customization & Extensibility in IBM Connections PinkLetsConnect
 
Using Watson Work Services Java SDK
Using Watson Work Services Java SDKUsing Watson Work Services Java SDK
Using Watson Work Services Java SDKLetsConnect
 
The next wave of change
The next wave of changeThe next wave of change
The next wave of changeLetsConnect
 
Five Steps to Successful Adoption of IBM Connections in your Organisation
Five Steps to Successful Adoption of IBM Connections in your OrganisationFive Steps to Successful Adoption of IBM Connections in your Organisation
Five Steps to Successful Adoption of IBM Connections in your OrganisationLetsConnect
 
Social Connections 12. We hired hackers to hack us
Social Connections 12. We hired hackers to hack usSocial Connections 12. We hired hackers to hack us
Social Connections 12. We hired hackers to hack usRobert Farstad
 
Future of Collaboration
Future of CollaborationFuture of Collaboration
Future of CollaborationLetsConnect
 
AppFusions – Drive better outcomes and increased collaboration, engagement, a...
AppFusions – Drive better outcomes and increased collaboration, engagement, a...AppFusions – Drive better outcomes and increased collaboration, engagement, a...
AppFusions – Drive better outcomes and increased collaboration, engagement, a...LetsConnect
 
The Collaboration Decathlon
The Collaboration DecathlonThe Collaboration Decathlon
The Collaboration DecathlonLetsConnect
 
App dev and partner ecosystem for pink social connections 2017
App dev and partner ecosystem for pink social connections 2017App dev and partner ecosystem for pink social connections 2017
App dev and partner ecosystem for pink social connections 2017Heath McCarthy
 

What's hot (20)

How IBM Watson Workspace is bringing cognitive conversations to the Mears Group
How IBM Watson Workspace is bringing cognitive conversations to the Mears GroupHow IBM Watson Workspace is bringing cognitive conversations to the Mears Group
How IBM Watson Workspace is bringing cognitive conversations to the Mears Group
 
Rostelecom Social Platform (100,000+ employees)
Rostelecom Social Platform (100,000+ employees)Rostelecom Social Platform (100,000+ employees)
Rostelecom Social Platform (100,000+ employees)
 
Get plugged with Connections!
Get plugged with Connections!Get plugged with Connections!
Get plugged with Connections!
 
How to attract more users – The evolving story of the Eurapco IBM Connections...
How to attract more users – The evolving story of the Eurapco IBM Connections...How to attract more users – The evolving story of the Eurapco IBM Connections...
How to attract more users – The evolving story of the Eurapco IBM Connections...
 
Social Connections take team collaboration to the next level with IBM Watson ...
Social Connections take team collaboration to the next level with IBM Watson ...Social Connections take team collaboration to the next level with IBM Watson ...
Social Connections take team collaboration to the next level with IBM Watson ...
 
Creating innovative and exceptional business value in ATLAS Company using IBM...
Creating innovative and exceptional business value in ATLAS Company using IBM...Creating innovative and exceptional business value in ATLAS Company using IBM...
Creating innovative and exceptional business value in ATLAS Company using IBM...
 
IBM Connections Customizer – A Whole New World of Possibilities
IBM Connections Customizer – A Whole New World of PossibilitiesIBM Connections Customizer – A Whole New World of Possibilities
IBM Connections Customizer – A Whole New World of Possibilities
 
Reboot 2.0: How’s Your Digital Transformation Journey Going?
Reboot 2.0: How’s Your Digital Transformation Journey Going?Reboot 2.0: How’s Your Digital Transformation Journey Going?
Reboot 2.0: How’s Your Digital Transformation Journey Going?
 
