View Articles

Skype the popular text, voice and video communicator has being targeted several time on several platform since October 2016.
If you were on Windows and Android it is now several weeks you are urged to update your version of Skype. Since an old backdoor was also found (by Trustwave's SpiderLabs analysts) on Mac OSX version it seem that everyone should update skype, period.

Skype, acquired by Microsoft for $8.5 billions in 2011 was born in 2003 (only) but became rapidly a very commonly used application with 300 millions of users, around 20% of adult Internet users are Skype aficionados! With such penetration, simple breach or hack have a huge impact on the entire community. Not infected system are getting spammed and must defend themselves or be defended while all this have a cost and decrease Internet performances. The virus infection come with a slow wave propagation. While this may fool some of us (we are not affected at the same time) this give a good advantage for those who are away from the source and by the time the virus or hack affect the system that they are connected to or may received information from they should have updated or upgraded their own application.

WikiSuite (in one word) is a complete Free Open Source software and tools collection integrated into a Suite. There is no short way to say it but let's start with headers: Serve, Protect, Manage, Communicate, Share and Publish your organization's data using well-reputed software and tools assembled for that purpose. Yes it does all that and frankly, after years of trying to find one tool to fit the small/medium business common needs without investing in licences and IT team to setup, support and maintain their computerized system it looks like a seriously valid option. Most of the time, organizations or businesses have a different purpose than managing servers, databases, teams, emails, social networks and security but they need to use, share and manipulate data to achieve their everyday goals. WikiSuite is a good candidate to help you lower the resources (budget and staff) as well as security and privacy stress (you are in control) without scarifying the quality of the tools your organization is working with and yes it competes in several sectors directly with Office 365 or Google Apps for Work.

Drupal is calling upon its users to patch a dangerous remote code execution hole that can easily let attackers hijack sites. The content management system has some 15 million downloads, compared to WordPress with 140 million and Joomla with 30 million. Drupal is deployed on big ticket and business sites including nine percent of the world’s 10,000 most popular sites.

If Drupal core is not affected and not all sites will be impacted, the issue is again raising the question about third-party modules/plugins/add-ons that are not part of the core (code) but may cause significant damage to the project itself, your users, your business, all your hard work.... It is critical to review published advisories (July 12 2016) to determine if any modules you currently use have been flagged up.

The Tiki Community has released updates to all current versions of Tiki Wiki CMS Groupware. This update addresses a critical vulnerability found in third-party code that is included with Tiki. The update also includes many fixes and updates.

Special thanks to Mehmet Dursun İNCE of www.invictuseurope.com and to Robert Abela of www.netsparker.com for their cooperation and assistance in reporting the security issues.

We highly encourage all Tiki administrators to update their sites to the latest Tiki versions: Tiki 15.2, Tiki 14.4, and Tiki 12.9 LTS.

Visit https://tiki.org/Download to update the latest version.

I’m pleased to announce the release of Tiki Wiki 15, the latest LTS (Long Term Support) version of Tiki Wiki CMS Groupware.
Tiki Wiki15 brings numerous new features, enhancements and bug fixes and completes the transition to the Bootstrap framework for easy theming and smart device full support.

As the release manager of this version I can proudly say that the team did a very impressive work to deliver a very stable and free bug version of Tiki Wiki CMS. We did more than our best to track and fixe regressions as well as bugs and already hundreds several (as well as bsfez.com of course) have been successfully upgraded and are production. After 20 days of intensive usage I can confirm that this release of Tiki Wiki kept its promises to deliver to our broad user and customers base a robust web application they can rely on.

Tiki next LTS (Long Term Service) generation is almost final and is coming out with excellent report of almost none regression nor problem regarding the dozens of new features and options. With 194 commit between alpha and beta the team successfully nailed all the blockers and improve several key features within Tiki Wiki.

More information about the changes and the new stuff is available at Doc.Tiki
Tiki 15 Beta is available at SourceForge.
If you catch a bug during your install and test, please report at Dev.Tiki.

Aoutch... after an "unauthorized" backdoor was found in Juniper Networks firewalls, Juniper's ScreenOS, the first report of a highly suspicious code in FortiOS firewalls has been confirmed and tested as an SSH backdoor that can be used to access its firewall equipment.

This issue affected all FortiOS versions from 4.3.0 to 4.3.16 and 5.0.0 to 5.0.7, which cover FortiOS builds from between November 2012 and July 2014.
Proof-of-Concept exploit code was made available online by an anonymous user (operator8203@runbox.com), who posted the exploit code on the Full Disclosure mailing list this week, helping wannabe hackers generate the backdoor's dynamic password. FortiOS SSH backdoor can be then accessed via the Fortimanager_Access username.