A group of bug-tracking hackers in the US called L0pht Heavy Industries has uncovered a flaw in Lotus Notes that allows anyone on the Internet to access a Notes database, once it has been accessed previously by a Notes 4.6 client. L0pht issued an advisory statement late last week, saying that the flaw mainly affects users who set up Notes for development purposes or as an intranet. According to L0pht, the Notes server becomes vulnerable when a user chooses the "Preview in Web Browser" function on a database.
Once the connection between client and server is open, any user on the Internet can access the database, and modify it using standard Domino URL commands. L0pht said the problem can be solved by editing the server's access control lists, and adding filters to Notes-only clients to disable the HTTP port. Lotus said the flaw is a documented problem.
Dr Kuan Hon criticises GDPR consent emails that will only eviscerate marketing databases and 'media misinformation'
Apple squashes Steam Link app on 'business conflicts' grounds
Philip Hammond wants to forget rules that the UK agreed with the EU to ban non-European companies from the satellites
Instapaper to 'go dark' in Europe until it can work out GDPR compliance