[clug-progsig] Re: [clug-talk] clug.ca 'hacked' again

[Mike Roest]

Shawn wrote:
> So, it looks as though the executive may need our help.  I haven't spoken with 
> them yet on this, but thought I'd post an idea here to see the reaction we 
> get...
ok
> 
> There's a number of good tools out there for web based WYSIWYG page editors 
> (i.e. SPAW - 
> http://www.solmetra.com/en/disp.php/en_products/en_spaw/en_spaw_about).  I 
> think we can take one of these and build a content management system around 
> it.
> 
I think rolling our own CMS is a bad idea, we're just as likely to 
create something as shitty as postnuke.  With just as many security 
holes/XSS/whatever, I think what the exex should really do is use a CMS 
that just doesn't suck quite as much ass as postnuke.  Do some research 
on which, have had a much better security record.  Outside of sendmail & 
bind postnuke is one of the top performers on security focus (IE today I 
got 2 seperate postnuke notifications).  We're getting owned cause, 
people are doing google searches for postnuke specific signs and 
exploiting the multitude of holes.

Of course this if just my $0.02, but rolling our own CMS is just gonna a 
be a whole lot of unrequired work and may end up with us not being ahead 
of the game but actually behind.


-- 
Mike
Site: http://www.blahz.org
GPG Key: http://www.blahz.org/gpg.asc
I'm normally not a praying man, but if you're up there, please save me 
Superman
--Homer Simpson