Onsight Data

The Joomla Project is pleased to announce the immediate availability of Joomla 1.5.7 [Wovusani]. This is a security release and contains a number of bug fixes, improvements as well as security fixes. It is strongly recommended that users immediately upgrade. It has been nearly four weeks since Joomla 1.5.6 was released on August 12, 2008. The Development Working Group's goal is to continue to provide regular, frequent updates to the Joomla community.

The Joomla! Project has released an advisory to address a password reset vulnerability in the Joomla! content management system. This vulnerability, which may allow non-validating tokens to be forged, is due to a flaw in the reset token validation mechanism. Exploitation of this vulnerability may allow an unauthenticated attacker to reset the password of the first enabled user, which is typically an administrator user.

US-CERT encourages users to review the Joomla! advisory and upgrade to version 1.5.6 (or newer) or apply the patch listed in the advisory.

Onsight Data has upgraded all clients websites running Joomla to 1.5.6.

From joomla.org 

This morning, Joomla.org was defaced a few hours after releasing our new design. This is not a new security issue, but only poor system administration practices on our part. When we updated our Web sites with the Joomla 1.5.6 security fix released yesterday, we simply forgot to update one of our small, non-public development sites.  

Now, we could offer many excuses why it was overlooked-we were focused on fixing this vulnerability, creating the packages, and getting the word out. But the truth is, there is no excuse. This is an obvious and sobering reminder to the Joomla Project that staying current with upgrades is the most important step towards protecting your Web site.   Nothing but good will come of this experience. There's nothing like first hand experience to remind us of the trust our end user community places in us and the importance of working harder and smarter towards improving security.  

 Please, upgrade to Joomla 1.5.6 now, if you have not already done so. In retrospect, we wish we'd followed our own advice more diligently.

http://www.parallels.com/en/news/id,14583

Renton, Wash., July 2, 2008 - Parallels today announced that its Parallels Automation solution now integrates with Secure64 DNS, giving service providers who use Parallels Automation the ability to easily manage Secure64 servers within their datacenters. Through the collaboration, Parallels Automation is able to offer a new option for service providers searching for secure and highly available DNS solution.

"The integration of Secure64 DNS with Parallels Automation allows service providers the flexibility of choosing a more secure DNS solution." said Serguei Beloussov, CEO of Parallels. "By leveraging Parallels Automation and the Parallels Open Platform, software vendors can create additional revenue with easy access to the growing hosting market."

"It's easy to see the utility that can be gained by the integration of these two products," stated Steve Merkel, CIO, Data393. "The option of plugging a highly scalable, secure and extremely fast DNS solution into this robust hosting platform will be highly valuable."

Secure64 DNS is an authoritative name server application based on Secure64's SourceT micro OS, which is designed from the ground up with a secure architecture that makes any applications running on it immune to compromise from rootkits and malware and resistant to network attacks. Secure64 DNS runs on the HP Integrity rx2660 hardware platform.

Parallels Automation is a customizable data center solution that allows service providers to more efficiently manage their infrastructure. With its modular design and flexible architecture, a system can expand to include new services and scale to several million customers.

About Secure64 Software Corporation
Headquartered in Greenwood Village, Colorado, Secure64® is a software developer providing secure, self-protecting, high performing server applications. Secure64's core technology is SourceT®, a patent pending Genuinely Secure^TM micro OS designed from the ground up to make the micro OS and any applications running on it immune to rootkits and malware and resistant to network attacks. For more information, visit http://www.secure64.com/.

About Parallels - Optimized Computing
Parallels is a worldwide leader in virtualization and automation software that optimizes computing for consumers, businesses, and service providers across all major hardware, operating systems, and virtualization platforms. Founded in 1999, Parallels is a fast-growing company with 900 employees in North America, Europe, and Asia. For more information, please visit http://www.parallels.com/en/.