We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Hackers demo Notes sabotage

Lotus security team downplays claim

Representatives of two security firms claim that flaws in Lotus Notes allow a skilled intruder to open the e-mail boxes or databases of virtually any Lotus Notes user, send e-mail under that user's name, and authorise others to access those mailboxes or databases.

The security consultants also contend that another flaw, tied to the Domino server, allows outside users to circumvent protections against viruses and other malicious code.

Lotus says that such attacks require very specific conditions and that remedies are already available to Notes administrators using newer versions of Domino server. Notes runs on the Domino server.

Some 60 million end-users, primarily corporate customers, run Notes, according to Lotus.

The alleged flaws were made public over the weekend in a presentation at the DefCon hacker's conference in Las Vegas.

The consultants say they had withheld crucial details that could permit others to easily duplicate their process.

The security consultants described their research to Lotus before their DefCon presentation, say both parties.

Chris Goggans, a hacker who previously called himself Erik Bloodaxe, described the methods he and associates used to sneak into other users' Lotus Notes accounts.

Goggans, now the director of operations for Security Design International, worked with Kevin McPeake and others at Trust Factory, a Dutch security consulting firm, to identify the alleged security holes.

Lotus is preparing a detailed response to the claims made by the security consultants.

The information should be posted on the Lotus Security Zone portion of the company's Web site later on today.


IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model