DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 23rd March 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,149
Thanked 182 Times in 149 Posts
Default PHP.net breach: Concern over safety of source code

From http://www.theregister.co.uk/2011/03...server_hacked/

Quote:
Maintainers of the PHP programming language spent the past few days scouring their source code for malicious modifications after discovering the security of one of their servers had been breached.

The compromise of wiki.php.net allowed the intruders to steal account credentials that could be used to access the PHP repository, the maintainers wrote in a brief note. They continue to investigate details of the attack, which exploited a vulnerability in the Wiki software and a separate security flaw in Linux. The site has been down since at least Friday.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 23rd March 2011
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
 
Join Date: May 2008
Location: USofA
Posts: 1,547
Thanked 112 Times in 104 Posts
Default

If this makes people think twice about using PHP, it's time to dance on the tables. Until a few missed patches here and there start to add up lol.
__________________
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote
  #3   (View Single Post)  
Old 24th March 2011
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Old man from scene 24
 
Join Date: Apr 2008
Location: Eindhoven, Netherlands
Posts: 2,070
Thanked 198 Times in 156 Posts
Default

This happened to Apache about a year ago. Also happened to FreeBSD back in '99 ... Pretty sure there are a whole lot of other projects which had the same problem.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
IRC server had backdoor in source code for months J65nko News 2 15th June 2010 04:36 PM
explore source code for installed program bsdnewbie999 OpenBSD General 1 23rd February 2009 06:13 AM
Trying to compile GLUT source code on freebsd. welkin Programming 0 11th January 2009 03:15 PM
Google released Android source code graudeejs Off-Topic 1 22nd October 2008 10:02 PM
Source code for ed? matt FreeBSD Ports and Packages 1 21st October 2008 08:18 PM


All times are GMT. The time now is 07:16 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick