Security News & Articles

Over the last few months, there has been a great deal of activity at the most senior levels of the US Government discussing the use of persistent cookies on federal agency web sites. If you are a Federal Web Manager or Web Analyst, you are painfully aware of the constraints on using cookies and the limitations it causes to a more accurate definition of unique visitor, and some of the more advanced segmentation features available in web analytics solutions.

As part of a greater effort to open up policy discussions, the White House, Office of Science and Technology Policy is taking public comment on the Federal Policy on Cookies as well as other issues impacting use of the Web.

It is security update time again, do you know where your Joomla site is? The project team has released Joomla version 1.5.11 and yes, you'd better update to receive maximum Joomla love and keep things safe 'n sound.

This update contains 26 bug fixes, two medium priority security fixes and one low priority security fix. All 3 security issues were related to Cross-site Scripting (XSS) and were listed as follows:

1. Moderate Priority: Core -- com_users XSS. (more info)
2. Moderate Priority: Core -- ja_purity XSS. (more info)
3. Low Priority: Core -- Front-end XSS. (more info)

Now we would understand if staying on top of such updates feels a bit annoying. But do remember that these days, there is no excuse to put things off -- you can automate the process or nearly so.

What we're talking about is Joomlapack. This add-on is one of my most favorite Joomla tools ever. And to make a good thing better the project team recently started offering low cost automated update management (as well as offering free component for us manual DIYers.)

You would be surprised how fast it is to update all of your Joomla sites in just a matter of minutes. For those not into the DIY thing, we recommend a look.

Regardless of how you approach the update, do have a gander at the Post Release Notes, for any tricky issues which have arisen since the patch has been in the wild.

Google (news, site) is taking another step towards real competition with Microsoft in the productivity solutions department. They have announced Google Apps Directory Sync -- the ability to provision users and groups from your own internal directory services be it Active Directory, Lotus Domino or another LDAP solution with your Googe Apps accounts.

Do you know what’s happening in your SharePoint environment? Do you know where you most sensitive data is stored. Do you know how secure it actually is?

The chances are that if you have deployed SharePoint, somewhere in your data repositories there is information that, if compromised, is going to cost you more than just a headache.

With this in mind, and with the growing threat to this data from unauthorized access, EMC Corporation's (news, site) security division RSA has unveiled three new solutions that could go a long way to putting your mind at ease.

Unveiled at the RSA Conference 2009 in San Francisco today, the combined solutions will secure critical information, identities and infrastructure, while at the same time ensuring full use and availability of your SharePoint platform.

Content may be king, but unless its secure, it will behave like more like the Joker in your Enterprise CMS rather than the King.

And with the number of security threats on the web growing, Enterprise Content Management (ECM) companies like Open Text (news, site) are working hard to see what solution they can develop to close the back-door on their systems.

This week, Open Text has announced the immediate availability of the latest version of their security solution -- Open Text SOCKS Client -- an enterprise-grade SOCKS V4 and V5 client.

With the amount of sensitive content floating around enterprise content management systems it is hardly surprising that ‘security’ is becoming an increasingly important issue, especially given the number of companies that are beefing up their web presence.

Only last week, US data and email security firm Websense introduced a new Web Gateway appliance that allows companies access Web 2.0 sites without security concerns.

This week, UK-based Sword Group, a provider of high value and hi-tech business applications, has unveiled a new gadget that will allow enterprise content management integration for Google Apps.

And the clincher -- using the gadget can access complex ECM repositories that are firewalled up to the hilt.

A new content filtering and threat protection Web gateway appliance - V10000 - from US data and email security firm Websense will allow companies access Web 2.0 sites safely without worries about data loss, inappropriate content concerns or productivity and liability threats.

The company says the new gateway will not only block malware on individual web pages, but that it will allow users to access and use Web 2.0 sites where sections of the site are infected and at the same time block the malicious content from accessing the user’s company network.

Earlier this month at Drupalcon, the Drupal Security Team held a Birds of a Feather (BOF) session on how to improve communication.

One of the outcomes was to make it clearer which security advisories relate to Drupal core, and which ones relate to contributed add-ons. The other to separate security announcements from security advisories. There are now three new forums, and three corresponding new RSS feeds, available for tracking both security advisories and announcements.

This separation makes it easier for people to tell what they absolutely must pay attention to -- anyone running Drupal should pay attention to Drupal core advisories -- and what they'll have to cherry pick based on the add-on modules they've installed.

This is an important improvement for Drupal Web CMS managers as it will reduce the likelihood that red flag updates will get lost in the noise. See the Drupal Security page for more information.

We know that SharePoint is most often used as a document management solution in organizations today. But out of the box, SharePoint doesn't have all the necessary features for securing and classifying documents. Titus Labs, a provider of email and classification software, has provided some enhanced features that will help you use SharePoint to keep your documents safe and easy to find.

Andrew Eddie, Development Coordinator and Joomla core team member posted a sneak peek at the advanced access control features implemented into the core of version 1.6. Joomla version 1.6 will be the next major update and there are currently no official estimates for the release date. Decent ACL controls have been a lodestone around the neck of the open source web cms since it’s inception. Developers looking to deploy a Content Management System for clients had to take a long look at the meager ACL controls in the Joomla core. But that's about to change.

In its biannual report released Feb. 2, 2009, IBM's X-Force research group pointed out significant security threat trends as we enter 2009, and paid particular attention to vulnerabilities found in PHP web content management systems such as Joomla!, Drupal, TYPO3 and WordPress.

The report is pretty. It has over a hundred pages. It has lots of nifty charts and graphs. But let's take a closer look at the what the net impact is.

Fasten your common sense seatbelt and bolt on your FUD helmet. According to a report just released by Websense, a web, data and email security firm based in San Diego, CA, in the second half of 2008 70 of the top 100 websites either hosted malware or linked to sites hosting malware. To set some context, these numbers represent a 16% increase over the previous six-month period.

The top 100 sites -- many of which are social networking, Web 2.0 and search sites -- represent the majority of all webpages viewed on the Internet and were identified via the Alexa web service.

Yes, Google’s got your back — especially, if you’re a WordPress fanatic. A new security feature from Google Webmaster Tools is in the works.

The big G plans to test out this feature starting with WordPress-powered sites aiming to alert Webmasters on whether their Web sites have any vulnerabilities and, therefore, can be easily hacked.

Out of the box, you can set up multiple secure access entries to your SharePoint sites — although it does require some work and thinking. Epok has come to table with their own access control solution — EpokŪ Edition for SharePoint version 2.4 — that they claim will help you provide better, secure access for your partners and business units. And it includes dynamic Microsoft Office integration.

According to a document management study that was commissioned by Iron Mountain, UK firms are more likely to trust others with the task of records management than German and French firms. Interestingly, most firms decide to keep active records stored on-site. Is our information safe?