Software Development

The Trojan installs a keylogger capable to capture keystrokes including username, password and credit card number.

Bitrix, Inc., a technology trendsetter in business communications solutions, alerts customers about the existence of a Trojan program pretending to be the Bitrix security framework. The Trojan is capable of stealing confidential data from infected computers and received the highest threat level from malware experts.

Identified as a part of the “Agent” malware family, the Trojan is presumably spread using mass mailing of spam and malicious links. The malware can be delivered to the target computer in different flavors including pretending to be a Microsoft Silverlight or Bitrix security update. If a user launches the infected file, the Trojan installs itself into the system by creating multiple files and registering itself in the system registry. After installation the malware unobtrusively runs in the background, captures keystrokes and sends out collected data to an external service. This way a malicious person can obtain the user’s confidential information including username, password and credit card number.

The Trojan can be identified by the presence of “Bitrix Security” folder in the application data directory which contains a number of supplementary files and a run-time library under randomly generated names (for example xaukvmm60.dll).

Bitrix recommends that users update their virus scanners and check their computers against this malicious program.

Read more about how to protect your web assets against web-borne malware in a dedicated white paper "10 Ways to Keep Hackers in Check and Ensure Safe Web Resources" by Marcel Nizam, Head of Web Security Development at Bitrix, Inc.

More than a dozen members of the Tiki Community met in New York City October 3-6 for the last major code sprint before Tiki 6. Many others participated virtually through Tiki's integration with BigBlueButton.

Although much of the event was focused on preparations for the Tiki 6 release, additional work was completed, including:

• Continued integration with Kaltura video-editing platform
• Work on the Tiki TV project for collaborative editing
• Public presentation of Tiki at the Casa Frela Gallery to the local NYC community and online Workshop on Tiki Workspaces
• Planning for Tiki 7
• Discussion on the future of trackers, spreadsheets and accounting

Tiki Community members also took the opportunity to meet with BigBlueButton and Kaltura team members during the Open Video Conference and participate in the OVC hack labs. Special thanks to the Kaltura Team!

TikiFest particpants at OVC (left to right): Assaf Chaprak (Kaltura), luciash d' being (Tiki), Jonny Bradley (Tiki), Nelson Ko (Tiki), Étienne Lachance (Tiki), Robert Plummer (Tiki), Denis Zgonjanin (BigBlueButton), Kimberly Fink (Tiki), Unidentified (Kaltura), Lindon Barnfield (Tiki), Philippe Cloutier (Tiki), Zohar Babin (Kaltura), Marc Laporte (Tiki), Jason Levitt (Kaltura). Photo provided by luciash d' being."

The participants also made time for socializing and camaraderie, including the celebration of Tiki's 8th birthday. Complete details of the event, including pictures, are available at https://tiki.org/TikiFestNewYork6.

Alfresco announced the release of Alfresco Community 3.4. Alfresco 3.4 broadens the reach of the company’s open source and open standards-based content management platform with new tools and services for Spring developers, Web Quick Start for easy web site deployment and content integration with enterprise portals.

“The demand for collaboration and social sharing around enterprise content is rising – and content that was once meant just for the intranet is now being re-purposed for the public web, external portals or even to destination sites across the web,” said John Newton, Alfresco CTO. “Through our implementation of CMIS as a core standard and new features in Alfresco 3.4, our content services platform can now manage and deliver enterprise content to any internal or external application in a way that traditional, monolithic ECM products can’t enable without significant time and expense.”

Key product capabilities for the Alfresco Community 3.4 release include:

• Collaborative Web Authoring – Alfresco Web Quick Start is a set of out-of-the-box templates for building content-rich websites on top of Alfresco Share. Quick Start combines the power of Alfresco Share for web team collaboration, with powerful content authoring and publishing services like in-context web editing.
• Office-to-Web Framework – Using Microsoft’s Office SharePoint Protocol and CIFS (shared folders), along with a new API integration with Google Docs, users can now author documents in their native office suite, collaborate in Alfresco or Google Docs, transform and re-purpose if required, and then publish straight to the web – even with sophisticated approval workflows. This feature will be available in a follow-on release Alfresco Community 3.4.b in approximately four weeks.
• Web Content Services for Spring – Built using the popular Spring and Spring Surf frameworks, Alfresco now offers key content management services that can be accessed via OpenCMIS and integrated into any web application. A combination of standard development tools and lightweight scripting gives Spring and Surf developers many options for building content-rich apps.
• Integration with Enterprise Portals and Social Software – The new DocLib portlets allow seamless integration with enterprise portals like Liferay, Quickr and Confluence. Using Single Sign On (SSO), the portlets provide access to both content and project repositories from within any JSR168 compliant portal.
• Distributed Content Replication – Native support for content replication allows organizations to run federated content repositories. Key documents can now be replicated to remote offices, enabling greater sharing of information, quicker access, reduced wide area network traffic and removes the dependency on a single system.

