-
Security Update – MOPB, DMA, etc
First just a fun little post on Slashdot which debates what /etc stands for Now for the security related stuff: The Month of PHP Bugs continues with two new vulnerabilities. Fortunately these bugs were disclosed to the PHP team beforehand, so updating to the latest version solves them. Also, one of them is in the…
-
The progress of MOPB
The Month of PHP bugs is progressing nicely and the counter is up to nine (at this rate – supposing that we have a linear progression – we will have almost 70 vulnerabilities!). The new ones repeat the same patterns as the previous ones: they can be mitigated in environments where a single user controls…
-
Month of PHP bugs started
-
Distinguishing real and non-real security measures
This post was prompted by a post at Andy’s blog, where he complains about the lack of NAT’s and firewalls in cable modems. My opinion about it: NATs are not a security measure. VPNs aren’t either. And IPv6 isn’t inherently insecure just because it has the potential to give end-to-end connectivity to all hosts. These…
-
Why rootkits and anti-rootkits are irrelevant
Given my recent (and probably ongoing) adventure with the authors of RkUnhooker, I thought that I post my opinions about the whole rootkit – antirootkit business. To put it bluntly: it doesn’t (or shouldn’t) matter at best and it is a misguided effort to stear up hype in which many people participate without even realizing…
-
Grokking OpenID and Blogger
I just created my first OpenID account! If you don’t know what OpenID, it is a single sign-on solution (sometimes also called login federation), which ensures that you can have a single login name / password using which you can authenticate in may (web-)places. It is similar to the Microsoft Passport initiative, the difference being…
-
PHP coders of the world – secure your code!
Being a seasoned coder myself (I’ve been doing PHP coding on and off for 6 years now) I think I can speak with some authority about this subject. I came to believe that PHP is pretty much a Perl copy-cat where they eliminated the features which they considered too hard for the beginner. While catering…
-
On disclosure
-
Reinventing the wheel
Those damn kids today don’t know their history and think that .NET is 1337! 😀 Some random dude in Taiwan couldn’t browse the web (because an undersea cable broke due to a recent earthquake) and he decided that using a webserver (probably configured by him) which ran arbitrary executables mailed to it (hint: the from…