Forum Index
Home Forum Radio Memberlist Help Search Quick Links

It appears you have not yet registered with our community which limits what you can do & see. It's Free To register, please click here.



Forum Index » Internet » Security Alerts and vulnerabilities » The Future of PHP Security
Register Calendar Gallery Mark Forums Read

Security Alerts and vulnerabilities Lets keep abreast on the latest threats by posting those findings here..

Reply
 
Thread Tools Display Modes
  #1  
Old 01-03-2007, 11:05 AM
Symantec's Avatar
Symantec Symantec is offline
Senior Member
  
Join Date: Oct 2006
Posts: 295
The Future of PHP Security
The Future of PHP Security
<p>December 9, 2006, marks the day when long standing contributor to the PHP Security Response Team, Stefan Esser, <a href="http://blog.php-security.org/archives/61-Retired-from-securityphp.net.html">retired</a>. He has stated a few reasons for this latest move, primarily focusing on (in his opinion) the lack of response from his fellow colleagues and an extended delay in the patching of known vulnerabilities. Possibly another example of how some individuals or groups may choose to view “<a href="http://www.symantec.com/security/">responsible disclosure</a>.”</p>

<p>Over the years, SecurityFocus has reported on multiple vulnerabilities affecting PHP, such as BIDs <a href="http://www.securityfocus.com/bid/20879">20879</a> (PHP HTMLEntities HTMLSpecialChars Buffer Overflow Vulnerabilities), <a href="http://www.securityfocus.com/bid/19582">19582</a> (PHP Multiple Input Validation Vulnerabilities ), <a href="http://www.securityfocus.com/bid/20349">20349</a> (PHP ZendEngine ECalloc Integer Overflow Vulnerability), or <a href="http://www.securityfocus.com/bid/11964">11964</a> (PHP Multiple Local And Remote Vulnerabilities), to name a few. Attackers can leverage most of these issues to execute arbitrary machine code on the vulnerable computer. This can mean a remote compromise in the context of the Web server process.</p>

<p>With the recent loss – or more correctly, changing of venue – of Stefan Esser, what does the future hold for PHP security? In my opinion, the initial ramifications of this change will not likely be felt until early 2007. The first vulnerabilities reported may challenge what's left of the PHP Security Response team as they scramble to release updates to address the issues. But, in the long run, I feel this may light a fire under their collective “keyboards” to address issues in a more timely fashion. Hopefully, users won't suffer from extended delays in the patching of known issues – at least not for very long.</p>
http://www.symantec.com/enterprise/security_response/weblog/2006/12/the_future_of_php_security.html
http://www.symantec.com/enterprise/security_response/weblog/2006/12/the_future_of_php_security.html
Wed, 20 Dec 2006 07:00:00 -0800
Reply With Quote
Posted


Reply

  • Submit Thread to Digg Digg
  • Submit Thread to del.icio.us del.icio.us
  • Submit Thread to StumbleUpon StumbleUpon
  • Submit Thread to Google Google
    • Bookmarks

    « Previous Thread | Next Thread »
    Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
     
    Thread Tools
    Display Modes
    Linear Mode Linear Mode

    Posting Rules
    You may not post new threads
    You may not post replies
    You may not post attachments
    You may not edit your posts
    BB code is On
    Smilies are On
    [IMG] code is On
    HTML code is Off
    Forum Jump



    All times are GMT -5. The time now is 11:03 AM.

    Contact Us - CyberAnswers - Archive - Privacy Statement - Top

    Firefox 2