It appears that while I was on holiday in New York my GPG Encryption key expired meaning that all attempts to submit site details securely using our online forms failed! If you have tried to use the following form in the last 4 days then you need to resubmit your details as they were not stored or (encrypted and) transmitted.
I have now revoked and replaced the keys used for this process (I understand many of you will have no idea what I’m talking about – dont worry )
If you need to email me directly then you need to refresh my public key – there is a new copy on all major keyservers and here
Today I awoke to a brand new day to have my life changed by a tiny point release of a Firefox extension…. ok a little exageration but wow this update was exactly what I had been waiting for.
FireGPG is a firefox extension that you can use to encrypt, sign, decrypt and generally use all GPG functions – but within firefox – with a GUI.
It has come to our attention that there is a site on the internet that is distributing Joomla’s full version zip files that are modified to add code to allow a hacker to break into your site.
This post is subtitled “How to check your downloaded Zip file is genuine and unmodified“.
Rule number #1: ONLY EVER download from a TRUSTED SOURCE (This is the joomlacode.org site) unless absolutely necessary.
Rule number #2: Check that your downloaded file is unmodified by checking the md5 sum of the file.
The md5 what?
Well check out this page (Click the files tab):
You will see the main download Joomla_1.5.8-Stable-Full_Package.zip has a md5 of 36b9c161b46bf973a96201135e933219
We can check this md5 hash in several ways, for example on linux we can type
which will give us:
We can then compare that output with the md5 hash on the above web page – if they are different, even by only one char, then the zip file you have downloaded has been modified in some way – however little – DO NOT USE it if the md5hash does not match EXACTLY.
There are more secure ways of “signing” package files, with GPG Encryption/Signatures, but the Joomla Project Team are behind the times with GPG and have not yet taken advantage of the same system that linux package maintainers use – GnuPG.
There are many other ways to compare md5 hashs – and some windows applications as well