 |
|
 |
|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 306 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
|
 I see it asked so often, so I thought a nice example would help to answer the question: "How secure is PHPNuke"?
Objectively the answer is more general then you think, and as specific as you want. First, PHPNuke is on the same level as any other software or hardware service out there.
Hardware you say? Yes hardware. Here are some examples of hardware systems that are "not secure" because they do run off of firmware (or software):
http://www.computercops.biz/article1700.html
http://www.computercops.biz/article423.html
http://www.computercops.biz/article406.html
http://www.computercops.biz/article267.html
Well worth the read as they are eye openers.
Ok, what about other online portals/forums?
vBulletin: http://www.computercops.biz/article1907.html
http://www.computercops.biz/article577.html
Ikonboard: http://www.computercops.biz/article219.html
YaBB: http://www.computercops.biz/article959.html
PostNuke: http://www.computercops.biz/article359.html
http://www.computercops.biz/article277.html
http://www.computercops.biz/article241.html
There are plenty more in this non-PHPNuke category all around the Net.
Now to focus on PHP-Nuke (some have patches):
http://www.computercops.biz/article2077.html
http://www.computercops.biz/article2038.html
http://www.computercops.biz/article1513.html
http://www.computercops.biz/article919.html
That's just the data as found at CCSP. If you search this site (http://phpnuke.org/modules.php?name=Search) for exploits you will find them too.
Now what does this mean? Free and even paid for services like vBulletin are susceptiable constantly to exploits.
Even companies like Microsoft *still* re-release advisories that are very old:
http://www.computercops.biz/article2093.html
Take a look at these on Cisco, Apache, etc...
http://www.computercops.biz/article2055.html
http://www.computercops.biz/article2051.html
http://www.computercops.biz/article1436.html
http://www.computercops.biz/article1808.html
Even major government websites get defaced like NASA, and just this past Saturday too:
http://www.computercops.biz/article2095.html
Lets not forget, some systems as secure as they can possibly be are not immune to "insider" hiccups that can potentially destroy everything:
http://www.computercops.biz/article1107.html
What's the point of all this?
Nothing is secure. Software is programmed by humans. Hardware is accessed or used via firmware. Security breaches will happen. The object is to minimize the breaches. Once you feel that there can no longer be breaches, that is when you will be cracked. Stay safe and enjoy.
And also, stay at least 10 steps ahead of the black hats. (wink)
|
|
Posted on Wednesday, February 05 @ 17:22:34 CET by Zhen-Xjell |
|
|
|
|
| |
|
Average Score: 2.08
Votes: 12
|
|
|
|
|
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: How secure is PHP-Nuke? (Score: 0)
by Anonymous on Thursday, February 06 @ 19:15:08 CET | The title of this article made is seem like you were actually going to discuss the security of Php Nuke. Instead it comes across as excusing the large number of vulnerabilities that have been found in php nuke - not to mention the poor responce time out of FB when they come up.
The brilliant lack of standard input validation and user permissions systems scream of a developer that doesn't know - or doesn't care - about security.
Security breaches will happen and the objective to minimize the breaches seems ignored thus far in php nuke. Security doesn't consist of a single wall of defense (or a ton of quick fix kludges), it is applied consistantly in layers.
I appreciate that you people here decided to take an interest in php-nuke security, but this article just paints a sophist's excuse for the issue instead of tackling it directly. |
| | | | | |
|
