|
This is an urgent security notification to all customers running old versions of DotNetNuke.
It has recently come to our attention that there are certain hacker groups that are actively exploiting security vulnerabilities in old versions of CMS platforms such as websites running old versions of DotNetNuke and WordPress
Once a vulnerable website is compromised, it is then leveraged to launch network-based denial-of-service attacks. This causes significant grief for both website owners and hosting providers.
It is your responsibility to maintain the security of your website.
If you are running an old DotNetNuke 3.x/4.x/5.x website:
- Your website is vulnerable and may have already been compromised.
- Your website software is extremely old.
- You need to upgrade your site to a secure version as soon as possible
If your website has been compromised, you may see suspicious files or files with incorrect extensions located in your /Portals/#/ folders, for instance:
- x.txt
- 0wn3d.txt
- Indez.asp;.txt
- Script.asp;.jpg
In order to resolve these issues, you should upgrade to DotNetNuke 5.6.5 or above.
For assistance in upgrading, you may respond directly to this email.
To Determine the version of DotNetNuke you are running:
- Log into your website as “HOST”
- Navigate to Host > Host Settings
- If the version number is less than 05.06.05 or 5.6.5, then you should upgrade immediately.
New Security Features Are Coming:
On February 1, we will begin launching a new “Malicious File Checker” which will assist you in determining if your website has malicious files which match the multiple-extension fingerprint listed above. This tool will scan all websites once per month on the first day of the month.
If you are an Enterprise dedicated server customer:
The Malicious File Checker tool is already available to you through the PowerDNN Control Suite and may be accessed by going to Server > Domains > [Domain.com] and selecting “Malicious File Checker”.
History/Definition
Cloud computing is computation, software, data access, and storage services that do not require end-user knowledge of the physical location and configuration of the system that delivers the services. Cloud computing describes a new supplement, consumption, and delivery model for IT services based on Internet protocols, and it typically involves provisioning of dynamically scalable and often virtualized resources. It is a byproduct and consequence of the ease-of-access to remote computing sites provided by the Internet. This frequently takes the form of web-based tools or applications that users can access and use through a web browser as if they were programs installed locally on their own computers.
The National Institute of Standards and Technology (NIST) provides a somewhat more objective and specific definition:
"Cloud computing is a natural evolution of the widespread adoption of virtualization, service-oriented architecture, autonomic and utility computing. Details are abstracted from end-users, who no longer have need for expertise in, or control over, the technology infrastructure 'in the cloud' that supports them."
How PowerDNN is in “the Cloud”
Because the term “Cloud” is still such a broad term, you may run across some people who have a very specific idea of they think Cloud means. The way we think of it here at PowerDNN is to build our servers to be highly scalable, redundant, and with very high performance. These environments utilize a segmented pool of resources that are completely configurable and rapidly provisioned.
Some of the key aspects of the Cloud environments we build are.
· Multi-tenancy enables sharing of resources and costs across a large pool of users thus allowing for:
o Centralization of infrastructure in locations with lower costs (such as real estate, electricity, etc.)
o Peak-load capacity increases (users need not engineer for highest possible load-levels)
o Utilization and efficiency improvements for systems that are often only 10–20% utilized
· Scalability via dynamic provisioning of resources on a fine-grained, near real-time efficiency, without users having to engineer for peak loads. Performance is monitored,
consistent and a loosely coupled architectures is constructed using web services as the system interface.
· Maintenance of cloud computing applications is easier, because they do not need to be installed on each user's computer. They are easier to support and to improve, as the changes reach the clients instantly.
When speaking with individuals about Cloud Computing, you will need to understand that this is such a broad term that one’s idea is not always the only idea. Most general users see Cloud Computing as their website or allocated server resources being strung across multiple load balanced servers across the network. That is one way of viewing Cloud Computing, but not the PowerDNN way. Until there is a clear cut definition of what “Cloud” is, this will be a topic of discussion and you will have to make sure that you are armed with the knowledge to combat the forces of the internets.
