hardware & software

Mikado ag: open source CMS undergo technical changes always a penetration test open source content Management-Systeme(CMS) are among the most widely used systems for websites. For example, WordPress, TYPO3, Drupal and Joomla are among the most widely deployed solutions in the German-speaking. This CMS-based sites to demonstrate the findings of the consultancy mikado ag in specific functional areas but often major security vulnerabilities on. They concern less the core systems, but in particular the individual additions. The BSI has recently come to similar findings. “The open source approach itself represents the real problem not once, even if the source code for each is available and can be used in principle”, judge mikado Board John rider. On the contrary, especially the basic systems with the basic equipment for the operation of a website with open source CMS from a security standpoint would have high quality. However, while the core systems in the Normally by a development team on the basis be maintained by standards, the extensions as meet any assessment about news systems, image galleries, blogs, booking systems, Web shops and more of the work of individual developers, whose knowledge of programming or security standards have come from.

This is why unattended can occur if unchecked such extensions to the implementation of security vulnerabilities, the attacker may gain access to the entire system a breeding ground for vulnerabilities,”emphasizes rider. Finally, interact each of these enhancements to the underlying database or use write permissions on the file system. This has resulted in that each update for an extension a must be checked, whether she meet all safety requirements. Because database queries would changed or supplemented with completely new, the risk that may be not sufficient cleanup data achievements arise and a compromise of the system is possible. New security vulnerabilities may arise even in a patch for a bug. To minimize this risk, requires not only the going-live a new site necessarily a Pentest, but functional as well as any subsequent extension”, emphasizes rider. Unique tests could shed light only on the current status of the site and provide no guarantee for a medium-term safety. He pointed out that rule especially in the open source systems with respect to the extensions a huge momentum, are continuously added or further developed existing. Here, automated penetration testing would be sufficient alone for economic reasons in the case of rule as midas offers mikado also their scanning solution.