“Why Connections, Spark or Box?” made simple
“Why Connections, Spark or Box?” made simple“Why Connections, Spark or Box?” made simple
“Why Connections, Spark or Box?” made simple
 
Top 5 Challenges of Social Business Adaptation & How to Resolve Them Effectively
Top 5 Challenges of Social Business Adaptation & How to Resolve Them EffectivelyTop 5 Challenges of Social Business Adaptation & How to Resolve Them Effectively
Top 5 Challenges of Social Business Adaptation & How to Resolve Them Effectively
 
IBM Connections Cloud extreme customization
IBM Connections Cloud extreme customizationIBM Connections Cloud extreme customization
IBM Connections Cloud extreme customization
 
Customization & Extensibility in IBM Connections Pink
Customization & Extensibility in IBM Connections Pink Customization & Extensibility in IBM Connections Pink
Customization & Extensibility in IBM Connections Pink
 
Using Watson Work Services Java SDK
Using Watson Work Services Java SDKUsing Watson Work Services Java SDK
Using Watson Work Services Java SDK
 
The next wave of change
The next wave of changeThe next wave of change
The next wave of change
 
Five Steps to Successful Adoption of IBM Connections in your Organisation
Five Steps to Successful Adoption of IBM Connections in your OrganisationFive Steps to Successful Adoption of IBM Connections in your Organisation
Five Steps to Successful Adoption of IBM Connections in your Organisation
 
Social Connections 12. We hired hackers to hack us
Social Connections 12. We hired hackers to hack usSocial Connections 12. We hired hackers to hack us
Social Connections 12. We hired hackers to hack us
 
Future of Collaboration
Future of CollaborationFuture of Collaboration
Future of Collaboration
 
AppFusions – Drive better outcomes and increased collaboration, engagement, a...
AppFusions – Drive better outcomes and increased collaboration, engagement, a...AppFusions – Drive better outcomes and increased collaboration, engagement, a...
AppFusions – Drive better outcomes and increased collaboration, engagement, a...
 
The Collaboration Decathlon
The Collaboration DecathlonThe Collaboration Decathlon
The Collaboration Decathlon
 
App dev and partner ecosystem for pink social connections 2017
App dev and partner ecosystem for pink social connections 2017App dev and partner ecosystem for pink social connections 2017
App dev and partner ecosystem for pink social connections 2017
 

Similar to We hired hackers to hack us; A case study about cloud-based authentication and security in IBM Connections

IBM Connections REST-API Waltz
IBM Connections REST-API WaltzIBM Connections REST-API Waltz
IBM Connections REST-API WaltzHenning Schmidt
 
The World of Team Space Tools: Watson Workspace vs. Slack, Teams, Skype, and ...
The World of Team Space Tools: Watson Workspace vs. Slack, Teams, Skype, and ...The World of Team Space Tools: Watson Workspace vs. Slack, Teams, Skype, and ...
The World of Team Space Tools: Watson Workspace vs. Slack, Teams, Skype, and ...LetsConnect
 
Turning the IBM Collaboration Ecosystem Pink
Turning the IBM Collaboration Ecosystem PinkTurning the IBM Collaboration Ecosystem Pink
Turning the IBM Collaboration Ecosystem PinkLetsConnect
 
IBM Connections 6 Component Pack
IBM Connections 6 Component PackIBM Connections 6 Component Pack
IBM Connections 6 Component PackLetsConnect
 
Writing your first Watson Work application, and why you’d want to
Writing your first Watson Work application, and why you’d want toWriting your first Watson Work application, and why you’d want to
Writing your first Watson Work application, and why you’d want toLetsConnect
 
Top 5 Challenges of Social Business Adaptation & How to Resolve Them Effectively
Top 5 Challenges of Social Business Adaptation & How to Resolve Them EffectivelyTop 5 Challenges of Social Business Adaptation & How to Resolve Them Effectively
Top 5 Challenges of Social Business Adaptation & How to Resolve Them Effectivelypanagenda
 
IBM Connections vs. Office 365 – Episode III
IBM Connections vs. Office 365 – Episode IIIIBM Connections vs. Office 365 – Episode III
IBM Connections vs. Office 365 – Episode IIILetsConnect
 