Alfresco has seen major adoption of its open source and open standards content management platform with more than two million downloads of Alfresco Community. Alfresco Community is a free-to-download, free-to-use version developed on an open source stack that runs on Windows, Linux or Mac. Alfresco Enterprise is certified against a larger range of technology stacks (both open source and proprietary), goes through a more extensive QA process and is provided with full commercial technical support.

I'm not much of a programmer but I can appreciate the value of a good programming language when I see it. While I know Python and dabble with PHP, I've always appreciated Ruby and Ruby on Rails. There is something about the Ruby development scene that perks my interest in this programming language.

Ruby on Rails 3.0 was just released this week. The development of Rails 3.0 has been two years in the making. David August writes:

"We're entering a new era of the web. To the ignorant masses, this transition will go largely unnoticed; they'll enjoy increased usability and convenience, with more robust functionality and more relevant data at hand. And they'll mostly just take it for granted.

However, for web designers, front-end developers and data system programmers, we have a lot of work to do."

-Laura Scott, PINGV, HTML5 + RDFa = time to get rid of that 20th century furniture, August 23, 2010

As much as I talk about Drupal here at CMS Report, I often don't talk about Drupal point releases that provide solely security and bug fixes and no new features. Every once in awhile though there is a new version of Drupal 6 that has been especially polished by Drupal's developers. Drupal 6.17 is one of those releases which contain significant changes I think are worthy a mention.

I'm probably most excited about the improvements made in Drupal 6 for better PHP 5.3 compatibility. A couple weeks ago I tried upgrading my server to PHP 5.3 and there were just too many annoying errors showing up in the Drupal 6 system logs.  I'm hoping with Drupal 6.17, I have better luck this time around (currently running this Drupal 6 sites with PHP 5.3).

With over 55 patches committed to improve Drupal 6, the following are the highlights of changes included in Drupal 6.17:

• Improvements of session cookie handling
• Better processing of big XML-RPC payload
• Improved PostgreSQL compatibility
• Better PHP 5.3 and PHP 4 compatibility (my fingers are crossed)
• Improved Japanese support in search module
• Better browser compatibility of CSS and JS aggregation
• Improved logging for login failures
• An incompatibility of Drupal 6.16's new lock subsystem with some contributed modules was also resolved

The latest version of Drupal may be downloaded from the project page at Drupal.org. Whether you're new to Drupal or currently maintaining a Drupal site, this latest release of Drupal is a clear indication that there is plenty of life and plenty of development taking place with the Drupal 6 release. Now what other Drupal 6 sites do I have that still need this upgrade to Drupal 6.17.

MODx CMS, a open source Web content management system, has announced it has published the first release candidate for its upcoming flagship product, MODx Revolution. Over three years in the making, this release candidate moves MODx CMS Revolution 2.0 out of beta and brings it one step closer to the final General Release.

Rob Larsen shows you how to create cross-browser, HTML5 enhanced WordPress themes using nothing more than a little extra JavaScript, basic WordPress knowledge and some knowledge of the new elements.

A few years ago, I had developed an online store for a buddy of mine using osCommerce. I had hoped to use Joomla! or Drupal for the site but at the time wasn't satisfied with the shopping cart extensions or modules that were available for either CMS. Shortly after developing that site a new eCommerce module for Drupal became available called Ubercart. I've never had taken on the task of building another online store (it was a lot of work) but I've always kept my eye on Ubercart just to stay informed.

MODx Web Development is a new book from Packt which will help users create a powerful, dynamic website by using the individual elements of MODx. Written by Antano Solar John this book is an example-driven tutorial, which will take readers from the installation of MODx through to configuration, customization, and deployment. It will enable them to build a fully-functional, feature-rich website quickly and without any programming language.