ForgeRock Identity Live is coming to Paris

Paris Identity Summit 2016
On November 21st, we will be hosting the ForgeRock Identity Live summit in Paris. The list of confirmed speakers is impressive, with Fleur Pellerin, Ian Sorbello from HSBC, Marko Orenius from Amer Sports and of course Mike Ellis, ForgeRock CEO.

Registration is here, and I hope to see you then.

Last week, we hosted our London Identity Live summit. The gallery of pictures from the event is available here.
London Identity Live

ForgeRock Trajectory…

frhqEarlier this week, ForgeRock announced an $88M series D funding, ahead of planned IPO.
I’ve been working with ForgeRock for 7 years, starting the first R&D engineering center in Grenoble, France, and building our Directory Services product. And I’m just amazed by the incredible journey we’ve accomplished since the beginning. I’m just thrilled to be part of this great adventure!

If you want to understand its foundation, take a look at this video with Mike Ellis, CEO and Steve Ferris, SVP Services and Founder.

ForgeRock Identity Live Events.

The ForgeRock 2017 Identity Live Summits are well underway but there are more to come in London (October 19) and Paris (November 21). Join us and register.

I was part of the Austin and the Dusseldorf ones in May. It’s a little late to make a summary of the events; you can find highlights, presentations on ForgeRock.com. But I thought I’d share photo albums of both events:

ForgeRock #IdentityLive 2017

ForgeRock #IdentityLive DE 2017

ForgeRock UnSummit in Bristol – March 2nd.

lp0_2813
Allan Foster, VP Global Partner Enablement, master of ceremony of the 2016 San Francisco UnSummit.

On March 2nd, ForgeRock will be hosting an UnSummit, a  free and open to all event, in Bristol.  In an “unconference” format, join us in the ForgeRock’s Bristol offices at Queen’s Square, for a day of discussions, presentations with users, deployers and developers of the ForgeRock Identity Platform.

 

Top 5 reasons why you (or your team) should join us?

  1. It’s a day for techie’s and nothing like a regular conference
  2. If you’re interested in identity or working on an identity project – it’s a must!
  3. There will be 30+ sessions to choose from during the day
  4. It’s a great opportunity to visit Bristol – one of Britain’s leading “Smart Cities”
  5. It’s complimentary so no charge to attend

You can register and find  more details on the ForgeRock website. And if you’re still hesitating, please check what TechSpark wrote about the coming UnSummit.

I’ll be attending the UnSummit and hope to see you there.

 

Les Identity Tech Talks arrivent à Paris

Depuis plus d’un an, il y a des réunions mensuelles à Londres pour discuter des technologies autour de l’Identité Numérique, de la gestion des identités et des accès, de la gouvernance, de la sécurité…

Les Identity Tech Talks arrivent à Paris, le 1er Décembre puis tous les mois. identitytechtalks-fr

Pour la première, “Oubliez votre mot de passe !” et “Comment ca marche : OpenID Connect, fournisseur d’identité universel de Google à FranceConnect” sont les sujets présentés.

Rendez vous à La Source @ Le Tank (RDC), 22 bis rue des Taillandiers, Paris 8.

Pour vous inscrire, c’est sur Meetup.

En espérant vous y voir le 1er Décembre, à 18h15.

 

DDOS Attacks leveraging LDAP !

21382575392_223304551e_z
photo by Christiaan Colen

Yesterday, DDoS mitigation provider Corero Network Security disclosed a zero-day distributed denial of service attack (DDoS) technique, observed in the wild, that is capable of amplifying malicious traffic by a factor of as much as 55x. Several sites published the story as “Attackers are now abusing exposed LDAP servers to amplify DDoS attacks”.

 

According to Corero, the attacks exploited the Lightweight Directory Access Protocol (LDAP), but reading the details of the press release, it appears that the attackers were using Connectionless LDAP services (CLDAP) .

In this case, the attacker sends a simple query to a vulnerable reflector supporting the Connectionless LDAP service (CLDAP) and using address spoofing makes it appear to originate from the intended victim. The CLDAP service responds to the spoofed address, sending unwanted network traffic to the attacker’s intended target.

Connectionless LDAP  is a very old technical specification, published in 1995 as RFC 1798.  In 2003, this specification was obsoleted by RFC 3352 and moved to historical status. One of the main reason for obsoleting the proposed standard was its insufficient security capabilities.

OpenDJ, the open source LDAP Directory Services in Java, has never supported CLDAP and thus cannot be used in such attack. So, if you are a  ForgeRock customer, you should not worry about this kind of attack. But if you’re running a legacy product, that has CLDAP enabled by default, it is probably time to think about moving to a more recent and up to date directory service, such as OpenDJ.