Data Science Weekend 2017. Intento. Machine to Machine Communication in the ...
Data Science Weekend 2017. Intento. Machine to Machine Communication in the ...Data Science Weekend 2017. Intento. Machine to Machine Communication in the ...
Data Science Weekend 2017. Intento. Machine to Machine Communication in the ...Newprolab
 
Soccnx11 Two wrongs don't make a right - Troubleshooting Connections
Soccnx11 Two wrongs don't make a right - Troubleshooting Connections Soccnx11 Two wrongs don't make a right - Troubleshooting Connections
Soccnx11 Two wrongs don't make a right - Troubleshooting Connections Nico Meisenzahl
 
Two wrongs don’t make a right – Troubleshooting Connections
Two wrongs don’t make a right – Troubleshooting ConnectionsTwo wrongs don’t make a right – Troubleshooting Connections
Two wrongs don’t make a right – Troubleshooting ConnectionsLetsConnect
 
SocCnx11 - Two wrongs don't make a right - Troubleshooting Connections
SocCnx11 - Two wrongs don't make a right - Troubleshooting ConnectionsSocCnx11 - Two wrongs don't make a right - Troubleshooting Connections
SocCnx11 - Two wrongs don't make a right - Troubleshooting Connectionspanagenda
 
IBM Connections REST API Hip-Hop
IBM Connections REST API Hip-HopIBM Connections REST API Hip-Hop
IBM Connections REST API Hip-HopHenning Schmidt
 
Developing IBM Connections Community Apps using Domino
Developing IBM Connections Community Apps using DominoDeveloping IBM Connections Community Apps using Domino
Developing IBM Connections Community Apps using DominoLetsConnect
 
An Introduction to Blockchain Technology
An Introduction to Blockchain Technology An Introduction to Blockchain Technology
An Introduction to Blockchain Technology Niuversity
 
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNtxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNorth Texas Chapter of the ISSA
 

Similar to We hired hackers to hack us; A case study about cloud-based authentication and security in IBM Connections (15)

IBM Connections REST-API Waltz
IBM Connections REST-API WaltzIBM Connections REST-API Waltz
IBM Connections REST-API Waltz
 
The World of Team Space Tools: Watson Workspace vs. Slack, Teams, Skype, and ...
The World of Team Space Tools: Watson Workspace vs. Slack, Teams, Skype, and ...The World of Team Space Tools: Watson Workspace vs. Slack, Teams, Skype, and ...
The World of Team Space Tools: Watson Workspace vs. Slack, Teams, Skype, and ...
 
Turning the IBM Collaboration Ecosystem Pink
Turning the IBM Collaboration Ecosystem PinkTurning the IBM Collaboration Ecosystem Pink
Turning the IBM Collaboration Ecosystem Pink
 
IBM Connections 6 Component Pack
IBM Connections 6 Component PackIBM Connections 6 Component Pack
IBM Connections 6 Component Pack
 
Writing your first Watson Work application, and why you’d want to
Writing your first Watson Work application, and why you’d want toWriting your first Watson Work application, and why you’d want to
Writing your first Watson Work application, and why you’d want to
 
Top 5 Challenges of Social Business Adaptation & How to Resolve Them Effectively
Top 5 Challenges of Social Business Adaptation & How to Resolve Them EffectivelyTop 5 Challenges of Social Business Adaptation & How to Resolve Them Effectively
Top 5 Challenges of Social Business Adaptation & How to Resolve Them Effectively
 
IBM Connections vs. Office 365 – Episode III
IBM Connections vs. Office 365 – Episode IIIIBM Connections vs. Office 365 – Episode III
IBM Connections vs. Office 365 – Episode III
 
Data Science Weekend 2017. Intento. Machine to Machine Communication in the ...
Data Science Weekend 2017. Intento. Machine to Machine Communication in the ...Data Science Weekend 2017. Intento. Machine to Machine Communication in the ...
Data Science Weekend 2017. Intento. Machine to Machine Communication in the ...
 
