Register a free account

ne nw
Crawlability Inc. Files for SEO Technology Patent
se sw

Go Back   Forum Index > Internet > Security Alerts and vulnerabilities
Reload this Page The Future of PHP Security
The Software Store
Register Members List Social Groups Calendar Search Today's Posts Mark Forums Read FAQ

Security Alerts and vulnerabilities Lets keep abreast on the latest threats by posting those findings here..

Reply
 
Thread Tools Display Modes
  #1  
Old 12-20-2006, 12:11 PM
Symantec's Avatar
Symantec Symantec is offline
Senior Member
  
Join Date: Oct 2006
Posts: 300
The Future of PHP Security
The Future of PHP Security
<p>December 9, 2006, marks the day when long standing contributor to the PHP Security Response Team, Stefan Esser, <a href="http://blog.php-security.org/archives/61-Retired-from-securityphp.net.html">retired</a>. He has stated a few reasons for this latest move, primarily focusing on (in his opinion) the lack of response from his fellow colleagues and an extended delay in the patching of known vulnerabilities. Possibly another example of how some individuals or groups may choose to view “<a href="http://www.symantec.com/security/">responsible disclosure</a>.”</p>

<p>Over the years, SecurityFocus has reported on multiple vulnerabilities affecting PHP, such as BIDs <a href="http://www.securityfocus.com/bid/20879">20879</a> (PHP HTMLEntities HTMLSpecialChars Buffer Overflow Vulnerabilities), <a href="http://www.securityfocus.com/bid/19582">19582</a> (PHP Multiple Input Validation Vulnerabilities ), <a href="http://www.securityfocus.com/bid/20349">20349</a> (PHP ZendEngine ECalloc Integer Overflow Vulnerability), or <a href="http://www.securityfocus.com/bid/11964">11964</a> (PHP Multiple Local And Remote Vulnerabilities), to name a few. Attackers can leverage most of these issues to execute arbitrary machine code on the vulnerable computer. This can mean a remote compromise in the context of the Web server process.</p>

<p>With the recent loss – or more correctly, changing of venue – of Stefan Esser, what does the future hold for PHP security? In my opinion, the initial ramifications of this change will not likely be felt until early 2007. The first vulnerabilities reported may challenge what's left of the PHP Security Response team as they scramble to release updates to address the issues. But, in the long run, I feel this may light a fire under their collective “keyboards” to address issues in a more timely fashion. Hopefully, users won't suffer from extended delays in the patching of known issues – at least not for very long.</p>
http://www.symantec.com/enterprise/security_response/weblog/2006/12/the_future_of_php_security.html
http://www.symantec.com/enterprise/security_response/weblog/2006/12/the_future_of_php_security.html
Wed, 20 Dec 2006 07:00:00 -0800
Reply With Quote
Sponsored Links

Reply

Bookmarks

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 12:04 AM.

Contact Us - CyberAnswers - Archive - Privacy Statement - Top

234x60
Bulletin Board Custom Version by Mobo
Copyright 2004-2007 Cyberanswers.org All rights reserved