So when i heard that Obama was going to make the WHITEHOUSE.GOV website a Drupal site i thought it was quite dumb... i mean its the whitehouse... you need a friggen CMS? hell waste some money on an old fashion webmaster and have it all flat html (i just think that a defaced homepage for america would totally suck) with the code for the site open source I instantly now know about most of the code that whitehouse.gov runs on and i can do my own pen testing before i even try on the whitehouse.gov domain. I wasnt alone in this ha.ckers.org makes these same exact points... and i commented on it
flash forward 211 days
what happens across my RSS feed? do my eyes decieve me? zomg its an article describing how Drupal is redefining its policy to clarify it only supports security on STABLE releases
and...
The clarifications are a response to the discovery of a potentially serious XSS hole in the Drupal Context module three weeks after White House developers proudly released their own plug-in based on the buggy module.- from The Register
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.