NYCPHP Meetup

NYPHP.org

[joomla] Always use SSL?

Herb Tucker htucker at covenanttek.com
Fri Dec 3 17:28:53 EST 2010 

I used OpenVPN and a NetGear home router (WNDR3700), and dyndns.org to setup
secure wireless access to my home workstation so I can do my Joomla work
from the front porch (my summer office) or from Starbucks in the winter.
If anyone is interested I'd be happy to share what and how I did it.
Cheers!
Herb

Herbert M. Tucker
Principal
Covenant Technical Services, Inc.
P: 732-497-0326
C: 848-218-9172
F: 732-497-0326
E: htucker at covenanttek.com
W: www.covenanttek.com


____________________________________________________________________________
____________________________________________________________________________
______

------------------------------

Message: 3
Date: Fri, 3 Dec 2010 15:18:34 -0500
From: Stephen Britton <sbritton at gmail.com>
To: "NYPHP SIG: Joomla" <joomla at lists.nyphp.org>
Subject: Re: [joomla] Always use SSL?
Message-ID:
	<AANLkTim5mQ_ciXRrzfjXyWco4Y7LkhhE+SZnRkjLR0G2 at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

I am glad you mentioned Firesheep.

I have warning clients not to log in through the admin panel when
visiting public WiFi places like Starbucks and Barnes & Noble because
there is a good chance that bad folks are trolling for passwords with
Firesheep.

It has caused me to spend more time working from home where I use a
wired connection than from my local Starbucks because I don't have a
secure way to access Joomla admin panels. I am thinking that Firesheep
is going to sell a lot of SSL certs. I am suggesting SSL to clients if
they need to use wireless to access their sites.

On Fri, Dec 3, 2010 at 1:44 PM, Gary Mort <garyamort at gmail.com> wrote:
> With the release of Firesheep....and my nomadic system lifestyle, I am
> seriously reconsidering my former view of "man in the middle" attacks as a
> low priority issue.
> Looking over the Remember Me plugin, I note that it is easily hijacked via
> Firesheep to allow a user without too much technical sophistication to
> impersonate someone on a Joomla powered website if it is connected to
> through normal HTTP instead of HTTPS.
> The simple solution, which I am implementing for myself, is to setup a VPN
> to an external system on the internet and tunnel all my traffic through
> there. ?That at least removes the issue with open wifi access.
> While self signed certificates can cause general users to become
> uncomfortable and not wish to continue on a website, for my own sanity I'm
> thinking a short little plugin that always redirects specific users who
log
> on to the https connection to log on again would be in order.
>
>
> _______________________________________________
> New York PHP SIG: Joomla! Mailing List
> http://lists.nyphp.org/mailman/listinfo/joomla
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
_______________________________________________
joomla mailing list
joomla at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/joomla

End of joomla Digest, Vol 48, Issue 5
*************************************

More information about the Joomla mailing list