No announcement yet.

A Bunch of Questions!

  • Filter
  • Time
  • Show
Clear All
new posts

  • A Bunch of Questions!

    Hello folks, been a while since I posted here. I'm sorry for the vague title, but it's true; I just have a bunch of questions.
    Ready, fire, aim:

    2- At my workplace, the department handling the website have decided to use Joomla as a CMS. I know it's bad, not secure, gets many vulnerabilities and is rarely used correctly. This department I'm talking about wants to use Joomla because some of them don't know how to write code and they want Joomla so they can just slap around components they download from the net.

    I don't want to make enemies of them, but I want to show senior management how their decision is bad, stupid and unprofessional. How would you go on about that? Note: Senior management is tech savvy, kinda old but Computer Science graduates, so not some Marketing monkeys like Steve Ballmer.

    1- I plan to visit San Diego this May and attend SANS's Security 542 (course info here) and so I wanted to know some real feedback on this course, if any of you good folks have taken it. Too much Powerpoint? Lots of hands-on? Real life or contrived examples? Skills learned can help in contemporary situations, what with firewalls, IPSs, IDSs or only work in predefined lab conditions? How can someone prepare for this course in order to make the most out of it?

    4- Do you think it would be fit for a governmental body to hold security bug bounty programs like Google and Mozilla (<3) are doing? And what can go wrong?

    3- I'm from Kuwait. I work on Kuwait's eGov authentication system and Kuwait's smart ID card project, as well as making smart card APIs for ministries and companies; among other things. I once suggested to the General Director the idea of hosting a sort of national computer project initiative. In a nutshell the ability of companies, institutes, ministries, universities and indie developers to have help and collaboration on projects pertaining to eGovernment services among other things.

    How can I turn such a project into success, and what infrastructure do you think would be good? GitHub? StackOverflow API, sourceforge?

    That's it for now. Hmmmm, I notice the numbers above are jumbled, I coulda sworn it was Ready, Fire, Aim..

  • #2
    Re: A Bunch of Questions!

    For me, defcon (and other security cons) are all about socializing and relaxing. Most of us spend the rest of the year doing "job" stuff, so we come here to let loose and not worry about "consequences".

    Other than that, it's all about experience. So try your hand at all sorts of stuff and you'll find what works and what doesn't.
    --- The fuck? Have you ever BEEN to Defcon?


    • #3
      Re: A Bunch of Questions!

      Saw a recent vulnerability in Joomla 1.6.0.

      More information about it can be found here.

      It's best to, as kallahar said, to try your hand at all sorts of stuff. You'll find what works best for you and your project. I think this vulnerability should convince your department not to go for Joomla.

      Hope this helps.
      while 1 == 1:
      print "Help, I've got myself stuck in a loop."