Vuoi un sito per la tua Scuola ?

Drupal

Volete un sito per la vostra Azienda o per la vostra scuola ?

Trasferimento su dominio gov.it

Installazione Drupal 6.x e Drupal 7

Compilate il modulo on-line con i vostri dati e le vostre richieste.

eLearning

Moodle

I miei ambienti di formazione integrata pronti

per chi si avvicina a Drupal e per gli esperti.

  • Formazione con Moodle (2011/2012)
  • Corso FORTIC C2 - 2008 (offline)
  • Moodle (2007) (offline)

Learning Content

ATutor

Molti corsi disponibili in ambito ICT In Italiano ed in Inglese.

Disponibili i corsi presso: maurizionaso.it [ATutor] (offline)

  • Networking
  • Sicurezza
  • ATutor HowTo

 

Informazioni utili per chi lavora quotidianamente sul web in modo professionale. Sviluppo di siti web con il CMS Drupal, installazione e configurazione di piattaforme di eLearning (Moodle, ATutor), Wiki; Sviluppo di siti web Accessibili, per la Pubblica Amministrazione, per gli Enti locali, per le Scuole di ogni ordine e grado in tutto il nord Italia. Realizzazione di percorsi di formazione personalizzata, individuale e di gruppo (in presenza, a distanza, blended).

  • e-Learning Project Team Manager;
  • Staff di sviluppo in ambito CMS e LCMS.

Una questione di Sicurezza

Posted Gio, 03/03/2011 - 08:19 by admin
Versione stampabile

 * Advisory ID: PSA-2011-001

 * Project: Drupal core and contrib
 * Versions: All versions
 * Date: 2011-February-17
 * Security risk: Not critical

-------- DESCRIPTION ----------------------------------

This is a public service announcement regarding a recent social engineering
attack via the following mail purporting to come from the Drupal security
team.

 >Hello, I am a member of the Drupal security team. Our installation records
 >show that your site runs Drupal on PHP [version] and [server]. We have
 >recently found a security problem with that configuration which could allow
 >a hacker to get into the site and delete any posts they want. We have not
 >posted anything about this yet publicly as we want to get this patch out to
 >as many people as possible first. We have developed a patch for this bug -
 >all you need to do is upload this file to your site in the
 >sites/default/files/ folder (do not change the name of the file) and Drupal
 >will see it and install it for you. We recommend you do this as soon as
 >possible. Sincerely, James Drupal security team
The mail was sent with Drupal Security <drupal_s@yahoo.com> as the
(easily-forged) "From" address. It also contained an attachment that was said
to be a patch that had to be uploaded and installed. Needless to say that
this file contained code to make the system accessible from the outside. If
you received a message like the above, do not upload the attached file. How
the Drupal Security Team communicates:
 1) The Security Team does not supply patches to sites.
 2) The Security Team will never ask site administrators to upload random
    files to their site. We only recommend to update to latest core or
    contrib releases downloaded from drupal.org.
 3) The Security Team officially uses three forms of communication for Drupal
    Security Advisories; the update report in your Drupal installation, the
    posts and RSS feed on http://drupal.org/security, and the newsletter
    available from your Drupal.org user page. The Drupal Security Team does
    not publish to a Twitter feed or provide any other official communication
    channel.
 4) The Security Team will never ask for passwords for your host or your
    Drupal install.

If you receive communications from someone saying they are a member of the
Security Team and their request is questionable, please forward the email to
the team at security@drupal.org.

-------- CONTACT ----------------------------------------------

The security team for Drupal can be reached at security at drupal.org or via
the form at http://drupal.org/contact.

Realizzato con Drupal, un sistema per la gestione dei contenuti informativi open source