-gdfsuez.nl
www.cofely-gdfsuez.nl
-Oorspronkelijk bericht-
Van: evangelism-boun...@lists.plone.org
[mailto:evangelism-boun...@lists.plone.org] Namens Jan Ulrich Hasecke
Verzonden: zondag 29 november 2009 10:31
Aan: Mark A Corum
CC: evangelism@lists.plone.org
Onderwerp: Re: [Evangelism] Hack
Am 28.11.2009 um 20:38 schrieb Mark A Corum:
+1 on a legitimate slogan like Secure by Design or something else
that reflects the fact.
Although I'd like such a claim, please keep in mind that we need it translated.
English claims are often misunderstood in Germany as recent studies showed.
On 29 Nov 2009, at 09:31, Jan Ulrich Hasecke wrote:
Am 28.11.2009 um 20:38 schrieb Mark A Corum:
+1 on a legitimate slogan like Secure by Design or something else
that reflects the fact.
Although I'd like such a claim, please keep in mind that we need it
translated. English claims are
:26 PM, Matt Hamilton ma...@netsight.co.uk wrote:
Forgot to reply all...
Begin forwarded message:
From: Matt Hamilton ma...@netsight.co.uk
Date: 28 November 2009 02:55:36 PM GMT
To: ctxlken ken.wase...@contextualcorp.com
Subject: Re: [Evangelism] Hack Plone! Win a Mac!
Mark A Corum
at 2:26 PM, Matt Hamilton ma...@netsight.co.uk wrote:
Forgot to reply all...
Begin forwarded message:
From: Matt Hamilton ma...@netsight.co.uk
Date: 28 November 2009 02:55:36 PM GMT
To: ctxlken ken.wase...@contextualcorp.com
Subject: Re: [Evangelism] Hack Plone! Win a Mac!
Mark A Corum
On 2009-11-26, at 7:24 AM, Jan Ulrich Hasecke wrote:
Am 26.11.2009 um 16:09 schrieb Norman Fournier:
think there may be more positive ways for plone to get this message across
For example?
I think we must have clear rules. The first hacker who puts his name on the
frontpage wins, if
Just tossing my 2 cents worth in here -- if there were any Plone sites in the
world that hackers were already targeting, it would be FBI and CIA. I'm
sure we would have heard of any failure there.
Meanwhile, I think the Foundation should sponsor a system of clandestine
honeypots out there
I think it's a weak assumption that these two sites would have a 'live'
Plone site. Although, it is possible, I would think that due to some of
the security and performance benefits, and since we see '.htm' or
'.html' URIs and no evidence in the response headers of Zope, that it's
likely
Am 26.11.2009 um 16:09 schrieb Norman Fournier:
think there may be more positive ways for plone to get this message across
For example?
I think we must have clear rules. The first hacker who puts his name on the
frontpage wins, if he documents how he'd done it. If we have more macs the
On 26 Nov 2009, at 15:09, Norman Fournier wrote:
Hello,
Worst case scenario. What if we are wrong?
Some smart punk hacks the plone and posts the hack or hints
somewhere. How many Macs can we afford to give away? How long can we
afford to pay lawyers to fight spurious claims in court?
A
Worst case is really bad publicity. But then is it?
If it got hacked we'd patch it immediatly and patch most systems out
there and we'd explain how that system works in advance. Basically use
it to explain how open source increases security and speed of patches.
It would also show that we
On 27/11/2009, at 9:00 AM, Mark A Corum wrote:
Actually, it would show we are arrogant and cavalier about security -
which are about the worst things you can be in the eyes of an
enterprise customer.
People who are serious about security TEST the security of their
software in a professional,
Not sure how I feel about the overall idea, but the exploit documentation
condition *must* be expanded to specify that the exploit be documented to
the Plone security team, and only the security team. Publicizing of
methodology for an attack must be only after a patch is made available, and
the
I think it's a great idea. Set up a server (perhaps using the
Hardening Plone howto below) and let the games begin!
http://plone.org/documentation/how-to/securing-plone/
Nate
On Wed, Nov 18, 2009 at 11:52 AM, Jan Ulrich Hasecke
juhase...@googlemail.com wrote:
Hi all,
what do you think about a
14 matches
Mail list logo
