rp: Re: [Evangelism] Hack Plone! Win a Mac!
Am 28.11.2009 um 20:38 schrieb Mark A Corum:
> +1 on a legitimate slogan like "Secure by Design" or something else
> that reflects the fact.
Although I'd like such a claim, please keep in mind that we need it
translated. English clai
On 29 Nov 2009, at 09:31, Jan Ulrich Hasecke wrote:
Am 28.11.2009 um 20:38 schrieb Mark A Corum:
+1 on a legitimate slogan like "Secure by Design" or something else
that reflects the fact.
Although I'd like such a claim, please keep in mind that we need it
translated. English claims are
Am 28.11.2009 um 20:38 schrieb Mark A Corum:
> +1 on a legitimate slogan like "Secure by Design" or something else
> that reflects the fact.
Although I'd like such a claim, please keep in mind that we need it translated.
English claims are often misunderstood in Germany as recent studies showed
s the watchmen?) -
Juvenales, Satires
"No matter where you go ... there you are." - Buckaroo Banzai
On Sat, Nov 28, 2009 at 2:26 PM, Matt Hamilton wrote:
Forgot to reply all...
Begin forwarded message:
From: Matt Hamilton
Date: 28 November 2009 02:55:36 PM GMT
To: ctxlken
Su
es
"No matter where you go ... there you are." - Buckaroo Banzai
On Sat, Nov 28, 2009 at 2:26 PM, Matt Hamilton wrote:
>
> Forgot to reply all...
>
>
> Begin forwarded message:
>
> From: Matt Hamilton
> Date: 28 November 2009 02:55:36 PM GMT
> To: ctxlken
&g
Forgot to reply all...
Begin forwarded message:
From: Matt Hamilton
Date: 28 November 2009 02:55:36 PM GMT
To: ctxlken
Subject: Re: [Evangelism] Hack Plone! Win a Mac!
Mark A Corum wrote:
If Plone had previously been weak on security, and had gotten
its act
together, this
I think it's a weak assumption that these two sites would have a 'live'
Plone site. Although, it is possible, I would think that due to some of
the security and performance benefits, and since we see '.htm' or
'.html' URIs and no evidence in the response headers of Zope, that it's
likely the
Just tossing my 2 cents worth in here -- if there were any Plone sites in the
world that hackers were already targeting, it would be FBI and CIA. I'm
sure we would have heard of any failure there.
Meanwhile, I think the Foundation should sponsor a system of clandestine
honeypots out there and
On 2009-11-26, at 7:24 AM, Jan Ulrich Hasecke wrote:
> Am 26.11.2009 um 16:09 schrieb Norman Fournier:
>
>> think there may be more positive ways for plone to get this message across
>
> For example?
>
> I think we must have clear rules. The first hacker who puts his name on the
> frontpage wi
Not sure how I feel about the overall idea, but the exploit documentation
condition *must* be expanded to specify that the exploit be documented to
the Plone security team, and only the security team. Publicizing of
methodology for an attack must be only after a patch is made available, and
the awa
On 27/11/2009, at 9:00 AM, Mark A Corum wrote:
Actually, it would show we are arrogant and cavalier about security -
which are about the worst things you can be in the eyes of an
enterprise customer.
People who are serious about security TEST the security of their
software in a professional, s
Actually, it would show we are arrogant and cavalier about security -
which are about the worst things you can be in the eyes of an
enterprise customer.
People who are serious about security TEST the security of their
software in a professional, systematic way. They get experts in the
field and f
Worst case is really bad publicity. But then is it?
If it got hacked we'd patch it immediatly and patch most systems out
there and we'd explain how that system works in advance. Basically use
it to explain how open source increases security and speed of patches.
It would also show that we ta
On 26 Nov 2009, at 15:09, Norman Fournier wrote:
Hello,
Worst case scenario. What if we are wrong?
Some smart punk hacks the plone and posts the hack or hints
somewhere. How many Macs can we afford to give away? How long can we
afford to pay lawyers to fight spurious claims in court?
A
Am 26.11.2009 um 16:09 schrieb Norman Fournier:
> think there may be more positive ways for plone to get this message across
For example?
I think we must have clear rules. The first hacker who puts his name on the
frontpage wins, if he documents how he'd done it. If we have more macs the
fir
Hello,
Worst case scenario. What if we are wrong?
Some smart punk hacks the plone and posts the hack or hints somewhere. How many
Macs can we afford to give away? How long can we afford to pay lawyers to fight
spurious claims in court?
A risk analysis should be air-tight before any contest is
I think it's a great idea. Set up a server (perhaps using the
Hardening Plone howto below) and let the games begin!
http://plone.org/documentation/how-to/securing-plone/
Nate
On Wed, Nov 18, 2009 at 11:52 AM, Jan Ulrich Hasecke
wrote:
> Hi all,
>
> what do you think about a hacking contest? We s
On 19/11/2009, at 4:52 AM, Jan Ulrich Hasecke
wrote:
Hi all,
what do you think about a hacking contest? We setup a plain plone
site and who ever hacks it first wins a mac or a playstation or
whatever.
All exploits must be documented of course so that we can fix them.
We promote Plo
Hi all,
what do you think about a hacking contest? We setup a plain plone site and who
ever hacks it first wins a mac or a playstation or whatever.
All exploits must be documented of course so that we can fix them.
We promote Plone as a secure system and can document it with the CVE entries
b
19 matches
Mail list logo