In 2013 Forbes reported that approximately 30,000 sites across the globe are hacked each day. Yet, for some odd reason, in 2015, I still see web applications that employ questionable password storing mechanisms e.g. storing passwords in plain text or just hashing them with md5. With 30,000+ sites hacked a day, there is a strong […]
This week a big news broke out. Web mail service Hotmail apparently cut passwords to 16 character of length for years, despite allowing users to enter unlimited number of characters. According to arstechnica.com this applies to all Microsoft online services, i.e. Passport authentication. Now, this in itself is not a worry. Allowing 16 characters is […]
Got this e-mail from IBM Notes & Domino team todayand thought it worthy of sharing with public… What is happening The certificate for some Java applets in Lotus Domino 6.5.x, Domino 7.0.x, Domino 8.0.x, and Domino 8.5 have an expiration date of May 18, 2009. Starting May 19th, Web users will see a dialog with […]
Database names.nsf on public servers usually contains all details about users, groups, server configurations. With R8 this content is now seen on the web by default. There are plenty of possibilities how to secure the data. The easiest one though is to check Don’t allow URL open on application properties. As always there is a […]