http://secure.t3sec.info/ Latest information on TYPO3 Securityen-enBlog RSS export running on TYPO3 CMShttp://blogs.law.harvard.edu/tech/rss2010 TYPO3 Securitymarcus#exp2010@t3sec.infomarcus#exp2010@t3sec.info http://secure.t3sec.info//typo3conf/ext/t3blog/icons/rss.png http://secure.t3sec.info/ Latest information on TYPO3 Security marcus#exp2010@t3sec.info (Marcus) http://secure.t3sec.info/blog/post/2010/10/05/typo3-sa-2010-020/ http://secure.t3sec.info/blog/post/2010/10/05/typo3-sa-2010-020/ Tue, 05 Oct 2010 22:47:00 +0200 TYPO3-SA-2010-020 Tomorrow, advisory TYPO3-SA-2010-020 will be published together with new TYPO3 packages. Some of you will certainly complain about a security fix again.But keep in mind that there marcus#exp2010@t3sec.info (Marcus) http://secure.t3sec.info/blog/post/2010/08/26/marketing-fud-vs-real-world-security-vulnerabilities-discovered-in-bilobacms/ http://secure.t3sec.info/blog/post/2010/08/26/marketing-fud-vs-real-world-security-vulnerabilities-discovered-in-bilobacms/ Thu, 26 Aug 2010 11:07:00 +0200 Security vulnerabilities discovered in bilobaCMS Update (Sept. 3, 2010): Originally, there was an other URL referenced for the below mentioned press article. This was no longer available and the link marcus#exp2010@t3sec.info (Marcus) http://secure.t3sec.info/blog/post/2010/03/18/password-policy-for-user-accounts/ http://secure.t3sec.info/blog/post/2010/03/18/password-policy-for-user-accounts/ Thu, 18 Mar 2010 04:18:00 +0200 Drafting an ideal password policy My situationYou might have heard that I've lost my beloved smartphone. Due to this, I assume the person that found it might have got hold of several user accounts o marcus#exp2010@t3sec.info (Marcus) http://secure.t3sec.info/blog/post/2010/03/04/no-preannouncements-for-typo3-security-advisories/ http://secure.t3sec.info/blog/post/2010/03/04/no-preannouncements-for-typo3-security-advisories/ Thu, 04 Mar 2010 23:37:00 +0200 Why are there no general preannouncements for TYPO3 advisories Every once in a while the TYPO3 Security Team is being asked to generally use preannouncements. Such preannouncements, to be published d marcus#exp2010@t3sec.info (Marcus) http://secure.t3sec.info/blog/post/2010/03/01/typo3-as-good-as-its-competitors-in-web-application-security/ http://secure.t3sec.info/blog/post/2010/03/01/typo3-as-good-as-its-competitors-in-web-application-security/ Mon, 01 Mar 2010 23:17:00 +0200 Covering XFORCE 2009 trend and risk report IBM has recently released its X-Force 2009 Trend and Risk Report. This report summarizes reported web application vulnerabilities in 2009. TYPO3's overall "