Kauft das PHP-Sicherheitsbuch!Links Tag cloud@christopherkunz
|
Entries tagged as PEAR
conference artikel auditing dissertation distribution ez grid hannover heise heuristics hosting ix linux master's thesis mod_security norway notebook pear phd php php-sicherheit security sicherheit sql injection ssl tls university vikinger vortrag web application webapplikationen world of warcraft wow xss debian apache bugs cms extension gallery php 5.4.0 qmail spam suhosin system administration upgrade vpopmail wheezy wolfenstein advance fee fraud nigeria scam Vikinger 1 cebit eee messe moobicent netbok netbook samsung subnotebook umts usb vodafone #php.de administration advisory aps book review buch bugfix cacti certificate cgi compatibility compiling cryptography CVE-2012-1823 CVE-2012-2311 CVE-2012-2329 encoding encryption exploit filter flickr google hotfix information disclosure irc Kryptografie linuxhotel open source PHPKIT phpsysinfo release announcement remote code execution remote command execution scalability schulung seminar software as a service spdy typo3 virus vulnerability white labelling whois worm XMLRPC adsense affiliate marketing reallife Chain of trust FUD Grid marketing reenactment Typo3 zertifikate 2 absynth chain of trust password phishing pump 'n dump ca CeBIT osdc doom enemy territory first person shooter fps game mediocre not innovative quake review
Thursday, September 10. 2009Zero Punctuation - WolfensteinFriday, November 11. 2005How to increase PEAR security (and give admins a fuzzy feeling)
The latest PHP worm (lupii) attacks systems that are vulnerable to a remote code execution hole in PEAR::XMLRPC (or phpxmlrpc). It can only propagate on systems whose administrators have neglected to update PHP (or PEAR) in the last 3 months. Those three months have seen 4 PHP version bumps alone in the PHP4 tree, and anyone who hasn’t brought his PHP up to scale is probably a moron anyway. However, at least for PEAR, this might be easily fixable. What if the PEAR project would introduce a flag for packets, say, “-security” and modify the PEAR installer accordingly. That flag should only be used for pure security fixes, without feature or BC breakage, so that it won’t break anything at all (apart from the exploits). A new action for the installer, say, “pear upgrade-security” could then be introduced. It would enable admins to run pear in a nightly cronjob, only fetching security fixes and installing them in a fully automated way. Comments, everyone - is that feasible? Does a similar concept already exist? Thursday, November 3. 2005International PHP Conference 2005
As usual, I will be in attendance of the International PHP Conference in Frankfurt/Germany again, marking my 7th (or 8th, including the Amsterdam conferences) participation in this event. This year, however, promises to be a very special conference. Exciting things are going to happen - read more in the extended entry. Continue reading "International PHP Conference 2005" Sunday, April 3. 2005So funktionieren CAPTCHAs... NICHT!
Ein netter Herr auf einer Mailingliste hat in seinen Mailformularen mit Botspam zu kämpfen und möchte das unterbinden. Da man ja allerorten diese lustigen Bildchen mit den verdrehten Buchstaben sieht, dachte er sich “mache ich sowas auch mal”. Allerdings steht nicht unbedingt zu vermuten, daß er mit der von ihm getroffenen Maßnahme das Spamaufkommen drastisch reduzieren wird. Continue reading "So funktionieren CAPTCHAs... NICHT!" |
