I found a great list on the blog/news section for the ocPortal CMS, 10 IE compatibility problems that you might not have realized. While the post is related to ocPortal, the Internet Explorer compatibility issues likely will apply to any CMS viewed by the browser.
Yesterday, PHP-Fusion announced that someone had hacked into their site and changed the download link for PHP-Fusion Version 7.
Hello all,
We had an issue a few days ago where a malicious person gained
access to our site as a super administrator via a weak account/gained
password. They apparently changed the download link of PHP-Fusion
version 7 to spendspace and it was packaged as a .rar file.If you downloaded one of these files, please reinstall your entire site using a fresh copy from SourceForge.
While this isn't a good thing, it is a positive that PHP-Fusion disclosed the possibility that the link led to a version of PHP-Fusion that may have been maliciously changed. I can recall a number of other projects (open source and propriety) that have found their source code made vulnerable by someone intruding into their servers. What is always important to customers in these cases is disclosure and transparency. So far, PHP-Fusion seems to be doing the right thing.
However, as of this Thursday morning...it looks like PHP-Fusion's hosting company has suspended their account. At the time of this writing, there is no words given as to the reasons for the suspension. I suspect the suspension is likely to be security related. Perhaps, we'll see an announcement at SourceForge on the status of PHP-Fusion if their home site doesn't come back online soon.
Ironic how the world can change so quickly. Yesterday, the CIO of my organization began enforcing the use of anti-virus software on all of our Linux clients and servers. Today, I read that Apple is telling its Mac users to purchase anti-virus software. Something nasty is brewing out there.
Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult.
Tim Wilson, the site editor for Dark Reading, recently posted an article about recent at the AARP.org website. In the colorfully titled article, "Porn Operators Hijack Pages on AARP Website", Wilson interviews Jeremy Yoder of MX Logic about why AARP.org's site was vulnerable. In brief, the explanation given is that the site deployed a number of Web 2.0 features including user profile submissions which the site didn't properly filter out JavaScript redirected code. Yoder than
A couple months ago, Technorati announced that users of Wordpress needed to upgrade to the latest available version (now at Version 2.5). This week, Technorati announced that blogs remaining vulnerable to identified security exploits may no longer be indexed by their service.
Because of this ongoing problem, we're discontinuing processing crawls of blogs that exhibit common symptoms of being compromised. We strongly recommend upgrading your WordPress installation. Even if you haven't been afflicted by a compromise, by the time you are aware that you have been a number of negative consequences may have already occurred (for instance, flagged spam by Technorati, Google or Yahoo!) -- this has been reported by many WordPress users.
By not upgrading your software, the search engine services may block your site from being listed. I can't think of a greater incentive to update your content management software to the latest version than the threat of being delisted. This is a bold move by Technorati. I'm personally glad Technorati is taking a stand against sites hosting older versions of Wordpress with the known security holes. In my opinion, there really isn't a good reason you shouldn't be upgrading your Wordpress site to the latest version.
Serendipty 1.3 has been released. This new version of the blogging applications introduces 41 changes. Not only are enhancements and additional features introduced, but also changes to address a nasty cross site scripting issue (security exploit).
Some of the more significant features and enhancements for Serenditpity 1.3 include:
This is why I'm very cautious in using any type of search engine toolbar (Google, Yahoo, etc).
Google is working to fix a bug in the Google Toolbar that could allow criminals to steal data or install malicious software on a system, a security researcher warned Tuesday.
The flaw lies in the mechanism Google Toolbar uses to add new buttons on the browser. Because the toolbar does not perform adequate checks when new buttons are being installed, a hacker could make his button appear as though it was being downloaded from a legitimate site when in fact it came from somewhere else.
I felt fear, awe, and even some admiration when I read at CNET about the latest social engineering attack dreamed up by those ingenious Russian hackers.
Those entering online dating forums risk having more than their hearts stolen.
A program that can mimic online flirtation and then extract personal
information from its unsuspecting conversation partners is making the
rounds in Russian chat forums, according to security software firm PC Tools.
I came across a well written summary of content management applications (especially open source CMS) via a Security Blog over at GLORIAD. The CMS article is a near perfect overview on the state of CMS in 2007. This article is a "must read" in my opinion and it's really too bad I didn't write it first. Can you tell I'm envious?
At the end of the article the author concludes: