|
Aug 25 |
 Changes to the Help Desk
Posted by Donald Raleigh on 25 August 2010 08:37 AM
|
|
As you can see from the new look of the Help Desk, some things have changed! We have upgraded to the very newest version of the Kayako Help Desk software. This is really leading edge stuff, and as such, there may be some glitches here and there. We ask that you help us out as this software "settles in" with us. There are dozens of new features, all designed to help us help you. Should something not work quite right, or not the way you think it should, we ask that you let us know if the kindest, gentlest way. Thank you for your support as we work to support you! Donald Raleigh President Evolve Systems Read more » | |
|
Aug 23 |
Upgrading The Helpdesk!
Posted by Donald Raleigh on 23 August 2010 01:53 PM
|
|
The Help Desk here, www.evolvehelpdesk.com, is going to be going down for a little while as we upgrade to version 4.0 of the Kayako Help Desk. This is a very big change, and one that we have been looking forward to for quite some time! Just letting you know that the help desk may be down from 7:00 p.m. on Monday, August 23 for a few hours. We will see you on the other side! Don
Read more » | |
|
Aug 17 |
AmiroCMS 5.8.4
Posted by Donald Raleigh on 17 August 2010 03:30 PM
|
|
Evolve Systems is excited to announce the release of Amiro 5.8.4. In an industry where technology is constantly changing and client needs are continuously expanding Amiro continues to show its commitment to being an industry leading content management system by releasing AmiroCMS 5.8.4. Amiro releases several updates to their system throughout the year. These periodic releases ensure that Amiro customers continue to be presented with cutting edge tools to create and maintain their online presence. Upgrading to the latest version could not be easier. Evolve Systems has already handled that for you. The only action you need to perform is to log into AmiroCMS and create a backup. Click on this link for help creating a backup: http://evolve-systems.com/training/Interactive_modules/backup/backup_viewlet_swf.html So much has changed in this latest release that old versions of backups will not work in the new version. Release Version 5.8.4 now completes the use of ZendOptimizer in the Amiro.CMS server technology and marks the implementation of the new entity "Product Link" for catalogs, which allows you to place products in several sections of the catalog and enhances protection against spam. Disclaimer: ZendOptimizer Starting with version 5.8.4.Amiro CMS no longer requires the installation of ZendOptimizer in the server hosting environment. ZendOptimizer not only facilitated the installation of the AmiroCMS "engine", but also made demands on the configuration little bit easier. It is recommended for dedicated servers to disable its use and, if possible, include existing php-Accelerators that will speed up php-script from 30% to 200%. "Product Link" With version 5.8.4 we have published a mechanism for product placement in several categories. This solved the problem by maintaining the current performance of the catalog through the implementation of the scheme of "image-link" instead of demanding multiple relations. "Physically, when you create a" product-links "is the creation of" virtual copy "of the goods specified in the admin section, which includes all the settings and additional fields of the goods. The copies may have its own unique address (url). Implementation Details: • Although the products link, and it looks superficially as mere commodities, they are not. If you call the image-link in the editing, it will be possible to change only the product url link, and to aid in the rapid transition to edit of the original product. When editing the original all the changes cascade and apply to all existing copies of the product. Read more » | |
|
Apr 16 |
PCI and Hosting
Posted by Donald Raleigh on 16 April 2010 12:24 PM
|
|
It's not easy to be PCI compliant! Just like it is not easy being Green. (Like Kermit, not Al Gore.) Not trying to pass the buck here, but the straight up fact of the matter is PCI is not just about following a set of steps on a checklist. It is about holistically looking at various activities, venerabilities, and risks that one may encounter when dealing with technology. Right now there are 2 things that are going on with a fairly high degree of consistency. 1) We are scanning the servers and systems and keeping up with the latest patches as quickly as we can. 2) External PCI scanning companies are CONSTANTLY changing the rules. What this means to each client is that you may be 100% PCI complaint today, and fail a scan tomorrow, and pass again on Thursday. When you receive a report from your PCI scanning company, please don't panic. Send us the report (as a PDF) via the Help Desk, www.evolvehelpdesk.com, and we will take a look at it. We have found that 99+% of the time it is something new that was found, not that your server is suddenly "bad" or that we "missed" something. Hackers and Bad Guys are quite wily. Another point to keep in mind is that are dependent on different software vendors, like Parallels Plesk, Litespeed tech, the CentOS community and others. For example the Parallels Plesk control panel has not been compliant since version 9.0 was released. They have switched their control panel to a self-coded web server, which does not support secure ciphers at all. Our server team was forced to hardcode security patch to make it compliant. (fortunately