Information Security Theory
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Information Security Theory

  1. #1
    Junior Member
    Join Date
    Oct 2004
    Posts
    1

    Information Security Theory

    Looking for a reference (i.e., URL, article, etc.) on this subject.

  2. #2
    Senior Member
    Join Date
    Jul 2004
    Posts
    131
    try this site:

    http://www.cccure.org/
    More cowbell! We need more cowbell!
    http://www.geocities.com/secure_lockdown/
    - - -
    \"Is the firewall there to protect you from the outside world or is it there to protect the outside world from *YOU*?\"

  3. #3
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Originally posted here by secure_lockdown
    try this site:

    http://www.cccure.org/
    A security site using PHPNUKE...Ironical?

    Great info there.

  4. #4
    Senior Member
    Join Date
    Jul 2004
    Posts
    131
    it's one of the premiere CISSP study sites.

    why your comment? is PHPNUKE a bad thing?
    More cowbell! We need more cowbell!
    http://www.geocities.com/secure_lockdown/
    - - -
    \"Is the firewall there to protect you from the outside world or is it there to protect the outside world from *YOU*?\"

  5. #5
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Originally posted here by secure_lockdown
    it's one of the premiere CISSP study sites.

    why your comment? is PHPNUKE a bad thing?
    PHPNUKE is known to have many security problems in the past.
    The site content is great, as I stated but the fact that the site uses PHPNUKE is
    surprising.

    A google for "phpnuke security" and/or "bugtraq phpnuke" will show examples.

  6. #6
    Senior Member
    Join Date
    May 2003
    Posts
    159
    Also try http://www.sans.org especially the reading room i.e. http://www.sans.org/rr/
    ****** Any man who knows all the answers most likely misunderstood the questions *****

  7. #7
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    Off topic.
    PHPNUKE is known to have many security problems in the past.
    Past, Present, Future...
    it is present on all butraqs.... Good software, but it has a lot of "holes". I run a security site with phpnuke too
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  8. #8
    Senior Member
    Join Date
    Jun 2003
    Posts
    134
    Originally posted here by ss2chef
    A security site using PHPNUKE...Ironical?
    And that sends your login credentials in plaintext.
    Sysmin Sys73m47ic
    -The Hacker Pimps
    -Development Team {FuxorWRT}
    http://www.AntiOnline.com/sig.php?imageid=563

  9. #9
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    Don't forget about the links to other similar threads at the bottom of every thread..........

    Not all are relevant, but just occasionally, you hit paydirt.

    [off topic] it might just be me........... but I prefer a post / question with a little more meat on its bones than this one
    Looking for a reference (i.e., URL, article, etc.) on this subject.
    Come on Bonnie, try harder next time....................

    It IS the difference between red and green.

    Also: Google your title for 3.7 MILLION hits........
    http://www.google.com/search?sourcei...ecurity+Theory
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  10. #10
    Junior Member
    Join Date
    Apr 2005
    Posts
    2

    www.cccure.org

    Good day to all,

    I have noted this forum in my referrals lately and was glad to see some discussions about cccure.org on AntiOnline.

    Why PHPNuke? This is really a big question. Five years ago when I was investigating tools to setup a portal it was the most user friendly that I could find and once you have spent the number of hours that I have spent in filling it up, it is tough to switch to something else.

    Does PHPNUke has security issues? YES it does have many of them, yesterday there was another SQL Injection through the Top 10 Modules announce. This seems to be common with a lot of PHP based portals where there are lots of functionality. Modules are being contributed by people wordwide and NOT all developers are security professionals. In order to make nuke a bit more secure there are lots of steps that can be taken, I am trying my best with IDS, port scan attack detection, and a few other tools. However, my focus in NOT on web development but more on content. I need a tool that allow me to input new material easily while helping me to automate the management side of the portal. I do not have the money to buy Oracle Portal or any of the commercial portal sold per seat.

    I am most definitively open to recommendations here, I saw lots of posting about HOW BAD nuke is but I have NOT seen any suggestion for a SECURE replacement that will cost me the same price and give me the same level of functionality. If such a beat does exist, please do let me know.

    The mention of sending Username and Password in clear text is an old debate that does come up once in a while. There are tons of replacement and plugins to provide better authentication, however the site is 100% open, you do not need to register to get access to any of the resources. It is all available to anonymous users. Once again, it is prohibitive to use something such as strong authentication, certificates, smart card, or other type of authentication when you do not even know who a person is in the first place. An email address has next to no value for authentication. To implement a system with true authentication I would have to charge a fee proportionnal to the cost of acquisition and maintenance. If there are good PHP programmers willing to help out there, I always accept and take advice very openly when they can help me secure my site.

    Best regards to all

    Clement
    Maintainer of www.cccure.org

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •