-
Update on the Month of PHP Bugs
The month is nearing to an end (but fear not, next month we will have a month of MySpace bugs it seems), and here are the latest developments: Two bugs using which you can bypass the open_basedir restriction. They are in the user-contributed PECL modules, so there is a chance that they will be fixed…
-
How not to get your application signed by AV
Disclaimer: these are my own opinions and they do not necessarily reflect the opinions or policies of any of my current or past employers. There is a class of applications which can be categorized as greyware: programs which can be used for both good and evil. A few examples (in no particular order): nmap, the…
-
Mobile malware – hype or not?
I’m not entirely dead yet, just very busy 🙂 Anyway, I came across this blog posting (Mobile Virus FUD) which in turns references this article about Kaspersky Labs (not the one at heise security as I stated – erroneously – before). Before we continue, a disclaimer: the views and opinions expressed here are my own…
-
TT – Treacherous Technology
So, after a failed upgrade to Ubuntu 7.04 Feisty Fawn I was left with no choice but to boot into my Windows 2003 partition. (To Ubuntu’s defense: 7.04 is clearly marked as beta software and I was doing the update on my own risk). Just to be clear: this Windows 2003 SBS is a 100%…
-
A new contest
I know that it’s a little bit late, but hopefully some of you may still find it useful: The nCircle VERT challenge #1
-
Month of PHP Bugs (MOPB) update
As the days pass by, new vulnerabilities are disclosed on the Month of PHP bugs. An important (and very useful) change is that markings have been added to the main page which show the vulnerabilities that are not addressed in the latest (5.2.1) release and the ones which are not directly related to PHP (for…
-
A long required update
Hello all. Again I find myself swamped with work, so I’m a little MiA. I still will try to keep up the blogging and bring you (hopefully) useful information. So here are some links and my opinions about them: The McAfee lab guys think they’re smart. And most probably they are. However the above mentioned…
-
Security Update – MOPB, DMA, etc
First just a fun little post on Slashdot which debates what /etc stands for Now for the security related stuff: The Month of PHP Bugs continues with two new vulnerabilities. Fortunately these bugs were disclosed to the PHP team beforehand, so updating to the latest version solves them. Also, one of them is in the…
-
The progress of MOPB
The Month of PHP bugs is progressing nicely and the counter is up to nine (at this rate – supposing that we have a linear progression – we will have almost 70 vulnerabilities!). The new ones repeat the same patterns as the previous ones: they can be mitigated in environments where a single user controls…
-
What the market will bear
Very frequently I see the idea that capitalism (or market economy) will somehow ensure that the end-users get the best possible products with the lowest prices. Yet many times common wisdom contradicts this. How is it possible? (Disclaimer: I’m no economist, these are just some personal ideas and observations). Personally I think that there are…