we have quite talented and good looking developers!), but Plesk themselves do not have this issue fixed, still! (it's already 3 or so months since issue was discovered, and they are the company that Makes the product!). We will continue to monitor the servers, the community and the newest developments. Please let us know if you have questions, and as always, please let us know what we can do to be of service to you! Cheers! Evolve Systems www.evolvehelpdesk.com P.S. Just to give you an idea of what we mean by keeping up with server issues, here is just 1 alert system we keep up with and use to keep our systems current. This is just for 1 day.... April 16, 2010 2010-04-16: Oracle Java SE and Java for Business Unspecified Vulnerabilities Successful attacks may allow attackers to gain unauthorized access to a computer in the context of the user running the affected application. http://www.securityfocus.com/bid/39492 April 16, 2010 2010-04-16: Irssi Denial of Service and SSL Hostname Verification Security Bypass Vulnerabilities An attacker can exploit these issues to gain unauthorized access to the affected computer and to crash the affected application. http://www.securityfocus.com/bid/39377 April 16, 2010 2010-04-16: Adobe Acrobat and Reader CVE-2010-0193 Denial of Service Vulnerability Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Due to the nature of this issue arbitrary code execution may also be possible but this has not been confirmed. http://www.securityfocus.com/bid/39524 April 16, 2010 2010-04-16: Joomla! 'com_manager' Component 'Itemid' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.securityfocus.com/bid/39519 April 15, 2010 T-349: [USN-928-1] Sudo vulnerability A Sudo security issue affects several Ubuntu releases and some corresponding versions of Kubuntu, Edubuntu, Xubuntu, and Mac OS. Valerio Costamagna discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command when the PATH contained only a dot ('.'). If secure_path and ignore_dot were disabled, a local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. By default, secure_path is used and the sudoedit pseudo-command is not used in Ubuntu. This risk is Moderate. http://www.doecirc.energy.gov/bulletins/t-349.shtml April 15, 2010 2010-04-15: GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability Local attackers can exploit this issue to execute arbitrary code with superuser privileges. Successful exploits will result in the complete compromise of affected computers. http://www.securityfocus.com/bid/37128 April 15, 2010 2010-04-15: Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability Exploiting this issue allows remote attackers to cause denial-of-service conditions in the context of an application using the vulnerable XML parsing library. http://www.securityfocus.com/bid/36097 April 15, 2010 2010-04-15: KDE KDM Insecure File Permission Local Privilege Escalation Vulnerability An attacker may exploit this issue to execute arbitrary code and gain elevated privileges. http://www.securityfocus.com/bid/39467 April 15, 2010 2010-04-15: Todd Miller Sudo 'sudoedit' Path Resolution Local Privilege Escalation Vulnerability Local attackers could exploit this issue to run arbitrary commands as the 'root' user. Successful exploits can completely compromise an affected computer. http://www.securityfocus.com/bid/39468 April 15, 2010 2010-04-15: Apple Mac OS X Apple Type Services Embedded Font Remote Code Execution Vulnerability Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. http://www.securityfocus.com/bid/38955 April 15, 2010 2010-04-15: VMware Remote Console 'connect' Method Remote Format String Vulnerability Successful exploits may allow an attacker to execute arbitrary code. Failed attacks may cause denial-of-service conditions. http://www.securityfocus.com/bid/39396 April 15, 2010 2010-04-15: Oracle Sun Java System Communications Express CVE-2010-0885 Remote Address Book Vulnerability Oracle Sun Java System Communications Express is prone to a remote vulnerability in Address Book. The vulnerability can be exploited over the 'HTTP' protocol. http://www.securityfocus.com/bid/39461 April 15, 2010 2010-04-15: Oracle Sun Java System Directory Server CVE-2010-0897 Multiple Remote Vulnerabilities These vulnerabilities can be exploited over the 'LDAP' and 'HTTP' protocols. Remote attackers can exploit these issues without authenticating. Successful exploits will allow attackers to exploit arbitrary code in the context of the vulnerable application or cause denial-of-service conditions. http://www.securityfocus.com/bid/39453 April 15, 2010 2010-04-15: RPM Configuration File Handling Remote Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/39493 April 15, 2010 2010-04-15: VMware Hosted Products 'vmware-vmx' Virtual Network Stack Information Disclosure Vulnerability An attacker can exploit this vulnerability to disclose memory from the host's 'vmware-vmx' process to a guest operating system or potentially the network. This can allow the attackers to harvest potentially sensitive information that can aid in further attacks. http://www.securityfocus.com/bid/39395 April 15, 2010 2010-04-15: Oracle JRE Java Platform SE and Java Deployment Toolkit Plugins Code Execution Vulnerabilities Attackers can exploit these issues to execute arbitrary code in the context of the user running the vulnerable applications. http://www.securityfocus.com/bid/39346 April 15, 2010 2010-04-15: Adobe Flash Player and AIR (CVE-2010-0187) Unspecified Denial of Service