The PDF/A competence center organized its fourth international PDF/A Conference this year. Berlin – a focal point is the new part of PDF/A-2, which is nearing its completion. Experts there to inform the further development of the standard and explain whether, when and how a conversion makes sense. In addition, some vendors within the exhibition present their first PDF/A-2 ready “-solutions.” The PDF/A Conference will take place from 29 September to 1 October 2010 in Rome. The participation costs 890 euro + VAT More information and registration at. End of 2005 the ISO Committee ISO TC 171 has published as international standard ISO 19005-1 for long-term archiving format PDF/A-1. In particular the areas of administration, archives, libraries and publishers, banks and insurance companies, as well as the industry benefit from PDF/A, because they can permanently archive digital documents with this standard. Work on the second part of the standard, PDF/A-2, from a technical perspective was completed in the summer of this year. With its Publication is expected in early 2011. While PDF/a-1 is based on the PDF format version 1.4, PDF/A-2, then based on the stand-alone ISO 32000-1, can take advantage of, which were only available with PDF version 1.7. Include other following significant improvements include: JPEG2000 image compression the recording of the powerful JPEG2000 compression is interesting for scanned documents, as is hereby higher compression rates and better quality can be achieved than with the older JPEG format. Furthermore, JPEG2000 offers also a lossless compression. Embedded PDF/A compliant files via collections the collections portfolio in Acrobat “called. Combine with this function, the user can multiple files in a container-PDF”. PDF/A-collections to be PDF/A-2 now from several PDF/A compliant files together. Other file formats as PDF/A are explicitly not allowed in these collections. A good example is about archiving emails and attachments in a PDF/A-collection. Already, the PDF/A-1 digital signatures allows the use of electronic signatures. In PDF/A-2, the signatures are now incorporated under the PadES standard, the European Telecommunications Standards Institute, issued and used. PAdES (PDF advanced electronic signatures) is a set of constraints and extensions to the PDF standard according to ISO 32000-1 PDF/A-2 also offers other innovations such as the advanced appearance of transparency, support for PDF layers, the direct involvement of OpenType fonts and additional possibilities for the use of metadata,”including Olaf Drummer, Member of the Board of the PDF/A competence center, together. To what extent these justify a move to the new part, users should evaluate individually.” In addition, the PDF/A Conference offers an excellent platform for information. All innovations and improvements are workshops, lectures, and a keynote address from the user and developer perspective considered. We want to advise the participants in their deliberations whether they should upgrade to PDF/A-2, through our knowledge and support”, so Daram. You also get successfully to implement the necessary know-how to a migration strategy.” Companies and public organizations that favor PDF/A-2, need to insert of course tools that take into account the new part. Adobe has already confirmed that the next versions of its products for PDF/A-2 support. At the exhibition accompanying the PDF/A Conference company show how callas, LurTech, PDF tools and SEAL systems first PDF/A-2 ready “-products.” PDF/A, PDF / A is the ISO standard 19005 for long-term archiving in PDF format. It represents a restricted version of PDF, a standardized profile for the use of PDF in long-term archiving. The standard prescribes in detail what content is allowed and which are not. A long term readability of documents should be guaranteed by these and other provisions and regardless of which application software and on what operating system they were originally created. The benefits of PDF/A, such as for example the ability to full-text search, make it a preferred archiving format that has now displaced the TIFF format at numerous international authorities and companies. About the PDF/A competence center the PDF/A competence center was as an International Association founded in 2006. Aim of the Association is the promotion of information and exchange of experience in the area of long-term archiving in accordance with ISO 19005: PDF/A. The Board of Directors is composed of executives of the companies callas software GmbH, compart AG, intarsys consulting GmbH, LurTech Europe GmbH, PDF Tools AG (CH), PDFlib GmbH and the SEAL systems AG together. Period of less than three years competence center joined about 100 companies and various experts from about 20 countries the PDF/A as a member. Chairman of the Board is Harald Grumser, CEO of compart AG. Dr. Hans Barfuss, CEO of PDF Tools AG, Switzerland, is Deputy Chairman of the Managing Board. Their editorial team contacts PDF/A competence center c/o LurTech Europe GmbH Thomas Zellmann Kant str.

Software solution in the software-as-a-service (SaS) model for online meetings and Web conferencing solution catalogue in the SaS Forum receives growth in the area of online meetings and Web conferences. tevia online meeting 2.0 is a software as a service (SaS) solution for teleconferencing, Web conferencing, webinars or video conferences. The product received the innovation award IT the Initiative Mittelstand in the category of ‘Unified Communications’ 2009. Of the company’s customers include among others BMW, practitioners and Cision. SaS forum solution catalog – overview of German software-as-a-service (SaS) solutions target the solution catalog in the SaS Forum is to support users, which are offered in the software-as-a-service model of search software solutions. With software-as-a-service (SaS) applications are not locally on the computer or to the company network installed, but used over the Internet. Typically, Internet access and an appropriate Internet browser enough to use. For operation and maintenance of the SaS provider is responsible.

Pricing is dependent on use. In the solution Gallery of the SaS Forum there since mid-2007, are now more than 150 applications from the various applications available. The directory can be called on the Internet at anwendungen.html. Werner Grohmann, SaS-Forum

