Home / Security / Are You Selling Fear or Solutions? 
Security
Aug
24
2007
Are You Selling Fear or Solutions?
Written by Steve Burge   
Avatar

We received an email this morning from Phil-Taylor.com listing security holes in various Joomla components.

I have an awful lot of respect for Phil and his work developing Mambo and now his components. However, I think the tone of the latest email could have been improved. People are understandably jumpy when it comes to security and I think he could have done a better job of pointing people towards freely available solutions rather than to his new security site.

There have always been third-party components with vulnerabilities and I've not seen any evidence that security exploits are increasing. What may be increasing is the number of hacker attacks. Some major Joomla sites are being attacked every 60-90 seconds. However, thats not much different from a computer plugged in to the internet.

Its not that difficult to secure your site. Here's how...

Where to get started with Joomla Security

What to do if you use an extension on Phil Taylor's list?

How to Recover from ANY hack

 

Read more articles by this author:

Comments  

 
#1 Fabien Lanselle 2007-08-24 10:21
Hello Steve,
a security release is available on our website for NeoRecruit. I'm also very disappointed by this kind of communication...
It's not fair at all to send this kind of message without contacting directly the project team... :sad:
Quote
 
 
#2 Judy 2007-08-24 12:09
I tried HISA on 1.0.13 and had too many error message. Is there an update for HISA in the works?
Quote
 
 
#3 DART Creations 2007-08-24 12:31
I agree a 100% that this is not the way that things should be done. Personally, I am quite concerned about security, and try to keep abreast with all security information coming out from many sources.

An idea I've been contemplating is the setting up of a 3rd Part QA team as part of the Joomla core team, which would have the responsibility of doing a QA on certain components thus approving them as "mostly secure".

If not, maybe a Dev/QA process should be developed such that only components who comply to this process, and basic security standards would be accepted as "Joomla approved" extensions.

This would be a major step in ensuring that Joomla is not perceived as an easily hackable CMS...
Quote
 
 
#4 Amy Stephen 2007-08-25 10:35
Agreed. Enough of this type of blogging. Sadly, this is not the first time, either. Mysteriously, many of these incorrect blogs just disappear after the initial flurry of panic ensues.

We should all help - diagnose problems - submit patches, if we have the talent - get it communicated properly. But, no more standing on the front porch of your blog letting Google alerts carry what frequently turns out to be FALSE information to the unsuspecting masses. Such DRAMA! And, for what goal? To sell your security services at the expense of someone else's reputation? NO MORE!

I was here looking for a link and am so glad I stopped by.
Quote
 
 
#5 Brian Teeman 2007-08-26 05:17
Judy a new version of HISA that supports 1.0.13 is now available
Quote
 
 
#6 Frank 2007-08-26 12:34
... how annoying his emails are. It is only to support his business - which is not wrong basically - but he, the godfather of all joomla and mambo and should be more careful with announcements.
Quote
 
 
#7 Shaifful 2007-10-24 19:20
Hi Steve, I have download your sample of the htaccess files, but when i open it nothing showing up - nada, empty.
Can you give another sample for download?

Thanks
Quote
 
 
#8 Steve Burge 2007-10-24 19:35
Hi Shaifful

The link works for me here. Try www.alledia.com/htaccesscopy.zip
Quote
 
 
#9 Bill Andre 2007-12-11 14:57
Hi and thanks for the interesting post.

When I try to download the sample .htaccess file, it is coming up blank for me too.
Quote
 

Add comment


Security code
Refresh