Before attempting to create a group please see Manual Group Creation
login not working?
If you have problems logging in after registering, please visit http://forum.joomla.org/viewforum.php?f=576 and post there.
Helpful Tip: Ensure that your products are GPL and Trademark Compliant to maintain your Fan Club, Likewise for JUG Groups. Request assistance in the Forum
Site Security Discussions (non-official)
Group Options
Admins
Members
Photo Albums
No album created yet.
Videos
There are no videos added yet
Group Information
Category:
Name:
Site Security Discussions (non-official)
Created:
Thursday, 13 May 2010
Creator:
Description
Links to videos, sites or methods showing how to hacking, exploit or deface are not permitted.
Any posts will be deleted or edited and person doing so will receive a warning or suspension.
Announcements
No bulletin added yet
Discussions
Changing jos_ prefix.... as per mention by Brian Teenman is one I play with on j1.5 site owners requesting beefy security.
http://brian.teeman.net/tips-and-tricks/joomla-security-jos.html
I've run into issues, however, with certain pay for components (cough cough 'ambra' and pals) that don't play nice when you change jos_
If this is of security interest to you, I'd suggest trying it out on a dev area and making sure all the ducks are swimming nicely before going live with it.
Nice fat Cisco hardware firewall makes me less neurotic...just a tad. ;)
Links to videos, sites or methods showing how to hacking, exploit or deface are not permitted!!
Oooops... sorry folks. But it seems interresting to see how hackers go around & hack us easily .
Wall
The mean old minions were busy again in October, eh? I just stumbled across a really old version of Khepri, the admin template, along with some other oddities (j1.0 files) in the front end template folder of a j1.5.20 site. Being I've read this week about XSS goings ons in gantry core, jomsocial, and jcore prior to 1.5.21...I guess that means there's going to be more re-building happening. If any of you use RSFirewall to keep your clients from messing up their sites (lol) they've actually beefed up their offerings and built in a XSS scanner...I've yet to try it out, but sounds cool... :) :P Hasta la Joomla!
561 days ago
Does anyone know if it is possible to upload just files? Like PDF's? or is it just images and video's
697 days ago
New Linux Kernel 2.6.24 is now available. Some security fixes in place.
Beat on Wednesday, 26 May 2010 07:30Tom Canavan on Wednesday, 26 May 2010 07:45
Beat on Wednesday, 26 May 2010 07:30Thank you Tom, but Linux kernel updates have their own notification channels through the distributions, so not sure if we want those notifications also in here. Each Linux distro has its own upgrade path, and there are frequent upgrades. Not speaking of Windows, Apache, and so on... So not sure what this group should be about. If it's to give warnings of kernel upgrades, I'm out of it. Maybe if it's as an alert list, it should be added to description? (not voting for that, but respecting a community decision)
Tom Canavan on Wednesday, 26 May 2010 07:45I felt it was good security info - I'll stick to offering security info through my website.
Thanks for the comment Beat.
720 days ago
I have a local meetup group here in Texas dedicated to Information Security. Microsoft gave a great security briefing, last night and provided the presentation.
It was VERY educational.
Its available for download on my site.
It was VERY educational.
Its available for download on my site.
720 days ago
The self promotional advertising has been been removed from posts on this wall. Please refrain from spamming topical discussion groups with self promotion. Fan Clubs are designated as appropriate areas to advertise your products and services to your fans.
722 days ago
Happens to the best of them : IBM issues infected USB keys at AusCERT conference : http://www.brisbanetimes.com.au/technology/security/ibm-distributes-virusladen-usb-keys-at-security-conference-20100521-w1gv.html
mandville on Monday, 24 May 2010 03:20
mandville on Monday, 24 May 2010 03:20probably old usb sticks... i received one from a promotion the other day that was 256meg!
723 days ago
Trusted Advisers and Cyber security - ***X-Link Removed-X***
Russ Winter on Sunday, 23 May 2010 00:22Tom Canavan on Sunday, 23 May 2010 07:24Tom Canavan on Sunday, 23 May 2010 08:37
Brian Teeman on Sunday, 23 May 2010 18:10Tom Canavan on Monday, 24 May 2010 06:41Brian Teeman on Monday, 24 May 2010 15:37Tom Canavan on Wednesday, 26 May 2010 07:13
Russ Winter on Sunday, 23 May 2010 00:22Tom, a comment on quite why you posted this link, would be of immense interest.
I went there, thinking it can't be too bad, Tom has recommended it <shrug>! Not really interested in another security service but might be worth a look...
A little bit of an oddly laid-out site struck me first when I moved away to the "About Us", but professional looking enough.... However, there is no where that states actually who they are or are affiliated with? What makes their information/alerts valid?
Looks and feels like one of those out of hours callers asking me to give my credit card details on the phone.
Why should I trust their information for a subscription, more than anyone else that I already have free access or subscribe to...?
THEN the next thing I see is a bunch of advertising scrolling across the top of the page, a themes site link and and "powered by" link at the bottom, at that point I stopped looking, unprofessional and certainly didn't obtain my trust particularly quickly, considering the industry they are touting, Security....
Tom Canavan on Sunday, 23 May 2010 07:24Interesting observations -the ticker runs with alerts when they are fresh -but - when they become dated, they are removed. So it updates fairly frequently.
Tom Canavan on Sunday, 23 May 2010 08:37Sorry - hit send too quickly! :) Yes - updated vulnerabilities can be obtain for free -however, with SalvusAlerting the system gathers them and alerts you. Rather than digging through the hundreds produced weekly - Thus within minutes of a published vulnerability on any number of sources, the system picks it up -and alerts you. When it comes to hackers, time is not on your side.
FWIW - SalvusAlert is my company - hopefully that helps everyone understand the background. :)
thanks Russ for the comments - I added a recent (sunday AM) ALERT that was sent out on the home page.
Please PM if any questions - thank you
Brian Teeman on Sunday, 23 May 2010 18:10Might have been better and more honest if you had stated up front that the site you were linking to was your own commercial service and was posted as an advert
Tom Canavan on Monday, 24 May 2010 06:41Can't win with J! either way - if you self promote - you're chastised. If You promote your blog.. :)
Guess - agree or disagree is a good principle, in this event wouldn't you say?
Brian Teeman on Monday, 24 May 2010 15:37Bit of a difference though as the blog is a) under my name so can there be no confusion and b) 100% commercial and advert free ;)
Tom Canavan on Wednesday, 26 May 2010 07:13Yep - Difference between US and UK I suppose - Thanks for the comment.
724 days ago
Two vulnerabilities (important ones) in the RedHat kernel today
Vicky Thomas on Thursday, 20 May 2010 05:58mandville on Friday, 21 May 2010 17:03Vicky Thomas on Saturday, 22 May 2010 15:51
Vicky Thomas on Thursday, 20 May 2010 05:58Is there someplace I can go to see the details? I don't see anything at joomla vulnerabilites list. Sorry for my ignorance here, just not sure.
mandville on Friday, 21 May 2010 17:03RedHat is not a joomla extension, it is actual server software. try this websit http://www.linuxsecurity.com/
Vicky Thomas on Saturday, 22 May 2010 15:51Oops, I think I knew that. So sorry. Thanks for the nice note @mandville.
727 days ago
Tom Canavans's book - Joomla! web security has been translated into Polish. English version available here: ***X-Link Removed-X*** -- Not sure how to find Polish version. :(
727 days ago
posting links to malware sites or exploit sites will result in harsh treatment
730 days ago