The essentials series: Tactics in optimizing virtual machine disk IOPS London, July 21, 2011 – realtime publishers, the leading provider of expert, third-party independent content for the IT market has issued a new e-book entitled “tactics in optimizing virtual machine disk IOPS”. Authored by IT expert Greg shields, the e-book covers vital information for any virtual IT environment, with a host of practices to fully achieve at optimized virtual machine. In his e-book, the author Greg Shields IT whose expertise spans 15 years and is a multiple recipient of Microsoft “Most Valuable Professional” award as well as VMware’s vExpert award comments: “disk optimization in virtual environments is absolutely a necessary activity. That optimization comes in many forms. “A proper design goes far in ensuring hardware is ready to support the IOPS demand of needy VMs. correctly configuring those VMs during operations represents another facet.” The free e-book is intended to show how a bad design combined with incorrect VM configurations can be detrimental to performance and hinder VM disk I / O. Thomas Doria, new business development manager at Diskeeper Corporation Europe comments: “this e-book is a vital tool for today’s IT consultant currently immersed in the field of virtualization.” “It gives IT admins to excellent overview and understanding of two major areas: poor practices that hinder VM disk IOPS and defining requirements for a VM disk optimization solution.” To download the new e-book click here about Diskeeper Corporation – Microsoft Gold partner innovators in performance and reliability technologies : CIOs, IT managers, and system administrators of global Fortune 1000 and Forbes 500 enterprises rely on Diskeeper performance software to provide unparalleled performance and reliability to their business laptops, desktops and servers. Diskeeper 2011 includes the breakthrough IntelliWrite fragmentation prevention technology.

V-locity 2.0 virtual platform disk optimizer for VMware ESX and Hyper-V eliminates the barriers to full virtual efficiency and maximum I/O performance on virtual server. Diskeeper Corporation further provides real time data protection and real time data recovery with undelete data recovery software (www.undelete.com). InvisiTasking technology enables any process to run completely invisibly in the background, fully tapping the power of otherwise unused idle resources (www.invisitasking.com). Media contact for immediate release contact: Dorian Culmer email: phone: + 44 (0) 1293-763-060

Consulting sees significant demand for enterprise-wide Bad Oeynhausen / 20.11.2008 – the Fachbereichsverantwortlichen can according to a recent survey by the consulting company coretelligence mainly the cross-enterprise business intelligence strategies get nothing. They fear to complex projects and also a loss of their independence. They are instructed, quite support because often lacked the former BI projects according to the necessary technical skills. coretelligence Managing Director Andreas Wang therefore advocates a rethinking in the business intelligence strategies of companies. This in particular the following aspects should be taken into account: company-wide coordinated approach by an agenda of BI: is very pragmatic describes the general business objectives, methods and implementation conditions. These include the programs, organization, professional applications and the governance requirements as well as the project management and the technical platform.

This requires that management, departments and IT managers at a table come to clarify their respective roles and find procedures to accommodate targeted each other accountable. Also the objectives and priorities of the business intelligence alignment are defined generally binding on the BI agenda. It is thus not only the strategic framework, but includes also the roadmap for the implementation process. The responsibilities between departments and IT are exactly to regulate: it applies to distribute the responsibility according to the principle of best literacy. This includes that IT builds an integrated, consolidated and harmonised data platform, while the departments more responsibility for the development of their applications, such as reporting, analysis, etc. take over. Thus business intelligence arises regarding the technical processing from the socket\”when a common BI platform is being developed and not different independent or isolated Island solutions are built. Competencies may not compete, but must cooperate: in fact a demand-oriented cooperation in much lesser extent takes place, resulting in one of the Central causes for the frequent criticism of the BI-realities. As is often observed, that is IT the topic on the flag written and projects regardless of the prioritized areas.

Calls for projects in project work show no impact of the crisis of HAMBURG the market monitor published by the Hamburg project Exchange today for the seventh time IT project business continues at a high level. In the eye of the trend observed in the last month falls: again increases the demand according to C++ experts for several months. This trend continues in October. Experts see the main reason that Microsoft at the beginning of 2008 has again definitely pronounced for C++. Decision makers would allow again the safety that this language is used in the long term.

The demand for experts with specialisation in the leading applications and programming languages – SAP J2EE/Java, C++, Oracle and SQL – which is regularly evaluated in the framework of the market monitor in October was lower than in September. Overall, however, the monthly project tenders for project work keep for several months with 1,400 projects per month at a consistently high level. Dr. Christiane road, founder of project work. sees a confirmation of their assumption that companies working with external resources, can react more flexibly in times of crisis and therefore not so fast are affected by cyclical fluctuations.

