DeeEmm

Pragmatism in code

Waxing lyrical about life the universe and everything software related since lunchtime 2006.

National Cyber Security Awareness Week

This week is National Cyber Security Awareness Week here in Australia.

National Cyber Security Awareness Week is an annual initiative of the Australian Government held in partnership with industry, community and consumer groups and state and territory governments.

It is designed to raise awareness among Australians of cyber security risks and simple steps they can take to protect their personal and financial information online.

National Cyber Security Awareness Week 2010 is from 6 to 11 June. It will promote six easy tips for better online security:

Continue reading
1821 Hits
0 Comments

Dolphin 7 Security Vulnerability Exposed

It would seem that this weekend has been an active time in the CMS community for security vulnerabilities, first Joomla issue a patch for a potential XSS issue, and now Boonex's Dolphin package has been raising some eyebrows with, an as yet unresolved security issue that exposes the database name, username and password, in plain text to the browser via a verbose error report. This report is triggered by any number of bugs, and could easily be used to compromise a website or server.

The security 'hole' had previously been reported and raised as an issue with the Dolphin developers, who's response was that it had been addressed. Amusingly this seems not to have been the case, with the latest attention being that the bug has now been witnessed on the Boonex admin test site, and the resulting full error report published. - http://www.boonex.com/unity/forums/topic/Hey-BoonEx-Notice-Something-.htm There is some further discussion in the blogs as well - Major Security Risk: Information and Temporary Solution

The community were quick to act, with a couple of suggested workarounds published on modmysite - http://www.modmysite.com/general-issues-comments-questions/10491-db_full_visual_processing.html#post39764 as well as on the Boonex site, but there has been no official response.

As of the time of this post, some three days after the original post, Boonex have still yet to comment, and there has been no official patch available to address the issue.

Continue reading
8001 Hits
4 Comments