Jeff Channell is a web guy who I've seen time and time again volunteer his time on the Joomla security forum. He has found several Joomla extensions with XSS Vulnerabity exploits. He was kind enough to answer some questions about what it is and how Joomla site managers can best defend against it:

The way I really learned (and keep learning)  about Joomla security was to start reading the security forum every morning:

http://forum.joomla.org/viewforum.php?f=432

If the tales of woe wept within do not spark your security urge, nothing will.

Action Item #1: A web guy from WV (Jeff Channell) frequently helps people out within the forum, and recently posted that he has found 9 Joomla extensions with XSS Vulnerabilities. He was kind enough to answer some questions about this issue and what to do about it, I will post Q&A separately. Here is the XSS vulnerability security forum post:

http://forum.joomla.org/viewtopic.php?f=432&t=420895

Action Item #2: Recently in my inbox I received an email blast from Phil Taylor, subject: 'not up to date' Joomla sites are being hacked by automated hacking bots at an alarming rate. Conclusion - make sure to keep Joomla installations up to date, and, of course, only download Joomla from the official Joomla site:

http://www.joomla.org/announcements/release-news/5242-joomla-1512-released.html

Resources: For Joomla security beginners (aren't we all) Joomla provides solid commonsense checklist:

http://docs.joomla.org/Category:Security_Checklist

For the advanced player, or if you just want to be scared, very scared, I like Tom Canavan's Joomla security book. Additionally, for those interested generally in network and computer security as a career, you will get a ton of great tools and tips from this book:

http://www.amazon.com/Joomla-Web-Security-Tom-Canavan/dp/1847194885

I appreciate everyone's patience while we get up to speed on how JomSocial integrates with the JoomlaChicago website!  We're working on a new site design right now, but as we know, "form follows function." Frankly, we're still learning about all the "functions" which Azrul has built into this puppy, so we don't want to rush the design (too much). 

If you would like to help out on building out the social-end of the site, let me know! That's what JoomlaChicago is here for: for YOU to learn how to get the most out of Joomla! CMS. That means you're better off breaking this site than yours, when trying out new stuff! ;)

Cheers!

We're excited that the folks over at The Acquity Group stepped up to produce a great one-hour presentation for JoomlaChicago tomorrow. They'll be doing an unvarnished comparison and contrast of four of the top Open Source Web CMS solutions for enterprise:

 - Joomla!
 - Drupal
 - Alfresco
 - Magnolia

Last year, we compared Joomla! and Drupal. The goal at the end of the day is to see which WCM is best suited for certain situations. We'll be posting the report online. Stay tuned!

Let me share my newest discovery with you: go to Joomla Milwaukee and get signed up for their next meeting. I've been to two meetings so far and they've both been fabulous.

At yesterday's meeting there was a great, hands-on presentation by Tom Egan of Egan New Media about customization he did on a calendar module for a site he built for the Grand Prairie, TX, Air Hogs professional baseball team.

Dan Knauss of New Local Media provided an excellent overview of the planned Joomla 1.6. Key focus was on access control. (That's a presentation I'd love to see at our Chicago meeting!)

The level of discussion at Milwaukee Joomla meetings is really helpful: precise and practical, and edging on technical, but without being obscure.

One other interesting note: John Fischer, a member of the group, will be presenting a two-day program on "Joomla: Building Powerful Content Managment Systems and Onine Applications" at University of Wisconsin-Milwaukee (UWM) on April 30 and May 1. Tuition is :$525. See http://www4.uwm.edu/sce/course.cfm?id=17282 to register.

Once again, hats off to Victor Drover of Anything Digital and Gabriel Wahhab of Connexion Technologies for their leadership of this group.

Joe Scarry is head project manager for Chicago Joomla web developer and web design firm Arc Technology Group. Arc Technology is one of the sponsors of Joomla Milwaukee.