A recently published issue with a Security Auditor has highlighted just how much potential there is for the worst to happen when information is requested by someone with a level of authority. In this particular case, the person being asked for the information had the sense to challenge the request, but it's easy to believe that many others would have simply attempted to comply.

The Security Auditor in question was insisting that the following be provided;

• A list of current user-names and plain-text passwords for all user accounts on all servers

• A list of all password changes for the past six months, again in plain-text

• A list of “every file added to the server from remote devices” in the past six months

• The public and private keys of an SSH keys

• An email sent to him every time a user changes their password, containing the plain-text password.

It should be pretty clear to most that this presents a huge security issue, but faced with a Payment Card Industry (PCI) Auditor making the request, how many would simply assume that he “must know what he's doing”?

A recent study has discovered that users do not consider data security to be very important. More accurately, they do not fully understand the potential implications of data loss, and so focus their concern on other more trivial matters.

The Internet Security landscape is littered with the metaphorical bodies of those who routinely fall for the popular ruses perpetrated by malware authors, phishing scams and 419'ers. Much of the badware out there is reliant on convincing the target (or mark) to undertake some type of action, education is therefore a very important weapon in the fight against 'cybercrime'.

The 411 scam is generally known to most of the world as Advance-fee fraud, or a 419 Scam. Traditionally 419 scams originate from Nigeria, and the name refers to the section under the Nigerian criminal code that such a crime applies to. Quite when the term 411 scam became popular is unclear, but the American Dialect society has traced the term '419 Fraud' back to 1992.

That moment of panic ...things start happening that you can't explain ... aliens have invaded your pc?  More likely you have a virus or spyware on your computer!  The sooner you take action when you think there is something "weird" going on, the higher probability that you will not sustain major data loss or other nasties such as identity theft.

We are often approached, as are many Joomla! developers, by those unfortunate enough to have their websites exploited for one reason or another, asking us to fix the immediate problem and also secure their site against future attacks.  Needless to say this can be quite costly, not ownly in our fees but also in terms of business downtime and potential loss of clients visiting your sites, and loss of confidence (particularly with Ecommerce sites).  Here are some basic tips to help you secure your site and prevent this happening in the first place.

Are you sick of receiving spam submissions on your Joomla! website forms?  Do you have spam bots sign up for accounts and post on your forums?  There are several options available to you nowadays to work against these pesky spammers!

NOTE: THIS ARTICLE HAS AN UPDATE AVAILABLE HERE

The number of people I see posting on forums asking for support on components who are running versions of Joomla! sometimes 4 or more versions out of date is really quite alarming - when I point out to them the error of their ways, often the first question is "Well how do I upgrade to the latest version?".  Hopefully this article should help clarify the process involved with installing the latest patches for Joomla! and help you stay up to date!

Joomla! docs has a full walk-through of this process, which is where most of the information in this article is from.