On 9/6/06, Alex Dean <alex@crackpot.org> wrote:
>
>
> On Sep 6, 2006, at 4:51 PM, Darrin Chandler wrote:
>
> > On Tue, Sep 05, 2006 at 10:53:35PM -0700, der.hans wrote:
> >>
> >> Well, a CMS isn't all that complex. It should be secure.
> >
> > Yes. It's too bad the most popular CMSs aren't more secure. Seems that
> > security means patching the latest hole, rather than figuring out why
> > they're making holes to begin with and then not doing it any more. ;)
>
> Any word on whether the hole was in Joomla itself or in a 3rd-party
> module?


 Without the access logs, we don't know, could be either one.
Joomla and its extensions aren't doing too nicely with security at the
moment.
http://secunia.com/search/?search=joomla

6 holes in one month, including more than a couple critical ones. Nice.