regarding okomo: it isn’t even a cms. it’s just a ‘really’ basic platform built on django masquerading as a cms, but definitely not a cms as the company states.

while, yes, i think a response is necessary on joomla’s part, this company deserves no help whatsoever from the joomla community when they’re not willing to accept it. it’s a shame that such companies are allowed to represent joomla to the federal govt when so many people dedicate their time to the project. i can only hope the house blocks them from doing business there and that they learn a valuable lesson.

joomla should write a response and perform some positive pr to recoup what this company cost their brand.

Senate and House are totally separate, and GovTrends is a corporate (private-sector) contractor offering services to the House membership.

If you don’t know what you are talking about, don’t post!

This is not something that happened because of doing an update; it happened because of NOT doing updates on a routine basis therefore allowing criminals to exploit known vulnerabilities.

They are probably bragging about that defacement as making them the only real “crackers”, while “the rest” [the ones who can't crack a website of such importance] are mere “hackers”

what possible update were they performing that caused the sites to be defaced?

Instead of answering your question, I will pose another: even if GT was performing an update in some manner, how did this compromise the House firewall and allow “hackers” the ability to post over the Joomla!-generated homepage code?

From a simple ping (before HIR took over the sites today) you can see GovTrends’ House servers are assigned IP addresses within AS1999, which presumably is behind the same House firewall that protects HIR and other vendors’ systems in the same class C.

One point on the timing: the defacements happened after the State of the Union, perfect timing for constituents to review the “reaction statements” by their congressional representatives.

Doesn’t make sense as a theory without more detail. The response to this problem has been lacking, but as you can see they won’t even respond to their customers (Representative Bachus) when a problem happens.

Joomla’s CMS is only a possible entry point, anyone walking away from the story with “Joomla is insecure” missed the point.

I don’t know if I believe the “default password” story from last August, the defacement doesn’t line up neatly with that theory, the only one saying that is the vendor, and they wouldn’t let anyone check their work.

We have the source code, its just this:

FUCK OBAMA!! Red Eye CREW !!!!! O RESTO E HACKER !!! by HADES; m4V3RiCk; T4ph0d4 -- FROM BRASIL

The story is GovTrends, and by extension the HIR’s management of these web sites.

“the working theory is that the penetration happened during an upgrade that GovTrends was making to its own system.”

Which begs the question, why was GovTrends upgrading their system near the time or during a State of the Union news event?

Given Joomla!’s heritage, I doubt this particular incident will be seen as a Joomla! specific issue as much as it is a GovTrends specific security problem. At least the GovTrends website lightbox pop-over assures us that “We are true artists, experienced web developers & not beginners.”

Any website is only as safe as the protection you put in place

Tell me where there are Joomla exploits listed there that are core Joomla 1.5 issues???

Joomla 1.0 had it’s share of vulnerabilities, however that version of Joomla is very old and now completely obsolete! Even so, Joomla devs have always done a good job of updating core files when exploits are found, and 99.9% of the time an ‘exploited site’ can be traced to some extension or other server exploit.

Bottom line is the people who were responsible for those sites fell asleep on the job. An unfortunate circumstance for the one’s who trusted their sites to be managed by them, and for the reputation of Joomla, which will no doubt be the butt of finger pointing over this one.