Vulnerability Successful exploits will allow attackers to crash the application, denying service to legitimate users. http://www.securityfocus.com/bid/38200 April 15, 2010 2010-04-15: Multiple Adobe Products Unspecified Cross Domain Scripting Vulnerability A remote attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information or launch spoofing attacks against other sites. Other attacks are also possible. http://www.securityfocus.com/bid/38198 April 15, 2010 2010-04-15: PostgreSQL Index Function Session State Modification Local Privilege Escalation Vulnerability PostgreSQL is prone to a local privilege-escalation vulnerability. Exploiting this issue allows local attackers to gain elevated privileges. http://www.securityfocus.com/bid/37333 April 15, 2010 2010-04-15: PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability PostgreSQL is prone to a security-bypass vulnerability because the application fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones. Successful exploits allow attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. http://www.securityfocus.com/bid/37334 April 15, 2010 2010-04-15: Apache 'mod_proxy_ajp' Information Disclosure Vulnerability Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. http://www.securityfocus.com/bid/34663 April 15, 2010 2010-04-15: Apache 'mod_proxy' Remote Denial Of Service Vulnerability Successful exploits may allow remote attackers to cause denial-of-service conditions and prevent legitimate users from accessing the services. http://www.securityfocus.com/bid/35565 April 15, 2010 2010-04-15: Pidgin Multiple Denial of Service Vulnerabilities Successful exploits will crash the application or make it unresponsive, denying service to legitimate users. http://www.securityfocus.com/bid/38294 April 15, 2010 2010-04-15: Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability Successful exploits may allow remote attackers to trigger denial-of-service conditions. http://www.securityfocus.com/bid/36596 April 15, 2010 2010-04-15: LibThai Unspecified Integer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of an application using the affected library. Failed exploit attempts will result in a denial-of-service vulnerability. http://www.securityfocus.com/bid/37822 April 15, 2010 2010-04-15: PhpMesFilms 'index.php' SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.securityfocus.com/bid/33105 April 15, 2010 2010-04-15: Intel BIOS System Management Mode Local Privilege Escalation Vulnerability An attacker can exploit this issue to modify software that runs in System Management Mode (SMM). Successfully exploiting this issue will allow the attacker to compromise affected computers. http://www.securityfocus.com/bid/38251 April 15, 2010 2010-04-15: IBM Lotus Notes 'SURunAs.exe' Insecure Password Storage Information Disclosure Vulnerability Successful attacks can allow local attacker to gain elevated privileges by obtaining access to an administrator's credentials. http://www.securityfocus.com/bid/39525 April 15, 2010 2010-04-15: Adobe Acrobat and Reader CVE-2010-0197 Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running an affected application or to cause a denial-of-service condition. http://www.securityfocus.com/bid/39518 April 15, 2010 2010-04-15: Oracle E-Business Suite Financials 'jtfwcpnt.jsp' SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.securityfocus.com/bid/39510 April 15, 2010 2010-04-15: Deluxe Blog Factory Joomla! Component 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39508 April 15, 2010 2010-04-15: BeeHeard Components for Joomla! 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39506 April 15, 2010 2010-04-15: TeX Live 'dospecial.c' '.dvi' File Parsing Integer Overflow Vulnerability Successfully exploiting this issue can allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/39500 April 15, 2010 2010-04-15: IBM BladeCenter Advanced Management Module Denial of Service Vulnerability Successful exploits will cause the affected service to reboot, denying service to legitimate users. http://www.securityfocus.com/bid/39499 April 15, 2010 2010-04-15: Mocha W32 LPD Remote Buffer Overflow Vulnerability Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/39498 April 15, 2010 2010-04-15: Softbiz B2B Trading Marketplace 'IndustryID' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.securityfocus.com/bid/39496 April 15, 2010 2010-04-15: Intellectual Property Joomla! Component 'id' Parameter SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Read more » | |
|
Apr 16 |
Upgrade to 5.8
Posted by Donald Raleigh on 16 April 2010 11:32 AM
|
|
This week our CMS was updated to version 5.8.0.10. There are some Very new things for you to see in this version, and we hope that you like the refreshed look of the buttons and the colors. You will also notice that we have more of a "slick" style to the way that windows and areas "open" now. This update also brings with it our first steps into Gadgets. Our first Gadget is YouTube! To add video to your site at first your need to upload it to Youtube. Followthese instructions at Youtube help center. This is our first step into adding lots of Social Media into the system. You may also note that in the Site Manger you can now Stack the tabs that you use to edit pages. Next to Body, Navigation and Options and SEO you will see a Tumbnail. Use that to move the presentation around the way you want it. Look for more great things in the near future, and please let us know how we can be of assistance. Read more » | |