I have been sounding the skeptical alarms on Google for years (blog posts). I have not been alone in this, of course. But since Google has updated their privacy policy once again with, in my view, new and insidious flavors of digital tyranny it seems a good time to point out a few of their updated consumer data offenses.
What has been largely reported has been the cross-sharing of information between the various Google properties—Gmail, search, YouTube, Google+, etc. Previously the data collected by each kingdom in the Google Empire was allegedly segregated (I never fully believed that, by the way). While this is indeed a new and important change with sweeping implications for both privacy and ad relevancy, it has been adequately reported on and so I want to focus on two other aspects of the recent changes—one directly related to the privacy policy and the other related to Google methods and ethics. 
Phone Privacy … NOT!
Almost two years ago I was reviewing the licensing and patent revisions for Microsoft Exchange ActiveSync 7 and noticed something significant. As opposed to the old ActiveSync that was used in PDAs, MS Exchange ActiveSync (EAS) is the best way to date for keeping mobile devices synced with calendars, contacts, notes, tasks, and email with true “Push” technology. There are a ton of reasons for this and I have written about them in the past. But the new version 7 allowed something totally new. Version 7 had methods for not just syncing devices and servers with data for the customer’s benefit and use, it also allowed the parent service to capture information from the mobile device—things like phone number, make and model of the phone, and servicing network. Hmmmm …. This was ostensibly for service improvement and reporting. Hmmmm … again. The ONLY service that I could find that was using this aspect of EAS was, perhaps not surprisingly, Gmail.
Fast-forward to today
Google’s new privacy policy is likely mis-named. It is a bit closer to a “lack of privacy” policy. The few thousand words of text might have easily been replaced with “we will harvest all of the information on you, your contacts, your family, and your friends—basically everyone you interact with—from our apps AND from your devices to use for profit.” The new policy allows Google to harvest:
Device information – make, model, OS, unique device identifiers, phone number, etc. and to associate these with your Goggle account.
Log information – cookies, browser data, telephone logs (think about that), search queries (not just on Google search), call forwarding numbers and data, day and time for calls inbound and outbound and call durations, various system activity, IP addresses, your hardware settings (think about that), and more.
Location information – Remember the ruckus when some people discovered that their iPhone kept a little database file on their locations? Remember how awful that was? Ever use Google maps or Google Earth on your mobile, even once? The new rules let them now grab it all, including, but not necessarily limited to GPS data, phone sensor data, and WiFi access points.
Local Storage – The new rules let Google store data on the device itself for retrieval later on when it is convenient for Google.
Anonymous identifiers and cookies – If you use a Google service or product—any of them to my reading—these rules let them track across the spectrum. That’s just the way it is. And it allows them to “share” this information with “partners.”
Google goes on to talk about openness and options. But this speaks directly to my second point. Google, as an organization, practices incrementalism. Those of us who have been around technology for a while understand that policies and practices change. They have to. But in my opinion when Google says “we will never” it means “we do not right now, but as soon as we can we will.” And when they say “we want you to understand” they mean “we do not want you to know where we are headed.” In short, without regard to any company slogans or Google-plex group think, they cannot be trusted.
I use some Google services and I largely protect myself. That’s OK, because I try to stay on top of these things and understand what I am signing on for. Heck … I read all of these terms of service and privacy policy things (it’s an illness). But the vast majority of folks do not. And before you shake your head and dismiss them by saying “caveat emptor” (buyer beware), remember that these people are our less-technical family members and friends. Google, Facebook, and the like are carving up the data and preferences on all of us and creating an imbalance of information that dramatically shifts the power—social, economic, and political. We should sit with a little trepidation at the next incremental intrusion that is, in my opinion, undoubtedly on its way.
You've seen the preview and you've heard the reviews. DotNetNuke 6.0 has been released! It is the greatest thing since sliced bread but there is one question you need answered: Should you upgrade your site?
There's a short but easy answer to that question:
Yes! But not yet.
