We are seeing an increasing number of forum posts stating that a site maintainer has had their or their clients sites hacked and they are unable to update from joomla 1.5 due to either custom designed components or not having a budget to do their upgrade.
Leaving aside the dangers of custom component design, not upgrading a site and leaving it open to security risks due to not having the budget is no excuse for a site maintainer with morals.
Names changed to protect the embarrassed!
Pretty soon certain people are going to stop meeting me for lunch. some of you may remember the last time i met up with friend E for lunch. this time we did it again, with similar, disaster results.
Traveling to Portsmouth we knew it was going to go wrong when Friend "E" said she had taken the wrong turn towards Portsmouth and transporting friend "M" ended up the wrong side. Then she couldn't find a suitable space in the car park so just dumped the car where she could.
Recently it has become apparent that companies are taking a very impersonal approach to employment requirements. They are becomng possibly nervous over the Right to work act and not falling foul of the immigration act.
Here is a transcript of a recent over the top email chain where the RTW act is overplayed and does not allow any leeway. Bolds added by me for highighting.
Taken from ebay advert no number available. looks like late 70 van 14/2
My wonderful caravan is available for someone else to enjoy as I no longer have a car to tow it with and it's just sat on my Dads drive way. It has been brilliant for festivals/holidays. It is a 1982 make 'Robin' and has it's original radiator, oven, grill, hobs, sink, and fridge, ye olde cassette deck and other features.
Before the new conference season starts its time to get the rant out of the way. For years i have been asked if i am attending certain conferences. its nice to be invited to go to a conference, or even select the ones i am interested in and can actually afford to go to but here are the main reasons i dont go to conferences.
chronoforms and other chronoengine extensions
developer's site was infected with malware, but is now reviewed as "safe" according to Google transparency report.
The VEL do not know of any recent reports of vulnerabilities in the extensions themselves....
Stored XSS and SQL Injection in SecurityCheck and SecurityCheck Pro Vulnerable Versions: 2.8.9 (possibly below)
resolution: update to version 2.8.10
Using a quick start package may be the quickest way to get a fully set up , add your content site. but are you aware of the dangers.
we tested several quick starts from major providers ranging from Template developers and extension developers who include a ready to go version of Joomla.
We found that there were varying degrees of insecurities. None of these packages are plug/play/forget.
after35 minutes on friday in the musical roundabout, I Spoke to SIA after 28 minutes on hold, who despite saying they couldn't speak to me as I personally didn't do the online application, admitted that the letter they should have sent me on the 17th May wasn't actually sent.
We just released Komento 2.0.7 to address a security issue where a remote attacker may be able to launch an xss attack in prior versions of Komento.