The Joomla Project is pleased to introduce a new team focused solely on managing and improving Joomla security-the Joomla Security Strike Team-and their new home at the Joomla Security Center.

The JSST replaces the previous Joomla Security Team by assembling a top-notch group of Joomla experts, complemented by security talent recruited from outside Joomla. Together, part of their goal is to investigate and respond to security matters.

JSST leader Anthony Ferrara is excited about what this means for Joomla security. "We're already well into our first mission-a low-level code audit and a deeper look into every reported vulnerability since 1.5.0 alpha."

The new JSST will call the new Joomla Security Center their home base. The Security Center provides a public presence for security issues and a platform for the JSST to help the general public better understand security and how it relates to Joomla. The Security Center also offers users a clearer understanding of how security issues are handled. There's also a news feed, which provides subscribers an up-to-the-minute notification of security issues as they arise.

"The Joomla Core Team has been planning a new security team for a few months now in order to improve efficiency and effectiveness. The previous team worked in relative isolation, but the new Strike Team will have a strong public-facing presence," said Ferrara.

But the JSST won't stop there. They fully expect the Joomla community to do its part in reporting vulnerabilities and have created a form for such reports. For each verified security issue reported, the JSST will send the user a free Joomla t-shirt.

Ferrara said, "Security is a perpetual process. We're going to make Joomla even better than it already is."

The Joomla Project is pleased to introduce a new team focused solely on managing and improving Joomla security-the Joomla Security Strike Team-and their new home at the Joomla Security Center.

The JSST replaces the previous Joomla Security Team by assembling a top-notch group of Joomla experts, complemented by security talent recruited from outside Joomla. Together, part of their goal is to investigate and respond to security matters.

JSST leader Anthony Ferrara is excited about what this means for Joomla security. "We're already well into our first mission-a low-level code audit and a deeper look into every reported vulnerability since 1.5.0 alpha."

The new JSST will call the new Joomla Security Center their home base. The Security Center provides a public presence for security issues and a platform for the JSST to help the general public better understand security and how it relates to Joomla. The Security Center also offers users a clearer understanding of how security issues are handled. There's also a news feed, which provides subscribers an up-to-the-minute notification of security issues as they arise.

"The Joomla Core Team has been planning a new security team for a few months now in order to improve efficiency and effectiveness. The previous team worked in relative isolation, but the new Strike Team will have a strong public-facing presence," said Ferrara.

But the JSST won't stop there. They fully expect the Joomla community to do its part in reporting vulnerabilities and have created a form for such reports. For each verified security issue reported, the JSST will send the user a free Joomla t-shirt.

Ferrara said, "Security is a perpetual process. We're going to make Joomla even better than it already is."

You can still book Joomla training in Boston, MA and get $50 off with early bird pricing. There are 12 spots still left, and early bird ends tomorrow. The Manchester, NH class filled up fast, so this might be your only chance to get eastern new England Joomla training!

Make sure you get your worm!

http://joomla-university-boston-sept08.eventbrite.com/

Time for what? PLEASE read this: http://au2.php.net/register_globals - read the part in RED.

I've finished yet another posting spree trying to help users with security and performance issues and I am still SHOCKED at how many hosts still have register_gloabls ON serverwide. Come on hosting providers, isn't it time you you kept up? Isn't it time you closed this security hole that only you as a host can close, and help prevent cross server file compromises?

What about running suphp (or an equivalent)? Why are so many hosts STILL not running a 'more secure' environment for their users?

I am sure all hosts understand (they should!!) what I am talking about, but for the users, who I suggest take this and pressure your hosts, let me try to explain these two things in laymans terms:

1. With register_globals ON serverwide even if you as a user disable them (via a php.ini or .htaccess directive) under certain circumstances your site can still be compromised if another user account on the server is compromised or is used maliciously. It's that simple, and it happens day in and day out, people posting on the Joomla Forum making it apparent that this was the reason their site was compromised.

* Disclaimer: It's true, your host may have a method of working around this huge security hole, but even still, I ask "WHY?" register_globals has been off since php 4.2 by default, and we are well into the php5 world now.

2. suphp (or equlivalent). Running Apache/php via this method means permission problems for you users are a thing of the past (almost). Under this environment when php writes a file (ie installing a template for example) the files are owned by your user account. Files that are 644 are writable by your user (ftp), and yet other users on the same shared server cannot write to them. Again, why would you not want this simple extra layer of security, as well as making it so much easier for your users to mange their Joomla (and any other php script) website?

* Disclaimer: Again, there are circumstances when suphp is not efficient (dedicated server possibly, and extremely high load possibly), however at the least, check with your provider and ask them what methods they use and why.

.. anyway.. that's if for now. PLEASE, do your users, and by extension yourself a favor and consider my comments.

Oh, and I guess it goes without saying, since php4 is now EOL all hosts should be running php5 now.

1. More user-centric design: The top portion of the home page focuses on directing users in Joomla's three primary user groups: Beginner, Intermediate & Advanced. These are three top-level "funnels" for quickly getting users to relevant content.
2. Consolidation of resources: As the previous sites grew, the architecture became more convoluted and pages with redundant resources were created or, conversely, related information was strewn across several pages. A consolidation of information should help users more logically find what they need.
3. More resources brought up to the home page: The previous home page gave users Joomla news and not much more. The lower portion of the new home page brings forward content from many of Joomla's most important aspects. Repeat visitors can get the latest information from a multitude of sources all at a glance.
4. More overall integration: Each of the Joomla sites has differing approaches to resolving unique informational and navigational aspects. When taking into consideration the evolution and overall growth of our group of sites, we have taken a hard look of the complexities and how to resolve those in a manner to give the best user experience.
5. Compliance with W3 standards: Joomla template pages validate according to the XHTML 1.0 Transitional standard. Check it out.

1. Joomla Shop at shop.joomla.org - Update planned by next week.
2. Joomla Demo at demo.joomla.org - Update planned by next week.
3. Joomla Community Portal at community.joomla.org - Coming soon.
4. Joomla Developer Network at developer.joomla.org - Coming soon.
5. Joomla Extensions Directory at extensions.joomla.org - Coming soon.
6. Joomla Discussion Forums at forum.joomla.org - Coming soon.
7. Joomla Documentation Wiki at docs.joomla.org - Coming soon.

If you have a new site, you want to get traffic. The 800 lb gorilla for this is of course Google.

So how can you get indexed as quickly as possible in Google and start to get that great free organic SEO traffic.

I came across a few great tips from IdeaPro.com as I was trying to answer this question myself!

Don't you just love it: www.joomla.org

I just wanted to say a public thanks to Louis, Ron and others on the team who have worked so hard to make this new site happen. They have been working overtime (more than 12 hours a day recently I estimate) to bring this kind of amazing work to the community. Make sure you check out the new sites and it's many new features and sections.

If you see any of them around, make sure you say thanks. 

Primarily of course, this site is for people who have not heard of Joomla before, for the the rest us, we have community.joomla.org Make sure you keep putting it to good use. When will this site receive the new design? I can't wait.

... and if you want to be apart of all this, there is one new page you should see: http://www.joomla.org/about-joomla/contribute-to-joomla.html

Enjoy!