Code and Concept Monthly – August ’18

Posted on Aug 29, 2018 in Code and Concept Monthly, Micro Focus, Micro Focus Filr, Micro Focus Vibe, Novell, Novell Filr, Novell Vibe, Security, Webinar

This month, our Code and Concept Monthly is arriving a little later than usual – this is done mainly so that this post does not get lost in the holiday-pile up that is your attention-inbox. And on top of that it means there is even more interesting content for our readers. This time, we not only have some fresh patches for Micro Focus Vibe and Micro Focus Filr for you, but we are throwing a glance current events in IT security, we give you some news about Micro Focus Filr as a product and about upcoming webinars, and naturally we shine a light on how to get the most out of your favourite tools in a new Use Case Spotlight.

Patches for Micro Focus Vibe and Micro Focus Filr

Vibe Java Applets: Updates for Expired Certificates are available

Java Applets and WebStart-Components are used in Micro Focus Vibe to present you an easy way of uploading folders full of content by drag-and-drop, they simplify the direct editing of files through the edit-in-place functions, and they enable the graphical view of workflow designs with the Workflow-Viewer.

Since August 1st, 2018, end users of  Micro Focus Vibe 4.0.4 or Novell Vibe 3.4  can experience a Java Warning message, notifiying them of the expiration of a signature on the code, which makes the Java Runtime see the code as untrustworthy, so the code will not run. As a result, files cannot be added via the applet-based Drag-and-drop feature (Ctrl-Click on “Add Files..”), “Edit this File” becomes unusable, and the Workflow Designer as well as the workflow history do not show the Workflow Preview any more. But also since the 1st of August, there are updates available for Vibe that replace the applet and WebStart components wit freshly signed files, that have a signature validity well into 2021.

The majority of our customers – all affected ones, that is – have installed the updates with us already. You can find the Java Applets Patch here, as well as via the Novell Patch Finder. Depending on your installation, the installation may come with a small obstacle, which is overcome easily. If you would like our assistance when installing the Applet Update, don’t hesitate to contact us!

Filr and L1TF/ForeShadow: A Patch is available

For all Filr 3 – systems, the „Filr 3.0 Security Update 5“ is available via the Filr Patch Channel. It contains patches for the security issues recently published under the monikers  „L1 Terminal Fault“ and  „Foreshadow“, which affect modern CPUs. More information on the patch can be found here. As usual, this patch is applied via the Filr Appliance Update Channel – on release of the patch, in some instances there were delays in patch visibility when refreshing the list of available updates in the appliance configuration interface – updates on that are posted here. For questions and in case of issues, we are – as always – here for you.

Sextortion: “We have recorded what you did in front of the computer”!

The tag-alongs in the multi-billion business of internet pron have come up with an especially devious plot – they are sending emails that may give many people a little jump-scare.
The mail start somethink like this:

„I’m aware that XXXXXXX is your password.
You don’t know me and you’re thinking why you received this e mail, right?
Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.
What exactly did I do?
I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

Even smartphone users are being targeted by this sextortion scam, and the messages there start like this:

„It seems that, +1-951-xxx-xx01, is your phone number. You may not know me and you are probably wondering why you are getting this e mail, right?“

The email contains a threat to send the video to all contacts found on the phone or the PC, and the scammer demands the transfer of a not insubstantial sum in Bitcoin to a given Bitcoin address, together with getting-started information on BitCoin ans well as an ultimatum.

The sad fact is: there are recipients of these scam mails who do pay money to the scammers. This can easily be seen by following the transactions of the target address via the public Bitcoin blockchain. Since the phone number looks “real enough”, and since the passwords given are real passwords (although maybe older ones), for some there is  enough reason to believe the scammers.

Bu wait a minute: where did the scammer get the password or the telephone number? Phone numbers are easy, of course, they are available all over the internet. But the password? Well, the password is on the internet, too. A large number of hacked accounts are in circulation, which have been compromised by one of the big account leaks in recent years. If you want to check for yourself, just go to https://haveibeenpwned.com/ , a page that shows if the password from the scam email has been affected. The emails are a bluff, of course, and are probably created using a script that uses a large dataset of stolen personal data. There are no recordings, and no malware was installed. There is no reason to pay any amount of any currency, whatsoever.

But still, these scam mails are a warning shot. Is the password given one that you used on other accounts, too? At Amazon, Facebook, Google? is it used on more seldom-used accounts like public library access, or your account on a family members PC? It might be time to think about ways of creating, using and managing safe and secure passwords.

If you want to talk about your requirements in IT security, especially the human facotrs in that area, we are there for you!

Filr Update

Implementing Customer Ideas in Filr 3.4

When planning the development efforts for the current version 3.4 of Micro Focus Filr, product and development managers at Micro Focus have listened to customers, partners and users, and have implemented another 24 ideas drom the Ideas Portal, shich brings the total of customer requests that wew realised to 83! This Cool Solutions post has the information and links: https://www.novell.com/communities/coolsolutions/filr-3-4-listened/ .