Soccnx11 Two wrongs don't make a right - Troubleshooting Connections
Soccnx11 Two wrongs don't make a right - Troubleshooting Connections Soccnx11 Two wrongs don't make a right - Troubleshooting Connections
Soccnx11 Two wrongs don't make a right - Troubleshooting Connections
 
Two wrongs don’t make a right – Troubleshooting Connections
Two wrongs don’t make a right – Troubleshooting ConnectionsTwo wrongs don’t make a right – Troubleshooting Connections
Two wrongs don’t make a right – Troubleshooting Connections
 
SocCnx11 - Two wrongs don't make a right - Troubleshooting Connections
SocCnx11 - Two wrongs don't make a right - Troubleshooting ConnectionsSocCnx11 - Two wrongs don't make a right - Troubleshooting Connections
SocCnx11 - Two wrongs don't make a right - Troubleshooting Connections
 
IBM Connections REST API Hip-Hop
IBM Connections REST API Hip-HopIBM Connections REST API Hip-Hop
IBM Connections REST API Hip-Hop
 
Developing IBM Connections Community Apps using Domino
Developing IBM Connections Community Apps using DominoDeveloping IBM Connections Community Apps using Domino
Developing IBM Connections Community Apps using Domino
 
An Introduction to Blockchain Technology
An Introduction to Blockchain Technology An Introduction to Blockchain Technology
An Introduction to Blockchain Technology
 
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNtxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
 

More from LetsConnect

Installing Component Pack 6.0.0.6
Installing Component Pack 6.0.0.6Installing Component Pack 6.0.0.6
Installing Component Pack 6.0.0.6LetsConnect
 
Oh $h@# - How to deal with emotional outbursts and hate in social situations
Oh $h@# - How to deal with emotional outbursts and hate in social situationsOh $h@# - How to deal with emotional outbursts and hate in social situations
Oh $h@# - How to deal with emotional outbursts and hate in social situationsLetsConnect
 
It is not About Connections vs Office 365 - You can have the best of the both...
It is not About Connections vs Office 365 - You can have the best of the both...It is not About Connections vs Office 365 - You can have the best of the both...
It is not About Connections vs Office 365 - You can have the best of the both...LetsConnect
 
Using ibm connections to enhance university courses
Using ibm connections to enhance university coursesUsing ibm connections to enhance university courses
Using ibm connections to enhance university coursesLetsConnect
 
IBM Connections 6.0 CR3 New Features
IBM Connections 6.0 CR3 New FeaturesIBM Connections 6.0 CR3 New Features
IBM Connections 6.0 CR3 New FeaturesLetsConnect
 
10 years of IBM Connections
10 years of IBM Connections10 years of IBM Connections
10 years of IBM ConnectionsLetsConnect
 
IBM Collaboration Framework in action: Customer success stories
IBM Collaboration Framework in action: Customer success storiesIBM Collaboration Framework in action: Customer success stories
IBM Collaboration Framework in action: Customer success storiesLetsConnect
 
Design for the Digital Workspace
Design for the Digital WorkspaceDesign for the Digital Workspace
Design for the Digital WorkspaceLetsConnect
 
New Ways to Deliver Business Outcomes with INtelligent Workstream Collaboration
New Ways to Deliver Business Outcomes with INtelligent Workstream CollaborationNew Ways to Deliver Business Outcomes with INtelligent Workstream Collaboration
New Ways to Deliver Business Outcomes with INtelligent Workstream CollaborationLetsConnect
 
Power up your Salesforce Opportunities by using IBM Watson Workspace as your ...
Power up your Salesforce Opportunities by using IBM Watson Workspace as your ...Power up your Salesforce Opportunities by using IBM Watson Workspace as your ...
Power up your Salesforce Opportunities by using IBM Watson Workspace as your ...LetsConnect
 
