Joomla! How-To's: Security

Good day,

Waaaaaay back in January, I took the time in this column to discuss with you the concept and need to patch your site. Since that article was written till now (May 16, 2010) there has been about 180 report vulnerabilities for Joomla extensions. And some number of them for the Joomla core (to be fair only a few).

Given that you might be using one of these, its important to revisit this highly important topic.

Today's security topic is inspired by a recent exercise I went through - testing a server for PCI compliance. For those who are not aware PCI is a security standard for accepting credit cards.

According the website for PCI they state their mission as follows:

"The PCI Security Standards Council’s mission is to enhance payment account data security by driving education and awareness of the PCI Security Standards. The organization was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc."

"Congressional Web Site Defacements Follow the State of the Union"
- Praetorian Prefect

An interesting problem that we as the US have is our denial of Cyberwar. While this post isn't exactly about that, it's close. Last Wednesday night during or after the President's State of the Union Address, several congressional websites were hacked by Red Eye Crew. Why is this of interest? According to Praetorian Prefect, they were all running Joomla!

Happy New Year - How's your patches?

It's about the middle of January of 2010 and in the news, Google was hacked by unknown's from China and Google is considering a few options, including a complete pull out of China. A large search engine in China (not Google) was defaced by the Iranian cyber thugs, Adobe was appartently targeted in the same attack as Google. And in other news the new BREECH report came out from the ITRC showing that overall while breeches were lower than the year before, the number of exposed records was higher. And as I write this article, this just came across my desk:

"Hackers have stolen the login credentials for more than 8,300 customers of New York's Suffolk County National Bank after breaching its security and accessing a server that hosted its online banking system. "
source: http://www.theregister.co.uk/2010/01/12/bank_server_breached/

What does this have to do with your Joomla site? Everything. Today I am discussing patching and patch management with you. For the purpose of this article I am going to refer to my personal favorite work on patching from ProjectQuant - Measuring and Optimizing Patch Management: an Open Model. A must read in my opinion.

On 12/17/2008 around 7:00 PM EST , Twitter.com was hacked by a group claiming to be the Iranian Cyber Army. The actual attack was a DNS Hijacking (or DNS Poisoning) that resulted in Twitter Users being directed to a page of their choosing. In this example here is what they posted:

This old school defacement actually was conducted by 'hijacking' the sites DNS - how they accomplished this is still unknown, the fact is they did. What exactly is a DNS Poisoning or Hijacking?