Learn about the vulnerabilities and security challenges associated with Lotus Notes in this conference talk from Bsides Las Vegas 2012. Explore the history of weaknesses, tools for exploitation, and mitigation strategies. Discover insights into companies using Lotus Notes, performance issues, and IBM's response. Gain valuable knowledge about password hash formats, enumeration techniques, and the implications for clustered environments. Understand the speaker's methodology, including Google searching, scraping, and analysis of findings. Delve into the complexities of SameTime and its security implications within the Lotus Notes ecosystem.
Overview
Syllabus
Introduction
Who am I
Agenda
Lotus Notes
SameTime
Who uses Lotus Notes
Companies using Lotus Notes
Previous work
History of weakness
Tools
Google Search
Alabama
clustered environment
rip
enumerate
showdown
results
what do I do
scraping
hash formats
performance issues
findings
mitigations
IBM
