Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Thread Tools Display Modes
  #1   (View Single Post)  
Old 23rd March 2011
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,372
Thanked 182 Times in 149 Posts
Default PHP.net breach: Concern over safety of source code

From http://www.theregister.co.uk/2011/03...server_hacked/

Maintainers of the PHP programming language spent the past few days scouring their source code for malicious modifications after discovering the security of one of their servers had been breached.

The compromise of wiki.php.net allowed the intruders to steal account credentials that could be used to access the PHP repository, the maintainers wrote in a brief note. They continue to investigate details of the attack, which exploited a vulnerability in the Wiki software and a separate security flaw in Linux. The site has been down since at least Friday.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 23rd March 2011
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
Join Date: May 2008
Location: USofA
Posts: 1,546
Thanked 112 Times in 104 Posts

If this makes people think twice about using PHP, it's time to dance on the tables. Until a few missed patches here and there start to add up lol.
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote
  #3   (View Single Post)  
Old 24th March 2011
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Old man from scene 24
Join Date: Apr 2008
Location: Eindhoven, Netherlands
Posts: 2,114
Thanked 198 Times in 156 Posts

This happened to Apache about a year ago. Also happened to FreeBSD back in '99 ... Pretty sure there are a whole lot of other projects which had the same problem.
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
IRC server had backdoor in source code for months J65nko News 2 15th June 2010 04:36 PM
explore source code for installed program bsdnewbie999 OpenBSD General 1 23rd February 2009 06:13 AM
Trying to compile GLUT source code on freebsd. welkin Programming 0 11th January 2009 03:15 PM
Google released Android source code graudeejs Off-Topic 1 22nd October 2008 10:02 PM
Source code for ed? matt FreeBSD Ports and Packages 1 21st October 2008 08:18 PM

All times are GMT. The time now is 06:20 PM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick