Computing Assistance Support & Education Inc – CASE Notes

If you’re running Joomla on any of your websites be aware that there is a major security update available. This update will protect your site from a range of exploits discovered in the current verson of Joomla. From the security mailing list:

[20090302] – Core – com_content XSS
Posted: 25 Mar 2009 10:08 AM PDT
Project: Joomla!
SubProject: com_content
Severity: Low
Versions: 1.5.9 and all previous 1.5 releases
Exploit type: XSS
Reported Date: 2009-March-12
Fixed Date: 2009-March-27
Description

A XSS vulnerability exists in the category view of com_content.

Affected Installs:

All 1.5.x installs prior to and including 1.5.9 are affected.

Solution:

Upgrade to latest Joomla! version (1.5.10 or newer).

[20090301] – Core – Multiple XSS/CSRF
Posted: 25 Mar 2009 10:02 AM PDT
Project: Joomla!
SubProject: Multiple
Severity: Moderate
Versions: 1.5.9 and all previous 1.5 releases
Exploit type: XSS and CSRV
Reported Date: 2009-February-15
Fixed Date: 2009-March-27
Description:

A series of XSS and CSRF faults exist in the administrator application.  Affected administrator components include com_admin, com_media, com_search.  Both com_admin and com_search contain XSS vulnerabilities, and com_media contains 2 CSRF vulnerabilities.

Affected Installs:

All 1.5.x installs prior to and including 1.5.9 are affected.  The com_search XSS vulnerability requires that “Gather Search Statistics” be enabled to be exploitable (Disabled by default).

Solution:

Upgrade to latest Joomla! version (1.5.10 or newer).

In this tutorial you are show how to install a template into Joomla 1.5.

So if you’re running Joomla or thinking about running Joomla, you might want to check out this humorous page over at the official Joomla documentation Wiki. It lists the top ten terrible things you could do while using Joomla, and how to avoid doing them. If you are guilty of doing any one of the ten, you need to change the way you do things!

Three of my favourites are:

4. Trust third-party extensions.
7. Use the same username and password for everything.
9. Don’t waste time with regular backups.

Click here to check out the whole list.

In this latest CASE video tutorial you are shown where to find the login page for the Joomla! administrator’s area. Once you’ve found it, bookmark it!

At CASE we’ve just begun to produce a series of free, online, video tutorials that address issues with software that our member organisations use to do their job. Starting with the web content management system Joomla! we plan to release a host of videos that teach the simple (and the not so simple!) lessons that we’ve learned over the years. To start off with, logging into Joomla 1.5:

The Sydney Morning Herald is reporting that

“The national competition watchdog has read the riot act to the nation’s telephone companies, telling an industry conference that the overall poor level of consumer service remains unacceptable. Addressing the Australian Telecommunications Users Group annual conference today, the chairman of the Australian Competition and Consumer Commission, Graeme Samuel, ordered the industry to lift its game or face the commission’s wrath – backed up by beefed-up consumer protection laws set to come into effect next year.”

$1m fine threat waved at shoddy telcos | smh.com.au

The ACCC could be in a position to place fines of up to $1million on Telcos that aren’t up to scratch. With over 4000 complaints a year, this sounds like a step in the right direction…

We’re pleased to release the second episode in our podcast series. In this episode Sam and Amanda talk about web Content Management Systems, specifically Joomla. This podcast gives a brief introduction to what a CMS is, what the popular ones are, and how Joomla can help you and your organisation.

Click here to go to the Podcast page to listen in!