It was noted that the USB was encrypted so at least that was something but as detailed below many of the ‘proprietary’ encryption systems on USB sticks have been compromised.

At this stage it is worth defining what encryption is:

‘Encryption is the process of transforming information using an algorithm called a cipher. Once data has been encrypted then it can only be read by users who have the encryption key.’

Using software to encrypt data has been used for a long time by governments and large organisations. Today it is becoming common place, often being found on the better quality USB RAM sticks. The problem with a lot of the software supplied with such devices is that it is often ‘proprietary’ meaning that the source code of the software is in itself a secret. At first this may appear to be the best approach, after all does the code being a secret not make the solution more secure?

What has actually been proven time and time again is that security through obscurity is no security. Good security software’s source code should be available for all to see to ensure that it is secure. The science of encryption is well documented and any software implementation should be made available for checking. Many of the proprietary systems have been compromised by attacks and often it is a case of ‘when’ not ‘if’ they will be compromised.

Truecrypt (www.truecrypt.org) is one of the best known and well trusted encryption software programs available today. Truecrypt, as recommended above, is free and open source, meaning that anybody can see the source code. Truecrypt will work on Windows, Apple Mac and Linux operating systems and can be setup to encrypt a whole drive, a single folder or a portable device like a USB Flash RAM stick.

The one possible downside of Truecrypt is that it requires a client install to read a an external drive like a USB or portable drive. If it is required to be able to use a portable devise on a machine that would not have Truecrypt installed then for Windows users there is FreeOTFE (www.freeotfe.org) which is free and open source encryption software that can also be installed on a USB stick and does not require a client install. FreeOTFE can also be used on a Microsoft PDA.

As well as other open source security software the latest version of Linux Ubuntu 8.10 comes with encryption built in making it even easier to keep you laptop data secure.

When dealing with confidential and sensitive data especially in a portable form Outserve recommends that data is encrypted preferably with the tools already mentioned.

This is the first release since the creation of the JSST the Joomla Security Strike Team which was formed in August after the high level security issue fixed by 1.5.6 and we think shows Joomla’s commitment to security.

Any upgrade no matter how small requires testing and Outserve would test all customers sites before upgrading to a live site. Even a security update can change the look and feel of a site in an unexpected way so it is always better to test thoroughly. Also adequate backups should be taken and stored safely before attempting any upgrade. Outserve’s own website runs on Joomla and has now been updated to 1.5.7.

Joomla are already talking about the next version 1.5.8 which we should see soon and at Outserve we are all looking forward to version 1.6 which should include some great enhancements including auto updating of extenions (similar to WordPress).

Outserve would recommend any Joomla user still using versions before 1.5.6 upgrade as soon as possible.