Important information for mosListMessenger Customers…

Dear friends.

This email is being sent to all mosListMessenger Customers and relates to a possible security hole in mosLM component. As you may be aware, certain hackers are attempting to hack many Joomla websites through custom components.

mosLM is a custom Joomla Component developed by one of our partner developers (Matt Simpson) and integrated to Joomla by Phil Taylor.

We have been quick to review the components we have developed, within mosLM the original developer had already implemented an internal check that would die if the file was used through a direct url - this has provided good security.

As an additional level of security we have now implmented the Joomla check to see if the file has been included through Joomla. This will provide even better protection.

In our internal review of our components it has come to light the, under very specifc conditions, it may be possible to include nasty files using a specially crafted url to a few specific files in mosLM, which could result in your site being hacked.

We have already addressed these issues within mosLM and you can download the latest version from our site at http://www.phil-taylor.com/cc

You should upgrade your site to Joomla 1.0.10 and upgrade mosListMessenger to the latest files (No version change) as soon as practically possible.

As a custom of ours, we would be happy to upgrade mosListMessenger for you FOR FREE! If you would like to take us up on this offer please fill in the form at http://www.phil-taylor.com/send-request and we will action it as soon as possible.

May I stress that we have not heard of ANY successful hacking attempts through any of our components and we are working behind the scenes to ensure this continues to be the case. We are also providing good advice to other custom Joomla Component developers,

Kindest regards
Phil and the Team at Blue Flame IT Ltd.