There is nothing more practical than a good theory
There is nothing more practical than a good theoryThere is nothing more practical than a good theory
There is nothing more practical than a good theoryLetsConnect
 
Kubernetes Basics for Connections Admins
Kubernetes Basics for Connections AdminsKubernetes Basics for Connections Admins
Kubernetes Basics for Connections AdminsLetsConnect
 
Intelligent Collaboration driving Digital Transformation
Intelligent Collaboration driving Digital TransformationIntelligent Collaboration driving Digital Transformation
Intelligent Collaboration driving Digital TransformationLetsConnect
 
IBM Connections - Have it YOUR Way!
IBM Connections - Have it YOUR Way!IBM Connections - Have it YOUR Way!
IBM Connections - Have it YOUR Way!LetsConnect
 
You Get What You Give
You Get What You GiveYou Get What You Give
You Get What You GiveLetsConnect
 
Building Custom ibm Watson Workspace Templates to make you and your team more...
Building Custom ibm Watson Workspace Templates to make you and your team more...Building Custom ibm Watson Workspace Templates to make you and your team more...
Building Custom ibm Watson Workspace Templates to make you and your team more...LetsConnect
 
ICS INtegration with Node-RED and Open Source
ICS INtegration with Node-RED and Open SourceICS INtegration with Node-RED and Open Source
ICS INtegration with Node-RED and Open SourceLetsConnect
 
Communities as the fundament of social learning
Communities as the fundament of social learningCommunities as the fundament of social learning
Communities as the fundament of social learningLetsConnect
 
It's not IBM or O365 - Integrate and Embrace
It's not IBM or O365 - Integrate and EmbraceIt's not IBM or O365 - Integrate and Embrace
It's not IBM or O365 - Integrate and EmbraceLetsConnect
 
Running Microservices in Production with IBM
Running Microservices in Production with IBMRunning Microservices in Production with IBM
Running Microservices in Production with IBMLetsConnect
 

More from LetsConnect (20)

Installing Component Pack 6.0.0.6
Installing Component Pack 6.0.0.6Installing Component Pack 6.0.0.6
Installing Component Pack 6.0.0.6
 
Oh $h@# - How to deal with emotional outbursts and hate in social situations
Oh $h@# - How to deal with emotional outbursts and hate in social situationsOh $h@# - How to deal with emotional outbursts and hate in social situations
Oh $h@# - How to deal with emotional outbursts and hate in social situations
 
It is not About Connections vs Office 365 - You can have the best of the both...
It is not About Connections vs Office 365 - You can have the best of the both...It is not About Connections vs Office 365 - You can have the best of the both...
It is not About Connections vs Office 365 - You can have the best of the both...
 
Using ibm connections to enhance university courses
Using ibm connections to enhance university coursesUsing ibm connections to enhance university courses
Using ibm connections to enhance university courses
 
IBM Connections 6.0 CR3 New Features
IBM Connections 6.0 CR3 New FeaturesIBM Connections 6.0 CR3 New Features
IBM Connections 6.0 CR3 New Features
 
10 years of IBM Connections
10 years of IBM Connections10 years of IBM Connections
10 years of IBM Connections
 
IBM Collaboration Framework in action: Customer success stories
IBM Collaboration Framework in action: Customer success storiesIBM Collaboration Framework in action: Customer success stories
IBM Collaboration Framework in action: Customer success stories
 
Design for the Digital Workspace
Design for the Digital WorkspaceDesign for the Digital Workspace
Design for the Digital Workspace
 
New Ways to Deliver Business Outcomes with INtelligent Workstream Collaboration
New Ways to Deliver Business Outcomes with INtelligent Workstream CollaborationNew Ways to Deliver Business Outcomes with INtelligent Workstream Collaboration
New Ways to Deliver Business Outcomes with INtelligent Workstream Collaboration
 
Power up your Salesforce Opportunities by using IBM Watson Workspace as your ...
Power up your Salesforce Opportunities by using IBM Watson Workspace as your ...Power up your Salesforce Opportunities by using IBM Watson Workspace as your ...
Power up your Salesforce Opportunities by using IBM Watson Workspace as your ...
 
