It's an exciting time to be in the development labs here at Anything Digital. We've been actively recruiting new folks for our various extensions and services, and as a result many things are happening all at once. 

I don't want to spoil your Labor Day surprise (at least for our American clients and followers), but keep your eye on this blog and our twitter account for some big announcements next week. 

As many of you have noticed, we have been monitoring and moderating  the forums very closely over the last few months.

Unfortunately, the volume of posts on the forum has increased steadily with our increased activity. As such, we are spending less and less time fixing the code as we devote time to the forum.

In simpler times, the vast majority of Joomla extensions simply installed using the Joomla installer and operated as expected ‘out-of-the-box’. However, as Joomla has become more sophisticated, it appears that developers are starting to release their own libraries/frameworks that run inside Joomla, and are required for their extensions to operate.

Jun172009

Implemented in Internet Explorer 4 as a technique to improve the end user experience1, ‘MIME sniffing’ or MIME type detection helps the browser determine file formats on the web such as text, HTML, and audio/video2. However, when IE detects a conflict while MIME sniffing (i.e. it encounters an image that is really a script) potential vulnerabilities arise:

[An] image that seems harmless at first glance may actually be dangerous if it begins with some HTML code, because Internet Explorer will then execute that code. This gives an attacker an opportunity to embed JavaScript in images and exploit the attack vector to execute cross-site scripting [(XSS)] attacks. [source]

If your web site contains this type of “cloaked” file, then malicious code can be triggered when someone views your site. With the expansion of so much user-generated content these days, and the slow adoption of IE8 (which is not vulnerable to this exploit), the MIME sniffing feature has actually become a serious liability as users have increasing access to placing files (and images in particular) on web servers. 

If you happen to live or be travelling in Greece, don't miss a great opportunity to attend the local JoomlaCamp in Athens on March 15, 2009.

Widely renowned Joomla! experts from Komrade, JoomlaWorks and the Community Builder project will be on hand to guide attendees in basic and advanced areas of Joomla use and development.  

 
 

Get the latest updates on our extensions