Brian's Blog Homepage
security alert
security alert

It should be obvious but it seems that people need a reminder.

You should only ever download files from their original source!! If you don't how will you ever be certain that what you are downloading is the real deal and doesnt have some hidden backdoor.

Not long ago a new version of wordpress was released at www.wordpresz.org which wasn't actually the real deal.

Don't fall into the same trap!.

Luckily if for any reason you have downloaded Joomla from somewhere other that the official site you can do an MD5 check on the download and compare it with the master MD5 list at joomla.org

Phil Taylor today provides a helpful guide to checking the MD5 at his blog.

As Phil mentions many of us, including all my Debian friends, have long advocated the GPG signing of Joomla and it's extensions.

With GPG keysigning you can not only confirm that the file you are downloading is the "real deal" and has not been tampered with you can also create a circle of trust.

I should add that even if you are doownloading a file from a "trusted source" you should still check the MD5. I have seen a trusted source get hacked and it's master files modified without the site owners knowledge. Fortunately that site owner pubished the MD5 so it was quickly detected.

J o o m l a !

Brian Teeman

Brian Teeman

Who is Brian?

As a co-founder of Joomla! and OpenSourceMatters Inc I've never been known to be lacking an opinion or being too afraid to express it.

Despite what some people might think I'm a shy and modest man who doesn't like to blow his own trumpet or boast about achievements.

Where is Brian?