There is nothing more practical than a good theory
There is nothing more practical than a good theoryThere is nothing more practical than a good theory
There is nothing more practical than a good theory
 
Kubernetes Basics for Connections Admins
Kubernetes Basics for Connections AdminsKubernetes Basics for Connections Admins
Kubernetes Basics for Connections Admins
 
Intelligent Collaboration driving Digital Transformation
Intelligent Collaboration driving Digital TransformationIntelligent Collaboration driving Digital Transformation
Intelligent Collaboration driving Digital Transformation
 
IBM Connections - Have it YOUR Way!
IBM Connections - Have it YOUR Way!IBM Connections - Have it YOUR Way!
IBM Connections - Have it YOUR Way!
 
You Get What You Give
You Get What You GiveYou Get What You Give
You Get What You Give
 
Building Custom ibm Watson Workspace Templates to make you and your team more...
Building Custom ibm Watson Workspace Templates to make you and your team more...Building Custom ibm Watson Workspace Templates to make you and your team more...
Building Custom ibm Watson Workspace Templates to make you and your team more...
 
ICS INtegration with Node-RED and Open Source
ICS INtegration with Node-RED and Open SourceICS INtegration with Node-RED and Open Source
ICS INtegration with Node-RED and Open Source
 
Communities as the fundament of social learning
Communities as the fundament of social learningCommunities as the fundament of social learning
Communities as the fundament of social learning
 
It's not IBM or O365 - Integrate and Embrace
It's not IBM or O365 - Integrate and EmbraceIt's not IBM or O365 - Integrate and Embrace
It's not IBM or O365 - Integrate and Embrace
 
Running Microservices in Production with IBM
Running Microservices in Production with IBMRunning Microservices in Production with IBM
Running Microservices in Production with IBM
 

Recently uploaded

Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFChandresh Chudasama
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfShashank Mehta
 
Appkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxAppkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxappkodes
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfRbc Rbcua
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxmbikashkanyari
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...ssuserf63bd7
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesKeppelCorporation
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
Chapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal auditChapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal auditNhtLNguyn9
 
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...ssuserf63bd7
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 
TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024Adnet Communications
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy Verified Accounts
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckHajeJanKamps
 

Recently uploaded (20)

Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 Edition
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDF
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdf
 
Appkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxAppkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptx
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdf
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation Slides
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
Chapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal auditChapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal audit
 
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 
TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail Accounts
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
 
Call Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North GoaCall Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North Goa
 

We hired hackers to hack us; A case study about cloud-based authentication and security in IBM Connections

