Ya know, that's not actually helpful relevant or useful information to post a snarky out of context link like that to any project with no actual analysis. Both Joomla and Drupal have security teams. Drupal has a security policy and notification list and the vast majority of reported issues are in fact reported by the Drupal security team so... you know, people can update their installations to well be secure.
For Drupal security notifications are a combination or core (the notifications that affect Drupal core/needed to run Drupal) and contributed modules that people may or may not be running. I don't know enough about Joomla to know how their reporting structure operates in regards to core vs contributed components. >From secunia's website some potential subtly that may have been missed in the automatic link generator program "PLEASE NOTE: The statistics provided should NOT be used to compare the overall security of products against one another. It is IMPORTANT to understand what the below comments mean when using the statistics, especially when using the statistics to compare the vulnerability aspects of different products. Secunia advisories often cover multiple vulnerabilities. Consequently, the number of advisories issued for a product does not always reflect the number of security issues that have been disclosed. For instance, in 2006 Secunia issued more than 5,000 advisories covering more than 9,000 vulnerabilities. This is counted AFTER removing duplicates generated by Linux distributions, issues in beta software, and what Secunia considers non-issues and fake issues that our competitors and other security vendors often write about." Now back to trying to help the original point of the thread, helping someone explore options to fill their needs. Steven On Fri, Jul 31, 2009 at 11:09 AM, Ziots, Edward<[email protected]> wrote: > http://secunia.com/advisories/product/17839/ > > Doesn't look like Drupal 3.x-6.x is fairing much better in the security > issues than Joomla is. > > Z > > Edward Ziots > Network Engineer > Lifespan Organization > MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + > [email protected] > Phone:401-639-3505 > > -----Original Message----- > From: Steven Peck [mailto:[email protected]] > Sent: Friday, July 31, 2009 2:00 PM > To: NT System Admin Issues > Subject: Re: Wiki / Sharepoint / Collaboration Tool recomendation > > So beside all the basic firewall/security/misc etc stuff.... > > Why are you using Joomla and how much time/effort are you looking at > being able to spend on this? There are other open source solutions > that should be able to deal with what you are looking to do depending > on exactly what that is. > > From the open source side, Drupal is the CMS people often turn to when > Joomla proves to inflexible for peoples future needs. It does have a > steeper learning curve as a result, but there exists an webapp > installer package for it on IIS7 (ping me offlist i fyou want more > details). > > While I haven't seen Groove at all, SharePoint has at least some of > what you seem to be looking for as well. > > Steven > > On Fri, Jul 31, 2009 at 10:32 AM, Ziots, Edward<[email protected]> wrote: >> Yep, Exactly the point I was going after, since you trust that machine, >> to upload documents to, also could be manipulated to server up web >> browser exploits, malware, Trojans and rootkits after gaining control >> and connecting back to the control server either over encrypted channel >> or hiding in normal site on something like port 53, 80, or otherwise. >> >> Hackers still care about the data if its of strategic importance, but >> better would be the cached credentials of a sysadmin or domain admin, >> that can easily be harvested cracked offline and then used to gain >> access further in the domain (domains) and impersonate anyone doing >> anything, and then basically you are 0wned.... >> >> Don't think just because you are inside a firewall its going to save you >> from these types of attackers, because it only takes one compromised >> workstation and one user to bring you down. ( Flash exploits, Itunes >> exploits, MAC exploits, IE Exploits, DirectShow Exploits, Trojaned >> Music, Videos, Games, etc etc, I think we start to see that the >> infection vectors are coming fast and furious and without patching >> mitigation and ridding yourself of unsecure, flawed software >> implementations, will help towards keeping your house in order. >> >> Z >> >> Edward Ziots >> Network Engineer >> Lifespan Organization >> MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + >> [email protected] >> Phone:401-639-3505 >> -----Original Message----- >> From: Rod Trent [mailto:[email protected]] >> Sent: Friday, July 31, 2009 1:09 PM >> To: NT System Admin Issues >> Subject: RE: Wiki / Sharepoint / Collaboration Tool recomendation >> >> I don't believe he's talking about stealing data. Who cares about data. >> These is more of an exploit that can be utilized to gain control of the >> server and those other servers and workstations connected to it through >> the >> network. >> >> -----Original Message----- >> From: Garcia-Moran, Carlos [mailto:[email protected]] >> Sent: Friday, July 31, 2009 1:00 PM >> To: NT System Admin Issues >> Subject: RE: Wiki / Sharepoint / Collaboration Tool recomendation >> >> It's not perfect and we do have it inside, most of the Docs and articles >> we write on it are non secure type docs like "how to configure a >> printer" or "how to turn on a virtual guest" but now that we might want >> to put more secure data into it we are looking at options mostly >> something portalish with some left hand navigation and security >> >> -----Original Message----- >> From: Richard Stovall [mailto:[email protected]] >> Sent: Friday, July 31, 2009 12:56 PM >> To: NT System Admin Issues >> Subject: Re: Wiki / Sharepoint / Collaboration Tool recomendation >> >> I disagree that it's perfectly fine to disagree. We must all agree to >> agree. Agreed? >> >> On Fri, Jul 31, 2009 at 12:52 PM, Ziots, Edward<[email protected]> >> wrote: >>> Unfortuntely, Joolma is ridden with security issues. >>> http://secunia.com/advisories/product/5788/ >>> >>> Seen a lot of script kiddies using pre-batched scripts hunting for >> joolma enabled sites, to exploit. It might be inside your firewall, but >> something that is coming up on the security blotter monthly, does not >> make a good enterprise document repository in my opinion ( others will >> disagree and that is perfectly fine) >>> >>> Z >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> >> _________________________________________________________ >> This e-mail, including attachments, contains information that is >> confidential and may be protected by attorney/client or other >> privileges. >> This e-mail, including attachments, constitutes non-public information >> intended to be conveyed only to the designated recipient(s). If you are >> not >> an intended recipient, you are hereby notified that any unauthorized >> use, >> dissemination, distribution or reproduction of this e-mail, including >> attachments, is strictly prohibited and may be unlawful. If you have >> received this e-mail in error, please notify me by e-mail reply and >> delete >> the original message and any attachments from your system. >> _________________________________________________________ >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
