Personal Blog of Thomas Hampel - Creative Mythbusting in Development and Collaboration

False Alarm: New Domino Backdoor

20 April 2023 Thomas Hampel
IBM XForce is well known for the quality of their research - however this time I'm wondering about the publication.
They
discovered and analyzed a new type of malware (so far so good) and they named it ... "Domino"

Don't Panic!

HCL already published
this technote to clarify that this is unrelated to the HCL Domino product and has requested IBM Security X-Force to correct this unfortunate use of HCLSoftware’s registered and licensed product name.

Update!
IBM updated their article and have renamed the malware - it is now called "Minodo"

In short:

1. There is no backdoor in HCL Domino

2. The new malware which IBM has discovered has NOTHING to do with HCL Domino.

3. This malware does NOT affect HCL Domino



Reference:

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0104503
https://securityintelligence.com/posts/ex-conti-fin7-actors-collaborate-new-domino-backdoor/
Comments [0]
Tagged with: Domino IBM Security

We need your input - Domino Admin Survey

18 April 2023 Thomas Hampel
Hey Domino Administrators out there,

HCL is looking for your input regarding how you are managing your environment.

Can you please help by answering this small survey?

It is completely anonymous and consists of a few questions to gather information on how Domino is used and how software updates are handled by Domino customers.

It should take less than 3min. to complete.


If you are managing more than one Domino environment please submit a survey for each one.

https://hclsw.co/domino-admin-survey

Image:We need your input - Domino Admin Survey
[0]
Tagged with: Administration Domino

Available now: HCL Notes/Domino 12.0.2 Fix Pack 1

17 April 2023 Thomas Hampel
HCL just released Fix Pack 1 for HCL Notes/Domino 12.0.2
More details of what has been fixed are provided in the Release Notes or if you prefer reading the classic Fix List Database style see this => Notes/Domino Fix List

Before installing this update, please verify the system requirements:
The following kits/packages are now available for download on Flexnet for entitled customers:

Notes Client
HCL Notes 12.0.2FP1 Basic Configuration for Windows English 32-bit
HCL Notes 12.0.2FP1 for Windows 32-bit
HCL Notes 12.0.2FP1 for Windows 64-bit
HCL Notes 12.0.2FP1 for Mac 64 bit

Domino Server
HCL Domino Server 12.0.2FP1 for Windows 64bit
HCL Domino Server 12.0.2FP1 for AIX
HCL Domino Server 12.0.2FP1 for Linux
HCL Domino Server 12.0.2FP1 IBMi
HCL Domino 12.0.2FP1 Docker image


Comments [0]
Tagged with: Domino Notes

How to run HCL Domino on a QNAP NAS

21 March 2023 Thomas Hampel
Image:How to run HCL Domino on a QNAP NAS

Some time ago I've done a demo running Domino on a QNAP network attached storage device.
Thanks to Docker and the Domino Container project which Daniel and I are maintaining, running a fully a featured Domino environment incl. Verse, Nomad, Rest API, Traveler and Leap is not a problem even on entry level hardware.

Datails and step-by-step instructions have been published here in the Domino container project documentation.
Enjoy reading!
Comments [0]
Tagged with: Administration Docker Domino

Help! DAOS files have been removed - the impact of a misconfigured backup job

22 February 2023 Thomas Hampel
Recently a customer approached me with a request for help. I'd like to briefly share the story here because it was an interesting case.

On a Friday, the Domino team noticed severe problems with loading attachments, users reported they are no longer able to open attachments.

It seems like no single DAOS object can be opened anymore by the server.

Domino servers are reporting: Error 0x80070780: The file cannot be acessed by the system.


Checking the DAOS repository on the Domino server's disk revealed those files are displaying with a file size of XX MByte but actually have a size of ZERO BYTES (!!!)

Image:Help! DAOS files have been removed - the impact of a misconfigured backup job

Potential cause? Maybe a broken hard disc or filesystem? People even assumed Domino itself would be responsible for destroying DAOS objects on disk.

To mitigate the issue, a full restore of all DAOS objects was initaited which took a couple of hours. Afterwards it seemed the situation was resolved.

However just one day later the same problem appeared. All DAOS objects again had a size of 0 byte again with millions of DAOS objects being affected.


Root cause:

It turned out the backup software ( Commvault ) was misconfigured - instead of taking a backup of DAOS objects it was configured for >archiving< them.

Archiving in this case means that files will be moved to the backup environment but a 0 byte place holder will remain.

One could claim the user interface of Commvault backup easily allows for clicking the wrong option as both of them are listed next to each other.
There is no visible difference between the configuration screens later on, so unfortunately it was a human error/mistake to click on the wrong option.

Image:Help! DAOS files have been removed - the impact of a misconfigured backup job

Solution:

Initiate a restore job of files that were archived to the commvault envioronment.

https://documentation.commvault.com/v11/essential/134649_restoring_archived_data.html

Lessons learned:

Dont blame the top level application for a failure just because it is most impacted.
Open a support ticket at HCL and work together as a team to investigate and resolve the issue.

Comments [0]
Tagged with: Administration Domino
Thomas Hampel, All rights reserved.