Security

Research conducted by Kaspersky Lab in partnership with ITU’s IMPACT, CERT-Bund/BSI and Symantec reveals Flame platform dates back to 2006 and is still being developed

Organizations deal with a lot of confidential information every day, information that is typically managed using business applications, like SharePoint. That means that properly implemented and managed security is critical to these applications.

With SharePoint, you can implement effective security, but managing it with the tools you get out of the box isn’t the easiest. Here we look at the challenges you will face managing security and permissions within SharePoint and discuss why you should make it a key element of your Information Architecture plan.

Bitrix, Inc., a technology trendsetter in business communications solutions, introduces its TrafficJuggler™ load balancing technology, which effectively addresses customers’ needs for online business continuity. It delivers industry-leading performance capable of handling traffic spikes caused by extreme visitor activity or by targeted DDoS attacks.

"Sudden traffic spikes and web terrorism are common realities that threaten online business continuity. To cope with this challenge, we continuously improve our products’ performance capabilities, resulting in a stunning figure of 430% growth over the past three years," said Dmitry Valyanov, President of Bitrix, Inc.

Like most website administrators, I have a long history of fighting spammers and protecting my sites from unwanted content. Over the years I've used a lot of tools and services to block spam from reaching the pages of my sites. In recent years, the service I've relied on most heavily is Mollom.  Mollom is a web service that helps you identify content quality and, more importantly, helps you stop spam on your blog, social network or community website

Overall I've been very happy with the spam filterering Mollom provides for my sites. However, occasionally Mollom can be too aggressive and remove legitimate story and comment submissions. And when I say "remove" I most definately intend to use the word in the literal way. You see, up to now, Mollom had an "all or none" approach to rejecting or accepting spam. When your stories or comments were rejected, the content submission was simply discarded without review by a human.

If you've ever submitted good clean content to CMSReport.com or another site only to only have it identified and discarded as spam, you have every right to be upset with spam filters. Over the past couple months, I've had a number of people upset that the spam filtering CMS Report has been using rejected their story submission. This may not be all the fault of Mollom either as I was also using the Bad Behavior module too. My apologies to everyone that has gone through this experience when they've submitted legitimate comments and stories to this site. Unfortunately, without spam filtering the content on this site would not be good to view. Spam filtering is a necessary part of maintaining a site open to the public.

Luckily, there has been some improvements in the Mollom for Drupal module that should keep your posts and comments from getting discarded while continuing to protect this site from spam. The module has now been improved to to retain spam comments as unpublished posts in a site's moderation queue. So we're giving the new module a try. I won't promise that your content will not be identified as spam, but I do promise you that every intent is being made to review your comments and stories for publication.

The Trojan installs a keylogger capable to capture keystrokes including username, password and credit card number.

Bitrix, Inc., a technology trendsetter in business communications solutions, alerts customers about the existence of a Trojan program pretending to be the Bitrix security framework. The Trojan is capable of stealing confidential data from infected computers and received the highest threat level from malware experts.

Identified as a part of the “Agent” malware family, the Trojan is presumably spread using mass mailing of spam and malicious links. The malware can be delivered to the target computer in different flavors including pretending to be a Microsoft Silverlight or Bitrix security update. If a user launches the infected file, the Trojan installs itself into the system by creating multiple files and registering itself in the system registry. After installation the malware unobtrusively runs in the background, captures keystrokes and sends out collected data to an external service. This way a malicious person can obtain the user’s confidential information including username, password and credit card number.

The Trojan can be identified by the presence of “Bitrix Security” folder in the application data directory which contains a number of supplementary files and a run-time library under randomly generated names (for example xaukvmm60.dll).

Bitrix recommends that users update their virus scanners and check their computers against this malicious program.

Read more about how to protect your web assets against web-borne malware in a dedicated white paper "10 Ways to Keep Hackers in Check and Ensure Safe Web Resources" by Marcel Nizam, Head of Web Security Development at Bitrix, Inc.

Last week was a very frustrating time for me. For whatever reason, an unusually number of botnets decided to zero in on my Drupal site and created what I call an unintentional  Denial of Service attack (DOS). The attack was actually from spambots looking looking for script vulnerabilities found mainly in older versions of e107 and WordPress. Since the target of these spambots were non-Drupal pages, my Drupal site responded by delivering an unusually large number of "page not found" and "access denied" error pages. Eventually, these requests from a multitude of IPs were too many for my server to handle and for all intents and purposes the botnet attack caused a distributed denial of service that prevented me and my users from accessing the site.

These type of attacks on Drupal sites and numerous other content management systems are nothing new. However, my search at Drupal.org as well as Google didn't really find a solution that completely addressed my problem. Trying to prevent a DDoS attack isn't easy to begin with and at first the answers alluded me.

I originally looked at Drupal for the solution to my problems. While I've used Mollom for months, Mollom is designed to fight off comment spam while the bots attacking my sight were looking for script vulnerabilities that didn't exist. So with Mollom being the wrong tool to fight off this kind of attack, I decided to take a look at the Drupal contributed model Bad Behavior. Bad Behavior is a set of PHP scripts which prevents spambots from accessing your site by analyzing their actual HTTP requests and comparing them to profiles from known spambots then blocks such access and logs their attempts. I actually installed an "unofficial" version of the Bad Behavior module which packages the Bad Behavior 2.1 scripts and utilizes services from Project Honey Pot.

As I had already suspected, looking for Drupal to solve this botnet attack wasn't the answer. Pretty much all Bad Behavior did for me was to take the time Drupal was spending delivering "page not found" error pages and use it to deliver "access denied" error pages. My Drupal site is likely safer with the Bad Behavior module installed, but it was the wrong tool to help me reduce the botnets from overtaxing Drupal running on my server. Ideally, you would like to prevent the attacks ever reaching your server by taking a look at such things as the firewall, router, and switches. However, since I didn't have access to the hardware, I decided it was time to look at my Apache configuration.

Confident Technologies, Inc. today announced that its image-based verification solution, Confident CAPTCHA is now available as a Wordpress plugin, a Joomla extension and a Drupal module.

Wordpress users have been encouraged to update to to the latest version of Wordpress, currently at 2.8.4. It appears there is a nasty worm going around attacking Wordpress sites.

It's not too often that you see notices from the TYPO3 group on security issues related to their CMS framework. That's why their notice last week about various security issues with several third party TYPO3 extensions caught my attention.

Several vulnerabilities have been found in the following third party TYPO3 extensions:

I found a great list on the blog/news section for the ocPortal CMS, 10 IE compatibility problems that you might not have realized. While the post is related to ocPortal, the Internet Explorer compatibility issues likely will apply to any CMS viewed by the browser.