NYCPHP Meetup

NYPHP.org

[joomla] Holiday themed template

Scott Klassen klas9574 at msn.com
Wed Oct 17 12:12:32 EDT 2007 

By chance can anyone recommend a good three panel template for Holloween.
Preferably free of course.  :)

Thanks,

Scott Klassen

-----Original Message-----
From: joomla-bounces at lists.nyphp.org [mailto:joomla-bounces at lists.nyphp.org]
On Behalf Of joomla-request at lists.nyphp.org
Sent: Wednesday, October 17, 2007 11:01 AM
To: joomla at lists.nyphp.org
Subject: joomla Digest, Vol 10, Issue 17

Send joomla mailing list submissions to
	joomla at lists.nyphp.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.nyphp.org/mailman/listinfo/joomla
or, via email, send a message with subject or body 'help' to
	joomla-request at lists.nyphp.org

You can reach the person managing the list at
	joomla-owner at lists.nyphp.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of joomla digest..."


Today's Topics:

   1. RE: RE: $5 securid authentication hack (Jonathan M. Slivko)
   2. Re: RE: $5 securid authentication hack (Rolan Yang)


----------------------------------------------------------------------

Message: 1
Date: Wed, 17 Oct 2007 11:33:15 -0400
From: "Jonathan M. Slivko" <jonathan at slivko.org>
Subject: RE: [joomla] RE: $5 securid authentication hack
To: "'NYPHP SIG: Joomla'" <joomla at lists.nyphp.org>
Message-ID: <000001c810d3$097efc00$1c7cf400$@org>
Content-Type: text/plain;	charset="us-ascii"

.... I mean while taking PayPal out of the loop.
-- Jonathan

-----Original Message-----
From: joomla-bounces at lists.nyphp.org [mailto:joomla-bounces at lists.nyphp.org]
On Behalf Of Anthony Ferrara
Sent: Wednesday, October 17, 2007 11:28 AM
To: NYPHP SIG: Joomla
Subject: Re: [joomla] RE: $5 securid authentication hack

If I saw this on a site, I would laugh, and close the
browser... I'm not inputing PayPal info into a 3pd
website... What I am sugesting is creating a SSO
website, where you order a "Fob", and it has the
API... So you log in to that site (without a
password), and it authenticates you against that
remote SSO server...
--- "Jonathan M. Slivko" <jonathan at slivko.org> wrote:

> Do we know if there's an API of sorts for "official"
> 3rd party integration?
> -- Jonathan
> 
> -----Original Message-----
> From: Rolan Yang [mailto:rolan at omnistep.com] 
> Sent: Wednesday, October 17, 2007 10:25 AM
> To: NYPHP SIG: Joomla
> Cc: jonathan at slivko.org
> Subject: $5 securid authentication hack
> 
> At the Joomla Day during the security breakout
> session, the discussion 
> drifted towards various methods of login
> authentication. The topic of 
> SecurId was mentioned as being an expensive
> alternative. I just noticed 
> today that Paypal is offering a SecurId keychain fob
> for $5. It would be 
> simple to write a small php authentication function
> which acted as a 
> proxy to paypal, accepting an email, password, and
> securId code, sending 
> a off a https request, parsing the response and
> returning an TRUE or 
> FALSE authenticated result.
> 
> One caveat:  if your website security is
> compromised, any paypal 
> information submitted could be divulged, so if you
> plan to test this in 
> an insecure environment, it's best for users to open
> up a new unfunded 
> paypal account not linked to any bank.
> 
> I'll post some sample code when my Paypal securId
> arrives in the mail :)
> 
> ~Rolan
> 
> _______________________________________________
> New York PHP SIG: Joomla! Mailing List
> http://lists.nyphp.org/mailman/listinfo/joomla
> 
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
> 
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
New York PHP SIG: Joomla! Mailing List
http://lists.nyphp.org/mailman/listinfo/joomla

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php




------------------------------

Message: 2
Date: Wed, 17 Oct 2007 11:38:16 -0400
From: Rolan Yang <rolan at omnistep.com>
Subject: Re: [joomla] RE: $5 securid authentication hack
To: NYPHP SIG: Joomla <joomla at lists.nyphp.org>
Message-ID: <47162C68.3060605 at omnistep.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Anthony Ferrara wrote:
> If I saw this on a site, I would laugh, and close the
> browser... I'm not inputing PayPal info into a 3pd
> website... What I am sugesting is creating a SSO
> website, where you order a "Fob", and it has the
> API... So you log in to that site (without a
> password), and it authenticates you against that
> remote SSO server...
> --- "Jonathan M. Slivko" <jonathan at slivko.org> wrote:
>   
This hack was not meant to be widely adopted, but instead a cheap proof 
of concept (emphasis on "cheap") possibly providing an added level of 2 
factor protection for important accounts such as the "master joomla 
admin" or for a few close friends. It's essentially leeching the 
services off Paypal's securId servers.

~Rolan


------------------------------

_______________________________________________
joomla mailing list
joomla at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/joomla

End of joomla Digest, Vol 10, Issue 17
**************************************

More information about the Joomla mailing list