Joomla! version 1.5.3 (Vahi) was released today to the community, correcting a database name validation error that was introduced in version 1.5.2.

Users of Joomla! 1.5 are encouraged to upgrade as soon as possible. The patch is available from the Joomla! website, along with instructions on how to do a complete install of version 1.5.3 or simply patch from a previous version.

The legacy 1.0.15 version is unaffected by today's release.

Open source CMS Joomla issued a security patch for its legacy 1.0.x branch today. The latest version, 1.0.15 (Daytime), addresses a security vulnerability, according to the project's website. All users of 1.0.14 or earlier are encouraged to upgrade to version 1.0.15 as soon as possible.

Joomla also has a newer version available, which is currently at 1.5.1. This site runs on Drupal, but I have other client sites we've built and maintain on Joomla, and I'm planning on upgrading to the 1.5.x branch soon. When I do, I'll include a post describing my impressions of the new version.

Following last week's announcement of a security patch for the new 1.5.x version of Joomla!, the open source CMS project's older 1.0.x branch was also updated today to repair several "serious vulnerabilities," including cross-site scripting (XSS) security issues.

Users of Joomla! version 1.0.13 or earlier are encouraged to upgrade to the new 1.0.14 patch as soon as possible.

Here Comes Trouble: Telephone Number Tyranny - by Daniel Berninger from GigaOM   "Making users cope directly with telephone numbers makes no more sense than expecting people to navigate the Internet via IP addresses."

Look Out Topix - Google Launches Localized News Service - by Duncan Riley from TechCrunch   "It was only a matter of time before Google expanded their news product to compete more directly with Topix. That time has come - today Google added an option for customized local news to its Google News service."

Critical Security Updates for Adobe Reader, QuickTime - by Paul Ferguson from Trend Micro   "This highlights the fact that it not only your Operating System or Browser that needs to be updated from time-to-time with regards to security vulnerabilities — every piece of “third-party” software installed on your PC will also eventually need to be updated when vulnerabilities are found."

There's a sucker born every minute, someone said almost 140 years ago (whether it was P.T. Barnum or his competitor David Hannum is apparently open to debate), and it's still true today. Don't be a sucker.

A recent survey of technology, telecommunications and media companies leaves the impression that many of those surveyed are underprepared for future security problems involving their company's IT assets. Deloitte & Touche, which conducted the survey of over 100 tech companies in late 2007, found that 46 percent of them had no formal company-wide information security strategy, and only seven percent believe they are prepared for future security threats.

Additionally, only five percent of those polled said they'd increased security spending by 15 percent or more in 2007. A majority of the companies spend just a tiny fraction - about three percent - of their overall IT budgets on security.

As more business and social interaction takes place online, the need for increased education and preparation for security breaches is essential. No system is foolproof, but having no system at all is a fool's game. The stakes are high, and the grand prize is your business - and your personal - data. At a minimum, all business and personal PCs connected to the Internet need to have:

• Updated and operating antivirus, antispyware and personal firewall software. Keep in mind that many new PCs have these types of software pre-installed, but often have a limited free subscription period of 90 days or less. After that time, the software generally will stop updating the virus and spyware definitions, leaving your PC vulnerable to newer attacks. Be sure to buy a regular subscription to the software, switch to a free alternative, or perhaps use free full-featured security software offered as part of your broadband provider's services (Comcast offers McAfee products at no cost, while AT&T has a Norton special offer available). Free alternatives used successfully by New Tech Heroes in the past include AVG from Grisoft and Avast! from Alwil.
• Updated and fully patched operating system. This means (unless you're a Mac or Un*x user) visiting Microsoft Update to make sure all current patches are installed. All high-priority updates should be installed at a minimum, with the optional patches run as appropriate. Then make sure Automatic Updates are turned on so you don't miss any critical patches. You can set it to update overnight or at a time when it doesn't interfere with your computer use. (On a Macintosh running OS X 10.3 or higher, click on the Apple menu and select "Software Update...".)
• Updated and fully patched applications, especially those that connect in any way to the Internet. The free Secunia PSI tool is very useful for identifying out-of-date applications and finding their needed patches.
• A human brain and some common sense. This is the most important part of the security puzzle! Avoid opening unexpected email from unknown senders, including all spam. If your email program is feeding you a lot of spam, consider switching to an online mail reader like Gmail or Yahoo! Mail and redirecting your current email address to them. We use Gmail exclusively at New Tech Heroes HQ and have found its spam filtering to be outstanding - we get over 200 spam messages a day and about one or two a week are misplaced into our Inbox. Don't respond to unsolicited web offers - if something seems to be good to be true, it probably is.

New Tech Heroes' $99.00 Complete PC Tune-Up checks for all of these security problems and more.

Real ID could mean real travel headaches - by Anne Broache and Declan McCullagh from CNET   "In just more than three months, millions of law-abiding Americans might face new hassles when traveling on commercial flights if they hold driver's licenses or identification cards issued by states that have rejected the Real ID regulations on privacy and cost grounds or have not agreed to comply."

Yahoo! and the future of the Internet - by David Drummond from Official Google Blog   "Could Microsoft now attempt to exert the same sort of inappropriate and illegal influence over the Internet that it did with the PC?" Google's Chief Legal Officer responds to Friday's announcement that Microsoft has offered to buy Yahoo for $31 per share.

Raising Awareness of WiFi Risks - by Dan Sullivan from Realtime Community | Messaging & Web Security   "An employee working on a laptop in Midtown Manhattan’s Bryant Park used what he thought was a publicly available Wi-Fi signal to get Internet access. But the signal he used had been set up by a hacker."

It's vital to keep all of your computer's applications up-to-date and fully patched. It's one of the most important things you can do to keep your computer safe from potential invasion, data loss and other generally nasty things. But with so many programs loaded on our PCs, how can we possibly keep up with all of the changes?

A new free tool from Secunia simplifies the process by scanning your PC, similar to a virus scan. Secunia's Personal Software Inspector (PSI) works from a constantly updated database of software applications and checks the version you currently have against that list. When the scan is complete, PSI notifies you how many of your applications are unpatched or at their "end-of-life," programs which are no longer being supported by their developers. You can download updates directly through the PSI interface where the program is aware of them.

The current version of PSI is 0.9 and is a release candidate, meaning it's still in beta but getting close to its final release version. That said, it works well, catching several outdated plug-ins and applications on the New Tech Heroes HQ computer when I began using it in late December. Plus it's free, which is a pretty good price. I did find it a bit challenging to update a couple of the older plug-ins, particularly ones that don't remove their older version when they upgrade or patch (Flash and Reader were two culprits there - is there a reason why the older versions aren't removed, Adobe?) and I had to go to Windows' "Add or Remove Programs" control panel to manually remove the old software and then download the latest versions. But that's less a problem with PSI then with the original software developers.

Overall, I highly recommend trying Secunia's PSI. It's another nice tool to help keep you one step ahead of the dark side of the computer universe.

Another free tool for checking the safety of unknown website is LinkScanner from Exploit Prevention Labs. You just type the address of the website into the form and LinkScanner visits the site and checks its links to see if any of them lead to known malware websites. XPL also offers a free Lite version of the software that can be installed on your computer as well as a Pro level version which retails for $29.95 for a one-year subscription. The Pro version received 7.5 out of 10 (very good rating) from cnet.com in February 2007.

Exploit Prevention Labs was acquired by Grisoft, the maker of the AVG line of anti-virus products, in December 2007. I imagine much of LinkScanner's capabilities will be integrated into the various Grisoft/AVG products in time.