GPG Key Expired and Replaced
It appears that while I was on holiday in New York my GPG Encryption key expired meaning that all attempts to submit site details securely using our online forms failed! If you have tried to use the following form in the last 4 days then you need to resubmit your details as they were not stored or (encrypted and) transmitted.
http://secure.phil-taylor.com/support
I have now revoked and replaced the keys used for this process (I understand many of you will have no idea what I’m talking about – dont worry 
)
If you need to email me directly then you need to refresh my public key – there is a new copy on all major keyservers and here
FireGPG Updated, with support for GPG Smartcards
Today I awoke to a brand new day to have my life changed by a tiny point release of a Firefox extension…. ok a little exageration but wow this update was exactly what I had been waiting for.
FireGPG is a firefox extension that you can use to encrypt, sign, decrypt and generally use all GPG functions – but within firefox – with a GUI.
Some of you might know that we use GPG A LOT to secure our customers support information and Joomla Forms can send GPG Encrypted emails.
The latest release now allows me to use my Smart Card reader, my OpenGPG smartcard and Firefox. Your site and purchase details have never been so secure with us 
How to check Joomla! download file for hacking
It has come to our attention that there is a site on the internet that is distributing Joomla’s full version zip files that are modified to add code to allow a hacker to break into your site.
This post is subtitled “How to check your downloaded Zip file is genuine and unmodified“.
Rule number #1: ONLY EVER download from a TRUSTED SOURCE (This is the joomlacode.org site) unless absolutely necessary.
Rule number #2: Check that your downloaded file is unmodified by checking the md5 sum of the file.
The md5 what?
Well check out this page (Click the files tab):
http://joomlacode.org/gf/project/joomla/frs/?action=FrsReleaseView&release_id=8897
You will see the main download Joomla_1.5.8-Stable-Full_Package.zip has a md5 of 36b9c161b46bf973a96201135e933219
We can check this md5 hash in several ways, for example on linux we can type
md5sum Joomla_1.5.8-Stable-Full_Package.zip
which will give us:
36b9c161b46bf973a96201135e933219 Joomla_1.5.8-Stable-Full_Package.zip
We can then compare that output with the md5 hash on the above web page – if they are different, even by only one char, then the zip file you have downloaded has been modified in some way – however little – DO NOT USE it if the md5hash does not match EXACTLY.
There are more secure ways of “signing” package files, with GPG Encryption/Signatures, but the Joomla Project Team are behind the times with GPG and have not yet taken advantage of the same system that linux package maintainers use – GnuPG.
There are many other ways to compare md5 hashs – and some windows applications as well