A few weeks ago a false security advisory was circulating regarding our Simpla template.

The advisory pointed to an alleged hack that could be used on a Joomla site using the Simpla template but the hack in question used a url that only related to the front end of the site. Front end urls have no bearing on the Joomla backend unless they are targetting a vulnerable third party extension and even then the url has no relation to the Joomla admin template that is set to default.

Regardless of how baseless this advisory appeared to be I sort the help of three independant advisors who unanimously returned the response that its a front end hack (that doesnt relate to the Simpla admin template) and that in fact the hack also appears not to work anyway.

I would suggest that what has occurred is that someone stumbled upon the hack on a site using a 3rd party extension that was incidentally also using the Simpla template. So Simpla and our newly released Crisp theme is clear for you to use on your Joomla 1.5 site now.

One thing that did interest me however, was that how quickly the advisory spread across the related agencies and websites even though each of the reports stated that it was an unconfirmed report. Seems like its pretty easy for a false rumour to spread given the fact that the agencies dont always check and correlate the advisories they post about.

blog comments powered by Disqus