Products

Solutions

Resources

Partners

Community

Blog

About

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...Is DotNetNuke.com Insecure?Is DotNetNuke.com Insecure?
Previous
 
Next
New Post
5/21/2008 9:20 AM
 

I just used the security scanner from PowerDNN on DotNetNuke.com and it says that DotNetNuke.com has two hyper-critical security holes in it.  Does anyone know when DotNetNuke.com will be patched?  What about all my sites?  There aren't a lot of details, but these issues look really serious.

Bill

 
New Post
5/21/2008 11:25 AM
 

Bill,

I am not sure what the PowerDNN scanner actually tests.  Is it a software test or a hardware test.

If you have questions about DotNetNuke.com and security I would e-mail secuirty@dotnetnuke.com

If you want some assistance in looking at your sites, feel free to drop me a message at msellers@iowacomputergurus.com


-Mitchel Sellers
Microsoft MVP, ASPInsider, DNN MVP
CEO/Director of Development - IowaComputerGurus Inc.
LinkedIn Profile

Visit mitchelsellers.com for my mostly DNN Blog and support forum.

Visit IowaComputerGurus.com for free DNN Modules, DNN Performance Tips, DNN Consulting Quotes, and DNN Technical Support Services
 
New Post
5/21/2008 5:06 PM
 

Mitchel,

Seems like this issue is/should be in the interest of many people. Is it possible to elaborate here instead of mail?

How do I test the security of my sites? What tools should I use?

Thanks,

Yehuda


Yehuda Tiram
AtarimTR
AtarimTR
972-2-5700114   |   972-54-4525492   |    http://www.atarimtr.co.il
 
New Post
5/21/2008 5:53 PM
 

Hi Yehuda,

Read this: http://www.dotnetnuke.com/Community/Blogs/tabid/825/EntryID/1838/Default.aspx

According to PowerDNN, their scanner only tests for version and not specific vulnerability.  I haven't verified this personally, and have little confidence in their organization.

The DNN core team is currently working on evaluating the issue.  I have great confidence in their ability to handle this.  You can read more about their progress here: http://www.dotnetnuke.com/Community/Forums/tabid/795/forumid/112/threadid/228802/scope/posts/Default.aspx and on the security bulletin list, here: http://www.dotnetnuke.com/Community/Blogs/tabid/825/BlogID/28/ParentBlogID/5/Default.aspx

I'd expect to hear more from them soon.

Brandon


Brandon Haynes
BrandonHaynes.org
 
New Post
5/21/2008 5:56 PM
 

I believe Brandon summed up the detailed of what has gone on today.

I would simply keep an eye out for updates and go from there.


-Mitchel Sellers
Microsoft MVP, ASPInsider, DNN MVP
CEO/Director of Development - IowaComputerGurus Inc.
LinkedIn Profile

Visit mitchelsellers.com for my mostly DNN Blog and support forum.

Visit IowaComputerGurus.com for free DNN Modules, DNN Performance Tips, DNN Consulting Quotes, and DNN Technical Support Services
 
Previous
 
Next
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...Is DotNetNuke.com Insecure?Is DotNetNuke.com Insecure?


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out