TYPO3 Usergroup Contributions and Security Updates

by Michael Cannon in TYPO3 · 0 comments

Ingo Rrenner: TYPO3 beach flag

First Swiss TYPO3 Usergroup Conference

Ingo Rrenner: TYPO3 beach flagI’ve got to give several loud kudos to the Swiss TYPO3 Usergroup. They recently held their first Swiss TYPO3 Usergroup Conference that offered valuable talks on TYPO3. Even better, they’ve released valuable, informative videos.

  • Mario Rimann: Opening and Welcome
  • Xavier Perseguers: Securing TYPO3 and PHP with suhosin
  • François Suter: TYPO3 Services, why and how?
  • Leo Büttiker: A journey through the LAMP jungle
  • Andreas Förthner: TYPO3 v5 and FLOW3 – a status report
  • Fabien Udriot: Introduction to YAML CSS Framework
  • Claudio Sprenger: RealURL vs CoolURI

By request of the usergroup, the links go to the video page.

If you’ve been having trouble getting a TYPO3 template into place, the YAML video is very helpful. Furthermore, we’ve used YAML with our baseline TYPO3 website and find YAML to be easy to modify for each client’s TYPO3 design needs.

Furthermore, if your TYPO3 web server hasn’t already been secured with suhosin, the video will be very important for you to understand why you need it. Our TYPO3 hosting services are secured with suhosin and it’s an important part of our TYPO3 security services.

HP Reports Top Five Web Application Vulnerabilities

HP releases a bi-weekly Top Web Vulnerabilities report covering commercial and open source software. Of particular interest for the Top Five Web Application Vulnerabilities 2/2/09 – 2/16/09 is that TYPO3′s Cross-Site Scripting and Information Disclosure is in it.

From this listing you can come up with some interesting tidbits.

  1. TYPO3 is monitored by enterprise businesses like HP. If HP thinks TYPO3 is important enough to monitor, shouldn’t you?
  2. Though the TYPO3 security team, declared the TYPO3′s Cross-Site Scripting and Information Disclosure as a critical issue, HP thinks it’s not as bad as others through its 5 of 5 positioning.
  3. Commercial software has vulnerabilities too. In fact, 3 of the 5 vulnerabilities are commercial software.
  4. The open source software has already been fixed and has updates available. Only 1 of the 3 commercial packages had fixes available. If you’re paying for your software, shouldn’t you be getting security issues fixed immediately?

What other inferments can you come up with?

On the lighter side

While my Leatherman doesn’t meet all of my toolbox needs, these 12 Tools Every Man Should Have in His Toolbox will get you much closer.

Be Sociable, Share!

Related Entries

About Michael Cannon

Hello, I'm Michael Cannon, Peichi's smiling man, an adventurous water-ratchief technology officer, cyclist, poet, WWOOF'er and world traveler.

Previous post:

Next post: