A group of bug-tracking hackers in the US called L0pht Heavy Industries has uncovered a flaw in Lotus Notes that allows anyone on the Internet to access a Notes database, once it has been accessed previously by a Notes 4.6 client. L0pht issued an advisory statement late last week, saying that the flaw mainly affects users who set up Notes for development purposes or as an intranet. According to L0pht, the Notes server becomes vulnerable when a user chooses the "Preview in Web Browser" function on a database.
Once the connection between client and server is open, any user on the Internet can access the database, and modify it using standard Domino URL commands. L0pht said the problem can be solved by editing the server's access control lists, and adding filters to Notes-only clients to disable the HTTP port. Lotus said the flaw is a documented problem.
'We are making good progress on 10nm,' claims Intel
Engineer calculates that Chengdu's plan to replace streetlights with artificial moonlight would cost $100bn
Research could also apply to other 'space weather' events involving hot, fast-moving plasma
Dark matter holds the Universe together - and gravitational waves could help identify it