http://secunia.com/advisories/product/17839/
Doesn't look like Drupal 3.x-6.x is fairing much better in the security issues than Joomla is. Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 -----Original Message----- From: Steven Peck [mailto:sep...@gmail.com] Sent: Friday, July 31, 2009 2:00 PM To: NT System Admin Issues Subject: Re: Wiki / Sharepoint / Collaboration Tool recomendation So beside all the basic firewall/security/misc etc stuff.... Why are you using Joomla and how much time/effort are you looking at being able to spend on this? There are other open source solutions that should be able to deal with what you are looking to do depending on exactly what that is. >From the open source side, Drupal is the CMS people often turn to when Joomla proves to inflexible for peoples future needs. It does have a steeper learning curve as a result, but there exists an webapp installer package for it on IIS7 (ping me offlist i fyou want more details). While I haven't seen Groove at all, SharePoint has at least some of what you seem to be looking for as well. Steven On Fri, Jul 31, 2009 at 10:32 AM, Ziots, Edward<ezi...@lifespan.org> wrote: > Yep, Exactly the point I was going after, since you trust that machine, > to upload documents to, also could be manipulated to server up web > browser exploits, malware, Trojans and rootkits after gaining control > and connecting back to the control server either over encrypted channel > or hiding in normal site on something like port 53, 80, or otherwise. > > Hackers still care about the data if its of strategic importance, but > better would be the cached credentials of a sysadmin or domain admin, > that can easily be harvested cracked offline and then used to gain > access further in the domain (domains) and impersonate anyone doing > anything, and then basically you are 0wned.... > > Don't think just because you are inside a firewall its going to save you > from these types of attackers, because it only takes one compromised > workstation and one user to bring you down. ( Flash exploits, Itunes > exploits, MAC exploits, IE Exploits, DirectShow Exploits, Trojaned > Music, Videos, Games, etc etc, I think we start to see that the > infection vectors are coming fast and furious and without patching > mitigation and ridding yourself of unsecure, flawed software > implementations, will help towards keeping your house in order. > > Z > > Edward Ziots > Network Engineer > Lifespan Organization > MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + > ezi...@lifespan.org > Phone:401-639-3505 > -----Original Message----- > From: Rod Trent [mailto:rodtr...@myitforum.com] > Sent: Friday, July 31, 2009 1:09 PM > To: NT System Admin Issues > Subject: RE: Wiki / Sharepoint / Collaboration Tool recomendation > > I don't believe he's talking about stealing data. Who cares about data. > These is more of an exploit that can be utilized to gain control of the > server and those other servers and workstations connected to it through > the > network. > > -----Original Message----- > From: Garcia-Moran, Carlos [mailto:cgarciamo...@spragueenergy.com] > Sent: Friday, July 31, 2009 1:00 PM > To: NT System Admin Issues > Subject: RE: Wiki / Sharepoint / Collaboration Tool recomendation > > It's not perfect and we do have it inside, most of the Docs and articles > we write on it are non secure type docs like "how to configure a > printer" or "how to turn on a virtual guest" but now that we might want > to put more secure data into it we are looking at options mostly > something portalish with some left hand navigation and security > > -----Original Message----- > From: Richard Stovall [mailto:rich...@gmail.com] > Sent: Friday, July 31, 2009 12:56 PM > To: NT System Admin Issues > Subject: Re: Wiki / Sharepoint / Collaboration Tool recomendation > > I disagree that it's perfectly fine to disagree. We must all agree to > agree. Agreed? > > On Fri, Jul 31, 2009 at 12:52 PM, Ziots, Edward<ezi...@lifespan.org> > wrote: >> Unfortuntely, Joolma is ridden with security issues. >> http://secunia.com/advisories/product/5788/ >> >> Seen a lot of script kiddies using pre-batched scripts hunting for > joolma enabled sites, to exploit. It might be inside your firewall, but > something that is coming up on the security blotter monthly, does not > make a good enterprise document repository in my opinion ( others will > disagree and that is perfectly fine) >> >> Z > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > _________________________________________________________ > This e-mail, including attachments, contains information that is > confidential and may be protected by attorney/client or other > privileges. > This e-mail, including attachments, constitutes non-public information > intended to be conveyed only to the designated recipient(s). If you are > not > an intended recipient, you are hereby notified that any unauthorized > use, > dissemination, distribution or reproduction of this e-mail, including > attachments, is strictly prohibited and may be unlawful. If you have > received this e-mail in error, please notify me by e-mail reply and > delete > the original message and any attachments from your system. > _________________________________________________________ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