Even though DotNetNuke 6.0 is the most tested version of DotNetNuke ever, it purposefully introduces subtle hardening to the security infrastructure in order to make DotNetNuke a more secure application. Unfortunately, some third party modules take advantage of the formerly lax security in order to implement certain features. Because of this, when upgrading to 6.0, you may have to also upgrade certain third party modules along with it. Because 6.0 is so new, not all module vendors have updated their components to be compatible with it so, if you upgrade right away, you may find yourself in a situation where you need to upgrade to a 6.0 compatible version of a module but one does not exist yet.
If you are currently running a DotNetNuke website, we recommend waiting a few months while all of the module vendors update their modules to be compatible with DotNetNuke 6.0.
Once we're confident that a majority of the ecosystem vendors have 6.0 compatible versions of their modules, we will let you know!
SUMMARY:
In conjunction with DotNetNuke Corporation's launch of DotNetNuke 6.0, we are proud to announce our DotNetNuke 6.0 Early Adopter program: 6.0 for $60/yr. This is a limited-time-only special promotion designed to help new users learn DotNetNuke 6.0 at a fraction of the cost of traditional DotNetNuke hosting.
PARTICIPATION REQUIREMENTS:
Effective Wednesday, July 20th, all new hosting signups are eligible to participate by using the promotional code "DNN6" while signing up. Both existing customers and new customers may participate, however, 6.0 for $60/yr may not be retroactively applied to existing websites that are already hosted with PowerDNN - it is for new stuff only. 6.0 for $60/yr may be used by customers choosing to have a new instance of DotNetNuke deployed and by customers who are migrating an existing website to the PowerDNN infrastructure.
BENEFITS OF JOINING:
In addition to receiving a 75% off discount on hosting, we will throw 60 days of DotNetNuke Upgrade Protection for Free! If a new version of DotNetNuke is released within the first 60 days of you signing up, upon request, we will apply the standard upgrade for you at no cost.
LIMITED AVAILABILITY:
6.0 for $60/yr is a limited time offer and may not be combined with other promotional codes: it is the best promotion we've ever offered - don't be greedy! :-) When you sign up for 6.0 for $60/yr, if you decide to cancel, we'll give you a complete refund as long as you cancel within the first 15 days of opening your account. After that, you're not getting a refund: your hosting account will run for an entire year and we'll provide you service regardless of if you choose to continue using us or not. We're not going to bother with partial refunds: it is only $60!
TERMINATION AND SEVERABILITY
We work very hard to keep our customers happy and we're confident that you'll love our service and you'll want to stick around after your first year, however, if you need to bail, before your account auto-renews, simply grab a backup of your website through the control panel and remove your credit card from being on file. There won't be any hard feelings - simply stop paying your bill and go somewhere else.
In April of 2005, DotNetNuke Corporation released DotNetNuke 3.0. It was amazing and unlike any other product on the market. It created a new paradigm in terms of how web development and websites should function. It was very impressive.
Since DotNetNuke 3.0, there have been many changes to DotNetNuke, however, for the most part, DotNetNuke 4.0 and DotNetNuke 5.0 have contained enhancements for developers. DotNetNuke 5.0 looked a whole lot like DotNetNuke DNN 3.0 with a few extra features.
DotNetNuke 6.0 is a Game Changer - It is the Most Impressive DNN Release Ever.
Every line of code in every file has been touched, the platform has changed from VB.NET to C#, bugs have been fixed, new features have been added, and it is 20% faster, but most impressively, DNN 6.0 has received a complete UI overhaul. It has been fully integrated with JQuery UI which provides a fast, AJAXy web-3.0 interface for building high-powered websites faster. If you can use Facebook, you'll almost already be a DotNetNuke expert. DotNetNuke 6.0 will let you build nicer websites faster.
When can I start using DotNetNuke 6.0?
If you're new to PowerDNN, you can start right away. Simply create an account and we'll set you up with the latest version. However, if you're an existing customer and you already have a non-DNN6 website, while you can request an upgrade immediately, we would highly recommend waiting just to make sure that there are not any hidden upgrade-related issues that might be discovered.
Happy DNNing!
Hi Everybody,
Welcome to the PowerDNN Blog!
While this is my first post, over the coming weeks we will be using this space to post interesting tidbits of information that we thing you might enjoy reading or find useful.
|
|