You are here
- Project: Joomla!
- SubProject: CMS
- Severity: Medium
- Versions: 1.5.0 through 3.7.5
- Exploit type: Information Disclosure
- Reported Date: 2017-July-27
- Fixed Date: 2017-September-19
- CVE Number: CVE-2017-14596
Inadequate escaping in the LDAP authentication plugin can result into a disclosure of username and password.Affected Installs
Joomla! CMS versions 1.5.0 through 3.7.5Solution
Upgrade to version 3.8.0Contact
The JSST at the Joomla! Security Centre.Reported By: Dr. Johannes Dahse, RIPS Technologies GmbH
Companies of varying sizes across many industries are implementing innersource programs to drive greater levels of development collaboration and reuse. They ultimately seek to increase innovation; reduce time to market; grow, retain, and attract talent; and of course, delight their customers.
In this article, I'll introduce innersource and some of its key facets and examine some of the problems that it can help solve. I'll also discuss some components of an innersource program, including metrics.
Like many organizations, governments and townships are confronting challenges that involve collaboration and sharing of large files. In today's age of widespread cloud adoption, public institutions may be tempted to view public cloud storage as a simple, low-cost solution to managing data; however, significant concerns persist around security, data protection liability, control, and platform/vendor lock-in.
This year at the Percona Live Open Source Database Conference in Dublin, I'll be discussing a new feature introduced in MySQL 8.0: roles. This is a new security and administrative feature that allows database administrators to simplify user management and increases the security of multi-user environments.
Inclusivity is the quality of an open organization that allows and encourages people to join the organization and feel a connection to it. Practices aimed at enhancing inclusivity are typically those that welcome new participants to the organization and create an environment that makes them want to stay.
Since 2007, ZaReason has assembled, shipped, and supported hardware specifically designed for Linux, and the UltraLap 5330 is no exception—the 3.6-lb laptop ships with the Linux distribution of your choice and boasts the following hardware specs:
Before you start reaching for those implements of mayhem, Emacs and Vim fans, understand that this article isn't about putting the boot to your favorite editor. I'm a professed Emacs guy, but one who also likes Vim. A lot.
That said, I realize that Emacs and Vim aren't for everyone. It might be that the silliness of the so-called Editor war has turned some people off. Or maybe they just want an editor that is less demanding and has a more modern sheen.
The beauty of building extra-large Linux clusters is it's easy. Hadoop, OpenStack, hypervisor, and high-performance computing (HPC) installers enable you to build on commodity hardware and deal with node failure reasonably simply. Learning and managing Linux administration on a small scale involves basic day-to-day tasks; however, when planning and scaling production to several thousand node clusters, it can take over your life, including your weekends and holidays.
In this edition of our open source news roundup, we take a look at how a 13-year-old is changing the world with open source, a guide to removing old Linux kernels, and more.
Open source news roundup for September 3-16, 2017
Creating an Inclusive Latino Community with @hijadetumadreshop
This month, we’ll be sharing the stories of Hispanic-American community members in celebration of #HispanicHeritageMonth, which runs through October 15 in the US.
What began as an expression of personal identity has transformed into a colorful business pursuit for Patty Delgado, founder of Hija de tu Madre (@hijadetumadreshop), an online apparel store. Back when she traveled a lot, Patty, who lives in Los Angeles, came across a sequin design of the Virgin of Guadalupe in Mexico City and put it on her denim jacket. “I felt like this was something that could really be picked up by a lot of other people who identify, like myself, as Chicana, Mexican-American and a child of Latino immigrants,” she says.
But the designs for Hija de tu Madre are about more than fashion for Patty; they’re about creating community through inclusivity. “It’s something that I really value — being inclusive of different sizes, of different kinds of Latinos, because they’re not a monolith,” says Patty. “There are Afro-Latinos. There are queer Latinos. There are undocumented Latinos. Being inclusive is something that’s allowed me to be so successful because I’m creating a safe space that celebrates the diversity within my Latino community.”
Weekend Hashtag Project: #WHPmadewithlove
Weekend Hashtag Project is a series featuring designated themes and hashtags chosen by Instagram’s Community Team. For a chance to be featured on the Instagram blog, follow @instagram and look for a post every week announcing the latest project.
You won’t find idle hands here. This weekend, the goal is to create photos and videos that highlight a passion or hobby you put your time and heart into, like this handmade floral hoop art by Olga Prinku (@olgaprinku). Here are a few tips to get you started:
- Show us your creative process, from the very beginning to the finished product. What steps take you from idea to object?
- Whether you create for a living or for fun, every artist has his or her preferred space to work. Give us a tour of the place where you create — your kitchen table, your studio or a local crafting workspace.
- Inspiration comes in all shapes and sizes — from communing with nature to experiencing the work of other artists. Where do you find yours?
PROJECT RULES: Please add the #WHPmadewithlove hashtag only to photos and videos taken over this weekend and only submit your own visuals to the project. If you include music in your video submissions, please only use music to which you own the rights. Any tagged photo or video taken over the weekend is eligible to be featured next week.
A Heart-Filled Instagram Logo from @egoorushka
To see more from Ann, follow @egoorushka on Instagram.
In celebration of #WWIM16[heart envelope emoji], Ann (@egoorushka) gathered friends together to create this heart-filled #myinstagramlogo. “Someone made a lot of little paper hearts at home and colored them in red,” she says. “Then we decided to make a logo of our favorite app that brought us together. This photo symbolizes unity, kindness and love.”
By Yann LeCun, Chief AI Scientist
At Facebook, we think artificial intelligence can play a big role in helping bring the world closer together. With that in mind, we’ve been investing in AI research and engineering for many years — and today we’re excited to announce an expansion of those efforts with the opening of a new AI research lab in Montreal.
