Archive for: October, 2012

rfp-robotRFP ROBOT: Website Request for Proposal Generator

The time has come for a new website (or website redesign), which means you need to write a website request for proposal or web RFP. A Google search produces a few examples, but they vary wildly and don’t seem to speak really to your goals for developing or redesigning a new website. You need to write a website RFP that will clearly articulate your needs and generate responses from the best website designers and developers out there. But how?

Have no fear, RFP Robot is here. He will walk you through a step-by-step process to help you work through the details of your project and create a PDF formatted website design RFP that will provide the information vendors need to write an accurate bid. RFP Robot will tell you what info you should include, point out pitfalls, and give examples.

SA-CORE-2012-003 – Drupal core – Arbitrary PHP code execution and Information disclosure

Advisory ID: DRUPAL-SA-CORE-2012-003 Project: Drupal core Version: 7.x Date: 2012-October-17 Security risk: Highly critical Exploitable from: Remote Vulnerability: Information Disclosure, Arbitrary PHP code execution Description Multiple vulnerabilities were discovered in Drupal core. Arbitrary PHP code execution A bug in the installer code was identified that allows an attacker to re-install Drupal using an external database server under certain transient conditions. This could allow the attacker to execute arbitrary PHP code on the original server. This vulnerability is mitigated by the fact that the re-installation can only be successful if the site’s settings.php file or sites directories are writeable by or owned by the webserver user. Configuring the Drupal installation to be owned by a different user than the webserver user (and not to be writeable by the webserver user) is a recommended security best practice. However, in all cases the transient conditions expose information to an attacker who accesses install.php,…

Read More →

Texas State Teachers Association

For more than 130 years, the Texas State Teachers Association has been working to empower public education. Their estimated 3.2 million members have worked continuously to protect public education employees, cultivate student knowledge and improve the future of public education in Texas. Over the years, the TSTA has been instrumental in a number of legislative measures such as child labor laws, mandatory schooling, civil rights, statewide teacher salaries, the Teacher Retirement system and more. But, at over 10 years old, the site no longer reflected TSTA’s legislative stature or conveyed a strong interactive presence. And while educational reform was quickly becoming a hot-bed issue in the legislature, the TSTA needed a tool to help them revitalize their look and dominate the educational stratosphere.

Back to Top