I received this email last night:

Hi Moodle Admins,

A serious problem with the TeX and algebra filters (used for mathematics notation in Moodle) has been found which could allow attackers to access server files.

If you don’t use TeX and algebra notation in your site then you should:

A) Simple disable the TeX and algebra filters completely for now:

Admin > Modules > Filters > Manage Filters

Otherwise you should:

B) Update your Moodle site to the latest weekly version from this week, or
C) Copy the latest files from filter/tex/* into your current install.

The full copy of the security notice MSA-09-0009 is shown below – this will be added to http://moodle.org/security to inform the wider Moodle community sometime next week.

Disclosure Link: http://packetstormsecurity.org/0903-exploits/moodle-disclose.txt

From Moodle.org:

• Proposed Moodle 1.9.5 gradebook usability improvements (Moodle Announcements)
• Requesting feedback from the Moodle community (Planet Moodle)
• Moodle 2.0 surprise(Planet Moodle)

Interesting Links:

• The Killer App: Google Apps and Moodle Integration?
• Moodle in the Classroom (Updated)
• Moodle Hosting | Key To School (Cool free Moodle hosting site I recently found)

Check out Helen Foster’s latest Moodle Announcement about Moodle taking part in the Google Summer of Code.

It looks like the original “Moodle” account has graciously given it to Martin Dougiamas and Moodle. Moodle’s lastest tweet reads:

Thanks Charlene for giving us your “moodle” twitter account! The plan is to use it for official news about Moodle software and community.

Follow Moodle now!

Check out the Moodle Moots coming up in the next few months via Moodle Announcements.

My co-worker and I have been looking into attending a Moodle Moot. Our district has an idea of putting on our own Moodle Moot, or Moodle Workshop (on a smaller scale), in the future and attending an actual Moot would greatly benefit us. We have been looking into the Canada one or perhaps one in Oklahoma or San Francisco. Check out the main Moodle Moot page.

Have you any ideas how Moodle navigation (including blocks, layout and themes) can be improved? [read more]

From Moodle.org, Helen Foster writes a post about the navigation in Moodle 2.0. Read more and see what Martin Dougiamas says about solutions.

From Moodle.org Announcements:

Have you any ideas for new features you’d like included in Moodle? If so, please see our documentation New feature ideas for information on the process of how ideas can be turned into reality.

Now is a particularly good time to come up with ideas for new features, as we’re hoping to take part in Google Summer of Code 2009, so we need lots of great ideas for student projects. Please see the discussion Wanted: New feature ideas for GSOC projects in the general developer forum for more details.

Source: http://moodle.org/mod/forum/discuss.php?d=116731

Martin Dougiamas tells us how to prevent spam

“One of the most common security issues that we see in Moodle sites is profile spam.

Profile spam is primarily a problem on sites with the combination of these two settings:

1. email authentication is enabled, allowing people to self-create an account on the site
2. the admin setting forceloginforprofiles is disabled, allowing anyone to see and link to user profiles

Some older versions of Moodle had these as default.

The problems with these settings is that spammers can create a page on the Moodle site which they can fill with links and pictures of porn and other nasty stuff. This in turn comes up in Google searches for those things, and is used to boost ratings to porn sites or hacking sites designed to take over your personal computer. Note that this content is designed for people using search engines, and is usually not available from within the Moodle site itself (since spammers don’t join any courses) so users and admins are usually not even aware their site is having this problem.

Please pass the word to all Moodle admins that you know to check these Moodle site settings and make sure their sites are not vulnerable to profile spam. Email authentication should be disabled if not needed, and if it can’t then forceloginforprofiles should definitely be enabled.

Please also use our spam-cleaning tool to scan your site to find affected profiles and delete them. This page in the docs has more details: Reducing_spam_in_Moodle and you can also get help in the Security and Privacy forum.” – from Moodle.org Moodle Announcements

Source: Moodle.org Moodle Announcements

Moodle has released updates to four of its most recent branches. The latest point update, 1.9.4, addresses security vulnerabilities and includes a number of minor fixes and enhancements to the open source learning management system. – from THE Journal: read more

Martin Dougiamas also speaks about this in the Moodle Announcement: New releases: Moodle 1.9.4, 1.8.8, 1.7.7 and 1.6.9

Are you interested in Moodle developer news and finding out what we’re currently working on? If so, please visit and/or subscribe to Planet Moodle. [from Moodle.org Announcements - Read More]