As part of Facebook AI Research (FAIR), this new team will join more than 100 scientists across Menlo Park, New York, and Paris in working to advance the field of artificial intelligence. The Montreal lab will house research scientists and engineers working on a wide range of ambitious AI research projects, but it will also have a special focus on reinforcement learning and dialog systems.
We are excited the new lab will be led by renowned Professor Joelle Pineau, who co-directs the Reasoning and Learning Lab at McGill University. Dr. Pineau’s previous research has focused on developing new algorithms for planning and learning and then applying them to complex problems in robotics, health care, games, and conversational agents. Dr. Pineau will maintain her academic position at McGill University, in addition to building the FAIR Montreal team. We think the talent we can attract will bring valuable expertise and new perspectives to our work, and under Dr. Pineau’s leadership, we will continue to invest in this team and in the Canadian research community as a whole.
As we’ve done at other FAIR sites, FAIR Montreal will engage with the broader research community through publications, open source software, participation in technical conferences and workshops, and research collaborations. We are also launching new partnerships with the Canadian Institute for Advanced Research (CIFAR), the Montreal Institute for Learning Algorithms (MILA), McGill University, and Université de Montréal.
Montreal already has an existing fantastic academic AI community, an exciting ecosystem of startups, and promising government policies to encourage AI research. We are excited to become part of this larger community, and we look forward to engaging with the entire ecosystem and helping it continue to thrive.
In this week's top 5, we take a look at an AI project used to call football plays, logging in Python, and more.
I recently decided to revisit Football-o-Genetics, an application I developed in 2013 that attempts to "evolve" near-optimal football offensive play calling strategies.
After Hurricane Harvey recently ripped through the Houston area, causing catastrophic flooding and devastation, the Stephen F. Austin Community Health Network (SFA) responded quickly by leveraging open source technology to reach out to patients and victims of the crisis in areas of Texas that are virtually inaccessible.
Facebook equips businesses with powerful ways to reach the right people with the right message. But there are restrictions on how audience targeting can be used on Facebook. Hate speech and discriminatory advertising have no place on our platform. Our community standards strictly prohibit attacking people based on their protected characteristics, including religion, and we prohibit advertisers from discriminating against people based on religion and other attributes.
As people fill in their education or employer on their profile, we have found a small percentage of people who have entered offensive responses, in violation of our policies. ProPublica surfaced that these offensive education and employer fields were showing up in our ads interface as targetable audiences for campaigns. We immediately removed them. Given that the number of people in these segments was incredibly low, an extremely small number of people were targeted in these campaigns.
Keeping our community safe is critical to our mission. And to help ensure that targeting is not used for discriminatory purposes, we are removing these self-reported targeting fields until we have the right processes in place to help prevent this issue. We want Facebook to be a safe place for people and businesses, and we’ll continue to do everything we can to keep hate off Facebook.
Advertisers can report any inappropriate targeting fields directly in the ads interface or via our Help Center.
Feast Your Eyes on Indonesian Cuisine with @foodventurer_
To see more of Prawnche’s culinary exploits, follow @foodventurer_ on Instagram.
Despite the endless spread of delectable dishes that Indonesian food photographer and blogger Prawnche Ngaditowo (@foodventurer_) enjoys, it’s the people that matter most when it comes to dining. “Without the company of friends, family and loved ones, the meal is just a meal,” says Prawnche. “After all, happiness should be shared, right?”
Prawnche’s culinary interest began at a young age in his family’s kitchen, tasting his mother’s Chinese and Indonesian recipes. “As the youngest son, somehow I got to be the only one on the judging panel,” says Prawnche, now 29. After moving to Jakarta in 2011, Prawnche started his blog, “Foodventurer,” in order to combine his passions for writing, photography and food. One day, he even hopes to open his own restaurant: “Like a safe haven, where people could feel at home.”
By Mike Nowak, Product Director, Social Good
Today, we’re announcing Crisis Response, a new center on Facebook where people can find more information about recent crises and access our crisis response tools – including Safety Check, Community Help and Fundraisers to support crisis recovery – all in one place. As part of this update, we are also introducing links to articles, videos and photos posted publicly by the Facebook community, to help people be more informed about a crisis.
Crisis Response on Facebook
We have developed a number of crisis response tools, based on what we’ve learned from our community. When there is a crisis, people use Facebook to let their friends and family know they’re safe, learn and share more about what’s happening, and help communities recover. People will be able to access Crisis Response on Facebook in the upcoming weeks from the homepage on desktop or from the menu button on their phone. They will see the following tools when they’re on a crisis page:
- Safety Check: an easy way to let your friends and family know you’re safe. It will continue to work the same way it does today and will be featured at the top of each crisis page if you are in the affected area.
- Links to Articles, Photos and Videos: crisis-related content from public posts can help people learn more about a crisis.
- Community Help: people can ask for and give help to communities affected by the crisis.
- Fundraisers: let people create fundraisers and donate to support those affected by the crisis and nonprofit organizations helping with relief efforts.
Adding More Crisis-Related Content
When people receive Safety Check notifications or learn that a crisis has happened, they may not know much about the incident and want to learn more. Starting today, we will begin to include links to articles, photos, and videos from public posts so people have access to more information about a crisis in one place. Safety Check activations and related information may also appear in News Feed to help provide additional details about a crisis.
We hope these updates continue to provide people with helpful information to keep them safe and help communities to rebuild and recover.
The world is fundamentally generative, as it is created by physical, biological, and chemical processes. But it isn't comprised of clean mathematical lines; rather, it is a struggle between mathematical patterns and entropy. Generative art reflects both aspects of reality, offering a unique perspective on the world.