  • 1. Vienna, October 16-17 2017 We hired hackers to hack us; A case study about cloud-based authentication and security in IBM Connections Robert Farstad @robertfarstad
  • 2. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 PLATINUM SPONSORS GOLD SPONSORS SILVER SPONSORS BRONZE SPONSORS
  • 3. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 This session… …is mainly for you tech-people. But very useful for everyone to see. Might be an eye- opener. No talk about: •  What IBM Connections is… •  What IBM Cnx can give you… •  No ROI talk, what so ever! •  How to use IBM Cnx!!
  • 4. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 This session… …is a case study where I will show you •  an integration with Auth0. •  how we hired hackers to hack us.
  • 5. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Vienna, October 16-17 2017
  • 6. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Vienna, October 16-17 2017 The customer
  • 7. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 The customer - •  Political party, won the election 2017, second time in a row. •  Norways Prime Minister is Høyres leader. •  60.000 members •  Was a white-space customer. •  Now: Connections + Docs + Sametime •  IBM Reference Customer. •  Security is a priority, more and more. •  Election year = hacking attempts. •  We hacked them first!
  • 8. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 - cloud based authentication Høyre used Auth0 for all websites. Requirement for them to become a Connections customer was: •  Authentication integration with Auth0! •  è POC – Item Consulting developed a TAI mechanism towards Auth0.
  • 9. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Vienna, October 16-17 2017 What is Auth0?
  • 10. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 - cloud based authentication You can connect any application. •  Custom credentials: username + passwords •  Social network logins: •  Google, Facebook, Twitter, and any OAuth2, OAuth1 or OpenID Connect provider. •  Enterprise directories: •  LDAP, Google Apps, Office 365, ADFS, AD, SAML-P, WS- Federation, etc. •  Passwordless systems: •  Touch ID, one time codes on SMS, or email. •  Supports several 2-factor solutions.
  • 11. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 •  JSON Web Token •  Secure API: (TLS v1.2, AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism. ) •  Extensible admin tool. •  Monitoring, (#logins, where from, who fails, hack attempts, alarms.) •  Blocking •  Logs •  Synced with Høyres back-end member system via MSSQL DB, securely! - cloud based authentication
  • 12. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 - cloud based authentication
  • 13. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 - cloud based authentication
  • 14. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 + TAI •  Item developed a WebSphere Application •  TAI – Trust Association Interceptors. •  èLTPA after authenticated •  New Auth0 login page. •  Logout pages are modified •  Logs out of Auth0 •  Logs out of Websphere
  • 15. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Devices used Login occurs from: •  Browsers •  Apps •  Desktop plugins. Technically, the login procedures are quite different.
  • 16. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Web-browsers
  • 17. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Apps + Plugins
  • 18. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Tivoli Directory server - TDS ◘  FREE/Bundled LDAP server for IBM Connections ◘  Standard setup between WebSphere and TDS ◘  Import of users via TDI/SDI to TDS. ◘  From MSSQL Database – over site2site vpn. ◘  Imports only the most relevant fields Name, email, mobile, position, company, department
  • 19. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Tivoli Directory server – TDS + PTA ◘  Password field in TDS is blank! ◘  PTA is triggered. ◘  What is PTA? ◘  Pass Through Authentication ◘  PTA is configured to search in alternative LDAP source. ◘  The password is stored in Auth0 ◘  Our PTA source is TDI / SDI ◘  TDI calls the TAI application – gets response code 200 if OK. ◘  è logged in
  • 20. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 What is TDI/SDI? ◘ Tivoli Directory Integrator / Security Directory Integrator ◘ Data manipulation system, limitless possibilities. ◘ Eclipse based – Javascript coding. ◘ Used to move, consolidate, manipulate data. ◘ Used in Connections for profile data import. ◘ Best tool ever, once you´ve learned the jift of the gui and debugger.
  • 21. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 TDI – acting as an LDAP server. ◘ Simulates an LDAP server ◘ Gets attempted username and password from TDS PTA. ◘ Credentials è WebSphere Auth0login app. ◘ WAS app è REST lookup to Auth0 API. ◘ Gets return code OK or NOT_OK. ◘ TDI receives same code from the WAS app. ◘ TDS PTA receives same code from TDI. ◘ TDI runs multiple instances – Can handle large load.
  • 22. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 TDI – acting as an LDAP server. Simple code – extremely powerful!
  • 23. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 TDI – acting as an LDAP server.
