Content Management Matters ™

Ping Identity, a provider of identity management web services, has recently released PingFederate 5.2 -- a single sign-on software for SaaS users and vendors.

The new release incorporates key technologies from Ping Identity’s recent acquisition of Sxip Access to offer automated provisioning and de-provisioning, as well as advanced user access methods.

Within hours of Google Chrome's entry into the Web browser arena, concerns about the browser's privacy and copyright claims within the terms of service echoed throughout blogs and news organizations around the world.

With a unique ID embedded in each copy of Chrome, so the grumble goes, Google could use Chrome to harvest huge amounts of behavior data and potentially dramatically erode any remaining semblance of online privacy. This idea has given us pause. Is Chrome a major privacy threat or have the good net citizens of the world been overreacting?

Today, South River Technologies edges Basic Content Services into the mainstream with the latest release of their secure document management and collaboration solution GroupDrive 5.0. This version has a strong focus on security across the network and the internet.

Web 2.0 technologies are fraught with vulnerabilities. Seventy-one percent of all security vulnerabilities were attributed to both open source and commercial Web applications, according to a report by security firm Cenzic Inc., "Application Security Trend Report for Q4 2007."

But before you freak out, let's put this in perspective. Cenzic is a security firm, which offers many products, which boast "complete web application security vulnerability management, and security enforcement assessment software." With software like that to sell, their report surely isn't going to tell you that Web apps are safe and secure.

We hear the same terms bandied about whenever a popular site gets hacked. You know... SQL Injection, cross site scripting, that kind of thing. But what do these things mean? Is hacking really as inaccessible as many of us imagine; a nefarious, impossibly technical twilight world forever beyond our ken?

Not really.

When you consider that you can go to Google right now and enter a search string which will return you thousands of usernames and passwords to websites, you realize that this dark science is really no mystery at all. You'll react similarly when you see just how simple a concept SQL Injection is, and how it can be automated with simple tools. Read on, to learn the basics of how sites and web content management systems are most often hacked, and what you can do to reduce the risk of it happening to you.

A Harvard Website was hacked recently, with 125 MB of records stolen and later uploaded to BitTorrent for Peer-to-Peer distribution. gsas.harvard.edu was still down at the time this article was researched (it's back up now).

The site was a local Joomla installation. A variety of simple Joomla! hacks have been identified and shared around the web in recent weeks. Most of these claimed vulnerabilities exploit weaknesses in 3rd party modules, which exposed some SQL Injection gaps. It is not yet clear whether the Harvard Grad. School of Arts and Sciences site fell victim to such an attack.

According to the analyst firm CMS Watch, enterprise content management vendors are failing to meet the security requirements of Service Oriented Architectures (SOA).

They claim that, after evaluating a number of ECM technologies, these products are "lacking key security pre-requisites" and are "ill-equipped to meet the security requirements of Service Oriented Architectures (SOA)".

Ouch! say the big boys leaning forward in their leather massage chairs.

Is your enterprise intranet spread across a wide area network (WAN)? Are you concerned with distributing your secure content across this network without affecting performance? According to a survey of 550 enterprise content management executives, the key issues they are facing today include improving application response time and security. Certeon, a provider of Application Acceleration Appliances, is co-hosting a webinar with the former CIO of Iron Mountain, which should provide some insights into these two issues.

One of the perks of living in Silicon Valley is taking advantage of the SDForum, which usually promises some good healthy brain-overload on what's important to techies today.

The SDForum has just announced its line-up of speakers for the Security Conference, which takes place this September 19.

Who doesn't love AJAX? It alters a site's content without users having to reload. It's rendered the pageview virtually worthless, inspiring Nielsen/BuzzMetrics to pursue a time-based site tracking model for calculating the popularity of sites. And in many ways, its availability is one manner of gauging the hip-with-it-ness of a site.

As with any snazzy and hype-ridden new technology, there is reason to take caution.

This week Google announced the acquisition of Postini, a communications security and compliance company, for US$ 625 million.

Google has made inroads into the enterprise and higher education markets with notable additions to their Google Apps offering. But Postini's capabilities are an entirely different value proposition, making the search giant into a contender for the long, arduous battle with legal and corporate compliance concerns.

Unless you’ve been living on a boat or a remote island for the last few years, you might have noticed a strong increase in the number of wi-fi-connected locations sprouting up. Indeed, wi-fi access points are popping up like wild mushrooms (even in cars!), and the fact that many of these networks remain unsecured is cause for concern.

Six Apart have announced an important security update recommended to all of its Movable Type (MT) users. Additionally, the new MT 3.35 -- or MT 1.53 Enterprise -- features an easier download and install process including the use of a wizard for first timers.

After its acquisition of Stellent half a year ago, Oracle has been disturbingly mum about how it plans to use its new resources to beef up their existing Content Management offerings.

That silence has just been broken. Today Oracle released its broad intentions for assimilating Stellent offerings.

Apparently Microsoft Content Management Server (MCMS) comes stock with some bugs. While that will probably not surprise most cheeky PC-cum-Mac-users, these particular vulnerabilities can be exploited by hackers to initiate cross-site scripting attacks or otherwise compromise a system lacking adequate protection.

In essence, the bugs bring compromised systems back to the pre-malware days.