DominoSecurity Newsletter
(from DominoSecurity.org)

Date: 10/08/2004

Title: DoS attack against webmail, and general comments about these newsletters

Contents:

Hello DominoSecurity readers,

I have posted an update to the Hotlist area of DominoSecurity.org, about a DoS attack using very large messages and Domino webmail. Click here to see the details:

http://www.dominosecurity.org/A5581F/DominoSecurityOrg.nsf/HotlistPage!OpenPage

I also want to explain my general policy about adding notices to the Hotlist. In general, I add fewer notices to my list than Lotus does to their list (www.lotus.com/security). Lotus has an obligation to report everything you might want to know about; I post items I judge to be important. There are two kinds of notices I usually choose not to post:

Items that might be a security flaw, which Lotus is still investigating.
Items that are a security flaw but appear to be arcane or unlikely to be used. (This is always a judgment call and I might be wrong sometime.)

Finally, a word of thanks to readers who keep me informed about items I may have missed, especially Patrick I.

Chuck Connell
781-939-0505 (office)
connell@chc-3.com -- email
www.chc-3.com -- My home page
www.DominoAdministration.com -- Outsourced administration services for Domino and Notes
www.DominoSecurity.org -- The best source for security information about Domino and Notes

(NOTE: I use a spam filter for inbound mail. In some cases, this filter
rejects legitimate messages. If I do not answer your mail, please call
me on the phone.)