BuzzMoo.com

I keep forgetting to mention that I’m slowly producing a series of simple video tutorials for Joomla 1.5. They’re for CASE (since we’re all about Joomla these days) and all available on the CASE Youtube channel.

If you’re running Joomla on any of your websites be aware that there is a major security update available. This update will protect your site from a range of exploits discovered in the current verson of Joomla. From the security mailing list:

[20090302] – Core – com_content XSS
Posted: 25 Mar 2009 10:08 AM PDT
Project: Joomla!
SubProject: com_content
Severity: Low
Versions: 1.5.9 and all previous 1.5 releases
Exploit type: XSS
Reported Date: 2009-March-12
Fixed Date: 2009-March-27
Description

A XSS vulnerability exists in the category view of com_content.

Affected Installs:

All 1.5.x installs prior to and including 1.5.9 are affected.

Solution:

Upgrade to latest Joomla! version (1.5.10 or newer).

[20090301] – Core – Multiple XSS/CSRF
Posted: 25 Mar 2009 10:02 AM PDT
Project: Joomla!
SubProject: Multiple
Severity: Moderate
Versions: 1.5.9 and all previous 1.5 releases
Exploit type: XSS and CSRV
Reported Date: 2009-February-15
Fixed Date: 2009-March-27
Description:

A series of XSS and CSRF faults exist in the administrator application.  Affected administrator components include com_admin, com_media, com_search.  Both com_admin and com_search contain XSS vulnerabilities, and com_media contains 2 CSRF vulnerabilities.

Affected Installs:

All 1.5.x installs prior to and including 1.5.9 are affected.  The com_search XSS vulnerability requires that “Gather Search Statistics” be enabled to be exploitable (Disabled by default).

Solution:

Upgrade to latest Joomla! version (1.5.10 or newer).

There’s a golden rule when it comes to content. If you’re doing a series, have a few episodes complete before going to air so that you have a buffer. That was the plan and of course we haven’t followed it. So I’m pleased to replease Computing Assistance Support & Education Podcast Episode 2!

In this episode Amanda and I talk about web Content Management Systems, specifically Joomla. This podcast gives a brief introduction to what a CMS is, what the popular ones are, and how Joomla can help you and your organisation.

Click here to go to the CASE Podcast page to listen in!

Yesterday I flew down to Melbourne (managing to make my day trip for the city’s hottest day, ever!) for Joomla Day ‘09, hosted by the Melbourne Joomla User’s Group, at Melbourne University.

The day was well balanced and very valuable. The audience of around sixty comprised of people who had never used Joomla before, to seasoned gurus, and everyone in between. For the uninitiated, the first hour was used to show how quickly and easily Joomla can be set up in a variety of environments. A very thoughtful suggestion from Raoul Callaghan for people who don’t have their own web hosting account was to use JumpBox, a virtualisation package that allows for a nearly instant install of Joomla for you to play with! Being told about JoomlaPack, a Joomla backup and migration tool, probably made my day! CASE is always looking for handy tools to make things easier, and JoomlaPack looks to be one of them.

The day moved onto discussions about templating, general design and then security. A tip from Nick Sibbing has three big ticks and a star next to it in my notepad, and that is putting ?tp=i after a URL to reveal location and name of each Joomla module – no more hunting! Potentially the most shocking number of the day was that despite millions of downloads of Joomla, only a few tens of thousands of people have subscribed to the Secuity Alert email service. If you run Joomla but aren’t subscribed, do it now!

During the day there were two other  pieces of software shown off, all Joomla friendly of course. OpenFreeway, an Open Source e-Commerce solution, I think, shows great potential. I would be very nervous using a FOSS e-commerce solution (especially if credit cards are envolved) but a note the FreeWay people made was that, unlike any other in it’s class, will be PA-DSS certified (that is, appoved by the credit card companies). So, FreeWay holds potential for small business and not for profits that previously couldn’t afford to take their commerce online! Then, in a global launch, the guys from Zac Ware revealed Jentla, the world’s first Joomla Enterprise Layer. This could be an exciting development for CASE, because it allows you to administer up to a thousand different Joomla sites from one point. This means security updates, rolling out new extensions network wide and things of that nature may have just become a lot, lot easier.

This is just a taste of what took place during the day and I can highly reccomend that anybody interested in Joomla to attend the next one, well worth the trip!