Main Menu

Sponsored Links

JoomlaWatch Stats 1.2.9 by Matej Koval
XStore Newsletter 12 PDF Print E-mail

[ September 2008 ]

Dear all,

Security for the month, the 4th part of our applications series,  and more.

September 2008

  1. Security ala malware
  2. Applications Series Part 4: Content Management Systems
  3. OOXML standardisation has further consequences
  4. Twitter and Orkut
  5. This month's security

1. Security ala malware - Antivirus XP
We've covered a wide variety of security issues in this newsletter over the various issues, but the following is probably one of the most interesting and dangerous I've come across yet. And for those who think they're immune, I've already had my first infected client. Antivirus XP has been around in various forms for about 6 years already but due to a limited infection rate, it's not as well known as other viruses and malware/spyware. Antivirus XP is a malware package which at its root, attempts to get you to part with your money. It generally starts with an innocuous click on a website where you've received a popup indicating you have an infection. AV XP then offers to fix the problem for you and before you know it, your machine is infected for real, there are a lot of popups keeping you company and you can't seem to browse anywhere of security importance. Most of the popups try to get you to part with your money to purchase the software, and it's worrying as to what happens to your credit card info if you do go ahead with the purchase. And if you try to get Anti-spyware or anti-virus software ( if you don't already have ), you'll likely end up with a lot of 'site not found' errors in your browser as AV XP stops browsers ( any browser ) from going to these types of sites.

AV XP ( in its 2009 guise ) even displaces the MS Security Centre in XP with a copy that most would not realise was a fake. Links to the left of the Security Centre that would normally take you to Microsoft sites, now take you to sites where you can purchase the AV XP software ( and possibly get a bit more malware in the process ). The Terms and Conditions even show a professional touch which would have most people fooled ( seeing as they, including myself, very seldom read T&Cs or EULAs ).

Getting rid of AV XP is an almost impossible task. Spybot and MS Defender ( the only 2 anti-malware programs I trust ) will get rid of most of the problems but not the browsing issues. Moral of the story: be very careful when visiting sites and clicking on links which purport to sell you anti virus or protection programs, or indicate that you've got a problem on your system - they're most likely malware or spyware themselves.

2. Applications part 4: Content Management Systems

CMSs have been around in one form another for a number of years now and provide a means for creating web sites or content areas with an ease of update to content not normally found in online systems. There are both closed- and open-source applications and those that cover entry-level and enterprise areas. We'll cover a number of well-known systems in this column, some of which are supported by XStore.

Joomla
Joomla originally is fork of Mambo and has matured substantially since then, especially in its 1.5 edition. It covers the following ares of content:
  • Corporate Web sites or portals
  • Corporate intranets and extranets
  • Online magazines, newspapers, and publications
  • E-commerce and online reservations
  • Government applications
  • Small business Web sites
  • Non-profit and organizational Web sites
  • Community-based portals
  • School and church Web sites
  • Personal or family homepages
Joomla has an easy to use editor for content, choice of MyQSL or PostgreSQL for the database, multiple organisational methods to suit the way you work, and a great themes system which allows you to change the look and feel of a site in seconds. An extension/plugin system ( called mambots ) allows one to extend the functionality of Joomla almost infinitely. Joomla also provides a rich API to extend the application in ways you wouldn't think of. A really good environment for software developers.

Mambo
Mambo was originally the most popular CMS available around 2005 but due to trademarking of the product and effectively close-sourcing it, most of the developers left and started Joomla. As a result, Mambo is not really relevant anymore and just a footnote in history.

Alfresco
A CMS on steroids for the enterprise, Alfresco is used by a number of large companies with huge repositories of content. In fact, Alfresco is a direct competitor to Microsoft's Sharepoint server and recently has included MS Exchange integration as a result of the EU Commission's successful recent victory in getting Microsoft to open it's documentation. It can be used on both Linux and Windows systems and has support for JBoss Portal and Apache Tomcat, and both MySQL and MS SQL for the underlying database. Finally, it's available on both community open-source and supported commercial versions.

Drupal
Drupal CMS lets you publish a variety of content to corporate Web sites and intranets - or build community portals with discussion boards and blogs. Beyond a collaborative authoring environment, Drupal handles tasks such as newsletter posting, podcasting, picture galleries, along with file uploads and downloads. The system provides good personalization, which lets you control content and its presentation based on each user's preferences. Underlying features are also generally strong, which range from version control and a news aggregator to site-access statistics reports.

Plone
This CMS has outstanding multilingual content management (with localized workflow), a powerful page editor, and flexible navigation. Version 3.0 introduces an inline editor, link checking, a portlets engine (for including content from other Web sites), and versioning, supports the search engine Sitemap protocol and wiki markup, and has full-text indexing of Word and PDF documents. On the administration side, Plone provides a range of enterprise-friendly functions, from authentication using OpenID, Active Directory, or LDAP to granular permissions for groups, roles, and workflows. All this is controlled from the Zope Management Interface, though I wish it was integrated into the rest of the system. That said, individuals can easily control who can view, edit, and approve their content -- without going through an administrator.

