YourSites version 1.1.0 improves the way we validate calls from the YourSites server to the client sites so as to avoid a theoretical timing attack (see http://php.net/manual/en/function.hash-hmac.php#111435). This risk was, however, negligible in version 1.0.0 since each hash was only used once (see below for more detail) and due to the high variability of timing of web requests.
The security of your data with YourSites is always at the top of our minds. We are therefore pleased to introduce some security enhancements in YourSites version 1.4.4. These address completely theoretical security risks in versions 1.4.3 and earlier.
In addition to these security enhancements we have added a new documentation article all about how to make your YourSites server/configuration as secure are possible. See Setting up a Secure YourSites Server for more detail.
Page 3 of 3
We love every single one of our users, without you YourSites simply couldn't happen! So we would love a review at the Joomla! JED so we can let others know about us too, please take a minute to write a review:
If you feel you have something negative to say, we would implore you to speak to us first, as we really really don't want anyone to be unhappy!