Of course, for future product development, user feedback will have the same level of importance for the Micro Focus Filr team, and everyones input is welcome and appreciated.  Version 3.4.1 is already in the beta phase, and brings new improvements once more. So, naturally, ideas for new features, or ideas on how to improve the functionality or ease of use for existing features, can and should be posted on the  Filr Idas Portal continually, and if you do not want to put out your own ideas, vote for the ones that are there and help the product team prioritise ideas! Take part in the future of the products you use: join in!

Filr Advanced for OES / NOWS Customers

Since mid-June of 2018, Micro Focus customers who are current on maintenance for OES or NOWS – and thus are entitled to use Micro Focus Filr – have the opportunity to upgrade to the Advanced Edition of Micro Focus Filr at a very competitive price point. They do, however, need to license all OES/NOWS users for Filr Advanced, and must stay under active maintenance to be valid.

We can only recommend this great offer to any and all OES and NOWS customers who are under maintenance, so they can take advantage of the host of features that the Micro Focus Filr Advanced Edition offers – like the extended security features, sharing of Folders from Net Folders, mobile and desktop app branding and the integration tools for Microsoft Office! And if you are an OES or NOWS customer, but you are not yet using Filr: what are you waiting for? You have an entitlement to use a secure, stable, and scalable file access and sharing platform that will stop your users from using the likes of dropbox and OneDrive! More information on the featres you get extra if you go with the Advanced edition can be found at https://www.microfocus.com/products/filr/features/#version.

We are available for any questions around Micro Focus Filr or on the transition to the Advanced Edition – just get in contact!

Webinars

Micro Focus is making an on-demand Webinar zu den Neuerungen in Filr 3.4 available. The webinar shows you how to use the new features to get users be more productive, and to make the administrators’ life easier.
The webinar is a recording of a webinar from July 2018, so you can view it whenever you like, and as often as you like.

Additionally, there will be a webinar on September 26th, 2018, from 16:30h-17:30h CEST, covering „An early look at OES 2018 SP1“. That webinar will not only inform about the improved performance in the whole stack of NSS/CIFS/NCP and the improvements in Domain Services for Windows, but also cover the advancements made in the area of cloud-integrated storage, which enables customers to have policy-controlled shifting of content and data into the storage system that is best for the data, or that simply offers the best price for the byte – be it on prem, private cloud or even public cloud. All while keeping data safety and data security levels where you’ve come to expect them with enterprise-grade proucts from Micro Focus (and Novell before). Registration and info on the webinar can be found here.

Use Case Spotlight: Micro Focus Vibe and Email – Session One

The many of features and possibilites offered by Micro Focus Vibe often do not jump out at you, so sometimes they seem more hidden than they really are. We will demonstrate in this Use Case Spotlight how easy and pactical it is, still, to generate added value with simple measures and configuration options. In future spotlights aound the topic “Vibe and Email”, we will cover more facets of this feature set – this time we cover the use of Micro Focus Vibe as a mail archive for distribution lists.

The Challenge

New email, old emails – whenever a new recipient is added to a distribution list or mailing list, they have no access to older emails ehich were sent to the list previously. Discussion start “somewhere in the middle”, and questions to the list are sometimes answered by referencing old mail threads. It somehow feels like joining a week-long workshop two days late. So one asks colleagues and with a little luck one of them has a collection of old list mails that is presentable or even exportable. The same problem exists for lists that are used for regular department or team bulletins. Even for the administrators, getting a proper overview on list contents can be hampered by technical or by legal road blocks. Often, the call is made for a mail archiving solution, but an “offical” mail archiving tool is geared toward legal requirements for archival and does not fit the bill, here.

The Solution

A solution is simple when using Micro Focus Vibe: use MIcro Focus Vibe as an email archive. To do that, a folder is created in a reasonable or meaningful place – meaning one that is found easily by participants, like a department workspace, a team workspace, or even a personal or public area. As folder type, the Discussion Folder fits the use case very well, since its folder listing gives a good overview of its contents. Next, the folder is configured as per the documentation to have a “Simple URL” and to allow emails to be sent into the folder – this lets the folder have an email address that accepts emails from all users who have the right to create entries in the folder.
Inbound emails are shown in the folder as Micro Focus Vibe entries: the entry title receives the email subject, the entry description field gets the email body, and any attachments on the email will be added to the entry as attachments.
Micro Focus Vibe‘s powerful access control is used to control who can send emails into the archive and who can read it. By default, only the members of the distribution list get access – a setting that is extremely easy if you manage your lists in an LDAP-aware system like GroupWise or (if properly configured) MS Exchange. When set up this way, every new member of the distribution list only needs to be sent the link to the Vibe folder, and they can immediately browse the list archives and then take part in the discussion using the knowledge passed to the list in the past.

You can find more Use Case Spotlights in our regular Code and Concept Monthly updates – feel free to browwse the archives. If you have any questions, or if you want your own use case to be presented, just get in touch!