This may be a little over simplified, but the general idea is here.
I'm going back a couple of years(pre R5), so unless the architecture has
changed, Notes runs the same risks as Outlook does today. Replace all the
VB vulnerabilities available today with Lotus Script and you would be amazed
what you can execute local client and server 8).
Since most clients will run local agents by checking the automagic agent
execution box the vulnerability potential is now limited to your ability to
write Lotus Script(not tough, just obscure).
I'm not sure how much you can do outside of the notes sandbox (It's been a
while since I messed with it), but the potential is there. Any of you notes
gurus/hackers know what system calls are available with Lotus Script 8)
--Neil
{JFDI}
----- Original Message -----
From: "Ivan Fox" <[EMAIL PROTECTED]>
To: "Firewall-Wizards@Nfr. Net" <[EMAIL PROTECTED]>;
"Firewalls@Lists. Gnac. Net" <[EMAIL PROTECTED]>; "Firewall-1"
<[EMAIL PROTECTED]>
Sent: Thursday, September 28, 2000 1:30 PM
Subject: OT - Lotus Notes
> I am seeking advice/comments on allowing supplier's Lotus Notes to have
> "mail run" with our Lotus Notes over the Internet. Being unfamiliar with
> Notes, is there any security issues that I need to concern with?
>
> Any comments/suggestions are welcome.
>
> Thanks,
>
> Ivan
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
