Category: <span>Uncategorized</span>

Secunia contacted IBM Lotus to report several potential cross-site scripting vulnerabilities in Lotus iNotes ultra-light mode.  

Link to Secunia advisory
http://secunia.com/advisories/38026/

To exploit these vulnerabilities the following would have to happen :

(1)  A user’s mail file must be using a design which includes the iNotes ultra-light mode design (first introduced in version 8.0.2)

(2)  An attacker would have to create and send a malicious URL to the user

(3) The iNotes ultra-light mode enabled user would need to be enticed to click on the malicious URL  

Note:  iNotes users do not have to be using ultra-light mode to be vulnerable; ultra-light mode just has to be  enabled for their server and mail file.  

Three potential scenarios have been identified where HTML or script code could be inserted into the following areas:

(1)  Ultra-light mode “Edit Contact” scene

(2)  Unsupported browser page

(3)  Status alerts in ultra-light mode

See the TN1417063 for mor details

The parameter, server_session_timeout, defines how the server will manage idle client sessions. Client sessions represent memory consumption on a Domino server and Domino has a finite amount of memory available for session management.

See this TN for more information

First post of the year!
Domino 7 and 8 releases do not currently support authentication using credentials included within the SOAP packet.
See this TN about an work around

Notes does not have the feature to deny Return Receipt. If you don’t like it you can disable it on the server

In the Configuration Settings > MIME tab > Conversion Options  tab > General tab, set “Return receipts” as Enabled or Disabled to affect how return receipts go to and from the Internet.  For more information, refer to the Domino Administrator Information Center topic “Enabling Domino to process return receipts for SMTP messages.”

If you want to send but control Return Receipt on the Notes Client put the code on the QueryOpen event of the memo form:

Dim answer As Integer
       If( Not Source.Document Is Nothing ) Then
               If( Source.Document.HasItem( “ReturnReceipt” ) ) Then
                       If( Source.Document.ReturnReceipt(0) = “1” ) Then
                               answer% = Messagebox(“Deseja enviar aviso de recebimento solicitado por”& Chr$(10) & Chr$(13) & Chr$(13)_
                               &Source.Document.GetItemValue(“From”)(0), 36, _
                               “Aviso de Recebimento”)
                               If (answer%=7) Then
                                       Source.Document.ReturnReceipt = “0”
                                       Source.Document.Save True, False
                               End If
                       End If
               End If
       End If

We are migrating an installation of Portal 6.0.1.3 to 6.1.0.1. After several errors and corrections applied is time to finalize and put the last piece of IBM HTTP Server. But the Bug described in this TN seems to be the last headache. Beware of  remote HTTP Server and Portal 6.1.x

Estamos migrando uma instalação do Portal 6.0.1.3 para 6.1.0.1. Após vários erros e correções aplicadas é hora de finalizar e colocar a última peça IBM HTTP Server.
 Mas o Bug descrito no TN  nos parece a última dor de cabeça. Cuidado com HTTP Remoto

This link contains useful information about Sametime 8.5 . It is a question and answer document.

Feliz Natal e próspero ano novo.

Sametime 8.5 is available for download. The infocenter is working and for instant messagin you need this:

Deploying instant messaging and presence only

To provide instant messaging and presence only, use a Sametime® Community Server or cluster of servers running on Domino®.

The following components are deployed in a Sametime environment that contains instant messaging and presence only:

• Lotus® Sametime System Console (used for managing and administering servers from a central location)
• DB2®
• LDAP directory
• Lotus Sametime Community Server
• Lotus Sametime Proxy Server
• Sametime Connect client, Sametime client embedded in Notes®, or Sametime browser client

To extend instant messaging to external communities, also deploy Lotus Sametime Gateway. To provide audio-visual features in the Sametime client, also deploy Lotus Sametime Media Manager.

This funcionality is good and some Administrators do not implement it. From the Domnino Administrator Help

License Tracking allows you to monitor the number of active Notes users within an IBM® Lotus® Domino™ domain. You can use License Tracking to determine how many client licenses you have, whether you need to purchase additional licenses, and when you need to purchase them.
Note  License Tracking is not supported in a hosted environment.

How license tracking works

When License Tracking is turned on, client usage is tracked on each server and the data is temporarily stored in the file LICENSE.NCF.  When a user authenticates with a server using the IBM® Lotus® Notes® client, HTTP, IMAP, POP3, SMTP, or the LDAP protocol, the user’s full canonical name, protocol, and time and date of access are collected. Once each day (at midnight) , an administration request sends to the administration process, information regarding new users and information regarding users who have not accessed the server within the last 30 days. The administration process running on the administration server processes the request.

The Domino User License Tracking database is created and resides on the administration server, not on all servers. The database is not created as soon as the License Tracking feature is enabled; instead, it is created when the administration process processes the first administration request to update the database. The administration process creates a new User License document in the Domino User License Tracking database (USERLICENSES.NSF) for each new user reported in the administration request.  Documents are updated with the new time and date for those users who already have a document in the Domino User License Tracking database. If a user does not access any servers in the Domino domain for one full year, the corresponding User License document is deleted from the Domino User License Tracking database. Daily updates to the database enable you to review this information at any time to obtain an up-to-date report on the number of client licenses that you have available for use.

Note  If a user is deleted from the Domino Directory, the corresponding document  in the Domino User License Tracking database is deleted. If a user is renamed, the corresponding document is also renamed accordingly. Existing administration requests are used to maintain this user information.

By default, administrators have Manager access to the Domino User License Tracking database and users have no access.

Note  The Miscellaneous/Licenses view that displayed in Domino R5 is not part of the License Tracking feature.

Enabling or disabling license tracking

Use this procedure to either enable or disable License Tracking.

  1.        From the Domino administrator, click the Configuration tab.

  2.        Choose Server – Configurations.

  3.        Select the server and click Edit Configuration.

  4.        On the Basics tab, in the License Tracking field, click Disabled or Enabled according to what you want to do.

  5.        Click Save and Close.

Calculating the number of licenses in use

Use this procedure to recalculate the number of IBM® Lotus® Notes® and/or IBM® Lotus® Domino™ Web Access users in your domain. A document is created for each server in your domain, listing the number of Notes and Domino Web Access users on each server.

  1.        From the Domino administrator, click the Files tab.

  2.        Open the Domino User License Tracking database.

  3.        Choose Active Users – By Server, or choose All Users – By Server, and then click Recalculate Licenses.

O Sametime 8.5 estará dispnível em 22 de Dezembro segundo a IBM. A carta de anúncio está neste link

Sametime version 8.5 will be launched on 22 December.