The Business Controls Caddy

Permalink Arrogant (and Incorrect) FUD in the LDD Forum




It is not bad enough that as IT professionals we have to fight marketing FUD (Fear, Uncertainty, and Doubt) every day, bit it is irresponsible when one of our colleagues does so within our own community. In this case, an individual posted that he had "discovered" a very serious "security hole" in Lotus Notes/Domino. It was a vulnerability that does not exist. Yet he posted about it in the forum as 'gospel', which he does with everything he writes/posts. Note that  what he posted does have IT Governance relevance, and I will comment eventually on that aspect.

Did he post details? No. He said he wanted to keep the information away from hackers. Did he open a PMR with IBM? No. He said he did not know anyone he could trust at IBM with the information. So I asked him to send me the information so I could pass it on to my IBM contacts. Well, he sent it to me, and when I picked myself off the floor from my fit of laughter, I did pass it onto IBM security managers, who said it was not a vulnerability.

What made me laugh so hard that he did not "discover" anything. He had merely posted about an issues that has been openly discussed in the Lotus/Domino community for years, and really is a non-issue.

So I am asking this person to be more careful about what he writes in public (both in the forum and on his blog). It directly reflects on him (and his employer).



Comments
09/09/2005 02:25:18 AM

Comment posted by Mika Heinonen09/09/2005 01:54:28 AM
Homepage: http://siipi.com/mika


That's funny :)

I never said I would have "discovered" it, it is merely a feature of Notes which can be abused very easily, and it's very dangerous.

If it's not a security hole, then why you can take control over anyone's access rights, databases and private mails with it.

09/09/2005 03:58:16 AM

Comment posted by Nathan T. Freeman09/09/2005 03:48:46 AM


Lemme guess... he "discovered" dictionary attacks on HTTPPasswords.

Looks like I can leave the knife & fork in the utensil drawer.

09/09/2005 04:29:16 AM

Comment posted by Mika Heinonen09/09/2005 04:02:26 AM
Homepage: http://siipi.com/mika


Nope, that would Web Security, which I never said to have security holes :)

I would like to know where this has been discussed on LDD before, so I could see what is already known to the public, and give more details, without causing unnecessary security risks.

09/12/2005 03:22:15 PM

Comment posted by M Riggsby09/12/2005 02:59:54 PM


> really is a non-issue.

Think you might, then, mention that it's a non-issue in the thread on the discussion board to close the FUD-killing loop and perhaps point Mika to where he's wrong so the false alarm isn't raised again?

Add Your Comments



Email addresses provided are not made available on this site.





You can use UUB Code in your posts.

[b]bold[/b]  [i]italic[/i]  [u]underline[/u]  [s]strikethrough[/s]

URL's will be automatically converted to Links


:angry: :-( :-p :lips: :laugh: :-o :rolleyes: :huh: :-D :grin: :cool: :cry: :-) :-\ ;-) :-x :emb:






Remember me    

Add Manual Trackback
Please enter the details of the trackback post. Your trackback will not appear on the site until it has been verified. This may take up to 10 minutes.

Site Name

Permanent URL of TrackBack Post

Title of Post ( If Any )

Excerpt of Post ( Max 250 Chars )



free html hit counter