Small width layout Medium width layout Maximum width layout Small text Medium text Large text
     Search
Downloads Downloads Directory Directory Forums Forums Forge Forge Blogs Blogs        Marketplace Marketplace Careers Program Careers
Community › Forums Register  |  

AspDotNetStoreFront
  Ads  
Iron Speed Designer is a software development tool for building database, reporting, and forms applications for .NET without hand-coding.
 


  Sponsors  

Meet Our Sponsors

Verndale
The Official Microsoft ASP.NET Website
Portal Webhosting - Hosting For Developers
Red-Gate Software
MaximumASP
SourceGear - Tools for Developers
 


DotNetNuke Forums
 
  Forum  General DotNetN...  Chat About It!  Is DotNetNuke.com Insecure?
Previous Previous
 
Next Next
New Post 5/21/2008 7:20 AM
User is offline Bill Yonder
12 posts
10th Ranked


Is DotNetNuke.com Insecure? 

I just used the security scanner from PowerDNN on DotNetNuke.com and it says that DotNetNuke.com has two hyper-critical security holes in it.  Does anyone know when DotNetNuke.com will be patched?  What about all my sites?  There aren't a lot of details, but these issues look really serious.

Bill
 
New Post 5/21/2008 9:25 AM
User is offline Mitch Sellers
5719 posts
www.mitchelsellers.com
3rd Ranked




Re: Is DotNetNuke.com Insecure? 

Bill,

I am not sure what the PowerDNN scanner actually tests.  Is it a software test or a hardware test.

If you have questions about DotNetNuke.com and security I would e-mail secuirty@dotnetnuke.com

If you want some assistance in looking at your sites, feel free to drop me a message at msellers@iowacomputergurus.com

-Mitchel Sellers
MCITP, MCPD, MCTS
CEO/Director of Development - IowaComputerGurus Inc.
LinkedIn Profile

Visit mitchelsellers.com for my mostly DNN Blog and support forum.

Visit IowaComputerGurus.com for free DNN Modules, DNN Consulting Quotes, and DNN Technical Support Services

I reccomend 3Essentials for shared hosting and BaseCamp for project management
 
New Post 5/21/2008 3:06 PM
User is offline Yehuda Tiram,
128 posts
9th Ranked


Re: Is DotNetNuke.com Insecure? 

Mitchel,

Seems like this issue is/should be in the interest of many people. Is it possible to elaborate here instead of mail?

How do I test the security of my sites? What tools should I use?

Thanks,

Yehuda
 
New Post 5/21/2008 3:53 PM
User is offline Brandon Haynes
705 posts
brandonhaynes.org
7th Ranked


Re: Is DotNetNuke.com Insecure? 
Modified By Brandon Haynes on 5/21/2008 5:54:26 PM)

Hi Yehuda,

Read this: http://www.dotnetnuke.com/Community/Blogs/tabid/825/EntryID/1838/Default.aspx

According to PowerDNN, their scanner only tests for version and not specific vulnerability.  I haven't verified this personally, and have little confidence in their organization.

The DNN core team is currently working on evaluating the issue.  I have great confidence in their ability to handle this.  You can read more about their progress here: http://www.dotnetnuke.com/Community/Forums/tabid/795/forumid/112/threadid/228802/scope/posts/Default.aspx and on the security bulletin list, here: http://www.dotnetnuke.com/Community/Blogs/tabid/825/BlogID/28/ParentBlogID/5/Default.aspx

I'd expect to hear more from them soon.

Brandon

Brandon Haynes
BrandonHaynes.org
 
New Post 5/21/2008 3:56 PM
User is offline Mitch Sellers
5719 posts
www.mitchelsellers.com
3rd Ranked




Re: Is DotNetNuke.com Insecure? 

I believe Brandon summed up the detailed of what has gone on today.

I would simply keep an eye out for updates and go from there.

-Mitchel Sellers
MCITP, MCPD, MCTS
CEO/Director of Development - IowaComputerGurus Inc.
LinkedIn Profile

Visit mitchelsellers.com for my mostly DNN Blog and support forum.

Visit IowaComputerGurus.com for free DNN Modules, DNN Consulting Quotes, and DNN Technical Support Services

I reccomend 3Essentials for shared hosting and BaseCamp for project management
 
 Page 1 of 12123...12Next 
Previous Previous
 
Next Next
  Forum  General DotNetN...  Chat About It!  Is DotNetNuke.com Insecure?
 


Forum Policy

These Discussion Forums are dedicated to the discussion of the DotNetNuke Web Application Framework.

For the benefit of the community and to protect the integrity of the project, please observe the following posting guidelines:

1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DotNetNuke.
2. Discussion or promotion of DotNetNuke product releases under a different brand name are strictly prohibited.
3. No Flaming or Trolling.
4. No Profanity, Racism, or Prejudice.
5. Site Moderators have the final word on approving/removing a thread or post or comment.
6. English language posting only, please.
 


Dnaxp.Net
Dnaxp.Net offers a comprehensive base of information, resources, and support for DotNetNuke.
www.dnaxp.net 		DNNMasters - modules, consulting, development
DNNMasters developers are involved in DNN development since DNN 1.0.9 and today we offer a broad range of DNN related products and services including custom development of modules, help with ing third party modules for specific needs, general DNN technical support and administrative services.
www.dnnmasters.com 		Cygnusoft Custom Software
Cygnusoft has been providing cutting-edge custom software solutions for 20 years. Cygnusoft is also a leading start-up incubator, helping our partners build successful new businesses.
www.cygnusoft.com

DotNetNuke Corporation   Terms Of Use  Privacy Statement
DotNetNuke®, DNN®, and the DotNetNuke logo are trademarks of DotNetNuke Corporation
Hosted by MaximumASP