There are a number of other CMSs, too many to mention here, so if you're interested in exploring further, take a look at the Wikipedia page on CMSs: http://en.wikipedia.org/wiki/List_of_content_management_systems

3. OOXML standardisation has further consequences 
The ISO's pimping of the Microsoft OOXML document format as a standard has resulted in a host of further developments since our last discussion. First, the appeals process started by four countries ( SA, Brazil, India and Venezuela ) has been rejected by the ISO/IEC. On July the 9th, the secretary generals of both organisations had asked their respective management boards not to give the appeals further consideration irrespective of support for the appeals - wow! The standard is now effectively accepted and yet, neither the documentation is available nor is the standard in any way similar to the Office 2007 format. Jomar Silva, a member of the Brazilian National Body, has just posted a blog entry on the announcement that reads in part as follows:

As a Brazilian and as a person who lost a year of life working seriously on it, I can only feel offended and attacked with this decision. I believe that the time has come for developing countries unite to build an International Standardization Institution that is appropriate to our reality, that understands our problems and aspirations and that treat us with the minimum amount of respect and dignity. Enough to be being used to legitimize the desires of someone else. While we’re in developement, we have the unique opportunity to develop (and change) the world and, we cannot let it go away. I would also like to invite all those people and organizations in developing countries or not, that want to build a more just and equity based world, to unite us all in this initiative. Throughout all this process, I’m really tired of seeing good people being silenced and I believe we need and must do something about it.

Next, 6 countries ( Brazil, Cuba, Ecuador, Paraguay, South Africa and Venezuela ) united at CONSEGI 2008 ( a South American IT conference ) to indicate their dissatisfaction with the ISO process followed in the OOXML case. They released a declaration which indicates: "That these concerns were not properly addressed in the form of a conciliation panel reflects poorly on the integrity of these international standards development institutions," and concludes, "Whereas in the past it has been assumed that an ISO/IEC standard should automatically be considered for use within government, clearly this position no longer stands. The issues which emerged over the past year have placed all of us at a difficult crossroads. Given the organisation's inability to follow its own rules we are no longer confident that ISO/IEC will be capable of transforming itself into the open and vendor-neutral standards setting organisation which is such an urgent requirement. What is now clear is that we will have to, albeit reluctantly, re-evaluate our assessment of ISO/IEC, particularly in its relevance to our various national government interoperability frameworks. " Strong stuff indeed. I believe this shows a fundamental shift in power thinking among the nations of the world. No longer is the US and it's large software corporations at the head of the game. Developing nations ( which make up the majority of the world's population and power ) are starting to make their intentions known, and those intentions are not to accept America's lead in technology areas as the default anymore.

 4. Twitter and Orkut

Orkut is a social networking site run by Google for meeting new friends, maintaining relationships, bla, bla, bla. So some malware authors decided to use a fake Twitter profile to spread malware that harvests Orkut login credentials. The profile is designed to trick people into viewing a photo album in Orkut which supposedly requires a flash update. The update of course is infected with malware, specifically OrkutTron Trojan. Orkut, like other social networking sites, has typically been the butt of many attacks. Social networking has become a huge phenomenon over the least few years providing an interesting mix of tools and function - notwithstanding, it's important to keep your wits about you as its popularity brings with it many perils.

5. This month's security
XP Antivirus has been particularly prevalent in the last month and is a serious threat possibly resulting in a required rebuild of the infected machine. Applications with issues this month include Acrobat Reader, Adobe Flash Player, Wordpress, Zonealarm, Apple Quicktime, Google Chrome and the usual culprits from Microsoft, more specifically a serious Media Player bug. Standard advice - make sure you're up to date.
A worrying security issue, first indicated at Defcon this month past, takes the form of SSL website storing a cookie on your machine but not indicating that it needs to be used with encrypted sessions only. If someone can then place themselves inline with your traffic, they inject arbitrary content into the data for sites that don't require encryption, and then force your browser to provide the cookie contents in a cleartext manner. There's no official fix for this except for sites using SSL to make sure they always set the 'encryption' flag on cookies.

Last but not least, chain letters are still doing the rounds, and office and other email workers are still forwarding them on. Just a friendly reminder that these chain emails are most likely hoaxes and many carry malicious payloads, leading to the possibility of a virus or malware-infected PC. They also take up time and bandwidth, company resources that can well be spent elsewhere and in a more useful fashion. The 'I received a lot of money from Microsoft' chain email still seems popular no matter its obvious fake value. Another more serious chain email just released out of the UK involves a widespread spam campaign  that claims that a nuclear power plant on the outskirts of London exploded on Tuesday afternoon. There are no such power plants on the outskirts of London, but the email claims to have an attached zip file with photos which shows images of the victims. The zip file in fact contains the Troj/Agent-HQE which allows hackers to spy on a victim's PC and gather sensitive and private information.

Moral of the story, do not forward chain emails on - you could be the initiator of a large number of infected PCs, create a whole lot of headaches to be sorted out by your IT partners, loss of data, possible unwitting provision of private data and an expensive cleanup bill.


 
 


a. if anyone has topics of interest they would like covered, please email your requests and suggestions to This e-mail address is being protected from spambots. You need JavaScript enabled to view it
b. please email This e-mail address is being protected from spambots. You need JavaScript enabled to view it if you would not like to receive this bulletin
c. prior newsletters available at: http://www.xstore.co.za/content/category/6/18/39/

Robby Pedrica



< Prev   Next >
 
XStore Consulting, Powered by Joomla!; Joomla templates by SG web hosting