  • 24. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Did they get in? We hired hackers
  • 25. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 What they tested Login attempts SSL + headers Apps Stolen laptop Me! Sensitive information
  • 26. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 SSL tests www.ssllabs.com Grade was bad After hardening SSLChipersSuite, honorChipersOrder and SSLV2 +V3 disabling. TLS only
  • 27. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 SSL tests – http config for Grade A SSLEnable SSLProtocolEnable TLS SSLProtocolDisable SSLv2 SSLv3 # Disable SSLCompression -> CRIME ATTACK SSLCompression off #Prefer ECDHE-RSA ciphers SSLCipherSpec ALL NONE SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 SSLCipherSpec ALL TLS_RSA_WITH_AES_128_GCM_SHA256 SSLCipherSpec ALL TLS_RSA_WITH_AES_256_GCM_SHA384 SSLCipherSpec ALL TLS_RSA_WITH_AES_128_CBC_SHA256 SSLCipherSpec ALL TLS_RSA_WITH_AES_256_CBC_SHA256 # Enabling this 3 ciphers mean A- rating on ssllabs SSLCipherSpec ALL TLS_RSA_WITH_AES_128_CBC_SHA SSLCipherSpec ALL TLS_RSA_WITH_AES_256_CBC_SHA SSLCipherSpec ALL SSL_RSA_WITH_3DES_EDE_CBC_SHA
  • 28. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Headers securityheaders.io Grade was bad After hardening HTTP config to achieve Grade A: Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload” Header set Referrer-Policy "same-origin” Header set X-Content-Type-Options "nosniff” Header set X-XSS-Protection "1; mode=block” Header set X-Frame-Options "DENY” Header set X-Frame-Options SAMEORIGIN
  • 29. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 The Mobile App Decompile • Android app is decompilable • Broken down to study code Test • Tried every url found in code Result • Found no insecurities! • But MITM attacks were possible!
  • 30. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 MITM - Man-in-the-middle attack An employee is out traveling and connects to a public network such as a hotel or airport WIFI. But instead, connects to a hackers wifi hotspot. Then clicks on “Continue”…. He/she will give the hacker running a MITM attack, full visibility over the traffic.
  • 31. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 MITM - Man-in-the-middle attack
  • 32. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 MITM - Man-in-the-middle attack mobile-config.xml has the solution for the connections app. Don´t press “Continue”!. Tell your admins to fix it.
  • 33. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Demo time The demo consisted of showing a MITM attack + username/password “cluster bomb” attack using free tool Burp Suite.
  • 34. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Accident waiting to happen
  • 35. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 What did they find when they got in? Stolen Laptop Scenario
  • 36. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Stolen Laptop Scenario •  Not hard to find password on PC •  Once in, passwords to sites are normally stored in browser. •  Saved wifi hotspots gives hackers GPS coordinates => can drive up alongside your company's building and connect. •  Hackers found sensitive information open to all of the IBM Connections users. Don´t expose login information available to everyone!
  • 37. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 They hacked me! Or at least, they tried to…
  • 38. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 They hacked me! •  They knew who I was. •  Googled me, found my blog. •  In one of the screenshots, a password was censored.
  • 39. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 They hacked me! I was a weak link… How hard is it for hackers to find IT staff at your company? LinkedIn search… Google search… Google is both your friend and your enemy. •  Bad censoring!! •  Found 6 out of 9 chars by matching font, size and studied curves.
  • 40. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Avoid stress
  • 41. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 •  Mask/hide better! •  Hackers are clever bastards. •  Hackers has A LOT of free time. •  Implement 2-factor authorization mechanism, like Auth0 •  Hide your stuff. •  Once again: Hackers are clever bastards. •  Lockout policy – i.e. 5 attempts => locked out… Hackers has tools for that! •  Train your users!
  • 42. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017
  • 43. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 Useful links: Check SSL: https://ssllabs.com Check Headers: https://securityheaders.io Analyze CSP: https://report-uri.io/home/analyse What can your browser support? http://caniuse.com/#search=referrer%20policy Auth0 multi-factor authentication: https://auth0.com/docs/multifactor-authentication Burp Suite: https://portswigger.net/burp Ethical Hacker Certification: https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/ My blog: http://blog.robertfarstad.com Twitter: https://www.twitter.com/robertfarstad Item Consulting: https://www.item.no
  • 44.
  • 45. Social Connections 11 Chicago, June 1-2 2017Social Connections 12 Vienna, October 16-17 2017 PLATINUM SPONSORS GOLD SPONSORS SILVER SPONSORS BRONZE SPONSORS