Monday, November 01, 2004

Lotus Notes Still Sucks

The Achille's Heel of Lotus Notes still remains that ID file scheme that they use to protect your identity while using the Win32 client.

The Notes ID contains your password, or rather, your password unlocks the ID file (and all of the certificates contained within). So, it is the key to your identity.

The problem is that anyone with an old ID file and the password for that file can likely log in as you, modify your mailbox database, add agents signed as you, etc. Notes administrators, wanting to protect against accidental loss of the ID file and against a user forgetting their password will often ask for a copy of the current ID file and the password to unlock it.

I can think of no bigger security risk in todays world than this! Yet, it's perfectly acceptable in the Lotus Notes community.

What's worse is that often, an employee's job is at stake based on how they use company property (i.e., email). So, if I told our top clients to "F--- OFF! We don't want your business, and our CEO is a c---sucker" then I probably would be fired. Well, what's to stop an old administrator who leaves the company (or is forced to leave) from impersonating me and doing just that? Or anyone with a grudge who happened to come across the password information one day?

Or, what's to stop someone from creating an agent in our CEO's mailbox that blind copies all email sent and received to a gmail account for offline reading? Since they could sign the agent as that user, the user would not get a security warning when the agent executes.