Who works more project-oriented, can cope much better with demand fluctuations. Such companies are our customers. They have learned to be flexible and access through project work experts, which then project wise use them. On sudden decline in orders, she must pay not idle people. And that’s a huge advantage over companies that little project-related work in times of crisis. This trust remains hardly on external resources.” Since 1 January 2007 specialization in one of the leading applications and programming SAP collects the data from all projects advertised on the platform for the client project work, require C#/.NET, Oracle, J2EE/Java, C++ and SQL. The data give an overview of the current market situation and reflect trends in the IT-freelancers market wider. About project work the project factory GmbH operates under a professional job market for companies and freelancers from the areas of IT, creation and consultancy. Contracting authorities publish their calls for projects on projektwerk.de and are looking for qualified experts. Contractor set their profiles and offers and apply for advertised projects use so the job market for the acquisition of contracts and jobs. Through continuous assistance and advice, the staff of project work secure the validity and quality of the selected profiles and tenders. Currently 1,000 project tenders will be published monthly, daily informed of the 30,000 members. The contact between the contractor and the contracting authority is carried out quickly and easily – usually within a few hours. Project work was established in 1999 and is firmly established in the market of flexible work as a platform for the efficient allocation and acquisition of orders. Press contact: Cream communication Anne Bettina Jager Bernstorffstrasse 120 D-22767 Hamburg Tel: + 49 (0) 40 43 17 91-26 fax: + 49 (0) 40 43 17 91-27 E-Mail:

Impressive year in review and large plans of Karlsruhe, January 15, 2009 Update4u Software AG, provider of software for IT service management, is planning an expansion of its activities in the European and American software market for the new year. It has laid the foundations for this already in the past 12 months: the product portfolio was condensed, attractive cooperation closed, and many new employees hired. The Update4u Software AG has grown to about 60 employees. Parallel to this rose also gross profit compared to the previous year by 80%. A share of it many new clients, such as Carl Zeiss, rose had certainly technology, Knorr brake or Wincor Nixdorf international. Also the relationships were expanded 2008 insurance to large customers such as Deutsche Bahn or R & V.

The fact that Update4u worldwide certification received the sought-after ITIL V3 as one of the first companies, contributed to a strengthening of the market position. Even though or just because – it comes to the mood in the Economy currently to the best stands, we can observe an increasing demand for IT services management solutions”, says Herbert Uhl, Update4u Board of Directors. Especially when money is tight, the company faced the challenge, to control business processes, automate and control, as well as to create transparency of budgets and costs. We help our customers to solve this problem.” Offers innovative IT service catalog, licensing and asset management as well as service desk Update4u is pioneering in the field of IT service management. Against this background it dares to healthy growth for the year 2009, as well as an expansion in the European and American markets. Here are to expect positive impulses through the participation of the Asseco group at Update4u, as well as partnerships with SoftwareONE and matrix42 said Uhl.

Vikora presents the LEGALXPRESS product family from the House of most-SoFT systems and shows how in the future can be kept towards the post himself. Berlin, January 19, 2009 on the Web is no one sure whether the communications remain confidential or will read \”by unauthorized third parties\”, it says in a recently published paper of the Federal Ministry of the Interior. For this reason, business correspondence is still via mail and fax is done apart from the non-binding communication by E-Mail in most cases. Here, the time is now ripe to overcome these shortcomings and weaknesses of Web-based communication. Under the motto \”communicate securely, save costs, operate more efficiently\” competence network Vikora at the CeBIT presents 2009 for the first time from the home, the new product family, LEGALXPRESS AM-SoFT systems. LEGALXPRESS is the universal solution for secure and legally binding communications over the Internet. Initially started as a lawyer portal, offers LEGALXPRESS immediately tailored solutions and modules with which not only Prosecutor, justice and administration, but also banks, associations and companies can communicate securely electronically. With LEGALXPRESS, sharing of data via the Internet is protected against unauthorized access by third parties.

