Content Management Matters ™

Today, South River Technologies edges Basic Content Services into the mainstream with the latest release of their secure document management and collaboration solution GroupDrive 5.0. This version has a strong focus on security across the network and the internet.

Web 2.0 technologies are fraught with vulnerabilities. Seventy-one percent of all security vulnerabilities were attributed to both open source and commercial Web applications, according to a report by security firm Cenzic Inc., "Application Security Trend Report for Q4 2007."

But before you freak out, let's put this in perspective. Cenzic is a security firm, which offers many products, which boast "complete web application security vulnerability management, and security enforcement assessment software." With software like that to sell, their report surely isn't going to tell you that Web apps are safe and secure.

We hear the same terms bandied about whenever a popular site gets hacked. You know... SQL Injection, cross site scripting, that kind of thing. But what do these things mean? Is hacking really as inaccessible as many of us imagine; a nefarious, impossibly technical twilight world forever beyond our ken?

Not really.

When you consider that you can go to Google right now and enter a search string which will return you thousands of usernames and passwords to websites, you realize that this dark science is really no mystery at all. You'll react similarly when you see just how simple a concept SQL Injection is, and how it can be automated with simple tools. Read on, to learn the basics of how sites and web content management systems are most often hacked, and what you can do to reduce the risk of it happening to you.

A Harvard Website was hacked recently, with 125 MB of records stolen and later uploaded to BitTorrent for Peer-to-Peer distribution. gsas.harvard.edu was still down at the time this article was researched (it's back up now).

The site was a local Joomla installation. A variety of simple Joomla! hacks have been identified and shared around the web in recent weeks. Most of these claimed vulnerabilities exploit weaknesses in 3rd party modules, which exposed some SQL Injection gaps. It is not yet clear whether the Harvard Grad. School of Arts and Sciences site fell victim to such an attack.

According to the analyst firm CMS Watch, enterprise content management vendors are failing to meet the security requirements of Service Oriented Architectures (SOA).

They claim that, after evaluating a number of ECM technologies, these products are "lacking key security pre-requisites" and are "ill-equipped to meet the security requirements of Service Oriented Architectures (SOA)".

Ouch! say the big boys leaning forward in their leather massage chairs.

Is your enterprise intranet spread across a wide area network (WAN)? Are you concerned with distributing your secure content across this network without affecting performance? According to a survey of 550 enterprise content management executives, the key issues they are facing today include improving application response time and security. Certeon, a provider of Application Acceleration Appliances, is co-hosting a webinar with the former CIO of Iron Mountain, which should provide some insights into these two issues.

One of the perks of living in Silicon Valley is taking advantage of the SDForum, which usually promises some good healthy brain-overload on what's important to techies today.

The SDForum has just announced its line-up of speakers for the Security Conference, which takes place this September 19.

Who doesn't love AJAX? It alters a site's content without users having to reload. It's rendered the pageview virtually worthless, inspiring Nielsen/BuzzMetrics to pursue a time-based site tracking model for calculating the popularity of sites. And in many ways, its availability is one manner of gauging the hip-with-it-ness of a site.

As with any snazzy and hype-ridden new technology, there is reason to take caution.

This week Google announced the acquisition of Postini, a communications security and compliance company, for US$ 625 million.

Google has made inroads into the enterprise and higher education markets with notable additions to their Google Apps offering. But Postini's capabilities are an entirely different value proposition, making the search giant into a contender for the long, arduous battle with legal and corporate compliance concerns.

Unless you’ve been living on a boat or a remote island for the last few years, you might have noticed a strong increase in the number of wi-fi-connected locations sprouting up. Indeed, wi-fi access points are popping up like wild mushrooms (even in cars!), and the fact that many of these networks remain unsecured is cause for concern.

Six Apart have announced an important security update recommended to all of its Movable Type (MT) users. Additionally, the new MT 3.35 -- or MT 1.53 Enterprise -- features an easier download and install process including the use of a wizard for first timers.

After its acquisition of Stellent half a year ago, Oracle has been disturbingly mum about how it plans to use its new resources to beef up their existing Content Management offerings.

That silence has just been broken. Today Oracle released its broad intentions for assimilating Stellent offerings.

Apparently Microsoft Content Management Server (MCMS) comes stock with some bugs. While that will probably not surprise most cheeky PC-cum-Mac-users, these particular vulnerabilities can be exploited by hackers to initiate cross-site scripting attacks or otherwise compromise a system lacking adequate protection.

In essence, the bugs bring compromised systems back to the pre-malware days.

In their recent 2007 Scripting Languages -- Developers Choice Report, involving more than 400 developers, California-based Evans Data Corporation found that contrary to some popular opinion, Adobe and Microsoft's environments were considered by developers to be more secure than client/server AJAX scripting solutions such as Ruby, PHP, and Python.

The second update to WordPress has been released, and in just a 10 day period. This is no miracle of agile development. Rather, v2.0.7 is a quick hit patch that addresses both security issues arising in some versions of the base PHP platform and an integration issue known as the "FeedBurner Bug". The update is recommended for anyone running WordPress 2.0.6 or lower.