The Official CASE Blog

CASE President Darrell Burkey recently received certification as one of Australia’s newest GIAC certified trained computer security experts.

The Global Information Assurance Certification was founded in 1999 to validate the skills of information security professionals. The purpose of GIAC is to provide assurance that a certified individual has theknowledge and skills necessary for a practitioner in key areas of computer, information and software security.

Training for GIAC certifications is provdided by The SANS (SysAdmin,Audit, Network, Security) Institute which was established in 1989 as acooperative research and education organization.

Darrell stated, “Having the opportunity to be trained by top securityexperts who are at the front line of today’s most sophisticated
systems was both challenging and very rewarding. I can’t wait for the opportunity to continue training with SANS”.

CASE staff congratulate Darrell for a job well done.

If you’re running Joomla on any of your websites be aware that there is a major security update available. This update will protect your site from a range of exploits discovered in the current verson of Joomla. From the security mailing list:

[20090302] – Core – com_content XSS
Posted: 25 Mar 2009 10:08 AM PDT
Project: Joomla!
SubProject: com_content
Severity: Low
Versions: 1.5.9 and all previous 1.5 releases
Exploit type: XSS
Reported Date: 2009-March-12
Fixed Date: 2009-March-27
Description

A XSS vulnerability exists in the category view of com_content.

Affected Installs:

All 1.5.x installs prior to and including 1.5.9 are affected.

Solution:

Upgrade to latest Joomla! version (1.5.10 or newer).

[20090301] – Core – Multiple XSS/CSRF
Posted: 25 Mar 2009 10:02 AM PDT
Project: Joomla!
SubProject: Multiple
Severity: Moderate
Versions: 1.5.9 and all previous 1.5 releases
Exploit type: XSS and CSRV
Reported Date: 2009-February-15
Fixed Date: 2009-March-27
Description:

A series of XSS and CSRF faults exist in the administrator application.  Affected administrator components include com_admin, com_media, com_search.  Both com_admin and com_search contain XSS vulnerabilities, and com_media contains 2 CSRF vulnerabilities.

Affected Installs:

All 1.5.x installs prior to and including 1.5.9 are affected.  The com_search XSS vulnerability requires that “Gather Search Statistics” be enabled to be exploitable (Disabled by default).

Solution:

Upgrade to latest Joomla! version (1.5.10 or newer).

Yesterday I flew down to Melbourne (managing to make my day trip for the city’s hottest day, ever!) for Joomla Day ’09, hosted by the Melbourne Joomla User’s Group, at Melbourne University.

The day was well balanced and very valuable. The audience of around sixty comprised of people who had never used Joomla before, to seasoned gurus, and everyone in between. For the uninitiated, the first hour was used to show how quickly and easily Joomla can be set up in a variety of environments. A very thoughtful suggestion from Raoul Callaghan for people who don’t have their own web hosting account was to use JumpBox, a virtualisation package that allows for a nearly instant install of Joomla for you to play with! Being told about JoomlaPack, a Joomla backup and migration tool, probably made my day! CASE is always looking for handy tools to make things easier, and JoomlaPack looks to be one of them.

The day moved onto discussions about templating, general design and then security….

Read the rest of this entry »