In addition, the sender receives a proof of delivery – just like in a registered letter with acknowledgment of receipt of messages and documents. LEGALXPRESS protects against manipulation by an electronic signature process electronically sent written statements, i.e. it get the files that were sent electronically. Subsequently made changes to the electronically delivered document can be detected by comparing it with the original on the server. At the same time, LEGALXPRESS offers a wide range of signature solutions to legally sign and securely archive electronic documents. The LEGALXPRESS client communication is particularly interesting for lawyers. Thus a comfortable and discreet lawyers can your clients on the firm website Grant access to the electronic record of the hand while they at any time and anywhere have access to the correspondence through the reference-based communication management with all clients.

BitDefender discovers new variant of Palevo pest lures with fake pictures download Holzwickede, 04th may 2010 Palevo is back and the youngest member of the worm family acts more aggressive depending on the. Antivirus BitDefender (www.bitdefender.de) expert has found out that Cybercriminals have sent a wave of auto-generated instant messages on the journey in the past few days. The unsolicited message shows a grinning smiley face and a link that supposedly directs the user to a personal photo or a whole gallery. Instead of an image, the victim Worm.P2P.Palveo.DP receives a worm that opens a back door to foreign PCs to remote attackers. A download window, can be downloaded in a .jpg file appears after clicking on the link in the Instant Messenger. The user pressed the download, Palevo.DP on the machine injects. On an unprotected system, the worm is a real mess.

First, he created several hidden files in the Windows folder with the names mds.sys, mdt.sys, winbrd.jpg and infocard.exe. Then changed some registry keys Palevo.DP and overrides to the local firewall of the operating system. Like his brothers and sisters”Palevo.DP contains a backdoor component, which allows attackers from the outside to gain control of the attacked computer criminals can install more malicious software in this way, for start unnoticed new spam campaigns and to attack other systems with malware. The Palevo family is also able to steal passwords and other sensitive data are stored in Mozilla Firefox or Microsoft Internet Explorer. The use of E-banking or online shopping services is thus particularly risky. The spreading mechanism includes also the infection by shared network folders and removable media. Here, the worm via the Autorun feature in Windows is activated. Palevo worms spread also through peer-2-peer platforms such as Ares, BearShare, iMesh, Kazaa, DC ++, eMule and LimeWire, Shareza by them their code in there inject shared files.

We recommend that users of instant messaging services, to be extremely cautious and not blindly click on unknown links. Each user should review links in advance well and make sure that they do not refer to malicious websites”, Catalin Cosoi, BitDefender senior advises researcher. Palevo is very aggressive. Shortly after the outbreak we have infection rates by 500 percent and more per hour for countries such as Romania, the Mongolia and Indonesia registered.” Security software from BitDefender reliably detects all Palevo variants and block the worm. More information under:. About BitDefender BitDefender is software developer, one of the industry’s fastest and most efficient product lines internationally certified security software. Since the founding of the company in 2001, BitDefender has set new standards in the field of proactive protection against threats from the Internet. Every day, BitDefender protects tens of millions of private and business clients around the Globe and gives them the good feeling that your digital life is safe. BitDefender sells its security solutions in more than 100 countries through a global VAD and reseller network. More detailed information about BitDefender and BitDefender products are available in the press centre online. In addition, BitDefender provides background information and current news in the daily fight against threats from the Internet, in English at. Press contact: BitDefender GmbH Robert-Bosch-str. 2 D-59439 Holzwickede contact person: Hans-Peter Lange PR Manager Tel.: + 49 (0) 2301 9184-330 fax: + 49 (0) 2301 9184-499 email: PR Agency: Sprengel & Partner GmbH nesting first race 3 D-56472 Nisterau contact: Fabian Sprengel Tel.: + 49 (0) 2661 91260-0 E-Mail: