security – Gary Bell

April 6, 2016January 29, 2018

Joomla 3.5.1 released

Joomla has announced the release of their open source CMS system, version v3.5.1. The latest version fixes the following issues which were found in v3.5:

Fix root url sometimes returning empty in canonical URLs
Fix having to log in twice when user session expires
Some SMTP emails could no longer be sent due to a bug in the SMTP email server setup
Session restarts caused PHP Errors
Fix insertid() returning 0 for the PDO MySQL driver
Fix the Empty trash and unarchive button not existing for com_banners

March 28, 2016January 29, 2018

A little over a week ago, the Joomla! Project anounced the release of Joomla 3.5. The major advantage this has is that the widely used CMS has PHP7 support, allowing webmasters to upgrade their server installations and take advantage of the performance improvements that PHP7 brings.

The new version comes with an e-mail update plugin to allow site admins to know when there are patches and bug fixes; hopefully they will then patch their sites to the benefit of everyone.

A run down of the listed major changes are:

Continue reading “Joomla 3.5 Released”

March 16, 2016January 29, 2018

NEVER trust user input

I’ve had the joys recently of being part of a code audit for a potential client for a change or re-build of a system. The code in itself was complete textbook…of how not to code a system. It looked like it had been built long long ago when OO principles didn’t exist, and when no-one knew about security unless they were in that field. Certainly developers knew nothing about security.

Continue reading “NEVER trust user input”

March 9, 2016January 29, 2018

Perils of a shared hosting platform

Once again I’ve been inspired by a stack overflow question, and it made me think about issues of a shared hosting platform. You know the ones; the “host your site for £2.99 a month” sites. There’s nothing inherently wrong with it (I was using them for a long time until I decided I wanted my own server to play with, and still using one for a different project for the moment), but it brings its own risks. Some of those risks are to do with the infrastructure, others are with the people who are hosted on it.

Continue reading “Perils of a shared hosting platform”

March 5, 2016January 29, 2018

Developers still lack security know-how

Earlier this week I was looking into RESTFUL web services and how to create them, so I set myself a small project. The idea was to do something very basic, but that could be useful for someone rather than just a proof of concept. i had no real direction. With the news recently being about Apple locked in a battle with the FBI about whether or not they should be breaking their security for the FBI to access data on a particular iPhone, I started thinking about how much bad security I have seen in software applications over the years. From this, I decided to build a web service which would take a hash string, and provide the original string for that hash where possible.

Continue reading “Developers still lack security know-how”

September 26, 2015January 29, 2018

Fun with Firewalls

Firewalls are not fun. I’ve got to open with that statement as I’ve been doing a lot of work with firewalls in the past couple of weeks. It’s not been the most enjoyable of experiences, but I can see why it is needed.

Continue reading “Fun with Firewalls”

May 20, 2015January 29, 2018

Setting up your web server

I spend quite a lot of time on StackOverflow, both in terms of finding answers for something I need, and also for helping people out with their issues. One question I see quite a lot is around security permissions for creating files on the server. Usually these questions are for PHP, and as such I’m going to address this post as if PHP developers are sensible and deploy on a LAMP stack.

More often than not, I see the posts and they have something along the lines of the following:

I’ve set the permissions to 777 but it’s still not working

It makes me want to turn into the Hulk and smash things.

Continue reading “Setting up your web server”

May 19, 2015January 29, 2018

Keeping data secure

Following the news this week that South Wales Police have been hit with a fine of £160,000 for not reporting missing data for two years, I got thinking about the importance of keeping data secure.

The case itself is an extreme example of why you should keep data secure. You really don’t want evidence in a very serious case just going walk about. Beyond that, looking more towards home personal data, there are many good reasons of why you want data to be secure, and many ways of doing it.

Continue reading “Keeping data secure”