Language Selection

English French German Italian Portuguese Spanish

Drupal News

Filed under
Drupal
  • How to perform Drupal 7 integration tests with Red Test

    The spotlight is back on Drupal with the 8.0.0 release. The successful launch is a testament to the hard work put in by members of the Drupal community, but Drupal 7 still has a huge install base and likely will for many years to come. To support Drupal 7 development, let's take a look at a testing platform built exclusively for the platform. Red Test is an open source integration testing framework aimed at making life easier for Drupal developers.

  • Drupal sites at risk due to insecure update mechanism

    The update mechanism of the popular Drupal content management system is insecure in several ways, allowing attackers to trick administrators into installing malicious updates.

    Researcher Fernando Arnaboldi from security firm IOActive noticed that Drupal will not inform administrators that an update check has failed, for example due to inability to access the update server. Instead, the back-end panel will continue to report that the CMS is up to date, even if it's not.

    This can be a problem, considering that hackers are quick to exploit vulnerabilities in popular content management systems like Drupal, WordPress or Joomla, after they appear. In one case in 2014, users had only a seven-hour window to deploy a critical Drupal patch until attackers started exploiting the vulnerability that it fixed.

More in Tux Machines

OpenBSD and NetBSD

Security: Twitter and Facebook

  • Twitter banned Kaspersky Lab from advertising in Jan
     

    Twitter has banned advertising from Russian security vendor Kaspersky Lab since January, the head of the firm, Eugene Kaspersky, has disclosed.  

  • When you go to a security conference, and its mobile app leaks your data
     

    A mobile application built by a third party for the RSA security conference in San Francisco this week was found to have a few security issues of its own—including hard-coded security keys and passwords that allowed a researcher to extract the conference's attendee list. The conference organizers acknowledged the vulnerability on Twitter, but they say that only the first and last names of 114 attendees were exposed.

  • The Security Risks of Logging in With Facebook
     

    In a yet-to-be peer-reviewed study published on Freedom To Tinker, a site hosted by Princeton's Center for Information Technology Policy, three researchers document how third-party tracking scripts have the capability to scoop up information from Facebook's login API without users knowing. The tracking scripts documented by Steven Englehardt, Gunes Acar, and Arvind Narayanan represent a small slice of the invisible tracking ecosystem that follows users around the web largely without their knowledge.

  • Facebook Login data hijacked by hidden JavaScript trackers
     

    If you login to websites through Facebook, we've got some bad news: hidden trackers can suck up more of your data than you'd intended to give away, potentially opening it up to abuse.

Beginner Friendly Gentoo Based Sabayon Linux Has a New Release

The team behind Sabayon Linux had issued a new release. Let’s take a quick look at what’s involved in this new release. Read more

Android Leftovers